30457 Commits

Author SHA1 Message Date
Heikki Linnakangas
4dd158ec04 Fix long-standing segfault when accept() or one of the calls made right
after accepting a connection fails, and the server is compiled with GSSAPI
support. Report and patch by Alexander V. Chernikov, bug #5731.
2010-10-27 20:07:48 +03:00
Tom Lane
6319c35d5b Fix up some oversights in psql's Unicode-escape support.
Original patch failed to include new exclusive states in a switch that
needed to include them; and also was guilty of very fuzzy thinking
about how to handle error cases.  Per bug #5729 from Alan Choi.
2010-10-26 22:25:42 -04:00
Heikki Linnakangas
b887f7b352 Note explicitly that hash indexes are also not replicated because they're not
WAL-logged. Make the notice about the lack of WAL-logging more visible by
making it a <caution>. Also remove the false statement from hot standby
caveats section that hash indexes are not used during hot standby.
2010-10-26 22:53:08 +03:00
Heikki Linnakangas
3d7905d21a Before removing backup_label and irrevocably changing pg_control file, check
that WAL file containing the checkpoint redo-location can be found. This
avoids making the cluster irrecoverable if the redo location is in an earlie
WAL file than the checkpoint record.

Report, analysis and patch by Jeff Davis, with small changes by me.
2010-10-26 21:19:30 +03:00
Tom Lane
113082c657 Fix inline_set_returning_function() to preserve the invalItems list properly.
This avoids a possible crash when inlining a SRF whose argument list
contains a reference to an inline-able user function.  The crash is quite
reproducible with CLOBBER_FREED_MEMORY enabled, but would be less certain
in a production build.  Problem introduced in 9.0 by the named-arguments
patch, which requires invoking eval_const_expressions() before we can try
to inline a SRF.  Per report from Brendan Jurd.
2010-10-25 13:04:42 -04:00
Heikki Linnakangas
ae9ac79b39 Add semicolon, missed in previous patch. And update the keyword list in
the docs to reflect that OFF is now unreserved. Spotted by Tom Lane.
2010-10-22 18:39:43 +03:00
Heikki Linnakangas
143b8cbcee Make OFF keyword unreserved. It's not hard to imagine wanting to use 'off'
as a variable or column name, and it's not reserved in recent versions of
the SQL spec either. This became particularly annoying in 9.0, before that
PL/pgSQL replaced variable names in queries with parameter markers, so
it was possible to use OFF and many other backend parser keywords as
variable names. Because of that, backpatch to 9.0.
2010-10-22 17:44:36 +03:00
Tom Lane
eda3a62f98 Remove obsolete comment, per Josh Kupershmidt. 2010-10-20 17:05:30 -04:00
Heikki Linnakangas
686ad32164 If pk is NULL, the backend would segfault when accessing ->algo and the
following NULL check was never reached.

This problem was found by Coccinelle (null_ref.cocci from coccicheck).

Marti Raudsepp
2010-10-20 22:24:43 +03:00
Tom Lane
c98cd9bdb6 Don't try to fetch database name when SetTransactionIdLimit() is executed
outside a transaction.

This repairs brain fade in my patch of 2009-08-30: the reason we had been
storing oldest-database name, not OID, in ShmemVariableCache was of course
to avoid having to do a catalog lookup at times when it might be unsafe.

This error explains why Aleksandr Dushein is having trouble getting out of
an XID wraparound state in bug #5718, though not how he got into that state
in the first place.  I suspect pg_upgrade is at fault there.
2010-10-20 12:48:57 -04:00
Tom Lane
72ba1f2c67 Fix ecpg test building process to not generate *.dSYM junk on Macs.
The trick is to not try to build executables directly from .c files,
but to always build the intermediate .o files.  For obscure reasons,
Darwin's version of gcc will leave debug cruft behind in the first
case but not the second.  Per complaint from Robert Haas.
2010-10-20 00:55:03 -04:00
Tom Lane
486187ae84 Update storage.sgml to describe the 9.0 tablespace directory layout. 2010-10-19 21:53:08 -04:00
Tom Lane
01b4bb44fe Fix incorrect generation of whole-row variables in planner.
A couple of places in the planner need to generate whole-row Vars, and were
cutting corners by setting vartype = RECORDOID in the Vars, even in cases
where there's an identifiable named composite type for the RTE being
referenced.  While we mostly got away with this, it failed when there was
also a parser-generated whole-row reference to the same RTE, because the
two Vars weren't equal() due to the difference in vartype.  Fix by
providing a subroutine the planner can call to generate whole-row Vars
the same way the parser does.

Per bug #5716 from Andrew Tipton.  Back-patch to 9.0 where one of the bogus
calls was introduced (the other one is new in HEAD).
2010-10-19 15:08:47 -04:00
Bruce Momjian
80a65c0577 Add removal of PG_VERSION to optional old cluster deletion script.
Backpatch to 9.0.X.
2010-10-19 15:52:44 +00:00
Bruce Momjian
6f609199df Add mention of using tools/fsync to test fsync methods. Restructure
recent wal_sync_method doc paragraph to be clearer.
2010-10-19 14:58:03 +00:00
Bruce Momjian
fc8470ed4d In pg_upgrade, rename macro EXEC_EXT to SHELL_EXT for clarity.
Backpatch to 9.0.X.
2010-10-19 02:55:58 +00:00
Bruce Momjian
377e6e97eb Remove tab from SGML. 2010-10-18 18:51:28 +00:00
Bruce Momjian
02b1f04770 Document the tablespace directory "should" be empty, rather than "must"
be empty.  Because of binary migration usage, it might not be empty.
2010-10-18 18:16:45 +00:00
Magnus Hagander
eed33cdd83 Fix msvc build for localized versions of Visual C++
Look only at the non-localized part of the output from "vcbuild /?",
which is used to determine the version of Visual Studio in use. Different
languages seem to localize different amounts of the string, but we assume
the part "Microsoft Visual C++" won't be modified.
2010-10-17 16:38:54 +02:00
Magnus Hagander
24d446b569 Fix low-risk potential denial of service against RADIUS login.
Corrupt RADIUS responses were treated as errors and not ignored
(which the RFC2865 states they should be). This meant that a
user with unfiltered access to the network of the PostgreSQL
or RADIUS server could send a spoofed RADIUS response
to the PostgreSQL server causing it to reject a valid login,
provided the attacker could also guess (or brute-force) the
correct port number.

Fix is to simply retry the receive in a loop until the timeout
has expired or a valid (signed by the correct RADIUS server)
packet arrives.

Reported by Alan DeKok in bug #5687.
2010-10-15 16:59:12 +02:00
Simon Riggs
4bc8d9dc90 Correct WAL space calculation formula in docs.
Error pointed out by Fujii Masao, though not his patch.
2010-10-15 10:19:10 +01:00
Robert Haas
fb9bb9f4cf Add pg_user_mappings to the table of system views. 2010-10-14 19:12:24 -04:00
Simon Riggs
d609ff3ced Improvements to docs about pg_archive_cleanup and use of archives
Brendan Jurd
2010-10-14 23:23:26 +01:00
Peter Eisentraut
071f810c98 Complete the documentation of the USAGE privilege for foreign servers
The GRANT reference page failed to mention that the USAGE privilege
allows modifying associated user mappings, although this was already
documented on the CREATE/ALTER/DROP USER MAPPING pages.
2010-10-14 23:16:23 +03:00
Simon Riggs
392e01a03a Fix bug in comment of timeline history file.
Fujii Masao
2010-10-14 19:13:09 +01:00
Michael Meskes
86d4cc4a2a Applied patch by Itagaki Takahiro to fix incorrect status calculation in
ecpglib. Instead of parsing the statement just as ask the database server.
2010-10-14 17:49:01 +02:00
Peter Eisentraut
ef76230c27 Make title capitalization consistent with surroundings 2010-10-13 20:06:10 +03:00
Tom Lane
67120d35e2 Fix plpython so that it again honors typmod while assigning to tuple fields.
This was broken in 9.0 while improving plpython's conversion behavior for
bytea and boolean.  Per bug report from maizi.
2010-10-11 22:16:46 -04:00
Tom Lane
3b6eb752d9 Fix assorted bugs in GIN's WAL replay logic.
The original coding was quite sloppy about handling the case where
XLogReadBuffer fails (because the page has since been deleted).  This
would result in either "bad buffer id: 0" or an Assert failure during
replay, if indeed the page were no longer there.  In a couple of places
it also neglected to check whether the change had already been applied,
which would probably result in corrupted index contents.  I believe that
bug #5703 is an instance of the first problem.  These issues could show up
without replication, but only if you were unfortunate enough to crash
between modification of a GIN index and the next checkpoint.

Back-patch to 8.2, which is as far back as GIN has WAL support.
2010-10-11 19:04:44 -04:00
Robert Haas
ffeca98cec Adjust EXPLAIN documentation, so that it's not unreasonably wide.
The new formatting matches what we do for COPY.

Per a complaint from Bruce Momjian.
2010-10-08 23:00:39 -04:00
Robert Haas
57f475271d Warn that views can be safely used to hide columns, but not rows. 2010-10-08 09:16:08 -04:00
Robert Haas
c1db529642 Improve WAL reliability documentation, and add more cross-references to it.
In particular, we are now more explicit about the fact that you may need
wal_sync_method=fsync_writethrough for crash-safety on some platforms,
including MaxOS X.  There's also now an explicit caution against assuming
that the default setting of wal_sync_method is either crash-safe or best
for performance.
2010-10-07 12:22:04 -04:00
Simon Riggs
7887db612c Correct docs for behaviour of ALTER DATABASE .. RENAME during Hot Standby.
Actual behaviour did not match documented behaviour and we have agreed
that it should be the docs that change.

Spotted by Bernd Helmle
2010-10-06 00:20:54 +01:00
Tom Lane
6f1e6b9ccd Undo some poorly-thought-out "proofreading improvements".
Per Tatsuhito Kasahara.
2010-10-05 18:48:20 -04:00
Tom Lane
abcea94ee3 Behave correctly if INSERT ... VALUES is decorated with additional clauses.
In versions 8.2 and up, the grammar allows attaching ORDER BY, LIMIT,
FOR UPDATE, or WITH to VALUES, and hence to INSERT ... VALUES.  But the
special-case code for VALUES in transformInsertStmt() wasn't expecting any
of those, and just ignored them, leading to unexpected results.  Rather
than complicate the special-case path, just ensure that the presence of any
of those clauses makes us treat the query as if it had a general SELECT.
Per report from Hitoshi Harada.
2010-10-02 20:02:33 -04:00
Tom Lane
060f576d0b Remove excess argument to open(2).
Many compilers don't complain about this, but some do, and it's certainly
wrong.  Back-patch to 8.4 where the error was introduced.

Mark Kirkwood
2010-10-02 18:40:48 -04:00
Tom Lane
8178d9480a Throw an appropriate error if ALTER COLUMN TYPE finds a dependent trigger.
Actually making this case work, if the column is used in the trigger's
WHEN condition, will take some new code that probably isn't appropriate
to back-patch.  For now, just throw a FEATURE_NOT_SUPPORTED error rather
than allowing control to reach the "unexpected object" case.  Per bug #5688
from Daniel Grace.  Back-patch to 9.0 where the possibility of such a
dependency was introduced.
2010-10-02 18:22:08 -04:00
Tom Lane
a0ccae7ed4 Fix back-branch breakage from ill-advised last-minute commit. REL9_0_1 2010-10-01 10:25:44 -04:00
Marc G. Fournier
fd51c16ce9 Tag 9.0.1 2010-10-01 10:28:42 -03:00
Tom Lane
0d1f3d7bb2 Use a separate interpreter for each calling SQL userid in plperl and pltcl.
There are numerous methods by which a Perl or Tcl function can subvert
the behavior of another such function executed later; for example, by
redefining standard functions or operators called by the target function.
If the target function is SECURITY DEFINER, or is called by such a
function, this means that any ordinary SQL user with Perl or Tcl language
usage rights can do essentially anything with the privileges of the target
function's owner.

To close this security hole, create a separate Perl or Tcl interpreter for
each SQL userid under which plperl or pltcl functions are executed within
a session.  However, all plperlu or pltclu functions run within a session
still share a single interpreter, since they all execute at the trust
level of a database superuser anyway.

Note: this change results in a functionality loss when libperl has been
built without the "multiplicity" option: it's no longer possible to call
plperl functions under different userids in one session, since such a
libperl can't support multiple interpreters in one process.  However, such
a libperl already failed to support concurrent use of plperl and plperlu,
so it's likely that few people use such versions with Postgres.

Security: CVE-2010-3433
2010-09-30 17:19:44 -04:00
Robert Haas
f5f945f9f1 Adjust pg_archivecleanup docs to match message changes made 2010-06-17.
Erik Rijkers
2010-09-30 17:11:11 -04:00
Peter Eisentraut
9103b311a4 Translation updates for 9.0.1 2010-09-30 23:46:16 +03:00
Tom Lane
9caf5a841b Update release notes for releases 9.0.1, 8.4.5, 8.3.12, 8.2.18, 8.1.22,
8.0.26, and 7.4.30.
2010-09-30 14:27:28 -04:00
Bruce Momjian
3689583d5a Have pg_upgrade use strtoul(), not strtol(). 2010-09-29 02:40:26 +00:00
Bruce Momjian
b757f18f2f Use macro atooid() for conversion of strings to oids, per suggestion
from Tom.
2010-09-28 22:11:21 +00:00
Bruce Momjian
ddfa48776c In pg_upgrade, properly handle oids > 2^31 by using strtoul() internally
rather than atol().

Per report from Brian Hirt
2010-09-28 21:41:03 +00:00
Bruce Momjian
0364ab8b26 Fix leak patch that was using fclose() instead of close(). 2010-09-28 21:37:14 +00:00
Bruce Momjian
c767c3bd36 Properly close files after read file failure to prevent potential
resource leak.  Of course, any such failure aborts pg_upgrade, but might
as well be clean about it.

Per patch from Grzegorz Ja?kiewicz.
2010-09-28 19:25:13 +00:00
Tom Lane
3fe9f0e5c7 Fix another small oversight in command_no_begin patch.
Need a "return false" to prevent tests from continuing after we've moved
the "query" pointer.  As it stood, it'd accept "DROP DISCARD ALL" as a
match.
2010-09-28 14:51:04 -04:00
Bruce Momjian
798cbc015b Mention that pg_upgrade requires write permission in the current
directory.

Per report from Harald Armin Massa.
2010-09-28 18:43:01 +00:00