PostgreSQL 12.13 commit log

commit   : 26b9b5dddfa21ce73d9b99e79e2336c5584745bd    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 7 Nov 2022 16:47:13 -0500    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 7 Nov 2022 16:47:13 -0500    

commit   : 81b2ffdb32385366aa45b13e669b7d1291770af0    
  
author   : Peter Eisentraut <[email protected]>    
date     : Mon, 7 Nov 2022 13:55:08 +0100    
  
committer: Peter Eisentraut <[email protected]>    
date     : Mon, 7 Nov 2022 13:55:08 +0100    

Source-Git-URL: https://git.postgresql.org/git/pgtranslation/messages.git  
Source-Git-Hash: ff92e39b5698b83b8f5290094153a59df3056a1a  

commit   : f658a93fdbf714fabba7dd780ce890028db3aa5a    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 6 Nov 2022 11:07:28 -0500    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 6 Nov 2022 11:07:28 -0500    

commit   : 572695bcbcbd887fbf45653138e960831dd71db1    
  
author   : Etsuro Fujita <[email protected]>    
date     : Fri, 4 Nov 2022 19:15:06 +0900    
  
committer: Etsuro Fujita <[email protected]>    
date     : Fri, 4 Nov 2022 19:15:06 +0900    

"Triggers on partitioned tables cannot have transition tables." is  
incorrect as we allow statement-level triggers on partitioned tables to  
have transition tables.  
  
This has been wrong since commit 86f575948; back-patch to v11 where that  
commit came in.  
  
Reviewed by Tom Lane.  
  
Discussion: https://postgr.es/m/CAPmGK17gk4vXLzz2iG%2BG4LWRWCoVyam70nZ3OuGm1hMJwDrhcg%40mail.gmail.com  

commit   : ab70b3a52fde6f0519fc74f1aae1d7ad88cb16dd    
  
author   : Alvaro Herrera <[email protected]>    
date     : Thu, 3 Nov 2022 20:40:21 +0100    
  
committer: Alvaro Herrera <[email protected]>    
date     : Thu, 3 Nov 2022 20:40:21 +0100    

Commit f56f8f8da6af added some code in CloneFkReferencing that's way too  
lax about a Constraint node it manufactures, not initializing enough  
struct members -- initially_valid in particular was forgotten.  This  
causes some FKs in partitions added by ALTER TABLE ATTACH PARTITION to  
be marked as not validated.  Set initially_valid true, which fixes the  
bug.  
  
While at it, make the struct initialization more complete.  Very similar  
code was added in two other places by the same commit; make them all  
follow the same pattern for consistency, though no bugs are apparent  
there.  
  
This bug has never been reported: I only happened to notice while  
working on commit 614a406b4ff1.  The test case that was added there with  
the improper result is repaired.  
  
Backpatch to 12.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : d9ffccf8db4b5c1d4013d6ebd57d165057180342    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 3 Nov 2022 12:01:57 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 3 Nov 2022 12:01:57 -0400    

If a syntax error occurred in a SQL-language or PL/pgSQL-language  
CREATE FUNCTION or DO command executed in a logical replication worker,  
we'd suffer a null pointer dereference or assertion failure.  That  
seems like a rather contrived case, but nonetheless worth fixing.  
  
The cause is that function_parse_error_transpose assumes it must be  
executing within the context of a Portal, but logical/worker.c  
doesn't create a Portal since it's not running the standard executor.  
We can just back off the hard Assert check and make it fail gracefully  
if there's not an ActivePortal.  (I have a feeling that the aggressive  
check here was my fault originally, probably because I wasn't sure if  
the case would always hold and wanted to find out.  Well, now we know.)  
  
The hazard seems to exist in all branches that have logical replication,  
so back-patch to v10.  
  
Maxim Orlov, Anton Melnikov, Masahiko Sawada, Tom Lane  
  
Discussion: https://postgr.es/m/[email protected]  
Discussion: https://postgr.es/m/[email protected]  

commit   : 5ecf836e9b5e12e15cc2b9258c3dbd5ff4f7abc1    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 2 Nov 2022 17:37:26 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 2 Nov 2022 17:37:26 -0400    

If we have no special-case code in s_lock.h for the current platform,  
but the compiler has __sync_lock_test_and_set, use that instead of  
failing.  It's unlikely that anybody's __sync_lock_test_and_set  
would be so awful as to be worse than our semaphore-based fallback,  
but if it is, they can (continue to) use --disable-spinlocks.  
  
This allows removal of the RISC-V special case installed by commit  
c32fcac56, which generated exactly the same code but only on that  
platform.  Usefully, the RISC-V buildfarm animals should now test  
at least the int variant of this patch.  
  
I've manually tested both variants on ARM by dint of removing the  
ARM-specific stanza.  We don't want to drop that, because it already  
has some special knowledge and is likely to grow more over time.  
Likewise, this is not meant to preclude installing special cases  
for other arches if that proves worthwhile.  
  
Per discussion of a request to install the same code for loongarch64.  
Like the previous patch, we might as well back-patch to supported  
branches.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 0008ad8517aefa0787c925718a88da8af1a683c1    
  
author   : Etsuro Fujita <[email protected]>    
date     : Wed, 2 Nov 2022 18:15:06 +0900    
  
committer: Etsuro Fujita <[email protected]>    
date     : Wed, 2 Nov 2022 18:15:06 +0900    

commit   : ec9a000d8b40b91f94212d7e58b186bd7138ec3c    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 1 Nov 2022 17:08:28 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 1 Nov 2022 17:08:28 -0400    

DST law changes in Chile, Fiji, Iran, Jordan, Mexico, Palestine,  
and Syria.  Historical corrections for Chile, Crimea, Iran, and  
Mexico.  
  
Also, the Europe/Kiev zone has been renamed to Europe/Kyiv  
(retaining the old name as a link).  
  
The following zones have been merged into nearby, more-populous zones  
whose clocks have agreed since 1970: Antarctica/Vostok, Asia/Brunei,  
Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam,  
Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo,  
Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen,  
Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti,  
Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake and Pacific/Wallis.  
(This indirectly affects zones that were already links to one of  
these: Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland,  
Pacific/Ponape, Pacific/Truk, and Pacific/Yap.)  America/Nipigon,  
America/Rainy_River, America/Thunder_Bay, Europe/Uzhgorod, and  
Europe/Zaporozhye were also merged into nearby zones after discovering  
that their claimed post-1970 differences from those zones seem to have  
been errors.  
  
While the IANA crew have been working on merging zones that have no  
post-1970 differences for some time, this batch of changes affects  
some zones that are significantly more populous than those merged  
in the past, notably parts of Europe.  The loss of pre-1970 timezone  
history for those zones may be troublesome for applications  
expecting consistency of timestamptz display.  As an example, the  
stored value '1944-06-01 12:00 UTC' would previously display as  
'1944-06-01 13:00:00+01' if the Europe/Stockholm zone is selected,  
but now it will read out as '1944-06-01 14:00:00+02'.  
  
There exists a "packrat" option that will build the timezone data  
files with this old data preserved, but the problem is that it also  
resurrects a bunch of other, far less well-attested data; so much so  
that actually more zones' contents change from 2022a with that option  
than without it.  I have chosen not to do that here, for that reason  
and because it appears that no major OS distributions are using the  
"packrat" option, so that doing so would cause Postgres' behavior  
to diverge significantly depending on whether it was built with  
--with-system-tzdata.  However, for anyone for whom these changes pose  
significant problems, there is a solution: build a set of timezone  
files with the "packrat" option and use those with Postgres.  

commit   : ca4c6764b3ee5211c93cd94f4f46a4831dbcb684    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 1 Nov 2022 12:48:01 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 1 Nov 2022 12:48:01 -0400    

When executing a utility statement, we must fetch everything  
we need out of the PlannedStmt data structure before calling  
standard_ProcessUtility.  In certain cases (possibly only ROLLBACK  
in extended query protocol), that data structure will get freed  
during command execution.  The situation is probably often harmless  
in production builds, but in debug builds we intentionally overwrite  
the freed memory with garbage, leading to picking up garbage values  
of statement location and length, typically causing an assertion  
failure later in pg_stat_statements.  In non-debug builds, if  
something did go wrong it would likely lead to storing garbage  
for the query string.  
  
Report and fix by zhaoqigui (with cosmetic adjustments by me).  
It's an old problem, so back-patch to all supported versions.  
  
Discussion: https://postgr.es/m/[email protected]  
Discussion: https://postgr.es/m/[email protected]  

commit   : 51c24d9e21d7c36cbb6890655fd8f57270cdb15a    
  
author   : Michael Paquier <[email protected]>    
date     : Wed, 26 Oct 2022 09:41:26 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Wed, 26 Oct 2022 09:41:26 +0900    

Contrary to what is documented in src/backend/access/transam/README,  
ginHeapTupleFastInsert() had a few ordering issues with the way it does  
its WAL operations when inserting items in its fast path.  
  
First, when using a separate list, XLogBeginInsert() was being always  
called before START_CRIT_SECTION(), and in this case a second thing was  
wrong when merging lists, as an exclusive lock was taken on the tail  
page *before* calling XLogBeginInsert().  Finally, when inserting items  
into a tail page, the order of XLogBeginInsert() and  
START_CRIT_SECTION() was reversed.  This commit addresses all these  
issues by moving the calls of XLogBeginInsert() after all the pages  
logged are locked and pinned, within a critical section.  
  
This has been applied first only on HEAD as of 56b6625, but as per  
discussion with Tom Lane and Álvaro Herrera, a backpatch is preferred to  
keep all the branches consistent and to respect the transam's README  
where we can.  
  
Author:  Matthias van de Meent, Zhang Mingli  
Discussion: https://postgr.es/m/CAEze2WhL8uLMqynnnCu1LAPwxD5RKEo0nHV+eXGg_N6ELU88HQ@mail.gmail.com  
Backpatch-through: 10  

commit   : 475e9daf39799b7ae160753761318193480d5942    
  
author   : Robert Haas <[email protected]>    
date     : Fri, 21 Oct 2022 08:21:55 -0400    
  
committer: Robert Haas <[email protected]>    
date     : Fri, 21 Oct 2022 08:21:55 -0400    

Specifically, when pg_basebackup is invoked with -Tx=y, don't error  
out if x could plausibly be an absolute path either on Windows or on  
non-Windows systems. We don't know whether the remote system is  
running the same OS as the local system, so it's not appropriate to  
assume that our local rule about absolute pathnames is the same as  
the rule on the remote system.  
  
Patch by me, reviewed by Tom Lane, Andrew Dunstan, and  
Davinder Singh.  
  
Discussion: http://postgr.es/m/CA+TgmoY+jC3YiskomvYKDPK3FbrmsDU7_8+wMHt02HOdJeRb0g@mail.gmail.com  

commit   : f7f82cf05a3fd902187f94b1f52619484fc9691b    
  
author   : Amit Kapila <[email protected]>    
date     : Fri, 21 Oct 2022 12:10:11 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Fri, 21 Oct 2022 12:10:11 +0530    

Previously in commit 42681dffaf, we added CFI during decoding changes but  
missed another similar case that can happen while restoring changes  
spilled to disk back into memory in a loop.  
  
Reported-by: Robert Haas  
Author: Amit Kapila  
Backpatch-through: 10  
Discussion: https://postgr.es/m/CA+TgmoaLObg0QbstbC8ykDwOdD1bDkr4AbPpB=0DPgA2JW0mFg@mail.gmail.com  

commit   : 02600886c8a8c47f61d8911fdf2938904287b62c    
  
author   : Amit Kapila <[email protected]>    
date     : Fri, 21 Oct 2022 09:32:21 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Fri, 21 Oct 2022 09:32:21 +0530    

This problem has been introduced by commit 272248a0c1 where we started  
assigning the subtransactions to the top-level transaction when we mark  
both the top-level transaction and its subtransactions as containing  
catalog changes. After we assign subtransactions to the top-level  
transaction, we were not allowed to execute any invalidations associated  
with it when we decide to skip the transaction.  
  
The reason to assign the subtransactions to the top-level transaction was  
to avoid the assertion failure in AssertTXNLsnOrder() as they have the  
same LSN when we sometimes start accumulating transaction changes for  
partial transactions after the restart. Now that with commit 64ff0fe4e8,  
we skip this assertion check until we reach the LSN at which we start  
decoding the contents of the transaction, so, there is no reason for such  
an assignment anymore.  
  
The assignment change was introduced in 15 and prior versions but this bug  
doesn't exist in branches prior to 14 since we don't add invalidation  
messages to subtransactions. We decided to backpatch through 11 for  
consistency but not for 10 since its final release is near.  
  
Reported-by: Kuroda Hayato  
Author: Masahiko Sawada  
Reviewed-by: Amit Kapila  
Backpatch-through: 11  
Discussion: https://postgr.es/m/TYAPR01MB58660803BCAA7849C8584AA4F57E9%40TYAPR01MB5866.jpnprd01.prod.outlook.com  
Discussion: https://postgr.es/m/a89b46b6-0239-2fd5-71a9-b19b1f7a7145%40enterprisedb.com  

commit   : 1bf4d92060eeefa40b4d63d246a490379a5cec78    
  
author   : Amit Kapila <[email protected]>    
date     : Thu, 20 Oct 2022 09:16:28 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Thu, 20 Oct 2022 09:16:28 +0530    

When the logical decoding restarts from NEW_CID, since there is no  
association between the top transaction and its subtransaction, both are  
created as top transactions and have the same LSN. This caused the  
assertion failure in AssertTXNLsnOrder().  
  
This patch skips the assertion check until we reach the LSN at which we  
start decoding the contents of the transaction, specifically  
start_decoding_at LSN in SnapBuild. This is okay because we don't  
guarantee to make the association between top transaction and  
subtransaction until we try to decode the actual contents of transaction.  
The ordering of the records prior to the start_decoding_at LSN should have  
been checked before the restart.  
  
The other assertion failure is due to the reason that we forgot to track  
that we have considered top-level transaction id in the list of catalog  
changing transactions that were committed when one of its subtransactions  
is marked as containing catalog change.  
  
Reported-by: Tomas Vondra, Osumi Takamichi  
Author: Masahiko Sawada, Kuroda Hayato  
Reviewed-by: Amit Kapila, Dilip Kumar, Kuroda Hayato, Kyotaro Horiguchi, Masahiko Sawada  
Backpatch-through: 10  
Discussion: https://postgr.es/m/a89b46b6-0239-2fd5-71a9-b19b1f7a7145%40enterprisedb.com  
Discussion: https://postgr.es/m/TYCPR01MB83733C6CEAE47D0280814D5AED7A9%40TYCPR01MB8373.jpnprd01.prod.outlook.com  

commit   : aa34bc4e2bc8d13efb38b349f39b0f3b04883ffb    
  
author   : Thomas Munro <[email protected]>    
date     : Wed, 19 Oct 2022 22:38:58 +1300    
  
committer: Thomas Munro <[email protected]>    
date     : Wed, 19 Oct 2022 22:38:58 +1300    

Per https://llvm.org/docs/OpaquePointers.html, support for non-opaque  
pointers still exists and we can request that on our context.  We have  
until LLVM 16 to move to opaque pointers, a much larger change.  
  
Back-patch to 11, where LLVM support arrived.  
  
Author: Thomas Munro <[email protected]>  
Author: Andres Freund <[email protected]>  
Discussion: https://postgr.es/m/CAMHz58Sf_xncdyqsekoVsNeKcruKootLtVH6cYXVhhUR1oKPCg%40mail.gmail.com  

commit   : 44efd345c09311eb63cd1573827b4177fde6aa5c    
  
author   : Bruce Momjian <[email protected]>    
date     : Mon, 17 Oct 2022 15:21:29 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Mon, 17 Oct 2022 15:21:29 -0400    

It was previously easily overlooked at the end of several tables.  
  
Reported-by: Alex Denman  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : 6a71bf6f587cddc2129e679fc3ecdd937710245e    
  
author   : Bruce Momjian <[email protected]>    
date     : Mon, 17 Oct 2022 15:07:02 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Mon, 17 Oct 2022 15:07:02 -0400    

The fix is to run ANALYZE.  
  
Discussion: https://postgr.es/m/[email protected],  
   https://postgr.es/m/flat/CAKJS1f8DTbCHf9gedU0He6ARsd58E6qOhEHM1caomqj_r9MOiQ%40mail.gmail.com,  
   https://postgr.es/m/CAKJS1f80o98hcfSk8j%3DfdN09S7Sjz%2BvuzhEwbyQqvHJb_sZw0g%40mail.gmail.com  
  
Backpatch-through: 10  

commit   : 65c1106d8c5bea72b30c257d992c0d42f1b52440    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 17 Oct 2022 12:14:39 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 17 Oct 2022 12:14:39 -0400    

DefineQueryRewrite() has long required that ON SELECT rules be named  
"_RETURN".  But we overlooked the converse case: we should forbid  
non-ON-SELECT rules that are named "_RETURN".  In particular this  
prevents using CREATE OR REPLACE RULE to overwrite a view's _RETURN  
rule with some other kind of rule, thereby breaking the view.  
  
Per bug #17646 from Kui Liu.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 99b6b705d439fbf72aefe968941f38d571b9231c    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 17 Oct 2022 11:35:23 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 17 Oct 2022 11:35:23 -0400    

The executor will dump core if it's asked to execute a seqscan on  
a relation having no table AM, such as a view.  While that shouldn't  
really happen, it's possible to get there via catalog corruption,  
such as a missing ON SELECT rule.  It seems worth installing a defense  
against that.  There are multiple plausible places for such a defense,  
but I picked the planner's get_relation_info().  
  
Per discussion of bug #17646 from Kui Liu.  Back-patch to v12 where  
the tableam APIs were introduced; in older versions you won't get a  
SIGSEGV, so it seems less pressing.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 3d7df87c4bba27f1d1dcc5d92e7997b82cedd458    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 16 Oct 2022 15:27:04 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 16 Oct 2022 15:27:04 -0400    

In the latest version of Apple's macOS SDK, <sys/socket.h>  
fails to compile if "REF" is #define'd as something.  
Apple may or may not agree that this is a bug, and even if  
they do accept the bug report I filed, they probably won't  
fix it very quickly.  In the meantime, our back branches will all  
fail to compile gram.y.  v15 and HEAD currently escape the problem  
thanks to the refactoring done in 98e93a1fc, but that's purely  
accidental.  Moreover, since that patch removed a widely-visible  
inclusion of <netdb.h>, back-patching it seems too likely to break  
third-party code.  
  
Instead, change the token's code name to REF_P, following our usual  
convention for naming parser tokens that are likely to have symbol  
conflicts.  The effects of that should be localized to the grammar  
and immediately surrounding files, so it seems like a safer answer.  
  
Per project policy that we want to keep recently-out-of-support  
branches buildable on modern systems, back-patch all the way to 9.2.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : d33ac1ec2af5297b2ac8fbf89464f0c7f90a7955    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 16 Oct 2022 11:47:44 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 16 Oct 2022 11:47:44 -0400    

snprintf.c has always fallen back on libc's *printf implementation  
when printing pointers (%p) and floats.  When this code originated,  
we were still supporting some platforms that lacked native snprintf,  
so we used sprintf for that.  That's not actually unsafe in our usage,  
but nonetheless builds on macOS are starting to complain about sprintf  
being unconditionally deprecated; and I wouldn't be surprised if other  
platforms follow suit.  There seems little reason to believe that any  
platform supporting C99 wouldn't have standards-compliant snprintf,  
so let's just use that instead to suppress such warnings.  
  
Back-patch to v12, which is where we started to require C99.  It's  
also where we started to use our snprintf.c everywhere, so this  
wouldn't be enough to suppress the warning in older branches anyway  
--- that is, in older branches these aren't necessarily all our  
usages of libc's sprintf.  It is enough in v12+ because any  
deprecation annotation attached to libc's sprintf won't apply to  
pg_sprintf.  (Whether all our usages of pg_sprintf are adequately  
safe is not a matter I intend to address here, but perhaps it could  
do with some review.)  
  
Per report from Andres Freund and local testing.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : dd63cf92ceac6bfa6a20ab57c3c07113cf124790    
  
author   : Alvaro Herrera <[email protected]>    
date     : Thu, 13 Oct 2022 13:36:14 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Thu, 13 Oct 2022 13:36:14 +0200    

While at it, simplify wording a bit.  
  
Author: Takamichi Osumi <[email protected]>  
Reviewed-by: Peter Smith <[email protected]>  
Discussion: https://postgr.es/m/TYCPR01MB8373F93F5D094A2BE648990DED259@TYCPR01MB8373.jpnprd01.prod.outlook.com  

commit   : 75517026f33148b1ae783941f5e6d2239f512b47    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 12 Oct 2022 10:51:11 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 12 Oct 2022 10:51:11 -0400    

Add  
    After=network-online.target  
    Wants=network-online.target  
to the suggested unit file for starting a Postgres server.  
This delays startup until the network interfaces have been  
configured; without that, any attempt to bind to a specific  
IP address will fail.  
  
If listen_addresses is set to "localhost" or "*", it might be  
possible to get away with the less restrictive "network.target",  
but I don't think we need to get into such detail here.  
  
Per suggestion from Pablo Federico.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 8f98352b5ed9f1c32ad9277a83d4adf5e1055a15    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 11 Oct 2022 18:54:31 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 11 Oct 2022 18:54:31 -0400    

The postmaster is not supposed to do anything that depends  
fundamentally on shared memory contents, because that creates  
the risk that a backend crash that trashes shared memory will  
take the postmaster down with it, preventing automatic recovery.  
In commit 969d7cd43 I lost sight of this principle and coded  
AssignPostmasterChildSlot() in such a way that it could fail  
or even crash if the shared PMSignalState structure became  
corrupted.  Remarkably, we've not seen field reports of such  
crashes; but I managed to induce one while testing the recent  
changes around palloc chunk headers.  
  
To fix, make a semi-duplicative state array inside the postmaster  
so that we need consult only local state while choosing a "child  
slot" for a new backend.  Ensure that other postmaster-executed  
routines in pmsignal.c don't have critical dependencies on the  
shared state, either.  Corruption of PMSignalState might now  
lead ReleasePostmasterChildSlot() to conclude that backend X  
failed, when actually backend Y was the one that trashed things.  
But that doesn't matter, because we'll force a cluster-wide reset  
regardless.  
  
Back-patch to all supported branches, since this is an old bug.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : abc510fa2a34eba00406e9ce330b77e1d9c4ccdf    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 11 Oct 2022 18:24:15 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 11 Oct 2022 18:24:15 -0400    

DEFAULT markers appearing in an INSERT on an updatable view  
could be mis-processed if they were in a multi-row VALUES clause.  
This would lead to strange errors such as "cache lookup failed  
for type NNNN", or in older branches even to crashes.  
  
The cause is that commit 41531e42d tried to re-use rewriteValuesRTE()  
to remove any SetToDefault nodes (that hadn't previously been replaced  
by the view's own default values) appearing in "product" queries,  
that is DO ALSO queries.  That's fundamentally wrong because the  
DO ALSO queries might not even be INSERTs; and even if they are,  
their targetlists don't necessarily match the view's column list,  
so that almost all the logic in rewriteValuesRTE() is inapplicable.  
  
What we want is a narrow focus on replacing any such nodes with NULL  
constants.  (That is, in this context we are interpreting the defaults  
as being strictly those of the view itself; and we already replaced  
any that aren't NULL.)  We could add still more !force_nulls tests  
to further lobotomize rewriteValuesRTE(); but it seems cleaner to  
split out this case to a new function, restoring rewriteValuesRTE()  
to the charter it had before.  
  
Per bug #17633 from jiye_sw.  Patch by me, but thanks to  
Richard Guo and Japin Li for initial investigation.  
Back-patch to all supported branches, as the previous fix was.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : fa5c13178f26ed21a30c7c1ae537ede4962c71a1    
  
author   : Alvaro Herrera <[email protected]>    
date     : Tue, 11 Oct 2022 09:56:13 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Tue, 11 Oct 2022 09:56:13 +0200    

PostgreSQL::Test::Cluster and ::Utils were not being installed.  This is  
very hard to notice, as it only seems to affect external modules that  
want to run tests from 15 back in earlier versions.  Oversight in  
b235d41d9646.  
  
This applies only to branches 14 and back, because 15 had already been  
made correct in commit b3b4d8e68ae8.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 669803af04e6b4309b1b098162cce0cea7a82764    
  
author   : Alvaro Herrera <[email protected]>    
date     : Fri, 7 Oct 2022 19:37:48 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Fri, 7 Oct 2022 19:37:48 +0200    

There are a number of bugs in this area.  Two of them are fixed here,  
namely:  
1. get_relation_idx_constraint_oid does not restrict the type of  
   constraint that's returned, so with sufficient bad luck it can  
   return the OID of a foreign key constraint.  This has the effect that  
   a primary key in a partition can end up as a child of a foreign key,  
   which makes no sense (it needs to be the child of the equivalent  
   primary key.)  
   Change the API contract so that only index-backed constraints are  
   returned, mimicking get_constraint_index().  
  
2. Both CloneFkReferenced and CloneFkReferencing clone a  
   self-referencing foreign key, so the partition ends up with  
   a duplicate foreign key.  Change the former function to ignore such  
   constraints.  
  
Add some tests to verify that things are better now.  (However, these  
new tests show some additional misbehavior that will be fixed later --  
namely that there's a constraint marked NOT VALID.)  
  
Backpatch to 12, where these constraints are possible at all.  
  
Author: Jehan-Guillaume de Rorthais <[email protected]>  
Discussion: https://postgr.es/m/20220603154232.1715b14c@karst  

commit   : e7bd2d6712495eba037bae0fdbe1bf413110ebe6    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 30 Sep 2022 19:36:46 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 30 Sep 2022 19:36:46 -0400    

Commit 34f581c39 intended to ensure that RelationGetBufferForTuple  
would acquire a visibility-map page pin in case the otherBuffer's  
all-visible bit had become set since we last had lock on that page.  
But I missed a case: when we're extending the relation, VM concerns  
were dealt with only in the relatively-less-likely case that we  
fail to conditionally lock the otherBuffer.  I think I'd believed  
that we couldn't need to worry about it if the conditional lock  
succeeds, which is true for the target buffer; but the otherBuffer  
was unlocked for awhile so its bit might be set anyway.  So we need  
to do the GetVisibilityMapPins dance, and then also recheck the  
page's free space, in both cases.  
  
Per report from Jaime Casanova.  Back-patch to v12 as the previous  
patch was (although there's still no evidence that the bug is  
reachable pre-v14).  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : d9102e456738e0dafcf080406b95192d591429eb    
  
author   : Daniel Gustafsson <[email protected]>    
date     : Fri, 30 Sep 2022 12:03:48 +0200    
  
committer: Daniel Gustafsson <[email protected]>    
date     : Fri, 30 Sep 2022 12:03:48 +0200    

The compression parameter to PQsslAttribute has never returned the  
compression method used, it has always returned "on" or "off since  
it was added in commit 91fa7b4719ac. Backpatch through v10.  
  
Reviewed-by: Tom Lane <[email protected]>  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: v10  

commit   : 994c5ceabe1eef6dd490bc74244f4b4dd69db2c9    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 28 Sep 2022 13:14:38 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 28 Sep 2022 13:14:38 -0400    

Reported-by: Tom Lane  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : 95d951beee40db4881669d11e24348a74768b841    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 28 Sep 2022 13:05:20 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 28 Sep 2022 13:05:20 -0400    

doc revert of commit 1703726488.  Change was applied to irrelevant  
branches, and was not detailed enough to be helpful in relevant  
branches.  
  
Reported-by: Peter Eisentraut, Noah Misch  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : 84f8e407f5d9d9c1262931ebe6a83bc90a2f635b    
  
author   : Alvaro Herrera <[email protected]>    
date     : Wed, 28 Sep 2022 17:14:53 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Wed, 28 Sep 2022 17:14:53 +0200    

This prevents marking the argument string for translation for gettext,  
and it also prevents the given string (which is already translated) from  
being translated at runtime.  
  
Also, mark the strings used as arguments to check_rolespec_name for  
translation.  
  
Backpatch all the way back as appropriate.  None of this is caught by  
any tests (necessarily so), so I verified it manually.  

commit   : 51976309450c58e79b46015223888db8f5c8159f    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 25 Sep 2022 17:10:58 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 25 Sep 2022 17:10:58 -0400    

Commit 25936fd46 adjusted things so that the "storeslot" we use  
for remapping trigger tuples would have adequate lifespan, but it  
neglected to consider the lifespan of the tuple descriptor that  
the slot depends on.  It turns out that in at least some cases, the  
tupdesc we are passing is a refcounted tupdesc, and the refcount for  
the slot's reference can get assigned to a resource owner having  
different lifespan than the slot does.  That leads to an error like  
"tupdesc reference 0x7fdef236a1b8 is not owned by resource owner  
SubTransaction".  Worse, because of a second oversight in the same  
commit, we'd try to free the same tupdesc refcount again while  
cleaning up after that error, leading to recursive errors and an  
"ERRORDATA_STACK_SIZE exceeded" PANIC.  
  
To fix the initial problem, let's just make a non-refcounted copy  
of the tupdesc we're supposed to use.  That seems likely to guard  
against additional problems, since there's no strong reason for  
this code to assume that what it's given is a refcounted tupdesc;  
in which case there's an independent hazard of the tupdesc having  
shorter lifespan than the slot does.  (I didn't bother trying to  
free said copy, since it should go away anyway when the (sub)  
transaction context is cleaned up.)  
  
The other issue can be fixed by making the code added to  
AfterTriggerFreeQuery work like the rest of that function, ie be  
sure that it doesn't try to free the same slot twice in the event  
of recursive error cleanup.  
  
While here, also clean up minor stylistic issues in the test case  
added by 25936fd46: don't use "create or replace function", as any  
name collision within the tests is likely to have ill effects  
that that won't mask; and don't use function names as generic as  
trigger_function1, especially if you're not going to drop them  
at the end of the test stanza.  
  
Per bug #17607 from Thomas Mc Kay.  Back-patch to v12, as the  
previous fix was.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 0a64835b1e668aa14ccf4c6b557a2f0cf1240fbd    
  
author   : Alvaro Herrera <[email protected]>    
date     : Sun, 25 Sep 2022 17:48:03 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Sun, 25 Sep 2022 17:48:03 +0200    

commit   : cab72f0fd08cceb975194d2acd2f6eed917e8fb8    
  
author   : Jeff Davis <[email protected]>    
date     : Thu, 22 Sep 2022 10:58:49 -0700    
  
committer: Jeff Davis <[email protected]>    
date     : Thu, 22 Sep 2022 10:58:49 -0700    

Similar to 5f12bc94dc, the code must re-check PageIsAllVisible() after  
buffer lock is re-acquired. Backpatching to the same version, 12.  
  
Discussion: https://postgr.es/m/CAEP4nAw9jYQDKd_5Y+-s2E4YiUJq1vqiikFjYGpLShtp-K3gag@mail.gmail.com  
Reported-by: Robins Tharakan  
Reviewed-by: Robins Tharakan  
Backpatch-through: 12  

commit   : 6359e4b0fe7138f7b89e07858e1563c46d36459a    
  
author   : Etsuro Fujita <[email protected]>    
date     : Thu, 22 Sep 2022 15:55:06 +0900    
  
committer: Etsuro Fujita <[email protected]>    
date     : Thu, 22 Sep 2022 15:55:06 +0900    

This comment has been wrong since its introduction in commit 0d5f05cde;  
backpatch to v12 where that came in.  
  
Discussion: https://postgr.es/m/CAPmGK14VGf-xQjGQN4o1QyAbXAaxugU5%3DqfcmTDh1iufUDnV_w%40mail.gmail.com  

commit   : e2744369db871bb6e998ea10fe1d7cdf68f57062    
  
author   : Fujii Masao <[email protected]>    
date     : Thu, 22 Sep 2022 12:54:26 +0900    
  
committer: Fujii Masao <[email protected]>    
date     : Thu, 22 Sep 2022 12:54:26 +0900    

Commit 6c2003f8a1 changed the snapshot names mentioned in  
SET TRANSACTION docs, however, there was one place that  
the commit missed updating the name.  
  
Back-patch to all supported versions.  
  
Author: Japin Li  
Reviewed-by: Fujii Masao  
Discussion: https://postgr.es/m/MEYP282MB1669BD4280044501165F8B07B64F9@MEYP282MB1669.AUSP282.PROD.OUTLOOK.COM  

commit   : 9a2267bcfc7d37097a04888813f07dc5460e9a75    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 21 Sep 2022 13:52:38 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 21 Sep 2022 13:52:38 -0400    

Mop up assorted set-but-not-used warnings in the back branches.  
This includes back-patching relevant fixes from commit 152c9f7b8  
the rest of the way, but there are also several cases that did not  
appear in HEAD.  Some of those we'd fixed in a retail way but not  
back-patched, and others I think just got rewritten out of existence  
during nearby refactoring.  
  
While here, also back-patch b1980f6d0 (PL/Tcl: Fix compiler warnings  
with Tcl 8.6) into 9.2, so that that branch compiles warning-free  
with modern Tcl.  
  
Per project policy, this is a candidate for back-patching into  
out-of-support branches: it suppresses annoying compiler warnings  
but changes no behavior.  Hence, back-patch all the way to 9.2.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 52a5fd5b9f8f91fb1df6c7258e1ff58739a61db8    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 20 Sep 2022 18:59:53 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 20 Sep 2022 18:59:53 -0400    

There doesn't seem to be any good ABI-preserving way to silence  
clang 15's -Wdeprecated-non-prototype warnings about our tree-walk  
APIs.  While we've fixed it properly in HEAD, the only way to not  
see hundreds of these in the back branches is to disable the  
warnings.  We're not going to do anything about them, so we might  
as well disable them.  
  
I noticed that we also get some of these warnings about fmgr.c's  
support for V0 function call convention, in branches before v10  
where we removed that.  That's another area we aren't going to  
change, so turning off the warning seems fine for that too.  
  
Per project policy, this is a candidate for back-patching into  
out-of-support branches: it suppresses annoying compiler warnings  
but changes no behavior.  Hence, back-patch all the way to 9.2.  
  
Discussion: https://postgr.es/m/CA+hUKGKpHPDTv67Y+s6yiC8KH5OXeDg6a-twWo_xznKTcG0kSA@mail.gmail.com  

commit   : f38a0bde21776f6a8e92b73645c3d54764c85459    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 20 Sep 2022 12:04:37 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 20 Sep 2022 12:04:37 -0400    

clang 15+ will issue a set-but-not-used warning when the only  
use of a variable is in autoincrements (e.g., "foo++;").  
That's perfectly sensible, but it detects a few more cases that  
we'd not noticed before.  Silence the warnings with our usual  
methods, such as PG_USED_FOR_ASSERTS_ONLY, or in one case by  
actually removing a useless variable.  
  
One thing that we can't nicely get rid of is that with %pure-parser,  
Bison emits "yynerrs" as a local variable that falls foul of this  
warning.  To silence those, I inserted "(void) yynerrs;" in the  
top-level productions of affected grammars.  
  
Per recently-established project policy, this is a candidate  
for back-patching into out-of-support branches: it suppresses  
annoying compiler warnings but changes no behavior.  Hence,  
back-patch to 9.5, which is as far as these patches go without  
issues.  (A preliminary check shows that the prior branches  
need some other set-but-not-used cleanups too, so I'll leave  
them for another day.)  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : adc26e0e88b318454f7962eb0c26aa07a459ee1a    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 19 Sep 2022 12:16:02 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 19 Sep 2022 12:16:02 -0400    

The API contract for planstate_tree_walker() callbacks is that they  
take a PlanState pointer and a context pointer.  Somebody figured  
they could save a couple lines of code by ignoring that, and passing  
ExecShutdownNode itself as the walker even though it has but one  
argument.  Somewhat remarkably, we've gotten away with that so far.  
However, it seems clear that the upcoming C2x standard means to  
forbid such cases, and compilers that actively break such code  
likely won't be far behind.  So spend the extra few lines of code  
to do it honestly with a separate walker function.  
  
In HEAD, we might as well go further and remove ExecShutdownNode's  
useless return value.  I left that as-is in back branches though,  
to forestall complaints about ABI breakage.  
  
Back-patch, with the thought that this might become of practical  
importance before our stable branches are all out of service.  
It doesn't seem to be fixing any live bug on any currently known  
platform, however.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : c1dd5a8aedc7184d9a013721960813f7ace156ab    
  
author   : Peter Geoghegan <[email protected]>    
date     : Sat, 17 Sep 2022 16:54:10 -0700    
  
committer: Peter Geoghegan <[email protected]>    
date     : Sat, 17 Sep 2022 16:54:10 -0700    

The function has a bool argument named "case_insensitive", but that was  
spelled "case_sensitive" in the declaration.  Make them consistent now  
to avoid confusion in the future.  
  
Author: Peter Geoghegan <[email protected]>  
Reviewed-By: Michael Paquiër <[email protected]>  
Discussion: https://postgr.es/m/CAH2-WznJt9CMM9KJTMjJh_zbL5hD9oX44qdJ4aqZtjFi-zA3Tg@mail.gmail.com  
Backpatch: 10-  

commit   : 5aee41e28de9d15219b97d912dea08723e938295    
  
author   : Andres Freund <[email protected]>    
date     : Sat, 17 Sep 2022 09:21:59 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Sat, 17 Sep 2022 09:21:59 -0700    

Frontend code shouldn't include postgres.h. Some files in src/port/ need to  
include postgres.h/postgres_fe.h, but these files don't.  
  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 12-, where 3fd2a7932ef introduced (some) of these files  

commit   : b3b88d7480b81a7622045a88682296c8d4683dbf    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 16 Sep 2022 13:23:01 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 16 Sep 2022 13:23:01 -0400    

Treat arguments declared as RECORD as if that were a polymorphic type  
(which it is, sort of), in that we substitute the actual argument type  
while forming the function cache lookup key.  This allows the specific  
composite type to be known in some cases where it was not before,  
at the cost of making a separate function cache entry for each named  
composite type that's passed to the function during a session.  The  
particular symptom discussed in bug #17610 could be solved in other  
more-efficient ways, but only at the cost of considerable development  
work, and there are other cases where we'd still fail without this.  
  
Per bug #17610 from Martin Jurča.  Back-patch to v11 where we first  
allowed plpgsql functions to be declared as taking type RECORD.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 87fd3c9025da2db0f35b3c898126f32ed35bb15c    
  
author   : Etsuro Fujita <[email protected]>    
date     : Wed, 14 Sep 2022 18:45:06 +0900    
  
committer: Etsuro Fujita <[email protected]>    
date     : Wed, 14 Sep 2022 18:45:06 +0900    

The tlist of the EvalPlanQual outer plan for a ForeignScan node is  
adjusted to produce a tuple whose descriptor matches the scan tuple slot  
for the ForeignScan node.  But in the case where the outer plan contains  
an extra Sort node, if the new tlist contained columns required only for  
evaluating PlaceHolderVars or columns required only for evaluating local  
conditions, this would cause setrefs.c to fail with the error.  
  
The cause of this is that when creating the outer plan by injecting the  
Sort node into an alternative local join plan that could emit such extra  
columns as well, we fail to arrange for the outer plan to propagate them  
up through the Sort node, causing setrefs.c to fail to match up them in  
the new tlist to what is available from the outer plan.  Repair.  
  
Per report from Alexander Pyhalov.  
  
Richard Guo and Etsuro Fujita, reviewed by Alexander Pyhalov and Tom Lane.  
Backpatch to all supported versions.  
  
Discussion: http://postgr.es/m/cfb17bf6dfdf876467bd5ef533852d18%40postgrespro.ru  

commit   : adb371c9cd95ad48cbcedb21a8cb9b0208295dc6    
  
author   : Michael Paquier <[email protected]>    
date     : Wed, 14 Sep 2022 14:52:33 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Wed, 14 Sep 2022 14:52:33 +0900    

The zlib documentation mentions the values supported for the compression  
strategy, but this code has been using a hardcoded value of 0 rather  
than Z_DEFAULT_STRATEGY.  This commit adjusts the code to use  
Z_DEFAULT_STRATEGY.  
  
Backpatch down to where this code has been added to ease the backport of  
any future patch touching this area.  
  
Reported-by: Tom Lane  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: 10  

commit   : 7dd9b469bc56f853ce2a092a6575a587a8c45ccf    
  
author   : Peter Eisentraut <[email protected]>    
date     : Wed, 14 Sep 2022 06:04:24 +0200    
  
committer: Peter Eisentraut <[email protected]>    
date     : Wed, 14 Sep 2022 06:04:24 +0200    

This adds additional variants of palloc, pg_malloc, etc. that  
encapsulate common usage patterns and provide more type safety.  
  
Specifically, this adds palloc_object(), palloc_array(), and  
repalloc_array(), which take the type name of the object to be  
allocated as its first argument and cast the return as a pointer to  
that type.  There are also palloc0_object() and palloc0_array()  
variants for initializing with zero, and pg_malloc_*() variants of all  
of the above.  
  
Inspired by the talloc library.  
  
This is backpatched from master so that future backpatchable code can  
make use of these APIs.  This patch by itself does not contain any  
users of these APIs.  
  
Reviewed-by: Tom Lane <[email protected]>  
Discussion: https://www.postgresql.org/message-id/flat/[email protected]  

commit   : e4c8288b32380b68bcd28000551cfefee7aca7b7    
  
author   : Daniel Gustafsson <[email protected]>    
date     : Mon, 12 Sep 2022 22:17:17 +0200    
  
committer: Daniel Gustafsson <[email protected]>    
date     : Mon, 12 Sep 2022 22:17:17 +0200    

The FreeBSD site was changed with a redirect, which in turn seems to  
lead to a 404. Replace with the working link.  
  
Author: James Coleman <[email protected]>  
Discussion: https://postgr.es/m/CAAaqYe_JZRj+KPn=hACtwsg1iLRYs=jYvxG1NW4AnDeUL1GD-Q@mail.gmail.com  

commit   : 9ebfbd23bcdefa7cb7abd1ecdd80aa1f9be6eede    
  
author   : Daniel Gustafsson <[email protected]>    
date     : Mon, 12 Sep 2022 12:59:06 +0200    
  
committer: Daniel Gustafsson <[email protected]>    
date     : Mon, 12 Sep 2022 12:59:06 +0200    

Commit c4c340088 changed geometric operators to use float4 and float8  
functions, and handle NaN's in a better way. The circle sameness test  
had a typo in the code which resulted in all comparisons with the left  
circle having a NaN radius considered same.  
  
  postgres=# select '<(0,0),NaN>'::circle ~= '<(0,0),1>'::circle;  
  ?column?  
  ----------  
  t  
  (1 row)  
  
This fixes the sameness test to consider the radius of both the left  
and right circle.  
  
Backpatch to v12 where this was introduced.  
  
Author: Ranier Vilela <[email protected]>  
Discussion: https://postgr.es/m/CAEudQAo8dK=yctg2ZzjJuzV4zgOPBxRU5+Kb+yatFiddtQk6Rw@mail.gmail.com  
Backpatch-through: v12  

commit   : 9fbc6d5483b00006351374ef6b3bc176c0175ed5    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 9 Sep 2022 15:34:04 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 9 Sep 2022 15:34:04 -0400    

The ECPG preprocessor converted code such as  
  
static varchar str1[10], str2[20], str3[30];  
  
into  
  
static  struct varchar_1  { int len; char arr[ 10 ]; }  str1 ;  
        struct varchar_2  { int len; char arr[ 20 ]; }  str2 ;  
        struct varchar_3  { int len; char arr[ 30 ]; }  str3 ;  
  
thus losing the storage attribute for the later variables.  
Repeat the declaration for each such variable.  
  
(Note that this occurred only for variables declared "varchar"  
or "bytea", which may help explain how it escaped detection  
for so long.)  
  
Andrey Sokolov  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 23fe89a612238e269b621245fe9e4c882b9ef07b    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 9 Sep 2022 12:41:36 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 9 Sep 2022 12:41:36 -0400    

When using the BSD UUID functions, contrib/uuid-ossp expects  
uuid_create() to produce a version-1 UUID.  FreeBSD still does so,  
but in recent NetBSD releases that function produces a version-4  
(random) UUID instead.  That's not acceptable for our purposes:  
if the user wanted v4 she would have asked for v4, not v1.  
Hence, check the version digit and complain if it's not '1'.  
  
Also drop the documentation's claim that the NetBSD implementation  
is usable.  It might be, depending on which OS version you're using,  
but we're not going to get into that kind of detail.  
  
(Maybe someday we should ditch all these external libraries  
and just write our own UUID code, but today is not that day.)  
  
Nazir Bilal Yavuz, with cosmetic adjustments and docs by me.  
Backpatch to all supported versions.  
  
Discussion: https://postgr.es/m/[email protected]  
Discussion: https://postgr.es/m/[email protected]  

commit   : 562e100aeeaf5db2243adbe6ff6a68bee313038e    
  
author   : Alvaro Herrera <[email protected]>    
date     : Thu, 8 Sep 2022 13:17:02 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Thu, 8 Sep 2022 13:17:02 +0200    

During ALTER TABLE ATTACH PARTITION, if the name of a parent's foreign  
key constraint is already used on the partition, the code tries to  
choose another one before the FK attributes list has been populated,  
so the resulting constraint name was "<relname>__fkey" instead of  
"<relname>_<attrs>_fkey".  Repair, and add a test case.  
  
Backpatch to 12.  In 11, the code to attach a partition was not smart  
enough to cope with conflicting constraint names, so the problem doesn't  
exist there.  
  
Author: Jehan-Guillaume de Rorthais <[email protected]>  
Discussion: https://postgr.es/m/20220901184156.738ebee5@karst  

commit   : 4d7c0fe51d6b4416db0fcc688a3f46574863426a    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 6 Sep 2022 16:38:18 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 6 Sep 2022 16:38:18 -0400    

Some more things I didn't think about in commits 3f7323cbb et al:  
  
MULTIEXPR_SUBLINK subplans might have been converted to initplans  
instead of regular subplans, in which case they won't show up in  
the modified targetlist.  Fortunately, this would only happen if  
they have no input parameters, which means that the problem we  
originally needed to fix can't happen with them.  Therefore, there's  
no need to clone their output parameters, and thus it doesn't hurt  
that we'll fail to see them in the first pass over the targetlist.  
Nonetheless, this complicates matters greatly, because now we have  
to distinguish output Params of initplans (which shouldn't get  
renumbered) from those of regular subplans (which should).  
This also breaks the simplistic scheme I used of assuming that the  
subplans found in the targetlist have consecutive subLinkIds.  
We really can't avoid the need to know the subplans' subLinkIds in  
this code.  To fix that, add subLinkId as the last field of SubPlan.  
We can get away with that change in back branches because SubPlan  
nodes will never be stored in the catalogs, and there's no ABI  
break for external code that might be looking at the existing  
fields of SubPlan.  
  
Secondly, rewriteTargetListIU might have rolled up multiple  
FieldStores or SubscriptingRefs into one targetlist entry,  
breaking the assumption that there's at most one Param to fix  
per targetlist entry.  (That assumption is OK I think in the  
ruleutils.c code I stole the logic from in 18f51083c, because  
that only deals with pre-rewrite query trees.  But it's  
definitely not OK here.)  Abandon that shortcut and just do a  
full tree walk on the targetlist to ensure we find all the  
Params we have to change.  
  
Per bug #17606 from Andre Lin.  As before, only v10-v13 need the  
patch.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 7adc34832f24a247197899324e99ad042123ab09    
  
author   : Peter Geoghegan <[email protected]>    
date     : Mon, 5 Sep 2022 11:20:03 -0700    
  
committer: Peter Geoghegan <[email protected]>    
date     : Mon, 5 Sep 2022 11:20:03 -0700    

Postgres 14 commit 5b861baa taught nbtree VACUUM to tolerate buggy  
opclasses.  VACUUM's inability to locate a to-be-deleted page's downlink  
in the parent page was logged instead of throwing an error.  VACUUM  
could just press on with vacuuming the index, and vacuuming the table as  
a whole.  
  
There are now anecdotal reports of this error causing problems that were  
much more disruptive than the underlying index corruption ever could be.  
Anything that makes VACUUM unable to make forward progress against one  
table/index ultimately risks making the system enter xidStopLimit mode.  
There is no good reason to take any chances here, so backpatch the  
hardening commit.  
  
Author: Peter Geoghegan <[email protected]>  
Discussion: https://postgr.es/m/CAH2-Wzm9HR6Pow=t-iQa57zT8qmX6_M4h14F-pTtb=xFDW5FBA@mail.gmail.com  
Backpatch: 10-13 (all supported versions that lacked the hardening)  

commit   : 844ac0967e390583f589832d084f102e0791d0d6    
  
author   : David Rowley <[email protected]>    
date     : Mon, 5 Sep 2022 18:45:17 +1200    
  
committer: David Rowley <[email protected]>    
date     : Mon, 5 Sep 2022 18:45:17 +1200    

Improve documentation regarding the limitations of unique and primary key  
constraints on partitioned tables.  The existing documentation didn't make  
it clear that the constraint columns had to be present in the partition  
key as bare columns.  The reader could be led to believe that it was ok to  
include the constraint columns as part of a function call's parameters or  
as part of an expression.  Additionally, the documentation didn't mention  
anything about the fact that we disallow unique and primary key  
constraints if the partition keys contain *any* function calls or  
expressions, regardless of if the constraint columns appear as columns  
elsewhere in the partition key.  
  
The confusion here was highlighted by a report on the general mailing list  
by James Vanns.  
  
Discussion: https://postgr.es/m/CAH7vdhNF0EdYZz3GLpgE3RSJLwWLhEk7A_fiKS9dPBT3Dz_3eA@mail.gmail.com  
Discussion: https://postgr.es/m/CAApHDvoU-u9iTqKjteYRFfi+UNEk7dbSAcyxEQD==vZt9B1KnA@mail.gmail.com  
Reviewed-by: Erik Rijkers  
Backpatch-through: 11  

commit   : a78c38417a6030c900853a31b776265e57ac7e48    
  
author   : Bruce Momjian <[email protected]>    
date     : Fri, 2 Sep 2022 23:32:18 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Fri, 2 Sep 2022 23:32:18 -0400    

Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : 92cad1439f2b775211d34c7b8f42b87e02c68ace    
  
author   : Bruce Momjian <[email protected]>    
date     : Fri, 2 Sep 2022 21:57:41 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Fri, 2 Sep 2022 21:57:41 -0400    

Reported-by: Drew DeVault  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : df92bc115ec8712cfdd0c7a26ef20b11914ab0a2    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 2 Sep 2022 14:54:40 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 2 Sep 2022 14:54:40 -0400    

Commits 3f7323cbb et al missed the possibility that the Params  
they are looking for could be buried under implicit coercions,  
as well as other stuff that processIndirection() could add to  
the original targetlist entry.  Copy the code in ruleutils.c  
that deals with such cases.  (I thought about refactoring so  
that there's just one copy; but seeing that we only need this  
in old back branches, it seems not worth the trouble.)  
  
Per off-list report from Andre Lin.  As before, only v10-v13  
need the patch.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : f249f1026f71bd8f2e820f1895b745d59fab041e    
  
author   : David Rowley <[email protected]>    
date     : Thu, 1 Sep 2022 19:23:44 +1200    
  
committer: David Rowley <[email protected]>    
date     : Thu, 1 Sep 2022 19:23:44 +1200    

Primarily, this fixes an incorrect calculation in SlabCheck which was  
looking in the wrong byte for the sentinel check.  The reason that we've  
never noticed this before in the form of a failing sentinel check is  
because the pre-check to this always fails because all current core users  
of slab contexts have a chunk size which is already MAXALIGNed, therefore  
there's never any space for the sentinel byte.  It is possible that an  
extension needs to use a slab context and if they do with a chunk size  
that's not MAXALIGNed, then they'll likely get errors about overwritten  
sentinel bytes.  
  
Additionally, this patch changes various calculations which are being done  
based on the sizeof(SlabBlock).  Currently, sizeof(SlabBlock) is a  
multiple of 8, therefore sizeof(SlabBlock) is the same as  
MAXALIGN(sizeof(SlabBlock)), however, if we were to ever have to add any  
fields to that struct as part of a bug fix, then SlabAlloc could end up  
returning a non-MAXALIGNed pointer.  To be safe, let's ensure we always  
MAXALIGN sizeof(SlabBlock) before using it in any calculations.  
  
This patch has already been applied to master in d5ee4db0e.  
  
Diagnosed-by: Tomas Vondra, Tom Lane  
Author: Tomas Vondra, David Rowley  
Discussion: https://postgr.es/m/CAA4eK1%2B1JyW5TiL%3DyV-3Uq1CrfnTyn0Xrk5uArt31Z%3D8rgPhXQ%40mail.gmail.com  
Backpatch-through: 10  

commit   : dc565a4597e9412a731960a4df092637e7a833c7    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 23:11:46 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 23:11:46 -0400    

Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : fcd8d6862b2926799654712198253c884b003ce0    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 22:35:09 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 22:35:09 -0400    

Also remove USING erroneously added recently.  
  
Reported-by: Jeff Janes  
  
Discussion: https://postgr.es/m/CAMkU=1zhCpC7hottyMWM5Pimr9vRLprSwzLg+7PgajWhKZqRzw@mail.gmail.com  
  
Backpatch-through: 10  

commit   : 994667f899c70c668b407223c9a7054a85c98faf    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 22:19:05 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 22:19:05 -0400    

Reported-by: [email protected]  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : c2db84fc596c2007b2185140d1f283bab42b59e7    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 21:46:14 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 21:46:14 -0400    

This allows the syntax to be more accurate about what clauses are  
supported.  Also switch an example query to use the ANSI join syntax.  
  
Reported-by: Joel Jacobson  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 11  

commit   : ec20545b20de29ae78e8cc8b6860c72be3ae71cd    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 31 Aug 2022 21:33:45 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 31 Aug 2022 21:33:45 -0400    

Per experimentation and buildfarm failures, Solaris' "sed"  
has got some kind of problem with regexes that use both '*'  
and '[[:alpha:]]'.  We can work around that by replacing  
'[[:alpha:]]' with '[a-zA-Z]', which is plenty good enough  
for our purposes, especially since this is only needed in  
long-stable branches.  
  
I chose to flat-out remove the second pattern of this sort,  
's/except \([a-zA-Z][a-zA-Z.]*\), *\([a-zA-Z][a-zA-Z]*\):/except \1 as \2:/g'  
because we haven't needed it since 8.4.  
  
Follow-on to c3556f6fa, which probably missed catching this  
because the problematic pattern was already gone when that  
patch was written.  
  
Patch v10-v12 only, as the problem manifests only there.  
We have a line of dead code in v13-v14, which isn't worth  
changing, and the whole mess is gone as of v15.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 8bd054a4c3108222b1d0996bc988ec393358e20c    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 21:10:37 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 21:10:37 -0400    

Non-sql_body functions are evaluated at runtime.  
  
Reported-by: Erki Eessaar  
  
Discussion: https://postgr.es/m/AM9PR01MB8268BF5E74E119828251FD34FE409@AM9PR01MB8268.eurprd01.prod.exchangelabs.com  
  
Backpatch-through: 10  

commit   : da8cd8fbd9be96c5e48e059717a9ae6f4056466c    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 20:27:27 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 20:27:27 -0400    

Also mention that time zone abbreviations are not supported.  
  
Reported-by: [email protected]  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : 3563d5f23ef4e8826e82026cc976e9ad25c9af85    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 19:43:06 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 19:43:06 -0400    

Reported-by: Japin Li  
  
Discussion: https://postgr.es/m/MEYP282MB1669B13E98AE531617CB1386B6979@MEYP282MB1669.AUSP282.PROD.OUTLOOK.COM  
  
Backpatch-through: 10  

commit   : 17f073f17c3bad2df51cfc6091981226cd9dc893    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 19:28:41 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 19:28:41 -0400    

It used to show direction was required for FROM/IN.  
  
Reported-by: Rob <[email protected]>  
  
Discussion: https://postgr.es/m/20211015165248.isqjceyilelhnu3k@localhost  
  
Author: Rob <[email protected]>  
  
Backpatch-through: 10  

commit   : ba018102466f3bcd12f131ac6c9170fc83473758    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 17:08:44 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 31 Aug 2022 17:08:44 -0400    

Reported-by: Rob <[email protected]>  
  
Discussion: https://postgr.es/m/20211016171149.yaouvlw5kvux6dvk@localhost  
  
Author: Rob <[email protected]>  
  
Backpatch-through: 10  

commit   : 8fc6b9635dd39db23614ea8de5c89641b8e23436    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 31 Aug 2022 16:23:20 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 31 Aug 2022 16:23:20 -0400    

get_database_list() failed to restore the caller's memory context,  
instead leaving current context set to TopMemoryContext which is  
how CommitTransactionCommand() leaves it.  The callers both think  
they are using short-lived contexts, for the express purpose of  
not having to worry about cleaning up individual allocations.  
The net effect therefore is that supposedly short-lived allocations  
could accumulate indefinitely in the launcher's TopMemoryContext.  
  
Although this has been broken for a long time, it seems we didn't  
have any obvious memory leak here until v15's rearrangement of the  
stats logic.  I (tgl) am not entirely convinced that there's no  
other leak at all, though, and we're surely at risk of adding one  
in future back-patched fixes.  So back-patch to all supported  
branches, even though this may be only a latent bug in pre-v15.  
  
Reid Thompson  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : a53e0ea782c52da0fd8f9605a63aba276fc17c13    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 31 Aug 2022 10:42:05 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 31 Aug 2022 10:42:05 -0400    

If the input word exceeds 1000 bytes, don't pass it to the stemmer;  
just return it as-is after case folding.  Such an input is surely  
not a word in any human language, so whatever the stemmer might  
do to it would be pretty dubious in the first place.  Adding this  
restriction protects us against a known recursion-to-stack-overflow  
problem in the Turkish stemmer, and it seems like good insurance  
against any other safety or performance issues that may exist in  
the Snowball stemmers.  (I note, for example, that they contain no  
CHECK_FOR_INTERRUPTS calls, so we really don't want them running  
for a long time.)  The threshold of 1000 bytes is arbitrary.  
  
An alternative definition could have been to treat such words as  
stopwords, but that seems like a bigger break from the old behavior.  
  
Per report from Egor Chindyaskin and Alexander Lakhin.  
Thanks to Olly Betts for the recommendation to fix it this way.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 68bfe36c5173e8e121f0a9eaf0310c1a7ba6d555    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 30 Aug 2022 17:28:32 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 30 Aug 2022 17:28:32 -0400    

The default of lazy symbol resolution means that when the postmaster  
first reaches the select() call in ServerLoop, it'll need to resolve  
the link to that libc entry point.  NetBSD's dynamic loader takes  
an internal lock while doing that, and if a signal interrupts the  
operation then there is a risk of self-deadlock should the signal  
handler do anything that requires that lock, as several of the  
postmaster signal handlers do.  The window for this is pretty narrow,  
and timing considerations make it unlikely that a signal would arrive  
right then anyway.  But it's semi-repeatable on slow single-CPU  
machines, and in principle the race could happen with any hardware.  
  
The least messy solution to this is to force binding of dynamic  
symbols at postmaster start, using the "-z now" linker option.  
While we're at it, also use "-z relro" so as to provide a small  
security gain.  
  
It's not entirely clear whether any other platforms share this  
issue, but for now we'll assume it's NetBSD-specific.  (We might  
later try to use "-z now" on more platforms for performance  
reasons, but that would not likely be something to back-patch.)  
  
Report and patch by me; the idea to fix it this way is from  
Andres Freund.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 3c0ef0832748f80308392e0ad8388e1349ccd779    
  
author   : Robert Haas <[email protected]>    
date     : Mon, 29 Aug 2022 10:47:12 -0400    
  
committer: Robert Haas <[email protected]>    
date     : Mon, 29 Aug 2022 10:47:12 -0400    

When a PostgreSQL instance performing archive recovery but not using  
standby mode is promoted, and the last WAL segment that it attempted  
to read ended in a partial record, the previous code would create  
invalid WAL on the new timeline. The WAL from the previously timeline  
would be copied to the new timeline up until the end of the last valid  
record, but instead of beginning to write WAL at immediately  
afterwards, the promoted server would write an overwrite contrecord at  
the beginning of the next segment. The end of the previous segment  
would be left as all-zeroes, resulting in failures if anything tried  
to read WAL from that file.  
  
The root of the issue is that ReadRecord() decides whether to set  
abortedRecPtr and missingContrecPtr based on the value of StandbyMode,  
but ReadRecord() switches to a new timeline based on the value of  
ArchiveRecoveryRequested. We shouldn't try to write an overwrite  
contrecord if we're switching to a new timeline, so change the test in  
ReadRecod() to check ArchiveRecoveryRequested instead.  
  
Code fix by Dilip Kumar. Comments by me incorporating suggested  
language from Álvaro Herrera. Further review from Kyotaro Horiguchi  
and Sami Imseih.  
  
Discussion: http://postgr.es/m/CAFiTN-t7umki=PK8dT1tcPV=mOUe2vNhHML6b3T7W7qqvvajjg@mail.gmail.com  
Discussion: http://postgr.es/m/FB0DEA0B-E14E-43A0-811F-C1AE93D00FF3%40amazon.com  

commit   : 25ddf59e4b434bed9287f83aef0ee159eb736e2b    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 28 Aug 2022 10:44:52 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 28 Aug 2022 10:44:52 -0400    

Compute total number of sub-parts correctly, per [email protected]  
  
Simon Riggs  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : f8e70cfb8fd48e857d88f7ca1305ff69b25f13a3    
  
author   : Tom Lane <[email protected]>    
date     : Sat, 27 Aug 2022 12:11:20 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sat, 27 Aug 2022 12:11:20 -0400    

Prior to v14, if we have a MULTIEXPR SubPlan (that is, use of the syntax  
UPDATE ... SET (c1, ...) = (SELECT ...)) in an UPDATE with an inherited  
or partitioned target table, inheritance_planner() will clone the  
targetlist and therefore also the MULTIEXPR SubPlan and the Param nodes  
referencing it for each child target table.  Up to now, we've allowed  
all the clones to share the underlying subplan as well as the output  
parameter IDs -- that is, the runtime ParamExecData slots.  That  
technique is borrowed from the far older code that supports initplans,  
and it works okay in that case because the cloned SubPlan nodes are  
essentially identical.  So it doesn't matter which one of the clones  
the shared ParamExecData.execPlan field might point to.  
  
However, this fails to hold for MULTIEXPR SubPlans, because they can  
have nonempty "args" lists (values to be passed into the subplan), and  
those lists could get mutated to different states in the various clones.  
In the submitted reproducer, as well as the test case added here, one  
clone contains Vars with varno OUTER_VAR where another has INNER_VAR,  
because the child tables are respectively on the outer or inner side of  
the join.  Sharing the execPlan pointer can result in trying to evaluate  
an args list that doesn't match the local execution state, with mayhem  
ensuing.  The result often is to trigger consistency checks in the  
executor, but I believe this could end in a crash or incorrect updates.  
  
To fix, assign new Param IDs to each of the cloned SubPlans, so that  
they don't share ParamExecData slots at runtime.  It still seems fine  
for the clones to share the underlying subplan, and extra ParamExecData  
slots are cheap enough that this fix shouldn't cost much.  
  
This has been busted since we invented MULTIEXPR SubPlans in 9.5.  
Probably the lack of previous reports is because query plans in which  
the different clones of a MULTIEXPR mutate to effectively-different  
states are pretty rare.  There's no issue in v14 and later, because  
without inheritance_planner() there's never a reason to clone  
MULTIEXPR SubPlans.  
  
Per bug #17596 from Andre Lin.  Patch v10-v13 only.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 4e330af04be0d5fd905a1b5320adbea7fb91b117    
  
author   : Etsuro Fujita <[email protected]>    
date     : Fri, 26 Aug 2022 16:55:06 +0900    
  
committer: Etsuro Fujita <[email protected]>    
date     : Fri, 26 Aug 2022 16:55:06 +0900    

commit   : 599a487b093acb23ae1da7fe29eb0b6a4c26cc2c    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 24 Aug 2022 13:01:40 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 24 Aug 2022 13:01:40 -0400    

SplitToVariants() in the ispell code, lseg_inside_poly() in geo_ops.c,  
and regex_selectivity_sub() in selectivity estimation could recurse  
until stack overflow; fix by adding check_stack_depth() calls.  
So could next() in the regex compiler, but that case is better fixed by  
converting its tail recursion to a loop.  (We probably get better code  
that way too, since next() can now be inlined into its sole caller.)  
  
There remains a reachable stack overrun in the Turkish stemmer, but  
we'll need some advice from the Snowball people about how to fix that.  
  
Per report from Egor Chindyaskin and Alexander Lakhin.  These mistakes  
are old, so back-patch to all supported branches.  
  
Richard Guo and Tom Lane  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 7951e0d7af98fabec9e9146b409b4c5636932d66    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 23 Aug 2022 09:55:37 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 23 Aug 2022 09:55:37 -0400    

On fast machines, it's possible for applications such as pgbench  
to issue connection requests so quickly that the postmaster's  
listen queue overflows in the kernel, resulting in unexpected  
failures (with not-very-helpful error messages).  Most modern OSes  
allow the queue size to be increased, so document how to do that.  
  
Per report from Kevin McKibbin.  
  
Discussion: https://postgr.es/m/CADc_NKg2d+oZY9mg4DdQdoUcGzN2kOYXBu-3--RW_hEe0tUV=g@mail.gmail.com  

commit   : 384199ec505955ca1777b30f1ceea4b33ac82f4b    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 23 Aug 2022 09:41:37 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 23 Aug 2022 09:41:37 -0400    

sysctl is more portable than Linux's /proc/sys file tree, and  
often easier to use too.  That's why most of our docs refer to  
sysctl when talking about how to adjust kernel parameters.  
Bring the few stragglers into line.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 9415873aee9dbf074616b658ffba41c5280a8e5c    
  
author   : Amit Kapila <[email protected]>    
date     : Tue, 23 Aug 2022 08:51:20 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Tue, 23 Aug 2022 08:51:20 +0530    

While decoding changes in a loop, if we skip all the changes there is no  
CFI making the loop uninterruptible.  
  
Reported-by: Whale Song and Andrey Borodin  
Bug: 17580  
Author: Masahiko Sawada  
Reviwed-by: Amit Kapila  
Backpatch-through: 10  
Discussion: https://postgr.es/m/[email protected]  
Discussion: https://postgr.es/m/[email protected]  

commit   : 2cf16cd7497d1dd465f0b1ff67e6c15347233d71    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 18 Aug 2022 12:11:47 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 18 Aug 2022 12:11:47 -0400    

When creating a partitioned index, DefineIndex tries to identify  
any existing indexes on the partitions that match the partitioned  
index, so that it can absorb those as child indexes instead of  
building new ones.  Part of the matching is to compare IndexInfo  
structs --- but that wasn't done quite right.  We're comparing  
the IndexInfo built within DefineIndex itself to one made from  
existing catalog contents by BuildIndexInfo.  Notably, while  
BuildIndexInfo will run index expressions and predicates through  
expression preprocessing, that has not happened to DefineIndex's  
struct.  The result is failure to match and subsequent creation  
of duplicate indexes.  
  
The easiest and most bulletproof fix is to build a new IndexInfo  
using BuildIndexInfo, thereby guaranteeing that the processing done  
is identical.  
  
While here, let's also extract the opfamily and collation data  
from the new partitioned index, removing ad-hoc logic that  
duplicated knowledge about how those are constructed.  
  
Per report from Christophe Pettus.  Back-patch to v11 where  
we invented partitioned indexes.  
  
Richard Guo and Tom Lane  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : d0e5dc7d30aa1f62ce131b58c4c116b585521f8d    
  
author   : Tatsuo Ishii <[email protected]>    
date     : Tue, 16 Aug 2022 09:28:47 +0900    
  
committer: Tatsuo Ishii <[email protected]>    
date     : Tue, 16 Aug 2022 09:28:47 +0900    

In ref/create_sequence.sgml <literal> tag was used for nextval function name.  
This should have been <function> tag.  
  
Author: Noboru Saito  
Discussion: https://postgr.es/m/CAAM3qnJTDFFfRf5JHJ4AYrNcqXgMmj0pbH0%2Bvm%3DYva%2BpJyGymA%40mail.gmail.com  
Backpatch-through: 10  

commit   : c19024d74e98e5c0ad95643ce584c52954d01b70    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 15 Aug 2022 15:40:07 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 15 Aug 2022 15:40:07 -0400    

There's a convention that externally-visible libpq functions should  
check for a NULL PGconn pointer, and fail gracefully instead of  
crashing.  PQflush() and PQisnonblocking() didn't get that memo  
though.  Also add a similar check to PQdefaultSSLKeyPassHook_OpenSSL;  
while it's not clear that ordinary usage could reach that with a  
null conn pointer, it's cheap enough to check, so let's be consistent.  
  
Daniele Varrazzo and Tom Lane  
  
Discussion: https://postgr.es/m/CA+mi_8Zm_mVVyW1iNFgyMd9Oh0Nv8-F+7Y3-BqwMgTMHuo_h2Q@mail.gmail.com  

commit   : e2915afbd701e548d985ce8b834cbd13ff802ea1    
  
author   : Michael Paquier <[email protected]>    
date     : Mon, 15 Aug 2022 13:37:42 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Mon, 15 Aug 2022 13:37:42 +0900    

This option switch supports a total of 8 values, as told by  
set_plan_disabling_options() and the documentation, but this was not  
reflected in the output generated by --help.  
  
Author: Junwang Zhao  
Discussion: https://postgr.es/m/CAEG8a3+pT3cWzyjzKs184L1XMNm8NDnoJLiSjAYSO7XqpRh_vA@mail.gmail.com  
Backpatch-through: 10  

commit   : ee8a2f9d7caa3e5d43146bdef5de0bab8252b133    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 14 Aug 2022 12:05:27 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 14 Aug 2022 12:05:27 -0400    

When enlarging the work buffers of a VarStringSortSupport object,  
varstrfastcmp_locale was careful to keep them in the ssup_cxt  
memory context; but varstr_abbrev_convert just used palloc().  
The latter creates a hazard that the buffers could be freed out  
from under the VarStringSortSupport object, resulting in stomping  
on whatever gets allocated in that memory later.  
  
In practice, because we only use this code for ICU collations  
(cf. 3df9c374e), the problem is confined to use of ICU collations.  
I believe it may have been unreachable before the introduction  
of incremental sort, too, as traditional sorting usually just  
uses one context for the duration of the sort.  
  
We could fix this by making the broken stanzas in varstr_abbrev_convert  
match the non-broken ones in varstrfastcmp_locale.  However, it seems  
like a better idea to dodge the issue altogether by replacing the  
pfree-and-allocate-anew coding with repalloc, which automatically  
preserves the chunk's memory context.  This fix does add a few cycles  
because repalloc will copy the chunk's content, which the existing  
coding assumes is useless.  However, we don't expect that these buffer  
enlargement operations are performance-critical.  Besides that, it's  
far from obvious that copying the buffer contents isn't required, since  
these stanzas make no effort to mark the buffers invalid by resetting  
last_returned, cache_blob, etc.  That seems to be safe upon examination,  
but it's fragile and could easily get broken in future, which wouldn't  
get revealed in testing with short-to-moderate-size strings.  
  
Per bug #17584 from James Inform.  Whether or not the issue is  
reachable in the older branches, this code has been broken on its  
own terms from its introduction, so patch all the way back.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : ba516fb0715c75b1b2d393c3de7b99fca6a1ac67    
  
author   : Tom Lane <[email protected]>    
date     : Sat, 13 Aug 2022 15:21:28 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sat, 13 Aug 2022 15:21:28 -0400    

Most parts of the parser can expect that the stack overflow check  
in transformExprRecurse() will trigger before things get desperate.  
However, transformFromClauseItem() can recurse directly to self  
without having analyzed any expressions, so it's possible to drive  
it to a stack-overrun crash.  Add a check to prevent that.  
  
Per bug #17583 from Egor Chindyaskin.  Back-patch to all supported  
branches.  
  
Richard Guo  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 1f71861a85404f8417c1b60419d813f8721f445c    
  
author   : Peter Eisentraut <[email protected]>    
date     : Sat, 13 Aug 2022 10:32:38 +0200    
  
committer: Peter Eisentraut <[email protected]>    
date     : Sat, 13 Aug 2022 10:32:38 +0200    

As of 897795240cfaaed724af2f53ed2c50c9862f951f, check constraints can  
be declared invalid.  But that patch didn't update _outConstraint() to  
also show the relevant struct fields (which were only applicable to  
foreign keys before that).  This currently only affects debugging  
output, so no impact in practice.  

commit   : a47bf42d172a35622f5f764e663ea4f83d96c977    
  
author   : Peter Eisentraut <[email protected]>    
date     : Sat, 13 Aug 2022 00:00:41 +0200    
  
committer: Peter Eisentraut <[email protected]>    
date     : Sat, 13 Aug 2022 00:00:41 +0200    

96ef3b8ff1cf1950e897fd2f766d4bd9ef0d5d56 accidentally copied a not  
applicable comment from the float8_pass_by_value code to the  
data_checksums code.  Remove that.  
  
87d3b35a1ca31a9d947a8f919a6006679216dff0 changed pg_upgrade to  
checking the checksum version rather than just the Boolean presence of  
checksums, but didn't change the field type in its ControlData struct  
from bool.  So this would not work correctly if there ever is a  
checksum version larger than 1.  

commit   : 609026bce31226a942b07f0a0aa0f18b61c79839    
  
author   : Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 15:43:23 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 15:43:23 -0400    

Reported-by: Shinya Kato  
  
Discussion: https://postgr.es/m/[email protected]  
  
Author: Shinya Kato  
  
Backpatch-through: 10  

commit   : f5078954f64e02d4c2317087bebe8420e6f4b94d    
  
author   : Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 15:05:12 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 15:05:12 -0400    

Reported-by: Jonathan S. Katz  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 11  

commit   : c0252d795edfd95acd3ea2e51096a52a03325065    
  
author   : Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 12:02:20 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 12:02:20 -0400    

Reported-by: Simon Riggs  
  
Discussion: https://postgr.es/m/CANP8+jJESuuXYq9Djvf-+tx2vY2OFLmfEuu+UvwHNJ1RT7iJCQ@mail.gmail.com  
  
Author: Simon Riggs  
  
Backpatch-through: 10  

commit   : 72d76a4724e99169a5df111c32a3d74fd8dd3a84    
  
author   : Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 11:35:23 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 11:35:23 -0400    

The use of file 'config.pl' was not clearly explained.  
  
Reported-by: [email protected]  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : ca82ad08fe1640509b1cc47b7bff3ef4ddc627fe    
  
author   : Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 11:26:03 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 11:26:03 -0400    

Somehow this was in the syntax but had no description.  
  
Reported-by: [email protected]  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : 4e32fb1631dc6a7e0bb21b2e4ac77299231c2745    
  
author   : Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 10:59:00 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Fri, 12 Aug 2022 10:59:00 -0400    

Mention that the table is not modified if it already exists.  
  
Reported-by: [email protected]  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : 2f65ef5c5b6ba7033bab23871925ad73d8f1e312    
  
author   : Peter Eisentraut <[email protected]>    
date     : Fri, 12 Aug 2022 08:17:30 +0200    
  
committer: Peter Eisentraut <[email protected]>    
date     : Fri, 12 Aug 2022 08:17:30 +0200    

The set of fields printed by _outConstraint() in the CONSTR_IDENTITY  
case didn't match the set of fields actually used in that case.  (The  
code was probably uncarefully copied from the CONSTR_DEFAULT case.)  
Fix that by using the right set of fields.  Since there is no read  
support for this node type, this is really just for debugging output  
right now, so it doesn't affect anything important.  

commit   : 036642abc9fba59c0bec2b83923b943d21636811    
  
author   : Amit Kapila <[email protected]>    
date     : Fri, 12 Aug 2022 10:54:35 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Fri, 12 Aug 2022 10:54:35 +0530    

This was originally done in commit 0c20dd33db for 16 only, to eliminate  
duplicate code and as an infrastructure that makes it easier to write  
future tests. However, it has been suggested that it would be good to  
back-patch this testing infrastructure to aid future tests in  
back-branches.  
  
Backpatch to all supported versions.  
  
Author: Masahiko Sawada  
Reviewed by: Amit Kapila, Shi yu  
Discussion: https://postgr.es/m/CAD21AoC-fvAkaKHa4t1urupwL8xbAcWRePeETvshvy80f6WV1A@mail.gmail.com  
Discussion: https://postgr.es/m/[email protected]  

commit   : 794460783125c4588bd426eac3d6508b1e45dc07    
  
author   : Amit Kapila <[email protected]>    
date     : Thu, 11 Aug 2022 09:09:36 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Thu, 11 Aug 2022 09:09:36 +0530    

Previously, we relied on HEAP2_NEW_CID records and XACT_INVALIDATION  
records to know if the transaction has modified the catalog, and that  
information is not serialized to snapshot. Therefore, after the restart,  
if the logical decoding decodes only the commit record of the transaction  
that has actually modified a catalog, we will miss adding its XID to the  
snapshot. Thus, we will end up looking at catalogs with the wrong  
snapshot.  
  
To fix this problem, this changes the snapshot builder so that it  
remembers the last-running-xacts list of the decoded RUNNING_XACTS record  
after restoring the previously serialized snapshot. Then, we mark the  
transaction as containing catalog changes if it's in the list of initial  
running transactions and its commit record has XACT_XINFO_HAS_INVALS. To  
avoid ABI breakage, we store the array of the initial running transactions  
in the static variables InitialRunningXacts and NInitialRunningXacts,  
instead of storing those in SnapBuild or ReorderBuffer.  
  
This approach has a false positive; we could end up adding the transaction  
that didn't change catalog to the snapshot since we cannot distinguish  
whether the transaction has catalog changes only by checking the COMMIT  
record. It doesn't have the information on which (sub) transaction has  
catalog changes, and XACT_XINFO_HAS_INVALS doesn't necessarily indicate  
that the transaction has catalog change. But that won't be a problem since  
we use snapshot built during decoding only to read system catalogs.  
  
On the master branch, we took a more future-proof approach by writing  
catalog modifying transactions to the serialized snapshot which avoids the  
above false positive. But we cannot backpatch it because of a change in  
the SnapBuild.  
  
Reported-by: Mike Oh  
Author: Masahiko Sawada  
Reviewed-by: Amit Kapila, Shi yu, Takamichi Osumi, Kyotaro Horiguchi, Bertrand Drouvot, Ahsan Hadi  
Backpatch-through: 10  
Discussion: https://postgr.es/m/81D0D8B0-E7C4-4999-B616-1E5004DBDCD2%40amazon.com  

commit   : 5b948b5c13366591ef0cd975df3170c4eaff4e3b    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 10 Aug 2022 13:37:25 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 10 Aug 2022 13:37:25 -0400    

fmgr_sql must make expanded-datum arguments read-only, because  
it's possible that the function body will pass the argument to  
more than one callee function.  If one of those functions takes  
the datum's R/W property as license to scribble on it, then later  
callees will see an unexpected value, leading to wrong answers.  
  
From a performance standpoint, it'd be nice to skip this in the  
common case that the argument value is passed to only one callee.  
However, detecting that seems fairly hard, and certainly not  
something that I care to attempt in a back-patched bug fix.  
  
Per report from Adam Mackler.  This has been broken since we  
invented expanded datums, so back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/WScDU5qfoZ7PB2gXwNqwGGgDPmWzz08VdydcPFLhOwUKZcdWbblbo-0Lku-qhuEiZoXJ82jpiQU4hOjOcrevYEDeoAvz6nR0IU4IHhXnaCA=@mackler.email  
Discussion: https://postgr.es/m/[email protected]