Robert Haas [Wed, 26 May 2010 12:32:41 +0000 (12:32 +0000)]
More fixes for shutdown during recovery.
1. If we receive a fast shutdown request while in the PM_STARTUP state,
process it just as we would in PM_RECOVERY, PM_HOT_STANDBY, or PM_RUN.
Without this change, an early fast shutdown followed by Hot Standby causes
the database to get stuck in a state where a shutdown is pending (so no new
connections are allowed) but the shutdown request is never processed unless
we end Hot Standby and enter normal running.
2. Avoid removing the backup label file when a smart or fast shutdown occurs
during recovery. It makes sense to do this once we've reached normal running,
since we must be taking a backup which now won't be valid. But during
recovery we must be recovering from a previously taken backup, and any backup
label file is needed to restart recovery from the right place.
Tom Lane [Tue, 25 May 2010 17:44:41 +0000 (17:44 +0000)]
Fix oversight in construction of sort/unique plans for UniquePaths.
If the original IN operator is cross-type, for example int8 = int4,
we need to use int4 < int4 to sort the inner data and int4 = int4
to unique-ify it. We got the first part of that right, but tried to
use the original IN operator for the equality checks. Per bug #5472
from Vlad Romascanu.
Backpatch to 8.4, where the bug was introduced by the patch that unified
SortClause and GroupClause. I was able to take out a whole lot of on-the-fly
calls of get_equality_op_for_ordering_op(), but failed to realize that
I needed to put one back in right here :-(
Robert Haas [Fri, 21 May 2010 17:37:44 +0000 (17:37 +0000)]
Unbreak \h; can't do strlen(NULL).
This was broken by the following commmit. Although the original commit was
backpatched all the way to 7.4, this particular bug exists only in the version
applied to HEAD.
Michael Meskes [Thu, 20 May 2010 22:10:46 +0000 (22:10 +0000)]
Ecpg now accepts "long long" datatypes even if "long" is 64bit wide. This used to cover the equally long "long long" type. This patch closes bug #5464.
Magnus Hagander [Thu, 20 May 2010 14:13:11 +0000 (14:13 +0000)]
Change the "N. Central Asia Standard Time" timezone to map to
Asia/Novosibirsk on Windows.
Microsoft changed the behaviour of this zone in the timezone update
from KB976098. The zones differ in handling of DST, and the old
zone was just removed.
Bruce Momjian [Wed, 19 May 2010 18:27:43 +0000 (18:27 +0000)]
For pg_upgrade, update template0's datfrozenxid and its relfrozenxids to
match the behavior of autovacuum, which does this as the xid advances
even if autovacuum is turned off.
Robert Haas [Sun, 16 May 2010 04:35:04 +0000 (04:35 +0000)]
Insert line breaks in two places in SQL functions documentation.
This avoids a formatting problem in the PDF output. In the HTML output this
isn't necessary, but we've done similar things elsewhere in the documentation
so I think it's OK to do it here, too. I've refrained from breaking a longish
error message which also causes problems for the PDF output, because that would
make the HTML output look wrong.
Tom Lane [Sat, 15 May 2010 21:41:16 +0000 (21:41 +0000)]
Ensure that pg_restore -l will output DATABASE entries whether or not -C
is specified. Per bug report from Russell Smith and ensuing discussion.
Since this is a corner case behavioral change, I'm going to be conservative
and not back-patch it.
In passing, also rename the RestoreOptions field for the -C switch to
something less generic than "create".
Tom Lane [Sat, 15 May 2010 18:11:07 +0000 (18:11 +0000)]
Improve documentation of pg_restore's -l and -L switches to point out their
interactions with filtering switches, such as -n and -t. Per a complaint
from Russell Smith.
Simon Riggs [Sat, 15 May 2010 07:14:43 +0000 (07:14 +0000)]
Fix bug in processing of checkpoint time for max_standby_delay. Latest
log time was incorrectly set, typically leading to dates in the past,
which would cause more cancellations in Hot Standby on a quiet server.
Tom Lane [Thu, 13 May 2010 18:29:12 +0000 (18:29 +0000)]
Prevent PL/Tcl from loading the "unknown" module from pltcl_modules unless
that is a regular table or view owned by a superuser. This prevents a
trojan horse attack whereby any unprivileged SQL user could create such a
table and insert code into it that would then get executed in other users'
sessions whenever they call pltcl functions.
Worse yet, because the code was automatically loaded into both the "normal"
and "safe" interpreters at first use, the attacker could execute unrestricted
Tcl code in the "normal" interpreter without there being any pltclu functions
anywhere, or indeed anyone else using pltcl at all: installing pltcl is
sufficient to open the hole. Change the initialization logic so that the
"unknown" code is only loaded into an interpreter when the interpreter is
first really used. (That doesn't add any additional security in this
particular context, but it seems a prudent change, and anyway the former
behavior violated the principle of least astonishment.)
Andrew Dunstan [Thu, 13 May 2010 16:39:43 +0000 (16:39 +0000)]
Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is
fundamentally insecure. Instead apply an opmask to the whole interpreter that
imposes restrictions on unsafe operations. These restrictions are much harder
to subvert than is Safe.pm, since there is no container to be broken out of.
Backported to release 7.4.
In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of
the two interpreters model for plperl and plperlu adopted in release 8.2.
In versions 8.0 and up, the use of Perl's POSIX module to undo its locale
mangling on Windows has become insecure with these changes, so it is
replaced by our own routine, which is also faster.
Nice side effects of the changes include that it is now possible to use perl's
"strict" pragma in a natural way in plperl, and that perl's $a and
$b variables now work as expected in sort routines, and that function
compilation is significantly faster.
Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and
Alexey Klyukin.
Magnus Hagander [Thu, 13 May 2010 15:58:15 +0000 (15:58 +0000)]
Assorted fixes to make pg_upgrade build on MSVC.
* There is no chmod() on Windows.
* Must always use the 3-parameter version of open()
* There is no dynloader.h - but it also appears unnecessary on all platforms
* Don't include shlobj.h because it causes compile errors, and from what I can
see it's not actually used. This may need to be added back for mingw
and/or cygwin in the worst case.
Simon Riggs [Thu, 13 May 2010 11:39:30 +0000 (11:39 +0000)]
Ensure that top level aborts call XLogSetAsyncCommit(). Not doing
so simply leads to data waiting in wal_buffers which then causes
later commits to potentially do emergency writes and for all forms
of replication to be potentially delayed without need or benefit.
Issue pointed out exactly by Fujii Masao, following bug report
by Robert Haas on a separate though related topic.
Simon Riggs [Thu, 13 May 2010 11:15:38 +0000 (11:15 +0000)]
Cleanup initialization of Hot Standby. Clarify working with reanalysis
of requirements and documentation on LogStandbySnapshot(). Fixes
two minor bugs reported by Tom Lane that would lead to an incorrect
snapshot after transaction wraparound. Also fix two other problems
discovered that would give incorrect snapshots in certain cases.
ProcArrayApplyRecoveryInfo() substantially rewritten. Some minor
refactoring of xact_redo_apply() and ExpireTreeKnownAssignedTransactionIds().
Tom Lane [Wed, 12 May 2010 16:50:00 +0000 (16:50 +0000)]
Clean up unnecessary unportability and compiler warnings by removing the
cmp parameter for pg_scandir(). The code failed to support this anyway
for Sun/Windows, so pretending we could accept a parameter other than
NULL was just asking for trouble.
Tom Lane [Tue, 11 May 2010 23:01:27 +0000 (23:01 +0000)]
Update time zone data files to tzdata release 2010j: DST law changes in
Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan,
Palestine, Russia, Syria, Tunisia. Historical corrections for Taiwan.
Tom Lane [Tue, 11 May 2010 22:36:52 +0000 (22:36 +0000)]
Add PKST to the default set of timezone abbreviations.
Per discussion, if we have PKT in there then PKST should be too.
Also, fix mistaken claim that these abbrevs are not known to zic.
Tom Lane [Tue, 11 May 2010 16:42:28 +0000 (16:42 +0000)]
Cause the archiver process to adopt new postgresql.conf settings (particularly
archive_command) as soon as possible, namely just before issuing a new call
of archive_command, even when there is a backlog of files to be archived.
The original coding would only absorb new settings after clearing the backlog
and returning to the outer loop. Per discussion.
Back-patch to 8.3. The logic in prior versions is a bit different and it
doesn't seem worth taking any risks of breaking it.
Tom Lane [Tue, 11 May 2010 15:31:37 +0000 (15:31 +0000)]
Fix incorrect patch that removed permission checks on inheritance child
tables --- the parent table no longer got checked, either. Per bug #5458
from Takahiro Itagaki.
Itagaki Takahiro [Tue, 11 May 2010 04:52:28 +0000 (04:52 +0000)]
Set per-function GUC settings during validating the function.
Now validators work properly even when the settings contain
parameters that affect behavior of the function, like search_path.
Tom Lane [Mon, 10 May 2010 16:25:46 +0000 (16:25 +0000)]
When adding a "target IS NOT NULL" indexqual to the plan for an index-optimized
MIN or MAX, we must take care to insert the added qual in a legal place among
the existing indexquals, if any. The btree index AM requires the quals to
appear in index-column order. We didn't have to worry about this before
because "target IS NOT NULL" was just treated as a plain scan filter condition;
but as of 9.0 it can be an index qual and then it has to follow the rule.
Per report from Ian Barwick.