git.postgresql.org Git - postgresql.git/log
Tom Lane [2010年5月26日 21:39:27 +0000 (21:39 +0000)]
Rearrange libpq's SSL initialization to simplify it and make it handle some
additional cases correctly. The original coding failed to load additional
(chain) certificates from the client cert file, meaning that indirectly signed
client certificates didn't work unless one hacked the server's root.crt file
to include intermediate CAs (not the desired approach). Another problem was
that everything got loaded into the shared SSL_context object, which meant
that concurrent connections trying to use different sslcert settings could
well fail due to conflicting over the single available slot for a keyed
certificate.
To fix, get rid of the use of SSL_CTX_set_client_cert_cb(), which is
deprecated anyway in the OpenSSL documentation, and instead just
unconditionally load the client cert and private key during connection
initialization. This lets us use SSL_CTX_use_certificate_chain_file(),
which does the right thing with additional certs, and is lots simpler than
the previous hacking about with BIO-level access. A small disadvantage is
that we have to load the primary client cert a second time with
SSL_use_certificate_file, so that that one ends up in the correct slot
within the connection's SSL object where it can get paired with the key.
Given the other overhead of making an SSL connection, that doesn't seem
worth worrying about.
Per discussion ensuing from bug #5468.
Tom Lane [2010年5月26日 20:47:13 +0000 (20:47 +0000)]
Fix bogus error message for SSL-cert authentication, due to lack of
a uaCert entry in auth_failed(). Put the switch entries into a sane
order, namely the one the enum is declared in.
HS Defer buffer pin deadlock check until deadlock_timeout has expired.
During Hot Standby we need to check for buffer pin deadlocks when the
Startup process begins to wait, in case it never wakes up again. We
previously made the deadlock check immediately on the basis it was
cheap, though clearer thinking and prima facie evidence shows that
was too simple. Refactor existing code to make it easy to add in
deferral of deadlock check until deadlock_timeout allowing a good
reduction in deadlock checks since far few buffer pins are held for
that duration. It's worth doing anyway, though major goal is to
prevent further reports of context switching with high numbers of
users on occasional tests.
Fix psql help: \da+ is same as \da, but \daS is not.
Noted by Stephen Frost.
Tom Lane [2010年5月26日 16:43:13 +0000 (16:43 +0000)]
The message style police pay a visit to hba.c.
Tom Lane [2010年5月26日 16:15:57 +0000 (16:15 +0000)]
Minor editorialization for be-secure.c: fix comments and some formatting
infelicities.
Tom Lane [2010年5月26日 15:52:37 +0000 (15:52 +0000)]
Tell openssl to include the names of the root certs the server trusts in
requests for client certs. This lets a client with a keystore select the
appropriate client certificate to send. In particular, this is necessary
to get Java clients to work in all but the most trivial configurations.
Per discussion of bug #5468.
Craig Ringer
More fixes for shutdown during recovery.
1. If we receive a fast shutdown request while in the PM_STARTUP state,
process it just as we would in PM_RECOVERY, PM_HOT_STANDBY, or PM_RUN.
Without this change, an early fast shutdown followed by Hot Standby causes
the database to get stuck in a state where a shutdown is pending (so no new
connections are allowed) but the shutdown request is never processed unless
we end Hot Standby and enter normal running.
2. Avoid removing the backup label file when a smart or fast shutdown occurs
during recovery. It makes sense to do this once we've reached normal running,
since we must be taking a backup which now won't be valid. But during
recovery we must be recovering from a previously taken backup, and any backup
label file is needed to restart recovery from the right place.
Fujii Masao and Robert Haas
Tom Lane [2010年5月25日 22:03:27 +0000 (22:03 +0000)]
Add missing newlines to some SSL-related error messages. Noted while testing.
Tom Lane [2010年5月25日 17:44:41 +0000 (17:44 +0000)]
Fix oversight in construction of sort/unique plans for UniquePaths.
If the original IN operator is cross-type, for example int8 = int4,
we need to use int4 < int4 to sort the inner data and int4 = int4
to unique-ify it. We got the first part of that right, but tried to
use the original IN operator for the equality checks. Per bug #5472
from Vlad Romascanu.
Backpatch to 8.4, where the bug was introduced by the patch that unified
SortClause and GroupClause. I was able to take out a whole lot of on-the-fly
calls of get_equality_op_for_ordering_op(), but failed to realize that
I needed to put one back in right here :-(
Replace self written 'long long int' configure test by standard 'AC_TYPE_LONG_LONG_INT' macro call.
Remove IMPLEMENTATION.jp file from pg_upgrade docs; still in pgFoundry
for pg_migrator, per suggestion from Magnus.
Update pg_upgrade IMPLEMENTATION doc file to match current 9.0 behavior.
Modify pg_standby, pgbench, and pg_upgrade manual pages to be consistent
in their display of command-line options with other client applications.
Add pg_upgrade docs about binary compatibility, per Robert Haas.
Added a configure test for "long long" datatypes. So far this is only used in ecpg and replaces the old test that was kind of hackish.
Add Japanese Implementation file to CVS.
Re-order pg_upgrade 'help' options to be alphabetical.
In pg_upgrade, test for datallowconn instead of hardcoding template0.
Update pg_upgrade docs to show options in alphabetical order, and
improve 8.3 doc limitations paragraph.
Split apart pg_upgrade user lookup and root check so '--help' shows
proper default username.
Tom Lane [2010年5月23日 16:54:13 +0000 (16:54 +0000)]
issue_warnings() has no business freeing its parameter, especially not when
its sole caller does that too. Jan Matousek, via Pavel Stehule
Tom Lane [2010年5月23日 16:34:38 +0000 (16:34 +0000)]
Fix oversight in join removal patch: we have to delete the removed relation
from SpecialJoinInfo relid sets as well. Per example from Vaclav Novotny.
Unbreak \h; can't do strlen(NULL).
This was broken by the following commmit. Although the original commit was
backpatched all the way to 7.4, this particular bug exists only in the version
applied to HEAD.
http://archives.postgresql.org/pgsql-committers/2010-05/msg00058.php
Ecpg now accepts "long long" datatypes even if "long" is 64bit wide. This used to cover the equally long "long long" type. This patch closes bug #5464.
Tom Lane [2010年5月20日 20:32:27 +0000 (20:32 +0000)]
Fix index entry for lo_compat_privileges, per bug #5467 from KOIZUMI Satoru.
Change the "N. Central Asia Standard Time" timezone to map to
Asia/Novosibirsk on Windows.
Microsoft changed the behaviour of this zone in the timezone update
from KB976098. The zones differ in handling of DST, and the old
zone was just removed.
Noted by Dmitry Funk
Show oid2name command-line arguments in documentation like we do for
non-contrib command-line tools (no longer in a single table display).
SGML markup cleanup for pg_upgrade.
Doc change: Rename of directory no longer required for pg_migrator 9.0.
Alvaro
pg_upgrade doc cleanup
Stefan Kaltenbrunner
Restore oid2name doc change.
Add command-line documentation for pg_upgrade.
Simplify pg_upgrade queries by using IN instead of multiple OR clauses
comparing the same column to multiple values.
For pg_upgrade, update template0's datfrozenxid and its relfrozenxids to
match the behavior of autovacuum, which does this as the xid advances
even if autovacuum is turned off.
Refer to pg_ident.conf as config file for username mapping, as it's
now used for other things than just ident authentication.
Noted by Stephen Frost
Use a 'datallowconn' check for avoiding 'template0', rather than
hardcoding a 'template0' check, per suggestion from Alvaro.
This might fix a problem where someone has allowed 'template0'
connections, but it is a cleaner approach even if doesn't fix the
bug.
Make pg_upgrade documentation refer to 9.0 instead of 8.4.
Fujii Masao
Fix regression tests to match error message change
Add pg_upgrade TESTING files explaining a testing method.
Move pg_notify() details to a subsection within the NOTIFY reference page.
This allows the index to reference the pg_notify() subsection specifically,
rather than Notes section of the NOTIFY reference page more generally.
Fujii Masao
Make table in example less wide.
Follow up a visit from the style police.
Clarify plperl subroutine name release notes item, remove now redundant Safe.pm item.
Insert line breaks in two places in SQL functions documentation.
This avoids a formatting problem in the PDF output. In the HTML output this
isn't necessary, but we've done similar things elsewhere in the documentation
so I think it's OK to do it here, too. I've refrained from breaking a longish
error message which also causes problems for the PDF output, because that would
make the HTML output look wrong.
Erik Rijkers
Fix longstanding typo in V1 calling conventions documentation.
Erik Rijkers
Tom Lane [2010年5月15日 21:41:16 +0000 (21:41 +0000)]
Ensure that pg_restore -l will output DATABASE entries whether or not -C
is specified. Per bug report from Russell Smith and ensuing discussion.
Since this is a corner case behavioral change, I'm going to be conservative
and not back-patch it.
In passing, also rename the RestoreOptions field for the -C switch to
something less generic than "create".
Rename PM_RECOVERY_CONSISTENT and PMSIGNAL_RECOVERY_CONSISTENT.
The new names PM_HOT_STANDBY and PMSIGNAL_BEGIN_HOT_STANDBY more accurately
reflect their actual function.
Tom Lane [2010年5月15日 18:11:07 +0000 (18:11 +0000)]
Improve documentation of pg_restore's -l and -L switches to point out their
interactions with filtering switches, such as -n and -t. Per a complaint
from Russell Smith.
Tom Lane [2010年5月15日 14:44:13 +0000 (14:44 +0000)]
Spell __NetBSD__ the same way everywhere. Per Giles Lean.
Adjust pg_upgrade BSD defines for scandir(), per report from Giles Lean
Use __bsdi__ consistently.
Change bsdi define to __bsdi__
Fix typos in comments, spotted by Josh Kupershmidt.
Fix bug in processing of checkpoint time for max_standby_delay. Latest
log time was incorrectly set, typically leading to dates in the past,
which would cause more cancellations in Hot Standby on a quiet server.
We now accept read-only connections in state PM_RECOVERY_CONSISTENT.
Remove CRs.
Add many new Asserts in code and fix simple bug that slipped through
without them, related to previous commit. Report by Bruce Momjian.
Tom Lane [2010年5月14日 00:43:42 +0000 (00:43 +0000)]
Fix another obvious bug pointed out by a compiler warning.
Tom Lane [2010年5月14日 00:39:51 +0000 (00:39 +0000)]
Remove another unsafe use of random data as a format string.
Tom Lane [2010年5月14日 00:32:21 +0000 (00:32 +0000)]
Get rid of unsafe sprintf and snprintf usages. Per compiler warnings.
Tom Lane [2010年5月14日 00:19:46 +0000 (00:19 +0000)]
Spell __darwin__ correctly, to suppress compiler warning on OSX.
Use NAMEDATALEN instead of local define.
Modify path separators for Win32.
Per ideas from Takahiro Itagaki
Remove all mentions of EnterpriseDB Advanced Server from pg_upgrade;
EDB must maintain their own patch set for this.
Tom Lane [2010年5月13日 22:07:43 +0000 (22:07 +0000)]
Fix up lame idea of not using autoconf to determine if platform has scandir().
Should fix buildfarm failures.
Fix MSVC builds for recent plperl changes. Go back to version 8.2, which is
where we started supporting MSVC builds.
Security: CVE-2010-1169
Tom Lane [2010年5月13日 21:26:59 +0000 (21:26 +0000)]
Update release notes with security issues.
Security: CVE-2010-1169, CVE-2010-1170
Tom Lane [2010年5月13日 19:16:14 +0000 (19:16 +0000)]
Use an entity instead of non-ASCII letter. Thom Brown
Tom Lane [2010年5月13日 18:54:18 +0000 (18:54 +0000)]
Use "TOAST table" in place of the vague, not-used-elsewhere phrase
"supplementary storage table".
Tom Lane [2010年5月13日 18:29:12 +0000 (18:29 +0000)]
Prevent PL/Tcl from loading the "unknown" module from pltcl_modules unless
that is a regular table or view owned by a superuser. This prevents a
trojan horse attack whereby any unprivileged SQL user could create such a
table and insert code into it that would then get executed in other users'
sessions whenever they call pltcl functions.
Worse yet, because the code was automatically loaded into both the "normal"
and "safe" interpreters at first use, the attacker could execute unrestricted
Tcl code in the "normal" interpreter without there being any pltclu functions
anywhere, or indeed anyone else using pltcl at all: installing pltcl is
sufficient to open the hole. Change the initialization logic so that the
"unknown" code is only loaded into an interpreter when the interpreter is
first really used. (That doesn't add any additional security in this
particular context, but it seems a prudent change, and anyway the former
behavior violated the principle of least astonishment.)
Security: CVE-2010-1170
Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is
fundamentally insecure. Instead apply an opmask to the whole interpreter that
imposes restrictions on unsafe operations. These restrictions are much harder
to subvert than is Safe.pm, since there is no container to be broken out of.
Backported to release 7.4.
In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of
the two interpreters model for plperl and plperlu adopted in release 8.2.
In versions 8.0 and up, the use of Perl's POSIX module to undo its locale
mangling on Windows has become insecure with these changes, so it is
replaced by our own routine, which is also faster.
Nice side effects of the changes include that it is now possible to use perl's
"strict" pragma in a natural way in plperl, and that perl's $a and
$b variables now work as expected in sort routines, and that function
compilation is significantly faster.
Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and
Alexey Klyukin.
Security: CVE-2010-1169
Assorted fixes to make pg_upgrade build on MSVC.
* There is no chmod() on Windows.
* Must always use the 3-parameter version of open()
* There is no dynloader.h - but it also appears unnecessary on all platforms
* Don't include shlobj.h because it causes compile errors, and from what I can
see it's not actually used. This may need to be added back for mingw
and/or cygwin in the worst case.
Translation update
Properly support multi-line entires (such as OBJS=) when building
PROGRAM, not just MODULE, in contrib.
Comment out EnterpriseDB Advanced Server mention in SGML docs.
Avoid error from mkdir if no languages are to be installed
mkinstalldirs used to handle no arguments, but mkdir doesn't.
Also remove the .SILENT setting, that was previously removed from
Makefile.global as well.
Fix some spelling errors.
Thom Brown
Add missing library and include support for pg_upgrade to MSVC build system.
Fix HISTORY.html build using </link>, not </>.
Fix vpath installation from distribution tarball (bug #5447)
Ensure that top level aborts call XLogSetAsyncCommit(). Not doing
so simply leads to data waiting in wal_buffers which then causes
later commits to potentially do emergency writes and for all forms
of replication to be potentially delayed without need or benefit.
Issue pointed out exactly by Fujii Masao, following bug report
by Robert Haas on a separate though related topic.
Cleanup initialization of Hot Standby. Clarify working with reanalysis
of requirements and documentation on LogStandbySnapshot(). Fixes
two minor bugs reported by Tom Lane that would lead to an incorrect
snapshot after transaction wraparound. Also fix two other problems
discovered that would give incorrect snapshots in certain cases.
ProcArrayApplyRecoveryInfo() substantially rewritten. Some minor
refactoring of xact_redo_apply() and ExpireTreeKnownAssignedTransactionIds().
Tom Lane [2010年5月13日 05:17:16 +0000 (05:17 +0000)]
Fix wrong subdir. Per buildfarm.
Update release notes to current.
Move pg_upgrade shared library out into its own /contrib directory
(pg_upgrade_support).
Update comment about why postmaster doesn't get an icon.
Tom Lane [2010年5月12日 23:20:49 +0000 (23:20 +0000)]
Preliminary release notes for releases 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25,
7.4.29.
Remove Makefile PGFILEDESC tag that the postmaster is an executable.
Give most recovery conflict errors a retryable error code. From recent
requests and discussions with Yeb Havinga and Kevin Grittner.
Tom Lane [2010年5月12日 16:50:58 +0000 (16:50 +0000)]
Hook pg_upgrade into the contrib makefile structure so it gets built
on the buildfarm.
Update config.guess and config.sub
Tom Lane [2010年5月12日 16:50:00 +0000 (16:50 +0000)]
Clean up unnecessary unportability and compiler warnings by removing the
cmp parameter for pg_scandir(). The code failed to support this anyway
for Sun/Windows, so pretending we could accept a parameter other than
NULL was just asking for trouble.
Move pg_upgrade TODO to TODO wiki.
Add PGFILEDESC description to Makefiles for all /contrib executables.
Add PGAPPICON to all executable makefiles.
Small formatting adjustment.
Add pg_upgrade IMPLEMENTATION file to CVS.
Add TODO file to CVS.
Add pg_upgrade to /contrib; will be in 9.0 beta2.
Add documentation.
Supports migration from PG 8.3 and 8.4.
Tom Lane [2010年5月11日 23:01:27 +0000 (23:01 +0000)]
Update time zone data files to tzdata release 2010j: DST law changes in
Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan,
Palestine, Russia, Syria, Tunisia. Historical corrections for Taiwan.
Tom Lane [2010年5月11日 22:36:52 +0000 (22:36 +0000)]
Add PKST to the default set of timezone abbreviations.
Per discussion, if we have PKT in there then PKST should be too.
Also, fix mistaken claim that these abbrevs are not known to zic.
This is the main PostgreSQL git repository.
RSS
Atom