PostgreSQL 13.0 (upcoming) commit log

commit   : bcf7eb99bbf15954a92df0a4405713d561402be2    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Mon, 15 Aug 2022 13:37:40 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Mon, 15 Aug 2022 13:37:40 +0900    

This option switch supports a total of 8 values, as told by  
set_plan_disabling_options() and the documentation, but this was not  
reflected in the output generated by --help.  
  
Author: Junwang Zhao  
Discussion: https://postgr.es/m/CAEG8a3+pT3cWzyjzKs184L1XMNm8NDnoJLiSjAYSO7XqpRh_vA@mail.gmail.com  
Backpatch-through: 10  

commit   : 9fe285f8597d4a3ab3fce9223891b2af01a3393b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 14 Aug 2022 12:05:27 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 14 Aug 2022 12:05:27 -0400    

When enlarging the work buffers of a VarStringSortSupport object,  
varstrfastcmp_locale was careful to keep them in the ssup_cxt  
memory context; but varstr_abbrev_convert just used palloc().  
The latter creates a hazard that the buffers could be freed out  
from under the VarStringSortSupport object, resulting in stomping  
on whatever gets allocated in that memory later.  
  
In practice, because we only use this code for ICU collations  
(cf. 3df9c374e), the problem is confined to use of ICU collations.  
I believe it may have been unreachable before the introduction  
of incremental sort, too, as traditional sorting usually just  
uses one context for the duration of the sort.  
  
We could fix this by making the broken stanzas in varstr_abbrev_convert  
match the non-broken ones in varstrfastcmp_locale.  However, it seems  
like a better idea to dodge the issue altogether by replacing the  
pfree-and-allocate-anew coding with repalloc, which automatically  
preserves the chunk's memory context.  This fix does add a few cycles  
because repalloc will copy the chunk's content, which the existing  
coding assumes is useless.  However, we don't expect that these buffer  
enlargement operations are performance-critical.  Besides that, it's  
far from obvious that copying the buffer contents isn't required, since  
these stanzas make no effort to mark the buffers invalid by resetting  
last_returned, cache_blob, etc.  That seems to be safe upon examination,  
but it's fragile and could easily get broken in future, which wouldn't  
get revealed in testing with short-to-moderate-size strings.  
  
Per bug #17584 from James Inform.  Whether or not the issue is  
reachable in the older branches, this code has been broken on its  
own terms from its introduction, so patch all the way back.  
  
Discussion: https://postgr.es/m/17584-95c79b4a7d771f44@postgresql.org  

commit   : 4878ea717c7166e3453cb94796a2044837bf1d2b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 13 Aug 2022 16:59:58 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 13 Aug 2022 16:59:58 -0400    

It's possible to reach this case when work_mem is very small and tupsize  
is (relatively) very large.  In that case ExecChooseHashTableSize would  
get an assertion failure, or with asserts off it'd compute nbuckets = 0,  
which'd likely cause misbehavior later (I've not checked).  To fix,  
clamp the number of buckets to be at least 1.  
  
This is due to faulty conversion of old my_log2() coding in 28d936031.  
Back-patch to v13, as that was.  
  
Zhang Mingli  
  
Discussion: https://postgr.es/m/beb64ca0-91e2-44ac-bf4a-7ea36275ec02@Spark  

commit   : 60f876317efc7b9ad624b11ae2f4b8208e408ef4    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 13 Aug 2022 15:21:28 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 13 Aug 2022 15:21:28 -0400    

Most parts of the parser can expect that the stack overflow check  
in transformExprRecurse() will trigger before things get desperate.  
However, transformFromClauseItem() can recurse directly to self  
without having analyzed any expressions, so it's possible to drive  
it to a stack-overrun crash.  Add a check to prevent that.  
  
Per bug #17583 from Egor Chindyaskin.  Back-patch to all supported  
branches.  
  
Richard Guo  
  
Discussion: https://postgr.es/m/17583-33be55b9f981f75c@postgresql.org  

commit   : 8b2638fdd4ac87052afb5ebc0d3251bb1ace4bcb    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 10:32:38 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 10:32:38 +0200    

As of 897795240cfaaed724af2f53ed2c50c9862f951f, check constraints can  
be declared invalid.  But that patch didn't update _outConstraint() to  
also show the relevant struct fields (which were only applicable to  
foreign keys before that).  This currently only affects debugging  
output, so no impact in practice.  

commit   : 8e40d16e954195c7bce7070a26174fcca3164882    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 00:00:41 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 00:00:41 +0200    

96ef3b8ff1cf1950e897fd2f766d4bd9ef0d5d56 accidentally copied a not  
applicable comment from the float8_pass_by_value code to the  
data_checksums code.  Remove that.  
  
87d3b35a1ca31a9d947a8f919a6006679216dff0 changed pg_upgrade to  
checking the checksum version rather than just the Boolean presence of  
checksums, but didn't change the field type in its ControlData struct  
from bool.  So this would not work correctly if there ever is a  
checksum version larger than 1.  

commit   : 1a2ad6e3bd042cf64c2321de36abf7db2bb50578    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:43:23 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:43:23 -0400    

Reported-by: Shinya Kato  
  
Discussion: https://postgr.es/m/1ecdb1ff78e9b03dfce37e85eaca725a@oss.nttdata.com  
  
Author: Shinya Kato  
  
Backpatch-through: 10  

commit   : a9885f2c77e0ecbc9487a1c729b39ebbf3d03d29    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:05:12 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:05:12 -0400    

Reported-by: Jonathan S. Katz  
  
Discussion: https://postgr.es/m/c59ffbd5-96ac-a5a5-a401-14f627ca1405@postgresql.org  
  
Backpatch-through: 11  

commit   : a4a24feff4652a5ba4ce6fc3638da139de32d752    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 12:02:20 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 12:02:20 -0400    

Reported-by: Simon Riggs  
  
Discussion: https://postgr.es/m/CANP8+jJESuuXYq9Djvf-+tx2vY2OFLmfEuu+UvwHNJ1RT7iJCQ@mail.gmail.com  
  
Author: Simon Riggs  
  
Backpatch-through: 10  

commit   : d1303bc9777837e3492a944fd926e770c70e0a91    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:35:23 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:35:23 -0400    

The use of file 'config.pl' was not clearly explained.  
  
Reported-by: liambowen@gmail.com  
  
Discussion: https://postgr.es/m/164246013804.31952.4958087335645367498@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : 1b30571a22d5b06ae86c5f0341dd6ca57ce4126b    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:26:03 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:26:03 -0400    

Somehow this was in the syntax but had no description.  
  
Reported-by: robertcorrington@gmail.com  
  
Discussion: https://postgr.es/m/164228771825.31954.2719791849363756957@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : e1785d8d9f171d988ff30bace10ef563b532bb4f    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 10:59:00 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 10:59:00 -0400    

Mention that the table is not modified if it already exists.  
  
Reported-by: frank_limpert@yahoo.com  
  
Discussion: https://postgr.es/m/164441177106.9677.5991676148704507229@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : 483c426abd61a997af1b8865e65532c4a9e27bbe    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 10:30:00 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 10:30:00 -0400    

Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwZ24UcfkoyLLSW3PMGQATomOcw1nuYFRuMev-NoOF+mYw@mail.gmail.com  
  
Author: David G. Johnston  
  
Backpatch-through: 14, partial to 13  

commit   : ec55acbda581e999c1314caa078c91e553433f9a    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 09:06:47 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 09:06:47 -0400    

Member tracking was added in PG 13.  
  
Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwY1YtxQHVWUFYvSnOjZ5VPpXjF33V52bSKEwFjK2K=1Aw@mail.gmail.com  
  
Author: David G. Johnston  
  
Backpatch-through: 13  

commit   : f70dfbf36f1ab72b0a6eb19e766967883c894676    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Fri, 12 Aug 2022 08:17:30 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Fri, 12 Aug 2022 08:17:30 +0200    

The set of fields printed by _outConstraint() in the CONSTR_IDENTITY  
case didn't match the set of fields actually used in that case.  (The  
code was probably uncarefully copied from the CONSTR_DEFAULT case.)  
Fix that by using the right set of fields.  Since there is no read  
support for this node type, this is really just for debugging output  
right now, so it doesn't affect anything important.  

commit   : 5afa63f0aed96a8978489bdba38ef9998bb3aef0    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Fri, 12 Aug 2022 11:04:46 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Fri, 12 Aug 2022 11:04:46 +0530    

This was originally done in commit 0c20dd33db for 16 only, to eliminate  
duplicate code and as an infrastructure that makes it easier to write  
future tests. However, it has been suggested that it would be good to  
back-patch this testing infrastructure to aid future tests in  
back-branches.  
  
Backpatch to all supported versions.  
  
Author: Masahiko Sawada  
Reviewed by: Amit Kapila, Shi yu  
Discussion: https://postgr.es/m/CAD21AoC-fvAkaKHa4t1urupwL8xbAcWRePeETvshvy80f6WV1A@mail.gmail.com  
Discussion: https://postgr.es/m/E1oJBIf-0006sw-SA@gemulon.postgresql.org  

commit   : 547b963683e34e9f26401093131f9bea89d48968    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Thu, 11 Aug 2022 09:30:55 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Thu, 11 Aug 2022 09:30:55 +0530    

Previously, we relied on HEAP2_NEW_CID records and XACT_INVALIDATION  
records to know if the transaction has modified the catalog, and that  
information is not serialized to snapshot. Therefore, after the restart,  
if the logical decoding decodes only the commit record of the transaction  
that has actually modified a catalog, we will miss adding its XID to the  
snapshot. Thus, we will end up looking at catalogs with the wrong  
snapshot.  
  
To fix this problem, this changes the snapshot builder so that it  
remembers the last-running-xacts list of the decoded RUNNING_XACTS record  
after restoring the previously serialized snapshot. Then, we mark the  
transaction as containing catalog changes if it's in the list of initial  
running transactions and its commit record has XACT_XINFO_HAS_INVALS. To  
avoid ABI breakage, we store the array of the initial running transactions  
in the static variables InitialRunningXacts and NInitialRunningXacts,  
instead of storing those in SnapBuild or ReorderBuffer.  
  
This approach has a false positive; we could end up adding the transaction  
that didn't change catalog to the snapshot since we cannot distinguish  
whether the transaction has catalog changes only by checking the COMMIT  
record. It doesn't have the information on which (sub) transaction has  
catalog changes, and XACT_XINFO_HAS_INVALS doesn't necessarily indicate  
that the transaction has catalog change. But that won't be a problem since  
we use snapshot built during decoding only to read system catalogs.  
  
On the master branch, we took a more future-proof approach by writing  
catalog modifying transactions to the serialized snapshot which avoids the  
above false positive. But we cannot backpatch it because of a change in  
the SnapBuild.  
  
Reported-by: Mike Oh  
Author: Masahiko Sawada  
Reviewed-by: Amit Kapila, Shi yu, Takamichi Osumi, Kyotaro Horiguchi, Bertrand Drouvot, Ahsan Hadi  
Backpatch-through: 10  
Discussion: https://postgr.es/m/81D0D8B0-E7C4-4999-B616-1E5004DBDCD2%40amazon.com  

commit   : 71caf3c4da1c85a2ec7cfce914f1ccb723c8e991    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 10 Aug 2022 13:37:25 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 10 Aug 2022 13:37:25 -0400    

fmgr_sql must make expanded-datum arguments read-only, because  
it's possible that the function body will pass the argument to  
more than one callee function.  If one of those functions takes  
the datum's R/W property as license to scribble on it, then later  
callees will see an unexpected value, leading to wrong answers.  
  
From a performance standpoint, it'd be nice to skip this in the  
common case that the argument value is passed to only one callee.  
However, detecting that seems fairly hard, and certainly not  
something that I care to attempt in a back-patched bug fix.  
  
Per report from Adam Mackler.  This has been broken since we  
invented expanded datums, so back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/WScDU5qfoZ7PB2gXwNqwGGgDPmWzz08VdydcPFLhOwUKZcdWbblbo-0Lku-qhuEiZoXJ82jpiQU4hOjOcrevYEDeoAvz6nR0IU4IHhXnaCA=@mackler.email  
Discussion: https://postgr.es/m/187436.1660143060@sss.pgh.pa.us  

commit   : 4bc493d14409857090928ea51c02a20aba8db364    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 16:45:58 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 16:45:58 -0400    

commit   : 22b205cbbd978e69f08bd2b980adae29a6ca1979    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 12:16:01 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 12:16:01 -0400    

Per buildfarm, the output order of \dx+ isn't consistent across  
locales.  Apply NO_LOCALE to force C locale.  There might be a  
more localized way, but I'm not seeing it offhand, and anyway  
there is nothing in this test module that particularly cares  
about locales.  
  
Security: CVE-2022-2625  

commit   : 30523c0ca1186476674d2874754cf218627e9de2    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 11:28:47 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 11:28:47 -0400    

Security: CVE-2022-2625  

commit   : 7e92f78abe80e4b30e648a40073abb59057e21f8    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 11:12:31 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 11:12:31 -0400    

Previously, if an extension script did CREATE OR REPLACE and there was  
an existing object not belonging to the extension, it would overwrite  
the object and adopt it into the extension.  This is problematic, first  
because the overwrite is probably unintentional, and second because we  
didn't change the object's ownership.  Thus a hostile user could create  
an object in advance of an expected CREATE EXTENSION command, and would  
then have ownership rights on an extension object, which could be  
modified for trojan-horse-type attacks.  
  
Hence, forbid CREATE OR REPLACE of an existing object unless it already  
belongs to the extension.  (Note that we've always forbidden replacing  
an object that belongs to some other extension; only the behavior for  
previously-free-standing objects changes here.)  
  
For the same reason, also fail CREATE IF NOT EXISTS when there is  
an existing object that doesn't belong to the extension.  
  
Our thanks to Sven Klemm for reporting this problem.  
  
Security: CVE-2022-2625  

commit   : 330c48b28470ce423769b95e18a65e20d7d8a9b8    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 8 Aug 2022 12:39:52 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 8 Aug 2022 12:39:52 +0200    

Source-Git-URL: ssh://git@git.postgresql.org/pgtranslation/messages.git  
Source-Git-Hash: 8ee19d25e0753a690bea62ddcbbfaf2e0d093c1d  

commit   : f339e5c1d4749e315422910888a4368141b3d990    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 7 Aug 2022 15:46:27 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 7 Aug 2022 15:46:27 -0400    

commit   : 1626590f2eb655ab13a6291f6ed6215376a1e90a    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sun, 7 Aug 2022 10:19:40 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sun, 7 Aug 2022 10:19:40 +0200    

Per buildfarm member snapper  
  
Discussion: https://postgr.es/m/129951.1659812518@sss.pgh.pa.us  

commit   : 8c5d9ccca9670e8d7eda35e08b35e4e16bcf600c    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sat, 6 Aug 2022 15:52:10 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sat, 6 Aug 2022 15:52:10 +0200    

Commit 59be1c942a47 already tried to make  
src/test/recovery/t/033_replay_tsp_drops more reliable, but it wasn't  
enough.  Try to improve on that by making this use of a replication slot  
to be more like others.  Also, don't drop the slot.  
  
Make a few other stylistic changes while at it.  It's still quite slow,  
which is another thing that we need to fix in this script.  
  
Backpatch to all supported branches.  
  
Discussion: https://postgr.es/m/349302.1659191875@sss.pgh.pa.us  

commit   : 476f9d533084f2ad3f625b5092021b6c23c8e196    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 15:57:46 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 15:57:46 -0400    

On closer inspection, mcv.c isn't as broken for ScalarArrayOpExpr  
as I thought.  The Var-on-right issue is real enough, but actually  
it does cope fine with a NULL array constant --- I was misled by  
an XXX comment suggesting it didn't.  Undo that part of the code  
change, and replace the XXX comment with something less misleading.  

commit   : c102d1106732189de2bfeb93c11b358f9c6b4e1f    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 13:58:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 13:58:37 -0400    

statext_is_compatible_clause_internal() checked that the arguments  
of a ScalarArrayOpExpr are one Var and one Const, but it would allow  
cases where the Const was on the left.  Subsequent uses of the clause  
are not expecting that and would suffer assertion failures or core  
dumps.  mcv.c also had not bothered to cope with the case of a NULL  
array constant, which seems really unacceptably sloppy of somebody.  
(Although our tools failed us there too, since AFAIK neither Coverity  
nor any compiler warned of the obvious use-of-uninitialized-variable  
condition.)  It seems best to handle that by having  
statext_is_compatible_clause_internal() reject it.  
  
Noted while fixing bug #17570.  Back-patch to v13 where the  
extended stats code grew some awareness of ScalarArrayOpExpr.  

commit   : c122a99bd6af1d764fa74b5e1c811b4cd73987cd    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 5 Aug 2022 19:36:24 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 5 Aug 2022 19:36:24 +0200    

This makes it more convenient for git config to contain the  
blame.ignoreRevsFile setting; otherwise current git versions complain if  
the file is not present.  
  
I constructed the file for each branch by scraping the file in branch  
master for commits that appear in that branch.  Because a few additional  
pgindent commits have been added to the list in master since the list  
was first created, this also propagates those to branches 14 and 15  
where the file already existed.  Also, some entries appear to have been  
made using author-date rather than committer-date in the format string,  
so some timestamps are changed.  Also remove bogus whitespace in the  
suggested `git log` format string.  
  
Backpatch to all supported branches.  
  
Discussion: https://postgr.es/m/20220711163138.o72evdeus5f5yy5z@alvherre.pgsql  

commit   : de31e6f81e84d53b1cb3d2f14705e4895a4b23d0    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 5 Aug 2022 18:00:17 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 5 Aug 2022 18:00:17 +0200    

That bit is unlogged and therefore it's wrong to consider it in WAL page  
comparison.  
  
Add a test that tickles the case, as branch testing technology allows.  
  
This has been a problem ever since wal consistency checking was  
introduced (commit a507b86900f6 for pg10), so backpatch to all supported  
branches.  
  
Author: 王海洋 (Haiyang Wang) <wanghaiyang.001@bytedance.com>  
Reviewed-by: Kyotaro Horiguchi <horikyota.ntt@gmail.com>  
Discussion: https://postgr.es/m/CACciXAD2UvLMOhc4jX9VvOKt7DtYLr3OYRBhvOZ-jRxtzc_7Jg@mail.gmail.com  
Discussion: https://postgr.es/m/CACciXADOfErX9Bx0nzE_SkdfXr6Bbpo5R=v_B6MUTEYW4ya+cg@mail.gmail.com  

commit   : ad8ebcfe9662c6145342f6f02ad7c46108f135b9    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Fri, 5 Aug 2022 08:30:58 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Fri, 5 Aug 2022 08:30:58 -0700    

The five commits ending at cc2c7d65fc27e877c9f407587b0b92d46cd6dd16  
closed this race condition for v15+.  For v14 through v10, add a HINT to  
discourage studying the cosmetic problem.  
  
Reviewed by Kyotaro Horiguchi and David Steele.  
  
Discussion: https://postgr.es/m/20220731061747.GA3692882@rfd.leadboat.com  

commit   : d2a74621ed0430094e6d1f754df5bc1647408be7    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 5 Aug 2022 11:55:52 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 5 Aug 2022 11:55:52 +0200    

Having additional triggers in a test table made the ORDER BY clauses in  
old queries underspecified.  Add another column there for stability.  
  
Per sporadic buildfarm pink.  

commit   : ab855663012c131bba8d16e6188eed0b627a27bc    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 4 Aug 2022 20:02:02 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 4 Aug 2022 20:02:02 +0200    

Using ATSimpleRecursion() in ATPrepCmd() to do so as bbb927b4db9b did is  
not correct, because ATPrepCmd() can't distinguish between triggers that  
may be cloned and those that may not, so would wrongly try to recurse  
for the latter category of triggers.  
  
So this commit restores the code in EnableDisableTrigger() that  
86f575948c77 had added to do the recursion, which would do it only for  
triggers that may be cloned, that is, row-level triggers.  This also  
changes tablecmds.c such that ATExecCmd() is able to pass the value of  
ONLY flag down to EnableDisableTrigger() using its new 'recurse'  
parameter.  
  
This also fixes what seems like an oversight of 86f575948c77 that the  
recursion to partition triggers would only occur if EnableDisableTrigger()  
had actually changed the trigger.  It is more apt to recurse to inspect  
partition triggers even if the parent's trigger didn't need to be  
changed: only then can we be certain that all descendants share the same  
state afterwards.  
  
Backpatch all the way back to 11, like bbb927b4db9b.  Care is taken not  
to break ABI compatibility (and that no catversion bump is needed.)  
  
Co-authored-by: Amit Langote <amitlangote09@gmail.com>  
Reviewed-by: Dmitry Koval <d.koval@postgrespro.ru>  
Discussion: https://postgr.es/m/CA+HiwqG-cZT3XzGAnEgZQLoQbyfJApVwOTQaCaas1mhpf+4V5A@mail.gmail.com  

commit   : 23edf0e8b4d1677f8e5269fb15a584155c2e08e2    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 4 Aug 2022 14:10:06 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 4 Aug 2022 14:10:06 -0400    

Ordinarily the functions called in this loop ought to have plenty  
of CFIs themselves; but we've now seen a case where no such CFI is  
reached, making the loop uninterruptible.  Even though that's from  
a recently-introduced bug, it seems prudent to install a CFI at  
the loop level in all branches.  
  
Per discussion of bug #17558 from Andrew Kesper (an actual fix for  
that bug will follow).  
  
Discussion: https://postgr.es/m/17558-3f6599ffcf52fd4a@postgresql.org  

commit   : 8d38ccafca9382d79eee4badfa11b1114475622d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 4 Aug 2022 11:11:22 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 4 Aug 2022 11:11:22 -0400    

Remove the test case added by commit fac1b470a, which never actually  
worked to expose the problem it claimed to test.  Replace it with  
a case that does expose the problem, and also covers the SRF-not-  
at-the-top deficiency repaired in 1aa8dad41.  
  
Richard Guo, with some editorialization by me  
  
Discussion: https://postgr.es/m/17564-c7472c2f90ef2da3@postgresql.org  

commit   : da4ed7588132db44ab11bf52bad0472eb0c868e4    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 3 Aug 2022 17:33:42 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 3 Aug 2022 17:33:42 -0400    

Commit fac1b470a thought we could check for set-returning functions  
by testing only the top-level node in an expression tree.  This is  
wrong in itself, and to make matters worse it encouraged others  
to make the same mistake, by exporting tlist.c's special-purpose  
IS_SRF_CALL() as a widely-visible macro.  I can't find any evidence  
that anyone's taken the bait, but it was only a matter of time.  
  
Use expression_returns_set() instead, and stuff the IS_SRF_CALL()  
genie back in its bottle, this time with a warning label.  I also  
added a couple of cross-reference comments.  
  
After a fair amount of fooling around, I've despaired of making  
a robust test case that exposes the bug reliably, so no test case  
here.  (Note that the test case added by fac1b470a is itself  
broken, in that it doesn't notice if you remove the code change.  
The repro given by the bug submitter currently doesn't fail either  
in v15 or HEAD, though I suspect that may indicate an unrelated bug.)  
  
Per bug #17564 from Martijn van Oosterhout.  Back-patch to v13,  
as the faulty patch was.  
  
Discussion: https://postgr.es/m/17564-c7472c2f90ef2da3@postgresql.org  

commit   : b2694aebe33c8a664cb7fcaacc5a3fe30d120a09    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 3 Aug 2022 11:14:55 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 3 Aug 2022 11:14:55 -0400    

The sto_using_cursor and sto_using_select tests were coded to exercise  
every permutation of their test steps, but AFAICS there is no value in  
exercising more than one.  This matters because each permutation costs  
about six seconds, thanks to the "pg_sleep(6)".  Perhaps we could  
reduce that, but the useless permutations seem worth getting rid of  
in any case.  (Note that sto_using_hash_index got it right already.)  
  
While here, clean up some other sloppiness such as an unused table.  
  
This doesn't make too much difference in interactive testing, since the  
wasted time is typically masked by parallelization with other tests.  
However, the buildfarm runs this as a serial step, which means we can  
expect to shave ~40 seconds from every buildfarm run.  That makes it  
worth back-patching.  
  
Discussion: https://postgr.es/m/2515192.1659454702@sss.pgh.pa.us  

commit   : 6b67db10c366ee825345ef81dcca57d29ad4c7f1    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 2 Aug 2022 18:05:34 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 2 Aug 2022 18:05:34 -0400    

We've heard a couple of reports of people having trouble with  
multi-gigabyte-sized query-texts files.  It occurred to me that on  
32-bit platforms, there could be an issue with integer overflow  
of calculations associated with the total query text size.  
Address that with several changes:  
  
1. Limit pg_stat_statements.max to INT_MAX / 2 not INT_MAX.  
The hashtable code will bound it to that anyway unless "long"  
is 64 bits.  We still need overflow guards on its use, but  
this helps.  
  
2. Add a check to prevent extending the query-texts file to  
more than MaxAllocHugeSize.  If it got that big, qtext_load_file  
would certainly fail, so there's not much point in allowing it.  
Without this, we'd need to consider whether extent, query_offset,  
and related variables shouldn't be off_t not size_t.  
  
3. Adjust the comparisons in need_gc_qtexts() to be done in 64-bit  
arithmetic on all platforms.  It appears possible that under duress  
those multiplications could overflow 32 bits, yielding a false  
conclusion that we need to garbage-collect the texts file, which  
could lead to repeatedly garbage-collecting after every hash table  
insertion.  
  
Per report from Bruno da Silva.  I'm not convinced that these  
issues fully explain his problem; there may be some other bug that's  
contributing to the query-texts file becoming so large in the first  
place.  But it did get that big, so #2 is a reasonable defense,  
and #3 could explain the reported performance difficulties.  
  
(See also commit 8bbe4cbd9, which addressed some related bugs.  
The second Discussion: link is the thread that led up to that.)  
  
This issue is old, and is primarily a problem for old platforms,  
so back-patch.  
  
Discussion: https://postgr.es/m/CAB+Nuk93fL1Q9eLOCotvLP07g7RAv4vbdrkm0cVQohDVMpAb9A@mail.gmail.com  
Discussion: https://postgr.es/m/5601D354.5000703@BlueTreble.com  

commit   : 331f8b851c980d4050a82c1de101f93d47ddaacf    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 1 Aug 2022 12:22:35 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 1 Aug 2022 12:22:35 -0400    

I thought commit fd96d14d9 had plugged all the holes of this sort,  
but no, function RTEs could produce oversize tuples too, either  
via long coldeflists or just from multiple functions in one RTE.  
(I'm pretty sure the other variants of base RTEs aren't a problem,  
because they ultimately refer to either a table or a sub-SELECT,  
whose widths are enforced elsewhere.  But we explicitly allow join  
RTEs to be overwidth, as long as you don't try to form their  
tuple result.)  
  
Per further discussion of bug #17561.  As before, patch all branches.  
  
Discussion: https://postgr.es/m/17561-80350151b9ad2ad4@postgresql.org  

commit   : aadaaeff4cf8b90c62dbb6cc67f5dd7e5a0297fe    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Mon, 1 Aug 2022 16:39:30 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Mon, 1 Aug 2022 16:39:30 +0900    

errno was not reported correctly after attempting to clone a file,  
leading to incorrect error reports.  While scanning through the code, I  
have not noticed any similar mistakes.  
  
Error introduced in 3a769d8.  
  
Author: Justin Pryzby  
Discussion: https://postgr.es/m/20220731134135.GY15006@telsasoft.com  
Backpatch-through: 12  

commit   : b76e136ceb334a229ef99afdc9b4cb1cabfd05a7    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Fri, 29 Jul 2022 17:43:34 -0400    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Fri, 29 Jul 2022 17:43:34 -0400    

The new test is from commit 9e4f914b5e.  
  
With this setting messages have SQL error numbers included, so that  
needs to be provided for in the pattern looked for.  
  
Backpatch to all live branches like the original.  

commit   : ba2002d02cf4d6790d82d3b9ffd5d7a74a1c9589    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 29 Jul 2022 13:30:50 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 29 Jul 2022 13:30:50 -0400    

A RowExpr with more than MaxTupleAttributeNumber columns would fail at  
execution anyway, since we cannot form a tuple datum with more than that  
many columns.  While heap_form_tuple() has a check for too many columns,  
it emerges that there are some intermediate bits of code that don't  
check and can be driven to failure with sufficiently many columns.  
Checking this at parse time seems like the most appropriate place to  
install a defense, since we already check SELECT list length there.  
  
While at it, make the SELECT-list-length error use the same errcode  
(TOO_MANY_COLUMNS) as heap_form_tuple does, rather than the generic  
PROGRAM_LIMIT_EXCEEDED.  
  
Per bug #17561 from Egor Chindyaskin.  The given test case crashes  
in all supported branches (and probably a lot further back),  
so patch all.  
  
Discussion: https://postgr.es/m/17561-80350151b9ad2ad4@postgresql.org  

commit   : 7cfe688dee86c10ed2622872f5b2f8ca9b1b7c5b    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 29 Jul 2022 12:50:47 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 29 Jul 2022 12:50:47 +0200    

On FreeBSD, the new test fails due to a WAL file being removed before  
the standby has had the chance to copy it.  Fix by adding a replication  
slot to prevent the removal until after the standby has connected.  
  
Author: Kyotaro Horiguchi <horikyota.ntt@gmail.com>  
Reported-by: Matthias van de Meent <boekewurm+postgres@gmail.com>  
Discussion: https://postgr.es/m/CAEze2Wj5nau_qpjbwihvmXLfkAWOZ5TKdbnqOc6nKSiRJEoPyQ@mail.gmail.com  

commit   : 9a7e26b9c2ac7094f8a7d26cb32a8bc57d28d3f1    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 28 Jul 2022 08:26:05 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 28 Jul 2022 08:26:05 +0200    

Crash recovery on standby may encounter missing directories  
when replaying database-creation WAL records.  Prior to this  
patch, the standby would fail to recover in such a case;  
however, the directories could be legitimately missing.  
Consider the following sequence of commands:  
  
    CREATE DATABASE  
    DROP DATABASE  
    DROP TABLESPACE  
  
If, after replaying the last WAL record and removing the  
tablespace directory, the standby crashes and has to replay the  
create database record again, crash recovery must be able to continue.  
  
A fix for this problem was already attempted in 49d9cfc68bf4, but it  
was reverted because of design issues.  This new version is based  
on Robert Haas' proposal: any missing tablespaces are created  
during recovery before reaching consistency.  Tablespaces  
are created as real directories, and should be deleted  
by later replay.  CheckRecoveryConsistency ensures  
they have disappeared.  
  
The problems detected by this new code are reported as PANIC,  
except when allow_in_place_tablespaces is set to ON, in which  
case they are WARNING.  Apart from making tests possible, this  
gives users an escape hatch in case things don't go as planned.  
  
Author: Kyotaro Horiguchi <horikyota.ntt@gmail.com>  
Author: Asim R Praveen <apraveen@pivotal.io>  
Author: Paul Guo <paulguo@gmail.com>  
Reviewed-by: Anastasia Lubennikova <lubennikovaav@gmail.com> (older versions)  
Reviewed-by: Fujii Masao <masao.fujii@oss.nttdata.com> (older versions)  
Reviewed-by: Michaël Paquier <michael@paquier.xyz>  
Diagnosed-by: Paul Guo <paulguo@gmail.com>  
Discussion: https://postgr.es/m/CAEET0ZGx9AvioViLf7nbR_8tH9-=27DN5xWJ2P9-ROH16e4JUA@mail.gmail.com  

commit   : 16e7a8fd8e97325c13c297f00eaa05a9ed739be5    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 27 Jul 2022 07:55:13 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 27 Jul 2022 07:55:13 +0200    

This is a backpatch to branches 10-14 of the following commits:  
  
7170f2159fb2 Allow "in place" tablespaces.  
c6f2f01611d4 Fix pg_basebackup with in-place tablespaces.  
f6f0db4d6240 Fix pg_tablespace_location() with in-place tablespaces  
7a7cd84893e0 doc: Remove mention to in-place tablespaces for pg_tablespace_location()  
5344723755bd Remove unnecessary Windows-specific basebackup code.  
  
In-place tablespaces were introduced as a testing helper mechanism, but  
they are going to be used for a bugfix in WAL replay to be backpatched  
to all stable branches.  
  
I (Álvaro) had to adjust some code to account for lack of  
get_dirent_type() in branches prior to 14.  
  
Author: Thomas Munro <thomas.munro@gmail.com>  
Author: Michaël Paquier <michael@paquier.xyz>  
Author: Álvaro Herrera <alvherre@alvh.no-ip.org>  
Discussion: https://postgr.es/m/20220722081858.omhn2in5zt3g4nek@alvherre.pgsql  

commit   : 6c193c2ace32b4770cf13981914d9c054fb5404d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 26 Jul 2022 13:07:03 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 26 Jul 2022 13:07:03 -0400    

We have a few commands that "can't run in a transaction block",  
meaning that if they complete their processing but then we fail  
to COMMIT, we'll be left with inconsistent on-disk state.  
However, the existing defenses for this are only watertight for  
simple query protocol.  In extended protocol, we didn't commit  
until receiving a Sync message.  Since the client is allowed to  
issue another command instead of Sync, we're in trouble if that  
command fails or is an explicit ROLLBACK.  In any case, sitting  
in an inconsistent state while waiting for a client message  
that might not come seems pretty risky.  
  
This case wasn't reachable via libpq before we introduced pipeline  
mode, but it's always been an intended aspect of extended query  
protocol, and likely there are other clients that could reach it  
before.  
  
To fix, set a flag in PreventInTransactionBlock that tells  
exec_execute_message to force an immediate commit.  This seems  
to be the approach that does least damage to existing working  
cases while still preventing the undesirable outcomes.  
  
While here, add some documentation to protocol.sgml that explicitly  
says how to use pipelining.  That's latent in the existing docs if  
you know what to look for, but it's better to spell it out; and it  
provides a place to document this new behavior.  
  
Per bug #17434 from Yugo Nagata.  It's been wrong for ages,  
so back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/17434-d9f7a064ce2a88a3@postgresql.org  

commit   : 4c9e5162f56d2e9d8e690000a046ff4f59e2268d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 23 Jul 2022 19:00:30 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 23 Jul 2022 19:00:30 -0400    

We didn't explicitly say that random() uses a randomly-chosen seed  
if you haven't called setseed().  Do so.  
  
Also, remove ref/set.sgml's no-longer-accurate (and never very  
relevant) statement that the seed value is multiplied by 2^31-1.  
  
Back-patch to v12 where set.sgml's claim stopped being true.  
The claim that we use a source of random bits as seed was debatable  
before 4203842a1, too, so v12 seems like a good place to stop.  
  
Per question from Carl Sopchak.  
  
Discussion: https://postgr.es/m/f37bb937-9d99-08f0-4de7-80c91a3cfc2e@sopchak.me  

commit   : 43fe5134b0d40db6f120097dd045468f8100807b    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 21 Jul 2022 14:55:23 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 21 Jul 2022 14:55:23 -0400    

Reported-by: axel.kluener@gmail.com  
  
Discussion: https://postgr.es/m/164736074430.660.3645615289283943146@wrigleys.postgresql.org  
  
Backpatch-through: 11  

commit   : ea9581488bfa083a32b722dde16b67d4fa36f51a    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 21 Jul 2022 13:58:20 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 21 Jul 2022 13:58:20 -0400    

This is true even for acronyms that are usually upper case, like LDAP.  
  
Reported-by: Alvaro Herrera  
  
Discussion: https://postgr.es/m/202205141521.2nodjabmsour@alvherre.pgsql  
  
Backpatch-through: 10  

commit   : 5b5d4351398555d31b9419c764263981fa912755    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 21 Jul 2022 13:56:02 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 21 Jul 2022 13:56:02 -0400    

Due to lack of concern for the case in the dependency code, it's  
possible to drop a column of a composite type even though stored  
queries have references to the dropped column via functions-in-FROM  
that return the composite type.  There are "soft" references,  
namely FROM-clause aliases for such columns, and "hard" references,  
that is actual Vars referring to them.  The right fix for hard  
references is to add dependencies preventing the drop; something  
we've known for many years and not done (and this commit still doesn't  
address it).  A "soft" reference shouldn't prevent a drop though.  
We've been around on this before (cf. 9b35ddce9, 2c4debbd0), but  
nobody had noticed that the current behavior can result in dump/reload  
failures, because ruleutils.c can print more column aliases than the  
underlying composite type now has.  So we need to rejigger the  
column-alias-handling code to treat such columns as dropped and not  
print aliases for them.  
  
Rather than writing new code for this, I used expandRTE() which already  
knows how to figure out which function result columns are dropped.  
I'd initially thought maybe we could use expandRTE() in all cases, but  
that fails for EXPLAIN's purposes, because the planner strips a lot of  
RTE infrastructure that expandRTE() needs.  So this patch just uses it  
for unplanned function RTEs and otherwise does things the old way.  
  
If there is a hard reference (Var), then removing the column alias  
causes us to fail to print the Var, since there's no longer a name  
to print.  Failing seems less desirable than printing a made-up  
name, so I made it print "?dropped?column?" instead.  
  
Per report from Timo Stolz.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/5c91267e-3b6d-5795-189c-d15a55d61dbb@nullachtvierzehn.de  

commit   : 162ade612f1543389bd105fba82ea7e60c5b82c9    
  
author   : Fujii Masao <fujii@postgresql.org>    
date     : Tue, 12 Jul 2022 11:53:29 +0900    
  
committer: Fujii Masao <fujii@postgresql.org>    
date     : Tue, 12 Jul 2022 11:53:29 +0900    

When a non-exclusive backup is canceled, do_pg_abort_backup() is called  
and resets some variables set by pg_backup_start (pg_start_backup in v14  
or before). But previously it forgot to reset the session state indicating  
whether a non-exclusive backup is in progress or not in this session.  
  
This issue could cause an assertion failure when the session running  
BASE_BACKUP is terminated after it executed pg_backup_start and  
pg_backup_stop (pg_stop_backup in v14 or before). Also it could cause  
a segmentation fault when pg_backup_stop is called after BASE_BACKUP  
in the same session is canceled.  
  
This commit fixes the issue by making do_pg_abort_backup reset  
that session state.  
  
Back-patch to all supported branches.  
  
Author: Fujii Masao  
Reviewed-by: Kyotaro Horiguchi, Masahiko Sawada, Michael Paquier, Robert Haas  
Discussion: https://postgr.es/m/3374718f-9fbf-a950-6d66-d973e027f44c@oss.nttdata.com  

commit   : 5630f39b31eac67a1bd56b0e6254d7724b7bbaeb    
  
author   : Fujii Masao <fujii@postgresql.org>    
date     : Tue, 12 Jul 2022 09:31:57 +0900    
  
committer: Fujii Masao <fujii@postgresql.org>    
date     : Tue, 12 Jul 2022 09:31:57 +0900    

Multiple non-exclusive backups are able to be run conrrently in different  
sessions. But, in the same session, only one non-exclusive backup can be  
run at the same moment. If pg_backup_start (pg_start_backup in v14 or before)  
is called in the middle of another non-exclusive backup in the same session,  
an error is thrown.  
  
However, previously, in logical replication walsender mode, even if that  
walsender session had already called pg_backup_start and started  
a non-exclusive backup, it could execute BASE_BACKUP command and  
start another non-exclusive backup. Which caused subsequent pg_backup_stop  
to throw an error because BASE_BACKUP unexpectedly reset the session state  
marked by pg_backup_start.  
  
This commit prevents BASE_BACKUP command in the middle of another  
non-exclusive backup in the same session.  
  
Back-patch to all supported branches.  
  
Author: Fujii Masao  
Reviewed-by: Kyotaro Horiguchi, Masahiko Sawada, Michael Paquier, Robert Haas  
Discussion: https://postgr.es/m/3374718f-9fbf-a950-6d66-d973e027f44c@oss.nttdata.com  

commit   : b2c8d56618b86ba41db950e437e5abcbf085f186    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 18 Jul 2022 16:23:48 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 18 Jul 2022 16:23:48 +0200    

This fixes an ABI break introduced by  
cfc86f987349372dbbfc0391f9f519c0a7b27b84.  
  
Author: Markus Wanner <markus.wanner@enterprisedb.com>  
Discussion: https://www.postgresql.org/message-id/defd749a-8410-841d-1126-21398686d63d@enterprisedb.com  

commit   : 36ccca3dbac3663b5487cd5966b345009b182629    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 17 Jul 2022 17:43:28 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 17 Jul 2022 17:43:28 -0400    

The patch that added regcollation doesn't seem to have been too  
thorough about supporting it everywhere that other reg* types  
are supported.  Fix that.  (The find_expr_references omission  
is moderately serious, since it could result in missing expression  
dependencies.  The others are less exciting.)  
  
Noted while fixing bug #17483.  Back-patch to v13 where  
regcollation was added.  
  
Discussion: https://postgr.es/m/1423433.1652722406@sss.pgh.pa.us  

commit   : 6230bd7df4ce1f04a350ab490a528148d25f5df9    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 17 Jul 2022 17:27:50 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 17 Jul 2022 17:27:50 -0400    

The motivation for this is to ensure successful transmission of the  
values of constants of regconfig and other reg* types.  The remote  
will be reading them with search_path = 'pg_catalog', so schema  
qualification is necessary when referencing objects in other schemas.  
  
Per bug #17483 from Emmanuel Quincerot.  Back-patch to all supported  
versions.  (There's some other stuff to do here, but it's less  
back-patchable.)  
  
Discussion: https://postgr.es/m/1423433.1652722406@sss.pgh.pa.us  

commit   : c75b6b454ea1b981607fecce0f98697c702d8b85    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Sat, 16 Jul 2022 10:59:52 +1200    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Sat, 16 Jul 2022 10:59:52 +1200    

Commit 4518c798 blocks signals for a short region of code, but it  
assumed that whatever called it had the signal mask set to UnBlockSig on  
entry.  That may be true today (or may even not be, in extensions in the  
wild), but it would be better not to make that assumption.  We should  
save-and-restore the caller's signal mask.  
  
The PG_SETMASK() portability macro couldn't be used for that, which is  
why it wasn't done before.  But... considering that commit a65e0864  
established back in 9.6 that supported POSIX systems have sigprocmask(),  
and that this is POSIX-only code, there is no reason not to use standard  
sigprocmask() directly to achieve that.  
  
Back-patch to all supported releases, like 4518c798 and 80845b7c.  
  
Reviewed-by: Alvaro Herrera <alvherre@alvh.no-ip.org>  
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>  
Discussion: https://postgr.es/m/CA%2BhUKGKx6Biq7_UuV0kn9DW%2B8QWcpJC1qwhizdtD9tN-fn0H0g%40mail.gmail.com  

commit   : 65a0cf863270e38755ba2b6d5ae91d560128a107    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 20:01:11 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 20:01:11 -0400    

Reported-by: Nitin Jadhav  
  
Discussion: https://postgr.es/m/CAMm1aWbmTHwHKC2PERH0CCaFVPoxrtLeS8=wNuoge94qdSp3vA@mail.gmail.com  
  
Author: Nitin Jadhav  
  
Backpatch-through: 13  

commit   : ef9d0cf19cdb74fd9b9f833d8e42ed283e0def23    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 17:41:03 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 17:41:03 -0400    

Clarify that functions/procedures are dropped when any extension that  
depends on them is dropped.  
  
Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwbPSHMDGkisRUmewopweC1bFvytVqB=a=X4GFg=4ZWxPA@mail.gmail.com  
  
Backpatch-through: 13  

commit   : 2d4c6437c87e6a036a163b1b4363097ee860cef0    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 16:34:30 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 16:34:30 -0400    

Reported-by: Nikhil Shetty  
  
Discussion: https://postgr.es/m/CAFpL5Vxastip0Jei-K-=7cKXTg=5sahSe5g=om=x68NOX8+PUA@mail.gmail.com  
  
Backpatch-through: 10  

commit   : bf3d692deba4ffb2d54e7abf2af0d9a4969fb700    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 16:19:45 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 16:19:45 -0400    

Reported-by: Takeshi Ideriha  
  
Discussion: https://postgr.es/m/TYCPR01MB7041A157067208327D8DAAF9EAA59@TYCPR01MB7041.jpnprd01.prod.outlook.com  
  
Backpatch-through: 11  

commit   : 85e32877f1d747edf853ced703f6337fadb965a8    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 15:44:22 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 15:44:22 -0400    

Original patch by David G. Johnston.  
  
Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwYQCxSSuSL18skCWG8QHFswOJ3hjovHsOZUE346i4OpVQ@mail.gmail.com  
  
Backpatch-through: 10  

commit   : ebf06040e52262b876069f3e515c1c09b96084b0    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 15:33:28 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 15:33:28 -0400    

Original patch by David G. Johnston.  
  
Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwa4J0+WuO7kW1PLbjoEvzPN+Q_j+P2bXxNnCLaszY7ZdQ@mail.gmail.com  
  
Backpatch-through: 10  

commit   : 2d0329b6bdd3b812d22b3d53d5e2b7bda4468a56    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 15:17:19 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 15:17:19 -0400    

Initial patch by David G. Johnston.  
  
Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwZpbdzceO41VE-xt1Xh8rWRRfgopTAK1wL9EhCo0Am-Sw@mail.gmail.com  
  
Backpatch-through: 10  

commit   : 3336b3de34e1b865af358e15a4221523221eb086    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 12:08:54 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 14 Jul 2022 12:08:54 -0400    

Reported-by: Troy Frericks  
  
Discussion: https://postgr.es/m/165653551130.665.8240515669521441325@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : 17aa39da50c5ac37436522fe2dd9f25a93673fdd    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Fri, 15 Jul 2022 01:23:29 +1200    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Fri, 15 Jul 2022 01:23:29 +1200    

Commit 4518c798 intended to block signals in regular backends that  
allocate DSM segments, but dsm_impl_resize() is also reached by  
dsm_postmaster_startup().  It's not OK to clobber the postmaster's  
signal mask, so only manipulate the signal mask when under the  
postmaster.  
  
Back-patch to all releases, like 4518c798.  
  
Discussion: https://postgr.es/m/CA%2BhUKGKNpK%3D2OMeea_AZwpLg7Bm4%3DgYWk7eDjZ5F6YbozfOf8w%40mail.gmail.com  

commit   : e73fe6e828d141b0ee0be8d7f58d73b3f0fad872    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 13 Jul 2022 16:16:07 +1200    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 13 Jul 2022 16:16:07 +1200    

On Linux, we call posix_fallocate() on shm_open()'d memory to avoid  
later potential SIGBUS (see commit 899bd785).  
  
Based on field reports of systems stuck in an EINTR retry loop there,  
there, we made it possible to break out of that loop via slightly odd  
coding where the CHECK_FOR_INTERRUPTS() call was somewhat removed from  
the loop (see commit 422952ee).  
  
On further reflection, that was not a great choice for at least two  
reasons:  
  
1.  If interrupts were held, the CHECK_FOR_INTERRUPTS() would do nothing  
and the EINTR error would be surfaced to the user.  
  
2.  If EINTR was reported but neither QueryCancelPending nor  
ProcDiePending was set, then we'd dutifully retry, but with a bit more  
understanding of how posix_fallocate() works, it's now clear that you  
can get into a loop that never terminates.  posix_fallocate() is not a  
function that can do some of the job and tell you about progress if it's  
interrupted, it has to undo what it's done so far and report EINTR, and  
if signals keep arriving faster than it can complete (cf recovery  
conflict signals), you're stuck.  
  
Therefore, for now, we'll simply block most signals to guarantee  
progress.  SIGQUIT is not blocked (see InitPostmasterChild()), because  
its expected handler doesn't return, and unblockable signals like  
SIGCONT are not expected to arrive at a high rate.  For good measure,  
we'll include the ftruncate() call in the blocked region, and add a  
retry loop.  
  
Back-patch to all supported releases.  
  
Reported-by: Alvaro Herrera <alvherre@alvh.no-ip.org>  
Reported-by: Nicola Contu <nicola.contu@gmail.com>  
Reviewed-by: Alvaro Herrera <alvherre@alvh.no-ip.org>  
Reviewed-by: Andres Freund <andres@anarazel.de>  
Discussion: https://postgr.es/m/20220701154105.jjfutmngoedgiad3%40alvherre.pgsql  

commit   : 7cdd0c2d7cdf08a4f8dfd8678a7b244c942e64e4    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Mon, 11 Jul 2022 14:47:16 +1200    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Mon, 11 Jul 2022 14:47:16 +1200    

dshash.c previously maintained flags to be able to assert that you  
didn't hold any partition lock.  These flags could get out of sync with  
reality in error scenarios.  
  
Get rid of all that, and make assertions about the locks themselves  
instead.  Since LWLockHeldByMe() loops internally, we don't want to put  
that inside another loop over all partition locks.  Introduce a new  
debugging-only interface LWLockAnyHeldByMe() to avoid that.  
  
This problem was noted by Tom and Andres while reviewing changes to  
support the new shared memory stats system, and later showed up in  
reality while working on commit 389869af.  
  
Back-patch to 11, where dshash.c arrived.  
  
Reported-by: Tom Lane <tgl@sss.pgh.pa.us>  
Reported-by: Andres Freund <andres@anarazel.de>  
Reviewed-by: Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp>  
Reviewed-by: Zhihong Yu <zyu@yugabyte.com>  
Reviewed-by: Andres Freund <andres@anarazel.de>  
Discussion: https://postgr.es/m/20220311012712.botrpsikaufzteyt@alap3.anarazel.de  
Discussion: https://postgr.es/m/CA%2BhUKGJ31Wce6HJ7xnVTKWjFUWQZPBngxfJVx4q0E98pDr3kAw%40mail.gmail.com  

commit   : e5b5b4448ce0981a7a89a8c43df77d71bfa9cc96    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Sun, 10 Jul 2022 16:30:03 +1200    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Sun, 10 Jul 2022 16:30:03 +1200    

When you hit ^C, the terminal driver in Unix-like systems echoes "^C" as  
well as sending an interrupt signal (depending on stty settings).  At  
least libedit (but maybe also libreadline) is then confused about the  
current cursor location, and corrupts the display if you try to scroll  
back.  Fix, by moving to a new line before the next prompt is displayed.  
  
Back-patch to all supported released.  
  
Author: Pavel Stehule <pavel.stehule@gmail.com>  
Reported-by: Tom Lane <tgl@sss.pgh.pa.us>  
Discussion: https://postgr.es/m/3278793.1626198638%40sss.pgh.pa.us  

commit   : 49d296d8e8723b7517ecc074be4694349d6a1cd2    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 8 Jul 2022 20:23:34 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 8 Jul 2022 20:23:34 -0400    

The examples show the output of array_length() and jsonb_array_length()  
for empty arrays.  
  
Discussion: https://postgr.es/m/CAKFQuwaoBmRuWdMLzLHDCFDJDX3wvfQ7egAF0bpik_BFgG1KWg@mail.gmail.com  
  
Author: David G. Johnston  
  
Backpatch-through: 13  

commit   : 12f56b6a70ca06acd394f37a965e4814e8472373    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 8 Jul 2022 18:36:27 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 8 Jul 2022 18:36:27 -0400    

Discussion: https://postgr.es/m/20220618085541.ezxdaljlpo6x7msc@home-desktop  
  
Author: Dong Wook Lee  
  
Backpatch-through: 11  

commit   : f890223bc3c45f78774d9b042b62f529eb434aa9    
  
author   : Dean Rasheed <dean.a.rasheed@gmail.com>    
date     : Thu, 7 Jul 2022 13:08:00 +0100    
  
committer: Dean Rasheed <dean.a.rasheed@gmail.com>    
date     : Thu, 7 Jul 2022 13:08:00 +0100    

When locking a specific named relation for a FOR [KEY] UPDATE/SHARE  
clause, transformLockingClause() finds the relation to lock by  
scanning the rangetable for an RTE with a matching eref->aliasname.  
However, it failed to account for the visibility rules of a join RTE.  
  
If a join RTE doesn't have a user-supplied alias, it will have a  
generated eref->aliasname of "unnamed_join" that is not visible as a  
relation name in the parse namespace. Such an RTE needs to be skipped,  
otherwise it might be found in preference to a regular base relation  
with a user-supplied alias of "unnamed_join", preventing it from being  
locked.  
  
In addition, if a join RTE doesn't have a user-supplied alias, but  
does have a join_using_alias, then the RTE needs to be matched using  
that alias rather than the generated eref->aliasname, otherwise a  
misleading "relation not found" error will be reported rather than a  
"join cannot be locked" error.  
  
Backpatch all the way, except for the second part which only goes back  
to 14, where JOIN USING aliases were added.  
  
Dean Rasheed, reviewed by Tom Lane.  
  
Discussion: https://postgr.es/m/CAEZATCUY_KOBnqxbTSPf=7fz9HWPnZ5Xgb9SwYzZ8rFXe7nb=w@mail.gmail.com  

commit   : d2323570ad339330c9deaf3304750096c9f6a98a    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Tue, 5 Jul 2022 13:38:26 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Tue, 5 Jul 2022 13:38:26 +0200    

The existing wording wasn't clear enough and some details weren't  
anywhere, such as the fact that autosummarization is off by default.  
Improve.  
  
Authors: Roberto Mello, Jaime Casanova, Justin Pryzby, Álvaro Herrera  
Discussion: https://postgr.es/m/CAKz==bK_NoJytRyQfX8K-erCW3Ff7--oGYpiB8+ePVS7dRVW_A@mail.gmail.com  
Discussion: https://postgr.es/m/20220224193520.GY9008@telsasoft.com  

commit   : 03cefe81484d563a7165e8fa57a03a33d4c5c188    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Sun, 3 Jul 2022 17:08:25 -0400    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Sun, 3 Jul 2022 17:08:25 -0400    

None of the other bison parsers contains this directive, and it gives  
rise to some unfortunate and impenetrable messages, so just remove it.  
  
Backpatch to release 12, where it was introduced.  
  
Per gripe from Erik Rijkers  
  
Discussion: https://postgr.es/m/ba069ce2-a98f-dc70-dc17-2ccf2a9bf7c7@xs4all.nl  

commit   : 97b005f3fb1b32581493e0e6e7fca028d9896207    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 2 Jul 2022 21:03:19 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 2 Jul 2022 21:03:19 -0700    

Per buildfarm member prairiedog, this platform rejects uninitialized  
global variables in shared libraries.  Back-patch to v10, like the  
addition of the variable.  
  
Reviewed by Tom Lane.  
  
Discussion: https://postgr.es/m/20220703030619.GB2378460@rfd.leadboat.com  

commit   : b4d7e92bd5354c78c0d0405d08d85b73d20f50f7    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 2 Jul 2022 13:00:30 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 2 Jul 2022 13:00:30 -0700    

ecpglib has been calling it once per SQL query and once per EXEC SQL GET  
DESCRIPTOR.  Instead, if newlocale() has not succeeded before, call it  
while establishing a connection.  This mitigates three problems:  
- If newlocale() failed in EXEC SQL GET DESCRIPTOR, the command silently  
  proceeded without the intended locale change.  
- On AIX, each newlocale()+freelocale() cycle leaked memory.  
- newlocale() CPU usage may have been nontrivial.  
  
Fail the connection attempt if newlocale() fails.  Rearrange  
ecpg_do_prologue() to validate the connection before its uselocale().  
  
The sort of program that may regress is one running in an environment  
where newlocale() fails.  If that program establishes connections  
without running SQL statements, it will stop working in response to this  
change.  I'm betting against the importance of such an ECPG use case.  
Most SQL execution (any using ECPGdo()) has long required newlocale()  
success, so there's little a connection could do without newlocale().  
  
Back-patch to v10 (all supported versions).  
  
Reviewed by Tom Lane.  Reported by Guillaume Lelarge.  
  
Discussion: https://postgr.es/m/20220101074055.GA54621@rfd.leadboat.com  

commit   : b436047dc6920516f878b65f7b7c3e0e27050025    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Fri, 1 Jul 2022 12:05:52 +1200    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Fri, 1 Jul 2022 12:05:52 +1200    

Previously, we trusted the OS not to report EEXIST unless we'd passed in  
IPC_CREAT | IPC_EXCL or O_CREAT | O_EXCL, as appropriate.  Solaris's  
shm_open() can in fact do that, causing us to crash because we didn't  
ereport and then we blithely assumed the mapping was successful.  
  
Let's treat EEXIST just like any other error, unless we're actually  
trying to create a new segment.  This applies to shm_open(), where this  
behavior has been seen, and also to the equivalent operations for our  
sysv and mmap modes just on principle.  
  
Based on the underlying reason for the error, namely contention on a  
lock file managed by Solaris librt for each distinct name, this problem  
is only likely to happen on 15 and later, because the new shared memory  
stats system produces shm_open() calls for the same path from  
potentially large numbers of backends concurrently during  
authentication.  Earlier releases only shared memory segments between a  
small number of parallel workers under one Gather node.  You could  
probably hit it if you tried hard enough though, and we should have been  
more defensive in the first place.  Therefore, back-patch to all  
supported releases.  
  
Per build farm animal margay.  This isn't the end of the story, though,  
it just changes random crashes into random "File exists" errors; more  
work needed for a green build farm.  
  
Reviewed-by: Robert Haas <robertmhaas@gmail.com>  
Discussion: https://postgr.es/m/CA%2BhUKGKqKrCV5xKWfh9rnm%3Do%3DDwZLTLtnsj_XpUi9g5%3DV%2B9oyg%40mail.gmail.com  

commit   : 7ba325fd7fd450688afd2f80d19cad060feb51b5    
  
author   : Heikki Linnakangas <heikki.linnakangas@iki.fi>    
date     : Mon, 27 Jun 2022 08:21:08 +0300    
  
committer: Heikki Linnakangas <heikki.linnakangas@iki.fi>    
date     : Mon, 27 Jun 2022 08:21:08 +0300    

TransactionIdIsInProgress had a fast path to return 'false' if the  
single-item CLOG cache said that the transaction was known to be  
committed. However, that was wrong, because a transaction is first  
marked as committed in the CLOG but doesn't become visible to others  
until it has removed its XID from the proc array. That could lead to an  
error:  
  
    ERROR:  t_xmin is uncommitted in tuple to be updated  
  
or for an UPDATE to go ahead without blocking, before the previous  
UPDATE on the same row was made visible.  
  
The window is usually very short, but synchronous replication makes it  
much wider, because the wait for synchronous replica happens in that  
window.  
  
Another thing that makes it hard to hit is that it's hard to get such  
a commit-in-progress transaction into the single item CLOG cache.  
Normally, if you call TransactionIdIsInProgress on such a transaction,  
it determines that the XID is in progress without checking the CLOG  
and without populating the cache. One way to prime the cache is to  
explicitly call pg_xact_status() on the XID. Another way is to use a  
lot of subtransactions, so that the subxid cache in the proc array is  
overflown, making TransactionIdIsInProgress rely on pg_subtrans and  
CLOG checks.  
  
This has been broken ever since it was introduced in 2008, but the race  
condition is very hard to hit, especially without synchronous  
replication. There were a couple of reports of the error starting from  
summer 2021, but no one was able to find the root cause then.  
  
TransactionIdIsKnownCompleted() is now unused. In 'master', remove it,  
but I left it in place in backbranches in case it's used by extensions.  
  
Also change pg_xact_status() to check TransactionIdIsInProgress().  
Previously, it only checked the CLOG, and returned "committed" before  
the transaction was actually made visible to other queries. Note that  
this also means that you cannot use pg_xact_status() to reproduce the  
bug anymore, even if the code wasn't fixed.  
  
Report and analysis by Konstantin Knizhnik. Patch by Simon Riggs, with  
the pg_xact_status() change added by me.  
  
Author: Simon Riggs  
Reviewed-by: Andres Freund  
Discussion: https://www.postgresql.org/message-id/flat/4da7913d-398c-e2ad-d777-f752cf7f0bbb%40garret.ru  

commit   : aa1845cdd6979aa0a7f51f716712c71e84920313    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 25 Jun 2022 14:15:56 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 25 Jun 2022 14:15:56 -0700    

This Perl segfaults if a declaration of the to-be-aliased package  
precedes the aliasing itself.  Per buildfarm members lapwing and wrasse.  
Like commit 20911775de4ab7ac3ecc68bd714cb3ed0fd68b6a, back-patch to v10  
(all supported versions).  
  
Discussion: https://postgr.es/m/20220625171533.GA2012493@rfd.leadboat.com  

commit   : 8782ce49e4d0c8886cd09d824dd55f741f709f8f    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 25 Jun 2022 09:07:41 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 25 Jun 2022 09:07:41 -0700    

Commit a117cebd638dd02e5c2e791c25e43745f233111b used the original userid  
for ACL checks located directly in DefineIndex(), but it still adopted  
the table owner userid for more ACL checks than intended.  That broke  
dump/reload of indexes that refer to an operator class, collation, or  
exclusion operator in a schema other than "public" or "pg_catalog".  
Back-patch to v10 (all supported versions), like the earlier commit.  
  
Nathan Bossart and Noah Misch  
  
Discussion: https://postgr.es/m/f8a4105f076544c180a87ef0c4822352@stmuk.bayern.de  

commit   : e8f037a2df9b6f5936c7958dcc18a2b8d609f410    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 25 Jun 2022 09:07:44 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 25 Jun 2022 09:07:44 -0700    

Remove the need to edit back-branch-specific code sites when  
back-patching the addition of a PostgreSQL::Test::Utils symbol.  Replace  
per-symbol, incomplete alias lists.  Give old and new package names the  
same EXPORT and EXPORT_OK semantics.  Back-patch to v10 (all supported  
versions).  
  
Reviewed by Andrew Dunstan.  
  
Discussion: https://postgr.es/m/20220622072144.GD4167527@rfd.leadboat.com  

commit   : 3a6ef0cdf31191309ec586b04034f6dcd2542bcc    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Thu, 23 Jun 2022 09:02:16 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Thu, 23 Jun 2022 09:02:16 +0530    

When rebuilding the relation mapping on subscribers, we were not releasing  
the attribute mapping's memory which was no longer required.  
  
The attribute mapping used in logical tuple conversion was refactored in  
PG13 (by commit e1551f96e6) but we forgot to update the related code that  
frees the attribute map.  
  
Author: Hou Zhijie  
Reviewed-by: Amit Langote, Amit Kapila, Shi yu  
Backpatch-through: 10, where it was introduced  
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com  

commit   : 9adc4cd3d678f07f749ab3b91016e272fc7d186d    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 22 Jun 2022 16:59:53 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 22 Jun 2022 16:59:53 -0400    

Reported-by: pg@kirasoft.com  
  
Discussion: https://postgr.es/m/165455351426.573551.7050474465030525109@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : 3485f8d03eb8cdaa1100472fd36761b1a4b82337    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 22 Jun 2022 14:33:26 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 22 Jun 2022 14:33:26 -0400    

Reported-by: akhilhello@gmail.com  
  
Discussion: https://postgr.es/m/165222922369.669.10475917322916060899@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : cfc86f987349372dbbfc0391f9f519c0a7b27b84    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 22 Jun 2022 12:12:00 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 22 Jun 2022 12:12:00 -0400    

SPI_commit previously left it up to the caller to recover from any error  
occurring during commit.  Since that's complicated and requires use of  
low-level xact.c facilities, it's not too surprising that no caller got  
it right.  Let's move the responsibility for cleanup into spi.c.  Doing  
that requires redefining SPI_commit as starting a new transaction, so  
that it becomes equivalent to SPI_commit_and_chain except that you get  
default transaction characteristics instead of preserving the prior  
transaction's characteristics.  We can make this pretty transparent  
API-wise by redefining SPI_start_transaction() as a no-op.  Callers  
that expect to do something in between might be surprised, but  
available evidence is that no callers do so.  
  
Having made that API redefinition, we can fix this mess by having  
SPI_commit[_and_chain] trap errors and start a new, clean transaction  
before re-throwing the error.  Likewise for SPI_rollback[_and_chain].  
Some cleanup is also needed in AtEOXact_SPI, which was nowhere near  
smart enough to deal with SPI contexts nested inside a committing  
context.  
  
While plperl and pltcl need no changes beyond removing their now-useless  
SPI_start_transaction() calls, plpython needs some more work because it  
hadn't gotten the memo about catching commit/rollback errors in the  
first place.  Such an error resulted in longjmp'ing out of the Python  
interpreter, which leaks Python stack entries at present and is reported  
to crash Python 3.11 altogether.  Add the missing logic to catch such  
errors and convert them into Python exceptions.  
  
This is a back-patch of commit 2e517818f.  That's now aged long enough  
to reduce the concerns about whether it will break something, and we  
do need to ensure that supported branches will work with Python 3.11.  
  
Peter Eisentraut and Tom Lane  
  
Discussion: https://postgr.es/m/3375ffd8-d71c-2565-e348-a597d6e739e3@enterprisedb.com  
Discussion: https://postgr.es/m/17416-ed8fe5d7213d6c25@postgresql.org  

commit   : 419c72715172ed787e36fd66a85b2a571340bd79    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Tue, 21 Jun 2022 15:12:52 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Tue, 21 Jun 2022 15:12:52 +0530    

We build the partition map entries on subscribers while applying the  
changes for update/delete on partitions. The component relation in each  
entry is closed after its use so we need to update it on successive use of  
cache entries.  
  
This problem was there since the original commit f1ac27bfda that  
introduced this code but we didn't notice it till the recent commit  
26b3455afa started to use the component relation of partition map cache  
entry.  
  
Reported-by: Tom Lane, as per buildfarm  
Author: Amit Langote, Hou Zhijie  
Reviewed-by: Amit Kapila, Shi Yu  
Backpatch-through: 13, where it was introduced  
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com  

commit   : 5f113d60e9982b8d5a8c9b2e85dc82330d3c683a    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Tue, 21 Jun 2022 07:48:02 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Tue, 21 Jun 2022 07:48:02 +0530    

In logical replication, we will check if the target table on the  
subscriber is updatable by comparing the replica identity of the table on  
the publisher with the table on the subscriber. When the target table is a  
partitioned table, we only check its replica identity but not for the  
partition tables. This leads to assertion failure while applying changes  
for update/delete as we expect those to succeed only when the  
corresponding partition table has a primary key or has a replica  
identity defined.  
  
Fix it by checking the replica identity of the partition table while  
applying changes.  
  
Reported-by: Shi Yu  
Author: Shi Yu, Hou Zhijie  
Reviewed-by: Amit Langote, Amit Kapila  
Backpatch-through: 13, where it was introduced  
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com  

commit   : 1f9a7738eb84f341a9b39689f33c887d1ef39487    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Thu, 16 Jun 2022 08:24:22 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Thu, 16 Jun 2022 08:24:22 +0530    

We were not updating the partition map cache in the subscriber even when  
the corresponding remote rel is changed. Due to this data was getting  
incorrectly replicated for partition tables after the publisher has  
changed the table schema.  
  
Fix it by resetting the required entries in the partition map cache after  
receiving a new relation mapping from the publisher.  
  
Reported-by: Shi Yu  
Author: Shi Yu, Hou Zhijie  
Reviewed-by: Amit Langote, Amit Kapila  
Backpatch-through: 13, where it was introduced  
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com  

commit   : 16f5a8da76f21576987790df828082cb7bb1bdad    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Wed, 15 Jun 2022 10:16:35 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Wed, 15 Jun 2022 10:16:35 +0530    

While building a new attrmap which maps partition attribute numbers to  
remoterel's, we incorrectly update the map for dropped column attributes.  
Later, it caused cache look-up failure when we tried to use the map to  
fetch the information about attributes.  
  
This also fixes the partition map cache invalidation which was using the  
wrong type cast to fetch the entry. We were using stale partition map  
entry after invalidation which leads to the assertion or cache look-up  
failure.  
  
Reported-by: Shi Yu  
Author: Hou Zhijie, Shi Yu  
Reviewed-by: Amit Langote, Amit Kapila  
Backpatch-through: 13, where it was introduced  
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com  

commit   : 12b8fb34a933456ca762c98bc2047e608b7a1079    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 14 Jun 2022 18:16:46 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 14 Jun 2022 18:16:46 -0400    

If an application executed operations like EXEC SQL PREPARE  
without having first established a database connection, it could  
get a core dump instead of the expected clean failure.  This  
occurred because we did "pthread_getspecific(actual_connection_key)"  
without ever having initialized the TSD key actual_connection_key.  
The results of that are probably platform-specific, but at least  
on Linux it often leads to a crash.  
  
To fix, add calls to ecpg_pthreads_init() in the code paths that  
might use actual_connection_key uninitialized.  It's harmless  
(and hopefully inexpensive) to do that more than once.  
  
Per bug #17514 from Okano Naoki.  The problem's ancient, so  
back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/17514-edd4fad547c5692c@postgresql.org  

commit   : d6d9ea0a468bd5a8bf0feb98e41f1ecb4b8a173d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 14 Jun 2022 17:47:09 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 14 Jun 2022 17:47:09 -0400    

The previous wording was "the underlying data type's default collation  
is used", which is wrong or at least misleading.  The domain inherits  
the base type's collation behavior, which if "default" actually can  
mean that we use some non-default collation obtained from elsewhere.  
  
Per complaint from Jian He.  
  
Discussion: https://postgr.es/m/CACJufxHMR8_4WooDPjjvEdaxB2hQ5a49qthci8fpKP0MKemVRQ@mail.gmail.com  

commit   : 3f7f06738529f4a71cf33c79654954e6178972a1    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 10 Jun 2022 16:34:25 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 10 Jun 2022 16:34:25 -0400    

This reverts commits a04ccf6df et al. in the back branches only.  
There was some disagreement already over whether to back-patch  
157f8739a, on the grounds that it is the sort of behavioral  
change that we don't like to back-patch.  Furthermore, it now  
looks like the logic needs some more work, which we don't have  
time for before the upcoming 14.4 release.  Revert for now, and  
perhaps reconsider later.  
  
Discussion: https://postgr.es/m/17504-76b68018e130415e@postgresql.org  

commit   : 254cd7f31f60f02de0548c8dcdc2c402c0cf02d8    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 10 Jun 2022 10:35:57 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 10 Jun 2022 10:35:57 -0400    

In commit ec62cb0aa, I foolishly replaced ExecEvalWholeRowVar's  
lookup_rowtype_tupdesc_domain call with just lookup_rowtype_tupdesc,  
because I didn't see how a domain could be involved there, and  
there were no regression test cases to jog my memory.  But the  
existing code was correct, so revert that change and add a test  
case showing why it's necessary.  (Note: per comment in struct  
DatumTupleFields, it is correct to produce an output tuple that's  
labeled with the base composite type, not the domain; hence just  
blindly looking through the domain is correct here.)  
  
Per bug #17515 from Dan Kubb.  Back-patch to v11 where domains over  
composites became a thing.  
  
Discussion: https://postgr.es/m/17515-a24737438363aca0@postgresql.org  

commit   : 2bc7dffa300819e44051a80cda0edcffbf673ea8    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 8 Jun 2022 12:01:51 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 8 Jun 2022 12:01:51 -0400    

The patch introducing jsonpath dropped a para about that between  
two related examples, and didn't bother updating the introductory  
sentences that it falsified.  The grammar was pretty shaky as well.  

commit   : 925816684a522c0fb26d986540cde963aefb5c43    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Wed, 8 Jun 2022 13:42:39 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Wed, 8 Jun 2022 13:42:39 +0200    

commit   : a36196972b77228882cab7838eed52c1a9154e4a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 7 Jun 2022 15:34:30 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 7 Jun 2022 15:34:30 -0400    

pg_stat_get_subscription scanned one more LogicalRepWorker array entry  
than is really allocated.  In the worst case this could lead to SIGSEGV,  
if the LogicalRepCtx data structure is near the end of shared memory.  
That seems quite unlikely though (thanks to the ordering of calls in  
CreateSharedMemoryAndSemaphores) and we've heard no field reports of it.  
A more likely misbehavior is one row of garbage data in the function's  
result, but even that is not real likely because of the check that the  
pid field matches some live backend.  
  
Report and fix by Kuntal Ghosh.  This bug is old, so back-patch  
to all supported branches.  
  
Discussion: https://postgr.es/m/CAGz5QCJykEDzW6jQK6Yz7Qh_PMtD=95de_7QoocbVR2Qy8hWZA@mail.gmail.com  

commit   : 16d68007cd7400061bd499b92eb80fbb9798362c    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 6 Jun 2022 11:20:21 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 6 Jun 2022 11:20:21 -0400    

An error PGresult generated by libpq itself, such as a report of  
connection loss, won't have broken-down error fields.  
ecpg_raise_backend() blithely assumed that PG_DIAG_MESSAGE_PRIMARY  
would always be present, and would end up passing a NULL string  
pointer to snprintf when it isn't.  That would typically crash  
before 3779ac62d, and it would fail to provide a useful error report  
in any case.  Best practice is to substitute PQerrorMessage(conn)  
in such cases, so do that.  
  
Per bug #17421 from Masayuki Hirose.  Back-patch to all supported  
branches.  
  
Discussion: https://postgr.es/m/17421-790ff887e3188874@postgresql.org  

commit   : b364cfdfaf6b24e18c8f6017111306259f87c0f4    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Mon, 6 Jun 2022 11:07:27 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Mon, 6 Jun 2022 11:07:27 +0900    

psql --single-transaction is able to handle multiple -c and -f switches  
in a single transaction since d5563d7d, but this had the surprising  
behavior of forcing a transaction COMMIT even if psql failed with an  
error in the client (for example incorrect path given to \copy), which  
would generate an error, but still commit any changes that were already  
applied in the backend.  This commit makes the behavior more consistent,  
by enforcing a transaction ROLLBACK if any commands fail, both  
client-side and backend-side, so as no changes are applied if one error  
happens in any of them.  
  
Some tests are added on HEAD to provide some coverage about all that.  
Backend-side errors are unreliable as IPC::Run can complain on SIGPIPE  
if psql quits before reading a query result, but that should work  
properly in the case where any errors come from psql itself, which is  
what the original report is about.  
  
Reported-by: Christoph Berg  
Author: Kyotaro Horiguchi, Michael Paquier  
Discussion: https://postgr.es/m/17504-76b68018e130415e@postgresql.org  
Backpatch-through: 10  

commit   : 9985139046c3aad4214cdd490e7bcdfefc9290d3    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 3 Jun 2022 13:54:53 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 3 Jun 2022 13:54:53 -0400    

The previous entry invited confusion between what uniq() does  
by itself and what it does when combined with sort().  The latter  
usage is pretty useful so we should show it, but add an additional  
example to clarify the results of uniq() alone.  
  
Per suggestion from Martin Kalcher.  Back-patch to v13, where  
we switched to formatting that supports multiple examples.  
  
Discussion: https://postgr.es/m/165407884456.573551.8779012279828726162@wrigleys.postgresql.org  

commit   : 54299b9ce7ccea885c06d6833ec04b3b06a82788    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 3 Jun 2022 11:51:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 3 Jun 2022 11:51:37 -0400    

Will Mortensen (minor additional copy-editing by me)  
  
Discussion: https://postgr.es/m/CAMpnoC5Y6jiZHSA82FG+e_AqkwMg-i94EYqs1C_9kXXFc3_3Yw@mail.gmail.com  

commit   : de61a9cbaa95662b31e673a0a22696946c95ba38    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 2 Jun 2022 18:00:03 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 2 Jun 2022 18:00:03 +0900    

This patch fixes the partitioning synopsis in the Parameters section in  
the CREATE FOREIGN TABLE documentation.  Follow-up for commit ce21a36cf.  
  
Back-patch to v11 where default partition was introduced.  
  
Reviewed by Amit Langote and Robert Haas.  
  
Discussion: https://postgr.es/m/CAPmGK17U5jEqVZuo3r38wB0VFWomEtJCBGn_h92HQzQ2sP-49Q%40mail.gmail.com  

commit   : 60ca2e8418a14b531f684723d08639997afc0d6f    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 1 Jun 2022 17:21:45 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 1 Jun 2022 17:21:45 -0400    

Since a117cebd6, some older gcc versions issue "variable may be used  
uninitialized in this function" complaints for brin_summarize_range.  
Silence that using the same coding pattern as in bt_index_check_internal;  
arguably, a117cebd6 had too narrow a view of which compilers might give  
trouble.  
  
Nathan Bossart and Tom Lane.  Back-patch as the previous commit was.  
  
Discussion: https://postgr.es/m/20220601163537.GA2331988@nathanxps13  

commit   : eeac7dd9ff76ee7ea1feb2dd6004c5d92c6caca5    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 1 Jun 2022 16:15:47 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 1 Jun 2022 16:15:47 -0400    

Perl 5.36 has reclassified the warning condition that this test  
case used, so that the expected error fails to appear.  Tweak  
the test so it instead exercises a case that's handled the same  
way in all Perl versions of interest.  
  
This appears to meet our standards for back-patching into  
out-of-support branches: it changes no user-visible behavior  
but enables testing of old branches with newer tools.  
Hence, back-patch as far as 9.2.  
  
Dagfinn Ilmari Mannsåker, per report from Jitka Plesníková.  
  
Discussion: https://postgr.es/m/564579.1654093326@sss.pgh.pa.us  

commit   : e6bd7aafc82d5f7ae1cb4bf15ce47d2ad12e5dd3    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Wed, 1 Jun 2022 12:46:54 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Wed, 1 Jun 2022 12:46:54 +1200    

The PostgreSQL limitations section of the documents mentioned the limit  
on the number of columns that can exist in a table.  Users might be  
surprised to find that there's also a limit on the number of columns that  
can exist in a targetlist.  Users may experience restrictions which  
surprise them if they happened to select a large number of columns from  
several tables with many columns.  Here we document that there is a  
limitation on this and mention what that limit actually is.  
  
Wording proposal by Alvaro Herrera  
  
Reported-by: Vladimir Sitnikov  
Author: Dave Crammer  
Reviewed-by: Tom Lane  
Discussion: https://postgr.es/m/CAB=Je-E18aTYpNqje4mT0iEADpeGLSzwUvo3H9kRRuDdsNo4aQ@mail.gmail.com  
Backpatch-through: 12, where the limitations section was added  

commit   : c73748b68a0e5f80d9014af748b194f728a074d3    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 31 May 2022 14:47:44 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 31 May 2022 14:47:44 -0400    

We hadn't noticed this because (a) few people feed invalid  
timezone abbreviation files to the server, and (b) in typical  
scenarios guc.c would throw ereport(ERROR) and then transaction  
abort handling would silently clean up the leaked file reference.  
However, it was possible to observe file leakage warnings if one  
breaks an already-active abbreviation file, because guc.c does  
not throw ERROR when loading supposedly-validated settings during  
session start or SIGHUP processing.  
  
Report and fix by Kyotaro Horiguchi (cosmetic adjustments by me)  
  
Discussion: https://postgr.es/m/20220530.173740.748502979257582392.horikyota.ntt@gmail.com  

commit   : cbd4c5a183521729eb652138eebd2d2a38bdeca5    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 31 May 2022 12:14:02 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 31 May 2022 12:14:02 -0400    

runtime.sgml contains a passing reference to the minimum server  
version that pg_dump[all] can dump from.  That was 7.0 for many  
years, but when 64f3524e2 raised it to 8.0, we missed updating this  
bit.  Then when 30e7c175b raised it to 9.2, we missed it again.  
  
Given that track record, I'm not too hopeful that we'll remember  
to fix this in future changes ... but for now, make the docs match  
reality in each branch.  
  
Noted by Daniel Westermann.  
  
Discussion: https://postgr.es/m/GV0P278MB041917EB3E2FE8704B5AE2C6D2DC9@GV0P278MB0419.CHEP278.PROD.OUTLOOK.COM  

commit   : 938548b7545857153190d6509289348051de4892    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Mon, 30 May 2022 10:50:38 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Mon, 30 May 2022 10:50:38 +0900    

The information generated when track_activities is accessible to  
superusers, roles with the privileges of pg_read_all_stats, as well as  
roles one has the privileges of.  The original text did not outline the  
last point, while the change done in ac1ae47 was unclear about the  
second point.  
  
Per discussion with Nathan Bossart.  
  
Discussion: https://postgr.es/m/20220521185743.GA886636@nathanxps13  
Backpatch-through: 10  

commit   : 1e6802990cdd223ac9d175cd804d6a475aebe5b6    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Sat, 28 May 2022 12:12:51 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Sat, 28 May 2022 12:12:51 +0900    

If a short description is specified as NULL in one of the various  
DefineCustomXXXVariable() functions available to external modules to  
define a custom parameter, SHOW ALL would crash.  This change teaches  
SHOW ALL to properly handle NULL short descriptions, as well as any code  
paths that manipulate it, to gain in flexibility.  Note that  
help_config.c was already able to do that, when describing a set of GUCs  
for postgres --describe-config.  
  
Author: Steve Chavez  
Reviewed by: Nathan Bossart, Andres Freund, Michael Paquier, Tom Lane  
Discussion: https://postgr.es/m/CAGRrpzY6hO-Kmykna_XvsTv8P2DshGiU6G3j8yGao4mk0CqjHA%40mail.gmail.com  
Backpatch-through: 10  

commit   : 9e3dbc6fd9a38cd7c72289f7facd639976484e45    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 26 May 2022 14:14:05 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 26 May 2022 14:14:05 -0400    

Commits a59c79564 et al. tried to sync libpq's SSL key file  
permissions checks with what we've used for years in the backend.  
We did not intend to create any new failure cases, but it turns out  
we did: restricting the key file's ownership breaks cases where the  
client is allowed to read a key file despite not having the identical  
UID.  In particular a client running as root used to be able to read  
someone else's key file; and having seen that I suspect that there are  
other, less-dubious use cases that this restriction breaks on some  
platforms.  
  
We don't really need an ownership check, since if we can read the key  
file despite its having restricted permissions, it must have the right  
ownership --- under normal conditions anyway, and the point of this  
patch is that any additional corner cases where that works should be  
deemed allowable, as they have been historically.  Hence, just drop  
the ownership check, and rearrange the permissions check to get rid  
of its faulty assumption that geteuid() can't be zero.  (Note that the  
comparable backend-side code doesn't have to cater for geteuid() == 0,  
since the server rejects that very early on.)  
  
This does have the end result that the permissions safety check used  
for a root user's private key file is weaker than that used for  
anyone else's.  While odd, root really ought to know what she's doing  
with file permissions, so I think this is acceptable.  
  
Per report from Yogendra Suralkar.  Like the previous patch,  
back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/MW3PR15MB3931DF96896DC36D21AFD47CA3D39@MW3PR15MB3931.namprd15.prod.outlook.com  

commit   : 036cffbcae9b8e1b8a17ebe5203cb596f82b5989    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Thu, 26 May 2022 12:55:00 -0400    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Thu, 26 May 2022 12:55:00 -0400    

Foreign tables can be partitioned, but previous documentation commits  
left the syntax synopsis both incomplete and incorrect.  
  
Justin Pryzby and Amit Langote  
  
Discussion: http://postgr.es/m/20220521130922.GX19626@telsasoft.com  

commit   : fefd5463173a6ca598ae206b13a505297d9efecb    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 21 May 2022 14:45:58 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 21 May 2022 14:45:58 -0400    

ruleutils.c was coded to suppress the AS label for a SELECT output  
expression if the column name is "?column?", which is the parser's  
fallback if it can't think of something better.  This is fine, and  
avoids ugly clutter, so long as (1) nothing further up in the parse  
tree relies on that column name or (2) the same fallback would be  
assigned when the rule or view definition is reloaded.  Unfortunately  
(2) is far from certain, both because ruleutils.c might print the  
expression in a different form from how it was originally written  
and because FigureColname's rules might change in future releases.  
So we shouldn't rely on that.  
  
Detecting exactly whether there is any outer-level use of a SELECT  
column name would be rather expensive.  This patch takes the simpler  
approach of just passing down a flag indicating whether there *could*  
be any outer use; for example, the output column names of a SubLink  
are not referenceable, and we also do not care about the names exposed  
by the right-hand side of a setop.  This is sufficient to suppress  
unwanted clutter in all but one case in the regression tests.  That  
seems like reasonable evidence that it won't be too much in users'  
faces, while still fixing the cases we need to fix.  
  
Per bug #17486 from Nicolas Lutic.  This issue is ancient, so  
back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/17486-1ad6fd786728b8af@postgresql.org  

commit   : bb60f25755d43e039913464c1e0bb38aab1d317f    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Sat, 21 May 2022 19:06:01 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Sat, 21 May 2022 19:06:01 +0900    

The description of track_activities mentioned that it is visible to  
superusers and that the information related to the current session can  
be seen, without telling about pg_read_all_stats.  Roles that are  
granted the privileges of pg_read_all_stats can also see this  
information, so mention it in the docs.  
  
Author: Ian Barwick  
Reviewed-by: Nathan Bossart  
Discussion: https://postgr.es/m/CAB8KJ=jhPyYFu-A5r-ZGP+Ax715mUKsMxAGcEQ9Cx_mBAmrPow@mail.gmail.com  
Backpatch-through: 10  

commit   : 3753a169e110bfedd1c7eef5159d3a5c05cd881e    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 20 May 2022 18:52:55 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 20 May 2022 18:52:55 +0200    

When an implicit operator family is created, it wasn't getting reported.  
Make it do so.  
  
This has always been missing.  Backpatch to 10.  
  
Author: Masahiko Sawada <sawada.mshk@gmail.com>  
Reported-by: Leslie LEMAIRE <leslie.lemaire@developpement-durable.gouv.fr>  
Reviewed-by: Amit Kapila <amit.kapila16@gmail.com>  
Reviewed-by: Michael Paquiër <michael@paquier.xyz>  
Discussion: https://postgr.es/m/f74d69e151b22171e8829551b1159e77@developpement-durable.gouv.fr  

commit   : 99867e7277229bb234f369a14f100148171d2276    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 20 May 2022 17:52:16 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 20 May 2022 17:52:16 +0200    

A new plpgsql test function was added in 14 and up to cover for a bugfix  
that was not backpatchable.  We can add it to older versions as a way to  
cover other bits of DDL event triggers, with an exception clause to  
avoid the problematic corner case.  
  
Originally authored by Michaël Paquier.  
  
Backpatch: 10 through 13.  
  
Discussion: https://postgr.es/m/202205201523.7m5jbfvyanmj@alvherre.pgsql  

commit   : 227c180efe125d6eeba34ab82539e71614f2d13d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 19 May 2022 18:36:07 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 19 May 2022 18:36:07 -0400    

The documentation didn't specify the name of the per-user service file  
on Windows, and extrapolating from the pattern used for other config  
files gave the wrong answer.  The fact that it isn't consistent with the  
others sure seems like a bug, but it's far too late to change that now;  
we'd just penalize people who worked it out in the past.  So, simply  
document the true state of affairs.  
  
In passing, fix some gratuitous differences between the discussions  
of the service file and the password file.  
  
Julien Rouhaud, per question from Dominique Devienne.  
  
Backpatch to all supported branches.  I (tgl) also chose to back-patch  
the part of commit ba356a397 that touched libpq.sgml's description of  
the service file --- in hindsight, I'm not sure why I didn't do so at  
the time, as it includes some fairly essential information.  
  
Discussion: https://postgr.es/m/CAFCRh-_mdLrh8eYVzhRzu4c8bAFEBn=rwoHOmFJcQOTsCy5nig@mail.gmail.com  

commit   : 5fd0cccc116b248be615f5a7cd35b5d46c0589d1    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 19 May 2022 16:20:32 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 19 May 2022 16:20:32 +0200    

This is a slight, convenient semantics change from what commit  
0f0cfb494004 ("Fix parallel operations that prevent oldest xmin from  
advancing") introduced that lets us simplify the coding in the one place  
where it is used.  
  
Backpatch to 13.  This is related to commit 6fea65508a1a ("Tighten  
ComputeXidHorizons' handling of walsenders") rewriting the code site  
where this is used, which has not yet been backpatched, but it may well  
be in the future.  
  
Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>  
Discussion: https://postgr.es/m/202204191637.eldwa2exvguw@alvherre.pgsql  

commit   : 5139db55636bc39c06232ada1b195f7d5d6950e0    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 18 May 2022 23:19:53 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 18 May 2022 23:19:53 +0200    

Commit 0fbf01120023 should have updated them but didn't.  

commit   : 80656f00f85668bb828c1eb878876e5bedcbf4c4    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 18 May 2022 20:28:31 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 18 May 2022 20:28:31 +0200    

We weren't checking the length of the column list in the alias clause of  
an XMLTABLE or JSON_TABLE function (a "tablefunc" RTE), and it was  
possible to make the server crash by passing an overly long one.  Fix it  
by throwing an error in that case, like the other places that deal with  
alias lists.  
  
In passing, modify the equivalent test used for join RTEs to look like  
the other ones, which was different for no apparent reason.  
  
This bug came in when XMLTABLE was born in version 10; backpatch to all  
stable versions.  
  
Reported-by: Wang Ke <krking@zju.edu.cn>  
Discussion: https://postgr.es/m/17480-1c9d73565bb28e90@postgresql.org  

commit   : 2e9559b30239ce3cf69383ced208a72a7eb99335    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Mon, 16 May 2022 11:26:26 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Mon, 16 May 2022 11:26:26 +0900    

If a cluster is promoted (aka the control file shows a state different  
than DB_IN_ARCHIVE_RECOVERY) while CreateRestartPoint() is still  
processing, this function could miss an update of the control file for  
"checkPoint" and "checkPointCopy" but still do the recycling and/or  
removal of the past WAL segments, assuming that the to-be-updated LSN  
values should be used as reference points for the cleanup.  This causes  
a follow-up restart attempting crash recovery to fail with a PANIC on a  
missing checkpoint record if the end-of-recovery checkpoint triggered by  
the promotion did not complete while the cluster abruptly stopped or  
crashed before the completion of this checkpoint.  The PANIC would be  
caused by the redo LSN referred in the control file as located in a  
segment already gone, recycled by the previous restartpoint with  
"checkPoint" out-of-sync in the control file.  
  
This commit fixes the update of the control file during restartpoints so  
as "checkPoint" and "checkPointCopy" are updated even if the cluster has  
been promoted while a restartpoint is running, to be on par with the set  
of WAL segments actually recycled in the end of CreateRestartPoint().  
  
7863ee4 has fixed this problem already on master, but the release timing  
of the latest point versions did not let me enough time to study and fix  
that on all the stable branches.  
  
Reported-by: Fujii Masao, Rui Zhao  
Author: Kyotaro Horiguchi  
Reviewed-by: Nathan Bossart, Michael Paquier  
Discussion: https://postgr.es/m/20220316.102444.2193181487576617583.horikyota.ntt@gmail.com  
Backpatch-through: 10  

commit   : b7579b25c8159bfda7b70c9ec005aae243017563    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 12 May 2022 11:31:46 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 12 May 2022 11:31:46 -0400    

This follows in the footsteps of commit 2591ee8ec by removing one more  
ill-advised shortcut from planning of GroupingFuncs.  It's true that  
we don't intend to execute the argument expression(s) at runtime, but  
we still have to process any Vars appearing within them, or we risk  
failure at setrefs.c time (or more fundamentally, in EXPLAIN trying  
to print such an expression).  Vars in upper plan nodes have to have  
referents in the next plan level, whether we ever execute 'em or not.  
  
Per bug #17479 from Michael J. Sullivan.  Back-patch to all supported  
branches.  
  
Richard Guo  
  
Discussion: https://postgr.es/m/17479-6260deceaf0ad304@postgresql.org  

commit   : 55558df2374167af38534df988ec3b9d0b0019f0    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Wed, 11 May 2022 10:41:24 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Wed, 11 May 2022 10:41:24 +0530    

The problem is that we don't send keep-alive messages for a long time  
while processing large transactions during logical replication where we  
don't send any data of such transactions. This can happen when the table  
modified in the transaction is not published or because all the changes  
got filtered. We do try to send the keep_alive if necessary at the end of  
the transaction (via WalSndWriteData()) but by that time the  
subscriber-side can timeout and exit.  
  
To fix this we try to send the keepalive message if required after  
processing certain threshold of changes.  
  
Reported-by: Fabrice Chapuis  
Author: Wang wei and Amit Kapila  
Reviewed By: Masahiko Sawada, Euler Taveira, Hou Zhijie, Hayato Kuroda  
Backpatch-through: 10  
Discussion: https://postgr.es/m/CAA5-nLARN7-3SLU_QUxfy510pmrYK6JJb=bk3hcgemAM_pAv+w@mail.gmail.com  

commit   : b9d70ef34b833fd63e3ff9f049dbbcdfda9dc9fe    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Wed, 11 May 2022 10:22:34 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Wed, 11 May 2022 10:22:34 +0900    

The current setup assumes that commands for lz4, zstd and gzip always  
exist by default if not enforced by a user's environment.  However,  
vcpkg, as one example, installs libraries but no binaries, so this  
default setup to assume that a command should always be present would  
cause failures.  This commit improves the detection of such external  
commands as follows:  
* If a ENV value is available, trust the environment/user and use it.  
* If a ENV value is not available, check its execution by looking in the  
current PATH, by launching a simple "$command --version" (that should be  
portable enough).  
** On execution failure, ignore ENV{command}.  
** On execution success, set ENV{command} = "$command".  
  
Note that this new rule applies to gzip, lz4 and zstd but not tar that  
we assume will always exist.  Those commands are set up in the  
environment only when using bincheck and taptest.  The CI includes all  
those commands and I have checked that their setup is correct there.  I  
have also tested this change in a MSVC environment where we have none of  
those commands.  
  
While on it, remove the references to lz4 from the documentation and  
vcregress.pl in ~v13.  --with-lz4 has been added in v14~ so there is no  
point to have this information in these older branches.  
  
Reported-by: Andrew Dunstan  
Reviewed-by: Andrew Dunstan  
Discussion: https://postgr.es/m/14402151-376b-a57a-6d0c-10ad12608e12@dunslane.net  
Backpatch-through: 10  

commit   : af9b967671533965debc9caf3e20fd65a3c71ae4    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 10 May 2022 18:42:02 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 10 May 2022 18:42:02 -0400    

In OpenLDAP 2.5 and later, libldap itself is always thread-safe and  
there's never a libldap_r.  Our existing coding dealt with that  
by assuming it wouldn't find libldap_r if libldap is thread-safe.  
But that rule fails to cope if there are multiple OpenLDAP versions  
visible, as is likely to be the case on macOS in particular.  We'd  
end up using shiny new libldap in the backend and a hoary libldap_r  
in libpq.  
  
Instead, once we've found libldap, check if it's >= 2.5 (by  
probing for a function introduced then) and don't bother looking  
for libldap_r if so.  While one can imagine library setups that  
this'd still give the wrong answer for, they seem unlikely to  
occur in practice.  
  
Per report from Peter Eisentraut.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/fedacd7c-2a38-25c9-e7ff-dea549d0e979@enterprisedb.com  

commit   : 4695fdb40fbb1e977e7e62f7d9af1fa948230d6a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 17:16:30 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 17:16:30 -0400    

commit   : 0c8215c7b6bdf528edab88943438f0db9afad49b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 14:29:53 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 14:29:53 -0400    

Security: CVE-2022-1552  

commit   : 91a3a74c65f4094420b28c393ac1d38af8ae4c4a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 14:15:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 14:15:37 -0400    

The parser code that transformed VALUES from row-oriented to  
column-oriented lists failed if there were zero columns.  
You can't write that straightforwardly (though probably you  
should be able to), but the case can be reached by expanding  
a "tab.*" reference to a zero-column table.  
  
Per bug #17477 from Wang Ke.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/17477-0af3c6ac6b0a6ae0@postgresql.org  

commit   : 7f0754bc4c0a0abadcbe02e886e31305c37a7053    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 11:02:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 11:02:37 -0400    

This reverts commit eafdf9de06e9b60168f5e47cedcfceecdc6d4b5f  
and its back-branch counterparts.  Corey Huinker pointed out that  
we'd discussed this exact change back in 2016 and rejected it,  
on the grounds that there's at least one usage pattern with LIMIT  
where an infinite endpoint can usefully be used.  Perhaps that  
argument needs to be re-litigated, but there's no time left before  
our back-branch releases.  To keep our options open, restore the  
status quo ante; if we do end up deciding to change things, waiting  
one more quarter won't hurt anything.  
  
Rather than just doing a straight revert, I added a new test case  
demonstrating the usage with LIMIT.  That'll at least remind us of  
the issue if we forget again.  
  
Discussion: https://postgr.es/m/3603504.1652068977@sss.pgh.pa.us  
Discussion: https://postgr.es/m/CADkLM=dzw0Pvdqp5yWKxMd+VmNkAMhG=4ku7GnCZxebWnzmz3Q@mail.gmail.com  

commit   : 88743d581e1bdedc13e4ca33c5a6597a5d2dbdc4    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Mon, 9 May 2022 08:35:08 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Mon, 9 May 2022 08:35:08 -0700    

It intended to, but did not, achieve this.  Adopt the new standard of  
setting user ID just after locking the relation.  Back-patch to v10 (all  
supported versions).  
  
Reviewed by Simon Riggs.  Reported by Alvaro Herrera.  
  
Security: CVE-2022-1552  

commit   : 35edcc0cee7bf7d4746e3e5b7966b1f0ec509560    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Mon, 9 May 2022 08:35:08 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Mon, 9 May 2022 08:35:08 -0700    

When a feature enumerates relations and runs functions associated with  
all found relations, the feature's user shall not need to trust every  
user having permission to create objects.  BRIN-specific functionality  
in autovacuum neglected to account for this, as did pg_amcheck and  
CLUSTER.  An attacker having permission to create non-temp objects in at  
least one schema could execute arbitrary SQL functions under the  
identity of the bootstrap superuser.  CREATE INDEX (not a  
relation-enumerating operation) and REINDEX protected themselves too  
late.  This change extends to the non-enumerating amcheck interface.  
Back-patch to v10 (all supported versions).  
  
Sergey Shinderuk, reviewed (in earlier versions) by Alexander Lakhin.  
Reported by Alexander Lakhin.  
  
Security: CVE-2022-1552  

commit   : 916463773c9b873c3537a735bd09183bb8488d0f    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 9 May 2022 12:27:22 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 9 May 2022 12:27:22 +0200    

Source-Git-URL: https://git.postgresql.org/git/pgtranslation/messages.git  
Source-Git-Hash: 7c8dcb6669ccc6ae33090d02ed92f0bad6ada742  

commit   : 6348e46850681daf1e648fd11cafabbe4aba8597    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Sun, 8 May 2022 17:59:30 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Sun, 8 May 2022 17:59:30 -0700    

f40d362a667 disabled part of 031_recovery_conflict.pl due to instability  
that's not trivial to fix in the back branches. That fixed most of the  
issues. But there was one more failure (on lapwing / REL_10_STABLE).  
  
That failure looks like it might be caused by a genuine problem. Disable the  
test until after the set of releases, to avoid packagers etc potentially  
having to fight with a test failure they can't do anything about.  
  
Discussion: https://postgr.es/m/3447060.1652032749@sss.pgh.pa.us  
Backpatch: 10-14  

commit   : fdaaba15397a71786a8ddcd987e067ab94e2b45c    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 8 May 2022 12:36:38 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 8 May 2022 12:36:38 -0400    

commit   : 4caa85e4f358c8c442fd5855fbc2d80237d3e857    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 7 May 2022 09:12:56 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 7 May 2022 09:12:56 -0700    

Per buildfarm members tadarida, snapper, and kittiwake.  Back-patch to  
v10 (all supported versions).  

commit   : 23213f53ba206f8104ccbac9934190fdbfbfc082    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 7 May 2022 00:33:15 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 7 May 2022 00:33:15 -0700    

Per buildfarm members snapper and kittiwake.  Back-patch to v10 (all  
supported versions).  
  
Discussion: https://postgr.es/m/20220116210241.GC756210@rfd.leadboat.com  

commit   : 4e39957e6eb52887c2d631e9edf08a07c306ec9f    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Fri, 6 May 2022 09:01:08 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Fri, 6 May 2022 09:01:08 -0700    

The recovery deadlock test has a timing issue that was fixed in 5136967f1eb in  
HEAD. Unfortunately the same fix doesn't quite work in the back branches: 1)  
adjust_conf() doesn't exist, which is easy enough to work around 2) a restart  
cleares the recovery conflict stats < 15.  
  
These issues can be worked around, but given the upcoming set of minor  
releases, skip the problematic test for now. The buildfarm doesn't show  
failures in other parts of 031_recovery_conflict.pl.  
  
Discussion: https://postgr.es/m/20220506155827.dfnaheq6ufylwrqf@alap3.anarazel.de  
Backpatch: 10-14  

commit   : 6ab90d215afcec4c8d6583cb359ee0c1c1530a20    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Fri, 6 May 2022 08:39:07 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Fri, 6 May 2022 08:39:07 -0700    

In a2ab9c06ea1 I just backpatched the introduction of pump_until(), without  
changing the existing local definitions (as 6da65a3f9a9). The necessary  
changes seemed more verbose than desirable. However, that leads to warnings,  
as I failed to realize...  
  
Backpatch to all versions containing pump_until() calls before  
f74496dd611 (there's none in 10).  
  
Discussion: https://postgr.es/m/2808491.1651802860@sss.pgh.pa.us  
Discussion: https://postgr.es/m/18b37361-b482-b9d8-f30d-6115cd5ce25c@enterprisedb.com  
Backpatch: 11-14  

commit   : e9735d1af176e73158931a14b5f304a42f94f7d6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 5 May 2022 14:54:53 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 5 May 2022 14:54:53 -0400    

DST law changes in Palestine.  Historical corrections for  
Chile and Ukraine.  

commit   : 27e97d0747ad0b615fd05b468bf09b12de196e44    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 4 May 2022 14:16:41 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 4 May 2022 14:16:41 -0700    

This reverts commit 8a3a8d9f103e360fffc02089810a520e22521ae2.  

commit   : 8a3a8d9f103e360fffc02089810a520e22521ae2    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 4 May 2022 12:50:38 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 4 May 2022 12:50:38 -0700    

Per buildfarm members longfin and skink.  
  
Discussion: https://postgr.es/m/20220413002626.udl7lll7f3o7nre7@alap3.anarazel.de  
Backpatch: 10-  

commit   : 0446d3bf3909247f06de9b8f08a739caf7cc72ca    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:29:35 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:29:35 -0700    

The prior commit showed that the introduction of recovery conflict tests was a  
good idea. Without these tests it's hard to know that the fix didn't break  
something...  
  
031_recovery_conflict.pl was introduced in 9f8a050f68d and extended in  
21e184403bf.  
  
Discussion: https://postgr.es/m/20220413002626.udl7lll7f3o7nre7@alap3.anarazel.de  
Backpatch: 10-14  

commit   : 57c5ad168be1ce9a5e91adb4c576996921cd8627    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:25:00 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:25:00 -0700    

The tests added in 9f8a050f68d failed nearly reliably on FreeBSD in CI, and  
occasionally on the buildfarm. That turns out to be caused not by a bug in the  
test, but by a longstanding bug in recovery conflict handling.  
  
The standby timeout handler, used by ResolveRecoveryConflictWithBufferPin(),  
executed SendRecoveryConflictWithBufferPin() inside a signal handler. A bad  
idea, because the deadlock timeout handler (or a spurious latch set) could  
have interrupted ProcWaitForSignal(). If unlucky that could cause a  
self-deadlock on ProcArrayLock, if the deadlock check is in  
SendRecoveryConflictWithBufferPin()->CancelDBBackends().  
  
To fix, set a flag in StandbyTimeoutHandler(), and check the flag in  
ResolveRecoveryConflictWithBufferPin().  
  
Subsequently the recovery conflict tests will be backpatched.  
  
Discussion: https://postgr.es/m/20220413002626.udl7lll7f3o7nre7@alap3.anarazel.de  
Backpatch: 10-  

commit   : 90abe1e17f9d3f725cf92a3ef43593ec56eaf671    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:09:43 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:09:43 -0700    

These were originally introduced in a2ab9c06ea1 and a2ab9c06ea1, as they are  
needed by a about-to-be-backpatched test.  
  
Discussion: https://postgr.es/m/20220413002626.udl7lll7f3o7nre7@alap3.anarazel.de  
Backpatch: 10-14  

commit   : d85f2bfa09f64e52436e8f05a9e112e160bace65    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Mon, 2 May 2022 16:45:04 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Mon, 2 May 2022 16:45:04 +0900    

commit   : d9cede2c3bfd0739acf294e4e83b36ea9de36b83    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Mon, 25 Apr 2022 15:02:13 -0400    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Mon, 25 Apr 2022 15:02:13 -0400    

For some reason by default the mingw C Runtime takes it upon itself to  
expand program arguments that look like shell globbing characters. That  
has caused much scratching of heads and mis-attribution of the causes of  
some TAP test failures, so stop doing that.  
  
This removes an inconsistency with Windows binaries built with MSVC,  
which have no such behaviour.  
  
Per suggestion from Noah Misch.  
  
Backpatch to all live branches.  
  
Discussion: https://postgr.es/m/20220423025927.GA1274057@rfd.leadboat.com  

commit   : e6440d5007aaa33f946ab63f2c1dfd1ee99e2050    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 21 Apr 2022 17:58:52 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 21 Apr 2022 17:58:52 -0400    

inline_cte() expected to find exactly as many references to the  
target CTE as its cterefcount indicates.  While that should be  
accurate for the tree as emitted by the parser, there are some  
optimizations that occur upstream of here that could falsify it,  
notably removal of unused subquery output expressions.  
  
Trying to make the accounting 100% accurate seems expensive and  
doomed to future breakage.  It's not really worth it, because  
all this code is protecting is downstream assumptions that every  
referenced CTE has a plan.  Let's convert those assertions to  
regular test-and-elog just in case there's some actual problem,  
and then drop the failing assertion.  
  
Per report from Tomas Vondra (thanks also to Richard Guo for  
analysis).  Back-patch to v12 where the faulty code came in.  
  
Discussion: https://postgr.es/m/29196a1e-ed47-c7ca-9be2-b1c636816183@enterprisedb.com  

commit   : 1c60a99dd9a2064125d503227d8f8b17d33dc4ed    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Thu, 21 Apr 2022 09:20:00 -0400    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Thu, 21 Apr 2022 09:20:00 -0400    

Commit b3b4d8e68a moved our perl test modules to a better namespace  
structure, but this has made life hard for people wishing to backpatch  
improvements in the TAP tests. Here we alleviate much of that difficulty  
by implementing the new module names on top of the old modules, mostly  
by using a little perl typeglob aliasing magic, so that we don't have a  
dual maintenance burden. This should work both for the case where a new  
test is backpatched and the case where a fix to an existing test that  
uses the new namespace is backpatched.  
  
Reviewed by Michael Paquier  
  
Per complaint from Andres Freund  
  
Discussion: https://postgr.es/m/20220418141530.nfxtkohefvwnzncl@alap3.anarazel.de  
  
Applied to branches 10 through 14  

commit   : 1272630a249798a0fce6a00383c78f8129434523    
  
author   : Peter Geoghegan <pg@bowt.ie>    
date     : Wed, 20 Apr 2022 17:17:39 -0700    
  
committer: Peter Geoghegan <pg@bowt.ie>    
date     : Wed, 20 Apr 2022 17:17:39 -0700    

CLUSTER sort won't use the datum1 SortTuple field when clustering  
against an index whose leading key is an expression.  This makes it  
unsafe to use the abbreviated keys optimization, which was missed by the  
logic that sets up SortSupport state.  Affected tuplesorts output tuples  
in a completely bogus order as a result (the wrong SortSupport based  
comparator was used for the leading attribute).  
  
This issue is similar to the bug fixed on the master branch by recent  
commit cc58eecc5d.  But it's a far older issue, that dates back to the  
introduction of the abbreviated keys optimization by commit 4ea51cdfe8.  
  
Backpatch to all supported versions.  
  
Author: Peter Geoghegan <pg@bowt.ie>  
Author: Thomas Munro <thomas.munro@gmail.com>  
Discussion: https://postgr.es/m/CA+hUKG+bA+bmwD36_oDxAoLrCwZjVtST2fqe=b4=qZcmU7u89A@mail.gmail.com  
Backpatch: 10-  

commit   : 8275ba773dfe3168115bb3d32728111d9c4becb6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 20 Apr 2022 18:08:15 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 20 Apr 2022 18:08:15 -0400    

Such cases will lead to infinite loops, so they're of no practical  
value.  The numeric variant of generate_series() already threw error  
for this, so borrow its message wording.  
  
Per report from Richard Wesley.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/91B44E7B-68D5-448F-95C8-B4B3B0F5DEAF@duckdblabs.com  

commit   : f583633bc130e8a572e5d29b9c8b2cc48885ecbf    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 19 Apr 2022 23:03:59 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 19 Apr 2022 23:03:59 -0400    

An ALTER FUNCTION command that tried to update both the function's  
proparallel property and its proconfig list failed to do the former,  
because it stored the new proparallel value into a tuple that was  
no longer the interesting one.  Carelessness in 7aea8e4f2.  
  
(I did not bother with a regression test, because the only likely  
future breakage would be for someone to ignore the comment I added  
and add some other field update after the heap_modify_tuple step.  
A test using existing function properties could not catch that.)  
  
Per report from Bryn Llewellyn.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/8AC9A37F-99BD-446F-A2F7-B89AD0022774@yugabyte.com  

commit   : 82d4a17a17508a4e6ff9038d81a7dfb9f19e104a    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Tue, 19 Apr 2022 09:08:05 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Tue, 19 Apr 2022 09:08:05 +0530    

We don't allow to invoke more sync workers once we have reached the sync  
worker limit per subscription. But the check to enforce this also doesn't  
allow to launch an apply worker if it gets restarted.  
  
This code was introduced by commit de43897122 but we caught the problem  
only with the test added by recent commit c91f71b9dc which started failing  
occasionally in the buildfarm.  
  
As per buildfarm.  
Diagnosed-by: Amit Kapila, Masahiko Sawada, Tomas Vondra  
Author: Amit Kapila  
Backpatch-through: 10  
Discussion: https://postgr.es/m/CAH2L28vddB_NFdRVpuyRBJEBWjz4BSyTB=_ektNRH8NJ1jf95g@mail.gmail.com  
	    https://postgr.es/m/f90d2b03-4462-ce95-a524-d91464e797c8@enterprisedb.com  

commit   : 69cefb3fb8377992bd2ad0dce1b33570b3e5244a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 18 Apr 2022 12:16:45 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 18 Apr 2022 12:16:45 -0400    

Don't try to look at the attidentity field of system attributes,  
because they're not there in the TupleDescAttr array.  Sometimes  
this is harmless because we accidentally pick up a zero, but  
otherwise we'll report "no owned sequence found" from an attempt  
to alter a system attribute.  (It seems possible that a SIGSEGV  
could occur, too, though I've not seen it in testing.)  
  
It's not in this function's charter to complain that you can't  
alter a system column, so instead just hard-wire an assumption  
that system attributes aren't identities.  I didn't bother with  
a regression test because the appearance of the bug is very  
erratic.  
  
Per bug #17465 from Roman Zharkov.  Back-patch to all supported  
branches.  (There's not actually a live bug before v12, because  
before that get_attidentity() did the right thing anyway.  
But for consistency I changed the test in the older branches too.)  
  
Discussion: https://postgr.es/m/17465-f2a554a6cb5740d3@postgresql.org  

commit   : a6fc64b9a85e279c5a284c21374edeb857df5252    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Mon, 18 Apr 2022 11:40:18 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Mon, 18 Apr 2022 11:40:18 +0900    

This test, introduced in df86e52, uses a second standby to check that  
it is able to remove correctly RECOVERYHISTORY and RECOVERYXLOG at the  
end of recovery.  This standby uses the archives of the primary to  
restore its contents, with some of the archive's contents coming from  
the first standby previously promoted.  In slow environments, it was  
possible that the test did not check what it should, as the history file  
generated by the promotion of the first standby may not be stored yet on  
the archives the second standby feeds on.  So, it could be possible that  
the second standby selects an incorrect timeline, without restoring a  
history file at all.  
  
This commits adds a wait phase to make sure that the history file  
required by the second standby is archived before this cluster is  
created.  This relies on poll_query_until() with pg_stat_file() and an  
absolute path, something not supported in REL_10_STABLE.  
  
While on it, this adds a new test to check that the history file has  
been restored by looking at the logs of the second standby.  This  
ensures that a RECOVERYHISTORY, whose removal needs to be checked,  
is created in the first place.  This should make the test more robust.  
  
This test has been introduced by df86e52, but it came in light as an  
effect of the bug fixed by acf1dd42, where the extra restore_command  
calls made the test much slower.  
  
Reported-by: Andres Freund  
Discussion: https://postgr.es/m/YlT23IvsXkGuLzFi@paquier.xyz  
Backpatch-through: 11  

commit   : b404513de8579ce29ccb7becbb6e83587352263f    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 16 Apr 2022 17:43:54 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 16 Apr 2022 17:43:54 -0700    

The target failed, tested $PATH binaries, or tested a stale temporary  
installation.  Commit c66b438db62748000700c9b90b585e756dd54141 missed  
this.  Back-patch to v10 (all supported versions).  

commit   : d18c913b786c5ea82f7372c88cf2055050e5176a    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Thu, 14 Apr 2022 11:10:11 -0400    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Thu, 14 Apr 2022 11:10:11 -0400    

The back-patch of commit bbace5697df12398e87ffd9879171c39d27f5b33 had  
the unfortunate effect of changing the layout of PGPROC in the  
back-branches, which could break extensions. This happened because it  
changed the delayChkpt from type bool to type int. So, change it back,  
and add a new bool delayChkptEnd field instead. The new field should  
fall within what used to be padding space within the struct, and so  
hopefully won't cause any extensions to break.  
  
Per report from Markus Wanner and discussion with Tom Lane and others.  
  
Patch originally by me, somewhat revised by Markus Wanner per a  
suggestion from Michael Paquier. A very similar patch was developed  
by Kyotaro Horiguchi, but I failed to see the email in which that was  
posted before writing one of my own.  
  
Discussion: http://postgr.es/m/CA+Tgmoao-kUD9c5nG5sub3F7tbo39+cdr8jKaOVEs_1aBWcJ3Q@mail.gmail.com  
Discussion: http://postgr.es/m/20220406.164521.17171257901083417.horikyota.ntt@gmail.com  

commit   : 2275d044d0849251c5e0fa10ee16c73124731f5c    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Thu, 14 Apr 2022 15:09:36 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Thu, 14 Apr 2022 15:09:36 +0900    

Getting from get_raw_page() an all-zero page is considered as a valid  
case by the buffer manager and it can happen for example when finding a  
corrupted page with zero_damaged_pages enabled (using zero_damaged_pages  
to look at corrupted pages happens), or after a crash when a relation  
file is extended before any WAL for its new data is generated (before a  
vacuum or autovacuum job comes in to do some cleanup).  
  
However, all the functions of pageinspect, as of the index AMs (except  
hash that has its own idea of new pages), heap, the FSM or the page  
header have never worked with all-zero pages, causing various crashes  
when going through the page internals.  
  
This commit changes all the pageinspect functions to be compliant with  
all-zero pages, where the choice is made to return NULL or no rows for  
SRFs when finding a new page.  get_raw_page() still works the same way,  
returning a batch of zeros in the bytea of the page retrieved.  A hard  
error could be used but NULL, while more invasive, is useful when  
scanning relation files in full to get a batch of results for a single  
relation in one query.  Tests are added for all the code paths  
impacted.  
  
Reported-by: Daria Lepikhova  
Author: Michael Paquier  
Discussion: https://postgr.es/m/561e187b-3549-c8d5-03f5-525c14e65bd0@postgrespro.ru  
Backpatch-through: 10