| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
Without these functions, anyone outside of explain.c can't actually use
ExplainPrintPlan, because the ExplainState won't be initialized properly.
The user-visible result of this was a crash when using auto_explain with
the JSON output format.
Report by Euler Taveira de Oliveira. Analysis by Tom Lane. Patch by me.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
processes of a pgbench run, when we are using -j > 1 and are emulating
threads via fork(). Otherwise the children all inherit the same random
sequence state and produce the same random-number sequence.
In the threaded case the different threads will share one RNG state, so
they will produce different subsets of one sequence, which is maybe more
correlated than a purist would like but will not be "the same". So we
leave that case alone.
First noticed by Takahiro Itagaki, and is also part of the explanation
for the pgbench misbehavior recently reported by Jaime Casanova.
|
| |
|
|
|
|
|
|
| |
before we zap the input tuple. Otherwise, pass-by-reference columns of
the result slot are likely to contain just references to the input
tuple, leading to big trouble if the pfree'd space is reused. Per
trouble report from Jaime Casanova. This is a new bug in the recent
rewrite of EvalPlanQual, so nothing to back-patch.
|
| |
|
|
|
|
|
| |
A new system catalog pg_largeobject_metadata manages
ownership and access privileges of large objects.
KaiGai Kohei, reviewed by Jaime Casanova.
|
| | |
|
| |
|
|
| |
Takahiro Itagaki.
|
| |
|
|
| |
Support arrays as parameters and return values of PL/Python functions.
|
| |
|
|
|
|
|
|
| |
pg_ctl gets a new mode that runs initdb. Adjust the documentation a bit to
not assume that initdb is the only way to run database cluster initialization.
But don't replace initdb as the canonical way.
Author: Zdenek Kotala <Zdenek.Kotala@Sun.COM>
|
| |
|
|
|
|
| |
3 of the 7 relevant locations.
Marcin Mank, slightly adjusted by me.
|
| |
|
|
| |
7.4.27.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
an allegedly immutable index function. It was previously recognized that
we had to prevent such a function from executing SET/RESET ROLE/SESSION
AUTHORIZATION, or it could trivially obtain the privileges of the session
user. However, since there is in general no privilege checking for changes
of session-local state, it is also possible for such a function to change
settings in a way that might subvert later operations in the same session.
Examples include changing search_path to cause an unexpected function to
be called, or replacing an existing prepared statement with another one
that will execute a function of the attacker's choosing.
The present patch secures VACUUM, ANALYZE, and CREATE INDEX/REINDEX against
these threats, which are the same places previously deemed to need protection
against the SET ROLE issue. GUC changes are still allowed, since there are
many useful cases for that, but we prevent security problems by forcing a
rollback of any GUC change after completing the operation. Other cases are
handled by throwing an error if any change is attempted; these include temp
table creation, closing a cursor, and creating or deleting a prepared
statement. (In 7.4, the infrastructure to roll back GUC changes doesn't
exist, so we settle for rejecting changes of "search_path" in these contexts.)
Original report and patch by Gurjeet Singh, additional analysis by
Tom Lane.
Security: CVE-2009-4136
|
| |
|
|
| |
documentation when doing new major release.
|
| |
|
|
| |
more up-to-date with current versions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
attacks where an attacker would put <attack>\0<propername> in the field and
trick the validation code that the certificate was for <attack>.
This is a very low risk attack since it reuqires the attacker to trick the
CA into issuing a certificate with an incorrect field, and the common
PostgreSQL deployments are with private CAs, and not external ones. Also,
default mode in 8.4 does not do any name validation, and is thus also not
vulnerable - but the higher security modes are.
Backpatch all the way. Even though versions 8.3.x and before didn't have
certificate name validation support, they still exposed this field for
the user to perform the validation in the application code, and there
is no way to detect this problem through that API.
Security: CVE-2009-4034
|
| |
|
|
|
| |
Antarctica, Argentina, Bangladesh, Fiji, Novokuznetsk, Pakistan, Palestine,
Samoa, Syria. Also historical corrections for Hong Kong.
|
| | |
|
| |
|
|
| |
GNU site for gettext.
|
| |
|
|
|
|
|
|
|
|
| |
git mirror.
Remove information about cvsup and documentation that's more about cvs
than our use of cvs.
Backpatch to 8.4 so we get the git information up on the website as
soon as possible.
|
| |
|
|
|
|
|
|
| |
support any indexable commutative operator, not just equality. Two rows
violate the exclusion constraint if "row1.col OP row2.col" is TRUE for
each of the columns in the constraint.
Jeff Davis, reviewed by Robert Haas
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of expensive cross joins to resolve the ACL, add table-returning
function aclexplode() that expands the ACL into a useful form, and join
against that.
Also, implement the role_*_grants views as a thin layer over the respective
*_privileges views instead of essentially repeating the same code twice.
fixes bug #4596
by Joachim Wieland, with cleanup by me
|
| |
|
|
|
| |
Add a sentence of documentation about the differences between the
*_privileges and the role_*_grants views.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
in a subtransaction stays open even if the subtransaction is aborted, so
any temporary files related to it must stay alive as well. With the patch,
we use ResourceOwners to track open temporary files and don't automatically
close them at subtransaction end (though in the normal case temporary files
are registered with the subtransaction resource owner and will therefore be
closed).
At end of top transaction, we still check that there's no temporary files
marked as close-at-end-of-transaction open, but that's now just a debugging
cross-check as the resource owner cleanup should've closed them already.
|
| |
|
|
| |
by aborting a subtransaction. Per discussion with Heikki.
|
| |
|
|
| |
Apply full patch to enable thread-safety by default, e.g. doc changes.
|
| |
|
|
| |
optimization, so don't backpatch.
|
| |
|
|
|
|
|
|
| |
to the client by the server. This might seem pretty pointless but apparently
it will help pgbouncer, and perhaps other connection poolers. Anyway it's
practically free to do so for the normal use-case where appname is only set
in the startup packet --- we're just adding a few more bytes to the initial
ParameterStatus response packet. Per comments from Marko Kreen.
|
| |
|
|
|
|
|
|
|
|
|
| |
is made, include it in the startup-packet options. This makes it work more
like every other libpq connection option, in particular it now has the same
response to RESET ALL as the rest. This also saves one network round trip
for new applications using application_name. The cost is that if the server
is pre-8.5, it'll reject the startup packet altogether, forcing us to retry
the entire connection cycle. But on balance we shouldn't be optimizing that
case in preference to the behavior with a new server, especially when doing
so creates visible behavioral oddities. Per discussion.
|
| |
|
|
|
|
| |
Enable thread safety on all platforms. This will either be followed up
by a more extensive patch, or reverted, depending on the build farm
results.
|
| |
|
|
|
|
| |
Adjust psql -f - to behave like a normal file and honor the -1 flag.
Report from Robert Haas
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
locale-dependent character classification properly when the database encoding
is UTF8.
The previous coding worked okay in single-byte encodings, or in any case for
ASCII characters, but failed entirely on multibyte characters. The fix
assumes that the <wctype.h> functions use Unicode code points as the wchar
representation for Unicode, ie, wchar matches pg_wchar.
This is only a partial solution, since we're still stupid about non-ASCII
characters in multibyte encodings other than UTF8. The practical effect
of that is limited, however, since those cases are generally Far Eastern
glyphs for which concepts like case-folding don't apply anyway. Certainly
all or nearly all of the field reports of problems have been about UTF8.
A more general solution would require switching to the platform's wchar
representation for all regex operations; which is possible but would have
substantial disadvantages. Let's try this and see if it's sufficient in
practice.
|
| |
|
|
|
| |
Add ProcessUtility_hook() to handle all DDL to
contrib/pg_stat_statements.
|
| |
|
|
|
|
| |
Add ProcessUtility_hook() to handle all DDL to contrib/pg_stat_statements.
Itagaki Takahiro
|
| |
|
|
|
|
| |
Update hstore docs, mostly word-smithing.
David E. Wheeler
|
| |
|
|
|
| |
There is no reference to THREAD_SUPPORT outside configure, and it is
never set, so remove it.
|
| |
|
|
| |
Per report from Robert Gravsjö.
|
| |
|
|
|
| |
branch, which is how most actual code is actually structured. Also fix
slight whitespace misalignment.
|
| | |
|
| |
|
|
|
|
|
|
| |
we have to tell Perl it can release its compiled copy of the function
text. Noted by Alexey Klyukin.
Back-patch to 8.2 --- the problem exists further back, but this patch
won't work without modification, and it's probably not worth the trouble.
|
| | |
|
| |
|
|
|
| |
arrays in a pg_proc entry match. Seems like an easy mistake to make when
manually adjusting these values in a pg_proc.h entry.
|
| | |
|
| |
|
|
|
| |
being hidden when current_query is. Relocate it to a column position
more consistent with that behavior. Per discussion.
|
| |
|
|
| |
Joshua Tolley, reviewed by Brendan Jurd and Tim Bunce
|
| |
|
|
|
|
| |
pg_stat_activity and recorded in log entries.
Dave Page, reviewed by Andres Freund
|
| |
|
|
| |
Add link to exteran fsync testing script and our fsync test tool.
|
| |
|
|
|
| |
Improve test descriptions displayed during test_fsync; increase default
loops to 5k.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
by adding a requirement that build_join_rel add new join RelOptInfos to the
appropriate list immediately at creation. Per report from Robert Haas,
the list_concat_unique_ptr() calls that this change eliminates were taking
the lion's share of the runtime in larger join problems. This doesn't do
anything to fix the fundamental combinatorial explosion in large join
problems, but it should push out the threshold of pain a bit further.
Note: because this changes the order in which joinrel lists are built,
it might result in changes in selected plans in cases where different
alternatives have exactly the same costs. There is one example in the
regression tests.
|
| |
|
|
| |
vacuum.
|
| |
|
|
| |
comment.
|
