PostgreSQL 14.0 (upcoming) commit log

commit   : 3f712ea6dc40a0c9d5cf96907655343039601473    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Thu, 19 May 2022 17:14:56 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Thu, 19 May 2022 17:14:56 +1200    

Reported-by: Peter Eisentraut  
Discussion: https://postgr.es/m/0635f5aa-4973-8dc2-4e4e-df9fd5778a65@enterprisedb.com  
Backpatch-through: 14, where Memoize was added  

commit   : e8b93c6e2810306887dc8477aab88ae08cf335f9    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 18 May 2022 23:19:53 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 18 May 2022 23:19:53 +0200    

Commit 0fbf01120023 should have updated them but didn't.  

commit   : 94edb85d253e5ae066481e4e369ad9e35dea41b5    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 18 May 2022 20:28:31 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 18 May 2022 20:28:31 +0200    

We weren't checking the length of the column list in the alias clause of  
an XMLTABLE or JSON_TABLE function (a "tablefunc" RTE), and it was  
possible to make the server crash by passing an overly long one.  Fix it  
by throwing an error in that case, like the other places that deal with  
alias lists.  
  
In passing, modify the equivalent test used for join RTEs to look like  
the other ones, which was different for no apparent reason.  
  
This bug came in when XMLTABLE was born in version 10; backpatch to all  
stable versions.  
  
Reported-by: Wang Ke <krking@zju.edu.cn>  
Discussion: https://postgr.es/m/17480-1c9d73565bb28e90@postgresql.org  

commit   : 23c2b76a8322233ce0b2c135c10ad52d48a4a22b    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Mon, 16 May 2022 16:08:37 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Mon, 16 May 2022 16:08:37 +1200    

In order to estimate the cache hit ratio of a Memoize node, one of the  
inputs we require is the estimated number of times the Memoize node will  
be rescanned.  The higher this number, the large the cache hit ratio is  
likely to become.  Unfortunately, the value being passed as the number of  
"calls" to the Memoize was incorrectly using the Nested Loop's  
outer_path->parent->rows instead of outer_path->rows.  This failed to  
account for the fact that the outer_path might be parameterized by some  
upper-level Nested Loop.  
  
This problem could lead to Memoize plans appearing more favorable than  
they might actually be.  It could also lead to extended executor startup  
times when work_mem values were large due to the planner setting overly  
large MemoizePath->est_entries resulting in the Memoize hash table being  
initially made much larger than might be required.  
  
Fix this simply by passing outer_path->rows rather than  
outer_path->parent->rows.  Also, adjust the expected regression test  
output for a plan change.  
  
Reported-by: Pavel Stehule  
Author: David Rowley  
Discussion: https://postgr.es/m/CAFj8pRAMp%3DQsMi6sPQJ4W3hczoFJRvyXHJV3AZAZaMyTVM312Q%40mail.gmail.com  
Backpatch-through: 14, where Memoize was introduced  

commit   : 6dced63b411b920f7d0296337e4b3c8cba3e2e30    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Mon, 16 May 2022 11:26:22 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Mon, 16 May 2022 11:26:22 +0900    

If a cluster is promoted (aka the control file shows a state different  
than DB_IN_ARCHIVE_RECOVERY) while CreateRestartPoint() is still  
processing, this function could miss an update of the control file for  
"checkPoint" and "checkPointCopy" but still do the recycling and/or  
removal of the past WAL segments, assuming that the to-be-updated LSN  
values should be used as reference points for the cleanup.  This causes  
a follow-up restart attempting crash recovery to fail with a PANIC on a  
missing checkpoint record if the end-of-recovery checkpoint triggered by  
the promotion did not complete while the cluster abruptly stopped or  
crashed before the completion of this checkpoint.  The PANIC would be  
caused by the redo LSN referred in the control file as located in a  
segment already gone, recycled by the previous restartpoint with  
"checkPoint" out-of-sync in the control file.  
  
This commit fixes the update of the control file during restartpoints so  
as "checkPoint" and "checkPointCopy" are updated even if the cluster has  
been promoted while a restartpoint is running, to be on par with the set  
of WAL segments actually recycled in the end of CreateRestartPoint().  
  
7863ee4 has fixed this problem already on master, but the release timing  
of the latest point versions did not let me enough time to study and fix  
that on all the stable branches.  
  
Reported-by: Fujii Masao, Rui Zhao  
Author: Kyotaro Horiguchi  
Reviewed-by: Nathan Bossart, Michael Paquier  
Discussion: https://postgr.es/m/20220316.102444.2193181487576617583.horikyota.ntt@gmail.com  
Backpatch-through: 10  

commit   : ac51c9fba5a796ff434c0a7e05a5fd081690b21c    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 12 May 2022 11:31:46 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 12 May 2022 11:31:46 -0400    

This follows in the footsteps of commit 2591ee8ec by removing one more  
ill-advised shortcut from planning of GroupingFuncs.  It's true that  
we don't intend to execute the argument expression(s) at runtime, but  
we still have to process any Vars appearing within them, or we risk  
failure at setrefs.c time (or more fundamentally, in EXPLAIN trying  
to print such an expression).  Vars in upper plan nodes have to have  
referents in the next plan level, whether we ever execute 'em or not.  
  
Per bug #17479 from Michael J. Sullivan.  Back-patch to all supported  
branches.  
  
Richard Guo  
  
Discussion: https://postgr.es/m/17479-6260deceaf0ad304@postgresql.org  

commit   : d6da71fa8f28faa68823e163f318ffb38a7a9a54    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Wed, 11 May 2022 10:51:04 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Wed, 11 May 2022 10:51:04 +0530    

The problem is that we don't send keep-alive messages for a long time  
while processing large transactions during logical replication where we  
don't send any data of such transactions. This can happen when the table  
modified in the transaction is not published or because all the changes  
got filtered. We do try to send the keep_alive if necessary at the end of  
the transaction (via WalSndWriteData()) but by that time the  
subscriber-side can timeout and exit.  
  
To fix this we try to send the keepalive message if required after  
processing certain threshold of changes.  
  
Reported-by: Fabrice Chapuis  
Author: Wang wei and Amit Kapila  
Reviewed By: Masahiko Sawada, Euler Taveira, Hou Zhijie, Hayato Kuroda  
Backpatch-through: 10  
Discussion: https://postgr.es/m/CAA5-nLARN7-3SLU_QUxfy510pmrYK6JJb=bk3hcgemAM_pAv+w@mail.gmail.com  

commit   : ca9e9b08e453523314a3b8e87d1894edb23b6e8d    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Wed, 11 May 2022 10:22:29 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Wed, 11 May 2022 10:22:29 +0900    

The current setup assumes that commands for lz4, zstd and gzip always  
exist by default if not enforced by a user's environment.  However,  
vcpkg, as one example, installs libraries but no binaries, so this  
default setup to assume that a command should always be present would  
cause failures.  This commit improves the detection of such external  
commands as follows:  
* If a ENV value is available, trust the environment/user and use it.  
* If a ENV value is not available, check its execution by looking in the  
current PATH, by launching a simple "$command --version" (that should be  
portable enough).  
** On execution failure, ignore ENV{command}.  
** On execution success, set ENV{command} = "$command".  
  
Note that this new rule applies to gzip, lz4 and zstd but not tar that  
we assume will always exist.  Those commands are set up in the  
environment only when using bincheck and taptest.  The CI includes all  
those commands and I have checked that their setup is correct there.  I  
have also tested this change in a MSVC environment where we have none of  
those commands.  
  
While on it, remove the references to lz4 from the documentation and  
vcregress.pl in ~v13.  --with-lz4 has been added in v14~ so there is no  
point to have this information in these older branches.  
  
Reported-by: Andrew Dunstan  
Reviewed-by: Andrew Dunstan  
Discussion: https://postgr.es/m/14402151-376b-a57a-6d0c-10ad12608e12@dunslane.net  
Backpatch-through: 10  

commit   : 12736e7dc326c404ae0f12ebdf5d1dbb954ec5f6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 10 May 2022 18:42:02 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 10 May 2022 18:42:02 -0400    

In OpenLDAP 2.5 and later, libldap itself is always thread-safe and  
there's never a libldap_r.  Our existing coding dealt with that  
by assuming it wouldn't find libldap_r if libldap is thread-safe.  
But that rule fails to cope if there are multiple OpenLDAP versions  
visible, as is likely to be the case on macOS in particular.  We'd  
end up using shiny new libldap in the backend and a hoary libldap_r  
in libpq.  
  
Instead, once we've found libldap, check if it's >= 2.5 (by  
probing for a function introduced then) and don't bother looking  
for libldap_r if so.  While one can imagine library setups that  
this'd still give the wrong answer for, they seem unlikely to  
occur in practice.  
  
Per report from Peter Eisentraut.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/fedacd7c-2a38-25c9-e7ff-dea549d0e979@enterprisedb.com  

commit   : 0e9cc8c0f3bc411de888a77318d8854ccba90e80    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 17:14:45 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 17:14:45 -0400    

commit   : 0ae1d09575bbadd2e7a9ada5721a88c8ee0b6be3    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 14:29:53 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 14:29:53 -0400    

Security: CVE-2022-1552  

commit   : ab2f783921734a96aa1baf4f3ea165292b62aecf    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 14:15:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 14:15:37 -0400    

The parser code that transformed VALUES from row-oriented to  
column-oriented lists failed if there were zero columns.  
You can't write that straightforwardly (though probably you  
should be able to), but the case can be reached by expanding  
a "tab.*" reference to a zero-column table.  
  
Per bug #17477 from Wang Ke.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/17477-0af3c6ac6b0a6ae0@postgresql.org  

commit   : 9b5797ca54f5ad74740220c1be070eda4c21c82c    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 11:02:36 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 9 May 2022 11:02:36 -0400    

This reverts commit eafdf9de06e9b60168f5e47cedcfceecdc6d4b5f  
and its back-branch counterparts.  Corey Huinker pointed out that  
we'd discussed this exact change back in 2016 and rejected it,  
on the grounds that there's at least one usage pattern with LIMIT  
where an infinite endpoint can usefully be used.  Perhaps that  
argument needs to be re-litigated, but there's no time left before  
our back-branch releases.  To keep our options open, restore the  
status quo ante; if we do end up deciding to change things, waiting  
one more quarter won't hurt anything.  
  
Rather than just doing a straight revert, I added a new test case  
demonstrating the usage with LIMIT.  That'll at least remind us of  
the issue if we forget again.  
  
Discussion: https://postgr.es/m/3603504.1652068977@sss.pgh.pa.us  
Discussion: https://postgr.es/m/CADkLM=dzw0Pvdqp5yWKxMd+VmNkAMhG=4ku7GnCZxebWnzmz3Q@mail.gmail.com  

commit   : 677a494789062ca88e0142a17bedd5415f6ab0aa    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Mon, 9 May 2022 08:35:08 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Mon, 9 May 2022 08:35:08 -0700    

It intended to, but did not, achieve this.  Adopt the new standard of  
setting user ID just after locking the relation.  Back-patch to v10 (all  
supported versions).  
  
Reviewed by Simon Riggs.  Reported by Alvaro Herrera.  
  
Security: CVE-2022-1552  

commit   : ab49ce7c3414ac19e4afb386d7843ce2d2fb8bda    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Mon, 9 May 2022 08:35:08 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Mon, 9 May 2022 08:35:08 -0700    

When a feature enumerates relations and runs functions associated with  
all found relations, the feature's user shall not need to trust every  
user having permission to create objects.  BRIN-specific functionality  
in autovacuum neglected to account for this, as did pg_amcheck and  
CLUSTER.  An attacker having permission to create non-temp objects in at  
least one schema could execute arbitrary SQL functions under the  
identity of the bootstrap superuser.  CREATE INDEX (not a  
relation-enumerating operation) and REINDEX protected themselves too  
late.  This change extends to the non-enumerating amcheck interface.  
Back-patch to v10 (all supported versions).  
  
Sergey Shinderuk, reviewed (in earlier versions) by Alexander Lakhin.  
Reported by Alexander Lakhin.  
  
Security: CVE-2022-1552  

commit   : e5b5a21356233739a552063fa70d4f5b245edb9a    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 9 May 2022 12:26:57 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 9 May 2022 12:26:57 +0200    

Source-Git-URL: https://git.postgresql.org/git/pgtranslation/messages.git  
Source-Git-Hash: b7586f1542a8ffdfd1416e425f55e4e89c9a9505  

commit   : 55e5a5e0fa16dbe023ebdab35628fc73454c1dd4    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Sun, 8 May 2022 17:59:30 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Sun, 8 May 2022 17:59:30 -0700    

f40d362a667 disabled part of 031_recovery_conflict.pl due to instability  
that's not trivial to fix in the back branches. That fixed most of the  
issues. But there was one more failure (on lapwing / REL_10_STABLE).  
  
That failure looks like it might be caused by a genuine problem. Disable the  
test until after the set of releases, to avoid packagers etc potentially  
having to fight with a test failure they can't do anything about.  
  
Discussion: https://postgr.es/m/3447060.1652032749@sss.pgh.pa.us  
Backpatch: 10-14  

commit   : 2867d9b9697ffc34133ad988782ae0af88811c4d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 8 May 2022 12:36:38 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 8 May 2022 12:36:38 -0400    

commit   : e599ea09698ae6ae45bfbb04fbe0bda4e3c04ab0    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 7 May 2022 09:12:56 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 7 May 2022 09:12:56 -0700    

Per buildfarm members tadarida, snapper, and kittiwake.  Back-patch to  
v10 (all supported versions).  

commit   : aca4d561cb9f567537d12d9d8fbc45ae1528bc9d    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 7 May 2022 00:33:15 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 7 May 2022 00:33:15 -0700    

Per buildfarm members snapper and kittiwake.  Back-patch to v10 (all  
supported versions).  
  
Discussion: https://postgr.es/m/20220116210241.GC756210@rfd.leadboat.com  

commit   : f40d362a667f6cf36f17d7565e4d7565fb7910f3    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Fri, 6 May 2022 09:01:08 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Fri, 6 May 2022 09:01:08 -0700    

The recovery deadlock test has a timing issue that was fixed in 5136967f1eb in  
HEAD. Unfortunately the same fix doesn't quite work in the back branches: 1)  
adjust_conf() doesn't exist, which is easy enough to work around 2) a restart  
cleares the recovery conflict stats < 15.  
  
These issues can be worked around, but given the upcoming set of minor  
releases, skip the problematic test for now. The buildfarm doesn't show  
failures in other parts of 031_recovery_conflict.pl.  
  
Discussion: https://postgr.es/m/20220506155827.dfnaheq6ufylwrqf@alap3.anarazel.de  
Backpatch: 10-14  

commit   : 7fa95bb0ac8e98799a98a08006a11feefcb614a6    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Fri, 6 May 2022 08:38:19 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Fri, 6 May 2022 08:38:19 -0700    

In a2ab9c06ea1 I just backpatched the introduction of pump_until(), without  
changing the existing local definitions (as 6da65a3f9a9). The necessary  
changes seemed more verbose than desirable. However, that leads to warnings,  
as I failed to realize...  
  
Backpatch to all versions containing pump_until() calls before  
f74496dd611 (there's none in 10).  
  
Discussion: https://postgr.es/m/2808491.1651802860@sss.pgh.pa.us  
Discussion: https://postgr.es/m/18b37361-b482-b9d8-f30d-6115cd5ce25c@enterprisedb.com  
Backpatch: 11-14  

commit   : 66ca1427a4963012fd565b922d0a67a8a8930d1f    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 5 May 2022 18:27:31 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 5 May 2022 18:27:31 -0400    

As usual, the release notes for other branches will be made by cutting  
these down, but put them up for community review first.  

commit   : 77ee14ed96e94f16f4ff355637d563f29e893bc2    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 5 May 2022 14:54:53 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 5 May 2022 14:54:53 -0400    

DST law changes in Palestine.  Historical corrections for  
Chile and Ukraine.  

commit   : 6e2924b57793d662aa48bc88ac9e97d5d8eb90cf    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 4 May 2022 14:20:24 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 4 May 2022 14:20:24 -0700    

This reverts commit 5136967f1eb194bf7598668f9893b997199935c1.  

commit   : 5136967f1eb194bf7598668f9893b997199935c1    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 4 May 2022 12:50:38 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 4 May 2022 12:50:38 -0700    

Per buildfarm members longfin and skink.  
  
Discussion: https://postgr.es/m/20220413002626.udl7lll7f3o7nre7@alap3.anarazel.de  
Backpatch: 10-  

commit   : f74496dd611ee4d345072b8eff7e7175fb5eb47d    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:26:09 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:26:09 -0700    

The prior commit showed that the introduction of recovery conflict tests was a  
good idea. Without these tests it's hard to know that the fix didn't break  
something...  
  
031_recovery_conflict.pl was introduced in 9f8a050f68d and extended in  
21e184403bf.  
  
Discussion: https://postgr.es/m/20220413002626.udl7lll7f3o7nre7@alap3.anarazel.de  
Backpatch: 10-14  

commit   : 9ab3b2bdbb5dc4ff857685eae5645d7c35839055    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:25:00 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:25:00 -0700    

The tests added in 9f8a050f68d failed nearly reliably on FreeBSD in CI, and  
occasionally on the buildfarm. That turns out to be caused not by a bug in the  
test, but by a longstanding bug in recovery conflict handling.  
  
The standby timeout handler, used by ResolveRecoveryConflictWithBufferPin(),  
executed SendRecoveryConflictWithBufferPin() inside a signal handler. A bad  
idea, because the deadlock timeout handler (or a spurious latch set) could  
have interrupted ProcWaitForSignal(). If unlucky that could cause a  
self-deadlock on ProcArrayLock, if the deadlock check is in  
SendRecoveryConflictWithBufferPin()->CancelDBBackends().  
  
To fix, set a flag in StandbyTimeoutHandler(), and check the flag in  
ResolveRecoveryConflictWithBufferPin().  
  
Subsequently the recovery conflict tests will be backpatched.  
  
Discussion: https://postgr.es/m/20220413002626.udl7lll7f3o7nre7@alap3.anarazel.de  
Backpatch: 10-  

commit   : 5ab8e8014801dd6bc05809e7ba994c013e9ee86b    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:09:42 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Mon, 2 May 2022 18:09:42 -0700    

These were originally introduced in a2ab9c06ea1 and a2ab9c06ea1, as they are  
needed by a about-to-be-backpatched test.  
  
Discussion: https://postgr.es/m/20220413002626.udl7lll7f3o7nre7@alap3.anarazel.de  
Backpatch: 10-14  

commit   : 24c58f7a2a5c762f35ffe8aaa00fa08caeb881fe    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Mon, 2 May 2022 16:45:02 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Mon, 2 May 2022 16:45:02 +0900    

commit   : ebb79024152348227250404fd06c35c56cbc672e    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 28 Apr 2022 15:15:02 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 28 Apr 2022 15:15:02 +0900    

mark_async_capable_plan(), which is called from create_append_plan() to  
determine whether subplans are async-capable, failed to take into  
account that the given subplan created from a given subpath might  
include a gating Result node if the subpath is a SubqueryScanPath or  
ForeignPath, causing a segmentation fault there when the subplan created  
from a SubqueryScanPath includes the Result node, or causing  
ExecAsyncRequest() to throw an error about an unrecognized node type  
when the subplan created from a ForeignPath includes the Result node,  
because in the latter case the Result node was unintentionally  
considered as async-capable, but we don't currently support executing  
Result nodes asynchronously.  Fix by modifying mark_async_capable_plan()  
to disable asynchronous execution in such cases.  Also, adjust code in  
the ProjectionPath case in mark_async_capable_plan(), for consistency  
with other cases, and adjust/improve comments there.  
  
is_async_capable_path() added in commit 27e1f1456, which was rewritten  
to mark_async_capable_plan() in a later commit, has the same issue,  
causing the error at execution mentioned above, so back-patch to v14  
where the aforesaid commit went in.  
  
Per report from Justin Pryzby.  
  
Etsuro Fujita, reviewed by Zhihong Yu and Justin Pryzby.  
  
Discussion: https://postgr.es/m/20220408124338.GK24419%40telsasoft.com  

commit   : 71f394667c824257ddf6e8359cba746e621a2d16    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Mon, 25 Apr 2022 15:02:13 -0400    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Mon, 25 Apr 2022 15:02:13 -0400    

For some reason by default the mingw C Runtime takes it upon itself to  
expand program arguments that look like shell globbing characters. That  
has caused much scratching of heads and mis-attribution of the causes of  
some TAP test failures, so stop doing that.  
  
This removes an inconsistency with Windows binaries built with MSVC,  
which have no such behaviour.  
  
Per suggestion from Noah Misch.  
  
Backpatch to all live branches.  
  
Discussion: https://postgr.es/m/20220423025927.GA1274057@rfd.leadboat.com  

commit   : 75a006beef6c502a16bc4e1c0dc4d67d2cd5de9c    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Mon, 25 Apr 2022 09:14:19 -0400    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Mon, 25 Apr 2022 09:14:19 -0400    

Commit d2d35479796c3510e249d6fc72adbd5df918efbf included a pretty  
extensive set of test cases, and some of them don't work on all  
of our Windows machines. This happens because IPC::Run expands  
its arguments as shell globs on a few machines, but doesn't on most  
of the buildfarm. It might be good to fix that problem systematically  
somehow, but in the meantime, there are enough test cases for this  
commit that it seems OK to just remove the ones that are failing.  
  
Discussion: http://postgr.es/m/3a190754-b2b0-d02b-dcfd-4ec1610ffbcb@dunslane.net  
Discussion: http://postgr.es/m/CA+TgmoYRGUcFBy6VgN0+Pn4f6Wv=2H0HZLuPHqSy6VC8Ba7vdg@mail.gmail.com  

commit   : dff6c77faf0c6bcf1d407dc3ffef9e169166c714    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 23 Apr 2022 12:16:12 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 23 Apr 2022 12:16:12 -0400    

This function looks for a reference to the recursive WITH CTE,  
but it checked only the CTE name not ctelevelsup, so that it could  
seize on a lower CTE that happened to have the same name.  This  
would result in planner failures later, either weird errors such as  
"could not find attribute 2 in subquery targetlist", or crashes  
or assertion failures.  The code also merely Assert'ed that it found  
a matching entry, which is not guaranteed at all by the parser.  
  
Per bugs #17320 and #17318 from Zhiyong Wu.  
Thanks to Kyotaro Horiguchi for investigation.  
  
Discussion: https://postgr.es/m/17320-70e37868182512ab@postgresql.org  
Discussion: https://postgr.es/m/17318-2eb65a3a611d2368@postgresql.org  

commit   : da22ef388a2469c3d7d11a8c97a3c41cc0016f4a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 21 Apr 2022 17:58:52 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 21 Apr 2022 17:58:52 -0400    

inline_cte() expected to find exactly as many references to the  
target CTE as its cterefcount indicates.  While that should be  
accurate for the tree as emitted by the parser, there are some  
optimizations that occur upstream of here that could falsify it,  
notably removal of unused subquery output expressions.  
  
Trying to make the accounting 100% accurate seems expensive and  
doomed to future breakage.  It's not really worth it, because  
all this code is protecting is downstream assumptions that every  
referenced CTE has a plan.  Let's convert those assertions to  
regular test-and-elog just in case there's some actual problem,  
and then drop the failing assertion.  
  
Per report from Tomas Vondra (thanks also to Richard Guo for  
analysis).  Back-patch to v12 where the faulty code came in.  
  
Discussion: https://postgr.es/m/29196a1e-ed47-c7ca-9be2-b1c636816183@enterprisedb.com  

commit   : b235d41d9646c531864ecc680fd9ec5da9217051    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Thu, 21 Apr 2022 07:39:25 -0400    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Thu, 21 Apr 2022 07:39:25 -0400    

Commit b3b4d8e68a moved our perl test modules to a better namespace  
structure, but this has made life hard for people wishing to backpatch  
improvements in the TAP tests. Here we alleviate much of that difficulty  
by implementing the new module names on top of the old modules, mostly  
by using a little perl typeglob aliasing magic, so that we don't have a  
dual maintenance burden. This should work both for the case where a new  
test is backpatched and the case where a fix to an existing test that  
uses the new namespace is backpatched.  
  
Reviewed by Michael Paquier  
  
Per complaint from Andres Freund  
  
Discussion: https://postgr.es/m/20220418141530.nfxtkohefvwnzncl@alap3.anarazel.de  
  
Applied to branches 10 through 14  

commit   : 89d349b0a0239504325e5f63755f3bc1e1742478    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 21 Apr 2022 15:30:02 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 21 Apr 2022 15:30:02 +0900    

Previously, we allowed this, but such triggers might query the table to  
insert into and act differently if the tuples that have already been  
processed and prepared for insertion are not there, so disable it in  
such cases.  
  
Back-patch to v14 where batch insert was added.  
  
Discussion: https://postgr.es/m/CAPmGK16_uPqsmgK0-LpLSUk54_BoK13bPrhxhfjSoSTVz414hA%40mail.gmail.com  

commit   : e4521841a1ee6917633bd28b34496c1627588731    
  
author   : Peter Geoghegan <pg@bowt.ie>    
date     : Wed, 20 Apr 2022 17:17:41 -0700    
  
committer: Peter Geoghegan <pg@bowt.ie>    
date     : Wed, 20 Apr 2022 17:17:41 -0700    

CLUSTER sort won't use the datum1 SortTuple field when clustering  
against an index whose leading key is an expression.  This makes it  
unsafe to use the abbreviated keys optimization, which was missed by the  
logic that sets up SortSupport state.  Affected tuplesorts output tuples  
in a completely bogus order as a result (the wrong SortSupport based  
comparator was used for the leading attribute).  
  
This issue is similar to the bug fixed on the master branch by recent  
commit cc58eecc5d.  But it's a far older issue, that dates back to the  
introduction of the abbreviated keys optimization by commit 4ea51cdfe8.  
  
Backpatch to all supported versions.  
  
Author: Peter Geoghegan <pg@bowt.ie>  
Author: Thomas Munro <thomas.munro@gmail.com>  
Discussion: https://postgr.es/m/CA+hUKG+bA+bmwD36_oDxAoLrCwZjVtST2fqe=b4=qZcmU7u89A@mail.gmail.com  
Backpatch: 10-  

commit   : e346329470081f5919e83b1acb2d0f2442c1fc3d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 20 Apr 2022 18:08:15 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 20 Apr 2022 18:08:15 -0400    

Such cases will lead to infinite loops, so they're of no practical  
value.  The numeric variant of generate_series() already threw error  
for this, so borrow its message wording.  
  
Per report from Richard Wesley.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/91B44E7B-68D5-448F-95C8-B4B3B0F5DEAF@duckdblabs.com  

commit   : 4a66300acd8c788998615ffc077b7d7be57afceb    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Wed, 20 Apr 2022 11:02:35 -0400    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Wed, 20 Apr 2022 11:02:35 -0400    

psql, pg_dump, and pg_amcheck share code to process object name  
patterns like 'foo*.bar*' to match all tables with names starting in  
'bar' that are in schemas starting with 'foo'. Before v14, any number  
of extra name parts were silently ignored, so a command line '\d  
foo.bar.baz.bletch.quux' was interpreted as '\d bletch.quux'.  In v14,  
as a result of commit 2c8726c4b0a496608919d1f78a5abc8c9b6e0868, we  
instead treated this as a request for table quux in a schema named  
'foo.bar.baz.bletch'. That caused problems for people like Justin  
Pryzby who were accustomed to copying strings of the form  
db.schema.table from messages generated by PostgreSQL itself and using  
them as arguments to \d.  
  
Accordingly, revise things so that if an object name pattern contains  
more parts than we're expecting, we throw an error, unless there's  
exactly one extra part and it matches the current database name.  
That way, thisdb.myschema.mytable is accepted as meaning just  
myschema.mytable, but otherdb.myschema.mytable is an error, and so  
is some.random.garbage.myschema.mytable.  
  
Mark Dilger, per report from Justin Pryzby and discussion among  
various people.  
  
Discussion: https://www.postgresql.org/message-id/20211013165426.GD27491%40telsasoft.com  

commit   : 7891a0d5d9fa53a0ba55ff70d77db54c7e50998f    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Wed, 20 Apr 2022 08:48:25 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Wed, 20 Apr 2022 08:48:25 +0530    

We have some streaming tests that rely on the size of changes which can  
fail if there are additional changes like invalidation messages by  
background activity like auto analyze. Avoid such failures by increasing  
autovacuum_naptime to a reasonably high value (1d).  
  
Author: Dilip Kumar  
Backpatch-through: 14  
Discussion: https://postgr.es/m/1958043.1650129119@sss.pgh.pa.us  

commit   : 08a9e7a8c7917233926802aaea94a5529a747a50    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 19 Apr 2022 23:03:59 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 19 Apr 2022 23:03:59 -0400    

An ALTER FUNCTION command that tried to update both the function's  
proparallel property and its proconfig list failed to do the former,  
because it stored the new proparallel value into a tuple that was  
no longer the interesting one.  Carelessness in 7aea8e4f2.  
  
(I did not bother with a regression test, because the only likely  
future breakage would be for someone to ignore the comment I added  
and add some other field update after the heap_modify_tuple step.  
A test using existing function properties could not catch that.)  
  
Per report from Bryn Llewellyn.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/8AC9A37F-99BD-446F-A2F7-B89AD0022774@yugabyte.com  

commit   : 7a8d8219ccbf0963f2171ea23e1616ee6a7823ba    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Tue, 19 Apr 2022 20:38:53 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Tue, 19 Apr 2022 20:38:53 +0200    

The new numeric code for extract epoch from interval accidentally  
truncated the DAYS_PER_YEAR value to an integer, leading to results  
that mismatched the floating-point interval_part calculations.  
  
The commit a2da77cdb4661826482ebf2ddba1f953bc74afe4 that introduced  
this actually contains the regression test change that this reverts.  
I suppose this was missed at the time.  
  
Reported-by: Joseph Koshakow <koshy44@gmail.com>  
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>  
Discussion: https://www.postgresql.org/message-id/flat/CAAvxfHd5n%3D13NYA2q_tUq%3D3%3DSuWU-CufmTf-Ozj%3DfrEgt7pXwQ%40mail.gmail.com  

commit   : c9dea58e270236a8d256a686f71f6bab960f0b80    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Tue, 19 Apr 2022 08:54:37 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Tue, 19 Apr 2022 08:54:37 +0530    

We don't allow to invoke more sync workers once we have reached the sync  
worker limit per subscription. But the check to enforce this also doesn't  
allow to launch an apply worker if it gets restarted.  
  
This code was introduced by commit de43897122 but we caught the problem  
only with the test added by recent commit c91f71b9dc which started failing  
occasionally in the buildfarm.  
  
As per buildfarm.  
Diagnosed-by: Amit Kapila, Masahiko Sawada, Tomas Vondra  
Author: Amit Kapila  
Backpatch-through: 10  
Discussion: https://postgr.es/m/CAH2L28vddB_NFdRVpuyRBJEBWjz4BSyTB=_ektNRH8NJ1jf95g@mail.gmail.com  
	    https://postgr.es/m/f90d2b03-4462-ce95-a524-d91464e797c8@enterprisedb.com  

commit   : e805735a83f7bb5bfe773b9690f96a52ba2b84b2    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 18 Apr 2022 12:16:45 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 18 Apr 2022 12:16:45 -0400    

Don't try to look at the attidentity field of system attributes,  
because they're not there in the TupleDescAttr array.  Sometimes  
this is harmless because we accidentally pick up a zero, but  
otherwise we'll report "no owned sequence found" from an attempt  
to alter a system attribute.  (It seems possible that a SIGSEGV  
could occur, too, though I've not seen it in testing.)  
  
It's not in this function's charter to complain that you can't  
alter a system column, so instead just hard-wire an assumption  
that system attributes aren't identities.  I didn't bother with  
a regression test because the appearance of the bug is very  
erratic.  
  
Per bug #17465 from Roman Zharkov.  Back-patch to all supported  
branches.  (There's not actually a live bug before v12, because  
before that get_attidentity() did the right thing anyway.  
But for consistency I changed the test in the older branches too.)  
  
Discussion: https://postgr.es/m/17465-f2a554a6cb5740d3@postgresql.org  

commit   : 8bcf90c7a67caf3009d7e529e15266cfd833c573    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Mon, 18 Apr 2022 11:40:14 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Mon, 18 Apr 2022 11:40:14 +0900    

This test, introduced in df86e52, uses a second standby to check that  
it is able to remove correctly RECOVERYHISTORY and RECOVERYXLOG at the  
end of recovery.  This standby uses the archives of the primary to  
restore its contents, with some of the archive's contents coming from  
the first standby previously promoted.  In slow environments, it was  
possible that the test did not check what it should, as the history file  
generated by the promotion of the first standby may not be stored yet on  
the archives the second standby feeds on.  So, it could be possible that  
the second standby selects an incorrect timeline, without restoring a  
history file at all.  
  
This commits adds a wait phase to make sure that the history file  
required by the second standby is archived before this cluster is  
created.  This relies on poll_query_until() with pg_stat_file() and an  
absolute path, something not supported in REL_10_STABLE.  
  
While on it, this adds a new test to check that the history file has  
been restored by looking at the logs of the second standby.  This  
ensures that a RECOVERYHISTORY, whose removal needs to be checked,  
is created in the first place.  This should make the test more robust.  
  
This test has been introduced by df86e52, but it came in light as an  
effect of the bug fixed by acf1dd42, where the extra restore_command  
calls made the test much slower.  
  
Reported-by: Andres Freund  
Discussion: https://postgr.es/m/YlT23IvsXkGuLzFi@paquier.xyz  
Backpatch-through: 11  

commit   : acd0eb635e859127c456c2166ed9455a1fdac60e    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 16 Apr 2022 17:43:54 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 16 Apr 2022 17:43:54 -0700    

The target failed, tested $PATH binaries, or tested a stale temporary  
installation.  Commit c66b438db62748000700c9b90b585e756dd54141 missed  
this.  Back-patch to v10 (all supported versions).  

commit   : 10520f4346876aad4941797c2255a21bdac74739    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Thu, 14 Apr 2022 11:10:07 -0400    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Thu, 14 Apr 2022 11:10:07 -0400    

The back-patch of commit bbace5697df12398e87ffd9879171c39d27f5b33 had  
the unfortunate effect of changing the layout of PGPROC in the  
back-branches, which could break extensions. This happened because it  
changed the delayChkpt from type bool to type int. So, change it back,  
and add a new bool delayChkptEnd field instead. The new field should  
fall within what used to be padding space within the struct, and so  
hopefully won't cause any extensions to break.  
  
Per report from Markus Wanner and discussion with Tom Lane and others.  
  
Patch originally by me, somewhat revised by Markus Wanner per a  
suggestion from Michael Paquier. A very similar patch was developed  
by Kyotaro Horiguchi, but I failed to see the email in which that was  
posted before writing one of my own.  
  
Discussion: http://postgr.es/m/CA+Tgmoao-kUD9c5nG5sub3F7tbo39+cdr8jKaOVEs_1aBWcJ3Q@mail.gmail.com  
Discussion: http://postgr.es/m/20220406.164521.17171257901083417.horikyota.ntt@gmail.com  

commit   : df6bbe73b86cda28472b9ecc61ac2deff5b2837b    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Thu, 14 Apr 2022 15:09:26 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Thu, 14 Apr 2022 15:09:26 +0900    

Getting from get_raw_page() an all-zero page is considered as a valid  
case by the buffer manager and it can happen for example when finding a  
corrupted page with zero_damaged_pages enabled (using zero_damaged_pages  
to look at corrupted pages happens), or after a crash when a relation  
file is extended before any WAL for its new data is generated (before a  
vacuum or autovacuum job comes in to do some cleanup).  
  
However, all the functions of pageinspect, as of the index AMs (except  
hash that has its own idea of new pages), heap, the FSM or the page  
header have never worked with all-zero pages, causing various crashes  
when going through the page internals.  
  
This commit changes all the pageinspect functions to be compliant with  
all-zero pages, where the choice is made to return NULL or no rows for  
SRFs when finding a new page.  get_raw_page() still works the same way,  
returning a batch of zeros in the bytea of the page retrieved.  A hard  
error could be used but NULL, while more invasive, is useful when  
scanning relation files in full to get a batch of results for a single  
relation in one query.  Tests are added for all the code paths  
impacted.  
  
Reported-by: Daria Lepikhova  
Author: Michael Paquier  
Discussion: https://postgr.es/m/561e187b-3549-c8d5-03f5-525c14e65bd0@postgrespro.ru  
Backpatch-through: 10  

commit   : c590e514a90ddc9237a3438efb05be074d43452b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 13 Apr 2022 13:35:02 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 13 Apr 2022 13:35:02 -0400    

heap_fetch() used to have a "keep_buf" parameter that told it to return  
ownership of the buffer pin to the caller after finding that the  
requested tuple TID exists but is invisible to the specified snapshot.  
This was thoughtlessly removed in commit 5db6df0c0, which broke  
heapam_tuple_lock() (formerly EvalPlanQualFetch) because that function  
needs to do more accesses to the tuple even if it's invisible.  The net  
effect is that we would continue to touch the page for a microsecond or  
two after releasing pin on the buffer.  Usually no harm would result;  
but if a different session decided to defragment the page concurrently,  
we could see garbage data and mistakenly conclude that there's no newer  
tuple version to chain up to.  (It's hard to say whether this has  
happened in the field.  The bug was actually found thanks to a later  
change that allowed valgrind to detect accesses to non-pinned buffers.)  
  
The most reasonable way to fix this is to reintroduce keep_buf,  
although I made it behave slightly differently: buffer ownership  
is passed back only if there is a valid tuple at the requested TID.  
In HEAD, we can just add the parameter back to heap_fetch().  
To avoid an API break in the back branches, introduce an additional  
function heap_fetch_extended() in those branches.  
  
In HEAD there is an additional, less obvious API change: tuple->t_data  
will be set to NULL in all cases where buffer ownership is not returned,  
in particular when the tuple exists but fails the time qual (and  
!keep_buf).  This is to defend against any other callers attempting to  
access non-pinned buffers.  We concluded that making that change in back  
branches would be more likely to introduce problems than cure any.  
  
In passing, remove a comment about heap_fetch that was obsoleted by  
9a8ee1dc6.  
  
Per bug #17462 from Daniil Anisimov.  Back-patch to v12 where the bug  
was introduced.  
  
Discussion: https://postgr.es/m/17462-9c98a0f00df9bd36@postgresql.org  

commit   : ea669b8088380cc0bc7c48ab8581ea5fba1c5b4f    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Wed, 13 Apr 2022 21:29:35 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Wed, 13 Apr 2022 21:29:35 +1200    

It's more accurate to say that the query identifier is not shown when  
compute_query_id = regress rather than to say it is hidden.  
  
This change (ebf6c5249) appeared in v14, so it makes sense to backpatch  
this small adjustment to keep the documents consistent between v14 and  
master.  
  
Author: Justin Pryzby  
Discussion: https://postgr.es/m/20220411020336.GB26620@telsasoft.com  
Backpatch-through: 14, where compute_query_id = regress was added  

commit   : e286be5d05311ec060a4359fcbc53eb98b914d42    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Wed, 13 Apr 2022 11:19:34 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Wed, 13 Apr 2022 11:19:34 +1200    

This was made optional in 959f6d6a1.  
  
Author: Justin Pryzby  
Discussion: https://postgr.es/m/20220411020336.GB26620@telsasoft.com  
Backpatch-through: 13, where -B was made optional  

commit   : 8320a34d38e220d99eb24fbd09536b12711fb102    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 12 Apr 2022 18:21:04 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 12 Apr 2022 18:21:04 -0400    

Google seems to like to return textsearch.html for queries about  
GIN and GiST indexes, even though it's not a primary reference  
for either.  It seems likely that that's because those keywords  
appear in the page title.  Since "GIN and GiST Index Types" is  
not a very apposite title for this material anyway, rename the  
section in hopes of stopping that.  
  
Also provide explicit links to the GIN and GiST chapters, to help  
anyone who finds their way to this page regardless.  
  
Per gripe from Jan Piotrowski.  Back-patch to supported branches.  
(Unfortunately Google is likely to continue returning the 9.1  
version of this page, but improving that situation is a matter  
for the www team.)  
  
Discussion: https://postgr.es/m/164978902252.1276550.9330175733459697101@wrigleys.postgresql.org  

commit   : 3a95dfe4025f48fb57262ce590ba397a80a1a7b6    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Wed, 13 Apr 2022 09:16:33 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Wed, 13 Apr 2022 09:16:33 +1200    

It's misleading to call the data directory the "synchronized data  
directory" when discussing a crash scenario when using pg_rewind's  
--no-sync option.  Here we just remove the word "synchronized" to avoid  
any possible confusion.  
  
Author: Justin Pryzby  
Discussion: https://postgr.es/m/20220411020336.GB26620@telsasoft.com  
Backpatch-through: 12, where --no-sync was added  

commit   : a65747b1c787cc85dc59f088543f3d333f310eee    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 6 Apr 2022 17:03:35 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 6 Apr 2022 17:03:35 -0400    

With asserts disabled, late-model clang notices that this variable  
is incremented but never otherwise read.  
  
Discussion: https://postgr.es/m/3171401.1649275153@sss.pgh.pa.us  

commit   : 9a7229948c70945ca6ef0b36adfe61b74f4fdaf5    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 5 Apr 2022 20:44:01 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 5 Apr 2022 20:44:01 -0400    

It's possible for the query that "waits for restart" to complete a  
successful iteration before the postmaster has noticed its SIGKILL'd  
child and begun the restart cycle.  (This is a bit hard to believe  
perhaps, but it's been seen at least twice in the buildfarm, mainly  
on ancient platforms that likely have quirky schedulers.)  
  
To provide a more secure interlock, wait for the other session  
we're using to report that it's been forcibly shut down.  
  
Patch by me, based on a suggestion from Andres Freund.  
Back-patch to v14 where this test case came in.  
  
Discussion: https://postgr.es/m/1801850.1649047827@sss.pgh.pa.us  

commit   : 8803df4ea960117f42f38ee82a74e954e72e0339    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 4 Apr 2022 22:10:07 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 4 Apr 2022 22:10:07 -0400    

The expected backend message after SIGQUIT changed in commit  
7e784d1dc, but we missed updating this test case.  Also, experience  
shows that we might sometimes get "could not send data to server"  
instead of either of the libpq messages the test is looking for.  
  
Per report from Mark Dilger.  Back-patch to v14 where the  
backend message changed.  
  
Discussion: https://postgr.es/m/17BD82D7-49AC-40C9-8204-E7ADD30321A0@enterprisedb.com  

commit   : 32558a8bc3c0035e7b738e47b00ff6b4bfc96da8    
  
author   : Peter Geoghegan <pg@bowt.ie>    
date     : Sat, 2 Apr 2022 09:49:06 -0700    
  
committer: Peter Geoghegan <pg@bowt.ie>    
date     : Sat, 2 Apr 2022 09:49:06 -0700    

Remove circular "25.1.5.1. Multixacts And Wraparound" link that  
references the section that the link itself appears in.  An explanation  
of MultiXactId age appears only a few sentences before the link, so  
there's no question that the link is superfluous at best.  
  
Oversight in commit d5409295.  
  
Author: Peter Geoghegan <pg@bowt.ie>  
Backpatch: 14-  

commit   : d480ae069e6c13dcb719b8c6aaf7a5540196a1b3    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 2 Apr 2022 07:27:26 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 2 Apr 2022 07:27:26 +0200    

accidentally left behind by 4cb658af70027c3544fb843d77b2e84028762747  

commit   : 7a27892750e966998381e6c34cdfec30ac5e3906    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Fri, 1 Apr 2022 17:12:56 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Fri, 1 Apr 2022 17:12:56 +0200    

Do not add OpenSSL dependencies to libpq pkg-config file if OpenSSL is  
not enabled.  Oversight in beff361bc1edc24ee5f8b2073a1e5e4c92ea66eb.  
  
Author: Fabrice Fontaine <fontaine.fabrice@gmail.com>  
Discussion: https://www.postgresql.org/message-id/flat/20220331163759.32665-1-fontaine.fabrice%40gmail.com  

commit   : 9f9489aa2eefeaf4a6517b0b14f8f22938c2e3f3    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 31 Mar 2022 14:29:24 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 31 Mar 2022 14:29:24 -0400    

postgres_fdw would push ORDER BY clauses to the remote side without  
verifying that the sort operator is safe to ship.  Moreover, it failed  
to print a suitable USING clause if the sort operator isn't default  
for the sort expression's type.  The net result of this is that the  
remote sort might not have anywhere near the semantics we expect,  
which'd be disastrous for locally-performed merge joins in particular.  
  
We addressed similar issues in the context of ORDER BY within an  
aggregate function call in commit 7012b132d, but failed to notice  
that query-level ORDER BY was broken.  Thus, much of the necessary  
logic already existed, but it requires refactoring to be usable  
in both cases.  
  
Back-patch to all supported branches.  In HEAD only, remove the  
core code's copy of find_em_expr_for_rel, which is no longer used  
and really should never have been pushed into equivclass.c in the  
first place.  
  
Ronan Dunklau, per report from David Rowley;  
reviews by David Rowley, Ranier Vilela, and myself  
  
Discussion: https://postgr.es/m/CAApHDvr4OeC2DBVY--zVP83-K=bYrTD7F8SZDhN4g+pj2f2S-A@mail.gmail.com  

commit   : 402279afe48d26c6657bec55256bd91d924e4086    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 31 Mar 2022 11:24:26 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 31 Mar 2022 11:24:26 -0400    

Oversight in commit a59c79564.  Back-patch, as that was.  
Noted by Peter Eisentraut.  
  
Discussion: https://postgr.es/m/7f85ef6d-250b-f5ec-9867-89f0b16d019f@enterprisedb.com  

commit   : c5479178441ea68341afa2d2bf41738dabbefc71    
  
author   : Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Thu, 31 Mar 2022 12:03:33 +0200    
  
committer: Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Thu, 31 Mar 2022 12:03:33 +0200    

Commit 61fa6ca79b3 accidentally wrote constrast instead of contrast.  
  
Backpatch-through: 10  
Discussion: https://postgr.es/m/88903179-5ce2-3d4d-af43-7830372bdcb6@enterprisedb.com  

commit   : 637afee327f4690afc3f16fd76123cd4b7af1d95    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Wed, 30 Mar 2022 19:00:02 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Wed, 30 Mar 2022 19:00:02 +0900    

commit   : adc943b4e1fe26c3085e81c65f5b185c7ff0611a    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Tue, 29 Mar 2022 15:36:21 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Tue, 29 Mar 2022 15:36:21 +0200    

This reverts commit 49d9cfc68bf4.  The approach taken by this patch has  
problems, so we'll come up with a radically different fix.  
  
Discussion: https://postgr.es/m/CA+TgmoYcUPL+WOJL2ZzhH=zmrhj0iOQ=iCFM0SuYqBbqZEamEg@mail.gmail.com  

commit   : 6b262f353ef710704a9388d32924b8c10c7e6eaa    
  
author   : Tomas Vondra <tomas.vondra@postgresql.org>    
date     : Mon, 28 Mar 2022 14:27:36 +0200    
  
committer: Tomas Vondra <tomas.vondra@postgresql.org>    
date     : Mon, 28 Mar 2022 14:27:36 +0200    

When dealing with partitioned tables, counters for partitioned tables  
are not updated when modifying child tables. This means autoanalyze may  
not update optimizer statistics for the parent relations, which can  
result in poor plans for some queries.  
  
It's worth documenting this limitation, so that people are aware of it  
and can take steps to mitigate it (e.g. by setting up a script executing  
ANALYZE regularly).  
  
Backpatch to v10. Older branches are affected too, of couse, but we no  
longer maintain those.  
  
Author: Justin Pryzby  
Reviewed-by: Zhihong Yu, Tomas Vondra  
Backpatch-through: 10  
Discussion: https://postgr.es/m/20210913035409.GA10647%40telsasoft.com  

commit   : c1a0d7d1c4b77d978fe93edc0889589148cbad23    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Sun, 27 Mar 2022 21:39:43 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Sun, 27 Mar 2022 21:39:43 -0700    

pg_stat_get_replication_slot() accidentally was marked as non-strict, crashing  
when called with NULL input. As it's already released, introduce an explicit  
NULL check in 14, fix the catalog in HEAD.  
  
Bumps catversion in HEAD.  
  
Discussion: https://postgr.es/m/20220326212432.s5n2maw6kugnpyxw@alap3.anarazel.de  
Backpatch: 14-, where replication slot stats were introduced  

commit   : 6839aa7a6921d133a51e6162b9ee710ab712293d    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 23 Mar 2022 16:38:43 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 23 Mar 2022 16:38:43 -0700    

After closedir() dirent->d_name is not valid anymore. As there alerady are a  
few places relying on the limited lifetime of pg_waldump, do so here as well,  
and just pg_strdup() the string.  
  
The bug was introduced in fc49e24fa69a.  
  
Found by UBSan, run locally.  
  
Backpatch: 11-, like fc49e24fa69 itself.  

commit   : 3f7a59c59b4873a3b39838401d590f9d030a3500    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 27 Mar 2022 12:57:46 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 27 Mar 2022 12:57:46 -0400    

Commit 8c6d30f21 caused this function to fail to set *displen  
in the PS_USE_NONE code path.  If the variable's previous value  
had been negative, that'd lead to a memory clobber at some call  
sites.  We'd managed not to notice due to very thin test coverage  
of such configurations, but this appears to explain buildfarm member  
lorikeet's recent struggles.  
  
Credit to Andrew Dunstan for spotting the problem.  Back-patch  
to v13 where the bug was introduced.  
  
Discussion: https://postgr.es/m/136102.1648320427@sss.pgh.pa.us  

commit   : 27d384441851fe28ced962665632f2d1b914f11b    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Sun, 27 Mar 2022 17:53:51 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Sun, 27 Mar 2022 17:53:51 +0900    

A couple of code paths use the special area on the page passed by the  
function caller, expecting to find some data in it.  However, feeding  
an incorrect page can lead to out-of-bound reads when trying to access  
the page special area (like a heap page that has no special area,  
leading PageGetSpecialPointer() to grab a pointer outside the allocated  
page).  
  
The functions used for hash and btree indexes have some protection  
already against that, while some other functions using a relation OID  
as argument would make sure that the access method involved is correct,  
but functions taking in input a raw page without knowing the relation  
the page is attached to would run into problems.  
  
This commit improves the set of checks used in the code paths of BRIN,  
btree (including one check if a leaf page is found with a non-zero  
level), GIN and GiST to verify that the page given in input has a  
special area size that fits with each access method, which is done  
though PageGetSpecialSize(), becore calling PageGetSpecialPointer().  
  
The scope of the checks done is limited to work with pages that one  
would pass after getting a block with get_raw_page(), as it is possible  
to craft byteas that could bypass existing code paths.  Having too many  
checks would also impact the usability of pageinspect, as the existing  
code is very useful to look at the content details in a corrupted page,  
so the focus is really to avoid out-of-bound reads as this is never a  
good thing even with functions whose execution is limited to  
superusers.  
  
The safest approach could be to rework the functions so as these fetch a  
block using a relation OID and a block number, but there are also cases  
where using a raw page is useful.  
  
Tests are added to cover all the code paths that needed such checks, and  
an error message for hash indexes is reworded to fit better with what  
this commit adds.  
  
Reported-By: Alexander Lakhin  
Author: Julien Rouhaud, Michael Paquier  
Discussion: https://postgr.es/m/16527-ef7606186f0610a1@postgresql.org  
Discussion: https://postgr.es/m/561e187b-3549-c8d5-03f5-525c14e65bd0@postgrespro.ru  
Backpatch-through: 10  

commit   : 0144c9c7e73dc75f9cd5297c7c380d55927beb75    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 26 Mar 2022 14:29:29 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 26 Mar 2022 14:29:29 -0400    

clang 13 with -Wextra warns that "performing pointer subtraction with  
a null pointer has undefined behavior" in the places where freepage.c  
tries to set a relptr variable to constant NULL.  This appears to be  
a compiler bug, but it's unlikely to get fixed instantly.  Fortunately,  
we can work around it by introducing an inline support function, which  
seems like a good change anyway because it removes the macro's existing  
double-evaluation hazard.  
  
Backpatch to v10 where this code was introduced.  
  
Patch by me, based on an idea of Andres Freund's.  
  
Discussion: https://postgr.es/m/48826.1648310694@sss.pgh.pa.us  

commit   : 579cef5faf11b63a312691e086415b37d7888b5a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 25 Mar 2022 14:23:26 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 25 Mar 2022 14:23:26 -0400    

The previous method for doing that was to write zeroes into a  
predetermined set of page locations.  However, there's a roughly  
1-in-64K chance that the existing checksum will match by chance,  
and yesterday several buildfarm animals started to reproducibly  
see that, resulting in test failures because no checksum mismatch  
was reported.  
  
Since the checksum includes the page LSN, test success depends on  
the length of the installation's WAL history, which is affected by  
(at least) the initial catalog contents, the set of locales installed  
on the system, and the length of the pathname of the test directory.  
Sooner or later we were going to hit a chance match, and today is  
that day.  
  
Harden these tests by specifically inverting the checksum field and  
leaving all else alone, thereby guaranteeing that the checksum is  
incorrect.  
  
In passing, fix places that were using seek() to set up for syswrite(),  
a combination that the Perl docs very explicitly warn against.  We've  
probably escaped problems because no regular buffered I/O is done on  
these filehandles; but if it ever breaks, we wouldn't deserve or get  
much sympathy.  
  
Although we've only seen problems in HEAD, now that we recognize the  
environmental dependencies it seems like it might be just a matter  
of time until someone manages to hit this in back-branch testing.  
Hence, back-patch to v11 where we started doing this kind of test.  
  
Discussion: https://postgr.es/m/3192026.1648185780@sss.pgh.pa.us  

commit   : ffd28516e69983d44616451b808b1c9d4f3c2b60    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 25 Mar 2022 13:16:21 +0100    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 25 Mar 2022 13:16:21 +0100    

Crash recovery on standby may encounter missing directories when  
replaying create database WAL records.  Prior to this patch, the standby  
would fail to recover in such a case.  However, the directories could be  
legitimately missing.  Consider a sequence of WAL records as follows:  
  
    CREATE DATABASE  
    DROP DATABASE  
    DROP TABLESPACE  
  
If, after replaying the last WAL record and removing the tablespace  
directory, the standby crashes and has to replay the create database  
record again, the crash recovery must be able to move on.  
  
This patch adds a mechanism similar to invalid-page tracking, to keep a  
tally of missing directories during crash recovery.  If all the missing  
directory references are matched with corresponding drop records at the  
end of crash recovery, the standby can safely continue following the  
primary.  
  
Backpatch to 13, at least for now.  The bug is older, but fixing it in  
older branches requires more careful study of the interactions with  
commit e6d8069522c8, which appeared in 13.  
  
A new TAP test file is added to verify the condition.  However, because  
it depends on commit d6d317dbf615, it can only be added to branch  
master.  I (Álvaro) manually verified that the code behaves as expected  
in branch 14.  It's a bit nervous-making to leave the code uncovered by  
tests in older branches, but leaving the bug unfixed is even worse.  
Also, the main reason this fix took so long is precisely that we  
couldn't agree on a good strategy to approach testing for the bug, so  
perhaps this is the best we can do.  
  
Diagnosed-by: Paul Guo <paulguo@gmail.com>  
Author: Paul Guo <paulguo@gmail.com>  
Author: Kyotaro Horiguchi <horikyota.ntt@gmail.com>  
Author: Asim R Praveen <apraveen@pivotal.io>  
Discussion: https://postgr.es/m/CAEET0ZGx9AvioViLf7nbR_8tH9-=27DN5xWJ2P9-ROH16e4JUA@mail.gmail.com  

commit   : bbace5697df12398e87ffd9879171c39d27f5b33    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Thu, 24 Mar 2022 14:32:24 -0400    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Thu, 24 Mar 2022 14:32:24 -0400    

If TRUNCATE causes some buffers to be invalidated and thus the  
checkpoint does not flush them, TRUNCATE must also ensure that the  
corresponding files are truncated on disk. Otherwise, a replay  
from the checkpoint might find that the buffers exist but have  
the wrong contents, which may cause replay to fail.  
  
Report by Teja Mupparti. Patch by Kyotaro Horiguchi, per a design  
suggestion from Heikki Linnakangas, with some changes to the  
comments by me. Review of this and a prior patch that approached  
the issue differently by Heikki Linnakangas, Andres Freund, Álvaro  
Herrera, Masahiko Sawada, and Tom Lane.  
  
Discussion: http://postgr.es/m/BYAPR06MB6373BF50B469CA393C614257ABF00@BYAPR06MB6373.namprd06.prod.outlook.com  

commit   : 81045e1e1c3370fb7e57c8841b0a7b6aab31831b    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 23 Mar 2022 13:05:59 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 23 Mar 2022 13:05:59 -0700    

Noticed via -fsanitize=undefined. Introduced when a few columns in  
GetConfigOptionByNum() / pg_settings started to be translated in 72be8c29a /  
PG 12.  
  
Backpatch to all affected branches, for the same reasons as 46ab07ffda9.  
  
Discussion: https://postgr.es/m/20220323173537.ll7klrglnp4gn2um@alap3.anarazel.de  
Backpatch: 12-  

commit   : 89a94c24aadd8f40084339ea3d16e2e14fa9f629    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 23 Mar 2022 13:05:25 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 23 Mar 2022 13:05:25 -0700    

Noticed via -fsanitize=undefined.  
  
Backpatch to all branches, for the same reasons as 46ab07ffda9.  
  
Discussion: https://postgr.es/m/20220323173537.ll7klrglnp4gn2um@alap3.anarazel.de  
Backpatch: 10-  

commit   : e52e9bd57f33da1c4a915e24d0a24759a23cb5fd    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 23 Mar 2022 12:43:14 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 23 Mar 2022 12:43:14 -0700    

When building with sanitizers the sanitizer library provides dlopen, but not  
dlsym(), making configure think that -ldl isn't needed. Just checking for  
dlsym() ought to suffice, hard to see dlsym() being provided without dlopen()  
also being provided.  
  
Backpatch to all branches, for the same reasons as 46ab07ffda9.  
  
Reviewed-By: Tom Lane <tgl@sss.pgh.pa.us>  
Discussion: https://postgr.es/m/20220323173537.ll7klrglnp4gn2um@alap3.anarazel.de  
Backpatch: 10-  

commit   : 9814c708c657a9f21fd1a36b5dc0f49ca2d01499    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 23 Mar 2022 19:23:51 +0100    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 23 Mar 2022 19:23:51 +0100    

It seems possible for the condition being tested to be true in  
production, and nobody would never know (except when some data  
eventually becomes corrupt?).  
  
Author: Álvaro Herrera <alvherre@alvh.no-ip.org>  
Discussion: https://postgr.es/m//202109040001.zky3wgv2qeqg@alvherre.pgsql  

commit   : caaeb88ff7ae84a3bbf0ee497a4bda18cf9261cd    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 23 Mar 2022 18:22:10 +0100    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 23 Mar 2022 18:22:10 +0100    

Invalidate abortedRecPtr and missingContrecPtr after a missing  
continuation record is successfully skipped on a standby. This fixes a  
PANIC caused when a recently promoted standby attempts to write an  
OVERWRITE_RECORD with an LSN of the previously read aborted record.  
  
Backpatch to 10 (all stable versions).  
  
Author: Sami Imseih <simseih@amazon.com>  
Reviewed-by: Kyotaro Horiguchi <horikyota.ntt@gmail.com>  
Reviewed-by: Álvaro Herrera <alvherre@alvh.no-ip.org>  
Discussion: https://postgr.es/m/44D259DE-7542-49C4-8A52-2AB01534DCA9@amazon.com  

commit   : cd3a5055f952ca2811e63d86558dd3e1f4147f62    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 23 Mar 2022 14:31:18 +1300    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 23 Mar 2022 14:31:18 +1300    

As commits b700f96c and 3414099c did for the reloptions test, make  
sure VACUUM can always truncate the table as expected.  
  
Back-patch to 12, where vacuum_truncate arrived.  
  
Discussion: https://postgr.es/m/CAD21AoCNoWjYkdEtr%2BVDoF9v__V905AedKZ9iF%3DArgCtrbxZqw%40mail.gmail.com  

commit   : 2d608c9607584a30ff718d2c9f211ef3c692a315    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Tue, 22 Mar 2022 08:22:02 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Tue, 22 Mar 2022 08:22:02 -0700    

When cross-building to windows, or building with mingw on windows, the build  
could fail with  
  x86_64-w64-mingw32-gcc: error: win32ver.o: No such file or director  
because pg_dumpall didn't depend on WIN32RES, but it's recipe references  
it. The build nevertheless succeeded most of the time, due to  
pg_dump/pg_restore having the required dependency, causing win32ver.o to be  
built.  
  
Reported-By: Thomas Munro <thomas.munro@gmail.com>  
Discussion: https://postgr.es/m/CA+hUKGJeekpUPWW6yCVdf9=oBAcCp86RrBivo4Y4cwazAzGPng@mail.gmail.com  
Backpatch: 10-, omission present on all live branches  

commit   : fdb1be4962ca080c007308ddb7163bf76310bb7c    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Tue, 22 Mar 2022 13:21:33 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Tue, 22 Mar 2022 13:21:33 +0900    

This issue is environment-sensitive, where the SSL tests could fail in  
various way by feeding on defaults provided by sslcert, sslkey,  
sslrootkey, sslrootcert, sslcrl and sslcrldir coming from a local setup,  
as of ~/.postgresql/ by default.  Horiguchi-san has reported two  
failures, but more advanced testing from me (aka inclusion of garbage  
SSL configuration in ~/.postgresql/ for all the configuration  
parameters) has showed dozens of failures that can be triggered in the  
whole test suite.  
  
History has showed that we are not good when it comes to address such  
issues, fixing them locally like in dd87799, and such problems keep  
appearing.  This commit strengthens the entire test suite to put an end  
to this set of problems by embedding invalid default values in all the  
connection strings used in the tests.  The invalid values are prefixed  
in each connection string, relying on the follow-up values passed in the  
connection string to enforce any invalid value previously set.  Note  
that two tests related to CRLs are required to fail with certain pre-set  
configurations, but we can rely on enforcing an empty value instead  
after the invalid set of values.  
  
Reported-by: Kyotaro Horiguchi  
Reviewed-by: Andrew Dunstan, Daniel Gustafsson, Kyotaro Horiguchi  
Discussion: https://postgr.es/m/20220316.163658.1122740600489097632.horikyota.ntt@gmail.com  
backpatch-through: 10  

commit   : 48b6035f0f72c312aaa22733cb88f5290f473ac0    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 21 Mar 2022 17:44:29 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 21 Mar 2022 17:44:29 -0400    

The planner needs to treat GroupingFunc like Aggref for many purposes,  
in particular with respect to processing of the argument expressions,  
which are not to be evaluated at runtime.  A few places hadn't gotten  
that memo, notably including subselect.c's processing of outer-level  
aggregates.  This resulted in assertion failures or wrong plans for  
cases in which a GROUPING() construct references an outer aggregation  
level.  
  
Also fix missing special cases for GroupingFunc in cost_qual_eval  
(resulting in wrong cost estimates for GROUPING(), although it's  
not clear that that would affect plan shapes in practice) and in  
ruleutils.c (resulting in excess parentheses in pretty-print mode).  
  
Per bug #17088 from Yaoguang Chen.  Back-patch to all supported  
branches.  
  
Richard Guo, Tom Lane  
  
Discussion: https://postgr.es/m/17088-e33882b387de7f5c@postgresql.org  

commit   : 05ccf974cd75d3a95869c4ce4b96fdbc10e663cf    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 21 Mar 2022 12:22:13 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 21 Mar 2022 12:22:13 -0400    

DROP INDEX needs to lock the index's table before the index itself,  
else it will deadlock against ordinary queries that acquire the  
relation locks in that order.  This is correctly mechanized for  
plain indexes by RangeVarCallbackForDropRelation; but in the case of  
a partitioned index, we neglected to lock the child tables in advance  
of locking the child indexes.  We can fix that by traversing the  
inheritance tree and acquiring the needed locks in RemoveRelations,  
after we have acquired our locks on the parent partitioned table and  
index.  
  
While at it, do some refactoring to eliminate confusion between  
the actual and expected relkind in RangeVarCallbackForDropRelation.  
We can save a couple of syscache lookups too, by having that function  
pass back info that RemoveRelations will need.  
  
Back-patch to v11 where partitioned indexes were added.  
  
Jimmy Yih, Gaurab Dey, Tom Lane  
  
Discussion: https://postgr.es/m/BYAPR05MB645402330042E17D91A70C12BD5F9@BYAPR05MB6454.namprd05.prod.outlook.com  

commit   : a1efc8f8c820a1e94eb26f7c93e4c6f6e9b277d6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 20 Mar 2022 12:39:40 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 20 Mar 2022 12:39:40 -0400    

The example used "TimeoutSec=0", but systemd's documented way to get  
the desired effect is "TimeoutSec=infinity".  
  
Discussion: https://postgr.es/m/164770078557.670.5467111518383664377@wrigleys.postgresql.org  

commit   : c422e8da7ec26f7f43c05b6020fd80fd24d3c8a2    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Sat, 19 Mar 2022 16:37:39 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Sat, 19 Mar 2022 16:37:39 +0900    

This command flavor is supported, but there was nothing in the  
documentation about it.  
  
Author: Yugo Nagata  
Discussion: https://postgr.es/m/20220316133337.5dc9740abfa24c25ec9f67f5@sraoss.co.jp  
Backpatch-through: 10  

commit   : ae8ec7febac1b414681c16022e6c655a62a2540a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 18 Mar 2022 16:01:42 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 18 Mar 2022 16:01:42 -0400    

The output of table_to_xmlschema() and allied functions includes  
a regex describing valid values for these types ... but the regex  
was itself invalid, as it failed to escape a literal "+" sign.  
  
Report and fix by Renan Soares Lopes.  Back-patch to all  
supported branches.  
  
Discussion: https://postgr.es/m/7f6fabaa-3f8f-49ab-89ca-59fbfe633105@me.com  

commit   : 1d072bd2030af0f2eaa522449028ff160f71ebf8    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 17 Mar 2022 18:18:05 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 17 Mar 2022 18:18:05 -0400    

In commit bf7ca1587, I had the bright idea that we could make the  
result of a whole-row Var (that is, foo.*) track any column aliases  
that had been applied to the FROM entry the Var refers to.  However,  
that's not terribly logically consistent, because now the output of  
the Var is no longer of the named composite type that the Var claims  
to emit.  bf7ca1587 tried to handle that by changing the output  
tuple values to be labeled with a blessed RECORD type, but that's  
really pretty disastrous: we can wind up storing such tuples onto  
disk, whereupon they're not readable by other sessions.  
  
The only practical fix I can see is to give up on what bf7ca1587  
tried to do, and say that the column names of tuples produced by  
a whole-row Var are always those of the underlying named composite  
type, query aliases or no.  While this introduces some inconsistencies,  
it removes others, so it's not that awful in the abstract.  What *is*  
kind of awful is to make such a behavioral change in a back-patched  
bug fix.  But corrupt data is worse, so back-patched it will be.  
  
(A workaround available to anyone who's unhappy about this is to  
introduce an extra level of sub-SELECT, so that the whole-row Var is  
referring to the sub-SELECT's output and not to a named table type.  
Then the Var is of type RECORD to begin with and there's no issue.)  
  
Per report from Miles Delahunty.  The faulty commit dates to 9.5,  
so back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/2950001.1638729947@sss.pgh.pa.us  

commit   : 677a1dc0ca0f33220ba1ea8067181a72b4aff536    
  
author   : Tomas Vondra <tomas.vondra@postgresql.org>    
date     : Wed, 16 Mar 2022 16:42:47 +0100    
  
committer: Tomas Vondra <tomas.vondra@postgresql.org>    
date     : Wed, 16 Mar 2022 16:42:47 +0100    

Commit 83fd4532a7 allowed publishing of changes via ancestors, for  
publications defined with publish_via_partition_root. But the way  
the ancestor was determined in get_rel_sync_entry() was incorrect,  
simply updating the same variable. So with multiple publications,  
replicating different ancestors, the outcome depended on the order  
of publications in the list - the value from the last loop was used,  
even if it wasn't the top-most ancestor.  
  
This is a probably rare situation, as in most cases publications do  
not overlap, so each partition has exactly one candidate ancestor  
to replicate as and there's no ambiguity.  
  
Fixed by tracking the "ancestor level" for each publication, and  
picking the top-most ancestor. Adds a test case, verifying the  
correct ancestor is used for publishing the changes and that this  
does not depend on order of publications in the list.  
  
Older releases have another bug in this loop - once all actions are  
replicated, the loop is terminated, on the assumption that inspecting  
additional publications is unecessary. But that misses the fact that  
those additional applications may replicate different ancestors.  
  
Fixed by removal of this break condition. We might still terminate the  
loop in some cases (e.g. when replicating all actions and the ancestor  
is the partition root).  
  
Backpatch to 13, where publish_via_partition_root was introduced.  
  
Initial report and fix by me, test added by Hou zj. Reviews and  
improvements by Amit Kapila.  
  
Author: Tomas Vondra, Hou zj, Amit Kapila  
Reviewed-by: Amit Kapila, Hou zj  
Discussion: https://postgr.es/m/d26d24dd-2fab-3c48-0162-2b7f84a9c893%40enterprisedb.com  

commit   : 7d30f59da714ab25f82f4bc24f30cba1022d8cb9    
  
author   : Alexander Korotkov <akorotkov@postgresql.org>    
date     : Wed, 16 Mar 2022 11:41:18 +0300    
  
committer: Alexander Korotkov <akorotkov@postgresql.org>    
date     : Wed, 16 Mar 2022 11:41:18 +0300    

911e702077 implemented operator class parameters including the signature length  
in ltree.  Previously, the signature length for gist_ltree_ops was 8.  Because  
of bug 911e702077 the default signature length for gist_ltree_ops became 28 for  
ltree 1.1 (where options method is NOT provided) and 8 for ltree 1.2 (where  
options method is provided).  This commit changes the default signature length  
for ltree 1.1 to 8.  
  
Existing gist_ltree_ops indexes might be corrupted in various scenarios.  
Thus, we have to recommend reindexing all the gist_ltree_ops indexes after  
the upgrade.  
  
Reported-by: Victor Yegorov  
Reviewed-by: Tomas Vondra, Tom Lane, Andres Freund, Nikita Glukhov  
Reviewed-by: Andrew Dunstan  
Author: Tomas Vondra, Alexander Korotkov  
Discussion: https://postgr.es/m/17406-71e02820ae79bb40%40postgresql.org  
Discussion: https://postgr.es/m/d80e0a55-6c3e-5b26-53e3-3c4f973f737c%40enterprisedb.com  

commit   : 26e00793980996fada8d61181d45070ce9fee600    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 16 Mar 2022 17:20:24 +1300    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 16 Mar 2022 17:20:24 +1300    

Commands like ALTER TABLE SET TABLESPACE may leave files for the next  
checkpoint to clean up.  If such files are not removed by the time DROP  
TABLESPACE is called, we request a checkpoint so that they are deleted.  
However, there is presently a window before checkpoint start where new  
unlink requests won't be scheduled until the following checkpoint.  This  
means that the checkpoint forced by DROP TABLESPACE might not remove the  
files we expect it to remove, and the following ERROR will be emitted:  
  
	ERROR:  tablespace "mytblspc" is not empty  
  
To fix, add a call to AbsorbSyncRequests() just before advancing the  
unlink cycle counter.  This ensures that any unlink requests forwarded  
prior to checkpoint start (i.e., when ckpt_started is incremented) will  
be processed by the current checkpoint.  Since AbsorbSyncRequests()  
performs memory allocations, it cannot be called within a critical  
section, so we also need to move SyncPreCheckpoint() to before  
CreateCheckPoint()'s critical section.  
  
This is an old bug, so back-patch to all supported versions.  
  
Author: Nathan Bossart <nathandbossart@gmail.com>  
Reported-by: Nathan Bossart <nathandbossart@gmail.com>  
Reviewed-by: Thomas Munro <thomas.munro@gmail.com>  
Reviewed-by: Andres Freund <andres@anarazel.de>  
Discussion: https://postgr.es/m/20220215235845.GA2665318%40nathanxps13  

commit   : dc5b3bdae31690e11839079e15b74ba0df0aa167    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Wed, 16 Mar 2022 12:29:47 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Wed, 16 Mar 2022 12:29:47 +0900    

This caused the function to fail, as the aligned copy of the raw page  
given by the function caller was not saved in the correct memory  
context, which needs to be multi_call_memory_ctx in this case.  
  
Issue introduced by 076f4d9.  
  
Per buildfarm members sifika, mylodon and longfin.  I have reproduced  
that locally with macos.  
  
Discussion: https://postgr.es/m/YjFPOtfCW6yLXUeM@paquier.xyz  
Backpatch-through: 10  

commit   : ea70f6945029b622ea28d53c7a32354d1d033246    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 16 Mar 2022 15:53:28 +1300    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 16 Mar 2022 15:53:28 +1300    

Back-patch to 14.  

commit   : 1396b5c6ed2bf46433c77ad0ce7f1ddaa984c224    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 16 Mar 2022 15:35:42 +1300    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 16 Mar 2022 15:35:42 +1300    

If we run out of space in the checkpointer sync request queue (which is  
hopefully rare on real systems, but common with very small buffer pool),  
we wait for it to drain.  While waiting, we should report that as a wait  
event so that users know what is going on, and also handle postmaster  
death, since otherwise the loop might never terminate if the  
checkpointer has exited.  
  
Back-patch to 12.  Although the problem exists in earlier releases too,  
the code is structured differently before 12 so I haven't gone any  
further for now, in the absence of field complaints.  
  
Reported-by: Andres Freund <andres@anarazel.de>  
Reviewed-by: Andres Freund <andres@anarazel.de>  
Discussion: https://postgr.es/m/20220226213942.nb7uvb2pamyu26dj%40alap3.anarazel.de  

commit   : b61e6214cface3def6241295edadf4eeaf4c884d    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Wed, 16 Mar 2022 11:20:47 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Wed, 16 Mar 2022 11:20:47 +0900    

This commit fixes a set of issues related to the use of the SQL  
functions in this module when the caller is able to pass down raw page  
data as input argument:  
- The page size check was fuzzy in a couple of places, sometimes  
looking after only a sub-range, but what we are looking for is an exact  
match on BLCKSZ.  After considering a few options here, I have settled  
down to do a generalization of get_page_from_raw().  Most of the SQL  
functions already used that, and this is not strictly required if not  
accessing an 8-byte-wide value from a raw page, but this feels safer in  
the long run for alignment-picky environment, particularly if a code  
path begins to access such values.  This also reduces the number of  
strings that need to be translated.  
- The BRIN function brin_page_items() uses a Relation but it did not  
check the access method of the opened index, potentially leading to  
crashes.  All the other functions in need of a Relation already did  
that.  
- Some code paths could fail on elog(), but we should to use ereport()  
for failures that can be triggered by the user.  
  
Tests are added to stress all the cases that are fixed as of this  
commit, with some junk raw pages (\set VERBOSITY ensures that this works  
across all page sizes) and unexpected index types when functions open  
relations.  
  
Author: Michael Paquier, Justin Prysby  
Discussion: https://postgr.es/m/20220218030020.GA1137@telsasoft.com  
Backpatch-through: 10  

commit   : 78c0f85e435bf327dcf2c1aded47b51263b32b82    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 16 Mar 2022 13:37:58 +1300    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 16 Mar 2022 13:37:58 +1300    

The checkpointer shouldn't ignore its latch.  Other backends may be  
waiting for it to drain the request queue.  Hopefully real systems don't  
have a full queue often, but the condition is reached easily when  
shared_buffers is small.  
  
This involves defining a new wait event, which will appear in the  
pg_stat_activity view often due to spread checkpoints.  
  
Back-patch only to 14.  Even though the problem exists in earlier  
branches too, it's hard to hit there.  In 14 we stopped using signal  
handlers for latches on Linux, *BSD and macOS, which were previously  
hiding this problem by interrupting the sleep (though not reliably, as  
the signal could arrive before the sleep begins; precisely the problem  
latches address).  
  
Reported-by: Andres Freund <andres@anarazel.de>  
Reviewed-by: Andres Freund <andres@anarazel.de>  
Discussion: https://postgr.es/m/20220226213942.nb7uvb2pamyu26dj%40alap3.anarazel.de  

commit   : d9f7ad54e552262ee0090e88d5abd3e04fcdeac8    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 16 Mar 2022 11:35:00 +1300    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 16 Mar 2022 11:35:00 +1300    

Since LLVM 14 has stopped changing and is about to be released,  
back-patch the following changes from the master branch:  
  
  e6a7600202105919bffd62b3dfd941f4a94e082b  
  807fee1a39de6bb8184082012e643951abb9ad1d  
  a56e7b66010f330782243de9e25ac2a6596be0e1  
  
Back-patch to 11, where LLVM JIT support came in.  

commit   : 8dcd1c3564f04bc1f71020c150b31deea07b7a95    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 11 Mar 2022 13:47:26 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 11 Mar 2022 13:47:26 -0500    

Commit 8b069ef5d changed this function to look at pg_constraint.conindid  
rather than searching pg_depend.  That was a good performance improvement,  
but it failed to preserve the exact semantics.  The old code would only  
return an index that was "owned by" (internally dependent on) the  
specified constraint, whereas the new code will also return indexes that  
are just referenced by foreign key constraints.  This confuses ALTER  
TABLE, which was implicitly expecting the previous semantics, into  
failing with errors like  
    ERROR:  relation 146621 has multiple clustered indexes  
or  
    ERROR:  "pk_attbl" is not an index for table "atref"  
  
We can fix this without reverting the performance improvement by adding  
a contype check in get_constraint_index().  Another way could be to  
make ALTER TABLE check it, but I'm worried that extension code could  
also have subtle dependencies on the old semantics.  
  
Tom Lane and Japin Li, per bug #17409 from Holly Roberts.  
Back-patch to v14 where the error crept in.  
  
Discussion: https://postgr.es/m/17409-52871dda8b5741cb@postgresql.org  

commit   : 8f091572873c072ff844b0e2e18088ec51e4b03f    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Wed, 9 Mar 2022 14:59:18 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Wed, 9 Mar 2022 14:59:18 +0900    

ALTER ROUTINE triggers the events ddl_command_start and ddl_command_end,  
and DROP ROUTINE triggers sql_drop, ddl_command_start and  
ddl_command_end, but this was not mention on the matrix table.  
  
Reported-by: Leslie Lemaire  
Discussion: https://postgr.es/m/164647533363.646.5802968483136493025@wrigleys.postgresql.org  
Backpatch-through: 11  

commit   : f60bb3e0a9044058a3df1d75bb900e77e51ad4ed    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Fri, 4 Mar 2022 18:53:13 -0800    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Fri, 4 Mar 2022 18:53:13 -0800    

Slow hosts may avoid load-induced, spurious failures by setting  
environment variable PG_TEST_TIMEOUT_DEFAULT to some number of seconds  
greater than 180.  Developers may see faster failures by setting that  
environment variable to some lesser number of seconds.  In tests, write  
$PostgreSQL::Test::Utils::timeout_default wherever the convention has  
been to write 180.  This change raises the default for some briefer  
timeouts.  Back-patch to v10 (all supported versions).  
  
Discussion: https://postgr.es/m/20220218052842.GA3627003@rfd.leadboat.com  

commit   : a008c03dd722f3a9ea44b13ca2cc6066fd90ddc1    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 4 Mar 2022 13:23:58 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 4 Mar 2022 13:23:58 -0500    

pg_regress reported "Unix socket" as the default location whenever  
HAVE_UNIX_SOCKETS is defined.  However, that's not been accurate  
on Windows since 8f3ec75de.  Update this logic to match what libpq  
actually does now.  
  
This is just cosmetic, but still it's potentially misleading.  
Back-patch to v13 where 8f3ec75de came in.  
  
Discussion: https://postgr.es/m/3894060.1646415641@sss.pgh.pa.us  

commit   : 5c9d17e94c5cc0d24c1f0dbfe030000238d65afb    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 3 Mar 2022 19:03:17 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 3 Mar 2022 19:03:17 -0500    

This macro cast the result to BlockNumber after shifting, not before,  
which is the wrong thing.  Per the C spec, the uint16 fields would  
promote to int not unsigned int, so that (for 32-bit int) the shift  
potentially shifts a nonzero bit into the sign position.  I doubt  
there are any production systems where this would actually end with  
the wrong answer, but it is undefined behavior per the C spec, and  
clang's -fsanitize=undefined option reputedly warns about it on some  
platforms.  (I can't reproduce that right now, but the code is  
undeniably wrong per spec.)  It's easy to fix by casting to  
BlockNumber (uint32) in the proper places.  
  
It's been wrong for ages, so back-patch to all supported branches.  
  
Report and patch by Zhihong Yu (cosmetic tweaking by me)  
  
Discussion: https://postgr.es/m/CALNJ-vT9r0DSsAOw9OXVJFxLENoVS_68kJ5x0p44atoYH+H4dg@mail.gmail.com  

commit   : b0bc196e52e606fe0116fb63da20f57fb577745b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 3 Mar 2022 18:13:24 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 3 Mar 2022 18:13:24 -0500    

Most of these are cases where we could call memcpy() or other libc  
functions with a NULL pointer and a zero count, which is forbidden  
by POSIX even though every production version of libc allows it.  
We've fixed such things before in a piecemeal way, but apparently  
never made an effort to try to get them all.  I don't claim that  
this patch does so either, but it gets every failure I observe in  
check-world, using clang 12.0.1 on current RHEL8.  
  
numeric.c has a different issue that the sanitizer doesn't like:  
"ln(-1.0)" will compute log10(0) and then try to assign the  
resulting -Inf to an integer variable.  We don't actually use the  
result in such a case, so there's no live bug.  
  
Back-patch to all supported branches, with the idea that we might  
start running a buildfarm member that tests this case.  This includes  
back-patching c1132aae3 (Check the size in COPY_POINTER_FIELD),  
which previously silenced some of these issues in copyfuncs.c.  
  
Discussion: https://postgr.es/m/CALNJ-vT9r0DSsAOw9OXVJFxLENoVS_68kJ5x0p44atoYH+H4dg@mail.gmail.com  

commit   : 2a1f84636dc335a3edf53a8361ae44bb2ae00093    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 2 Mar 2022 11:57:02 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 2 Mar 2022 11:57:02 -0500    

This change makes libpq apply the same private-key-file ownership  
and permissions checks that we have used in the backend since commit  
9a83564c5.  Namely, that the private key can be owned by either the  
current user or root (with different file permissions allowed in the  
two cases).  This allows system-wide management of key files, which  
is just as sensible on the client side as the server, particularly  
when the client is itself some application daemon.  
  
Sync the comments about this between libpq and the backend, too.  
  
Back-patch of a59c79564 and 50f03473e into all supported branches.  
  
David Steele  
  
Discussion: https://postgr.es/m/f4b7bc55-97ac-9e69-7398-335e212f7743@pgmasters.net  

commit   : ac910bb2328ff107359d009aaf821c01559cef19    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 25 Feb 2022 17:40:21 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 25 Feb 2022 17:40:21 -0500    

Perl can be convinced to execute user-defined code during compilation  
of a plperl function (or at least a plperlu function).  That's not  
such a big problem as long as the activity is confined within the  
Perl interpreter, and it's not clear we could do anything about that  
anyway.  However, if such code tries to use plperl's SPI functions,  
we have a bigger problem.  In the first place, those functions are  
likely to crash because current_call_data->prodesc isn't set up yet.  
In the second place, because it isn't set up, we lack critical info  
such as whether the function is supposed to be read-only.  And in  
the third place, this path allows code execution during function  
validation, which is strongly discouraged because of the potential  
for security exploits.  Hence, reject execution of the SPI functions  
until compilation is finished.  
  
While here, add check_spi_usage_allowed() calls to various functions  
that hadn't gotten the memo about checking that.  I think that perhaps  
plperl_sv_to_literal may have been intentionally omitted on the grounds  
that it was safe at the time; but if so, the addition of transforms  
functionality changed that.  The others are more recently added and  
seem to be flat-out oversights.  
  
Per report from Mark Murawski.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/9acdf918-7fff-4f40-f750-2ffa84f083d2@intellasoft.net  

commit   : 9ff7fd9063ce918e458a643b53eda1cf95f7d115    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Fri, 25 Feb 2022 10:30:05 -0800    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Fri, 25 Feb 2022 10:30:05 -0800    

When opening a WAL file smaller than XLOG_BLCKSZ (e.g. 0 bytes long) while  
determining the wal_segment_size, pg_waldump checked errno, despite errno not  
being set by the short read. Resulting in a bogus error message.  
  
Author: Kyotaro Horiguchi <horikyota.ntt@gmail.com>  
Discussion: https://postgr.es/m/20220214.181847.775024684568733277.horikyota.ntt@gmail.com  
Backpatch: 11-, the bug was introducedin fc49e24fa  

commit   : 7d80e93fb1f1059ba3691b2584bb16992d7d734e    
  
author   : Heikki Linnakangas <heikki.linnakangas@iki.fi>    
date     : Thu, 24 Feb 2022 14:34:06 +0200    
  
committer: Heikki Linnakangas <heikki.linnakangas@iki.fi>    
date     : Thu, 24 Feb 2022 14:34:06 +0200    

If a checkpoint happens during the index build, and the system crashes  
after the checkpoint and the index build have finished, the data written  
to the index before the checkpoint started could be lost. The checkpoint  
won't have fsync'd it, and it won't be replayed at crash recovery either.  
Fix by calling smgrimmedsync() after the index build, just like in B-tree  
index build.  
  
Backpatch to v14 where the sorted GiST index build was introduced.  
  
Reported-by: Melanie Plageman  
Discussion: https://www.postgresql.org/message-id/CAAKRu_ZJJynimxKj5xYBSziL62-iEtPE+fx-B=JzR=jUtP92mw@mail.gmail.com  

commit   : dd7c0597918a6922a43a1f2e7085e6276a6216ec    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 23 Feb 2022 11:10:46 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 23 Feb 2022 11:10:46 -0500    

Commit 3db826bd5 intended that valid_custom_variable_name's  
rules for valid identifiers match those of scan.l.  However,  
I (tgl) had some kind of brain fade and put "_" in the wrong  
list.  
  
Fix by Japin Li, per bug #17415 from Daniel Polski.  
  
Discussion: https://postgr.es/m/17415-ebdb683d7e09a51c@postgresql.org  

commit   : 627c79a1e87d9ec4a8a8a0c5be8564ba74e221ea    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Tue, 22 Feb 2022 10:23:49 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Tue, 22 Feb 2022 10:23:49 +0900    

"regress" is a new mode added to compute_query_id aimed at facilitating  
regression testing when a module computing query IDs is loaded into the  
backend, like pg_stat_statements.  It works the same way as "auto",  
meaning that query IDs are computed if a module enables it, except that  
query IDs are hidden in EXPLAIN outputs to ensure regression output  
stability.  
  
Like any GUCs of the kind (force_parallel_mode, etc.), this new  
configuration can be added to an instance's postgresql.conf, or just  
passed down with PGOPTIONS at command level.  compute_query_id uses an  
enum for its set of option values, meaning that this addition ensures  
ABI compatibility.  
  
Using this new configuration mode allows installcheck-world to pass when  
running the tests on an instance with pg_stat_statements enabled,  
stabilizing the test output while checking the paths doing query ID  
computations.  
  
Reported-by: Anton Melnikov  
Reviewed-by: Julien Rouhaud  
Discussion: https://postgr.es/m/1634283396.372373993@f75.i.mail.ru  
Discussion: https://postgr.es/m/YgHlxgc/OimuPYhH@paquier.xyz  
Backpatch-through: 14  

commit   : 7bbfe5994165aef9e903b1919d625fe87d4f146e    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Sat, 19 Feb 2022 12:27:20 -0800    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Sat, 19 Feb 2022 12:27:20 -0800    

When cleaning up temporary objects during process exit the cleanup could fail  
with:  
  FATAL: cannot fetch toast data without an active snapshot  
  
The bug is caused by RemoveTempRelationsCallback() not setting up a  
snapshot. If an object with toasted catalog data needs to be cleaned up,  
init_toast_snapshot() could fail with the above error.  
  
Most of the time however the the problem is masked due to cached catalog  
snapshots being returned by GetOldestSnapshot(). But dropping an object can  
cause catalog invalidations to be emitted. If no further catalog accesses are  
necessary between the invalidation processing and the next toast datum  
deletion, the bug becomes visible.  
  
It's easy to miss this bug because it typically happens after clients  
disconnect and the FATAL error just ends up in the log.  
  
Luckily temporary table cleanup at the next use of the same temporary schema  
or during DISCARD ALL does not have the same problem.  
  
Fix the bug by pushing a snapshot in RemoveTempRelationsCallback(). Also add  
isolation tests for temporary object cleanup, including objects with toasted  
catalog data.  
  
A future HEAD only commit will add more assertions.  
  
Reported-By: Miles Delahunty  
Author: Andres Freund  
Discussion: https://postgr.es/m/CAOFAq3BU5Mf2TTvu8D9n_ZOoFAeQswuzk7yziAb7xuw_qyw5gw@mail.gmail.com  
Backpatch: 10-  

commit   : 8b5cd373ba033977ef0100f52871dd6b38b7239e    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Sun, 20 Feb 2022 11:48:45 -0500    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Sun, 20 Feb 2022 11:48:45 -0500    

Following migration of Windows buildfarm members running TAP tests to  
use of ucrt64 perl for those tests, special processing for msys perl is  
no longer necessary and so is removed.  
  
Backpatch to release 10  
  
Discussion: https://postgr.es/m/c65a8781-77ac-ea95-d185-6db291e1baeb@dunslane.net  

commit   : 652ff988fbf635c04618803fad06b863bf28bdb9    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Sun, 20 Feb 2022 08:55:06 -0500    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Sun, 20 Feb 2022 08:55:06 -0500    

Commit f1ac4a74de disabled this processing, and as nothing has broken (as  
expected) here we proceed to remove the routine and adjust all the call  
sites.  
  
Backpatch to release 10  
  
Discussion: https://postgr.es/m/0ba775a2-8aa0-0d56-d780-69427cf6f33d@dunslane.net  
Discussion: https://postgr.es/m/20220125023609.5ohu3nslxgoygihl@alap3.anarazel.de  

commit   : 2e30d77a196810f7e9d57709a942b1826fd1bb43    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 17 Feb 2022 22:45:34 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 17 Feb 2022 22:45:34 -0500    

GCC 12 complains that set_stack_base is storing the address of  
a local variable in a long-lived pointer.  This is an entirely  
reasonable warning (indeed, it just helped us find a bug);  
but that behavior is intentional here.  We can work around it  
by using __builtin_frame_address(0) instead of a specific local  
variable; that produces an address a dozen or so bytes different,  
in my testing, but we don't care about such a small difference.  
Maybe someday a compiler lacking that function will start to issue  
a similar warning, but we'll worry about that when it happens.  
  
Patch by me, per a suggestion from Andres Freund.  Back-patch to  
v12, which is as far back as the patch will go without some pain.  
(Recently-established project policy would permit a back-patch as  
far as 9.2, but I'm disinclined to expend the work until GCC 12  
is much more widespread.)  
  
Discussion: https://postgr.es/m/3773792.1645141467@sss.pgh.pa.us  

commit   : a9e186da81d9965789b1a7ab869329eabe3595c3    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Wed, 16 Feb 2022 15:15:02 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Wed, 16 Feb 2022 15:15:02 +0900    

Document that they can be modified using COPY as well.  
  
Back-patch to v11 where commit 3d956d956 added support for COPY in  
postgres_fdw.  

commit   : 04645bbcae72c71e5bf28a7a0c96efa851e13ddb    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Mon, 14 Feb 2022 08:07:46 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Mon, 14 Feb 2022 08:07:46 +0530    

Currently, during UPDATE, the unchanged replica identity key attributes  
are not logged separately because they are getting logged as part of the  
new tuple. But if they are stored externally then the untoasted values are  
not getting logged as part of the new tuple and logical replication won't  
be able to replicate such UPDATEs. So we need to log such attributes as  
part of the old_key_tuple during UPDATE.  
  
Reported-by: Haiying Tang  
Author: Dilip Kumar and Amit Kapila  
Reviewed-by: Alvaro Herrera, Haiying Tang, Andres Freund  
Backpatch-through: 10  
Discussion: https://postgr.es/m/OS0PR01MB611342D0A92D4F4BF26C0F47FB229@OS0PR01MB6113.jpnprd01.prod.outlook.com  

commit   : c76665edce3d4db4e509723e91742569e9f46817    
  
author   : Alexander Korotkov <akorotkov@postgresql.org>    
date     : Mon, 14 Feb 2022 03:26:55 +0300    
  
committer: Alexander Korotkov <akorotkov@postgresql.org>    
date     : Mon, 14 Feb 2022 03:26:55 +0300    

Fix ExecReScanIndexScan() to free the referenced tuples while emptying the  
priority queue.  Backpatch to all supported versions.  
  
Discussion: https://postgr.es/m/CAHqSB9gECMENBQmpbv5rvmT3HTaORmMK3Ukg73DsX5H7EJV7jw%40mail.gmail.com  
Author: Aliaksandr Kalenik  
Reviewed-by: Tom Lane, Alexander Korotkov  
Backpatch-through: 10  

commit   : ae27b1acc43d58badad356a4da8fc0c72d46d7fb    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 12 Feb 2022 13:23:20 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 12 Feb 2022 13:23:20 -0500    

In commit 1f39a1c06 I made PQisBusy consider conn->write_failed, but  
that is now looking like complete brain fade.  In the first place, the  
logic is quite wrong: it ought to be like "and not" rather than "or".  
This meant that once we'd gotten into a write_failed state, PQisBusy  
would always return true, probably causing the calling application to  
iterate its loop until PQconsumeInput returns a hard failure thanks  
to connection loss.  That's not what we want: the intended behavior  
is to return an error PGresult, which the application probably has  
much cleaner support for.  
  
But in the second place, checking write_failed here seems like the  
wrong thing anyway.  The idea of the write_failed mechanism is to  
postpone handling of a write failure until we've read all we can from  
the server; so that flag should not interfere with input-processing  
behavior.  (Compare 7247e243a.)  What we *should* check for is  
status = CONNECTION_BAD, ie, socket already closed.  (Most places that  
close the socket don't touch asyncStatus, but they do reset status.)  
This primarily ensures that if PQisBusy() returns true then there is  
an open socket, which is assumed by several call sites in our own  
code, and probably other applications too.  
  
While at it, fix a nearby thinko in libpq's my_sock_write: we should  
only consult errno for res < 0, not res == 0.  This is harmless since  
pqsecure_raw_write would force errno to zero in such a case, but it  
still could confuse readers.  
  
Noted by Andres Freund.  Backpatch to v12 where 1f39a1c06 came in.  
  
Discussion: https://postgr.es/m/20220211011025.ek7exh6owpzjyudn@alap3.anarazel.de  

commit   : 277e744ae176ef8e411a9e6c5b2e649322ee6bdd    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 11 Feb 2022 15:23:52 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 11 Feb 2022 15:23:52 -0500    

createplan.c tries to save a runtime projection step by specifying  
a scan plan node's output as being exactly the table's columns, or  
index's columns in the case of an index-only scan, if there is not a  
reason to do otherwise.  This logic did not previously pay attention  
to whether an index's columns are returnable.  That worked, sort of  
accidentally, until commit 9a3ddeb51 taught setrefs.c to reject plans  
that try to read a non-returnable column.  I have no desire to loosen  
setrefs.c's new check, so instead adjust use_physical_tlist() to not  
try to optimize this way when there are non-returnable column(s).  
  
Per report from Ryan Kelly.  Like the previous patch, back-patch  
to all supported branches.  
  
Discussion: https://postgr.es/m/CAHUie24ddN+pDNw7fkhNrjrwAX=fXXfGZZEHhRuofV_N_ftaSg@mail.gmail.com  

commit   : 1e8c5cf7c6c2668da69b77cea91f74ca75e67c56    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 10 Feb 2022 16:49:39 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 10 Feb 2022 16:49:39 -0500    

"pg_ctl stop/restart" checked that the postmaster PID is valid just  
once, as a side-effect of sending the stop signal, and then would  
wait-till-timeout for the postmaster.pid file to go away.  This  
neglects the case wherein the postmaster dies uncleanly after we  
signal it.  Similarly, once "pg_ctl promote" has sent the signal,  
it'd wait for the corresponding on-disk state change to occur  
even if the postmaster dies.  
  
I'm not sure how we've managed not to notice this problem, but it  
seems to explain slow execution of the 017_shm.pl test script on AIX  
since commit 4fdbf9af5, which added a speculative "pg_ctl stop" with  
the idea of making real sure that the postmaster isn't there.  In the  
test steps that kill-9 and then restart the postmaster, it's possible  
to get past the initial signal attempt before kill() stops working  
for the doomed postmaster.  If that happens, pg_ctl waited till  
PGCTLTIMEOUT before giving up ... and the buildfarm's AIX members  
have that set very high.  
  
To fix, include a "kill(pid, 0)" test (similar to what  
postmaster_is_alive uses) in these wait loops, so that we'll  
give up immediately if the postmaster PID disappears.  
  
While here, I chose to refactor those loops out of where they were.  
do_stop() and do_restart() can perfectly well share one copy of the  
wait-for-stop loop, and it seems desirable to put a similar function  
beside that for wait-for-promote.  
  
Back-patch to all supported versions, since pg_ctl's wait logic  
is substantially identical in all, and we're seeing the slow test  
behavior in all branches.  
  
Discussion: https://postgr.es/m/20220210023537.GA3222837@rfd.leadboat.com  

commit   : 92f60f536eceabcefb2528d4bf5366fef4a1536d    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Thu, 10 Feb 2022 13:44:05 -0500    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Thu, 10 Feb 2022 13:44:05 -0500    

Modern msys systems lack pexports but have gendef instead, so use that.  
  
Discussion: https://postgr.es/m/3ccde7a9-e4f9-e194-30e0-0936e6ad68ba@dunslane.net  
  
Backpatch to release 9.4 to enable building with perl on older branches.  
Before that pexports is not used for plperl.  

commit   : 2e211c16612a127bea861e416bdc22ff39c54866    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 10 Feb 2022 11:52:20 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 10 Feb 2022 11:52:20 -0500    

Commit 09cf1d522 taught schedule_alarm() to not do anything if  
the next requested event is after when we expect the next interrupt  
to fire.  However, if somehow an interrupt gets lost, we'll continue  
to not do anything indefinitely, even after the "next interrupt" time  
is obviously in the past.  Thus, one missed interrupt can break  
timeout scheduling for the life of the session.  Michael Harris  
reported a scenario where a bug in a user-defined function caused this  
to happen, so you don't even need to assume kernel bugs exist to think  
this is worth fixing.  We can make things more robust at little cost  
by detecting the case where signal_due_at is before "now" and forcing  
a new setitimer call to occur.  This isn't a completely bulletproof  
fix of course; but in our typical usage pattern where we frequently set  
timeouts and clear them before they are reached, the interrupt will  
get re-enabled after at most one timeout interval, which with a little  
luck will be before we really need it.  
  
While here, let's mark signal_due_at as volatile, since the signal  
handler can both examine and set it.  I'm not sure there's any  
actual risk given that signal_pending is already volatile, but  
it's surely questionable.  
  
Backpatch to v14 where this logic came in.  
  
Michael Harris and Tom Lane  
  
Discussion: https://postgr.es/m/CADofcAWbMrvgwSMqO4iG_iD3E2v8ZUrC-_crB41my=VMM02-CA@mail.gmail.com  

commit   : 5f00ef065ec8f086efeec93083fe250f81a3f585    
  
author   : Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Thu, 10 Feb 2022 14:23:36 +0100    
  
committer: Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Thu, 10 Feb 2022 14:23:36 +0100    

The connection strings in the SSL client tests were using the host  
set up from Cluster.pm which is a temporary pathname. When SNI is  
enabled we pass the host to OpenSSL in order to set the server name  
indication ClientHello extension via SSL_set_tlsext_host_name.  
  
OpenSSL doesn't validate the hostname apart from checking the max  
length, but LibreSSL checks for RFC 5890 conformance which results  
in errors during testing as the pathname from Cluster.pm is not a  
valid hostname.  
  
Fix by setting the host explicitly to localhost, as that's closer  
to the intent of the test.  
  
Backpatch through 14 where SNI support came in.  
  
Reported-by: Nazir Bilal Yavuz <byavuz81@gmail.com>  
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>  
Discussion: https://postgr.es/m/17391-304f81bcf724b58b@postgresql.org  
Backpatch-through: 14  

commit   : 1a83297d222487070386b55b032657345d7ec64a    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Wed, 9 Feb 2022 18:16:59 -0800    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Wed, 9 Feb 2022 18:16:59 -0800    

Some pre-2017 Test::More versions need perfect $Test::Builder::Level  
maintenance to find the variable.  Buildfarm member snapper reported an  
overall failure that the file intended to hide via the TODO construct.  
That trouble was reachable in v11 and v10.  For later branches, this  
serves as defense in depth.  Back-patch to v10 (all supported versions).  
  
Discussion: https://postgr.es/m/20220202055556.GB2745933@rfd.leadboat.com  

commit   : c23461a22a1ead0a34dc209c2918ec4ccaf61475    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 9 Feb 2022 14:24:55 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 9 Feb 2022 14:24:55 -0500    

Commit 6a2a70a02 supposed that any platform having <sys/epoll.h>  
would also have <sys/signalfd.h>.  It turns out there are still a  
few people using platforms where that's not so, so we'd better make  
a separate configure probe for it.  But since it took this long to  
notice, I'm content with the decision to not have a separate code  
path for epoll-only machines; we'll just fall back to using poll()  
for these stragglers.  
  
Per gripe from Gabriela Serventi.  Back-patch to v14 where this  
code came in.  
  
Discussion: https://postgr.es/m/CAHOHWE-JjJDfcYuLAAEO7Jk07atFAU47z8TzHzg71gbC0aMy=g@mail.gmail.com  

commit   : e327291e4a96571c85b6a9b140e1a8116fb47ec6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 8 Feb 2022 19:25:56 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 8 Feb 2022 19:25:56 -0500    

Recent versions of Devel::PPPort try to redefine eval_pv() to  
dodge a bug in pre-5.31 Perl versions.  Unfortunately the redefinition  
fails on compilers that don't support statements nested within  
expressions.  However, we aren't actually interested in this bug fix,  
since we always call eval_pv() with croak_on_error = FALSE.  
So, until there's an upstream fix for this breakage, just comment  
out the macro to revert to the older behavior.  
  
Per report from Wei Sun, as well as previous buildfarm failure  
on pademelon (which I'd unfortunately not looked at carefully  
enough to understand the cause).  Back-patch to all supported  
versions, since we're using the same ppport.h in all.  
  
Discussion: https://postgr.es/m/tencent_2EFCC8BA0107B6EC0F97179E019A8A43C806@qq.com  
Report: https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=pademelon&dt=2022-02-02%2001%3A22%3A58  

commit   : 78b1ddc753b3e5e3f3e9eb0e7519b48146018394    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 7 Feb 2022 16:15:36 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 7 Feb 2022 16:15:36 -0500    

commit   : 3c879e61d9ad5968e88e12620e270808b6cb76f5    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 7 Feb 2022 13:31:57 +0100    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 7 Feb 2022 13:31:57 +0100    

Source-Git-URL: git://git.postgresql.org/git/pgtranslation/messages.git  
Source-Git-Hash: 063c497a909612d444c7c7188482db9aef86200f  

commit   : 1d9ccc0a6d3c1b3d5c52e6e427a9e1cb824b0a90    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 6 Feb 2022 14:24:55 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 6 Feb 2022 14:24:55 -0500    

commit   : d0cd7b77265cf39e0e8984ba9d5bec0c155dccdb    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 5 Feb 2022 12:55:44 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 5 Feb 2022 12:55:44 -0500    

A very well-informed user might deduce this from what we said already,  
but I'd bet against it.  Lay it out explicitly.  
  
While here, rewrite the comment about tuple routing to be more  
intelligible to an average SQL user.  
  
Per bug #17395 from Alexander Lakhin.  Back-patch to v11.  (The text  
in this area is different in v10 and I'm not sufficiently excited  
about this point to adapt the patch.)  
  
Discussion: https://postgr.es/m/17395-8c326292078d1a57@postgresql.org  

commit   : d13a838e1c19df5358d250b8d469544d7ab3dfda    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 5 Feb 2022 11:59:30 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 5 Feb 2022 11:59:30 -0500    

There are two Asserts in nodeMergejoin.c that are reachable if  
the input data is not in the expected order.  This seems way too  
fragile.  Alexander Lakhin reported a case where the assertions  
could be triggered with misconfigured foreign-table partitions,  
and bitter experience with unstable operating system collation  
definitions suggests another easy route to hitting them.  Neither  
Assert is in a place where we can't afford one more test-and-branch,  
so replace 'em with plain test-and-elog logic.  
  
Per bug #17395.  While the reported symptom is relatively recent,  
collation changes could happen anytime, so back-patch to all  
supported branches.  
  
Discussion: https://postgr.es/m/17395-8c326292078d1a57@postgresql.org  

commit   : ab22eea83169c8d0eb15050ce61cbe3d7dae4de6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 4 Feb 2022 14:55:00 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 4 Feb 2022 14:55:00 -0500    

As usual, the release notes for older branches will be made by cutting  
these down, but put them up for community review first.  

commit   : 2a3958e4d9b9b1e82adefa11f3e69ea5c16efb45    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Thu, 3 Feb 2022 10:44:26 -0800    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Thu, 3 Feb 2022 10:44:26 -0800    

Discussion: https://postgr.es/m/20220203183655.ralgkh54sdcgysmn@alap3.anarazel.de  
Backpatch: 14-, like f862d57057f  

commit   : 7b0cec2fa05a123ed96163d7ac8485384570b3e0    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 3 Feb 2022 15:15:01 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 3 Feb 2022 15:15:01 +0900    

We assume that direct-modify ForeignScan nodes cannot be re-evaluated  
during EvalPlanQual processing, but the rework for inherited  
UPDATE/DELETE in commit 86dc90056 changed things, without considering  
that, so that such ForeignScan nodes get called as part of the  
EvalPlanQual subtree during EvalPlanQual processing in the case of an  
inherited UPDATE/DELETE where the inheritance set contains foreign  
target relations.  To avoid re-evaluating such ForeignScan nodes during  
EvalPlanQual processing, commit c3928b467 modified nodeForeignscan.c,  
but the assumption made there that ExecForeignScan() should never be  
called for such ForeignScan nodes during EvalPlanQual processing turned  
out to be wrong in some cases, leading to a segmentation fault or a  
"cannot re-evaluate a Foreign Update or Delete during EvalPlanQual"  
error.  
  
Fix by modifying nodeForeignscan.c further to avoid re-evaluating such  
ForeignScan nodes even in ExecForeignScan()/ExecReScanForeignScan()  
during EvalPlanQual processing.  Since this makes non-reachable the  
test-and-elog added to ForeignNext() by commit c3928b467 that produced  
the aforesaid error, convert the test-and-elog to an Assert.  
  
Per bug #17355 from Alexander Lakhin.  Back-patch to v14 where both  
commits came in.  
  
Patch by me, reviewed and tested by Alexander Lakhin and Amit Langote.  
  
Discussion: https://postgr.es/m/17355-de8e362eb7001a96@postgresql.org  

commit   : 25560761289e5dbe21514c9ef2cf7272d9181488    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 2 Feb 2022 21:53:51 -0500    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 2 Feb 2022 21:53:51 -0500    

Also move TCL syntax to the PL/tcl section.  
  
Reported-by: davs2rt@gmail.com  
  
Discussion: https://postgr.es/m/164308146320.12460.3590769444508751574@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : ee57467cb6b2ce1e25d367cbd64cc60ae9ba0eb3    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Wed, 2 Feb 2022 09:14:26 +0100    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Wed, 2 Feb 2022 09:14:26 +0100    

Small thinko introduced by 94aceed317730953476bec490ce0148b2af3c383  
  
Reported-by: nassehk@gmail.com  

commit   : 803f0b1739065b2d1d46c4a72c99b46cdd354f60    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 1 Feb 2022 19:03:41 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 1 Feb 2022 19:03:41 -0500    

With Python 3.10, configure spits out warnings about the module  
distutils.sysconfig being deprecated and scheduled for removal in  
Python 3.12.  Change the uses in configure to use the module sysconfig  
instead.  The logic stays largely the same, although we have to  
rely on INCLUDEPY instead of the deprecated get_python_inc function.  
  
Note that sysconfig exists since Python 2.7, so this moves the  
minimum required version up from Python 2.6 (or 2.4, before v13).  
Also, sysconfig didn't exist in Python 3.1, so the minimum 3.x  
version is now 3.2.  
  
Back-patch of commit bd233bdd8 into all supported branches.  
  
In v10, this also includes back-patching v11's beff4bb9c, primarily  
because this opinion is clearly out-of-date:  
  
    While at it, get rid of the code's assumption that both the major and  
    minor numbers contain exactly one digit.  That will foreseeably be  
    broken by Python 3.10 in perhaps four or five years.  That's far enough  
    out that we probably don't need to back-patch this.  
  
Peter Eisentraut, Tom Lane, Andres Freund  
  
Discussion: https://postgr.es/m/c74add3c-09c4-a9dd-1a03-a846e5b2fc52@enterprisedb.com  

commit   : 00fdfde6dc726dbbee7e7e3e25a6406e2c76c4f6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 31 Jan 2022 15:07:39 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 31 Jan 2022 15:07:39 -0500    

This reverts commits d81cac47a et al.  We shouldn't need that  
hack after the preceding commits.  
  
Discussion: https://postgr.es/m/20220131015130.shn6wr2fzuymerf6@alap3.anarazel.de  

commit   : 2d44912cf79f1f174a83f587e1c4328315b8a0fa    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 31 Jan 2022 15:01:05 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 31 Jan 2022 15:01:05 -0500    

Also apply the changes suggested by running  
perl ppport.h --compat-version=5.8.0  
  
And remove some no-longer-required NEED_foo declarations.  
  
Dagfinn Ilmari Mannsåker  
  
Back-patch of commit 05798c9f7 into all supported branches.  
At the time we thought this update was mostly cosmetic, but the  
lack of it has caused trouble, while the patch itself hasn't.  
  
Discussion: https://postgr.es/m/87y278s6iq.fsf@wibble.ilmari.org  
Discussion: https://postgr.es/m/20220131015130.shn6wr2fzuymerf6@alap3.anarazel.de  

commit   : d81cac47a829c3e2c729ef98acaf132adb7ff3ae    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Sun, 30 Jan 2022 17:53:53 -0800    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Sun, 30 Jan 2022 17:53:53 -0800    

ppport.h was only updated in 05798c9f7f0 (master). Unfortunately my commit  
c89f409749c uses PERL_VERSION_LT which came in with that update. Breaking most  
buildfarm animals.  
  
I should have noticed that...  
  
We might want to backpatch the ppport update instead, but for now lets get the  
buildfarm green again.  
  
Discussion: https://postgr.es/m/20220131015130.shn6wr2fzuymerf6@alap3.anarazel.de  
Backpatch: 10-14, master doesn't need it  

commit   : 8484e38126d7522069e44b81cd41ef53f700b2e1    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Sun, 30 Jan 2022 14:29:04 -0800    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Sun, 30 Jan 2022 14:29:04 -0800    

For older versions we need our own copy of perl's setlocale(), because it was  
not exposed (why we need the setlocale in the first place is explained in  
plperl_init_interp) . The copy stopped working in 5.28, as some of the used  
macros are not public anymore.  But Perl_setlocale is available in 5.28, so  
use that.  
  
Author: Victor Wagner <vitus@wagner.pp.ru>  
Reviewed-By: Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>  
Discussion: https://postgr.es/m/20200501134711.08750c5f@antares.wagner.home  
Backpatch: all versions  

commit   : c025067f6d3fbffd1acc8c70ec9d2ecc5be8c90b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 29 Jan 2022 11:41:12 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 29 Jan 2022 11:41:12 -0500    

Although select_common_type() has a failure-return convention, an  
apparent successful return just provides a type OID that *might* work  
as a common supertype; we've not validated that the required casts  
actually exist.  In the mainstream use-cases that doesn't matter,  
because we'll proceed to invoke coerce_to_common_type() on each input,  
which will fail appropriately if the proposed common type doesn't  
actually work.  However, a few callers didn't read the (nonexistent)  
fine print, and thought that if they got back a nonzero OID then the  
coercions were sure to work.  
  
This affects in particular the recently-added "anycompatible"  
polymorphic types; we might think that a function/operator using  
such types matches cases it really doesn't.  A likely end result  
of that is unexpected "ambiguous operator" errors, as for example  
in bug #17387 from James Inform.  Another, much older, case is that  
the parser might try to transform an "x IN (list)" construct to  
a ScalarArrayOpExpr even when the list elements don't actually have  
a common supertype.  
  
It doesn't seem desirable to add more checking to select_common_type  
itself, as that'd just slow down the mainstream use-cases.  Instead,  
write a separate function verify_common_type that performs the  
missing checks, and add a call to that where necessary.  Likewise add  
verify_common_type_from_oids to go with select_common_type_from_oids.  
  
Back-patch to v13 where the "anycompatible" types came in.  (The  
symptom complained of in bug #17387 doesn't appear till v14, but  
that's just because we didn't get around to converting || to use  
anycompatible till then.)  In principle the "x IN (list)" fix could  
go back all the way, but I'm not currently convinced that it makes  
much difference in real-world cases, so I won't bother for now.  
  
Discussion: https://postgr.es/m/17387-5dfe54b988444963@postgresql.org  

commit   : b30282fccfa34238492c0f64808e7b4aa4ef72b3    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Sat, 29 Jan 2022 10:23:17 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Sat, 29 Jan 2022 10:23:17 +0900    

c532d15 has split the logic of COPY commands into multiple files, one  
change being to move the internals of BeginCopy() to BeginCopyTo().  
Originally the code was written so as we'd switch back-and-forth between  
the current execution memory context and the dedicated memory context  
for the COPY command, and this refactoring has introduced an extra  
switch to the current memory context from the COPY context once  
BeginCopyTo() is done with the past logic coming from BeginCopy().  
  
The code was correctly doing the analyze, rewrite and planning phases in  
the COPY context, but it was not assigning "copy_file" (FILE* used when  
copying to a source file) and "filename" in the COPY context, making the  
COPY status data inconsistent.  
  
Author: Bharath Rupireddy  
Reviewed-by: Japin Li  
Discussion: https://postgr.es/m/CALj2ACWvVa69foi9jhHFY=2BuHxAoYboyE+vXQTARwxZcJnVrQ@mail.gmail.com  
Backpatch-through: 14  

commit   : d99166ed4f6e9f370289a90dd6678c06bfffd41f    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 28 Jan 2022 15:45:01 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 28 Jan 2022 15:45:01 +0900    

commit   : 6e7ee55e727771d97d0fce531a5cda350bb3fa84    
  
author   : Fujii Masao <fujii@postgresql.org>    
date     : Fri, 28 Jan 2022 11:24:42 +0900    
  
committer: Fujii Masao <fujii@postgresql.org>    
date     : Fri, 28 Jan 2022 11:24:42 +0900    

When pg_log_backend_memory_contexts() is executed, the target backend  
should use LOG_SERVER_ONLY to log its memory contexts, to prevent them  
from being sent to its connected client regardless of client_min_messages.  
But previously the backend unexpectedly used LOG to log the message  
"logging memory contexts of PID %d" and it could be sent to the client.  
This is a bug in memory context logging.  
  
To fix the bug, this commit changes that message so that it's logged with  
LOG_SERVER_ONLY.  
  
Back-patch to v14 where pg_log_backend_memory_contexts() was added.  
  
Author: Fujii Masao  
Reviewed-by: Bharath Rupireddy, Atsushi Torikoshi  
Discussion: https://postgr.es/m/82c12f36-86f7-5e72-79af-7f5c37f6cad7@oss.nttdata.com  

commit   : fb2f8e534aaefa649ada8df3e4863ebad32229f7    
  
author   : Tomas Vondra <tomas.vondra@postgresql.org>    
date     : Thu, 27 Jan 2022 17:53:53 +0100    
  
committer: Tomas Vondra <tomas.vondra@postgresql.org>    
date     : Thu, 27 Jan 2022 17:53:53 +0100    

Commit 8431e296ea reworked ProcArrayApplyRecoveryInfo to sort XIDs  
before adding them to KnownAssignedXids. But the XIDs are sorted using  
xidComparator, which compares the XIDs simply as uint32 values, not  
logically. KnownAssignedXidsAdd() however expects XIDs in logical order,  
and calls TransactionIdFollowsOrEquals() to enforce that. If there are  
XIDs for which the two orderings disagree, an error is raised and the  
recovery fails/restarts.  
  
Hitting this issue is fairly easy - you just need two transactions, one  
started before the 4B limit (e.g. XID 4294967290), the other sometime  
after it (e.g. XID 1000). Logically (4294967290 <= 1000) but when  
compared using xidComparator we try to add them in the opposite order.  
Which makes KnownAssignedXidsAdd() fail with an error like this:  
  
  ERROR: out-of-order XID insertion in KnownAssignedXids  
  
This only happens during replica startup, while processing RUNNING_XACTS  
records to build the snapshot. Once we reach STANDBY_SNAPSHOT_READY, we  
skip these records. So this does not affect already running replicas,  
but if you restart (or create) a replica while there are transactions  
with XIDs for which the two orderings disagree, you may hit this.  
  
Long-running transactions and frequent replica restarts increase the  
likelihood of hitting this issue. Once the replica gets into this state,  
it can't be started (even if the old transactions are terminated).  
  
Fixed by sorting the XIDs logically - this is fine because we're dealing  
with normal XIDs (because it's XIDs assigned to backends) and from the  
same wraparound epoch (otherwise the backends could not be running at  
the same time on the primary node). So there are no problems with the  
triangle inequality, which is why xidComparator compares raw values.  
  
Investigation and root cause analysis by Abhijit Menon-Sen. Patch by me.  
  
This issue is present in all releases since 9.4, however releases up to  
9.6 are EOL already so backpatch to 10 only.  
  
Reviewed-by: Abhijit Menon-Sen  
Reviewed-by: Alvaro Herrera  
Backpatch-through: 10  
Discussion: https://postgr.es/m/36b8a501-5d73-277c-4972-f58a4dce088a%40enterprisedb.com  

commit   : 999dc1d2650883b817ea6d4e393ca8ba84a8687d    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Thu, 27 Jan 2022 08:17:42 -0500    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Thu, 27 Jan 2022 08:17:42 -0500    

Perl instances on some msys toolchains (e.g. UCRT64) have their  
configured osname set to 'MSWin32' rather than 'msys'.  The test for  
the msys2 platform is adjusted accordingly.  
  
Backpatch to release 14.  

commit   : d1cca9441dc488b9e4d82cf34c9cacc998e6470f    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 27 Jan 2022 16:15:02 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 27 Jan 2022 16:15:02 +0900    

Commit 27e1f1456 failed to process a pending asynchronous request made  
for a given ForeignScan node in postgresReScanForeignScan() (if any) in  
cases where we would only reset the next_tuple counter in that function,  
contradicting the assumption that there should be no pending  
asynchronous requests that have been made for async-capable subplans for  
the parent Append node after ReScan.  This led to an assert failure in  
an assert-enabled build.  I think this would also lead to mis-rewinding  
the cursor in that function in the case where we have already fetched  
one batch for the ForeignScan node and the asynchronous request has been  
made for the second batch, because even in that case we would just reset  
the counter when called from that function, so we would fail to execute  
MOVE BACKWARD ALL.  
  
To fix, modify that function to process the asynchronous request before  
restarting the scan.  
  
While at it, add a comment to a function to match other places.  
  
Per bug #17344 from Alexander Lakhin.  Back-patch to v14 where the  
aforesaid commit came in.  
  
Patch by me.  Test case by Alexander Lakhin, adjusted by me.  Reviewed  
and tested by Alexander Lakhin and Dmitry Dolgov.  
  
Discussion: https://postgr.es/m/17344-226b78b00de73a7e@postgresql.org  

commit   : d94a95cce9eb8582f3bb48fd745f21749b317e83    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Wed, 26 Jan 2022 18:06:19 -0800    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Wed, 26 Jan 2022 18:06:19 -0800    

Buildfarm members kittiwake, tadarida and snapper began to fail  
frequently when commits 3cd9c3b921977272e6650a5efbeade4203c4bca2 and  
f47ed79cc8a0cfa154dc7f01faaf59822552363f added tests of concurrency, but  
the problem was reachable before those commits.  Back-patch to v10 (all  
supported versions).  
  
Discussion: https://postgr.es/m/20220116210241.GC756210@rfd.leadboat.com  

commit   : 4afae689ead4ffbfdbaac1cd72794c729446596e    
  
author   : Magnus Hagander <magnus@hagander.net>    
date     : Wed, 26 Jan 2022 09:52:41 +0100    
  
committer: Magnus Hagander <magnus@hagander.net>    
date     : Wed, 26 Jan 2022 09:52:41 +0100    

For authentication method cert, clientcert=verify-full is implied. But  
the pg_hba_file_rules entry would incorrectly show clientcert=verify-ca.  
  
Per bug #17354  
  
Reported-By: Feike Steenbergen  
Reviewed-By: Jonathan Katz  
Backpatch-through: 12  

commit   : 75674c7ec1b1607e7013b5cebcb22d9c8b4b2cb6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 25 Jan 2022 12:17:40 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 25 Jan 2022 12:17:40 -0500    

This reverts commits 6051857fc and ed52c3707, but only in the back  
branches.  Further testing has shown that while those changes do fix  
some things, they also break others; in particular, it looks like  
walreceivers fail to detect walsender-initiated connection close  
reliably if the walsender shuts down this way.  We'll keep trying to  
improve matters in HEAD, but it now seems unwise to push these changes  
into stable releases.  
  
Discussion: https://postgr.es/m/CA+hUKG+OeoETZQ=Qw5Ub5h3tmwQhBmDA=nuNO3KG=zWfUypFAw@mail.gmail.com  

commit   : 357ff66153b4791d32c45724d8a0d3c91d89c937    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Tue, 25 Jan 2022 21:14:27 +1300    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Tue, 25 Jan 2022 21:14:27 +1300