PostgreSQL 9.3.12 commit log

Stamp 9.3.12.

  
commit   : a3c643938166abed9a390cdbd8a5df09bfe39523    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 28 Mar 2016 16:12:29 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 28 Mar 2016 16:12:29 -0400    

Click here for diff

  
  

Translation updates

  
commit   : e0f4c9e7c5dbeec4d63da0a3dd60c6159bd3ffac    
  
author   : Peter Eisentraut <peter_e@gmx.net>    
date     : Mon, 28 Mar 2016 08:50:07 +0200    
  
committer: Peter Eisentraut <peter_e@gmx.net>    
date     : Mon, 28 Mar 2016 08:50:07 +0200    

Click here for diff

  
Source-Git-URL: git://git.postgresql.org/git/pgtranslation/messages.git  
Source-Git-Hash: 4891e88b1972d0091e8e5cefd145600801ba58be  
  

Release notes for 9.5.2, 9.4.7, 9.3.12, 9.2.16, 9.1.21.

  
commit   : 9d050969966e9a1c1cd3f99812617f6c64f5703b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 27 Mar 2016 19:26:26 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 27 Mar 2016 19:26:26 -0400    

Click here for diff

  
  

Change various GinIs macros to return 0/1.

  
commit   : 65a8a3f9f60b174d6a614dbe96169b18cf7a5366    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Sun, 27 Mar 2016 17:47:50 +0200    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Sun, 27 Mar 2016 17:47:50 +0200    

Click here for diff

  
Returning the direct result of bit arithmetic, in a macro intended to be  
used in a boolean manner, can be problematic if the return value is  
stored in a variable of type 'bool'. If bool is implemented using C99's  
_Bool, that can lead to comparison failures if the variable is then  
compared again with the expression (see ginStepRight() for an example  
that fails), as _Bool forces the result to be 0/1. That happens in some  
configurations of newer MSVC compilers.  It's also problematic when  
storing the result of such an expression in a narrower type.  
  
Several gin macros have been declared in that style since gin's initial  
commit in 8a3631f8d86.  
  
There's a lot more macros like this, but this is the only one causing  
regression test failures; and I don't want to commit and backpatch a  
larger patch with lots of conflicts just before the next set of minor  
releases.  
  
Discussion: 20150811154237.GD17575@awork2.anarazel.de  
Backpatch: All supported branches  
  

Modernize zic’s test for valid timezone abbreviations.

  
commit   : 8ea71fd2eaaa5e255bdd5badfd991000234cbb5a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 26 Mar 2016 15:58:44 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 26 Mar 2016 15:58:44 -0400    

Click here for diff

  
We really need to sync all of our IANA-derived timezone code with upstream,  
but that's going to be a large patch and I certainly don't care to shove  
such a thing into stable branches immediately before a release.  As a  
stopgap, copy just the tzcode2016c logic that checks validity of timezone  
abbreviations.  This prevents getting multiple "time zone abbreviation  
differs from POSIX standard" bleats with tzdata 2014b and later.  
  

Update time zone data files to tzdata release 2016c.

  
commit   : 8e16592d4f56080b82ae15fea106f46ad331dc8d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 25 Mar 2016 19:03:08 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 25 Mar 2016 19:03:08 -0400    

Click here for diff

  
DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia (Altai,  
Astrakhan, Kirov, Sakhalin, Ulyanovsk regions).  Historical corrections  
for Lithuania, Moldova, Russia (Kaliningrad, Samara, Volgograd).  
  
As of 2015b, the keepers of the IANA timezone database started to use  
numeric time zone abbreviations (e.g., "+04") instead of inventing  
abbreviations not found in the wild like "ASTT".  This causes our rather  
old copy of zic to whine "warning: time zone abbreviation differs from  
POSIX standard" several times during "make install".  This warning is  
harmless according to the IANA folk, and I don't see any problems with  
these abbreviations in some simple tests; but it seems like now would be  
a good time to update our copy of the tzcode stuff.  I'll look into that  
soon.  
  

Remove dependency on psed for MSVC builds.

  
commit   : a0adf38529d9ad3f4060f788a50ea619be21bcce    
  
author   : Andrew Dunstan <andrew@dunslane.net>    
date     : Sat, 19 Mar 2016 18:36:35 -0400    
  
committer: Andrew Dunstan <andrew@dunslane.net>    
date     : Sat, 19 Mar 2016 18:36:35 -0400    

Click here for diff

  
Modern Perl has removed psed from its core distribution, so it might not  
be readily available on some build platforms. We therefore replace its  
use with a Perl script generated by s2p, which is equivalent to the sed  
script. The latter is retained for non-MSVC builds to avoid creating a  
new hard dependency on Perl for non-Windows tarball builds.  
  
Backpatch to all live branches.  
  
Michael Paquier and me.  
  

Fix “pg_bench -C -M prepared”.

  
commit   : c02aae418527ec6f5178c68e2980e02d36090c42    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 16 Mar 2016 23:18:07 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 16 Mar 2016 23:18:07 -0400    

Click here for diff

  
This didn't work because when we dropped and re-established a database  
connection, we did not bother to reset session-specific state such as  
the statements-are-prepared flags.  
  
The st->prepared[] array certainly needs to be flushed, and I cleared a  
couple of other fields as well that couldn't possibly retain meaningful  
state for a new connection.  
  
In passing, fix some bogus comments and strange field order choices.  
  
Per report from Robins Tharakan.  
  

Fix typos in comments

  
commit   : cfc5357c0810ba76f50244aeb5d6890d8dd3a308    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Tue, 15 Mar 2016 17:57:16 -0300    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Tue, 15 Mar 2016 17:57:16 -0300    

Click here for diff

  
  

Cope if platform declares mbstowcs_l(), but not locale_t, in .

  
commit   : 4b505c264d3c742b65dfdac80231aaa48097ade8    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 15 Mar 2016 13:19:58 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 15 Mar 2016 13:19:58 -0400    

Click here for diff

  
Previously, we included <xlocale.h> only if necessary to get the definition  
of type locale_t.  According to notes in PGAC_TYPE_LOCALE_T, this is  
important because on some versions of glibc that file supplies an  
incompatible declaration of locale_t.  (This info may be obsolete, because  
on my RHEL6 box that seems to be the *only* definition of locale_t; but  
there may still be glibc's in the wild for which it's a live concern.)  
  
It turns out though that on FreeBSD and maybe other BSDen, you can get  
locale_t from stdlib.h or locale.h but mbstowcs_l() and friends only from  
<xlocale.h>.  This was leaving us compiling calls to mbstowcs_l() and  
friends with no visible prototype, which causes a warning and could  
possibly cause actual trouble, since it's not declared to return int.  
  
Hence, adjust the configure checks so that we'll include <xlocale.h>  
either if it's necessary to get type locale_t or if it's necessary to  
get a declaration of mbstowcs_l().  
  
Report and patch by Aleksander Alekseev, somewhat whacked around by me.  
Back-patch to all supported branches, since we have been using  
mbstowcs_l() since 9.1.  
  

Add missing NULL terminator to list_SECURITY_LABEL_preposition[].

  
commit   : 0576de5c735e734b390e210535a02590ad17a96e    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 14 Mar 2016 11:31:22 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 14 Mar 2016 11:31:22 -0400    

Click here for diff

  
On the machines I tried this on, pressing TAB after SECURITY LABEL led to  
being offered ON and FOR as intended, plus random other keywords (varying  
across machines).  But if you were a bit more unlucky you'd get a crash,  
as reported by nummervet@mail.ru in bug #14019.  
  
Seems to have been an aboriginal error in the SECURITY LABEL patch,  
commit 4d355a8336e0f226.  Hence, back-patch to all supported versions.  
There's no bug in HEAD, though, thanks to our recent tab-completion  
rewrite.  
  

Avoid crash on old Windows with AVX2-capable CPU for VS2013 builds

  
commit   : 270d8a12e57d995b333bdd0a0936c5dc6e5aa1e4    
  
author   : Magnus Hagander <magnus@hagander.net>    
date     : Thu, 10 Mar 2016 13:48:58 +0100    
  
committer: Magnus Hagander <magnus@hagander.net>    
date     : Thu, 10 Mar 2016 13:48:58 +0100    

Click here for diff

  
The Visual Studio 2013 CRT generates invalid code when it makes a 64-bit  
build that is later used on a CPU that supports AVX2 instructions using a  
version of Windows before 7SP1/2008R2SP1.  
  
Detect this combination, and in those cases turn off the generation of  
FMA3, per recommendation from the Visual Studio team.  
  
The bug is actually in the CRT shipping with Visual Studio 2013, but  
Microsoft have stated they're only fixing it in newer major versions.  
The fix is therefor conditioned specifically on being built with this  
version of Visual Studio, and not previous or later versions.  
  
Author: Christian Ullrich  
  

Avoid unlikely data-loss scenarios due to rename() without fsync.

  
commit   : bfa282a02b32afc6a554d1d7a580ea4b91d377c2    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 9 Mar 2016 18:53:54 -0800    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 9 Mar 2016 18:53:54 -0800    

Click here for diff

  
Renaming a file using rename(2) is not guaranteed to be durable in face  
of crashes. Use the previously added durable_rename()/durable_link_or_rename()  
in various places where we previously just renamed files.  
  
Most of the changed call sites are arguably not critical, but it seems  
better to err on the side of too much durability.  The most prominent  
known case where the previously missing fsyncs could cause data loss is  
crashes at the end of a checkpoint. After the actual checkpoint has been  
performed, old WAL files are recycled. When they're filled, their  
contents are fdatasynced, but we did not fsync the containing  
directory. An OS/hardware crash in an unfortunate moment could then end  
up leaving that file with its old name, but new content; WAL replay  
would thus not replay it.  
  
Reported-By: Tomas Vondra  
Author: Michael Paquier, Tomas Vondra, Andres Freund  
Discussion: 56583BDD.9060302@2ndquadrant.com  
Backpatch: All supported branches  
  

  
commit   : e069848a3966bf64b4f4dc24d66a353d50878312    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Wed, 9 Mar 2016 18:53:54 -0800    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Wed, 9 Mar 2016 18:53:54 -0800    

Click here for diff

  
Renaming a file using rename(2) is not guaranteed to be durable in face  
of crashes; especially on filesystems like xfs and ext4 when mounted  
with data=writeback. To be certain that a rename() atomically replaces  
the previous file contents in the face of crashes and different  
filesystems, one has to fsync the old filename, rename the file, fsync  
the new filename, fsync the containing directory.  This sequence is not  
generally adhered to currently; which exposes us to data loss risks. To  
avoid having to repeat this arduous sequence, introduce  
durable_rename(), which wraps all that.  
  
Also add durable_link_or_rename(). Several places use link() (with a  
fallback to rename()) to rename a file, trying to avoid replacing the  
target file out of paranoia. Some of those rename sequences need to be  
durable as well. There seems little reason extend several copies of the  
same logic, so centralize the link() callers.  
  
This commit does not yet make use of the new functions; they're used in  
a followup commit.  
  
Author: Michael Paquier, Andres Freund  
Discussion: 56583BDD.9060302@2ndquadrant.com  
Backpatch: All supported branches  
  

Fix incorrect handling of NULL index entries in indexed ROW() comparisons.

  
commit   : 1ab7a160f9d983ba738022c0b4dc62a67848b932    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 9 Mar 2016 14:51:01 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 9 Mar 2016 14:51:01 -0500    

Click here for diff

  
An index search using a row comparison such as ROW(a, b) > ROW('x', 'y')  
would stop upon reaching a NULL entry in the "b" column, ignoring the  
fact that there might be non-NULL "b" values associated with later values  
of "a".  This happens because _bt_mark_scankey_required() marks the  
subsidiary scankey for "b" as required, which is just wrong: it's for  
a column after the one with the first inequality key (namely "a"), and  
thus can't be considered a required match.  
  
This bit of brain fade dates back to the very beginnings of our support  
for indexed ROW() comparisons, in 2006.  Kind of astonishing that no one  
came across it before Glen Takahashi, in bug #14010.  
  
Back-patch to all supported versions.  
  
Note: the given test case doesn't actually fail in unpatched 9.1, evidently  
because the fix for bug #6278 (i.e., stopping at nulls in either scan  
direction) is required to make it fail.  I'm sure I could devise a case  
that fails in 9.1 as well, perhaps with something involving making a cursor  
back up; but it doesn't seem worth the trouble.  
  

ltree: Zero padding bytes when allocating memory for externally visible data.

  
commit   : 12449f1409d710c62dd7678a97b218bc5bcb893a    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Tue, 8 Mar 2016 14:59:29 -0800    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Tue, 8 Mar 2016 14:59:29 -0800    

Click here for diff

  
ltree/ltree_gist/ltxtquery's headers stores data at MAXALIGN alignment,  
requiring some padding bytes. So far we left these uninitialized. Zero  
those by using palloc0.  
  
Author: Andres Freund  
Reported-By: Andres Freund / valgrind / buildarm animal skink  
Backpatch: 9.1-  
  

plperl: Correctly handle empty arrays in plperl_ref_from_pg_array.

  
commit   : 44f9f1f2d51103dc528ab8bd3b7849e26fe1cdc7    
  
author   : Andres Freund <andres@anarazel.de>    
date     : Tue, 8 Mar 2016 13:33:24 -0800    
  
committer: Andres Freund <andres@anarazel.de>    
date     : Tue, 8 Mar 2016 13:33:24 -0800    

Click here for diff

  
plperl_ref_from_pg_array() didn't consider the case that postgrs arrays  
can have 0 dimensions (when they're empty) and accessed the first  
dimension without a check. Fix that by special casing the empty array  
case.  
  
Author: Alex Hunsaker  
Reported-By: Andres Freund / valgrind / buildfarm animal skink  
Discussion: 20160308063240.usnzg6bsbjrne667@alap3.anarazel.de  
Backpatch: 9.1-  
  

Fix backwards test for Windows service-ness in pg_ctl.

  
commit   : b73e8160516f1cf28522ebe3dc0228aabe7c7dc2    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 7 Mar 2016 10:40:44 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 7 Mar 2016 10:40:44 -0500    

Click here for diff

  
A thinko in a96761391 caused pg_ctl to get it exactly backwards when  
deciding whether to report problems to the Windows eventlog or to stderr.  
Per bug #14001 from Manuel Mathar, who also identified the fix.  
Like the previous patch, back-patch to all supported branches.  
  

Fix not-terribly-safe coding in NIImportOOAffixes() and NIImportAffixes().

  
commit   : a35f85a524454d0d825b07bf7dc0f8c925233789    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 6 Mar 2016 19:21:03 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 6 Mar 2016 19:21:03 -0500    

Click here for diff

  
There were two places in spell.c that supposed that they could search  
for a location in a string produced by lowerstr() and then transpose  
the offset into the original string.  But this fails completely if  
lowerstr() transforms any characters into characters of different byte  
length, as can happen in Turkish UTF8 for instance.  
  
We'd added some comments about this coding in commit 51e78ab4ff328296,  
but failed to realize that it was not merely confusing but wrong.  
  
Coverity complained about this code years ago, but in such an opaque  
fashion that nobody understood what it was on about.  I'm not entirely  
sure that this issue *is* what it's on about, actually, but perhaps  
this patch will shut it up -- and in any case the problem is clear.  
  
Back-patch to all supported branches.  
  

Fix compile breakage due to 0315dfa8f4afa8390383119330ca0bf241be4ad4.

  
commit   : fbee403237d543a21adc885d37b70b5d91fc64d3    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Fri, 4 Mar 2016 12:11:30 -0500    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Fri, 4 Mar 2016 12:11:30 -0500    

Click here for diff

  
I wasn't careful enough when back-patching.  
  

Fix query-based tab completion for multibyte characters.

  
commit   : 54139ac22f274940e5d5477594cd03b7988ca7be    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Fri, 4 Mar 2016 11:53:20 -0500    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Fri, 4 Mar 2016 11:53:20 -0500    

Click here for diff

  
The existing code confuses the byte length of the string (which is  
relevant when passing it to pg_strncasecmp) with the character length  
of the string (which is relevant when it is used with the SQL substring  
function).  Separate those two concepts.  
  
Report and patch by Kyotaro Horiguchi, reviewed by Thomas Munro and  
reviewed and further revised by me.  
  

Improve error message for rejecting RETURNING clauses with dropped columns.

  
commit   : ff4527408c0d469d2c2b0134940cc51191ff5965    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 29 Feb 2016 19:11:38 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 29 Feb 2016 19:11:38 -0500    

Click here for diff

  
This error message was written with only ON SELECT rules in mind, but since  
then we also made RETURNING-clause targetlists go through the same logic.  
This means that you got a rather off-topic error message if you tried to  
add a rule with RETURNING to a table having dropped columns.  Ideally we'd  
just support that, but some preliminary investigation says that it might be  
a significant amount of work.  Seeing that Nicklas Avén's complaint is the  
first one we've gotten about this in the ten years or so that the code's  
been like that, I'm unwilling to put much time into it.  Instead, improve  
the error report by issuing a different message for RETURNING cases, and  
revise the associated comment based on this investigation.  
  
Discussion: 1456176604.17219.9.camel@jordogskog.no  
  

Fix typos

  
commit   : 4ef26fff7b0e8e5b786887387bfa0ed67ea0ad29    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 29 Feb 2016 18:11:58 -0300    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 29 Feb 2016 18:11:58 -0300    

Click here for diff

  
Author: Amit Langote  
  

doc: document MANPATH as /usr/local/pgsql/share/man

  
commit   : d288054446b7336e53ea7960e8fd5b1b37c5505a    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 29 Feb 2016 17:53:55 -0300    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 29 Feb 2016 17:53:55 -0300    

Click here for diff

  
The docs were advising to use /usr/local/pgsql/man instead, but that's  
wrong.  
  
Reported-By: Slawomir Sudnik  
Backpatch-To: 9.1  
Bug: #13894  
  

Avoid multiple free_struct_lconv() calls on same data.

  
commit   : 0c4457de8b8a6aa715bdfe94ecfa8ee3d48e2827    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 28 Feb 2016 23:39:20 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 28 Feb 2016 23:39:20 -0500    

Click here for diff

  
A failure partway through PGLC_localeconv() led to a situation where  
the next call would call free_struct_lconv() a second time, leading  
to free() on already-freed strings, typically leading to a core dump.  
Add a flag to remember whether we need to do that.  
  
Per report from Thom Brown.  His example case only provokes the failure  
as far back as 9.4, but nonetheless this code is obviously broken, so  
back-patch to all supported branches.  
  

Fix wording in the Tutorial document.

  
commit   : 8fed3cc225a24c3c5a22cbf7afd9bd8615dcaf2d    
  
author   : Tatsuo Ishii <ishii@postgresql.org>    
date     : Sun, 21 Feb 2016 09:04:59 +0900    
  
committer: Tatsuo Ishii <ishii@postgresql.org>    
date     : Sun, 21 Feb 2016 09:04:59 +0900    

Click here for diff

  
With suggentions from Tom Lane.  
  

Correct StartupSUBTRANS for page wraparound

  
commit   : 71e3cff2e5956f3edf6d99039dab0424eb82be94    
  
author   : Simon Riggs <simon@2ndQuadrant.com>    
date     : Fri, 19 Feb 2016 08:33:33 +0000    
  
committer: Simon Riggs <simon@2ndQuadrant.com>    
date     : Fri, 19 Feb 2016 08:33:33 +0000    

Click here for diff

  
StartupSUBTRANS() incorrectly handled cases near the max pageid in the subtrans  
data structure, which in some cases could lead to errors in startup for Hot  
Standby.  
This patch wraps the pageids correctly, avoiding any such errors.  
Identified by exhaustive crash testing by Jeff Janes.  
  
Jeff Janes  
  

pg_upgrade: suppress creation of delete script

  
commit   : bf26c4f443a8dd8e6f85ecaf877631a6875770ce    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Thu, 18 Feb 2016 18:32:26 -0500    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Thu, 18 Feb 2016 18:32:26 -0500    

Click here for diff

  
Suppress creation of the pg_upgrade delete script when the new data  
directory is inside the old data directory.  
  
Reported-by: IRC  
  
Backpatch-through: 9.3, where delete script tests were added  
  

Fix multiple bugs in contrib/pgstattuple’s pgstatindex() function.

  
commit   : 9dfb5b940721c03b012b7323780db15ef48cd9f5    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 18 Feb 2016 15:40:35 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 18 Feb 2016 15:40:35 -0500    

Click here for diff

  
Dead or half-dead index leaf pages were incorrectly reported as live, as a  
consequence of a code rearrangement I made (during a moment of severe brain  
fade, evidently) in commit d287818eb514d431.  
  
The index metapage was not counted in index_size, causing that result to  
not agree with the actual index size on-disk.  
  
Index root pages were not counted in internal_pages, which is inconsistent  
compared to the case of a root that's also a leaf (one-page index), where  
the root would be counted in leaf_pages.  Aside from that inconsistency,  
this could lead to additional transient discrepancies between the reported  
page counts and index_size, since it's possible for pgstatindex's scan to  
see zero or multiple pages marked as BTP_ROOT, if the root moves due to  
a split during the scan.  With these fixes, index_size will always be  
exactly one page more than the sum of the displayed page counts.  
  
Also, the index_size result was incorrectly documented as being measured in  
pages; it's always been measured in bytes.  (While fixing that, I couldn't  
resist doing some small additional wordsmithing on the pgstattuple docs.)  
  
Including the metapage causes the reported index_size to not be zero for  
an empty index.  To preserve the desired property that the pgstattuple  
regression test results are platform-independent (ie, BLCKSZ configuration  
independent), scale the index_size result in the regression tests.  
  
The documentation issue was reported by Otsuka Kenji, and the inconsistent  
root page counting by Peter Geoghegan; the other problems noted by me.  
Back-patch to all supported branches, because this has been broken for  
a long time.  
  

Make plpython cope with funny characters in function names.

  
commit   : b3ec98c8bdb2ceb6c0fe0cd15a6299bcd42cb1d3    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 16 Feb 2016 21:08:15 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 16 Feb 2016 21:08:15 -0500    

Click here for diff

  
A function name that's double-quoted in SQL can contain almost any  
characters, but we were using that name directly as part of the name  
generated for the Python-level function, and Python doesn't like  
anything that isn't pretty much a standard identifier.  To fix,  
replace anything that isn't an ASCII letter or digit with an underscore  
in the generated name.  This doesn't create any risk of duplicate Python  
function names because we were already appending the function OID to  
the generated name to ensure uniqueness.  Per bug #13960 from Jim Nasby.  
  
Patch by Jim Nasby, modified a bit by me.  Back-patch to all  
supported branches.  
  

Improve documentation about CREATE INDEX CONCURRENTLY.

  
commit   : 0d670b934fb2551f0affec8bacbc16d9ea3fdf47    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 16 Feb 2016 13:43:03 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 16 Feb 2016 13:43:03 -0500    

Click here for diff

  
Clarify the description of which transactions will block a CREATE INDEX  
CONCURRENTLY command from proceeding, and mention that the index might  
still not be usable after CREATE INDEX completes.  (This happens if the  
index build detected broken HOT chains, so that pg_index.indcheckxmin gets  
set, and there are open old transactions preventing the xmin horizon from  
advancing past the index's initial creation.  I didn't want to explain what  
broken HOT chains are, though, so I omitted an explanation of exactly when  
old transactions prevent the index from being used.)  
  
Per discussion with Chris Travers.  Back-patch to all supported branches,  
since the same text appears in all of them.  
  

Improve wording in the planner doc

  
commit   : 5043e3afcc8701687bf3970bf56a648c8ea033d9    
  
author   : Tatsuo Ishii <ishii@postgresql.org>    
date     : Tue, 16 Feb 2016 15:36:52 +0900    
  
committer: Tatsuo Ishii <ishii@postgresql.org>    
date     : Tue, 16 Feb 2016 15:36:52 +0900    

Click here for diff

  
Change "In this case" to "In the example above" to clarify what it  
actually refers to.  
  

Correct the formulas for System V IPC parameters SEMMNI and SEMMNS in docs.

  
commit   : 984da963fb450252eb444402a30c7dd0b54e1c69    
  
author   : Fujii Masao <fujii@postgresql.org>    
date     : Tue, 16 Feb 2016 14:59:19 +0900    
  
committer: Fujii Masao <fujii@postgresql.org>    
date     : Tue, 16 Feb 2016 14:59:19 +0900    

Click here for diff

  
In runtime.sgml, the old formulas for calculating the reasonable  
values of SEMMNI and SEMMNS were incorrect. They have forgotten to  
count the number of semaphores which both the checkpointer process  
(introduced in 9.2) and the background worker processes (introduced  
in 9.3) need.  
  
This commit fixes those formulas so that they count the number of  
semaphores which the checkpointer process and the background worker  
processes need.  
  
Report and patch by Kyotaro Horiguchi. Only the patch for 9.3 was  
modified by me. Back-patch to 9.2 where the checkpointer process was  
added and the number of needed semaphores was increased.  
  
Author: Kyotaro Horiguchi  
Reviewed-by: Fujii Masao  
Backpatch: 9.2  
Discussion: http://www.postgresql.org/message-id/20160203.125119.66820697.horiguchi.kyotaro@lab.ntt.co.jp  
  

pgbench: avoid FD_ISSET on an invalid file descriptor

  
commit   : baa7f635367e0e66f8bdb1998fb99d6f47203b1c    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 15 Feb 2016 20:33:43 -0300    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Mon, 15 Feb 2016 20:33:43 -0300    

Click here for diff

  
The original code wasn't careful to test the file descriptor returned by  
PQsocket() for an invalid socket.  If an invalid socket did turn up,  
that would amount to calling FD_ISSET with fd = -1, whereby undefined  
behavior can be invoked.  
  
To fix, test file descriptor for validity and stop further processing if  
that fails.  
  
Problem noticed by Coverity.  
  
There is an existing FD_ISSET callsite that does check for invalid  
sockets beforehand, but the error message reported by it was  
strerror(errno); in testing the aforementioned change, that turns out to  
result in "bad socket: Success" which isn't terribly helpful.  Instead  
use PQerrorMessage() in both places which is more likely to contain an  
useful error message.  
  
Backpatch-through: 9.1.  
  

Suppress compiler warnings about useless comparison of unsigned to zero.

  
commit   : e1df79117a9c3a65b15e9700dd177e4edbae1ad5    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 15 Feb 2016 17:11:52 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 15 Feb 2016 17:11:52 -0500    

Click here for diff

  
Reportedly, some compilers warn about tests like "c < 0" if c is unsigned,  
and hence complain about the character range checks I added in commit  
3bb3f42f3749d40b8d4de65871e8d828b18d4a45.  This is a bit of a pain since  
the regex library doesn't really want to assume that chr is unsigned.  
However, since any such reconfiguration would involve manual edits of  
regcustom.h anyway, we can put it on the shoulders of whoever wants to  
do that to adjust this new range-checking macro correctly.  
  
Per gripes from Coverity and Andres.  
  

Accept pg_ctl timeout from the PGCTLTIMEOUT environment variable.

  
commit   : 198242ede432f78561eb043c412a19fc88ddbed9    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Wed, 10 Feb 2016 20:34:02 -0500    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Wed, 10 Feb 2016 20:34:02 -0500    

Click here for diff

  
Many automated test suites call pg_ctl.  Buildfarm members axolotl,  
hornet, mandrill, shearwater, sungazer and tern have failed when server  
shutdown took longer than the pg_ctl default 60s timeout.  This addition  
permits slow hosts to easily raise the timeout without us editing a  
--timeout argument into every test suite pg_ctl call.  Back-patch to 9.1  
(all supported versions) for the sake of automated testing.  
  
Reviewed by Tom Lane.  
  

Avoid use of sscanf() to parse ispell dictionary files.

  
commit   : 24ce5754ae676b5b01a8451fbcc9f516ef6111fc    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 10 Feb 2016 19:30:12 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 10 Feb 2016 19:30:12 -0500    

Click here for diff

  
It turns out that on FreeBSD-derived platforms (including OS X), the  
*scanf() family of functions is pretty much brain-dead about multibyte  
characters.  In particular it will apply isspace() to individual bytes  
of input even when those bytes are part of a multibyte character, thus  
allowing false recognition of a field-terminating space.  
  
We appear to have little alternative other than instituting a coding  
rule that *scanf() is not to be used if the input string might contain  
multibyte characters.  (There was some discussion of relying on "%ls",  
but that probably just moves the portability problem somewhere else,  
and besides it doesn't fully prevent BSD *scanf() from using isspace().)  
  
This patch is a down payment on that: it gets rid of use of sscanf()  
to parse ispell dictionary files, which are certainly at great risk  
of having a problem.  The code is cleaner this way anyway, though  
a bit longer.  
  
In passing, improve a few comments.  
  
Report and patch by Artur Zakirov, reviewed and somewhat tweaked by me.  
Back-patch to all supported branches.