PostgreSQL 17.4 commit log

commit   : f8554dee417ffc4540c94cf357f7bf7d4b6e5d80    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 17 Feb 2025 16:11:21 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 17 Feb 2025 16:11:21 -0500    

commit   : d0ed7d2a5aeb858e814147b42f8681870340909b    
  
author   : Álvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 17 Feb 2025 17:51:30 +0100    
  
committer: Álvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 17 Feb 2025 17:51:30 +0100    

Source-Git-URL: ssh://git@git.postgresql.org/pgtranslation/messages.git  
Source-Git-Hash: 4b3f97f98ced3e9b03a6b24a16ac06eec2eab330  

commit   : 848e2c6abc941267a4b2eb00a57c34ef3165ffb3    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 16 Feb 2025 14:20:33 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 16 Feb 2025 14:20:33 -0500    

commit   : 3977bd2985de8c5e4b8b00f67dfec28dcfb343c9    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 16 Feb 2025 12:46:35 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 16 Feb 2025 12:46:35 -0500    

Coverity complained that we weren't doing that, and it's right.  
  
This fix just makes fmtIdEnc() honor the general convention that OOM  
causes a PQExpBuffer to become marked "broken", without any immediate  
error.  In the pretty-unlikely case that we actually did hit OOM here,  
the end result would be to return an empty string to the caller,  
probably resulting in invalid SQL syntax in an issued command (if  
nothing else went wrong, which is even more unlikely).  It's tempting  
to throw an "out of memory" error if the buffer becomes broken, but  
there's not a lot of point in doing that only here and not in hundreds  
of other PQExpBuffer-using places in pg_dump and similar callers.  
The whole issue could do with some non-time-crunched redesign, perhaps.  
  
This is a followup to the fixes for CVE-2025-1094, and should be  
included if cherry-picking those fixes.  

commit   : 3abe6e04cc69d1076a695d90e179dd64010a2667    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 15 Feb 2025 16:20:21 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 15 Feb 2025 16:20:21 -0500    

Instead of dropping the trailing byte(s) of an invalid or incomplete  
multibyte character, replace only the first byte with a known-invalid  
sequence, and process the rest normally.  This seems less likely to  
confuse incautious callers than the behavior adopted in 5dc1e42b4.  
  
While we're at it, adjust PQescapeStringInternal to produce at most  
one bleat about invalid multibyte characters per string.  This  
matches the behavior of PQescapeInternal, and avoids the risk of  
producing tons of repetitive junk if a long string is simply given  
in the wrong encoding.  
  
This is a followup to the fixes for CVE-2025-1094, and should be  
included if cherry-picking those fixes.  
  
Author: Andres Freund <andres@anarazel.de>  
Co-authored-by: Tom Lane <tgl@sss.pgh.pa.us>  
Reported-by: Jeff Davis <pgsql@j-davis.com>  
Discussion: https://postgr.es/m/20250215012712.45@rfd.leadboat.com  
Backpatch-through: 13  

commit   : a92db3d02dbd77612adc1a0a83d54dfef7dd8345    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Fri, 14 Feb 2025 17:44:28 -0500    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Fri, 14 Feb 2025 17:44:28 -0500    

In 5dc1e42b4fa I fixed bugs in various escape functions, unfortunately as part  
of that I introduced a new bug in PQescapeLiteral()/PQescapeIdentifier(). The  
bug is that I made PQescapeInternal() just use strlen(), rather than taking  
the specified input length into account.  
  
That's bad, because it can lead to including input that wasn't intended to be  
included (in case len is shorter than null termination of the string) and  
because it can lead to reading invalid memory if the input string is not null  
terminated.  
  
Expand test_escape to this kind of bug:  
  
a) for escape functions with length support, append data that should not be  
   escaped and check that it is not  
  
b) add valgrind requests to detect access of bytes that should not be touched  
  
Author: Tom Lane <tgl@sss.pgh.pa.us>  
Author: Andres Freund <andres@anarazel.de  
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>  
Reviewed-by: Noah Misch <noah@leadboat.com>  
Discussion: https://postgr.es/m/Z64jD3u46gObCo1p@pryzbyj2023  
Backpatch: 13  

commit   : 113fc651397e67c1233b914ff7fbc771353b06ea    
  
author   : Nathan Bossart <nathan@postgresql.org>    
date     : Fri, 14 Feb 2025 12:57:13 -0600    
  
committer: Nathan Bossart <nathan@postgresql.org>    
date     : Fri, 14 Feb 2025 12:57:13 -0600    

Commit a99cc6c6b4 introduced the PqMsg_Progress macro but missed  
updating HandleParallelMessage() accordingly.  
  
Backpatch-through: 17  

commit   : d6894d6a08f80b3b0608402f5e2d069201503b48    
  
author   : Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Fri, 14 Feb 2025 11:50:56 +0100    
  
committer: Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Fri, 14 Feb 2025 11:50:56 +0100    

Commit 27cc7cd2bc8a accidentally placed the assertion ensuring  
that the pointer isn't NULL after it had already been accessed.  
Fix by moving the pointer dereferencing to after the assertion.  
Backpatch to all supported branches.  
  
Author: Dmitry Koval <d.koval@postgrespro.ru>  
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>  
Reviewed-by: Michael Paquier <michael@paquier.xyz>  
Discussion: https://postgr.es/m/1618848d-cdc7-414b-9c03-08cf4bef4408@postgrespro.ru  
Backpatch-through: 13  

commit   : 6342d49d89b95503444bb4fba01b85e1b24e8880    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Thu, 13 Feb 2025 16:31:05 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Thu, 13 Feb 2025 16:31:05 +0900    

When an UPDATE trigger referencing a new table and a DELETE trigger  
referencing an old table are both present, MakeTransitionCaptureState()  
returns an inconsistent result for UPDATE commands in its set of flags  
and tuplestores holding the TransitionCaptureState for transition  
tables.  
  
As proved by the test added here, this issue causes a crash in v14 and  
earlier versions (down to 11, actually, older versions do not support  
triggers on partitioned tables) during cross-partition updates on a  
partitioned table.  v15 and newer versions are safe thanks to  
7103ebb7aae8.  
  
This commit fixes the function so that it returns a consistent state  
by using portions of the changes made in commit 7103ebb7aae8 for v13 and  
v14.  v15 and newer versions are slightly tweaked to match with the  
older versions, mainly for consistency across branches.  
  
Author: Kyotaro Horiguchi  
Discussion: https://postgr.es/m/20250207.150238.968446820828052276.horikyota.ntt@gmail.com  
Backpatch-through: 13  

commit   : c9a1d21352154dbd7a306823af411420dae94ade    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 12 Feb 2025 08:15:53 -0500    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 12 Feb 2025 08:15:53 -0500    

bsd_auth.h file needs to be included after 'sys/types.h', as documented in  
https://man.openbsd.org/authenticate.3  
  
The reason a similar looking stanza works for autoconf is that autoconf  
automatically adds AC_INCLUDES_DEFAULT, which in turn includes sys/types.h.  
  
Backpatch to all versions with meson support.  
  
Author: Nazir Bilal Yavuz <byavuz81@gmail.com>  
Discussion: https://postgr.es/m/637haqqyhg2wlz7q6wq25m2qupe67g7f2uupngzui64zypy4x2@ysr2xnmynmu4  
Backpatch-through: 16  

commit   : 3dea7af519fd2b6e098c4261cb91d318cf31a8d4    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Wed, 12 Feb 2025 17:58:29 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Wed, 12 Feb 2025 17:58:29 +0900    

The phase of the test waiting for a restartpoint to complete was not  
working as intended, due to a log_contains() call incorrectly  
written.  
  
The problem reported by the author could be simply reproduced by  
removing the injection_points_wakeup() call: the test succeeds rather  
than waiting for the restartpoint completion.  In most cases, the  
restartpoint completion is fast enough that the test offered the wanted  
coverage.  On slow machines, it could have become unreliable.  
  
Oversight in 6782709df81f.  
  
Author: Nitin Jadhav  
Discussion: https://postgr.es/m/CAMm1aWa_6u+o52r7h7G6pX-oWD0Qraf0ee17Ma50qxGS0B_Rzg@mail.gmail.com  
Backpatch-through: 17  

commit   : ff6d9cfcb17e48c313aefe8fc65cdaeacd8766bf    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Wed, 12 Feb 2025 17:11:47 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Wed, 12 Feb 2025 17:11:47 +0900    

The correct function documented to free the memory allocated for the  
result returned by PQescapeIdentifier() and PQescapeLiteral() is  
PQfreemem().  pg_createsubscriber.c relied on pg_free() instead, which  
is not incorrect as both do a free() internally, but inconsistent with  
the documentation.  
  
While on it, this commit fixes a small memory leak introduced by  
4867f8a555ce, as the code of pg_createsubscriber makes this effort.  
  
Author: Ranier Vilela  
Reviewed-by: Euler Taveira  
Discussion: https://postgr.es/m/CAEudQAp=AW5dJXrGLbC_aZg_9nOo=42W7uLDRONFQE-gcgnkgQ@mail.gmail.com  
Backpatch-through: 17  

commit   : fa761d9c71375ec49234c77cc1951394ffac6fe1    
  
author   : John Naylor <john.naylor@postgresql.org>    
date     : Wed, 12 Feb 2025 13:18:52 +0700    
  
committer: John Naylor <john.naylor@postgresql.org>    
date     : Wed, 12 Feb 2025 13:18:52 +0700    

Author: 斉藤登 <noborusai@gmail.com>  
Reviewed-by: David G. Johnston <david.g.johnston@gmail.com>  
Discussion: https://postgr.es/m/CAAM3qnL6i-BSu5rB2+KiHLjMCOXiQEiPMBvEj7F1CgUzZMooLA@mail.gmail.com  
Backpatch-through: 13