postgresql.conf.
---------------------------------------------------------------------------
Here's an updated version of the patch, with the following changes:
1) No longer uses "service name" as "application version". It's instead
hardcoded as "postgres". It could be argued that this part should be
backpatched to 8.0, but it doesn't make a big difference until you can
start changing it with GUC / connection parameters. This change only
affects kerberos 5, not 4.
2) Now downcases kerberos usernames when the client is running on win32.
3) Adds guc option for "krb_caseins_users" to make the server ignore
case mismatch which is required by some KDCs such as Active Directory.
Off by default, per discussion with Tom. This change only affects
kerberos 5, not 4.
4) Updated so it doesn't conflict with the rendevouz/bonjour patch
already in ;-)
Magnus Hagander
interaction between ld, readline, termcap, and psql. The symptom is psql
failing with this error on startup:
symbol lookup error: /usr/lib64/libreadline.so.4: undefined symbol: BC
I'm still trying to find the best way to solve this, but in the mean time
I'm reverting the patch in order to unbreak FC3.
executable against the maximal set of libraries it might need. So for
example, if one executable requires `libreadline', all executables are
linked against it.
The easiest fix is to make use of GNU ld's --as-needed flag, which
ignores linker arguments that are not actually needed by the specified
object files. The attached patch modifies configure to check for this
flag (when using GNU ld), and if ld supports it, adds the flag to
LDFLAGS (we need to do the check since only relatively recent versions
of GNU ld support this capability). Currently only GNU ld is supported;
I'm not aware of any other linkers that support this functionality.
+ # Determine if printf supports %1$ argument selection, e.g. %5$ selects
+ # the fifth argument after the printf print string.
+ # This is not in the C99 standard, but in the Single Unix Specification (SUS).
+ # It is used in our langauge translation strings.
Nicolai Tufar with configure changes by Bruce.
its presence. This amounts to desupporting Kerberos 5 releases 1.0.*,
which is small loss, and simplifies use of our Kerberos code on platforms
with Red-Hat-style include file layouts. Per gripe from John Gray and
followup discussion.
reliably (ie, regardless of which libraries they depend on). Also
make sure that we don't select headers that obviously belong to the
wrong one of the two libraries. This was discussed back around 4-Sep
but seems to have slipped through the cracks. The header selection
could be checked more closely, perhaps, but let's see if this is good
enough.
actual executable location. This allows people to continue to use
setups where, eg, postmaster is symlinked from a convenient place.
Per gripe from Josh Berkus.
compiler emits any warnings, the test program had better be 100%
correct, not only 90% correct. The recent addition of -Wold-style-definition
broke thread-safety detection on every platform that has that switch,
because the test program used an old-style definition.
-O2 -Wall -Wmissing-prototypes -Wpointer-arith
Check whether the version of GCC we are using supports any of:
-Wdeclaration-after-statement
-Wendif-labels
-Wold-style-definition
And add the supported flags to CFLAGS.
-L spec rather than assuming libpython is in the standard search path
(this returns to the way 7.4 did it). But check the distutils output
to see if it looks like Python has built a shared library, and if so
link with that instead of the probably-not-shared library found in
configdir.
* Links with -leay32 and -lssleay32 instead of crypto and ssl. On win32,
"crypto and ssl" is only used for static linking.
* Initializes SSL in the backend and not just in the postmaster. We
cannot pass the SSL context from the postmaster through the parameter
file, because it contains function pointers.
* Split one error check in be-secure.c. Previously we could not tell
which of three calls actually failed. The previous code also returned
incorrect error messages if SSL_accept() failed - that function needs to
use SSL_get_error() on the return value, can't just use the error queue.
* Since the win32 implementation uses non-blocking sockets "behind the
scenes" in order to deliver signals correctly, implements a version of
SSL_accept() that can handle this. Also, add a wait function in case
SSL_read or SSL_write() needs more data.
Magnus Hagander