PostgreSQL 14.5 commit log

commit   : 278273ccbad27a8834dfdf11895da9cd91de4114    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 8 Aug 2022 16:44:29 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 8 Aug 2022 16:44:29 -0400    

commit   : c0d5d52a780fb575d8f93d0b1a8ef8cb43851a84    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 8 Aug 2022 12:16:01 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 8 Aug 2022 12:16:01 -0400    

Per buildfarm, the output order of \dx+ isn't consistent across  
locales.  Apply NO_LOCALE to force C locale.  There might be a  
more localized way, but I'm not seeing it offhand, and anyway  
there is nothing in this test module that particularly cares  
about locales.  
  
Security: CVE-2022-2625  

commit   : ea2917ca905b7a669cc9d90c3b0e4539667a15a4    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 8 Aug 2022 11:28:47 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 8 Aug 2022 11:28:47 -0400    

Security: CVE-2022-2625  

commit   : 5721da7e41e7a280587bda29cd1674c7da3317f8    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 8 Aug 2022 11:12:31 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 8 Aug 2022 11:12:31 -0400    

Previously, if an extension script did CREATE OR REPLACE and there was  
an existing object not belonging to the extension, it would overwrite  
the object and adopt it into the extension.  This is problematic, first  
because the overwrite is probably unintentional, and second because we  
didn't change the object's ownership.  Thus a hostile user could create  
an object in advance of an expected CREATE EXTENSION command, and would  
then have ownership rights on an extension object, which could be  
modified for trojan-horse-type attacks.  
  
Hence, forbid CREATE OR REPLACE of an existing object unless it already  
belongs to the extension.  (Note that we've always forbidden replacing  
an object that belongs to some other extension; only the behavior for  
previously-free-standing objects changes here.)  
  
For the same reason, also fail CREATE IF NOT EXISTS when there is  
an existing object that doesn't belong to the extension.  
  
Our thanks to Sven Klemm for reporting this problem.  
  
Security: CVE-2022-2625  

commit   : 9a8df3307088f2f401cdad06df9351154819de45    
  
author   : Alvaro Herrera <[email protected]>    
date     : Mon, 8 Aug 2022 12:39:52 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Mon, 8 Aug 2022 12:39:52 +0200    

Source-Git-URL: ssh://[email protected]/pgtranslation/messages.git  
Source-Git-Hash: 20d70fc4a9763d5d31afc422be0be0feb0fb0363  

commit   : 3526a8f7b4242ad5a80fbdf27636625e7b192be6    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 7 Aug 2022 15:46:27 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 7 Aug 2022 15:46:27 -0400    

commit   : f4beef1c2d66cdbfd036117a8cbf9a703d83d33e    
  
author   : Alvaro Herrera <[email protected]>    
date     : Sun, 7 Aug 2022 10:19:40 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Sun, 7 Aug 2022 10:19:40 +0200    

Per buildfarm member snapper  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 9d5c96d9be6476c4a7a3fa227e6e20748f1d827f    
  
author   : Alvaro Herrera <[email protected]>    
date     : Sat, 6 Aug 2022 15:52:10 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Sat, 6 Aug 2022 15:52:10 +0200    

Commit 59be1c942a47 already tried to make  
src/test/recovery/t/033_replay_tsp_drops more reliable, but it wasn't  
enough.  Try to improve on that by making this use of a replication slot  
to be more like others.  Also, don't drop the slot.  
  
Make a few other stylistic changes while at it.  It's still quite slow,  
which is another thing that we need to fix in this script.  
  
Backpatch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : aab05919a685449826db986a921c1d8632d673e0    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 5 Aug 2022 17:38:53 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 5 Aug 2022 17:38:53 -0400    

As usual, the release notes for older branches will be made by cutting  
these down, but put them up for community review first.  
  
Due to the out-of-cycle release of 14.4, there are a number of commits  
that appeared in 14.4 that are not yet shipped in the earlier branches.  
This draft repeats those release note entries for convenience in  
preparing the older-branch notes later.  They'll be stripped out of  
the 14.5 section after that's done.  

commit   : b9243cadad55e296e83839fb96457f64dcaaeb25    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 5 Aug 2022 15:57:46 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 5 Aug 2022 15:57:46 -0400    

On closer inspection, mcv.c isn't as broken for ScalarArrayOpExpr  
as I thought.  The Var-on-right issue is real enough, but actually  
it does cope fine with a NULL array constant --- I was misled by  
an XXX comment suggesting it didn't.  Undo that part of the code  
change, and replace the XXX comment with something less misleading.  

commit   : 3fe2fc6bbdb251c78a88cdd41e400014be76f80e    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 5 Aug 2022 15:00:03 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 5 Aug 2022 15:00:03 -0400    

Since v14, the extended stats machinery will try to estimate for  
otherwise-unsupported boolean expressions if they match an expression  
available from an extended stats object.  mcv.c did not get the memo  
about this, and would spit up with "unknown clause type".  Fortunately  
the case is easy to handle, since we can expect the expression yields  
boolean.  
  
While here, replace some not-terribly-on-point assertions with  
simpler runtime tests for lookup failure.  That seems appropriate  
so that we get an elog not a crash if we somehow get to the new  
it-should-be-a-bool-expression code with a subexpression that  
doesn't match any stats column.  
  
Per report from Danny Shemesh.  Thanks to Justin Pryzby for  
preliminary investigation.  
  
Discussion: https://postgr.es/m/CAFZC=QqD6=27wQPOW1pbRa98KPyuyn+7cL_Ay_Ck-roZV84vHg@mail.gmail.com  

commit   : ea6c916962c4fc87c3d26d938e0149d4c91f2ca0    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 5 Aug 2022 13:58:37 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 5 Aug 2022 13:58:37 -0400    

statext_is_compatible_clause_internal() checked that the arguments  
of a ScalarArrayOpExpr are one Var and one Const, but it would allow  
cases where the Const was on the left.  Subsequent uses of the clause  
are not expecting that and would suffer assertion failures or core  
dumps.  mcv.c also had not bothered to cope with the case of a NULL  
array constant, which seems really unacceptably sloppy of somebody.  
(Although our tools failed us there too, since AFAIK neither Coverity  
nor any compiler warned of the obvious use-of-uninitialized-variable  
condition.)  It seems best to handle that by having  
statext_is_compatible_clause_internal() reject it.  
  
Noted while fixing bug #17570.  Back-patch to v13 where the  
extended stats code grew some awareness of ScalarArrayOpExpr.  

commit   : fff3f3333fdc34d9f412fc8c87bef47ce4007ce9    
  
author   : Alvaro Herrera <[email protected]>    
date     : Fri, 5 Aug 2022 19:36:24 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Fri, 5 Aug 2022 19:36:24 +0200    

This makes it more convenient for git config to contain the  
blame.ignoreRevsFile setting; otherwise current git versions complain if  
the file is not present.  
  
I constructed the file for each branch by scraping the file in branch  
master for commits that appear in that branch.  Because a few additional  
pgindent commits have been added to the list in master since the list  
was first created, this also propagates those to branches 14 and 15  
where the file already existed.  Also, some entries appear to have been  
made using author-date rather than committer-date in the format string,  
so some timestamps are changed.  Also remove bogus whitespace in the  
suggested `git log` format string.  
  
Backpatch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 7c6ce0475a344d1f35b500898768530d0c02030a    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 5 Aug 2022 12:46:34 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 5 Aug 2022 12:46:34 -0400    

Commit a4d75c86b improved the extended-stats logic to allow extended  
stats to be collected on expressions not just bare Vars.  To apply  
such stats, we first verify that the user has permissions to read all  
columns used in the stats.  (If not, the query will likely fail at  
runtime, but the planner ought not do so.)  That had to get extended  
to check permissions of columns appearing within such expressions,  
but the code for that was completely wrong: it applied pull_varattnos  
to the wrong pointer, leading to "unrecognized node type" failures.  
Furthermore, although you couldn't get to this because of that bug,  
it failed to account for the attnum offset applied by pull_varattnos.  
  
This escaped recognition so far because the code in question is not  
reached when the user has whole-table SELECT privilege (which is the  
common case), and because only subexpressions not specially handled  
by statext_is_compatible_clause_internal() are at risk.  
  
I think a large part of the reason for this bug is under-documentation  
of what statext_is_compatible_clause() is doing and what its arguments  
are, so do some work on the comments to try to improve that.  
  
Per bug #17570 from Alexander Kozhemyakin.  Patch by Richard Guo;  
comments and other cosmetic improvements by me.  (Thanks also to  
Japin Li for diagnosis.)  Back-patch to v14 where the bug came in.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 541f41d4fa783ce213f15d4f5faaca5bb7a50559    
  
author   : Alvaro Herrera <[email protected]>    
date     : Fri, 5 Aug 2022 18:00:17 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Fri, 5 Aug 2022 18:00:17 +0200    

That bit is unlogged and therefore it's wrong to consider it in WAL page  
comparison.  
  
Add a test that tickles the case, as branch testing technology allows.  
  
This has been a problem ever since wal consistency checking was  
introduced (commit a507b86900f6 for pg10), so backpatch to all supported  
branches.  
  
Author: 王海洋 (Haiyang Wang) <[email protected]>  
Reviewed-by: Kyotaro Horiguchi <[email protected]>  
Discussion: https://postgr.es/m/CACciXAD2UvLMOhc4jX9VvOKt7DtYLr3OYRBhvOZ-jRxtzc_7Jg@mail.gmail.com  
Discussion: https://postgr.es/m/CACciXADOfErX9Bx0nzE_SkdfXr6Bbpo5R=v_B6MUTEYW4ya+cg@mail.gmail.com  

commit   : 8ad6c5dbbe5a234c55c6663020db297251756006    
  
author   : Noah Misch <[email protected]>    
date     : Fri, 5 Aug 2022 08:30:58 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Fri, 5 Aug 2022 08:30:58 -0700    

The five commits ending at cc2c7d65fc27e877c9f407587b0b92d46cd6dd16  
closed this race condition for v15+.  For v14 through v10, add a HINT to  
discourage studying the cosmetic problem.  
  
Reviewed by Kyotaro Horiguchi and David Steele.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 6d9481cd05d2a0d4152c02c5d48b7f7eb7b90a49    
  
author   : Alvaro Herrera <[email protected]>    
date     : Fri, 5 Aug 2022 11:55:52 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Fri, 5 Aug 2022 11:55:52 +0200    

Having additional triggers in a test table made the ORDER BY clauses in  
old queries underspecified.  Add another column there for stability.  
  
Per sporadic buildfarm pink.  

commit   : 4a9bc2e0f5226d29e7e11c9611b8649a4aa74a4b    
  
author   : Etsuro Fujita <[email protected]>    
date     : Fri, 5 Aug 2022 17:15:03 +0900    
  
committer: Etsuro Fujita <[email protected]>    
date     : Fri, 5 Aug 2022 17:15:03 +0900    

When inserting a view referencing a foreign table that has WITH CHECK  
OPTION constraints, in single-insert mode postgres_fdw retrieves the  
data that was actually inserted on the remote side so that the WITH  
CHECK OPTION constraints are enforced with the data locally, but in  
batch-insert mode it cannot currently retrieve the data (except for the  
row first inserted through the view), resulting in enforcing the WITH  
CHECK OPTION constraints with the data passed from the core (except for  
the first-inserted row), which led to incorrect results when inserting  
into a view referencing a foreign table in which a remote BEFORE ROW  
INSERT trigger changes the rows inserted through the view so that they  
violate the view's WITH CHECK OPTION constraint.  Also, the query  
inserting into the view caused an assertion failure in assert-enabled  
builds.  
  
Fix these by disabling batch insertion when inserting into such a view.  
  
Back-patch to v14 where batch insertion was added.  
  
Discussion: https://postgr.es/m/CAPmGK17LpbTZs4m4a_6THP54UBeK9fHvX8aVVA%2BC6yEZDZwQcg%40mail.gmail.com  

commit   : 731d514ae58ff4b5c81729881d350c6f89c4e488    
  
author   : Alvaro Herrera <[email protected]>    
date     : Thu, 4 Aug 2022 20:02:02 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Thu, 4 Aug 2022 20:02:02 +0200    

Using ATSimpleRecursion() in ATPrepCmd() to do so as bbb927b4db9b did is  
not correct, because ATPrepCmd() can't distinguish between triggers that  
may be cloned and those that may not, so would wrongly try to recurse  
for the latter category of triggers.  
  
So this commit restores the code in EnableDisableTrigger() that  
86f575948c77 had added to do the recursion, which would do it only for  
triggers that may be cloned, that is, row-level triggers.  This also  
changes tablecmds.c such that ATExecCmd() is able to pass the value of  
ONLY flag down to EnableDisableTrigger() using its new 'recurse'  
parameter.  
  
This also fixes what seems like an oversight of 86f575948c77 that the  
recursion to partition triggers would only occur if EnableDisableTrigger()  
had actually changed the trigger.  It is more apt to recurse to inspect  
partition triggers even if the parent's trigger didn't need to be  
changed: only then can we be certain that all descendants share the same  
state afterwards.  
  
Backpatch all the way back to 11, like bbb927b4db9b.  Care is taken not  
to break ABI compatibility (and that no catversion bump is needed.)  
  
Co-authored-by: Amit Langote <[email protected]>  
Reviewed-by: Dmitry Koval <[email protected]>  
Discussion: https://postgr.es/m/CA+HiwqG-cZT3XzGAnEgZQLoQbyfJApVwOTQaCaas1mhpf+4V5A@mail.gmail.com  

commit   : efba7a63ffbe59790b88e3af459dfd81c742b90f    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 4 Aug 2022 14:10:06 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 4 Aug 2022 14:10:06 -0400    

Ordinarily the functions called in this loop ought to have plenty  
of CFIs themselves; but we've now seen a case where no such CFI is  
reached, making the loop uninterruptible.  Even though that's from  
a recently-introduced bug, it seems prudent to install a CFI at  
the loop level in all branches.  
  
Per discussion of bug #17558 from Andrew Kesper (an actual fix for  
that bug will follow).  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 1a9ac84923b8530ca18d497b3ccc40965c01b66b    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 4 Aug 2022 11:11:22 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 4 Aug 2022 11:11:22 -0400    

Remove the test case added by commit fac1b470a, which never actually  
worked to expose the problem it claimed to test.  Replace it with  
a case that does expose the problem, and also covers the SRF-not-  
at-the-top deficiency repaired in 1aa8dad41.  
  
Richard Guo, with some editorialization by me  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 120e159b7d93fa36b94ded8a51fe4e619e1261ca    
  
author   : John Naylor <[email protected]>    
date     : Thu, 4 Aug 2022 15:59:32 +0700    
  
committer: John Naylor <[email protected]>    
date     : Thu, 4 Aug 2022 15:59:32 +0700    

Erik Rijkers and Justin Pryzby  
  
Backpatch to v14  
  
Discussion: https://www.postgresql.org/message-id/b79bfeff-d0e3-29a3-2576-0e325848dede%40xs4all.nl  

commit   : d107e73fa8b5ba874a4b29be73e743652c32efd2    
  
author   : John Naylor <[email protected]>    
date     : Thu, 4 Aug 2022 15:29:25 +0700    
  
committer: John Naylor <[email protected]>    
date     : Thu, 4 Aug 2022 15:29:25 +0700    

Per suggestion from Robert Haas  
  
Backpatch to v14  
  
Discussion: https://www.postgresql.org/message-id/CA%2BTgmoZ1QvHquYHLkMy1oHKqz4-E7QQctj6e0ocq_GP1B5%2B9bA%40mail.gmail.com  

commit   : 445b9020c97f3e1ff63534efeec5a280e33d2495    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 3 Aug 2022 17:33:42 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 3 Aug 2022 17:33:42 -0400    

Commit fac1b470a thought we could check for set-returning functions  
by testing only the top-level node in an expression tree.  This is  
wrong in itself, and to make matters worse it encouraged others  
to make the same mistake, by exporting tlist.c's special-purpose  
IS_SRF_CALL() as a widely-visible macro.  I can't find any evidence  
that anyone's taken the bait, but it was only a matter of time.  
  
Use expression_returns_set() instead, and stuff the IS_SRF_CALL()  
genie back in its bottle, this time with a warning label.  I also  
added a couple of cross-reference comments.  
  
After a fair amount of fooling around, I've despaired of making  
a robust test case that exposes the bug reliably, so no test case  
here.  (Note that the test case added by fac1b470a is itself  
broken, in that it doesn't notice if you remove the code change.  
The repro given by the bug submitter currently doesn't fail either  
in v15 or HEAD, though I suspect that may indicate an unrelated bug.)  
  
Per bug #17564 from Martijn van Oosterhout.  Back-patch to v13,  
as the faulty patch was.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 8eaa4d0f3dbe2022f683cb8c90beeafbb43232fa    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 3 Aug 2022 11:14:55 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 3 Aug 2022 11:14:55 -0400    

The sto_using_cursor and sto_using_select tests were coded to exercise  
every permutation of their test steps, but AFAICS there is no value in  
exercising more than one.  This matters because each permutation costs  
about six seconds, thanks to the "pg_sleep(6)".  Perhaps we could  
reduce that, but the useless permutations seem worth getting rid of  
in any case.  (Note that sto_using_hash_index got it right already.)  
  
While here, clean up some other sloppiness such as an unused table.  
  
This doesn't make too much difference in interactive testing, since the  
wasted time is typically masked by parallelization with other tests.  
However, the buildfarm runs this as a serial step, which means we can  
expect to shave ~40 seconds from every buildfarm run.  That makes it  
worth back-patching.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 17fd203b414e9a1d649fb22ab11afd8355947476    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 2 Aug 2022 18:05:34 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 2 Aug 2022 18:05:34 -0400    

We've heard a couple of reports of people having trouble with  
multi-gigabyte-sized query-texts files.  It occurred to me that on  
32-bit platforms, there could be an issue with integer overflow  
of calculations associated with the total query text size.  
Address that with several changes:  
  
1. Limit pg_stat_statements.max to INT_MAX / 2 not INT_MAX.  
The hashtable code will bound it to that anyway unless "long"  
is 64 bits.  We still need overflow guards on its use, but  
this helps.  
  
2. Add a check to prevent extending the query-texts file to  
more than MaxAllocHugeSize.  If it got that big, qtext_load_file  
would certainly fail, so there's not much point in allowing it.  
Without this, we'd need to consider whether extent, query_offset,  
and related variables shouldn't be off_t not size_t.  
  
3. Adjust the comparisons in need_gc_qtexts() to be done in 64-bit  
arithmetic on all platforms.  It appears possible that under duress  
those multiplications could overflow 32 bits, yielding a false  
conclusion that we need to garbage-collect the texts file, which  
could lead to repeatedly garbage-collecting after every hash table  
insertion.  
  
Per report from Bruno da Silva.  I'm not convinced that these  
issues fully explain his problem; there may be some other bug that's  
contributing to the query-texts file becoming so large in the first  
place.  But it did get that big, so #2 is a reasonable defense,  
and #3 could explain the reported performance difficulties.  
  
(See also commit 8bbe4cbd9, which addressed some related bugs.  
The second Discussion: link is the thread that led up to that.)  
  
This issue is old, and is primarily a problem for old platforms,  
so back-patch.  
  
Discussion: https://postgr.es/m/CAB+Nuk93fL1Q9eLOCotvLP07g7RAv4vbdrkm0cVQohDVMpAb9A@mail.gmail.com  
Discussion: https://postgr.es/m/[email protected]  

commit   : d947a8bd5606af4333076724d20b4cb87d386c30    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 1 Aug 2022 12:22:35 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 1 Aug 2022 12:22:35 -0400    

I thought commit fd96d14d9 had plugged all the holes of this sort,  
but no, function RTEs could produce oversize tuples too, either  
via long coldeflists or just from multiple functions in one RTE.  
(I'm pretty sure the other variants of base RTEs aren't a problem,  
because they ultimately refer to either a table or a sub-SELECT,  
whose widths are enforced elsewhere.  But we explicitly allow join  
RTEs to be overwidth, as long as you don't try to form their  
tuple result.)  
  
Per further discussion of bug #17561.  As before, patch all branches.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 523926dea97f360f1f785853eea49e4dc4a6e1e9    
  
author   : Michael Paquier <[email protected]>    
date     : Mon, 1 Aug 2022 16:39:27 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Mon, 1 Aug 2022 16:39:27 +0900    

errno was not reported correctly after attempting to clone a file,  
leading to incorrect error reports.  While scanning through the code, I  
have not noticed any similar mistakes.  
  
Error introduced in 3a769d8.  
  
Author: Justin Pryzby  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: 12  

commit   : e71d4254f710bef53fa40d0b49b5af9bad10ce40    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 31 Jul 2022 13:43:17 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 31 Jul 2022 13:43:17 -0400    

The code tried to access ARR_DIMS(v)[0] and ARR_LBOUND(v)[0]  
whether or not those values exist.  This made the range check  
on the "n" argument unstable --- it might or might not fail, and  
if it did it would report garbage for the allowed upper limit.  
These bogus accesses would probably annoy Valgrind, and if you  
were very unlucky even lead to SIGSEGV.  
  
Report and fix by Martin Kalcher.  Back-patch to v14 where this  
function was added.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : e90c4fc881e2c836b4d4fb9fae03310f9c0d8597    
  
author   : Andrew Dunstan <[email protected]>    
date     : Fri, 29 Jul 2022 17:43:34 -0400    
  
committer: Andrew Dunstan <[email protected]>    
date     : Fri, 29 Jul 2022 17:43:34 -0400    

The new test is from commit 9e4f914b5e.  
  
With this setting messages have SQL error numbers included, so that  
needs to be provided for in the pattern looked for.  
  
Backpatch to all live branches like the original.  

commit   : 8df167baa7c76685cde43611df7026b5ad2e708e    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 29 Jul 2022 13:30:50 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 29 Jul 2022 13:30:50 -0400    

A RowExpr with more than MaxTupleAttributeNumber columns would fail at  
execution anyway, since we cannot form a tuple datum with more than that  
many columns.  While heap_form_tuple() has a check for too many columns,  
it emerges that there are some intermediate bits of code that don't  
check and can be driven to failure with sufficiently many columns.  
Checking this at parse time seems like the most appropriate place to  
install a defense, since we already check SELECT list length there.  
  
While at it, make the SELECT-list-length error use the same errcode  
(TOO_MANY_COLUMNS) as heap_form_tuple does, rather than the generic  
PROGRAM_LIMIT_EXCEEDED.  
  
Per bug #17561 from Egor Chindyaskin.  The given test case crashes  
in all supported branches (and probably a lot further back),  
so patch all.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 4d8d85740c0228b04a10818587b70f4ae3a2beba    
  
author   : Alvaro Herrera <[email protected]>    
date     : Fri, 29 Jul 2022 12:50:47 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Fri, 29 Jul 2022 12:50:47 +0200    

On FreeBSD, the new test fails due to a WAL file being removed before  
the standby has had the chance to copy it.  Fix by adding a replication  
slot to prevent the removal until after the standby has connected.  
  
Author: Kyotaro Horiguchi <[email protected]>  
Reported-by: Matthias van de Meent <[email protected]>  
Discussion: https://postgr.es/m/CAEze2Wj5nau_qpjbwihvmXLfkAWOZ5TKdbnqOc6nKSiRJEoPyQ@mail.gmail.com  

commit   : a3aacb7cbfc74fc20e8681cba99e2db84c8dd980    
  
author   : Alvaro Herrera <[email protected]>    
date     : Thu, 28 Jul 2022 08:26:05 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Thu, 28 Jul 2022 08:26:05 +0200    

Crash recovery on standby may encounter missing directories  
when replaying database-creation WAL records.  Prior to this  
patch, the standby would fail to recover in such a case;  
however, the directories could be legitimately missing.  
Consider the following sequence of commands:  
  
    CREATE DATABASE  
    DROP DATABASE  
    DROP TABLESPACE  
  
If, after replaying the last WAL record and removing the  
tablespace directory, the standby crashes and has to replay the  
create database record again, crash recovery must be able to continue.  
  
A fix for this problem was already attempted in 49d9cfc68bf4, but it  
was reverted because of design issues.  This new version is based  
on Robert Haas' proposal: any missing tablespaces are created  
during recovery before reaching consistency.  Tablespaces  
are created as real directories, and should be deleted  
by later replay.  CheckRecoveryConsistency ensures  
they have disappeared.  
  
The problems detected by this new code are reported as PANIC,  
except when allow_in_place_tablespaces is set to ON, in which  
case they are WARNING.  Apart from making tests possible, this  
gives users an escape hatch in case things don't go as planned.  
  
Author: Kyotaro Horiguchi <[email protected]>  
Author: Asim R Praveen <[email protected]>  
Author: Paul Guo <[email protected]>  
Reviewed-by: Anastasia Lubennikova <[email protected]> (older versions)  
Reviewed-by: Fujii Masao <[email protected]> (older versions)  
Reviewed-by: Michaël Paquier <[email protected]>  
Diagnosed-by: Paul Guo <[email protected]>  
Discussion: https://postgr.es/m/CAEET0ZGx9AvioViLf7nbR_8tH9-=27DN5xWJ2P9-ROH16e4JUA@mail.gmail.com  

commit   : 5ad478c9d95657948fd818ac7e97a28eea3c3433    
  
author   : Thomas Munro <[email protected]>    
date     : Thu, 28 Jul 2022 14:13:37 +1200    
  
committer: Thomas Munro <[email protected]>    
date     : Thu, 28 Jul 2022 14:13:37 +1200    

On Windows with MSVC, get_dirent_type() was recently made to return  
DT_LNK for junction points by commit 9d3444dc, which fixed some  
defective dirent.c code.  
  
On Windows with Cygwin, get_dirent_type() already worked for symlinks,  
as it does on POSIX systems, because Cygwin has its own fake symlinks  
that behave like POSIX (on closer inspection, Cygwin's dirent has the  
BSD d_type extension but it's probably always DT_UNKNOWN, so we fall  
back to lstat(), which understands Cygwin symlinks with S_ISLNK()).  
  
On Windows with MinGW/MSYS, we need extra code, because the MinGW  
runtime has its own readdir() without d_type, and the lstat()-based  
fallback has no knowledge of our convention for treating junctions as  
symlinks.  
  
Back-patch to 14, where get_dirent_type() landed.  
  
Reported-by: Andrew Dunstan <[email protected]>  
Discussion: https://postgr.es/m/b9ddf605-6b36-f90d-7c30-7b3e95c46276%40dunslane.net  

commit   : 961cab0a5a90d449a64a71912b324d7e7548619b    
  
author   : Alvaro Herrera <[email protected]>    
date     : Wed, 27 Jul 2022 07:55:13 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Wed, 27 Jul 2022 07:55:13 +0200    

This is a backpatch to branches 10-14 of the following commits:  
  
7170f2159fb2 Allow "in place" tablespaces.  
c6f2f01611d4 Fix pg_basebackup with in-place tablespaces.  
f6f0db4d6240 Fix pg_tablespace_location() with in-place tablespaces  
7a7cd84893e0 doc: Remove mention to in-place tablespaces for pg_tablespace_location()  
5344723755bd Remove unnecessary Windows-specific basebackup code.  
  
In-place tablespaces were introduced as a testing helper mechanism, but  
they are going to be used for a bugfix in WAL replay to be backpatched  
to all stable branches.  
  
I (Álvaro) had to adjust some code to account for lack of  
get_dirent_type() in branches prior to 14.  
  
Author: Thomas Munro <[email protected]>  
Author: Michaël Paquier <[email protected]>  
Author: Álvaro Herrera <[email protected]>  
Discussion: https://postgr.es/m/[email protected]  

commit   : 3e1297a63f760b02ea8d951f6b270c9c843083ae    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 26 Jul 2022 13:07:03 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 26 Jul 2022 13:07:03 -0400    

We have a few commands that "can't run in a transaction block",  
meaning that if they complete their processing but then we fail  
to COMMIT, we'll be left with inconsistent on-disk state.  
However, the existing defenses for this are only watertight for  
simple query protocol.  In extended protocol, we didn't commit  
until receiving a Sync message.  Since the client is allowed to  
issue another command instead of Sync, we're in trouble if that  
command fails or is an explicit ROLLBACK.  In any case, sitting  
in an inconsistent state while waiting for a client message  
that might not come seems pretty risky.  
  
This case wasn't reachable via libpq before we introduced pipeline  
mode, but it's always been an intended aspect of extended query  
protocol, and likely there are other clients that could reach it  
before.  
  
To fix, set a flag in PreventInTransactionBlock that tells  
exec_execute_message to force an immediate commit.  This seems  
to be the approach that does least damage to existing working  
cases while still preventing the undesirable outcomes.  
  
While here, add some documentation to protocol.sgml that explicitly  
says how to use pipelining.  That's latent in the existing docs if  
you know what to look for, but it's better to spell it out; and it  
provides a place to document this new behavior.  
  
Per bug #17434 from Yugo Nagata.  It's been wrong for ages,  
so back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 3f968b9415045c4f8ae3cd56b5b4a83d1aa27db8    
  
author   : Heikki Linnakangas <[email protected]>    
date     : Mon, 25 Jul 2022 08:48:38 +0300    
  
committer: Heikki Linnakangas <[email protected]>    
date     : Mon, 25 Jul 2022 08:48:38 +0300    

It incorrectly used GetBufferDescriptor instead of  
GetLocalBufferDescriptor, causing it to not find the correct buffer in  
most cases, and performing an out-of-bounds memory read in the corner  
case that temp_buffers > shared_buffers.  
  
It also bumped the usage-count on the buffer, even if it was  
previously pinned. That won't lead to crashes or incorrect results,  
but it's different from what the shared-buffer case does, and  
different from the usual code in LocalBufferAlloc. Fix that too, and  
make the code ordering match LocalBufferAlloc() more closely, so that  
it's easier to verify that it's doing the same thing.  
  
Currently, ReadRecentBuffer() is only used with non-temp relations, in  
WAL redo, so the broken code is currently dead code. However, it could  
be used by extensions.  
  
Backpatch-through: 14  
Discussion: https://www.postgresql.org/message-id/2d74b46f-27c9-fb31-7f99-327a87184cc0%40iki.fi  
Reviewed-by: Thomas Munro, Zhang Mingli, Richard Guo  

commit   : 31d5354cb148c6aa90014f62d3a4752adeebd51a    
  
author   : Tom Lane <[email protected]>    
date     : Sat, 23 Jul 2022 19:00:30 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sat, 23 Jul 2022 19:00:30 -0400    

We didn't explicitly say that random() uses a randomly-chosen seed  
if you haven't called setseed().  Do so.  
  
Also, remove ref/set.sgml's no-longer-accurate (and never very  
relevant) statement that the seed value is multiplied by 2^31-1.  
  
Back-patch to v12 where set.sgml's claim stopped being true.  
The claim that we use a source of random bits as seed was debatable  
before 4203842a1, too, so v12 seems like a good place to stop.  
  
Per question from Carl Sopchak.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : fee0165fc1cfaf4ac0052c4554810e46c02dd70c    
  
author   : Thomas Munro <[email protected]>    
date     : Fri, 22 Jul 2022 16:57:12 +1200    
  
committer: Thomas Munro <[email protected]>    
date     : Fri, 22 Jul 2022 16:57:12 +1200    

Commit 87e6ed7c8 added code that intended to report Windows "junction  
points" as DT_LNK (the same way we report symlinks on Unix).  Windows  
junction points are *also* directories according to the Windows  
attributes API, and we were reporting them as as DT_DIR.  Change the  
order we check the attribute flags, to prioritize DT_LNK.  
  
If at some point we start using Windows' recently added real symlinks  
and need to distinguish them from junction points, we may need to  
rethink this, but for now this continues the tradition of wrapper  
functions that treat junction points as symlinks.  
  
Back-patch to 14, where get_dirent_type() landed.  
  
Reviewed-by: Michael Paquier <[email protected]>  
Reviewed-by: Alvaro Herrera <[email protected]>  
Discussion: https://postgr.es/m/CA%2BhUKGLzLK4PUPx0_AwXEWXOYAejU%3D7XpxnYE55Y%2Be7hB2N3FA%40mail.gmail.com  
Discussion: https://postgr.es/m/20220721111751.x7hod2xgrd76xr5c%40alvherre.pgsql  

commit   : 169d50ba34a91a1c3e2535b8ef49480bad4b9867    
  
author   : Fujii Masao <[email protected]>    
date     : Thu, 21 Jul 2022 22:52:50 +0900    
  
committer: Fujii Masao <[email protected]>    
date     : Thu, 21 Jul 2022 22:52:50 +0900    

When postgres_fdw begins an asynchronous data fetch, it submits FETCH query  
by using PQsendQuery(). If PQsendQuery() fails and returns 0, postgres_fdw  
should report an error. But, previously, postgres_fdw reported an error  
only when the return value is less than 0, though PQsendQuery() never return  
the values other than 0 and 1. Therefore postgres_fdw could not handle  
the failure to send FETCH query in an asynchronous data fetch.  
  
This commit fixes postgres_fdw so that it reports an error  
when PQsendQuery() returns 0.  
  
Back-patch to v14 where asynchronous execution was supported in postgres_fdw.  
  
Author: Fujii Masao  
Reviewed-by: Japin Li, Tom Lane  
Discussion: https://postgr.es/m/[email protected]  

commit   : e613466e46c86d6c64bac062b35ef5d0ca539d19    
  
author   : Bruce Momjian <[email protected]>    
date     : Thu, 21 Jul 2022 14:55:23 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Thu, 21 Jul 2022 14:55:23 -0400    

Reported-by: [email protected]  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 11  

commit   : 21640e986518ab7d15b5a811cf2c5064af244249    
  
author   : Bruce Momjian <[email protected]>    
date     : Thu, 21 Jul 2022 13:58:20 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Thu, 21 Jul 2022 13:58:20 -0400    

This is true even for acronyms that are usually upper case, like LDAP.  
  
Reported-by: Alvaro Herrera  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : da9a28fd5563261354d648258b1824b3f35dde5c    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 21 Jul 2022 13:56:02 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 21 Jul 2022 13:56:02 -0400    

Due to lack of concern for the case in the dependency code, it's  
possible to drop a column of a composite type even though stored  
queries have references to the dropped column via functions-in-FROM  
that return the composite type.  There are "soft" references,  
namely FROM-clause aliases for such columns, and "hard" references,  
that is actual Vars referring to them.  The right fix for hard  
references is to add dependencies preventing the drop; something  
we've known for many years and not done (and this commit still doesn't  
address it).  A "soft" reference shouldn't prevent a drop though.  
We've been around on this before (cf. 9b35ddce9, 2c4debbd0), but  
nobody had noticed that the current behavior can result in dump/reload  
failures, because ruleutils.c can print more column aliases than the  
underlying composite type now has.  So we need to rejigger the  
column-alias-handling code to treat such columns as dropped and not  
print aliases for them.  
  
Rather than writing new code for this, I used expandRTE() which already  
knows how to figure out which function result columns are dropped.  
I'd initially thought maybe we could use expandRTE() in all cases, but  
that fails for EXPLAIN's purposes, because the planner strips a lot of  
RTE infrastructure that expandRTE() needs.  So this patch just uses it  
for unplanned function RTEs and otherwise does things the old way.  
  
If there is a hard reference (Var), then removing the column alias  
causes us to fail to print the Var, since there's no longer a name  
to print.  Failing seems less desirable than printing a made-up  
name, so I made it print "?dropped?column?" instead.  
  
Per report from Timo Stolz.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : be2e842c8a79d98a3fa03eeaf9329bf1f51a9704    
  
author   : Fujii Masao <[email protected]>    
date     : Tue, 12 Jul 2022 11:53:29 +0900    
  
committer: Fujii Masao <[email protected]>    
date     : Tue, 12 Jul 2022 11:53:29 +0900    

When a non-exclusive backup is canceled, do_pg_abort_backup() is called  
and resets some variables set by pg_backup_start (pg_start_backup in v14  
or before). But previously it forgot to reset the session state indicating  
whether a non-exclusive backup is in progress or not in this session.  
  
This issue could cause an assertion failure when the session running  
BASE_BACKUP is terminated after it executed pg_backup_start and  
pg_backup_stop (pg_stop_backup in v14 or before). Also it could cause  
a segmentation fault when pg_backup_stop is called after BASE_BACKUP  
in the same session is canceled.  
  
This commit fixes the issue by making do_pg_abort_backup reset  
that session state.  
  
Back-patch to all supported branches.  
  
Author: Fujii Masao  
Reviewed-by: Kyotaro Horiguchi, Masahiko Sawada, Michael Paquier, Robert Haas  
Discussion: https://postgr.es/m/[email protected]  

commit   : 2aedf25eb4d0a89c38dbbad8e5bbda237838292f    
  
author   : Fujii Masao <[email protected]>    
date     : Tue, 12 Jul 2022 09:31:57 +0900    
  
committer: Fujii Masao <[email protected]>    
date     : Tue, 12 Jul 2022 09:31:57 +0900    

Multiple non-exclusive backups are able to be run conrrently in different  
sessions. But, in the same session, only one non-exclusive backup can be  
run at the same moment. If pg_backup_start (pg_start_backup in v14 or before)  
is called in the middle of another non-exclusive backup in the same session,  
an error is thrown.  
  
However, previously, in logical replication walsender mode, even if that  
walsender session had already called pg_backup_start and started  
a non-exclusive backup, it could execute BASE_BACKUP command and  
start another non-exclusive backup. Which caused subsequent pg_backup_stop  
to throw an error because BASE_BACKUP unexpectedly reset the session state  
marked by pg_backup_start.  
  
This commit prevents BASE_BACKUP command in the middle of another  
non-exclusive backup in the same session.  
  
Back-patch to all supported branches.  
  
Author: Fujii Masao  
Reviewed-by: Kyotaro Horiguchi, Masahiko Sawada, Michael Paquier, Robert Haas  
Discussion: https://postgr.es/m/[email protected]  

commit   : 8657946d375f4831b026d7c28016b27acdd2c246    
  
author   : Peter Eisentraut <[email protected]>    
date     : Mon, 18 Jul 2022 16:23:48 +0200    
  
committer: Peter Eisentraut <[email protected]>    
date     : Mon, 18 Jul 2022 16:23:48 +0200    

This fixes an ABI break introduced by  
604651880c71c5106a72529b9ce29eaad0cfab27.  
  
Author: Markus Wanner <[email protected]>  
Discussion: https://www.postgresql.org/message-id/[email protected]  

commit   : 9293589d96756f921f54793c4586c6bd61f94e4f    
  
author   : Peter Eisentraut <[email protected]>    
date     : Mon, 18 Jul 2022 14:53:00 +0200    
  
committer: Peter Eisentraut <[email protected]>    
date     : Mon, 18 Jul 2022 14:53:00 +0200    

commit   : bb30410b9f4cae1ec74f120833b74ecc0b1de7d2    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 17 Jul 2022 17:43:28 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 17 Jul 2022 17:43:28 -0400    

The patch that added regcollation doesn't seem to have been too  
thorough about supporting it everywhere that other reg* types  
are supported.  Fix that.  (The find_expr_references omission  
is moderately serious, since it could result in missing expression  
dependencies.  The others are less exciting.)  
  
Noted while fixing bug #17483.  Back-patch to v13 where  
regcollation was added.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 810bcbd383ab615a24ea972db0e1157572f3a12c    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 17 Jul 2022 17:27:50 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 17 Jul 2022 17:27:50 -0400    

The motivation for this is to ensure successful transmission of the  
values of constants of regconfig and other reg* types.  The remote  
will be reading them with search_path = 'pg_catalog', so schema  
qualification is necessary when referencing objects in other schemas.  
  
Per bug #17483 from Emmanuel Quincerot.  Back-patch to all supported  
versions.  (There's some other stuff to do here, but it's less  
back-patchable.)  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : c412c60b91ac01d07774026991b949c1b43fa5e4    
  
author   : Thomas Munro <[email protected]>    
date     : Sat, 16 Jul 2022 10:59:52 +1200    
  
committer: Thomas Munro <[email protected]>    
date     : Sat, 16 Jul 2022 10:59:52 +1200    

Commit 4518c798 blocks signals for a short region of code, but it  
assumed that whatever called it had the signal mask set to UnBlockSig on  
entry.  That may be true today (or may even not be, in extensions in the  
wild), but it would be better not to make that assumption.  We should  
save-and-restore the caller's signal mask.  
  
The PG_SETMASK() portability macro couldn't be used for that, which is  
why it wasn't done before.  But... considering that commit a65e0864  
established back in 9.6 that supported POSIX systems have sigprocmask(),  
and that this is POSIX-only code, there is no reason not to use standard  
sigprocmask() directly to achieve that.  
  
Back-patch to all supported releases, like 4518c798 and 80845b7c.  
  
Reviewed-by: Alvaro Herrera <[email protected]>  
Reviewed-by: Tom Lane <[email protected]>  
Discussion: https://postgr.es/m/CA%2BhUKGKx6Biq7_UuV0kn9DW%2B8QWcpJC1qwhizdtD9tN-fn0H0g%40mail.gmail.com  

commit   : 2ebb8416cc4c1b8f73481335c2c6ce07286bc938    
  
author   : John Naylor <[email protected]>    
date     : Fri, 1 Jul 2022 11:41:36 +0700    
  
committer: John Naylor <[email protected]>    
date     : Fri, 1 Jul 2022 11:41:36 +0700    

Add link to the description of lock levels to avoid confusing "shared locks"  
with SHARE locks.  
  
Florin Irion  
  
Reviewed-by: Álvaro Herrera, Tom Lane, and Nathan Bossart  
Discussion: https://www.postgresql.org/message-id/flat/[email protected]  
  
This is a backpatch of 4e2e8d71f, applied through version 14  

commit   : e1d5ac3118be2c8f93a7b9c8813027f7a7f8d049    
  
author   : Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 20:01:11 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 20:01:11 -0400    

Reported-by: Nitin Jadhav  
  
Discussion: https://postgr.es/m/CAMm1aWbmTHwHKC2PERH0CCaFVPoxrtLeS8=wNuoge94qdSp3vA@mail.gmail.com  
  
Author: Nitin Jadhav  
  
Backpatch-through: 13  

commit   : 2fc2d805e9c7acd554689782e854cd713faf9575    
  
author   : Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 17:41:03 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 17:41:03 -0400    

Clarify that functions/procedures are dropped when any extension that  
depends on them is dropped.  
  
Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwbPSHMDGkisRUmewopweC1bFvytVqB=a=X4GFg=4ZWxPA@mail.gmail.com  
  
Backpatch-through: 13  

commit   : 0d8db8cf853ceb34c5be1e398fc566b0521bb24e    
  
author   : Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 16:34:30 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 16:34:30 -0400    

Reported-by: Nikhil Shetty  
  
Discussion: https://postgr.es/m/CAFpL5Vxastip0Jei-K-=7cKXTg=5sahSe5g=om=x68NOX8+PUA@mail.gmail.com  
  
Backpatch-through: 10  

commit   : 8e97474834e4247886ecb11ffc39d65239eddfe2    
  
author   : Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 16:19:45 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 16:19:45 -0400    

Reported-by: Takeshi Ideriha  
  
Discussion: https://postgr.es/m/TYCPR01MB7041A157067208327D8DAAF9EAA59@TYCPR01MB7041.jpnprd01.prod.outlook.com  
  
Backpatch-through: 11  

commit   : 8f253ba251b86d6792cb81093e5d84457bc9790a    
  
author   : Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 15:44:22 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 15:44:22 -0400    

Original patch by David G. Johnston.  
  
Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwYQCxSSuSL18skCWG8QHFswOJ3hjovHsOZUE346i4OpVQ@mail.gmail.com  
  
Backpatch-through: 10  

commit   : 3bfe26bd4ce11ee5bd2a2f240ee24e220f3f8635    
  
author   : Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 15:33:28 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 15:33:28 -0400    

Original patch by David G. Johnston.  
  
Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwa4J0+WuO7kW1PLbjoEvzPN+Q_j+P2bXxNnCLaszY7ZdQ@mail.gmail.com  
  
Backpatch-through: 10  

commit   : 4996786a90aa195025e2ee1fccb9d478740108a6    
  
author   : Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 15:17:19 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 15:17:19 -0400    

Initial patch by David G. Johnston.  
  
Reported-by: David G. Johnston  
  
Discussion: https://postgr.es/m/CAKFQuwZpbdzceO41VE-xt1Xh8rWRRfgopTAK1wL9EhCo0Am-Sw@mail.gmail.com  
  
Backpatch-through: 10  

commit   : 6396ab3d14278746951ea78fb8207534a8825a7e    
  
author   : Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 12:08:54 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Thu, 14 Jul 2022 12:08:54 -0400    

Reported-by: Troy Frericks  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : 8383645592de522e9791ba84ddde23f3105366b5    
  
author   : Thomas Munro <[email protected]>    
date     : Fri, 15 Jul 2022 01:23:29 +1200    
  
committer: Thomas Munro <[email protected]>    
date     : Fri, 15 Jul 2022 01:23:29 +1200    

Commit 4518c798 intended to block signals in regular backends that  
allocate DSM segments, but dsm_impl_resize() is also reached by  
dsm_postmaster_startup().  It's not OK to clobber the postmaster's  
signal mask, so only manipulate the signal mask when under the  
postmaster.  
  
Back-patch to all releases, like 4518c798.  
  
Discussion: https://postgr.es/m/CA%2BhUKGKNpK%3D2OMeea_AZwpLg7Bm4%3DgYWk7eDjZ5F6YbozfOf8w%40mail.gmail.com  

commit   : 2019e6ecfa26b11e2191a7a1ab41cea4f3ef1544    
  
author   : Thomas Munro <[email protected]>    
date     : Wed, 13 Jul 2022 16:16:07 +1200    
  
committer: Thomas Munro <[email protected]>    
date     : Wed, 13 Jul 2022 16:16:07 +1200    

On Linux, we call posix_fallocate() on shm_open()'d memory to avoid  
later potential SIGBUS (see commit 899bd785).  
  
Based on field reports of systems stuck in an EINTR retry loop there,  
there, we made it possible to break out of that loop via slightly odd  
coding where the CHECK_FOR_INTERRUPTS() call was somewhat removed from  
the loop (see commit 422952ee).  
  
On further reflection, that was not a great choice for at least two  
reasons:  
  
1.  If interrupts were held, the CHECK_FOR_INTERRUPTS() would do nothing  
and the EINTR error would be surfaced to the user.  
  
2.  If EINTR was reported but neither QueryCancelPending nor  
ProcDiePending was set, then we'd dutifully retry, but with a bit more  
understanding of how posix_fallocate() works, it's now clear that you  
can get into a loop that never terminates.  posix_fallocate() is not a  
function that can do some of the job and tell you about progress if it's  
interrupted, it has to undo what it's done so far and report EINTR, and  
if signals keep arriving faster than it can complete (cf recovery  
conflict signals), you're stuck.  
  
Therefore, for now, we'll simply block most signals to guarantee  
progress.  SIGQUIT is not blocked (see InitPostmasterChild()), because  
its expected handler doesn't return, and unblockable signals like  
SIGCONT are not expected to arrive at a high rate.  For good measure,  
we'll include the ftruncate() call in the blocked region, and add a  
retry loop.  
  
Back-patch to all supported releases.  
  
Reported-by: Alvaro Herrera <[email protected]>  
Reported-by: Nicola Contu <[email protected]>  
Reviewed-by: Alvaro Herrera <[email protected]>  
Reviewed-by: Andres Freund <[email protected]>  
Discussion: https://postgr.es/m/20220701154105.jjfutmngoedgiad3%40alvherre.pgsql  

commit   : 9e038d6907b3d6cf5854eb36bf150db90bec60a0    
  
author   : Alvaro Herrera <[email protected]>    
date     : Wed, 13 Jul 2022 12:10:03 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Wed, 13 Jul 2022 12:10:03 +0200    

Commit 054325c5eeb3 created a memory leak in PQsendQueryInternal in case  
an error occurs while sending the message.  Repair.  
  
Backpatch to 14, like that commit.  Reported by Coverity.  

commit   : af72b0889441e5ece199f782511d84d72fa6b88c    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 12 Jul 2022 16:30:36 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 12 Jul 2022 16:30:36 -0400    

Justin Pryzby reported that some scenarios could cause gathering  
of extended statistics to spend many seconds in an un-cancelable  
qsort() operation.  To fix, invent qsort_interruptible(), which is  
just like qsort_arg() except that it will also do CHECK_FOR_INTERRUPTS  
every so often.  This bloats the backend by a couple of kB, which  
seems like a good investment.  (We considered just enabling  
CHECK_FOR_INTERRUPTS in the existing qsort and qsort_arg functions,  
but there are some callers for which that'd demonstrably be unsafe.  
Opt-in seems like a better way.)  
  
For now, just apply qsort_interruptible() in statistics collection.  
There's probably more places where it could be useful, but we can  
always change other call sites as we find problems.  
  
Back-patch to v14.  Before that we didn't have extended stats on  
expressions, so that the problem was less severe.  Also, this patch  
depends on the sort_template infrastructure introduced in v14.  
  
Tom Lane and Justin Pryzby  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 5e7608e81ebb2a9e2a72ab771eba3c620c0b42a6    
  
author   : Thomas Munro <[email protected]>    
date     : Mon, 11 Jul 2022 14:47:16 +1200    
  
committer: Thomas Munro <[email protected]>    
date     : Mon, 11 Jul 2022 14:47:16 +1200    

dshash.c previously maintained flags to be able to assert that you  
didn't hold any partition lock.  These flags could get out of sync with  
reality in error scenarios.  
  
Get rid of all that, and make assertions about the locks themselves  
instead.  Since LWLockHeldByMe() loops internally, we don't want to put  
that inside another loop over all partition locks.  Introduce a new  
debugging-only interface LWLockAnyHeldByMe() to avoid that.  
  
This problem was noted by Tom and Andres while reviewing changes to  
support the new shared memory stats system, and later showed up in  
reality while working on commit 389869af.  
  
Back-patch to 11, where dshash.c arrived.  
  
Reported-by: Tom Lane <[email protected]>  
Reported-by: Andres Freund <[email protected]>  
Reviewed-by: Kyotaro HORIGUCHI <[email protected]>  
Reviewed-by: Zhihong Yu <[email protected]>  
Reviewed-by: Andres Freund <[email protected]>  
Discussion: https://postgr.es/m/[email protected]  
Discussion: https://postgr.es/m/CA%2BhUKGJ31Wce6HJ7xnVTKWjFUWQZPBngxfJVx4q0E98pDr3kAw%40mail.gmail.com  

commit   : ec5f1fe2fca5f7b8f06aed6f3f4efbe8288c031e    
  
author   : Michael Paquier <[email protected]>    
date     : Mon, 11 Jul 2022 10:56:48 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Mon, 11 Jul 2022 10:56:48 +0900    

Single quotes are not allowed in json internals, double quotes are.  
  
Reported-by: Eric Mutta  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: 14  

commit   : ab7fef0acfbd33331b4d3a000d501454fdcee8f2    
  
author   : Thomas Munro <[email protected]>    
date     : Sun, 10 Jul 2022 16:30:03 +1200    
  
committer: Thomas Munro <[email protected]>    
date     : Sun, 10 Jul 2022 16:30:03 +1200    

When you hit ^C, the terminal driver in Unix-like systems echoes "^C" as  
well as sending an interrupt signal (depending on stty settings).  At  
least libedit (but maybe also libreadline) is then confused about the  
current cursor location, and corrupts the display if you try to scroll  
back.  Fix, by moving to a new line before the next prompt is displayed.  
  
Back-patch to all supported released.  
  
Author: Pavel Stehule <[email protected]>  
Reported-by: Tom Lane <[email protected]>  
Discussion: https://postgr.es/m/3278793.1626198638%40sss.pgh.pa.us  

commit   : f1c779e2b9e48eab05ad471e4111eb17e7e6ad3a    
  
author   : Bruce Momjian <[email protected]>    
date     : Fri, 8 Jul 2022 20:23:35 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Fri, 8 Jul 2022 20:23:35 -0400    

The examples show the output of array_length() and jsonb_array_length()  
for empty arrays.  
  
Discussion: https://postgr.es/m/CAKFQuwaoBmRuWdMLzLHDCFDJDX3wvfQ7egAF0bpik_BFgG1KWg@mail.gmail.com  
  
Author: David G. Johnston  
  
Backpatch-through: 13  

commit   : 9d71664c88defe967ccdbf485c0216c0d5a301ee    
  
author   : Bruce Momjian <[email protected]>    
date     : Fri, 8 Jul 2022 18:36:27 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Fri, 8 Jul 2022 18:36:27 -0400    

Discussion: https://postgr.es/m/20220618085541.ezxdaljlpo6x7msc@home-desktop  
  
Author: Dong Wook Lee  
  
Backpatch-through: 11  

commit   : 8d8464445a476f0de961006d684922ada545d9a4    
  
author   : Dean Rasheed <[email protected]>    
date     : Thu, 7 Jul 2022 13:08:03 +0100    
  
committer: Dean Rasheed <[email protected]>    
date     : Thu, 7 Jul 2022 13:08:03 +0100    

When locking a specific named relation for a FOR [KEY] UPDATE/SHARE  
clause, transformLockingClause() finds the relation to lock by  
scanning the rangetable for an RTE with a matching eref->aliasname.  
However, it failed to account for the visibility rules of a join RTE.  
  
If a join RTE doesn't have a user-supplied alias, it will have a  
generated eref->aliasname of "unnamed_join" that is not visible as a  
relation name in the parse namespace. Such an RTE needs to be skipped,  
otherwise it might be found in preference to a regular base relation  
with a user-supplied alias of "unnamed_join", preventing it from being  
locked.  
  
In addition, if a join RTE doesn't have a user-supplied alias, but  
does have a join_using_alias, then the RTE needs to be matched using  
that alias rather than the generated eref->aliasname, otherwise a  
misleading "relation not found" error will be reported rather than a  
"join cannot be locked" error.  
  
Backpatch all the way, except for the second part which only goes back  
to 14, where JOIN USING aliases were added.  
  
Dean Rasheed, reviewed by Tom Lane.  
  
Discussion: https://postgr.es/m/CAEZATCUY_KOBnqxbTSPf=7fz9HWPnZ5Xgb9SwYzZ8rFXe7nb=w@mail.gmail.com  

commit   : 9783413cbff9f2b4893ab81e873968905a2cfbfc    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 5 Jul 2022 18:23:19 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 5 Jul 2022 18:23:19 -0400    

We only need to reject cases when the aggregate or operator is  
itself declared with a polymorphic type.  Per buildfarm.  
  
Discussion: https://postgr.es/m/3383880.QJadu78ljV@vejsadalnx  

commit   : 175e60a5e35e213f42ed69eeb5ab992a49ae41f4    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 5 Jul 2022 13:06:31 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 5 Jul 2022 13:06:31 -0400    

When we changed some built-in functions to use anycompatiblearray  
instead of anyarray, we created a dump/restore hazard for user-defined  
operators and aggregates relying on those functions: the user objects  
have to be modified to change their signatures similarly.  This causes  
pg_upgrade to fail partway through if the source installation contains  
such objects.  We generally try to have pg_upgrade detect such hazards  
and fail before it does anything exciting, so add logic to detect  
this case too.  
  
Back-patch to v14 where the change was made.  
  
Justin Pryzby, reviewed by Andrey Borodin  
  
Discussion: https://postgr.es/m/3383880.QJadu78ljV@vejsadalnx  

commit   : 7c1f426123845c8be6a3a2791dbc0ebc87a92c40    
  
author   : Alvaro Herrera <[email protected]>    
date     : Tue, 5 Jul 2022 14:21:20 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Tue, 5 Jul 2022 14:21:20 +0200    

We were going into IDLE state too soon when executing queries via  
PQsendQuery in pipeline mode, causing several scenarios to misbehave in  
different ways -- most notably, as reported by Daniele Varrazzo, that a  
warning message is produced by libpq:  
  message type 0x33 arrived from server while idle  
But it is also possible, if queries are sent and results consumed not in  
lockstep, for the expected mediating NULL result values from PQgetResult  
to be lost (a problem which has not been reported, but which is more  
serious).  
  
Fix this by introducing two new concepts: one is a command queue element  
PGQUERY_CLOSE to tell libpq to wait for the CloseComplete server  
response to the Close message that is sent by PQsendQuery.  Because the  
application is not expecting any PGresult from this, the mechanism to  
consume it is a bit hackish.  
  
The other concept, authored by Horiguchi-san, is a PGASYNC_PIPELINE_IDLE  
state for libpq's state machine to differentiate "really idle" from  
merely "the idle state that occurs in between reading results from the  
server for elements in the pipeline".  This makes libpq not go fully  
IDLE when the libpq command queue contains entries; in normal cases, we  
only go IDLE once at the end of the pipeline, when the server response  
to the final SYNC message is received.  (However, there are corner cases  
it doesn't fix, such as terminating the query sequence by  
PQsendFlushRequest instead of PQpipelineSync; this sort of scenario is  
what requires PGQUERY_CLOSE bit above.)  
  
This last bit helps make the libpq state machine clearer; in particular  
we can get rid of an ugly hack in pqParseInput3 to avoid considering  
IDLE as such when the command queue contains entries.  
  
A new test mode is added to libpq_pipeline.c to tickle some related  
problematic cases.  
  
Reported-by: Daniele Varrazzo <[email protected]>  
Co-authored-by: Kyotaro Horiguchi <[email protected]>  
Discussion: https://postgr.es/m/CA+mi_8bvD0_CW3sumgwPvWdNzXY32itoG_16tDYRu_1S2gV2iw@mail.gmail.com  

commit   : 0b71e43c4892bdbbf57e6ff441d9443f22d1fda3    
  
author   : Alvaro Herrera <[email protected]>    
date     : Tue, 5 Jul 2022 13:38:26 +0200    
  
committer: Alvaro Herrera <[email protected]>    
date     : Tue, 5 Jul 2022 13:38:26 +0200    

The existing wording wasn't clear enough and some details weren't  
anywhere, such as the fact that autosummarization is off by default.  
Improve.  
  
Authors: Roberto Mello, Jaime Casanova, Justin Pryzby, Álvaro Herrera  
Discussion: https://postgr.es/m/CAKz==bK_NoJytRyQfX8K-erCW3Ff7--oGYpiB8+ePVS7dRVW_A@mail.gmail.com  
Discussion: https://postgr.es/m/[email protected]  

commit   : 7fd43684fc9e3f2da9c646dea04a531bd6f50cee    
  
author   : Andrew Dunstan <[email protected]>    
date     : Sun, 3 Jul 2022 17:08:25 -0400    
  
committer: Andrew Dunstan <[email protected]>    
date     : Sun, 3 Jul 2022 17:08:25 -0400    

None of the other bison parsers contains this directive, and it gives  
rise to some unfortunate and impenetrable messages, so just remove it.  
  
Backpatch to release 12, where it was introduced.  
  
Per gripe from Erik Rijkers  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 463a841d7407dbc96cc1c39ca99ebe9c8bdd3244    
  
author   : Noah Misch <[email protected]>    
date     : Sat, 2 Jul 2022 21:03:19 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Sat, 2 Jul 2022 21:03:19 -0700    

Per buildfarm member prairiedog, this platform rejects uninitialized  
global variables in shared libraries.  Back-patch to v10, like the  
addition of the variable.  
  
Reviewed by Tom Lane.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 5b94e2bd4d5430f5ea4e965a32727a6006972a55    
  
author   : Noah Misch <[email protected]>    
date     : Sat, 2 Jul 2022 13:00:30 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Sat, 2 Jul 2022 13:00:30 -0700    

ecpglib has been calling it once per SQL query and once per EXEC SQL GET  
DESCRIPTOR.  Instead, if newlocale() has not succeeded before, call it  
while establishing a connection.  This mitigates three problems:  
- If newlocale() failed in EXEC SQL GET DESCRIPTOR, the command silently  
  proceeded without the intended locale change.  
- On AIX, each newlocale()+freelocale() cycle leaked memory.  
- newlocale() CPU usage may have been nontrivial.  
  
Fail the connection attempt if newlocale() fails.  Rearrange  
ecpg_do_prologue() to validate the connection before its uselocale().  
  
The sort of program that may regress is one running in an environment  
where newlocale() fails.  If that program establishes connections  
without running SQL statements, it will stop working in response to this  
change.  I'm betting against the importance of such an ECPG use case.  
Most SQL execution (any using ECPGdo()) has long required newlocale()  
success, so there's little a connection could do without newlocale().  
  
Back-patch to v10 (all supported versions).  
  
Reviewed by Tom Lane.  Reported by Guillaume Lelarge.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : fb81a93a6442e55d8c7376a01c27cb5d6c062c80    
  
author   : Thomas Munro <[email protected]>    
date     : Fri, 1 Jul 2022 12:05:52 +1200    
  
committer: Thomas Munro <[email protected]>    
date     : Fri, 1 Jul 2022 12:05:52 +1200    

Previously, we trusted the OS not to report EEXIST unless we'd passed in  
IPC_CREAT | IPC_EXCL or O_CREAT | O_EXCL, as appropriate.  Solaris's  
shm_open() can in fact do that, causing us to crash because we didn't  
ereport and then we blithely assumed the mapping was successful.  
  
Let's treat EEXIST just like any other error, unless we're actually  
trying to create a new segment.  This applies to shm_open(), where this  
behavior has been seen, and also to the equivalent operations for our  
sysv and mmap modes just on principle.  
  
Based on the underlying reason for the error, namely contention on a  
lock file managed by Solaris librt for each distinct name, this problem  
is only likely to happen on 15 and later, because the new shared memory  
stats system produces shm_open() calls for the same path from  
potentially large numbers of backends concurrently during  
authentication.  Earlier releases only shared memory segments between a  
small number of parallel workers under one Gather node.  You could  
probably hit it if you tried hard enough though, and we should have been  
more defensive in the first place.  Therefore, back-patch to all  
supported releases.  
  
Per build farm animal margay.  This isn't the end of the story, though,  
it just changes random crashes into random "File exists" errors; more  
work needed for a green build farm.  
  
Reviewed-by: Robert Haas <[email protected]>  
Discussion: https://postgr.es/m/CA%2BhUKGKqKrCV5xKWfh9rnm%3Do%3DDwZLTLtnsj_XpUi9g5%3DV%2B9oyg%40mail.gmail.com  

commit   : e24615a0057a9932904317576cf5c4d42349b363    
  
author   : Heikki Linnakangas <[email protected]>    
date     : Mon, 27 Jun 2022 08:21:08 +0300    
  
committer: Heikki Linnakangas <[email protected]>    
date     : Mon, 27 Jun 2022 08:21:08 +0300    

TransactionIdIsInProgress had a fast path to return 'false' if the  
single-item CLOG cache said that the transaction was known to be  
committed. However, that was wrong, because a transaction is first  
marked as committed in the CLOG but doesn't become visible to others  
until it has removed its XID from the proc array. That could lead to an  
error:  
  
    ERROR:  t_xmin is uncommitted in tuple to be updated  
  
or for an UPDATE to go ahead without blocking, before the previous  
UPDATE on the same row was made visible.  
  
The window is usually very short, but synchronous replication makes it  
much wider, because the wait for synchronous replica happens in that  
window.  
  
Another thing that makes it hard to hit is that it's hard to get such  
a commit-in-progress transaction into the single item CLOG cache.  
Normally, if you call TransactionIdIsInProgress on such a transaction,  
it determines that the XID is in progress without checking the CLOG  
and without populating the cache. One way to prime the cache is to  
explicitly call pg_xact_status() on the XID. Another way is to use a  
lot of subtransactions, so that the subxid cache in the proc array is  
overflown, making TransactionIdIsInProgress rely on pg_subtrans and  
CLOG checks.  
  
This has been broken ever since it was introduced in 2008, but the race  
condition is very hard to hit, especially without synchronous  
replication. There were a couple of reports of the error starting from  
summer 2021, but no one was able to find the root cause then.  
  
TransactionIdIsKnownCompleted() is now unused. In 'master', remove it,  
but I left it in place in backbranches in case it's used by extensions.  
  
Also change pg_xact_status() to check TransactionIdIsInProgress().  
Previously, it only checked the CLOG, and returned "committed" before  
the transaction was actually made visible to other queries. Note that  
this also means that you cannot use pg_xact_status() to reproduce the  
bug anymore, even if the code wasn't fixed.  
  
Report and analysis by Konstantin Knizhnik. Patch by Simon Riggs, with  
the pg_xact_status() change added by me.  
  
Author: Simon Riggs  
Reviewed-by: Andres Freund  
Discussion: https://www.postgresql.org/message-id/flat/4da7913d-398c-e2ad-d777-f752cf7f0bbb%40garret.ru  

commit   : 99504ff8265eac35da5af06f4ce99196bbdc0239    
  
author   : Thomas Munro <[email protected]>    
date     : Mon, 27 Jun 2022 10:30:15 +1200    
  
committer: Thomas Munro <[email protected]>    
date     : Mon, 27 Jun 2022 10:30:15 +1200    

Previously, we encoded both NULL and the first byte at the base address  
as 0.  That confusion led to the assertion in commit e07d4ddc, which  
failed when min_dynamic_shared_memory was used.  Give them distinct  
encodings, by switching to 1-based offsets for non-NULL pointers.  Also  
improve macro hygiene in passing (missing/misplaced parentheses), and  
remove open-coded access to the raw offset value from freepage.c/h.  
  
Although e07d4ddc was back-patched to 10, the only code that actually  
makes use of relptr at the base address arrived in 84b1c63a, so no need  
to back-patch further than 14 for now.  
  
Reported-by: Justin Pryzby <[email protected]>  
Reviewed-by: Robert Haas <[email protected]>  
Discussion: https://postgr.es/m/20220519193839.GT19626%40telsasoft.com  

commit   : e086b55381a98975348051d218cff0752c19d0f9    
  
author   : Thomas Munro <[email protected]>    
date     : Sun, 26 Jun 2022 10:40:06 +1200    
  
committer: Thomas Munro <[email protected]>    
date     : Sun, 26 Jun 2022 10:40:06 +1200    

Since commit 6a2a70a02, we've used signalfd() to receive latch wakeups  
when building with WAIT_USE_EPOLL (default for Linux and illumos), and  
our traditional self-pipe when falling back to WAIT_USE_POLL (default  
for other Unixes with neither epoll() nor kqueue()).  
  
Unexplained hangs and kernel panics have been reported on illumos  
systems, apparently linked to this use of signalfd(), leading illumos  
users and build farm members to have to define WAIT_USE_POLL explicitly  
as a work-around.  A bug report exists at  
https://www.illumos.org/issues/13700 but no fix is available yet.  
  
Let's provide a way for illumos users to go back to self-pipes with  
epoll(), like releases before 14, and choose that by default.  No change  
for Linux users.  To help with development/debugging, macros  
WAIT_USE_{EPOLL,POLL} and WAIT_USE_{SIGNALFD,SELF_PIPE} can be defined  
explicitly to override the defaults.  
  
Back-patch to 14, where we started using signalfd().  
  
Reported-by: Japin Li <[email protected]>  
Reported-by: Olaf Bohlen <[email protected]> (off-list)  
Reviewed-by: Japin Li <[email protected]>  
Discussion: https://postgr.es/m/MEYP282MB1669C8D88F0997354C2313C1B6CA9%40MEYP282MB1669.AUSP282.PROD.OUTLOOK.COM  

commit   : 4b0d21b06c6b0f3b0fec0d069759f4b82913e452    
  
author   : Noah Misch <[email protected]>    
date     : Sat, 25 Jun 2022 14:15:56 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Sat, 25 Jun 2022 14:15:56 -0700    

This Perl segfaults if a declaration of the to-be-aliased package  
precedes the aliasing itself.  Per buildfarm members lapwing and wrasse.  
Like commit 20911775de4ab7ac3ecc68bd714cb3ed0fd68b6a, back-patch to v10  
(all supported versions).  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : ace9973867c2f17ed6191a4a3b9a46939a2df45b    
  
author   : Noah Misch <[email protected]>    
date     : Sat, 25 Jun 2022 09:07:41 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Sat, 25 Jun 2022 09:07:41 -0700    

Commit a117cebd638dd02e5c2e791c25e43745f233111b used the original userid  
for ACL checks located directly in DefineIndex(), but it still adopted  
the table owner userid for more ACL checks than intended.  That broke  
dump/reload of indexes that refer to an operator class, collation, or  
exclusion operator in a schema other than "public" or "pg_catalog".  
Back-patch to v10 (all supported versions), like the earlier commit.  
  
Nathan Bossart and Noah Misch  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 20911775de4ab7ac3ecc68bd714cb3ed0fd68b6a    
  
author   : Noah Misch <[email protected]>    
date     : Sat, 25 Jun 2022 09:07:44 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Sat, 25 Jun 2022 09:07:44 -0700    

Remove the need to edit back-branch-specific code sites when  
back-patching the addition of a PostgreSQL::Test::Utils symbol.  Replace  
per-symbol, incomplete alias lists.  Give old and new package names the  
same EXPORT and EXPORT_OK semantics.  Back-patch to v10 (all supported  
versions).  
  
Reviewed by Andrew Dunstan.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : 3238b5c330bc384441473dd2859845c27d9ade2f    
  
author   : Amit Kapila <[email protected]>    
date     : Thu, 23 Jun 2022 09:20:41 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Thu, 23 Jun 2022 09:20:41 +0530    

When rebuilding the relation mapping on subscribers, we were not releasing  
the attribute mapping's memory which was no longer required.  
  
The attribute mapping used in logical tuple conversion was refactored in  
PG13 (by commit e1551f96e6) but we forgot to update the related code that  
frees the attribute map.  
  
Author: Hou Zhijie  
Reviewed-by: Amit Langote, Amit Kapila, Shi yu  
Backpatch-through: 10, where it was introduced  
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com  

commit   : f1e3a7075832f218a36feb04b059c7da04fb19ee    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 22 Jun 2022 16:59:54 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 22 Jun 2022 16:59:54 -0400    

Reported-by: [email protected]  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : 1463f22d42fddc620ca29c6fa9eb7dce0e56a2fe    
  
author   : Bruce Momjian <[email protected]>    
date     : Wed, 22 Jun 2022 14:33:26 -0400    
  
committer: Bruce Momjian <[email protected]>    
date     : Wed, 22 Jun 2022 14:33:26 -0400    

Reported-by: [email protected]  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch-through: 10  

commit   : 604651880c71c5106a72529b9ce29eaad0cfab27    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 22 Jun 2022 12:11:59 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 22 Jun 2022 12:11:59 -0400    

SPI_commit previously left it up to the caller to recover from any error  
occurring during commit.  Since that's complicated and requires use of  
low-level xact.c facilities, it's not too surprising that no caller got  
it right.  Let's move the responsibility for cleanup into spi.c.  Doing  
that requires redefining SPI_commit as starting a new transaction, so  
that it becomes equivalent to SPI_commit_and_chain except that you get  
default transaction characteristics instead of preserving the prior  
transaction's characteristics.  We can make this pretty transparent  
API-wise by redefining SPI_start_transaction() as a no-op.  Callers  
that expect to do something in between might be surprised, but  
available evidence is that no callers do so.  
  
Having made that API redefinition, we can fix this mess by having  
SPI_commit[_and_chain] trap errors and start a new, clean transaction  
before re-throwing the error.  Likewise for SPI_rollback[_and_chain].  
Some cleanup is also needed in AtEOXact_SPI, which was nowhere near  
smart enough to deal with SPI contexts nested inside a committing  
context.  
  
While plperl and pltcl need no changes beyond removing their now-useless  
SPI_start_transaction() calls, plpython needs some more work because it  
hadn't gotten the memo about catching commit/rollback errors in the  
first place.  Such an error resulted in longjmp'ing out of the Python  
interpreter, which leaks Python stack entries at present and is reported  
to crash Python 3.11 altogether.  Add the missing logic to catch such  
errors and convert them into Python exceptions.  
  
This is a back-patch of commit 2e517818f.  That's now aged long enough  
to reduce the concerns about whether it will break something, and we  
do need to ensure that supported branches will work with Python 3.11.  
  
Peter Eisentraut and Tom Lane  
  
Discussion: https://postgr.es/m/[email protected]  
Discussion: https://postgr.es/m/[email protected]  

commit   : f0022a77d011411d8314e1e554e182d0ab8e142e    
  
author   : Amit Kapila <[email protected]>    
date     : Tue, 21 Jun 2022 15:30:36 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Tue, 21 Jun 2022 15:30:36 +0530    

We build the partition map entries on subscribers while applying the  
changes for update/delete on partitions. The component relation in each  
entry is closed after its use so we need to update it on successive use of  
cache entries.  
  
This problem was there since the original commit f1ac27bfda that  
introduced this code but we didn't notice it till the recent commit  
26b3455afa started to use the component relation of partition map cache  
entry.  
  
Reported-by: Tom Lane, as per buildfarm  
Author: Amit Langote, Hou Zhijie  
Reviewed-by: Amit Kapila, Shi Yu  
Backpatch-through: 13, where it was introduced  
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com  

commit   : 52d5ea9adb010d0908e8962842571cd1f6c2d66c    
  
author   : Amit Kapila <[email protected]>    
date     : Tue, 21 Jun 2022 07:52:41 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Tue, 21 Jun 2022 07:52:41 +0530    

In logical replication, we will check if the target table on the  
subscriber is updatable by comparing the replica identity of the table on  
the publisher with the table on the subscriber. When the target table is a  
partitioned table, we only check its replica identity but not for the  
partition tables. This leads to assertion failure while applying changes  
for update/delete as we expect those to succeed only when the  
corresponding partition table has a primary key or has a replica  
identity defined.  
  
Fix it by checking the replica identity of the partition table while  
applying changes.  
  
Reported-by: Shi Yu  
Author: Shi Yu, Hou Zhijie  
Reviewed-by: Amit Langote, Amit Kapila  
Backpatch-through: 13, where it was introduced  
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com  

commit   : 0980adfd4d021e3329bf41452ce1a1210321974f    
  
author   : Amit Kapila <[email protected]>    
date     : Thu, 16 Jun 2022 08:32:10 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Thu, 16 Jun 2022 08:32:10 +0530    

We were not updating the partition map cache in the subscriber even when  
the corresponding remote rel is changed. Due to this data was getting  
incorrectly replicated for partition tables after the publisher has  
changed the table schema.  
  
Fix it by resetting the required entries in the partition map cache after  
receiving a new relation mapping from the publisher.  
  
Reported-by: Shi Yu  
Author: Shi Yu, Hou Zhijie  
Reviewed-by: Amit Langote, Amit Kapila  
Backpatch-through: 13, where it was introduced  
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com  

commit   : d457cb4e8a5e25fe16420cb91cb8450d8fca49d3    
  
author   : Amit Kapila <[email protected]>    
date     : Wed, 15 Jun 2022 09:59:52 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Wed, 15 Jun 2022 09:59:52 +0530    

While building a new attrmap which maps partition attribute numbers to  
remoterel's, we incorrectly update the map for dropped column attributes.  
Later, it caused cache look-up failure when we tried to use the map to  
fetch the information about attributes.  
  
This also fixes the partition map cache invalidation which was using the  
wrong type cast to fetch the entry. We were using stale partition map  
entry after invalidation which leads to the assertion or cache look-up  
failure.  
  
Reported-by: Shi Yu  
Author: Hou Zhijie, Shi Yu  
Reviewed-by: Amit Langote, Amit Kapila  
Backpatch-through: 13, where it was introduced  
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com  

commit   : 7bc21ed8c8e755ef6fe41dae60c198fcc9c9ee56    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 14 Jun 2022 18:16:46 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 14 Jun 2022 18:16:46 -0400    

If an application executed operations like EXEC SQL PREPARE  
without having first established a database connection, it could  
get a core dump instead of the expected clean failure.  This  
occurred because we did "pthread_getspecific(actual_connection_key)"  
without ever having initialized the TSD key actual_connection_key.  
The results of that are probably platform-specific, but at least  
on Linux it often leads to a crash.  
  
To fix, add calls to ecpg_pthreads_init() in the code paths that  
might use actual_connection_key uninitialized.  It's harmless  
(and hopefully inexpensive) to do that more than once.  
  
Per bug #17514 from Okano Naoki.  The problem's ancient, so  
back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

commit   : be35a6456901cfdf4df91697370dc5edac7e58c5    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 14 Jun 2022 17:47:09 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 14 Jun 2022 17:47:09 -0400    

The previous wording was "the underlying data type's default collation  
is used", which is wrong or at least misleading.  The domain inherits  
the base type's collation behavior, which if "default" actually can  
mean that we use some non-default collation obtained from elsewhere.  
  
Per complaint from Jian He.  
  
Discussion: https://postgr.es/m/CACJufxHMR8_4WooDPjjvEdaxB2hQ5a49qthci8fpKP0MKemVRQ@mail.gmail.com