Tom Lane [Wed, 3 Mar 2010 19:10:22 +0000 (19:10 +0000)]
Make contrib/xml2 use core xml.c's error handler, when available (that is,
in versions >= 8.3). The core code is more robust and efficient than what
was there before, and this also reduces risks involved in swapping different
libxml error handler settings.
Before 8.3, there is still some risk of problems if add-on modules such as
Perl invoke libxml without setting their own error handler. Given the lack
of reports I'm not sure there's a risk in practice, so I didn't take the
step of actually duplicating the core code into older contrib/xml2 branches.
Instead I just tweaked the existing code to ensure it didn't leave a dangling
pointer to short-lived memory when throwing an error.
Tom Lane [Wed, 3 Mar 2010 17:29:45 +0000 (17:29 +0000)]
Export xml.c's libxml-error-handling support so that contrib/xml2 can use it
too, instead of duplicating the functionality (badly).
I renamed xml_init to pg_xml_init, because the former seemed just a bit too
generic to be safe as a global symbol. I considered likewise renaming
xml_ereport to pg_xml_ereport, but felt that the reference to ereport probably
made it sufficiently PG-centric already.
Tom Lane [Wed, 3 Mar 2010 01:53:17 +0000 (01:53 +0000)]
Instead of trying (and failing) to allow <<label>> at the end of a DECLARE
section, throw an error message saying explicitly that the label must go
before DECLARE. Per investigation of a recent pgsql-novice question,
this code did not work as intended in any modern PG version, maybe not ever.
Allowing such a thing would only create ambiguity anyway, so it seems better
to remove it than fix it.
Bruce Momjian [Tue, 2 Mar 2010 23:38:17 +0000 (23:38 +0000)]
Adjust max_standby_delay documentation to be clearer, and mention that
two adjacent long-running queries have much less than max_standby_delay
before query cancel is possible.
Bruce Momjian [Tue, 2 Mar 2010 21:18:59 +0000 (21:18 +0000)]
Document the effect of max_standby_delay on increasing the delay of data
from master to slave, and discourage its use during slave/master
keep-xid-alive connections.
Tom Lane [Tue, 2 Mar 2010 16:14:39 +0000 (16:14 +0000)]
Cause plpgsql to throw an error if "INTO rowtype_var" is followed by a comma.
Per bug #5352, this helps to provide a useful error message if the user
tries to do something presently unsupported, namely use a rowtype variable
as a member of a multiple-item INTO list.
Fix numericlocale psql option when used with a null string and latex and troff
formats; a null string must not be formatted as a numeric. The more exotic
formats latex and troff also incorrectly formatted all strings as numerics
when numericlocale was on.
Backpatch to 8.1 where numericlocale option was added.
Tom Lane [Mon, 1 Mar 2010 18:07:59 +0000 (18:07 +0000)]
Fix contrib/xml2 so regression test still works when it's built without libxslt.
This involves modifying the module to have a stable ABI, that is, the
xslt_process() function still exists even without libxslt. It throws a
runtime error if called, but doesn't prevent executing the CREATE FUNCTION
call. This is a good thing anyway to simplify cross-version upgrades.
Magnus Hagander [Mon, 1 Mar 2010 16:02:01 +0000 (16:02 +0000)]
It's clearly now pointless to do backwards compatible parsing of this,
since we released a version without it, so remove the comment that
says we might want to do that.
Tom Lane [Mon, 1 Mar 2010 05:16:35 +0000 (05:16 +0000)]
Remove xmlCleanupParser calls from contrib/xml2.
These are unnecessary and probably dangerous. I don't see any immediate
risk situations in the core XML support or contrib/xml2 itself, but there
could be issues with external uses of libxml2, and in any case it's an
accident waiting to happen.
Tom Lane [Sun, 28 Feb 2010 21:31:57 +0000 (21:31 +0000)]
Fix up memory management problems in contrib/xml2.
Get rid of the code that attempted to funnel libxml2's memory allocations
into palloc. We already knew from experience with the core xml datatype
that trying to do this is simply not reliable. Unlike the core code, I
did not bother adding a lot of PG_TRY/PG_CATCH logic to try to ensure that
everything is cleaned up on error exit. Hence, we might leak some memory
if one of these functions fails partway through. Given the deprecated
status of this contrib module and the fact that errors partway through
the functions shouldn't be too common, it doesn't seem worth worrying about.
Also fix a separate bug in xpath_table, that it did the wrong things
if given a result tuple descriptor with less than 2 columns. While
such a case isn't very useful in practice, we shouldn't fail or stomp
memory when it occurs.
Add some simple regression tests based on all the reported crash cases
that I have on hand.
This should be back-patched, but let's see if the buildfarm likes it first.
Greg Stark [Sun, 28 Feb 2010 21:05:30 +0000 (21:05 +0000)]
Second try at fsyncing directories in CREATE DATABASE. Let's see what the build farm says of opening directories read-only and ignoring EBADF from fsync of directories
Tom Lane [Sat, 27 Feb 2010 21:53:21 +0000 (21:53 +0000)]
Insert a hack into get_float8_nan (both core and ecpg copies) to deal with
the fact that NetBSD/mips is currently broken, as per buildfarm member pika.
Also add regression tests to ensure that get_float8_nan and get_float4_nan
are exercised even on platforms where they are not needed by
float8in/float4in.
Tom Lane [Thu, 25 Feb 2010 20:59:53 +0000 (20:59 +0000)]
Allow predicate_refuted_by() to deduce that NOT A refutes A.
We had originally made the stronger assumption that NOT A refutes any B
if B implies A, but this fails in three-valued logic, because we need to
prove B is false not just that it's not true. However the logic does
go through if B is equal to A.
Recognizing this limited case is enough to handle examples that arise when
we have simplified "bool_var = true" or "bool_var = false" to just "bool_var"
or "NOT bool_var". If we had not done that simplification then the
btree-operator proof logic would have been able to prove that the expressions
were contradictory, but only for identical expressions being compared to the
constants; so handling identical A and B covers all the same cases.
The motivation for doing this is to avoid unexpected asymmetrical behavior
when a partitioned table uses a boolean partitioning column, as in today's
gripe from Dominik Sander.
Back-patch to 8.2, which is as far back as predicate_refuted_by attempts to
do anything at all with NOTs.
Magnus Hagander [Thu, 25 Feb 2010 13:26:16 +0000 (13:26 +0000)]
Add configuration parameter ssl_renegotiation_limit to control
how often we do SSL session key renegotiation. Can be set to
0 to disable renegotiation completely, which is required if
a broken SSL library is used (broken patches to CVE-2009-3555
a known cause) or when using a client library that can't do
renegotiation.
Tom Lane [Wed, 24 Feb 2010 18:02:24 +0000 (18:02 +0000)]
Allow zero-dimensional (ie, empty) arrays in contrib/ltree operations.
The main motivation for changing this is bug #4921, in which it's pointed out
that it's no longer safe to apply ltree operations to the result of
ARRAY(SELECT ...) if the sub-select might return no rows. Before 8.3,
the ARRAY() construct would return NULL, which might or might not be helpful
but at least it wouldn't result in an error. Now it returns an empty array
which results in a failure for no good reason, since the ltree operations
are all perfectly capable of dealing with zero-element arrays.
As far as I can find, these ltree functions are the only places where zero
array dimensionality is rejected unnecessarily.
Back-patch to 8.3 to prevent behavioral regression of queries that worked
in older releases.
Tom Lane [Wed, 24 Feb 2010 02:42:55 +0000 (02:42 +0000)]
Fix patch for printing backend and pg_dump versions so that it works in
a desirable fashion in archive-dump cases, ie you should get the pg_dump
version not the pg_restore version.
Tom Lane [Wed, 24 Feb 2010 02:15:58 +0000 (02:15 +0000)]
Un-break pg_dump for the case of zero-column tables.
This was evidently broken by the CREATE TABLE OF TYPE patch. It would have
been noticed if anyone had bothered to try dumping and restoring the
regression database ...
Tom Lane [Wed, 24 Feb 2010 01:57:16 +0000 (01:57 +0000)]
Use CREATE OR REPLACE LANGUAGE in pg_dump to avoid the need for a couple of
significantly uglier kluges that were working around the change in plpgsql's
preinstalled status.
Tom Lane [Wed, 24 Feb 2010 01:35:14 +0000 (01:35 +0000)]
Make pg_regress use CREATE OR REPLACE LANGUAGE, so that --load-language
will work whether or not the specified language is preinstalled. This
responds to some complaints about having to change test scripts because
plpgsql is preinstalled as of 9.0.
Tom Lane [Tue, 23 Feb 2010 22:51:43 +0000 (22:51 +0000)]
Add an OR REPLACE option to CREATE LANGUAGE.
This operates in the same way as other CREATE OR REPLACE commands, ie,
it replaces everything but the ownership and ACL lists of an existing
entry, and requires the caller to have owner privileges for that entry.
While modifying an existing language has some use in development scenarios,
in typical usage all the "replaced" values come from pg_pltemplate so there
will be no actual change in the language definition. The reason for adding
this is mainly to allow programs to ensure that a language exists without
triggering an error if it already does exist.
This commit just adds and documents the new option. A followon patch
will use it to clean up some unpleasant cases in pg_dump and pg_regress.
Tom Lane [Tue, 23 Feb 2010 18:35:07 +0000 (18:35 +0000)]
Fix configure's regexp for extracting the Perl version number from perl -v
output. Per bug #5339, Perl 5.11 has changed the format of that output
enough to break the previous coding.
Tom Lane [Tue, 23 Feb 2010 16:55:22 +0000 (16:55 +0000)]
Minor style policing for error messages in pg_dump tar code. Notably, change
"dumping data out of order is not supported" to "restoring data out of order
is not supported", because you get that error during pg_restore not pg_dump.
Also fix some comments that didn't look so good after being pgindented as
perhaps they did originally.
Tom Lane [Mon, 22 Feb 2010 15:29:46 +0000 (15:29 +0000)]
Let's try forcing errno to zero before issuing fsync. The current buildfarm
results claiming EBADF seem improbable enough that I'm not convinced fsync
is really returning that --- could it be failing to set errno at all?
Tom Lane [Mon, 22 Feb 2010 15:26:14 +0000 (15:26 +0000)]
Adjust pg_fsync_writethrough so that it will set errno when failing
on a platform that doesn't support this operation. The former coding
would allow an unrelated errno to be reported, which would be quite
misleading. Not sure if this has anything to do with the current
buildfarm failures, but it's certainly bogus as-is.
Move documentation of all recovery.conf option to a new chapter.
They used to be scattered between the "backup and restore" and "streaming
replication" chapters.
Tom Lane [Sat, 20 Feb 2010 21:24:02 +0000 (21:24 +0000)]
Clean up handling of XactReadOnly and RecoveryInProgress checks.
Add some checks that seem logically necessary, in particular let's make
real sure that HS slave sessions cannot create temp tables. (If they did
they would think that temp tables belonging to the master's session with
the same BackendId were theirs. We *must* not allow myTempNamespace to
become set in a slave session.)
Change setval() and nextval() so that they are only allowed on temp sequences
in a read-only transaction. This seems consistent with what we allow for
table modifications in read-only transactions. Since an HS slave can't have a
temp sequence, this also provides a nicer cure for the setval PANIC reported
by Erik Rijkers.
Make the error messages more uniform, and have them mention the specific
command being complained of. This seems worth the trifling amount of extra
code, since people are likely to see such messages a lot more than before.