Bruce Momjian [Mon, 8 Mar 2010 23:03:00 +0000 (23:03 +0000)]
Return proper exit code (3) from psql when ON_ERROR_STOP=on and
--single-transaction are both used and the failure happens in commit,
e.g. failed deferred trigger. Also properly free BEGIN/COMMIT result
structures from --single-transaction.
Tom Lane [Sat, 6 Mar 2010 23:10:42 +0000 (23:10 +0000)]
Fix warning messages in restrict_and_check_grant() to include the column name
when warning about column-level privileges. This is more useful than before
and makes the apparent duplication complained of by Piyush Newe not so
duplicate. Also fix lack of quote marks in a related message text.
Back-patch to 8.4, where column-level privileges were introduced.
Tom Lane [Sat, 6 Mar 2010 00:45:49 +0000 (00:45 +0000)]
When reading pg_hba.conf and similar files, do not treat @file as an inclusion
unless (1) the @ isn't quoted and (2) the filename isn't empty. This guards
against unexpectedly treating usernames or other strings in "flat files"
as inclusion requests, as seen in a recent trouble report from Ed L.
The empty-filename case would be guaranteed to misbehave anyway, because our
subsequent path-munging behavior results in trying to read the directory
containing the current input file.
I think this might finally explain the report at
http://archives.postgresql.org/pgsql-bugs/2004-05/msg00132.php
of a crash after printing "authentication file token too long, skipping",
since I was able to duplicate that message (though not a crash) on a
platform where stdio doesn't refuse to read directories. We never got
far in investigating that problem, but now I'm suspicious that the trigger
condition was an @ in the flat password file.
Back-patch to all active branches since the problem can be demonstrated in all
branches except HEAD. The test case, creating a user named "@", doesn't cause
a problem in HEAD since we got rid of the flat password file. Nonetheless it
seems like a good idea to not consider quoted @ as a file inclusion spec,
so I changed HEAD too.
Tom Lane [Wed, 3 Mar 2010 20:31:09 +0000 (20:31 +0000)]
Fix a couple of places that would loop forever if attempts to read a stdio file
set ferror() but never set feof(). This is known to be the case for recent
glibc when trying to read a directory as a file, and might be true for other
platforms/cases too. Per report from Ed L. (There is more that we ought to
do about his report, but this is one easily identifiable issue.)
Tom Lane [Wed, 3 Mar 2010 19:10:22 +0000 (19:10 +0000)]
Make contrib/xml2 use core xml.c's error handler, when available (that is,
in versions >= 8.3). The core code is more robust and efficient than what
was there before, and this also reduces risks involved in swapping different
libxml error handler settings.
Before 8.3, there is still some risk of problems if add-on modules such as
Perl invoke libxml without setting their own error handler. Given the lack
of reports I'm not sure there's a risk in practice, so I didn't take the
step of actually duplicating the core code into older contrib/xml2 branches.
Instead I just tweaked the existing code to ensure it didn't leave a dangling
pointer to short-lived memory when throwing an error.
Tom Lane [Wed, 3 Mar 2010 17:29:45 +0000 (17:29 +0000)]
Export xml.c's libxml-error-handling support so that contrib/xml2 can use it
too, instead of duplicating the functionality (badly).
I renamed xml_init to pg_xml_init, because the former seemed just a bit too
generic to be safe as a global symbol. I considered likewise renaming
xml_ereport to pg_xml_ereport, but felt that the reference to ereport probably
made it sufficiently PG-centric already.
Tom Lane [Wed, 3 Mar 2010 01:53:17 +0000 (01:53 +0000)]
Instead of trying (and failing) to allow <<label>> at the end of a DECLARE
section, throw an error message saying explicitly that the label must go
before DECLARE. Per investigation of a recent pgsql-novice question,
this code did not work as intended in any modern PG version, maybe not ever.
Allowing such a thing would only create ambiguity anyway, so it seems better
to remove it than fix it.
Bruce Momjian [Tue, 2 Mar 2010 23:38:17 +0000 (23:38 +0000)]
Adjust max_standby_delay documentation to be clearer, and mention that
two adjacent long-running queries have much less than max_standby_delay
before query cancel is possible.
Bruce Momjian [Tue, 2 Mar 2010 21:18:59 +0000 (21:18 +0000)]
Document the effect of max_standby_delay on increasing the delay of data
from master to slave, and discourage its use during slave/master
keep-xid-alive connections.
Tom Lane [Tue, 2 Mar 2010 16:14:39 +0000 (16:14 +0000)]
Cause plpgsql to throw an error if "INTO rowtype_var" is followed by a comma.
Per bug #5352, this helps to provide a useful error message if the user
tries to do something presently unsupported, namely use a rowtype variable
as a member of a multiple-item INTO list.
Fix numericlocale psql option when used with a null string and latex and troff
formats; a null string must not be formatted as a numeric. The more exotic
formats latex and troff also incorrectly formatted all strings as numerics
when numericlocale was on.
Backpatch to 8.1 where numericlocale option was added.
Tom Lane [Mon, 1 Mar 2010 18:07:59 +0000 (18:07 +0000)]
Fix contrib/xml2 so regression test still works when it's built without libxslt.
This involves modifying the module to have a stable ABI, that is, the
xslt_process() function still exists even without libxslt. It throws a
runtime error if called, but doesn't prevent executing the CREATE FUNCTION
call. This is a good thing anyway to simplify cross-version upgrades.
Magnus Hagander [Mon, 1 Mar 2010 16:02:01 +0000 (16:02 +0000)]
It's clearly now pointless to do backwards compatible parsing of this,
since we released a version without it, so remove the comment that
says we might want to do that.
Tom Lane [Mon, 1 Mar 2010 05:16:35 +0000 (05:16 +0000)]
Remove xmlCleanupParser calls from contrib/xml2.
These are unnecessary and probably dangerous. I don't see any immediate
risk situations in the core XML support or contrib/xml2 itself, but there
could be issues with external uses of libxml2, and in any case it's an
accident waiting to happen.
Tom Lane [Sun, 28 Feb 2010 21:31:57 +0000 (21:31 +0000)]
Fix up memory management problems in contrib/xml2.
Get rid of the code that attempted to funnel libxml2's memory allocations
into palloc. We already knew from experience with the core xml datatype
that trying to do this is simply not reliable. Unlike the core code, I
did not bother adding a lot of PG_TRY/PG_CATCH logic to try to ensure that
everything is cleaned up on error exit. Hence, we might leak some memory
if one of these functions fails partway through. Given the deprecated
status of this contrib module and the fact that errors partway through
the functions shouldn't be too common, it doesn't seem worth worrying about.
Also fix a separate bug in xpath_table, that it did the wrong things
if given a result tuple descriptor with less than 2 columns. While
such a case isn't very useful in practice, we shouldn't fail or stomp
memory when it occurs.
Add some simple regression tests based on all the reported crash cases
that I have on hand.
This should be back-patched, but let's see if the buildfarm likes it first.
Greg Stark [Sun, 28 Feb 2010 21:05:30 +0000 (21:05 +0000)]
Second try at fsyncing directories in CREATE DATABASE. Let's see what the build farm says of opening directories read-only and ignoring EBADF from fsync of directories
Tom Lane [Sat, 27 Feb 2010 21:53:21 +0000 (21:53 +0000)]
Insert a hack into get_float8_nan (both core and ecpg copies) to deal with
the fact that NetBSD/mips is currently broken, as per buildfarm member pika.
Also add regression tests to ensure that get_float8_nan and get_float4_nan
are exercised even on platforms where they are not needed by
float8in/float4in.
Tom Lane [Thu, 25 Feb 2010 20:59:53 +0000 (20:59 +0000)]
Allow predicate_refuted_by() to deduce that NOT A refutes A.
We had originally made the stronger assumption that NOT A refutes any B
if B implies A, but this fails in three-valued logic, because we need to
prove B is false not just that it's not true. However the logic does
go through if B is equal to A.
Recognizing this limited case is enough to handle examples that arise when
we have simplified "bool_var = true" or "bool_var = false" to just "bool_var"
or "NOT bool_var". If we had not done that simplification then the
btree-operator proof logic would have been able to prove that the expressions
were contradictory, but only for identical expressions being compared to the
constants; so handling identical A and B covers all the same cases.
The motivation for doing this is to avoid unexpected asymmetrical behavior
when a partitioned table uses a boolean partitioning column, as in today's
gripe from Dominik Sander.
Back-patch to 8.2, which is as far back as predicate_refuted_by attempts to
do anything at all with NOTs.
Magnus Hagander [Thu, 25 Feb 2010 13:26:16 +0000 (13:26 +0000)]
Add configuration parameter ssl_renegotiation_limit to control
how often we do SSL session key renegotiation. Can be set to
0 to disable renegotiation completely, which is required if
a broken SSL library is used (broken patches to CVE-2009-3555
a known cause) or when using a client library that can't do
renegotiation.
Tom Lane [Wed, 24 Feb 2010 18:02:24 +0000 (18:02 +0000)]
Allow zero-dimensional (ie, empty) arrays in contrib/ltree operations.
The main motivation for changing this is bug #4921, in which it's pointed out
that it's no longer safe to apply ltree operations to the result of
ARRAY(SELECT ...) if the sub-select might return no rows. Before 8.3,
the ARRAY() construct would return NULL, which might or might not be helpful
but at least it wouldn't result in an error. Now it returns an empty array
which results in a failure for no good reason, since the ltree operations
are all perfectly capable of dealing with zero-element arrays.
As far as I can find, these ltree functions are the only places where zero
array dimensionality is rejected unnecessarily.
Back-patch to 8.3 to prevent behavioral regression of queries that worked
in older releases.
Tom Lane [Wed, 24 Feb 2010 02:42:55 +0000 (02:42 +0000)]
Fix patch for printing backend and pg_dump versions so that it works in
a desirable fashion in archive-dump cases, ie you should get the pg_dump
version not the pg_restore version.
Tom Lane [Wed, 24 Feb 2010 02:15:58 +0000 (02:15 +0000)]
Un-break pg_dump for the case of zero-column tables.
This was evidently broken by the CREATE TABLE OF TYPE patch. It would have
been noticed if anyone had bothered to try dumping and restoring the
regression database ...
Tom Lane [Wed, 24 Feb 2010 01:57:16 +0000 (01:57 +0000)]
Use CREATE OR REPLACE LANGUAGE in pg_dump to avoid the need for a couple of
significantly uglier kluges that were working around the change in plpgsql's
preinstalled status.
Tom Lane [Wed, 24 Feb 2010 01:35:14 +0000 (01:35 +0000)]
Make pg_regress use CREATE OR REPLACE LANGUAGE, so that --load-language
will work whether or not the specified language is preinstalled. This
responds to some complaints about having to change test scripts because
plpgsql is preinstalled as of 9.0.
Tom Lane [Tue, 23 Feb 2010 22:51:43 +0000 (22:51 +0000)]
Add an OR REPLACE option to CREATE LANGUAGE.
This operates in the same way as other CREATE OR REPLACE commands, ie,
it replaces everything but the ownership and ACL lists of an existing
entry, and requires the caller to have owner privileges for that entry.
While modifying an existing language has some use in development scenarios,
in typical usage all the "replaced" values come from pg_pltemplate so there
will be no actual change in the language definition. The reason for adding
this is mainly to allow programs to ensure that a language exists without
triggering an error if it already does exist.
This commit just adds and documents the new option. A followon patch
will use it to clean up some unpleasant cases in pg_dump and pg_regress.
Tom Lane [Tue, 23 Feb 2010 18:35:07 +0000 (18:35 +0000)]
Fix configure's regexp for extracting the Perl version number from perl -v
output. Per bug #5339, Perl 5.11 has changed the format of that output
enough to break the previous coding.
Tom Lane [Tue, 23 Feb 2010 16:55:22 +0000 (16:55 +0000)]
Minor style policing for error messages in pg_dump tar code. Notably, change
"dumping data out of order is not supported" to "restoring data out of order
is not supported", because you get that error during pg_restore not pg_dump.
Also fix some comments that didn't look so good after being pgindented as
perhaps they did originally.