PostgreSQL 14.0 (upcoming) commit log

commit   : f3f70b8de66c0bae86f4761e152c10dd39f6f179    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Sun, 27 Nov 2022 09:03:22 -0500    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Sun, 27 Nov 2022 09:03:22 -0500    

When loading plperl built against Strawberry perl or the msys2 ucrt perl  
that have been built with gcc, a binary mismatch has been encountered  
which looks like this:  
  
loadable library and perl binaries are mismatched (got handshake key 0000000012800080, needed 0000000012900080)  
  
To cure this we bring the handshake keys into sync by adding  
NO_THREAD_SAFE_LOCALE to the defines used to build plperl.  
  
Discussion: https://postgr.es/m/20211005004334.tgjmro4kuachwiuc@alap3.anarazel.de  
Discussion: https://postgr.es/m/c2da86a0-2906-744c-923d-16da6047875e@dunslane.net  
  
Backpatch to all live branches.  

commit   : 4e9e1b2a625eccfdfd09b8fca9693dd1fe96f256    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 26 Nov 2022 10:30:31 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 26 Nov 2022 10:30:31 -0500    

Another oversight in 9b4eafcaf.  

commit   : ec7b29cb954fca911fddb9a76a19170256338c8f    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Sat, 26 Nov 2022 07:44:23 -0500    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Sat, 26 Nov 2022 07:44:23 -0500    

Commit 9b4eafcaf4 added creattion of a directory to reserve TAP test  
ports at the top of the build tree. In a non-vpath build this means at  
the top of the source tree, so it needs to be added to .gitignore.  
  
As suggested by Michael Paquier  
  
Backpatch to all live branches.  

commit   : f76191fd994aa1e49110b496f6c7119052118dee    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Fri, 25 Nov 2022 15:28:38 -0500    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Fri, 25 Nov 2022 15:28:38 -0500    

Strawberry uses __builtin_expect which Visual C doesn't have. For this  
case define it as a noop. Solution taken from vim sources.  
  
Backpatch to all live branches  

commit   : e52245228ecf3a58b031c820332bc56478bb1ba2    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 25 Nov 2022 17:45:03 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 25 Nov 2022 17:45:03 +0900    

Commit b663a4136, which allowed FDWs to INSERT rows in bulk, added to  
nodeModifyTable.c code to flush pending inserts to the foreign-table  
result relation(s) before completing processing of the ModifyTable node,  
but the code failed to take into account the case where the INSERT query  
has modifying CTEs, leading to incorrect results.  
  
Also, that commit failed to flush pending inserts before firing BEFORE  
ROW triggers so that rows are visible to such triggers.  
  
In that commit we scanned through EState's  
es_tuple_routing_result_relations or es_opened_result_relations list to  
find the foreign-table result relations to which pending inserts are  
flushed, but that would be inefficient in some cases.  So to fix, 1) add  
a List member to EState to record the insert-pending result relations,  
and 2) modify nodeModifyTable.c so that it adds the foreign-table result  
relation to the list in ExecInsert() if appropriate, and flushes pending  
inserts properly using the list where needed.  
  
While here, fix a copy-and-pasteo in a comment in ExecBatchInsert(),  
which was added by that commit.  
  
Back-patch to v14 where that commit appeared.  
  
Discussion: https://postgr.es/m/CAPmGK16qutyCmyJJzgQOhfBq%3DNoGDqTB6O0QBZTihrbqre%2BoxA%40mail.gmail.com  

commit   : 9f2cc1a73ccf84c24dc4c386721b3bb73757dc24    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Fri, 25 Nov 2022 09:25:50 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Fri, 25 Nov 2022 09:25:50 +0530    

In commit 272248a0c, we introduced an InitialRunningXacts array to  
remember transactions and subtransactions that were running when the  
xl_running_xacts record that we decoded was written. This array was  
allocated in the snapshot builder memory context after we restore  
serialized snapshot but we forgot to reset the array while freeing the  
builder memory context. So, the next time when we start decoding in the  
same session where we don't restore any serialized snapshot, we ended up  
using the uninitialized array and that can lead to unpredictable behavior.  
  
This problem doesn't exist in HEAD as instead of using  
InitialRunningXacts, we added the list of transaction IDs and  
sub-transaction IDs, that have modified catalogs and are running during  
snapshot serialization, to the serialized snapshot (see commit 7f13ac8123).  
  
Reported-by: Maxim Orlov  
Author: Masahiko Sawada  
Reviewed-by: Amit Kapila, Maxim Orlov  
Backpatch-through: 11  
Discussion: https://postgr.es/m/CACG=ezZoz_KG+Ryh9MrU_g5e0HiVoHocEvqFF=NRrhrwKmEQJQ@mail.gmail.com  

commit   : 8e7c86785a11cd3e56f895b8e2a489546c36a350    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 24 Nov 2022 10:45:10 +0100    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 24 Nov 2022 10:45:10 +0100    

There are recent reports involving a very old error message that we have  
no history of hitting -- perhaps a recently introduced bug.  Improve the  
error message in an attempt to improve our chances of investigating the  
bug.  
  
Per reports from Dimos Stamatakis and Bob Krier.  
  
Backpatch to 11.  
  
Discussion: https://postgr.es/m/CO2PR0801MB2310579F65529380A4E5EDC0E20A9@CO2PR0801MB2310.namprd08.prod.outlook.com  
Discussion: https://postgr.es/m/17518-04e368df5ad7f2ee@postgresql.org  

commit   : c93254424f288557eeef13343be8f72536cb9ffe    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Wed, 23 Nov 2022 07:17:26 -0500    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Wed, 23 Nov 2022 07:17:26 -0500    

per gripe from Andres Freund and Tom Lane  
  
Backpatch to all live branches.  

commit   : bd06fe4dee6321a3eabc1832f1faa736350d5d2c    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 22 Nov 2022 14:40:20 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 22 Nov 2022 14:40:20 -0500    

We've made multiple attempts at preventing get_actual_variable_range  
from taking an unreasonable amount of time (3ca930fc3, fccebe421).  
But there's still an issue for the very first planning attempt after  
deletion of a large number of extremal-valued tuples.  While that  
planning attempt will set "killed" bits on the tuples it visits and  
thereby reduce effort for next time, there's still a lot of work it  
has to do to visit the heap and then set those bits.  It's (usually?)  
not worth it to do that much work at plan time to have a slightly  
better estimate, especially in a context like this where the table  
contents are known to be mutating rapidly.  
  
Therefore, let's bound the amount of work to be done by giving up  
after we've visited 100 heap pages.  Giving up just means we'll  
fall back on the extremal value recorded in pg_statistic, so it  
shouldn't mean that planner estimates suddenly become worthless.  
  
Note that this means we'll still gradually whittle down the problem  
by setting a few more index "killed" bits in each planning attempt;  
so eventually we'll reach a good state (barring further deletions),  
even in the absence of VACUUM.  
  
Simon Riggs, per a complaint from Jakub Wartak (with cosmetic  
adjustments by me).  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/CAKZiRmznOwi0oaV=4PHOCM4ygcH4MgSvt8=5cu_vNCfc8FSUug@mail.gmail.com  

commit   : 870d6218e6d73dca8ec37b4d7f5076b74eeaeffe    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Tue, 22 Nov 2022 10:35:04 -0500    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Tue, 22 Nov 2022 10:35:04 -0500    

Currently there is a race condition where if concurrent TAP tests both  
test that they can open a port they will assume that it is free and use  
it, causing one of them to fail. To prevent this we record a reservation  
using an exclusive lock, and any TAP test that discovers a reservation  
checks to see if the reserving process is still alive, and looks for  
another free port if it is.  
  
Ports are reserved in a directory set by the environment setting  
PG_TEST_PORT_DIR, or if that doesn't exist a subdirectory of the top  
build directory as set by Makefile.global, or its own  
tmp_check directory.  
  
The prove_check recipe in Makefile.global.in is extended to export  
top_builddir to the TAP tests. This was already exported by the  
prove_installcheck recipes.  
  
Per complaint from Andres Freund  
  
Backpatched from 9b4eafcaf4 to all live branches  
  
Discussion: https://postgr.es/m/20221002164931.d57hlutrcz4d2zi7@awork3.anarazel.de  

commit   : 1b3ed757145dd6fa29feb6a31084527a6d6a46e3    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Tue, 22 Nov 2022 10:56:07 +0100    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Tue, 22 Nov 2022 10:56:07 +0100    

Once a logical slot has acquired a catalog_xmin, it doesn't let go of  
it, even when invalidated by exceeding the max_slot_wal_keep_size, which  
means that dead catalog tuples are not removed by vacuum anymore since  
the point is invalidated, until the slot is dropped.  This could be  
catastrophic if catalog churn is high.  
  
Change the computation of Xmin to ignore invalidated slots,  
to prevent dead rows from accumulating.  
  
Backpatch to 13, where slot invalidation appeared.  
  
Author: Sirisha Chamarthi <sirichamarthi22@gmail.com>  
Reviewed-by: Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>  
Discussion: https://postgr.es/m/CAKrAKeUEDeqquN9vwzNeG-CN8wuVsfRYbeOUV9qKO_RHok=j+g@mail.gmail.com  

commit   : 385b317715179fd60b6a2899a3d10b13ca52ad4d    
  
author   : Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Mon, 21 Nov 2022 23:25:48 +0100    
  
committer: Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Mon, 21 Nov 2022 23:25:48 +0100    

The Hunspell project moved from Sourceforge to Github sometime  
in 2016, so update our links to match the new URL.  Backpatch  
the doc changes to all supported versions.  
  
Discussion: https://postgr.es/m/DC9A662A-360D-4125-A453-5A6CB9C6C4B4@yesql.se  
Backpatch-through: v11  

commit   : 1b9c04b1389b0e8ee7f493477c22c25f65a2f89a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 21 Nov 2022 17:07:07 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 21 Nov 2022 17:07:07 -0500    

I just spent an annoying amount of time reverse-engineering the  
100%-undocumented API between ts_headline and the text search  
parser's prsheadline function.  Add some commentary about that  
while it's fresh in mind.  Also remove some unused macros in  
wparser_def.c.  
  
While at it, I noticed that when commit 78e73e875 added a  
CHECK_FOR_INTERRUPTS call in TS_execute_recurse, it missed  
doing so in the parallel function TS_phrase_execute, which  
surely needs one just as much.  
  
Back-patch because of the missing CHECK_FOR_INTERRUPTS.  
Might as well back-patch the rest of this too.  

commit   : 47a22dc2cb89aca2e54c9cf9fe2da4a5e8ba4cb4    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 21 Nov 2022 15:37:48 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 21 Nov 2022 15:37:48 -0500    

This reverts commit 5cda142bb9d2bd7e7ed1c22ae89afe58abfa8d7b  
(in v14 only).  
  
It turns out that that fails under force_parallel_mode = regress,  
because pageinspect's disk-access functions are marked parallel  
safe, which they are not if you try to use them on a temp table.  
The cost of fixing that pre-v15 seems to exceed the value of  
making this test case fully stable, so we will just leave things  
as-is in v14.  

commit   : 5cda142bb9d2bd7e7ed1c22ae89afe58abfa8d7b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 21 Nov 2022 10:50:50 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 21 Nov 2022 10:50:50 -0500    

pageinspect has occasionally failed on slow buildfarm members,  
with symptoms indicating that the expected effects of VACUUM  
FREEZE didn't happen.  This is presumably because a background  
transaction such as auto-analyze was holding back global xmin.  
  
We can work around that by using a temp table in the test.  
Since commit a7212be8b, that will use an up-to-date cutoff xmin  
regardless of other processes.  And pageinspect itself shouldn't  
really care whether the table is temp.  
  
Back-patch to v14.  There would be no point in older branches  
without back-patching a7212be8b, which seems like more trouble  
than the problem is worth.  
  
Discussion: https://postgr.es/m/2892135.1668976646@sss.pgh.pa.us  

commit   : fc4154286e0e47d748d19183fd05be794a019be8    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 16 Nov 2022 20:00:59 -0800    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 16 Nov 2022 20:00:59 -0800    

ProcSleep() used a PGPROC* variable to point to PROC_QUEUE->links.next,  
because that does "the right thing" with SHMQueueInsertBefore(). While that  
largely works, it's certainly not correct and unnecessary - we can just use  
SHM_QUEUE* to point to the insertion point.  
  
Noticed when testing a 32bit of postgres with undefined behavior  
sanitizer. UBSan noticed that sometimes the supposed PGPROC wasn't  
sufficiently aligned (required since 46d6e5f5679, ensured indirectly, via  
ShmemAllocRaw() guaranteeing cacheline alignment).  
  
For now fix this by using a SHM_QUEUE* for the insertion point. Subsequently  
we should replace all the use of PROC_QUEUE and SHM_QUEUE with ilist.h, but  
that's a larger change that we don't want to backpatch.  
  
Backpatch to all supported versions - it's useful to be able to run postgres  
under UBSan.  
  
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>  
Discussion: https://postgr.es/m/20221117014230.op5kmgypdv2dtqsf@awork3.anarazel.de  
Backpatch: 11-  

commit   : bb3f42aae382106b91d60b861333a08ff6007e9c    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 19 Nov 2022 13:09:14 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 19 Nov 2022 13:09:14 -0500    

basics.source is supposed to be pretty closely in step with  
the examples in chapter 2 of the tutorial, but I forgot to  
update it in commit f05a5e000.  Fix that, and adjust a couple  
of other discrepancies that had crept in over time.  
  
(I notice that advanced.source is nowhere near being in sync  
with chapter 3, but I lack the ambition to do something  
about that right now.)  

commit   : 03ac48549438f26b796c1f536c2b545c6c50f259    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 19 Nov 2022 12:00:27 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 19 Nov 2022 12:00:27 -0500    

getPolicies() had the same disease I fixed in other places in  
commit e3fcbbd62, i.e., it was calling pg_get_expr() for  
expressions on tables that we don't necessarily have lock on.  
To fix, restrict the query to only collect interesting rows,  
rather than doing the filtering on the client side.  
  
Back-patch of commit 3e6e86abc.  That's been in v15/HEAD long enough  
to have some confidence about it, so now let's fix the problem in  
older branches.  
  
Discussion: https://postgr.es/m/2273648.1634764485@sss.pgh.pa.us  
Discussion: https://postgr.es/m/7d7eb6128f40401d81b3b7a898b6b4de@W2012-02.nidsa.loc  
Discussion: https://postgr.es/m/45c93d57-9973-248e-d2df-e02ca9af48d4@darold.net  

commit   : 55f30e6c7640c80fbb7be90fad668ee4bffa0e97    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 19 Nov 2022 11:40:30 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 19 Nov 2022 11:40:30 -0500    

Avoid calling pg_get_partkeydef(), pg_get_expr(relpartbound),  
and regtypeout until we have lock on the relevant tables.  
The existing coding is at serious risk of failure if there  
are any concurrent DROP TABLE commands going on --- including  
drops of other sessions' temp tables.  
  
Back-patch of commit e3fcbbd62.  That's been in v15/HEAD long enough  
to have some confidence about it, so now let's fix the problem in  
older branches.  
  
Original patch by me; thanks to Gilles Darold for back-patching  
legwork.  
  
Discussion: https://postgr.es/m/2273648.1634764485@sss.pgh.pa.us  
Discussion: https://postgr.es/m/7d7eb6128f40401d81b3b7a898b6b4de@W2012-02.nidsa.loc  
Discussion: https://postgr.es/m/45c93d57-9973-248e-d2df-e02ca9af48d4@darold.net  

commit   : 038512f71ea807d6c2b8e519f2416a9a5283d9bf    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Fri, 18 Nov 2022 08:38:26 -0500    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Fri, 18 Nov 2022 08:38:26 -0500    

Version strings with unequal numbers of parts were being compared  
incorrectly. We cure this by treating a missing part in the shorter  
version as 0.  
  
per complaint from Jehan-Guillaume de Rorthais, but the fix is mine, not  
his.  
  
Discussion: https://postgr.es/m/20220628225325.53d97b8d@karst  
  
Backpatch to release 14 where this code was introduced.  

commit   : 32d5a4974c81aeaca7ffc025f0a5fda88b71cba6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 17 Nov 2022 16:54:30 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 17 Nov 2022 16:54:30 -0500    

This is a back-patch of the v15-era commit f10f0ae42 into older  
supported branches.  The idea is to design out bugs in which an  
ill-timed relcache flush clears rel->rd_smgr partway through  
some code sequence that wasn't expecting that.  We had another  
report today of a corner case that reliably crashes v14 under  
debug_discard_caches (nee CLOBBER_CACHE_ALWAYS), and therefore  
would crash once in a blue moon in the field.  We're unlikely  
to get rid of all such code paths unless we adopt the more  
rigorous coding rules instituted by f10f0ae42.  Therefore,  
even though this is a bit invasive, it's time to back-patch.  
Some comfort can be taken in the fact that f10f0ae42 has been  
in v15 for 16 months without problems.  
  
I left the RelationOpenSmgr macro present in the back branches,  
even though no core code should use it anymore, in order to not break  
third-party extensions in minor releases.  Such extensions might opt  
to start using RelationGetSmgr instead, to reduce their code  
differential between v15 and earlier branches.  This carries a hazard  
of failing to compile against headers from existing minor releases.  
However, once compiled the extension should work fine even with such  
releases, because RelationGetSmgr is a "static inline" function so  
it creates no link-time dependency.  So depending on distribution  
practices, that might be an OK tradeoff.  
  
Per report from Spyridon Dimitrios Agathos.  Original patch  
by Amul Sul.  
  
Discussion: https://postgr.es/m/CAFM5RaqdgyusQvmWkyPYaWMwoK5gigdtW-7HcgHgOeAw7mqJ_Q@mail.gmail.com  
Discussion: https://postgr.es/m/CANiYTQsU7yMFpQYnv=BrcRVqK_3U3mtAzAsJCaqtzsDHfsUbdQ@mail.gmail.com  

commit   : aaf28c90654425c2e94dc2c8b2d0d8d971483c7e    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Thu, 17 Nov 2022 07:35:06 -0800    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Thu, 17 Nov 2022 07:35:06 -0800    

This restores compatibility with the not-yet-released successor of  
version 20220807.0.  Back-patch to 9.4, which introduced this code.  
  
Reviewed by Andrew Dunstan.  
  
Discussion: https://postgr.es/m/20221117061805.GA4020280@rfd.leadboat.com  

commit   : 9693f190076ec04fd06d63ab00ba4d0383515b7c    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Mon, 14 Nov 2022 10:22:28 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Mon, 14 Nov 2022 10:22:28 +0530    

During XLOG_HASH_SPLIT_ALLOCATE_PAGE replay, we were checking for a  
cleanup lock on the new bucket page after acquiring an exclusive lock on  
it and raising a PANIC error on failure. However, it is quite possible  
that checkpointer can acquire the pin on the same page before acquiring a  
lock on it, and then the replay will lead to an error. So instead, directly  
acquire the cleanup lock on the new bucket page during  
XLOG_HASH_SPLIT_ALLOCATE_PAGE replay operation.  
  
Reported-by: Andres Freund  
Author: Robert Haas  
Reviewed-By: Amit Kapila, Andres Freund, Vignesh C  
Backpatch-through: 11  
Discussion: https://postgr.es/m/20220810022617.fvjkjiauaykwrbse@awork3.anarazel.de  

commit   : f893af496100737b7fa1ef861ac8bd2705b4d5f1    
  
author   : Jeff Davis <jdavis@postgresql.org>    
date     : Thu, 10 Nov 2022 14:46:30 -0800    
  
committer: Jeff Davis <jdavis@postgresql.org>    
date     : Thu, 10 Nov 2022 14:46:30 -0800    

The original report was concerned with a possible inconsistency  
between the heap and the visibility map, which I was unable to  
confirm. The concern has been retracted.  
  
However, there did seem to be a torn page hazard when using  
checksums. By not setting the heap page LSN during redo, the  
protections of minRecoveryPoint were bypassed. Fixed, along with a  
misleading comment.  
  
It may have been impossible to hit this problem in practice, because  
it would require a page tear between the checksum and the flags, so I  
am marking this as a theoretical risk. But, as discussed, it did  
violate expectations about the page LSN, so it may have other  
consequences.  
  
Backpatch to all supported versions.  
  
Reported-by: Konstantin Knizhnik  
Reviewed-by: Konstantin Knizhnik  
Discussion: https://postgr.es/m/fed17dac-8cb8-4f5b-d462-1bb4908c029e@garret.ru  
Backpatch-through: 11  

commit   : 3383cf023484d595cc58ff47a9aa76ce5ed5bcf3    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 10 Nov 2022 17:24:26 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 10 Nov 2022 17:24:26 -0500    

The stanza "SET STORAGE may need to add a TOAST table" does not  
test what it's supposed to, and hasn't done so since we added  
the ability to store constant column default values as metadata.  
We need to use a non-constant default to get the expected table  
rewrite to actually happen.  
  
Fix that, and add the missing checks that would have exposed the  
problem to begin with.  
  
Noted while reviewing a patch that made changes in this test case.  
Back-patch to v11 where the problem came in.  

commit   : 06dca17ad547ec7cf75d2e88436d28be9d1a51c9    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 10 Nov 2022 10:23:49 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 10 Nov 2022 10:23:49 -0500    

In commit 450ee7012 I supposed that all platforms we now care about have  
snprintf(), since that's required by C99.  Turns out that Microsoft did  
not get around to adding that until VS2015.  We've dropped support for  
VS2013 as of HEAD (cf 6203583b7), but not in the back branches, so add  
a hack for this in the back branches only.  
  
There's no easy shortcut to an exact emulation of standard snprintf  
in VS2013, but fortunately we don't need one: this code was just fine  
with using sprintf before 450ee7012, so we can make it do so again  
on that platform (and any others where the problem might crop up).  
  
Per bug #17681 from Daisuke Higuchi.  Back-patch to v12, like the  
previous patch.  
  
Discussion: https://postgr.es/m/17681-485ba2ec13e7f392@postgresql.org  

commit   : fc0d1ecb0bf1b0d9f8271b81735a8eb8b304ad70    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Thu, 10 Nov 2022 17:19:30 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Thu, 10 Nov 2022 17:19:30 +0530    

The comments atop seem to indicate that we always accumulate invalidation  
messages in a top-level transaction which is neither required nor matches  
with the code.  
  
Author: Amit Kapila  
Reviewd by: Masahiko Sawada  
Backpatch-through: 14, where it was introduced in commit c55040ccd0  
Discussion: https://postgr.es/m/CAA4eK1LxGgnUroPz8STb6OfjVU1yaHoSA+T63URwmGCLdMJ0LA@mail.gmail.com  

commit   : 9e0321135cae1328cd4355399561428b474fce43    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Thu, 10 Nov 2022 16:33:55 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Thu, 10 Nov 2022 16:33:55 +0900    

sync_handler was not mentioned in the comment block of the function.  
  
Oversight in dee663f.  
  
Author: Aleksander Alekseev  
Discussion: https://postgr.es/m/CAJ7c6TPUd9BwNY47TtMxaijLHSbyHNdhu=kvbGnvO_bi+oC6_Q@mail.gmail.com  
Backpatch-through: 14  

commit   : 8befa05d78892c3830efb4f356e1de562e4c6cb7    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 9 Nov 2022 11:08:52 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 9 Nov 2022 11:08:52 -0500    

Add a little to the header comments for these functions to make it  
clearer what guarantees about commit behavior are provided to callers.  
(See commit f92944137 for context.)  
  
Although this is only a comment change, it's really documentation  
aimed at authors of extensions, so it seems appropriate to back-patch.  
  
Yugo Nagata and Tom Lane, per further discussion of bug #17434.  
  
Discussion: https://postgr.es/m/17434-d9f7a064ce2a88a3@postgresql.org  

commit   : 2e4229691c666667f5b5c751773c12b2f2f6b00b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 8 Nov 2022 18:25:03 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 8 Nov 2022 18:25:03 -0500    

Commit fede15417 introduced FILTER by jamming it into the existing  
example introducing HAVING, which seems pedagogically poor to me;  
and it added no information about what the keyword actually does.  
Not to mention that the claimed output didn't match the sample  
data being used in this running example.  
  
Revert that and instead make an independent example using FILTER.  
To help drive home the point that it's a per-aggregate filter,  
we need to use two aggregates not just one; for consistency  
expand all the examples in this segment to do that.  
  
Also adjust the example using WHERE ... LIKE so that it'd produce  
nonempty output with this sample data, and show that output.  
  
Back-patch, as the previous patch was.  (Sadly, v10 is now out  
of scope.)  
  
Discussion: https://postgr.es/m/166794307526.652.9073408178177444190@wrigleys.postgresql.org  

commit   : 6dde6ed3efb4baaa0955f78ba5c93e9490aaa490    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 7 Nov 2022 16:38:53 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 7 Nov 2022 16:38:53 -0500    

commit   : 9c5cbed95e3761d36c1b8cdf89cb1e1f1a8aca9a    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 7 Nov 2022 13:59:56 +0100    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 7 Nov 2022 13:59:56 +0100    

Source-Git-URL: https://git.postgresql.org/git/pgtranslation/messages.git  
Source-Git-Hash: a2d024d57415123f7c9c6e7a71796c7cee8cabc6  

commit   : e527cb8cecc70c3289b8ee1b3d62bc3631bfc8d5    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 6 Nov 2022 11:07:28 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 6 Nov 2022 11:07:28 -0500    

commit   : 1699125ca218d4a035b794eef7c7b8872d10f527    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 4 Nov 2022 19:15:03 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 4 Nov 2022 19:15:03 +0900    

"Triggers on partitioned tables cannot have transition tables." is  
incorrect as we allow statement-level triggers on partitioned tables to  
have transition tables.  
  
This has been wrong since commit 86f575948; back-patch to v11 where that  
commit came in.  
  
Reviewed by Tom Lane.  
  
Discussion: https://postgr.es/m/CAPmGK17gk4vXLzz2iG%2BG4LWRWCoVyam70nZ3OuGm1hMJwDrhcg%40mail.gmail.com  

commit   : 18865f4df9ca2369f42f98d53fc0e82e38b8a41d    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 3 Nov 2022 20:40:21 +0100    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 3 Nov 2022 20:40:21 +0100    

Commit f56f8f8da6af added some code in CloneFkReferencing that's way too  
lax about a Constraint node it manufactures, not initializing enough  
struct members -- initially_valid in particular was forgotten.  This  
causes some FKs in partitions added by ALTER TABLE ATTACH PARTITION to  
be marked as not validated.  Set initially_valid true, which fixes the  
bug.  
  
While at it, make the struct initialization more complete.  Very similar  
code was added in two other places by the same commit; make them all  
follow the same pattern for consistency, though no bugs are apparent  
there.  
  
This bug has never been reported: I only happened to notice while  
working on commit 614a406b4ff1.  The test case that was added there with  
the improper result is repaired.  
  
Backpatch to 12.  
  
Discussion: https://postgr.es/m/20221005105523.bhuhkdx4olajboof@alvherre.pgsql  

commit   : 2489c38cdc58bdd2f181651e741440bb6b83e80b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 3 Nov 2022 12:01:57 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 3 Nov 2022 12:01:57 -0400    

If a syntax error occurred in a SQL-language or PL/pgSQL-language  
CREATE FUNCTION or DO command executed in a logical replication worker,  
we'd suffer a null pointer dereference or assertion failure.  That  
seems like a rather contrived case, but nonetheless worth fixing.  
  
The cause is that function_parse_error_transpose assumes it must be  
executing within the context of a Portal, but logical/worker.c  
doesn't create a Portal since it's not running the standard executor.  
We can just back off the hard Assert check and make it fail gracefully  
if there's not an ActivePortal.  (I have a feeling that the aggressive  
check here was my fault originally, probably because I wasn't sure if  
the case would always hold and wanted to find out.  Well, now we know.)  
  
The hazard seems to exist in all branches that have logical replication,  
so back-patch to v10.  
  
Maxim Orlov, Anton Melnikov, Masahiko Sawada, Tom Lane  
  
Discussion: https://postgr.es/m/b570c367-ba38-95f3-f62d-5f59b9808226@inbox.ru  
Discussion: https://postgr.es/m/adf0452f-8c6b-7def-d35e-ab516c80088e@inbox.ru  

commit   : eeb5461e76ae3df40e2443c087ab94925d767434    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 3 Nov 2022 10:47:31 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 3 Nov 2022 10:47:31 -0400    

Casting the result of palloc etc. to the intended type is more per  
project style anyway.  
  
(The fact that cpluspluscheck doesn't notice these problems is  
because it doesn't expand any macros, which seems like a troubling  
shortcoming.  Don't have a good idea about improving that.)  
  
Back-patch to v13, which is as far as the patch applies cleanly;  
doesn't seem worth working harder.  
  
David Geier  
  
Discussion: https://postgr.es/m/aa5d88a3-71f4-3455-11cf-82de0372c941@gmail.com  

commit   : 058c7b5dd4cc6d8f3561f843fe0f1a7839e2b26d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 2 Nov 2022 17:37:26 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 2 Nov 2022 17:37:26 -0400    

If we have no special-case code in s_lock.h for the current platform,  
but the compiler has __sync_lock_test_and_set, use that instead of  
failing.  It's unlikely that anybody's __sync_lock_test_and_set  
would be so awful as to be worse than our semaphore-based fallback,  
but if it is, they can (continue to) use --disable-spinlocks.  
  
This allows removal of the RISC-V special case installed by commit  
c32fcac56, which generated exactly the same code but only on that  
platform.  Usefully, the RISC-V buildfarm animals should now test  
at least the int variant of this patch.  
  
I've manually tested both variants on ARM by dint of removing the  
ARM-specific stanza.  We don't want to drop that, because it already  
has some special knowledge and is likely to grow more over time.  
Likewise, this is not meant to preclude installing special cases  
for other arches if that proves worthwhile.  
  
Per discussion of a request to install the same code for loongarch64.  
Like the previous patch, we might as well back-patch to supported  
branches.  
  
Discussion: https://postgr.es/m/761ac43d44b84d679ba803c2bd947cc0@HSMAILSVR04.hs.handsome.com.cn  

commit   : a5b7821fc908b50ace1cdc3b972da08a265a81bd    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 2 Nov 2022 12:29:39 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 2 Nov 2022 12:29:39 -0400    

Since partitions can be foreign tables not only plain tables, but  
logical replication only supports plain tables, we'd better check the  
relkind of a partition after we find it.  (There was some discussion  
of checking this when adding a partitioned table to a subscription;  
but that would be inadequate since the troublesome partition could be  
added later.)  Without this, the situation leads to a segfault or  
assertion failure.  
  
In passing, add a separate variable for the target Relation of  
a cross-partition UPDATE; reusing partrel seemed mighty confusing  
and error-prone.  
  
Shi Yu and Tom Lane, per report from Ilya Gladyshev.  Back-patch  
to v13 where logical replication into partitioned tables became  
a thing.  
  
Discussion: https://postgr.es/m/6b93e3748ba43298694f376ca8797279d7945e29.camel@gmail.com  

commit   : 2896aa98ef569d99ea5b27cd6e7a2a789c14fd0a    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Wed, 2 Nov 2022 18:15:03 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Wed, 2 Nov 2022 18:15:03 +0900    

commit   : 97bb80b1b65ea25fe52c289826479018d7bcc167    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 1 Nov 2022 17:08:28 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 1 Nov 2022 17:08:28 -0400    

DST law changes in Chile, Fiji, Iran, Jordan, Mexico, Palestine,  
and Syria.  Historical corrections for Chile, Crimea, Iran, and  
Mexico.  
  
Also, the Europe/Kiev zone has been renamed to Europe/Kyiv  
(retaining the old name as a link).  
  
The following zones have been merged into nearby, more-populous zones  
whose clocks have agreed since 1970: Antarctica/Vostok, Asia/Brunei,  
Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam,  
Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo,  
Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen,  
Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti,  
Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake and Pacific/Wallis.  
(This indirectly affects zones that were already links to one of  
these: Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland,  
Pacific/Ponape, Pacific/Truk, and Pacific/Yap.)  America/Nipigon,  
America/Rainy_River, America/Thunder_Bay, Europe/Uzhgorod, and  
Europe/Zaporozhye were also merged into nearby zones after discovering  
that their claimed post-1970 differences from those zones seem to have  
been errors.  
  
While the IANA crew have been working on merging zones that have no  
post-1970 differences for some time, this batch of changes affects  
some zones that are significantly more populous than those merged  
in the past, notably parts of Europe.  The loss of pre-1970 timezone  
history for those zones may be troublesome for applications  
expecting consistency of timestamptz display.  As an example, the  
stored value '1944-06-01 12:00 UTC' would previously display as  
'1944-06-01 13:00:00+01' if the Europe/Stockholm zone is selected,  
but now it will read out as '1944-06-01 14:00:00+02'.  
  
There exists a "packrat" option that will build the timezone data  
files with this old data preserved, but the problem is that it also  
resurrects a bunch of other, far less well-attested data; so much so  
that actually more zones' contents change from 2022a with that option  
than without it.  I have chosen not to do that here, for that reason  
and because it appears that no major OS distributions are using the  
"packrat" option, so that doing so would cause Postgres' behavior  
to diverge significantly depending on whether it was built with  
--with-system-tzdata.  However, for anyone for whom these changes pose  
significant problems, there is a solution: build a set of timezone  
files with the "packrat" option and use those with Postgres.  

commit   : 0f2f5645a1f347bad7bfa4b670ce9aacdb9e634d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 1 Nov 2022 12:48:01 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 1 Nov 2022 12:48:01 -0400    

When executing a utility statement, we must fetch everything  
we need out of the PlannedStmt data structure before calling  
standard_ProcessUtility.  In certain cases (possibly only ROLLBACK  
in extended query protocol), that data structure will get freed  
during command execution.  The situation is probably often harmless  
in production builds, but in debug builds we intentionally overwrite  
the freed memory with garbage, leading to picking up garbage values  
of statement location and length, typically causing an assertion  
failure later in pg_stat_statements.  In non-debug builds, if  
something did go wrong it would likely lead to storing garbage  
for the query string.  
  
Report and fix by zhaoqigui (with cosmetic adjustments by me).  
It's an old problem, so back-patch to all supported versions.  
  
Discussion: https://postgr.es/m/17663-a344fd0675f92128@postgresql.org  
Discussion: https://postgr.es/m/1667307420050.56657@hundsun.com  

commit   : 5a30d43fa9869adc5a6f708dd0994a8a4e53d905    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Wed, 26 Oct 2022 09:41:18 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Wed, 26 Oct 2022 09:41:18 +0900    

Contrary to what is documented in src/backend/access/transam/README,  
ginHeapTupleFastInsert() had a few ordering issues with the way it does  
its WAL operations when inserting items in its fast path.  
  
First, when using a separate list, XLogBeginInsert() was being always  
called before START_CRIT_SECTION(), and in this case a second thing was  
wrong when merging lists, as an exclusive lock was taken on the tail  
page *before* calling XLogBeginInsert().  Finally, when inserting items  
into a tail page, the order of XLogBeginInsert() and  
START_CRIT_SECTION() was reversed.  This commit addresses all these  
issues by moving the calls of XLogBeginInsert() after all the pages  
logged are locked and pinned, within a critical section.  
  
This has been applied first only on HEAD as of 56b6625, but as per  
discussion with Tom Lane and Álvaro Herrera, a backpatch is preferred to  
keep all the branches consistent and to respect the transam's README  
where we can.  
  
Author:  Matthias van de Meent, Zhang Mingli  
Discussion: https://postgr.es/m/CAEze2WhL8uLMqynnnCu1LAPwxD5RKEo0nHV+eXGg_N6ELU88HQ@mail.gmail.com  
Backpatch-through: 10  

commit   : aaad8adb02ed20ebff9b60f1778d4a80d76e77c1    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Fri, 21 Oct 2022 08:21:55 -0400    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Fri, 21 Oct 2022 08:21:55 -0400    

Specifically, when pg_basebackup is invoked with -Tx=y, don't error  
out if x could plausibly be an absolute path either on Windows or on  
non-Windows systems. We don't know whether the remote system is  
running the same OS as the local system, so it's not appropriate to  
assume that our local rule about absolute pathnames is the same as  
the rule on the remote system.  
  
Patch by me, reviewed by Tom Lane, Andrew Dunstan, and  
Davinder Singh.  
  
Discussion: http://postgr.es/m/CA+TgmoY+jC3YiskomvYKDPK3FbrmsDU7_8+wMHt02HOdJeRb0g@mail.gmail.com  

commit   : 36fc013fabd94f159553973f55afecc6cd115d60    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Fri, 21 Oct 2022 12:33:47 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Fri, 21 Oct 2022 12:33:47 +0530    

Previously in commit 42681dffaf, we added CFI during decoding changes but  
missed another similar case that can happen while restoring changes  
spilled to disk back into memory in a loop.  
  
Reported-by: Robert Haas  
Author: Amit Kapila  
Backpatch-through: 10  
Discussion: https://postgr.es/m/CA+TgmoaLObg0QbstbC8ykDwOdD1bDkr4AbPpB=0DPgA2JW0mFg@mail.gmail.com  

commit   : 4fbe6096b954092abc460adaddd365d5049d40f1    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Fri, 21 Oct 2022 09:52:44 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Fri, 21 Oct 2022 09:52:44 +0530    

This problem has been introduced by commit 272248a0c1 where we started  
assigning the subtransactions to the top-level transaction when we mark  
both the top-level transaction and its subtransactions as containing  
catalog changes. After we assign subtransactions to the top-level  
transaction, we were not allowed to execute any invalidations associated  
with it when we decide to skip the transaction.  
  
The reason to assign the subtransactions to the top-level transaction was  
to avoid the assertion failure in AssertTXNLsnOrder() as they have the  
same LSN when we sometimes start accumulating transaction changes for  
partial transactions after the restart. Now that with commit 64ff0fe4e8,  
we skip this assertion check until we reach the LSN at which we start  
decoding the contents of the transaction, so, there is no reason for such  
an assignment anymore.  
  
The assignment change was introduced in 15 and prior versions but this bug  
doesn't exist in branches prior to 14 since we don't add invalidation  
messages to subtransactions. We decided to backpatch through 11 for  
consistency but not for 10 since its final release is near.  
  
Reported-by: Kuroda Hayato  
Author: Masahiko Sawada  
Reviewed-by: Amit Kapila  
Backpatch-through: 11  
Discussion: https://postgr.es/m/TYAPR01MB58660803BCAA7849C8584AA4F57E9%40TYAPR01MB5866.jpnprd01.prod.outlook.com  
Discussion: https://postgr.es/m/a89b46b6-0239-2fd5-71a9-b19b1f7a7145%40enterprisedb.com  

commit   : f892150076dbee167ecd850d3628443d0fb34d82    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Fri, 21 Oct 2022 09:30:27 +1300    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Fri, 21 Oct 2022 09:30:27 +1300    

56788d215 adjusted the parallel seq scan code so that instead of handing  
out a single block at a time to parallel workers, it now hands out ranges  
of blocks.  
  
Here we update the documentation which still claimed that workers received  
just 1 block at a time.  
  
Reported-by: Zhang Mingli  
Discussion: https://postgr.es/m/17c99615-2c3b-4e4e-9d0b-424a66a7bccd@Spark  
Backpatch-through: 14, where 56788d215 was added.  

commit   : a592ed923e67871749233dcd7106a64936a971cf    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Thu, 20 Oct 2022 09:34:18 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Thu, 20 Oct 2022 09:34:18 +0530    

When the logical decoding restarts from NEW_CID, since there is no  
association between the top transaction and its subtransaction, both are  
created as top transactions and have the same LSN. This caused the  
assertion failure in AssertTXNLsnOrder().  
  
This patch skips the assertion check until we reach the LSN at which we  
start decoding the contents of the transaction, specifically  
start_decoding_at LSN in SnapBuild. This is okay because we don't  
guarantee to make the association between top transaction and  
subtransaction until we try to decode the actual contents of transaction.  
The ordering of the records prior to the start_decoding_at LSN should have  
been checked before the restart.  
  
The other assertion failure is due to the reason that we forgot to track  
that we have considered top-level transaction id in the list of catalog  
changing transactions that were committed when one of its subtransactions  
is marked as containing catalog change.  
  
Reported-by: Tomas Vondra, Osumi Takamichi  
Author: Masahiko Sawada, Kuroda Hayato  
Reviewed-by: Amit Kapila, Dilip Kumar, Kuroda Hayato, Kyotaro Horiguchi, Masahiko Sawada  
Backpatch-through: 10  
Discussion: https://postgr.es/m/a89b46b6-0239-2fd5-71a9-b19b1f7a7145%40enterprisedb.com  
Discussion: https://postgr.es/m/TYCPR01MB83733C6CEAE47D0280814D5AED7A9%40TYCPR01MB8373.jpnprd01.prod.outlook.com  

commit   : d033f8f8bea9c7b5c4ae43a95b569ceccdaddd7a    
  
author   : Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 19 Oct 2022 22:32:14 +1300    
  
committer: Thomas Munro <tmunro@postgresql.org>    
date     : Wed, 19 Oct 2022 22:32:14 +1300    

Per https://llvm.org/docs/OpaquePointers.html, support for non-opaque  
pointers still exists and we can request that on our context.  We have  
until LLVM 16 to move to opaque pointers, a much larger change.  
  
Back-patch to 11, where LLVM support arrived.  
  
Author: Thomas Munro <thomas.munro@gmail.com>  
Author: Andres Freund <andres@anarazel.de>  
Discussion: https://postgr.es/m/CAMHz58Sf_xncdyqsekoVsNeKcruKootLtVH6cYXVhhUR1oKPCg%40mail.gmail.com  

commit   : 51683feb97c1cd324617837bda727b19989c7b53    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Mon, 17 Oct 2022 15:21:29 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Mon, 17 Oct 2022 15:21:29 -0400    

It was previously easily overlooked at the end of several tables.  
  
Reported-by: Alex Denman  
  
Discussion: https://postgr.es/m/166335888474.659.16897487975376230364@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : b661aea772e1fd06064ee9473c2431081a4436fe    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Mon, 17 Oct 2022 15:07:03 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Mon, 17 Oct 2022 15:07:03 -0400    

The fix is to run ANALYZE.  
  
Discussion: https://postgr.es/m/YzRr+ys98UzVQJvK@momjian.us,  
   https://postgr.es/m/flat/CAKJS1f8DTbCHf9gedU0He6ARsd58E6qOhEHM1caomqj_r9MOiQ%40mail.gmail.com,  
   https://postgr.es/m/CAKJS1f80o98hcfSk8j%3DfdN09S7Sjz%2BvuzhEwbyQqvHJb_sZw0g%40mail.gmail.com  
  
Backpatch-through: 10  

commit   : 2f26cec4884366cc23737c5a9b7797935057ce38    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 17 Oct 2022 12:14:39 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 17 Oct 2022 12:14:39 -0400    

DefineQueryRewrite() has long required that ON SELECT rules be named  
"_RETURN".  But we overlooked the converse case: we should forbid  
non-ON-SELECT rules that are named "_RETURN".  In particular this  
prevents using CREATE OR REPLACE RULE to overwrite a view's _RETURN  
rule with some other kind of rule, thereby breaking the view.  
  
Per bug #17646 from Kui Liu.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/17646-70c93cfa40365776@postgresql.org  

commit   : 8c611602bd356cbb47c3ebe8614f958391ec92a8    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 17 Oct 2022 11:35:23 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 17 Oct 2022 11:35:23 -0400    

The executor will dump core if it's asked to execute a seqscan on  
a relation having no table AM, such as a view.  While that shouldn't  
really happen, it's possible to get there via catalog corruption,  
such as a missing ON SELECT rule.  It seems worth installing a defense  
against that.  There are multiple plausible places for such a defense,  
but I picked the planner's get_relation_info().  
  
Per discussion of bug #17646 from Kui Liu.  Back-patch to v12 where  
the tableam APIs were introduced; in older versions you won't get a  
SIGSEGV, so it seems less pressing.  
  
Discussion: https://postgr.es/m/17646-70c93cfa40365776@postgresql.org  

commit   : 8122160ffb68acb0db740f4f6456fdaaaa577d90    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 16 Oct 2022 19:18:08 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 16 Oct 2022 19:18:08 -0400    

If the non-recursive term of a SEARCH BREADTH FIRST recursive  
query has only constants in its target list, the planner will  
fold the starting RowExpr added by rewrite into a simple Const  
of type RECORD.  The executor doesn't have any problem with  
that --- but EXPLAIN VERBOSE will encounter the Const as the  
ultimate source of truth about what the field names of the  
SET column are, and it didn't know what to do with that.  
Fortunately, we can pull the identifying typmod out of the  
Const, in much the same way that record_out would.  
  
For reasons that remain a bit obscure to me, this only fails  
with SEARCH BREADTH FIRST, not SEARCH DEPTH FIRST or CYCLE.  
But I added regression test cases for both of those options  
too, just to make sure we don't break it in future.  
  
Per bug #17644 from Matthijs van der Vleuten.  Back-patch  
to v14 where these constructs were added.  
  
Discussion: https://postgr.es/m/17644-3bd1f3036d6d7a16@postgresql.org  

commit   : 18e60712dd852f796bb31a64e8389d92be7cf9c6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 16 Oct 2022 15:27:04 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 16 Oct 2022 15:27:04 -0400    

In the latest version of Apple's macOS SDK, <sys/socket.h>  
fails to compile if "REF" is #define'd as something.  
Apple may or may not agree that this is a bug, and even if  
they do accept the bug report I filed, they probably won't  
fix it very quickly.  In the meantime, our back branches will all  
fail to compile gram.y.  v15 and HEAD currently escape the problem  
thanks to the refactoring done in 98e93a1fc, but that's purely  
accidental.  Moreover, since that patch removed a widely-visible  
inclusion of <netdb.h>, back-patching it seems too likely to break  
third-party code.  
  
Instead, change the token's code name to REF_P, following our usual  
convention for naming parser tokens that are likely to have symbol  
conflicts.  The effects of that should be localized to the grammar  
and immediately surrounding files, so it seems like a safer answer.  
  
Per project policy that we want to keep recently-out-of-support  
branches buildable on modern systems, back-patch all the way to 9.2.  
  
Discussion: https://postgr.es/m/1803927.1665938411@sss.pgh.pa.us  

commit   : 6fa431d84a046603ec7c2d54ad51955487686b20    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 16 Oct 2022 11:47:44 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 16 Oct 2022 11:47:44 -0400    

snprintf.c has always fallen back on libc's *printf implementation  
when printing pointers (%p) and floats.  When this code originated,  
we were still supporting some platforms that lacked native snprintf,  
so we used sprintf for that.  That's not actually unsafe in our usage,  
but nonetheless builds on macOS are starting to complain about sprintf  
being unconditionally deprecated; and I wouldn't be surprised if other  
platforms follow suit.  There seems little reason to believe that any  
platform supporting C99 wouldn't have standards-compliant snprintf,  
so let's just use that instead to suppress such warnings.  
  
Back-patch to v12, which is where we started to require C99.  It's  
also where we started to use our snprintf.c everywhere, so this  
wouldn't be enough to suppress the warning in older branches anyway  
--- that is, in older branches these aren't necessarily all our  
usages of libc's sprintf.  It is enough in v12+ because any  
deprecation annotation attached to libc's sprintf won't apply to  
pg_sprintf.  (Whether all our usages of pg_sprintf are adequately  
safe is not a matter I intend to address here, but perhaps it could  
do with some review.)  
  
Per report from Andres Freund and local testing.  
  
Discussion: https://postgr.es/m/20221015211955.q4cwbsfkyk3c4ty3@awork3.anarazel.de  

commit   : b8af4166ff96af9c7bed1b511d0356284a8b7766    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 14 Oct 2022 19:06:26 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 14 Oct 2022 19:06:26 +0200    

When a query whose results were requested in single-row mode is the last  
in the queue by the time those results are being read, the single-row  
flag was not being reset, because we were returning early from  
pqPipelineProcessQueue.  Move that stanza up so that the flag is always  
reset at the end of sending that query's results.  
  
Add a test for the situation.  
  
Backpatch to 14.  
  
Author: Denis Laxalde <denis.laxalde@dalibo.com>  
Discussion: https://postgr.es/m/01af18c5-dacc-a8c8-07ee-aecc7650c3e8@dalibo.com  

commit   : 3fe6f261f7a20cfc8e6809ae36bfe93d1f779751    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 13 Oct 2022 13:36:14 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 13 Oct 2022 13:36:14 +0200    

While at it, simplify wording a bit.  
  
Author: Takamichi Osumi <osumi.takamichi@fujitsu.com>  
Reviewed-by: Peter Smith <smithpb2250@gmail.com>  
Discussion: https://postgr.es/m/TYCPR01MB8373F93F5D094A2BE648990DED259@TYCPR01MB8373.jpnprd01.prod.outlook.com  

commit   : c6127303718cb25edab7de8bd6f76a0a1e31f3fb    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 12 Oct 2022 10:51:11 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 12 Oct 2022 10:51:11 -0400    

Add  
    After=network-online.target  
    Wants=network-online.target  
to the suggested unit file for starting a Postgres server.  
This delays startup until the network interfaces have been  
configured; without that, any attempt to bind to a specific  
IP address will fail.  
  
If listen_addresses is set to "localhost" or "*", it might be  
possible to get away with the less restrictive "network.target",  
but I don't think we need to get into such detail here.  
  
Per suggestion from Pablo Federico.  
  
Discussion: https://postgr.es/m/166552157407.591805.10036014441784710940@wrigleys.postgresql.org  

commit   : b10546ecf8266d2b368b98ccd491eeae5160e316    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 11 Oct 2022 18:54:31 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 11 Oct 2022 18:54:31 -0400    

The postmaster is not supposed to do anything that depends  
fundamentally on shared memory contents, because that creates  
the risk that a backend crash that trashes shared memory will  
take the postmaster down with it, preventing automatic recovery.  
In commit 969d7cd43 I lost sight of this principle and coded  
AssignPostmasterChildSlot() in such a way that it could fail  
or even crash if the shared PMSignalState structure became  
corrupted.  Remarkably, we've not seen field reports of such  
crashes; but I managed to induce one while testing the recent  
changes around palloc chunk headers.  
  
To fix, make a semi-duplicative state array inside the postmaster  
so that we need consult only local state while choosing a "child  
slot" for a new backend.  Ensure that other postmaster-executed  
routines in pmsignal.c don't have critical dependencies on the  
shared state, either.  Corruption of PMSignalState might now  
lead ReleasePostmasterChildSlot() to conclude that backend X  
failed, when actually backend Y was the one that trashed things.  
But that doesn't matter, because we'll force a cluster-wide reset  
regardless.  
  
Back-patch to all supported branches, since this is an old bug.  
  
Discussion: https://postgr.es/m/3436789.1665187055@sss.pgh.pa.us  

commit   : 3162bd95cad3bf9ad89b9c7c8e50716cb513d46f    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 11 Oct 2022 18:24:14 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 11 Oct 2022 18:24:14 -0400    

DEFAULT markers appearing in an INSERT on an updatable view  
could be mis-processed if they were in a multi-row VALUES clause.  
This would lead to strange errors such as "cache lookup failed  
for type NNNN", or in older branches even to crashes.  
  
The cause is that commit 41531e42d tried to re-use rewriteValuesRTE()  
to remove any SetToDefault nodes (that hadn't previously been replaced  
by the view's own default values) appearing in "product" queries,  
that is DO ALSO queries.  That's fundamentally wrong because the  
DO ALSO queries might not even be INSERTs; and even if they are,  
their targetlists don't necessarily match the view's column list,  
so that almost all the logic in rewriteValuesRTE() is inapplicable.  
  
What we want is a narrow focus on replacing any such nodes with NULL  
constants.  (That is, in this context we are interpreting the defaults  
as being strictly those of the view itself; and we already replaced  
any that aren't NULL.)  We could add still more !force_nulls tests  
to further lobotomize rewriteValuesRTE(); but it seems cleaner to  
split out this case to a new function, restoring rewriteValuesRTE()  
to the charter it had before.  
  
Per bug #17633 from jiye_sw.  Patch by me, but thanks to  
Richard Guo and Japin Li for initial investigation.  
Back-patch to all supported branches, as the previous fix was.  
  
Discussion: https://postgr.es/m/17633-98cc85e1fa91e905@postgresql.org  

commit   : 4f6d1cfd6b6f0707e4f4c3479261845263256f77    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Tue, 11 Oct 2022 09:56:13 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Tue, 11 Oct 2022 09:56:13 +0200    

PostgreSQL::Test::Cluster and ::Utils were not being installed.  This is  
very hard to notice, as it only seems to affect external modules that  
want to run tests from 15 back in earlier versions.  Oversight in  
b235d41d9646.  
  
This applies only to branches 14 and back, because 15 had already been  
made correct in commit b3b4d8e68ae8.  
  
Discussion: https://postgr.es/m/20221010093415.poplkyn7pjeiv2y7@alvherre.pgsql  

commit   : 483d26930b4c804cecb9b074021244bd4b1c8499    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 7 Oct 2022 19:37:48 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 7 Oct 2022 19:37:48 +0200    

There are a number of bugs in this area.  Two of them are fixed here,  
namely:  
1. get_relation_idx_constraint_oid does not restrict the type of  
   constraint that's returned, so with sufficient bad luck it can  
   return the OID of a foreign key constraint.  This has the effect that  
   a primary key in a partition can end up as a child of a foreign key,  
   which makes no sense (it needs to be the child of the equivalent  
   primary key.)  
   Change the API contract so that only index-backed constraints are  
   returned, mimicking get_constraint_index().  
  
2. Both CloneFkReferenced and CloneFkReferencing clone a  
   self-referencing foreign key, so the partition ends up with  
   a duplicate foreign key.  Change the former function to ignore such  
   constraints.  
  
Add some tests to verify that things are better now.  (However, these  
new tests show some additional misbehavior that will be fixed later --  
namely that there's a constraint marked NOT VALID.)  
  
Backpatch to 12, where these constraints are possible at all.  
  
Author: Jehan-Guillaume de Rorthais <jgdr@dalibo.com>  
Discussion: https://postgr.es/m/20220603154232.1715b14c@karst  

commit   : b93d7e6883d683ea35f4f5ea843222f47aacbaee    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 30 Sep 2022 19:36:46 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 30 Sep 2022 19:36:46 -0400    

Commit 34f581c39 intended to ensure that RelationGetBufferForTuple  
would acquire a visibility-map page pin in case the otherBuffer's  
all-visible bit had become set since we last had lock on that page.  
But I missed a case: when we're extending the relation, VM concerns  
were dealt with only in the relatively-less-likely case that we  
fail to conditionally lock the otherBuffer.  I think I'd believed  
that we couldn't need to worry about it if the conditional lock  
succeeds, which is true for the target buffer; but the otherBuffer  
was unlocked for awhile so its bit might be set anyway.  So we need  
to do the GetVisibilityMapPins dance, and then also recheck the  
page's free space, in both cases.  
  
Per report from Jaime Casanova.  Back-patch to v12 as the previous  
patch was (although there's still no evidence that the bug is  
reachable pre-v14).  
  
Discussion: https://postgr.es/m/E1lWLjP-00006Y-Ml@gemulon.postgresql.org  

commit   : 064e1c879dd28255202e94fdf766f4a98f916858    
  
author   : Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Fri, 30 Sep 2022 12:03:48 +0200    
  
committer: Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Fri, 30 Sep 2022 12:03:48 +0200    

The compression parameter to PQsslAttribute has never returned the  
compression method used, it has always returned "on" or "off since  
it was added in commit 91fa7b4719ac. Backpatch through v10.  
  
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>  
Discussion: https://postgr.es/m/B9EC60EC-F665-47E8-A221-398C76E382C9@yesql.se  
Backpatch-through: v10  

commit   : fc9eb3f0c382dee11099ff400ff29f4b0132f16b    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 29 Sep 2022 16:55:03 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 29 Sep 2022 16:55:03 +0900    

Remove the stale text that is a leftover from an earlier version of the  
patch to add support for batch insertion, and adjust the wording in the  
remaining text.  
  
Back-patch to v14 where batch insertion came in.  
  
Review and wording adjustment by Tom Lane.  
  
Discussion: https://postgr.es/m/CAPmGK14goatHPHQv2Aeu_UTKqZ%2BBO%2BP%2Bzd3HKv5D%2BdyyfWKDSw%40mail.gmail.com  

commit   : 81c094bd93763f76190c2a78e13cae03e15b7432    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 28 Sep 2022 13:14:38 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 28 Sep 2022 13:14:38 -0400    

Reported-by: Tom Lane  
  
Discussion: https://postgr.es/m/3976627.1662651004@sss.pgh.pa.us  
  
Backpatch-through: 10  

commit   : bbdc1d2334e63f761e4baf37ca3243f66f56f6be    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 28 Sep 2022 13:05:20 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 28 Sep 2022 13:05:20 -0400    

doc revert of commit 1703726488.  Change was applied to irrelevant  
branches, and was not detailed enough to be helpful in relevant  
branches.  
  
Reported-by: Peter Eisentraut, Noah Misch  
  
Discussion: https://postgr.es/m/a2dc9de4-24fc-3222-87d3-0def8057d7d8@enterprisedb.com  
  
Backpatch-through: 10  

commit   : f1e7f25b5aef2f3957aa4dbc5eda874871f693e0    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 28 Sep 2022 17:14:53 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 28 Sep 2022 17:14:53 +0200    

This prevents marking the argument string for translation for gettext,  
and it also prevents the given string (which is already translated) from  
being translated at runtime.  
  
Also, mark the strings used as arguments to check_rolespec_name for  
translation.  
  
Backpatch all the way back as appropriate.  None of this is caught by  
any tests (necessarily so), so I verified it manually.  

commit   : 9923764614a0a4e0e23f3455794d9c2ac0b1635d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 25 Sep 2022 17:10:58 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 25 Sep 2022 17:10:58 -0400    

Commit 25936fd46 adjusted things so that the "storeslot" we use  
for remapping trigger tuples would have adequate lifespan, but it  
neglected to consider the lifespan of the tuple descriptor that  
the slot depends on.  It turns out that in at least some cases, the  
tupdesc we are passing is a refcounted tupdesc, and the refcount for  
the slot's reference can get assigned to a resource owner having  
different lifespan than the slot does.  That leads to an error like  
"tupdesc reference 0x7fdef236a1b8 is not owned by resource owner  
SubTransaction".  Worse, because of a second oversight in the same  
commit, we'd try to free the same tupdesc refcount again while  
cleaning up after that error, leading to recursive errors and an  
"ERRORDATA_STACK_SIZE exceeded" PANIC.  
  
To fix the initial problem, let's just make a non-refcounted copy  
of the tupdesc we're supposed to use.  That seems likely to guard  
against additional problems, since there's no strong reason for  
this code to assume that what it's given is a refcounted tupdesc;  
in which case there's an independent hazard of the tupdesc having  
shorter lifespan than the slot does.  (I didn't bother trying to  
free said copy, since it should go away anyway when the (sub)  
transaction context is cleaned up.)  
  
The other issue can be fixed by making the code added to  
AfterTriggerFreeQuery work like the rest of that function, ie be  
sure that it doesn't try to free the same slot twice in the event  
of recursive error cleanup.  
  
While here, also clean up minor stylistic issues in the test case  
added by 25936fd46: don't use "create or replace function", as any  
name collision within the tests is likely to have ill effects  
that that won't mask; and don't use function names as generic as  
trigger_function1, especially if you're not going to drop them  
at the end of the test stanza.  
  
Per bug #17607 from Thomas Mc Kay.  Back-patch to v12, as the  
previous fix was.  
  
Discussion: https://postgr.es/m/17607-bd8ccc81226f7f80@postgresql.org  

commit   : f2094c78b8015b79c922c3424e0bb27be66d455b    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sun, 25 Sep 2022 17:48:03 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sun, 25 Sep 2022 17:48:03 +0200    

commit   : 1c03166352c3fd94dd131938e42f2a182fcf4067    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 23 Sep 2022 18:11:48 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Fri, 23 Sep 2022 18:11:48 +0200    

The "emulation" I wrote for PQsendQuery in pipeline mode to use extended  
query protocol, in commit acb7e4eb6b1c, is problematic.  Due to numerous  
bugs we'll soon remove it.  As a first step and for all branches back to  
14, stop using PQsendQuery in libpq_pipeline.  Also remove a few test  
lines that will no longer be relevant.  
  
Backpatch to 14.  
  
Discussion: https://postgr.es/m/CA+mi_8ZGSQNmW6-mk_iSR4JZB_LJ4ww3suOF+1vGNs3MrLsv4g@mail.gmail.com  

commit   : 21934612d86a1e0c83c2774b776a022b9a5a90bd    
  
author   : Jeff Davis <jdavis@postgresql.org>    
date     : Thu, 22 Sep 2022 10:58:49 -0700    
  
committer: Jeff Davis <jdavis@postgresql.org>    
date     : Thu, 22 Sep 2022 10:58:49 -0700    

Similar to 5f12bc94dc, the code must re-check PageIsAllVisible() after  
buffer lock is re-acquired. Backpatching to the same version, 12.  
  
Discussion: https://postgr.es/m/CAEP4nAw9jYQDKd_5Y+-s2E4YiUJq1vqiikFjYGpLShtp-K3gag@mail.gmail.com  
Reported-by: Robins Tharakan  
Reviewed-by: Robins Tharakan  
Backpatch-through: 12  

commit   : e4514aafad0b134e67d7d0cf1612fb5c76fc8fec    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 22 Sep 2022 15:55:03 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Thu, 22 Sep 2022 15:55:03 +0900    

This comment has been wrong since its introduction in commit 0d5f05cde;  
backpatch to v12 where that came in.  
  
Discussion: https://postgr.es/m/CAPmGK14VGf-xQjGQN4o1QyAbXAaxugU5%3DqfcmTDh1iufUDnV_w%40mail.gmail.com  

commit   : be032619d4b16e74025d04e027b587d6e11e7cbd    
  
author   : Fujii Masao <fujii@postgresql.org>    
date     : Thu, 22 Sep 2022 12:54:26 +0900    
  
committer: Fujii Masao <fujii@postgresql.org>    
date     : Thu, 22 Sep 2022 12:54:26 +0900    

Commit 6c2003f8a1 changed the snapshot names mentioned in  
SET TRANSACTION docs, however, there was one place that  
the commit missed updating the name.  
  
Back-patch to all supported versions.  
  
Author: Japin Li  
Reviewed-by: Fujii Masao  
Discussion: https://postgr.es/m/MEYP282MB1669BD4280044501165F8B07B64F9@MEYP282MB1669.AUSP282.PROD.OUTLOOK.COM  

commit   : 88c947cb52615e073503f92e12d942cca5609a3c    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 21 Sep 2022 13:52:38 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 21 Sep 2022 13:52:38 -0400    

Mop up assorted set-but-not-used warnings in the back branches.  
This includes back-patching relevant fixes from commit 152c9f7b8  
the rest of the way, but there are also several cases that did not  
appear in HEAD.  Some of those we'd fixed in a retail way but not  
back-patched, and others I think just got rewritten out of existence  
during nearby refactoring.  
  
While here, also back-patch b1980f6d0 (PL/Tcl: Fix compiler warnings  
with Tcl 8.6) into 9.2, so that that branch compiles warning-free  
with modern Tcl.  
  
Per project policy, this is a candidate for back-patching into  
out-of-support branches: it suppresses annoying compiler warnings  
but changes no behavior.  Hence, back-patch all the way to 9.2.  
  
Discussion: https://postgr.es/m/514615.1663615243@sss.pgh.pa.us  

commit   : dcd7dbed50085eed92ff9733dca54e0fe5518c78    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 20 Sep 2022 18:59:53 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 20 Sep 2022 18:59:53 -0400    

There doesn't seem to be any good ABI-preserving way to silence  
clang 15's -Wdeprecated-non-prototype warnings about our tree-walk  
APIs.  While we've fixed it properly in HEAD, the only way to not  
see hundreds of these in the back branches is to disable the  
warnings.  We're not going to do anything about them, so we might  
as well disable them.  
  
I noticed that we also get some of these warnings about fmgr.c's  
support for V0 function call convention, in branches before v10  
where we removed that.  That's another area we aren't going to  
change, so turning off the warning seems fine for that too.  
  
Per project policy, this is a candidate for back-patching into  
out-of-support branches: it suppresses annoying compiler warnings  
but changes no behavior.  Hence, back-patch all the way to 9.2.  
  
Discussion: https://postgr.es/m/CA+hUKGKpHPDTv67Y+s6yiC8KH5OXeDg6a-twWo_xznKTcG0kSA@mail.gmail.com  

commit   : 2e124d857a64a91d2b70afdbed6156d753089771    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 20 Sep 2022 12:04:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 20 Sep 2022 12:04:37 -0400    

clang 15+ will issue a set-but-not-used warning when the only  
use of a variable is in autoincrements (e.g., "foo++;").  
That's perfectly sensible, but it detects a few more cases that  
we'd not noticed before.  Silence the warnings with our usual  
methods, such as PG_USED_FOR_ASSERTS_ONLY, or in one case by  
actually removing a useless variable.  
  
One thing that we can't nicely get rid of is that with %pure-parser,  
Bison emits "yynerrs" as a local variable that falls foul of this  
warning.  To silence those, I inserted "(void) yynerrs;" in the  
top-level productions of affected grammars.  
  
Per recently-established project policy, this is a candidate  
for back-patching into out-of-support branches: it suppresses  
annoying compiler warnings but changes no behavior.  Hence,  
back-patch to 9.5, which is as far as these patches go without  
issues.  (A preliminary check shows that the prior branches  
need some other set-but-not-used cleanups too, so I'll leave  
them for another day.)  
  
Discussion: https://postgr.es/m/514615.1663615243@sss.pgh.pa.us  

commit   : 382cc68007784623e365ec033468ec69535afbaf    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Tue, 20 Sep 2022 19:28:47 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Tue, 20 Sep 2022 19:28:47 +0900    

The parameter controlling if two-phase transactions can be decoded was  
named "two_phase" in the documentation while its procedure defines  
"twophase".  
  
Author: Florin Irion  
Discussion: https://postgr.es/m/5eeabd10-1aff-ea61-f92d-9fa0d9a7e207@gmail.com  
Backpatch-through: 14  

commit   : e68fc64fd7f38927720d729c667906d209ebc09f    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Tue, 20 Sep 2022 18:13:46 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Tue, 20 Sep 2022 18:13:46 +0900    

These variables used XLogRecPtr instead of RepOriginId.  
  
Author: Masahiko Sawada  
Discussion: https://postgr.es/m/CAD21AoBm-vNyBSXGp4bmJGvhr=S-EGc5q1dtV70cFTcJvLhC=Q@mail.gmail.com  
Backpatch-through: 14  

commit   : 7394c763bc72db90cbca0fca8a17f96cc2bcc6f7    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 19 Sep 2022 12:16:02 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 19 Sep 2022 12:16:02 -0400    

The API contract for planstate_tree_walker() callbacks is that they  
take a PlanState pointer and a context pointer.  Somebody figured  
they could save a couple lines of code by ignoring that, and passing  
ExecShutdownNode itself as the walker even though it has but one  
argument.  Somewhat remarkably, we've gotten away with that so far.  
However, it seems clear that the upcoming C2x standard means to  
forbid such cases, and compilers that actively break such code  
likely won't be far behind.  So spend the extra few lines of code  
to do it honestly with a separate walker function.  
  
In HEAD, we might as well go further and remove ExecShutdownNode's  
useless return value.  I left that as-is in back branches though,  
to forestall complaints about ABI breakage.  
  
Back-patch, with the thought that this might become of practical  
importance before our stable branches are all out of service.  
It doesn't seem to be fixing any live bug on any currently known  
platform, however.  
  
Discussion: https://postgr.es/m/208054.1663534665@sss.pgh.pa.us  

commit   : 44933010ceb3ac06d4c01b559aafed4bef16c45d    
  
author   : Peter Geoghegan <pg@bowt.ie>    
date     : Sat, 17 Sep 2022 16:54:14 -0700    
  
committer: Peter Geoghegan <pg@bowt.ie>    
date     : Sat, 17 Sep 2022 16:54:14 -0700    

The function has a bool argument named "case_insensitive", but that was  
spelled "case_sensitive" in the declaration.  Make them consistent now  
to avoid confusion in the future.  
  
Author: Peter Geoghegan <pg@bowt.ie>  
Reviewed-By: Michael Paquiër <michael@paquier.xyz>  
Discussion: https://postgr.es/m/CAH2-WznJt9CMM9KJTMjJh_zbL5hD9oX44qdJ4aqZtjFi-zA3Tg@mail.gmail.com  
Backpatch: 10-  

commit   : b4b4b817da5a6293b17109f5a2d61f2e1ab8cf11    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Sat, 17 Sep 2022 09:21:59 -0700    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Sat, 17 Sep 2022 09:21:59 -0700    

Frontend code shouldn't include postgres.h. Some files in src/port/ need to  
include postgres.h/postgres_fe.h, but these files don't.  
  
Discussion: https://postgr.es/m/20220915022626.5xx3ccgkzpkqw5mq@awork3.anarazel.de  
Backpatch: 12-, where 3fd2a7932ef introduced (some) of these files  

commit   : 56d45fdab7b12cd0c767a8c1e7ab6c04390a32d8    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 16 Sep 2022 13:23:01 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 16 Sep 2022 13:23:01 -0400    

Treat arguments declared as RECORD as if that were a polymorphic type  
(which it is, sort of), in that we substitute the actual argument type  
while forming the function cache lookup key.  This allows the specific  
composite type to be known in some cases where it was not before,  
at the cost of making a separate function cache entry for each named  
composite type that's passed to the function during a session.  The  
particular symptom discussed in bug #17610 could be solved in other  
more-efficient ways, but only at the cost of considerable development  
work, and there are other cases where we'd still fail without this.  
  
Per bug #17610 from Martin Jurča.  Back-patch to v11 where we first  
allowed plpgsql functions to be declared as taking type RECORD.  
  
Discussion: https://postgr.es/m/17610-fb1eef75bf6c2364@postgresql.org  

commit   : bff7bc6cb785191041aa7530febdbb5cfe6eaf06    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 15 Sep 2022 17:17:53 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 15 Sep 2022 17:17:53 -0400    

I happened to notice that libpq_pipeline's private implementation  
of pg_fatal lacked any pg_attribute_printf decoration.  Indeed,  
adding that turned up a mistake!  We'd likely never have noticed  
because the error exits in this code are unlikely to get hit,  
but still, it's a bug.  
  
We're so used to having the compiler check this stuff for us that  
a printf-like function without pg_attribute_printf is a land mine.  
I wonder if there is a way to detect such omissions.  
  
Back-patch to v14 where this code came in.  

commit   : b53d104ae3b9cb0acfc6bb429261005bd07d3b3e    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Wed, 14 Sep 2022 18:45:03 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Wed, 14 Sep 2022 18:45:03 +0900    

The tlist of the EvalPlanQual outer plan for a ForeignScan node is  
adjusted to produce a tuple whose descriptor matches the scan tuple slot  
for the ForeignScan node.  But in the case where the outer plan contains  
an extra Sort node, if the new tlist contained columns required only for  
evaluating PlaceHolderVars or columns required only for evaluating local  
conditions, this would cause setrefs.c to fail with the error.  
  
The cause of this is that when creating the outer plan by injecting the  
Sort node into an alternative local join plan that could emit such extra  
columns as well, we fail to arrange for the outer plan to propagate them  
up through the Sort node, causing setrefs.c to fail to match up them in  
the new tlist to what is available from the outer plan.  Repair.  
  
Per report from Alexander Pyhalov.  
  
Richard Guo and Etsuro Fujita, reviewed by Alexander Pyhalov and Tom Lane.  
Backpatch to all supported versions.  
  
Discussion: http://postgr.es/m/cfb17bf6dfdf876467bd5ef533852d18%40postgrespro.ru  

commit   : 4b529f4697f3cb59e1a225a741f14a1afb6bccd5    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Wed, 14 Sep 2022 14:52:28 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Wed, 14 Sep 2022 14:52:28 +0900    

The zlib documentation mentions the values supported for the compression  
strategy, but this code has been using a hardcoded value of 0 rather  
than Z_DEFAULT_STRATEGY.  This commit adjusts the code to use  
Z_DEFAULT_STRATEGY.  
  
Backpatch down to where this code has been added to ease the backport of  
any future patch touching this area.  
  
Reported-by: Tom Lane  
Discussion: https://postgr.es/m/1400032.1662217889@sss.pgh.pa.us  
Backpatch-through: 10  

commit   : b7f37af7c195519a041fcc6084cff95dc5e4a76f    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Wed, 14 Sep 2022 06:04:24 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Wed, 14 Sep 2022 06:04:24 +0200    

This adds additional variants of palloc, pg_malloc, etc. that  
encapsulate common usage patterns and provide more type safety.  
  
Specifically, this adds palloc_object(), palloc_array(), and  
repalloc_array(), which take the type name of the object to be  
allocated as its first argument and cast the return as a pointer to  
that type.  There are also palloc0_object() and palloc0_array()  
variants for initializing with zero, and pg_malloc_*() variants of all  
of the above.  
  
Inspired by the talloc library.  
  
This is backpatched from master so that future backpatchable code can  
make use of these APIs.  This patch by itself does not contain any  
users of these APIs.  
  
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>  
Discussion: https://www.postgresql.org/message-id/flat/bb755632-2a43-d523-36f8-a1e7a389a907@enterprisedb.com  

commit   : c2aa5d01e3e33776f77e68a60ca5b60b58c5c674    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Tue, 13 Sep 2022 11:05:13 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Tue, 13 Sep 2022 11:05:13 +1200    

The primary fix here is to fix has_matching_range() so it does not  
reference ranges->values[-1] when nranges == 0.  Similar problems existed  
in AssertCheckRanges() too.  It does not look like any of these problems  
could lead to a crash as the array in question is at the end of the Ranges  
struct, and values[-1] is memory that belongs to other fields in the  
struct.  However, let's get rid of these rather unsafe coding practices.  
  
In passing, I (David) adjusted some comments to try to make it more clear  
what some of the fields are for in the Ranges struct.  I had to study the  
code to find out what nsorted was for as I couldn't tell from the  
comments.  
  
Author: Ranier Vilela  
Discussion: https://postgr.es/m/CAEudQAqJQzPitufX-jR=YUbJafpCDAKUnwgdbX_MzSc93wuvdw@mail.gmail.com  
Backpatch-through: 14, where multi-range brin was added.  

commit   : 293a6ac4b9898febe1cf9a4614facf6128be5d77    
  
author   : Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Mon, 12 Sep 2022 22:17:17 +0200    
  
committer: Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Mon, 12 Sep 2022 22:17:17 +0200    

The FreeBSD site was changed with a redirect, which in turn seems to  
lead to a 404. Replace with the working link.  
  
Author: James Coleman <jtc331@gmail.com>  
Discussion: https://postgr.es/m/CAAaqYe_JZRj+KPn=hACtwsg1iLRYs=jYvxG1NW4AnDeUL1GD-Q@mail.gmail.com  

commit   : 13b8a1c19626d425176b1e00a8104db1e339aaf3    
  
author   : Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Mon, 12 Sep 2022 12:59:06 +0200    
  
committer: Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Mon, 12 Sep 2022 12:59:06 +0200    

Commit c4c340088 changed geometric operators to use float4 and float8  
functions, and handle NaN's in a better way. The circle sameness test  
had a typo in the code which resulted in all comparisons with the left  
circle having a NaN radius considered same.  
  
  postgres=# select '<(0,0),NaN>'::circle ~= '<(0,0),1>'::circle;  
  ?column?  
  ----------  
  t  
  (1 row)  
  
This fixes the sameness test to consider the radius of both the left  
and right circle.  
  
Backpatch to v12 where this was introduced.  
  
Author: Ranier Vilela <ranier.vf@gmail.com>  
Discussion: https://postgr.es/m/CAEudQAo8dK=yctg2ZzjJuzV4zgOPBxRU5+Kb+yatFiddtQk6Rw@mail.gmail.com  
Backpatch-through: v12  

commit   : be0b0528cb64d49750fcb632faa2cfcd8d920be2    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 9 Sep 2022 15:34:04 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 9 Sep 2022 15:34:04 -0400    

The ECPG preprocessor converted code such as  
  
static varchar str1[10], str2[20], str3[30];  
  
into  
  
static  struct varchar_1  { int len; char arr[ 10 ]; }  str1 ;  
        struct varchar_2  { int len; char arr[ 20 ]; }  str2 ;  
        struct varchar_3  { int len; char arr[ 30 ]; }  str3 ;  
  
thus losing the storage attribute for the later variables.  
Repeat the declaration for each such variable.  
  
(Note that this occurred only for variables declared "varchar"  
or "bytea", which may help explain how it escaped detection  
for so long.)  
  
Andrey Sokolov  
  
Discussion: https://postgr.es/m/942241662288242@mail.yandex.ru  

commit   : e55ccb3b179cbfc5b436339cf1a71d21a73c79dc    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 9 Sep 2022 12:41:36 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 9 Sep 2022 12:41:36 -0400    

When using the BSD UUID functions, contrib/uuid-ossp expects  
uuid_create() to produce a version-1 UUID.  FreeBSD still does so,  
but in recent NetBSD releases that function produces a version-4  
(random) UUID instead.  That's not acceptable for our purposes:  
if the user wanted v4 she would have asked for v4, not v1.  
Hence, check the version digit and complain if it's not '1'.  
  
Also drop the documentation's claim that the NetBSD implementation  
is usable.  It might be, depending on which OS version you're using,  
but we're not going to get into that kind of detail.  
  
(Maybe someday we should ditch all these external libraries  
and just write our own UUID code, but today is not that day.)  
  
Nazir Bilal Yavuz, with cosmetic adjustments and docs by me.  
Backpatch to all supported versions.  
  
Discussion: https://postgr.es/m/3848059.1661038772@sss.pgh.pa.us  
Discussion: https://postgr.es/m/17358-89806e7420797025@postgresql.org  

commit   : 640c20d6266ddc89e7969c697681d3f869f92dfb    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 8 Sep 2022 13:17:02 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Thu, 8 Sep 2022 13:17:02 +0200    

During ALTER TABLE ATTACH PARTITION, if the name of a parent's foreign  
key constraint is already used on the partition, the code tries to  
choose another one before the FK attributes list has been populated,  
so the resulting constraint name was "<relname>__fkey" instead of  
"<relname>_<attrs>_fkey".  Repair, and add a test case.  
  
Backpatch to 12.  In 11, the code to attach a partition was not smart  
enough to cope with conflicting constraint names, so the problem doesn't  
exist there.  
  
Author: Jehan-Guillaume de Rorthais <jgdr@dalibo.com>  
Discussion: https://postgr.es/m/20220901184156.738ebee5@karst  

commit   : a254545a54a2e14ec6f41b8190d6c6713a85a18a    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Mon, 5 Sep 2022 18:44:11 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Mon, 5 Sep 2022 18:44:11 +1200    

Improve documentation regarding the limitations of unique and primary key  
constraints on partitioned tables.  The existing documentation didn't make  
it clear that the constraint columns had to be present in the partition  
key as bare columns.  The reader could be led to believe that it was ok to  
include the constraint columns as part of a function call's parameters or  
as part of an expression.  Additionally, the documentation didn't mention  
anything about the fact that we disallow unique and primary key  
constraints if the partition keys contain *any* function calls or  
expressions, regardless of if the constraint columns appear as columns  
elsewhere in the partition key.  
  
The confusion here was highlighted by a report on the general mailing list  
by James Vanns.  
  
Discussion: https://postgr.es/m/CAH7vdhNF0EdYZz3GLpgE3RSJLwWLhEk7A_fiKS9dPBT3Dz_3eA@mail.gmail.com  
Discussion: https://postgr.es/m/CAApHDvoU-u9iTqKjteYRFfi+UNEk7dbSAcyxEQD==vZt9B1KnA@mail.gmail.com  
Reviewed-by: Erik Rijkers  
Backpatch-through: 11  

commit   : bc73bd26f17f236368a0a3434e0c632d332803ca    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Sat, 3 Sep 2022 20:57:30 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Sat, 3 Sep 2022 20:57:30 +0900    

These have been updated by the revert done in 2f2b18b, but the  
pre-revert state was correct.  Note that the result was incorrectly  
formatted in the first case.  
  
Author: Erik Rijkers  
Discussion: https://postgr.es/m/13777e96-24b6-396b-cb16-8ad01b6ac130@xs4all.nl  
Backpatch-through: 13  

commit   : 413074273918e223a496e0f5348c3b74c620b211    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 2 Sep 2022 23:32:19 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 2 Sep 2022 23:32:19 -0400    

Discussion: https://postgr.es/m/YxAqYijOsLzgLQgy@momjian.us  
  
Backpatch-through: 10  

commit   : 3eef32c58b438e08071acb22580162976bce680b    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 2 Sep 2022 21:57:41 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 2 Sep 2022 21:57:41 -0400    

Reported-by: Drew DeVault  
  
Discussion: https://postgr.es/m/20211018091720.31299-1-sir@cmpwn.com  
  
Backpatch-through: 10  

commit   : 5527b79cc04a6aa3aab885d3bcd7162b4c620b1c    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 2 Sep 2022 16:45:03 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 2 Sep 2022 16:45:03 +0900    

Commit 487e9861d added a new field to struct Trigger, but failed to  
update the documentation to match; backpatch to v13 where that came in.  
  
Reviewed by Richard Guo.  
  
Discussion: https://postgr.es/m/CAPmGK17NY92CyxJ%2BBG7A3JZurmng4jfRfzPiBTtNupGMF0xW1g%40mail.gmail.com  

commit   : 6ec89610925448b1e7e9377afa73e158b291693c    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Thu, 1 Sep 2022 19:22:35 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Thu, 1 Sep 2022 19:22:35 +1200    

Primarily, this fixes an incorrect calculation in SlabCheck which was  
looking in the wrong byte for the sentinel check.  The reason that we've  
never noticed this before in the form of a failing sentinel check is  
because the pre-check to this always fails because all current core users  
of slab contexts have a chunk size which is already MAXALIGNed, therefore  
there's never any space for the sentinel byte.  It is possible that an  
extension needs to use a slab context and if they do with a chunk size  
that's not MAXALIGNed, then they'll likely get errors about overwritten  
sentinel bytes.  
  
Additionally, this patch changes various calculations which are being done  
based on the sizeof(SlabBlock).  Currently, sizeof(SlabBlock) is a  
multiple of 8, therefore sizeof(SlabBlock) is the same as  
MAXALIGN(sizeof(SlabBlock)), however, if we were to ever have to add any  
fields to that struct as part of a bug fix, then SlabAlloc could end up  
returning a non-MAXALIGNed pointer.  To be safe, let's ensure we always  
MAXALIGN sizeof(SlabBlock) before using it in any calculations.  
  
This patch has already been applied to master in d5ee4db0e.  
  
Diagnosed-by: Tomas Vondra, Tom Lane  
Author: Tomas Vondra, David Rowley  
Discussion: https://postgr.es/m/CAA4eK1%2B1JyW5TiL%3DyV-3Uq1CrfnTyn0Xrk5uArt31Z%3D8rgPhXQ%40mail.gmail.com  
Backpatch-through: 10  

commit   : 8f32ac5a16197f1ee89c6b20be9ea209dc5da5ee    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 23:11:46 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 23:11:46 -0400    

Discussion: https://postgr.es/m/Yv1Bw8J+1pYfHiRl@momjian.us  
  
Backpatch-through: 10  

commit   : 6fac58814c5d9fb75ac67d2bcf7732748d5634f2    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 22:35:09 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 22:35:09 -0400    

Also remove USING erroneously added recently.  
  
Reported-by: Jeff Janes  
  
Discussion: https://postgr.es/m/CAMkU=1zhCpC7hottyMWM5Pimr9vRLprSwzLg+7PgajWhKZqRzw@mail.gmail.com  
  
Backpatch-through: 10  

commit   : d11a53a8e0a77c95c47e6f2514c1ba70c18d60e0    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 22:19:06 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 22:19:06 -0400    

Reported-by: michal.palenik@freemap.sk  
  
Discussion: https://postgr.es/m/163499710897.684.7420075366995883688@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : 9d8f19201a6e6b53590080b892b41f6cca6eec26    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 22:04:36 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 22:04:36 -0400    

Previously it was just marked as a duplicate of the core function.  
  
Reported-by: Andreas Dijkman  
  
Discussion: https://postgr.es/m/17349-24d61e214429e8c1@postgresql.org  
  
Backpatch-through: 13  

commit   : d514d77ac3e36935803f2101124a1af2b57d4bf1    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 21:46:14 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 21:46:14 -0400    

This allows the syntax to be more accurate about what clauses are  
supported.  Also switch an example query to use the ANSI join syntax.  
  
Reported-by: Joel Jacobson  
  
Discussion: https://postgr.es/m/67b71d3e-0c22-44df-a223-351f14418319@www.fastmail.com  
  
Backpatch-through: 11  

commit   : b566f320c81878af248da0dda8f30b8327719692    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 21:10:37 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 21:10:37 -0400    

Non-sql_body functions are evaluated at runtime.  
  
Reported-by: Erki Eessaar  
  
Discussion: https://postgr.es/m/AM9PR01MB8268BF5E74E119828251FD34FE409@AM9PR01MB8268.eurprd01.prod.exchangelabs.com  
  
Backpatch-through: 10  

commit   : 4eab0181a0e1a72d4a3dd524210c3384bd6396e9    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 20:27:27 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 20:27:27 -0400    

Also mention that time zone abbreviations are not supported.  
  
Reported-by: philippe.godfrin@nov.com  
  
Discussion: https://postgr.es/m/163888728952.1269.5167822676466793158@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : 92557ac314e52c248d0a864c5e4b6088cddd8687    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 19:43:06 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 19:43:06 -0400    

Reported-by: Japin Li  
  
Discussion: https://postgr.es/m/MEYP282MB1669B13E98AE531617CB1386B6979@MEYP282MB1669.AUSP282.PROD.OUTLOOK.COM  
  
Backpatch-through: 10  

commit   : 086ec88cda3f408b3720e352a69d41d54f97adf6    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 19:28:42 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 19:28:42 -0400    

It used to show direction was required for FROM/IN.  
  
Reported-by: Rob <rirans@comcast.net>  
  
Discussion: https://postgr.es/m/20211015165248.isqjceyilelhnu3k@localhost  
  
Author: Rob <rirans@comcast.net>  
  
Backpatch-through: 10  

commit   : c1f54eac3ab67e70f507cd82d4057e4abb070111    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 17:08:44 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 17:08:44 -0400    

Reported-by: Rob <rirans@comcast.net>  
  
Discussion: https://postgr.es/m/20211016171149.yaouvlw5kvux6dvk@localhost  
  
Author: Rob <rirans@comcast.net>  
  
Backpatch-through: 10  

commit   : feec1b2d5af4bbac9106065f5b9f55413084a543    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 31 Aug 2022 16:23:20 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 31 Aug 2022 16:23:20 -0400    

get_database_list() failed to restore the caller's memory context,  
instead leaving current context set to TopMemoryContext which is  
how CommitTransactionCommand() leaves it.  The callers both think  
they are using short-lived contexts, for the express purpose of  
not having to worry about cleaning up individual allocations.  
The net effect therefore is that supposedly short-lived allocations  
could accumulate indefinitely in the launcher's TopMemoryContext.  
  
Although this has been broken for a long time, it seems we didn't  
have any obvious memory leak here until v15's rearrangement of the  
stats logic.  I (tgl) am not entirely convinced that there's no  
other leak at all, though, and we're surely at risk of adding one  
in future back-patched fixes.  So back-patch to all supported  
branches, even though this may be only a latent bug in pre-v15.  
  
Reid Thompson  
  
Discussion: https://postgr.es/m/972a4e12b68b0f96db514777a150ceef7dcd2e0f.camel@crunchydata.com  

commit   : e969f1ae2b01d7b69371332b839fa16e3b54e56d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 31 Aug 2022 10:42:05 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 31 Aug 2022 10:42:05 -0400    

If the input word exceeds 1000 bytes, don't pass it to the stemmer;  
just return it as-is after case folding.  Such an input is surely  
not a word in any human language, so whatever the stemmer might  
do to it would be pretty dubious in the first place.  Adding this  
restriction protects us against a known recursion-to-stack-overflow  
problem in the Turkish stemmer, and it seems like good insurance  
against any other safety or performance issues that may exist in  
the Snowball stemmers.  (I note, for example, that they contain no  
CHECK_FOR_INTERRUPTS calls, so we really don't want them running  
for a long time.)  The threshold of 1000 bytes is arbitrary.  
  
An alternative definition could have been to treat such words as  
stopwords, but that seems like a bigger break from the old behavior.  
  
Per report from Egor Chindyaskin and Alexander Lakhin.  
Thanks to Olly Betts for the recommendation to fix it this way.  
  
Discussion: https://postgr.es/m/1661334672.728714027@f473.i.mail.ru  

commit   : 464db46760d2a89e1933038330f1d84210115886    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 30 Aug 2022 17:28:32 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 30 Aug 2022 17:28:32 -0400    

The default of lazy symbol resolution means that when the postmaster  
first reaches the select() call in ServerLoop, it'll need to resolve  
the link to that libc entry point.  NetBSD's dynamic loader takes  
an internal lock while doing that, and if a signal interrupts the  
operation then there is a risk of self-deadlock should the signal  
handler do anything that requires that lock, as several of the  
postmaster signal handlers do.  The window for this is pretty narrow,  
and timing considerations make it unlikely that a signal would arrive  
right then anyway.  But it's semi-repeatable on slow single-CPU  
machines, and in principle the race could happen with any hardware.  
  
The least messy solution to this is to force binding of dynamic  
symbols at postmaster start, using the "-z now" linker option.  
While we're at it, also use "-z relro" so as to provide a small  
security gain.  
  
It's not entirely clear whether any other platforms share this  
issue, but for now we'll assume it's NetBSD-specific.  (We might  
later try to use "-z now" on more platforms for performance  
reasons, but that would not likely be something to back-patch.)  
  
Report and patch by me; the idea to fix it this way is from  
Andres Freund.  
  
Discussion: https://postgr.es/m/3384826.1661802235@sss.pgh.pa.us  

commit   : 0e54a5e27494dd4184632aadb26a070e85fb8587    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Mon, 29 Aug 2022 10:47:12 -0400    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Mon, 29 Aug 2022 10:47:12 -0400    

When a PostgreSQL instance performing archive recovery but not using  
standby mode is promoted, and the last WAL segment that it attempted  
to read ended in a partial record, the previous code would create  
invalid WAL on the new timeline. The WAL from the previously timeline  
would be copied to the new timeline up until the end of the last valid  
record, but instead of beginning to write WAL at immediately  
afterwards, the promoted server would write an overwrite contrecord at  
the beginning of the next segment. The end of the previous segment  
would be left as all-zeroes, resulting in failures if anything tried  
to read WAL from that file.  
  
The root of the issue is that ReadRecord() decides whether to set  
abortedRecPtr and missingContrecPtr based on the value of StandbyMode,  
but ReadRecord() switches to a new timeline based on the value of  
ArchiveRecoveryRequested. We shouldn't try to write an overwrite  
contrecord if we're switching to a new timeline, so change the test in  
ReadRecod() to check ArchiveRecoveryRequested instead.  
  
Code fix by Dilip Kumar. Comments by me incorporating suggested  
language from Álvaro Herrera. Further review from Kyotaro Horiguchi  
and Sami Imseih.  
  
Discussion: http://postgr.es/m/CAFiTN-t7umki=PK8dT1tcPV=mOUe2vNhHML6b3T7W7qqvvajjg@mail.gmail.com  
Discussion: http://postgr.es/m/FB0DEA0B-E14E-43A0-811F-C1AE93D00FF3%40amazon.com  

commit   : 7f5dd42a40fba039543c66333714d51a469d8945    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 28 Aug 2022 10:44:52 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 28 Aug 2022 10:44:52 -0400    

Compute total number of sub-parts correctly, per jason@banfelder.net  
  
Simon Riggs  
  
Discussion: https://postgr.es/m/166161184718.1235920.6304070286124217754@wrigleys.postgresql.org  

commit   : aeec3534ccf3fa4a207694955b4078a9a9dafc8f    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Sat, 27 Aug 2022 15:22:11 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Sat, 27 Aug 2022 15:22:11 +0900    

While waiting for slots to become available in wait_on_slots() in  
parallel_slot.c, the cancellation always relied on the first connection  
in the set to do the job.  This could cause problems when this slot's  
socket is gone as PQgetCancel() would return NULL in this case.  Rather  
than always using the first connection, this changes the logic to use  
the first valid connection for the cancellation.  
  
Author: Ranier Vilela  
Reviewed-by: Justin Pryzby  
Discussion: https://postgr.es/m/CAEudQAokk1h_pUwGXsYS4oVOuf35s1O2o3TXGHpV8=AWikvgHA@mail.gmail.com  
Backpatch-through: 14  

commit   : 28d351c9ff2afe5cc18ef64779c02c49c76896fb    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 26 Aug 2022 16:55:02 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 26 Aug 2022 16:55:02 +0900    

commit   : 444ec169a7def141f9520c1111a31c8a5dda22ce    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 24 Aug 2022 13:01:40 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 24 Aug 2022 13:01:40 -0400    

SplitToVariants() in the ispell code, lseg_inside_poly() in geo_ops.c,  
and regex_selectivity_sub() in selectivity estimation could recurse  
until stack overflow; fix by adding check_stack_depth() calls.  
So could next() in the regex compiler, but that case is better fixed by  
converting its tail recursion to a loop.  (We probably get better code  
that way too, since next() can now be inlined into its sole caller.)  
  
There remains a reachable stack overrun in the Turkish stemmer, but  
we'll need some advice from the Snowball people about how to fix that.  
  
Per report from Egor Chindyaskin and Alexander Lakhin.  These mistakes  
are old, so back-patch to all supported branches.  
  
Richard Guo and Tom Lane  
  
Discussion: https://postgr.es/m/1661334672.728714027@f473.i.mail.ru  

commit   : 04f1013be084a12a251c7087b06664d0918755e6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 23 Aug 2022 09:55:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 23 Aug 2022 09:55:37 -0400    

On fast machines, it's possible for applications such as pgbench  
to issue connection requests so quickly that the postmaster's  
listen queue overflows in the kernel, resulting in unexpected  
failures (with not-very-helpful error messages).  Most modern OSes  
allow the queue size to be increased, so document how to do that.  
  
Per report from Kevin McKibbin.  
  
Discussion: https://postgr.es/m/CADc_NKg2d+oZY9mg4DdQdoUcGzN2kOYXBu-3--RW_hEe0tUV=g@mail.gmail.com  

commit   : eb0097c6f3eeb559e33369066be7279f540d05db    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 23 Aug 2022 09:41:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 23 Aug 2022 09:41:37 -0400    

sysctl is more portable than Linux's /proc/sys file tree, and  
often easier to use too.  That's why most of our docs refer to  
sysctl when talking about how to adjust kernel parameters.  
Bring the few stragglers into line.  
  
Discussion: https://postgr.es/m/361175.1661187463@sss.pgh.pa.us  

commit   : 6d05d575bec5ef9a05f8d62f1c872b71dde32a01    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Tue, 23 Aug 2022 09:24:51 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Tue, 23 Aug 2022 09:24:51 +0530    

While decoding changes in a loop, if we skip all the changes there is no  
CFI making the loop uninterruptible.  
  
Reported-by: Whale Song and Andrey Borodin  
Bug: 17580  
Author: Masahiko Sawada  
Reviwed-by: Amit Kapila  
Backpatch-through: 10  
Discussion: https://postgr.es/m/17580-849c1d5b6d7eb422@postgresql.org  
Discussion: https://postgr.es/m/B319ECD6-9A28-4CDF-A8F4-3591E0BF2369@yandex-team.ru  

commit   : 3bfea5cbba983d35506d29563952fbadb782ef52    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 18 Aug 2022 12:11:47 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 18 Aug 2022 12:11:47 -0400    

When creating a partitioned index, DefineIndex tries to identify  
any existing indexes on the partitions that match the partitioned  
index, so that it can absorb those as child indexes instead of  
building new ones.  Part of the matching is to compare IndexInfo  
structs --- but that wasn't done quite right.  We're comparing  
the IndexInfo built within DefineIndex itself to one made from  
existing catalog contents by BuildIndexInfo.  Notably, while  
BuildIndexInfo will run index expressions and predicates through  
expression preprocessing, that has not happened to DefineIndex's  
struct.  The result is failure to match and subsequent creation  
of duplicate indexes.  
  
The easiest and most bulletproof fix is to build a new IndexInfo  
using BuildIndexInfo, thereby guaranteeing that the processing done  
is identical.  
  
While here, let's also extract the opfamily and collation data  
from the new partitioned index, removing ad-hoc logic that  
duplicated knowledge about how those are constructed.  
  
Per report from Christophe Pettus.  Back-patch to v11 where  
we invented partitioned indexes.  
  
Richard Guo and Tom Lane  
  
Discussion: https://postgr.es/m/8864BFAA-81FD-4BF9-8E06-7DEB8D4164ED@thebuild.com  

commit   : 239c3ee41be3b7c621c446344d09e3affeb8cd59    
  
author   : Tomas Vondra <tomas.vondra@postgresql.org>    
date     : Tue, 16 Aug 2022 23:52:10 +0200    
  
committer: Tomas Vondra <tomas.vondra@postgresql.org>    
date     : Tue, 16 Aug 2022 23:52:10 +0200    

The assert, introduced by 9f1cf97bb5, is intended to check if the prefix  
is terminated by a \0 byte, but it has two flaws. Firstly, prefix_size  
includes the \0 byte, so prefix[prefix_size] points to the byte after  
the null byte. Secondly, the check ensures the byte is not equal \0,  
while it should be checking the opposite.  
  
Backpatch-through: 14  
Discussion: https://postgr.es/m/b99b6101-2f14-3796-3dfa-4a6cd7d4326d@enterprisedb.com  

commit   : 1d968b87047708eae1d0eef27860668ec318a3ee    
  
author   : Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Tue, 16 Aug 2022 22:54:43 +0200    
  
committer: Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Tue, 16 Aug 2022 22:54:43 +0200    

The tty connection string parameter was removed in commit 14d9b3760  
but the reference to it in the docs was mistakenly kept.  Fix by  
removing it from the libpq documentation.  Backpatch through v14  
where the parameter was removed.  
  
Author: Noriyoshi Shinoda <noriyoshi.shinoda@hpe.com>  
Discussion: https://postgr.es/m/DM4PR84MB173433216FCC2A3961879000EE6B9@DM4PR84MB1734.NAMPRD84.PROD.OUTLOOK.COM  
Backpatch-through: 14  

commit   : 02f8d68af256c34cfac774ae46b2d4a465d35276    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Tue, 16 Aug 2022 14:51:42 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Tue, 16 Aug 2022 14:51:42 +0530    

The current publisher code checks if UPDATE or DELETE can be executed with  
the replica identity of the table even if it's a partitioned table. We can  
skip checking the replica identity for partitioned tables because the  
operations are actually performed on the leaf partitions (not the  
partitioned table).  
  
Reported-by: Brad Nicholson  
Author: Hou Zhijie  
Reviewed-by: Peter Smith, Amit Kapila  
Backpatch-through: 13  
Discussion: https://postgr.es/m/CAMMnM%3D8i5DohH%3DYKzV0_wYuYSYvuOJoL9F5nzXTc%2ByzsG1f6rg%40mail.gmail.com  

commit   : a1a5e6d95cc9fabbd4e0209161662aa45220c4b1    
  
author   : Tatsuo Ishii <ishii@postgresql.org>    
date     : Tue, 16 Aug 2022 09:27:34 +0900    
  
committer: Tatsuo Ishii <ishii@postgresql.org>    
date     : Tue, 16 Aug 2022 09:27:34 +0900    

In ref/create_sequence.sgml <literal> tag was used for nextval function name.  
This should have been <function> tag.  
  
Author: Noboru Saito  
Discussion: https://postgr.es/m/CAAM3qnJTDFFfRf5JHJ4AYrNcqXgMmj0pbH0%2Bvm%3DYva%2BpJyGymA%40mail.gmail.com  
Backpatch-through: 10  

commit   : d63a69157d189bf3d56eb5ad37fa67d0134bfb31    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 15 Aug 2022 15:40:07 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 15 Aug 2022 15:40:07 -0400    

There's a convention that externally-visible libpq functions should  
check for a NULL PGconn pointer, and fail gracefully instead of  
crashing.  PQflush() and PQisnonblocking() didn't get that memo  
though.  Also add a similar check to PQdefaultSSLKeyPassHook_OpenSSL;  
while it's not clear that ordinary usage could reach that with a  
null conn pointer, it's cheap enough to check, so let's be consistent.  
  
Daniele Varrazzo and Tom Lane  
  
Discussion: https://postgr.es/m/CA+mi_8Zm_mVVyW1iNFgyMd9Oh0Nv8-F+7Y3-BqwMgTMHuo_h2Q@mail.gmail.com  

commit   : 63b64d8270691894a9a8f2d4e929e7780020edb8    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Mon, 15 Aug 2022 13:37:38 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Mon, 15 Aug 2022 13:37:38 +0900    

This option switch supports a total of 8 values, as told by  
set_plan_disabling_options() and the documentation, but this was not  
reflected in the output generated by --help.  
  
Author: Junwang Zhao  
Discussion: https://postgr.es/m/CAEG8a3+pT3cWzyjzKs184L1XMNm8NDnoJLiSjAYSO7XqpRh_vA@mail.gmail.com  
Backpatch-through: 10  

commit   : 06602372b36df2b36e4db5ac30504dad878ea254    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 14 Aug 2022 12:05:27 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 14 Aug 2022 12:05:27 -0400    

When enlarging the work buffers of a VarStringSortSupport object,  
varstrfastcmp_locale was careful to keep them in the ssup_cxt  
memory context; but varstr_abbrev_convert just used palloc().  
The latter creates a hazard that the buffers could be freed out  
from under the VarStringSortSupport object, resulting in stomping  
on whatever gets allocated in that memory later.  
  
In practice, because we only use this code for ICU collations  
(cf. 3df9c374e), the problem is confined to use of ICU collations.  
I believe it may have been unreachable before the introduction  
of incremental sort, too, as traditional sorting usually just  
uses one context for the duration of the sort.  
  
We could fix this by making the broken stanzas in varstr_abbrev_convert  
match the non-broken ones in varstrfastcmp_locale.  However, it seems  
like a better idea to dodge the issue altogether by replacing the  
pfree-and-allocate-anew coding with repalloc, which automatically  
preserves the chunk's memory context.  This fix does add a few cycles  
because repalloc will copy the chunk's content, which the existing  
coding assumes is useless.  However, we don't expect that these buffer  
enlargement operations are performance-critical.  Besides that, it's  
far from obvious that copying the buffer contents isn't required, since  
these stanzas make no effort to mark the buffers invalid by resetting  
last_returned, cache_blob, etc.  That seems to be safe upon examination,  
but it's fragile and could easily get broken in future, which wouldn't  
get revealed in testing with short-to-moderate-size strings.  
  
Per bug #17584 from James Inform.  Whether or not the issue is  
reachable in the older branches, this code has been broken on its  
own terms from its introduction, so patch all the way back.  
  
Discussion: https://postgr.es/m/17584-95c79b4a7d771f44@postgresql.org  

commit   : 1dfc9193af7ff3cde963aa153e21fadbfebe030a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 13 Aug 2022 16:59:58 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 13 Aug 2022 16:59:58 -0400    

It's possible to reach this case when work_mem is very small and tupsize  
is (relatively) very large.  In that case ExecChooseHashTableSize would  
get an assertion failure, or with asserts off it'd compute nbuckets = 0,  
which'd likely cause misbehavior later (I've not checked).  To fix,  
clamp the number of buckets to be at least 1.  
  
This is due to faulty conversion of old my_log2() coding in 28d936031.  
Back-patch to v13, as that was.  
  
Zhang Mingli  
  
Discussion: https://postgr.es/m/beb64ca0-91e2-44ac-bf4a-7ea36275ec02@Spark  

commit   : 496ab1d6c8d853899595e986f04cd70c4b13dac4    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 13 Aug 2022 15:21:28 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 13 Aug 2022 15:21:28 -0400    

Most parts of the parser can expect that the stack overflow check  
in transformExprRecurse() will trigger before things get desperate.  
However, transformFromClauseItem() can recurse directly to self  
without having analyzed any expressions, so it's possible to drive  
it to a stack-overrun crash.  Add a check to prevent that.  
  
Per bug #17583 from Egor Chindyaskin.  Back-patch to all supported  
branches.  
  
Richard Guo  
  
Discussion: https://postgr.es/m/17583-33be55b9f981f75c@postgresql.org  

commit   : 2db574a2184e5e6ae289e48079e8523c9cbdc8c4    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 10:32:38 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 10:32:38 +0200    

As of 897795240cfaaed724af2f53ed2c50c9862f951f, check constraints can  
be declared invalid.  But that patch didn't update _outConstraint() to  
also show the relevant struct fields (which were only applicable to  
foreign keys before that).  This currently only affects debugging  
output, so no impact in practice.  

commit   : 08c5c6d2833bfae8a27ed7ab3f66513b735321bb    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 00:00:41 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 00:00:41 +0200    

96ef3b8ff1cf1950e897fd2f766d4bd9ef0d5d56 accidentally copied a not  
applicable comment from the float8_pass_by_value code to the  
data_checksums code.  Remove that.  
  
87d3b35a1ca31a9d947a8f919a6006679216dff0 changed pg_upgrade to  
checking the checksum version rather than just the Boolean presence of  
checksums, but didn't change the field type in its ControlData struct  
from bool.  So this would not work correctly if there ever is a  
checksum version larger than 1.  

commit   : 88b54b07916c58c7cd20cc0998dc2c62c060a1f7    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:43:23 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:43:23 -0400    

Reported-by: Shinya Kato  
  
Discussion: https://postgr.es/m/1ecdb1ff78e9b03dfce37e85eaca725a@oss.nttdata.com  
  
Author: Shinya Kato  
  
Backpatch-through: 10  

commit   : 675a368a35a1ae4aa2c54fbd2a8310e3939d73b8    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:05:13 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:05:13 -0400    

Reported-by: Jonathan S. Katz  
  
Discussion: https://postgr.es/m/c59ffbd5-96ac-a5a5-a401-14f627ca1405@postgresql.org  
  
Backpatch-through: 11  

commit   : 9039e34e7ed26710e49b4c43d8859387cf4f4faf    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 12:02:20 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 12:02:20 -0400    

Reported-by: Simon Riggs  
  
Discussion: https://postgr.es/m/CANP8+jJESuuXYq9Djvf-+tx2vY2OFLmfEuu+UvwHNJ1RT7iJCQ@mail.gmail.com  
  
Author: Simon Riggs  
  
Backpatch-through: 10  

commit   : ec98eac9873bd50d75fc51a440848d07ba158d8f    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:35:23 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:35:23 -0400    

The use of file 'config.pl' was not clearly explained.  
  
Reported-by: liambowen@gmail.com  
  
Discussion: https://postgr.es/m/164246013804.31952.4958087335645367498@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : e6f7892914ab70b40a2ffa71887e3bdcfa668988    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:26:03 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:26:03 -0400    

Somehow this was in the syntax but had no description.  
  
Reported-by: robertcorrington@gmail.com  
  
Discussion: https://postgr.es/m/164228771825.31954.2719791849363756957@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : ff48a0c80ec8dc47ba59161b43058ddcdfbe5b09    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 10:59:00 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 10:59:00 -0400    

Mention that the table is not modified if it already exists.  
  
Reported-by: frank_limpert@yahoo.com  
  
Discussion: https://postgr.es/m/164441177106.9677.5991676148704507229@wrigleys.postgresql.org  
  
Backpatch-through: 10  

commit   : a8fade6cb5ecadca939b2ced770d809631fddd89    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 10:30:01 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 10:30:01 -0400    

Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwZ24UcfkoyLLSW3PMGQATomOcw1nuYFRuMev-NoOF+mYw@mail.gmail.com  
  
Author: David G. Johnston  
  
Backpatch-through: 14, partial to 13  

commit   : ec3530f4597540cec9d6ccdb2290899822581128    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 09:06:48 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 09:06:48 -0400    

Member tracking was added in PG 13.  
  
Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwY1YtxQHVWUFYvSnOjZ5VPpXjF33V52bSKEwFjK2K=1Aw@mail.gmail.com  
  
Author: David G. Johnston  
  
Backpatch-through: 13  

commit   : 3f4069ca2c3efdc5d945fb7a4a5b4a1ecd176719    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Fri, 12 Aug 2022 08:17:30 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Fri, 12 Aug 2022 08:17:30 +0200    

The set of fields printed by _outConstraint() in the CONSTR_IDENTITY  
case didn't match the set of fields actually used in that case.  (The  
code was probably uncarefully copied from the CONSTR_DEFAULT case.)  
Fix that by using the right set of fields.  Since there is no read  
support for this node type, this is really just for debugging output  
right now, so it doesn't affect anything important.  

commit   : e082ef9c4282d4dd9c15585ef7a4da30db1289d5    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Fri, 12 Aug 2022 11:16:35 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Fri, 12 Aug 2022 11:16:35 +0530    

This was originally done in commit 0c20dd33db for 16 only, to eliminate  
duplicate code and as an infrastructure that makes it easier to write  
future tests. However, it has been suggested that it would be good to  
back-patch this testing infrastructure to aid future tests in  
back-branches.  
  
Backpatch to all supported versions.  
  
Author: Masahiko Sawada  
Reviewed by: Amit Kapila, Shi yu  
Discussion: https://postgr.es/m/CAD21AoC-fvAkaKHa4t1urupwL8xbAcWRePeETvshvy80f6WV1A@mail.gmail.com  
Discussion: https://postgr.es/m/E1oJBIf-0006sw-SA@gemulon.postgresql.org  

commit   : 68dcce247f1a13318613a0e27782b2ca21a4ceb7    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Thu, 11 Aug 2022 09:45:04 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Thu, 11 Aug 2022 09:45:04 +0530    

Previously, we relied on HEAP2_NEW_CID records and XACT_INVALIDATION  
records to know if the transaction has modified the catalog, and that  
information is not serialized to snapshot. Therefore, after the restart,  
if the logical decoding decodes only the commit record of the transaction  
that has actually modified a catalog, we will miss adding its XID to the  
snapshot. Thus, we will end up looking at catalogs with the wrong  
snapshot.  
  
To fix this problem, this changes the snapshot builder so that it  
remembers the last-running-xacts list of the decoded RUNNING_XACTS record  
after restoring the previously serialized snapshot. Then, we mark the  
transaction as containing catalog changes if it's in the list of initial  
running transactions and its commit record has XACT_XINFO_HAS_INVALS. To  
avoid ABI breakage, we store the array of the initial running transactions  
in the static variables InitialRunningXacts and NInitialRunningXacts,  
instead of storing those in SnapBuild or ReorderBuffer.  
  
This approach has a false positive; we could end up adding the transaction  
that didn't change catalog to the snapshot since we cannot distinguish  
whether the transaction has catalog changes only by checking the COMMIT  
record. It doesn't have the information on which (sub) transaction has  
catalog changes, and XACT_XINFO_HAS_INVALS doesn't necessarily indicate  
that the transaction has catalog change. But that won't be a problem since  
we use snapshot built during decoding only to read system catalogs.  
  
On the master branch, we took a more future-proof approach by writing  
catalog modifying transactions to the serialized snapshot which avoids the  
above false positive. But we cannot backpatch it because of a change in  
the SnapBuild.  
  
Reported-by: Mike Oh  
Author: Masahiko Sawada  
Reviewed-by: Amit Kapila, Shi yu, Takamichi Osumi, Kyotaro Horiguchi, Bertrand Drouvot, Ahsan Hadi  
Backpatch-through: 10  
Discussion: https://postgr.es/m/81D0D8B0-E7C4-4999-B616-1E5004DBDCD2%40amazon.com  

commit   : 95bfadd4e83c17f1a31ab97eb2aba44a38c36324    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 10 Aug 2022 13:37:25 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 10 Aug 2022 13:37:25 -0400    

fmgr_sql must make expanded-datum arguments read-only, because  
it's possible that the function body will pass the argument to  
more than one callee function.  If one of those functions takes  
the datum's R/W property as license to scribble on it, then later  
callees will see an unexpected value, leading to wrong answers.  
  
From a performance standpoint, it'd be nice to skip this in the  
common case that the argument value is passed to only one callee.  
However, detecting that seems fairly hard, and certainly not  
something that I care to attempt in a back-patched bug fix.  
  
Per report from Adam Mackler.  This has been broken since we  
invented expanded datums, so back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/WScDU5qfoZ7PB2gXwNqwGGgDPmWzz08VdydcPFLhOwUKZcdWbblbo-0Lku-qhuEiZoXJ82jpiQU4hOjOcrevYEDeoAvz6nR0IU4IHhXnaCA=@mackler.email  
Discussion: https://postgr.es/m/187436.1660143060@sss.pgh.pa.us  

commit   : 278273ccbad27a8834dfdf11895da9cd91de4114    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 16:44:29 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 16:44:29 -0400    

commit   : c0d5d52a780fb575d8f93d0b1a8ef8cb43851a84    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 12:16:01 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 12:16:01 -0400    

Per buildfarm, the output order of \dx+ isn't consistent across  
locales.  Apply NO_LOCALE to force C locale.  There might be a  
more localized way, but I'm not seeing it offhand, and anyway  
there is nothing in this test module that particularly cares  
about locales.  
  
Security: CVE-2022-2625  

commit   : ea2917ca905b7a669cc9d90c3b0e4539667a15a4    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 11:28:47 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 11:28:47 -0400    

Security: CVE-2022-2625  

commit   : 5721da7e41e7a280587bda29cd1674c7da3317f8    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 11:12:31 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 8 Aug 2022 11:12:31 -0400    

Previously, if an extension script did CREATE OR REPLACE and there was  
an existing object not belonging to the extension, it would overwrite  
the object and adopt it into the extension.  This is problematic, first  
because the overwrite is probably unintentional, and second because we  
didn't change the object's ownership.  Thus a hostile user could create  
an object in advance of an expected CREATE EXTENSION command, and would  
then have ownership rights on an extension object, which could be  
modified for trojan-horse-type attacks.  
  
Hence, forbid CREATE OR REPLACE of an existing object unless it already  
belongs to the extension.  (Note that we've always forbidden replacing  
an object that belongs to some other extension; only the behavior for  
previously-free-standing objects changes here.)  
  
For the same reason, also fail CREATE IF NOT EXISTS when there is  
an existing object that doesn't belong to the extension.  
  
Our thanks to Sven Klemm for reporting this problem.  
  
Security: CVE-2022-2625  

commit   : 9a8df3307088f2f401cdad06df9351154819de45    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 8 Aug 2022 12:39:52 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 8 Aug 2022 12:39:52 +0200    

Source-Git-URL: ssh://git@git.postgresql.org/pgtranslation/messages.git  
Source-Git-Hash: 20d70fc4a9763d5d31afc422be0be0feb0fb0363  

commit   : 3526a8f7b4242ad5a80fbdf27636625e7b192be6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 7 Aug 2022 15:46:27 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 7 Aug 2022 15:46:27 -0400    

commit   : f4beef1c2d66cdbfd036117a8cbf9a703d83d33e    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sun, 7 Aug 2022 10:19:40 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sun, 7 Aug 2022 10:19:40 +0200    

Per buildfarm member snapper  
  
Discussion: https://postgr.es/m/129951.1659812518@sss.pgh.pa.us  

commit   : 9d5c96d9be6476c4a7a3fa227e6e20748f1d827f    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sat, 6 Aug 2022 15:52:10 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sat, 6 Aug 2022 15:52:10 +0200    

Commit 59be1c942a47 already tried to make  
src/test/recovery/t/033_replay_tsp_drops more reliable, but it wasn't  
enough.  Try to improve on that by making this use of a replication slot  
to be more like others.  Also, don't drop the slot.  
  
Make a few other stylistic changes while at it.  It's still quite slow,  
which is another thing that we need to fix in this script.  
  
Backpatch to all supported branches.  
  
Discussion: https://postgr.es/m/349302.1659191875@sss.pgh.pa.us  

commit   : aab05919a685449826db986a921c1d8632d673e0    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 17:38:53 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 17:38:53 -0400    

As usual, the release notes for older branches will be made by cutting  
these down, but put them up for community review first.  
  
Due to the out-of-cycle release of 14.4, there are a number of commits  
that appeared in 14.4 that are not yet shipped in the earlier branches.  
This draft repeats those release note entries for convenience in  
preparing the older-branch notes later.  They'll be stripped out of  
the 14.5 section after that's done.  

commit   : b9243cadad55e296e83839fb96457f64dcaaeb25    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 15:57:46 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 15:57:46 -0400    

On closer inspection, mcv.c isn't as broken for ScalarArrayOpExpr  
as I thought.  The Var-on-right issue is real enough, but actually  
it does cope fine with a NULL array constant --- I was misled by  
an XXX comment suggesting it didn't.  Undo that part of the code  
change, and replace the XXX comment with something less misleading.  

commit   : 3fe2fc6bbdb251c78a88cdd41e400014be76f80e    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 15:00:03 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 15:00:03 -0400    

Since v14, the extended stats machinery will try to estimate for  
otherwise-unsupported boolean expressions if they match an expression  
available from an extended stats object.  mcv.c did not get the memo  
about this, and would spit up with "unknown clause type".  Fortunately  
the case is easy to handle, since we can expect the expression yields  
boolean.  
  
While here, replace some not-terribly-on-point assertions with  
simpler runtime tests for lookup failure.  That seems appropriate  
so that we get an elog not a crash if we somehow get to the new  
it-should-be-a-bool-expression code with a subexpression that  
doesn't match any stats column.  
  
Per report from Danny Shemesh.  Thanks to Justin Pryzby for  
preliminary investigation.  
  
Discussion: https://postgr.es/m/CAFZC=QqD6=27wQPOW1pbRa98KPyuyn+7cL_Ay_Ck-roZV84vHg@mail.gmail.com  

commit   : ea6c916962c4fc87c3d26d938e0149d4c91f2ca0    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 13:58:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 5 Aug 2022 13:58:37 -0400    

statext_is_compatible_clause_internal() checked that the arguments  
of a ScalarArrayOpExpr are one Var and one Const, but it would allow  
cases where the Const was on the left.  Subsequent uses of the clause  
are not expecting that and would suffer assertion failures or core  
dumps.  mcv.c also had not bothered to cope with the case of a NULL  
array constant, which seems really unacceptably sloppy of somebody.  
(Although our tools failed us there too, since AFAIK neither Coverity  
nor any compiler warned of the obvious use-of-uninitialized-variable  
condition.)  It seems best to handle that by having  
statext_is_compatible_clause_internal() reject it.  
  
Noted while fixing bug #17570.  Back-patch to v13 where the  
extended stats code grew some awareness of ScalarArrayOpExpr.