== PostgreSQL Weekly News - October 11 2015 ==

== PostgreSQL Weekly News - October 11 2015 ==

PostgreSQL 9.5 Beta 1 Released.
http://www.postgresql.org/about/news/1614/

PostgreSQL 9.4.5, 9.3.10, 9.2.14, 9.1.19, and 9.0.23 security updates
released. See details below and upgrade ASAP. 9.0.23 is the final
release of the 9.0 series.
http://www.postgresql.org/about/news/1615/

== PostgreSQL Jobs for October ==

http://archives.postgresql.org/pgsql-jobs/2015-10/

== PostgreSQL Local ==

PGDay.IT 2015 will take place in Prato on October 23, 2015.
http://pgday.it

PostgreSQL Conference Europe 2015 will be held on October 27-30 in the
Vienna Marriott Hotel, in Vienna, Austria. The schedule is posted.
http://2015.pgconf.eu/

PGConf Silicon Valley 2015 is November 17-18 at the South San
Francisco Convention Center.
http://www.pgconfsv.com

PgCUBA will take place October 19-23, 2015 in Havana. Spanish
language information below:
http://www.postgresql.org/about/event/1813/

PGBR2015 (The Brazilian PostgreSQL Conference) will take place in Porto
Alegre, Rio Grande do Sul, on November 18, 19 and 20. Registration is
open.
http://pgbr.postgresql.org.br/2015/en/

PGConf.DE will be held on November 26-27, 2015 in Hamburg, Germany, at
the Lindner Hotel am Michel.
http://2015.pgconf.de/

PostgreSQL(at)SCaLE is a two day, two track event which takes place on Jan.
21-22, 2016, at Pasadena Convention Center, as part of SCaLE 14X.
The CfP is open until Oct 30, 2015.
https://www.socallinuxexpo.org/scale/14x/cfp

== PostgreSQL in the News ==

Planet PostgreSQL: http://planet.postgresql.org/

PostgreSQL Weekly News is brought to you this week by David Fetter

Submit news and announcements by Sunday at 3:00pm Pacific time.
Please send English language ones to david(at)fetter(dot)org, German language
to pwn(at)pgug(dot)de, Italian language to pwn(at)itpug(dot)org(dot) Spanish language
to pwn(at)arpug(dot)com(dot)ar(dot)

== Applied Patches ==

Stephen Frost pushed:

- ALTER TABLE .. FORCE ROW LEVEL SECURITY. To allow users to force
RLS to always be applied, even for table owners, add ALTER TABLE ..
FORCE ROW LEVEL SECURITY. row_security=off overrides FORCE ROW
LEVEL SECURITY, to ensure pg_dump output is complete (by default).
Also add SECURITY_NOFORCE_RLS context to avoid data corruption when
ALTER TABLE .. FORCE ROW SECURITY is being used. The
SECURITY_NOFORCE_RLS security context is used only during
referential integrity checks and is only considered in
check_enable_rls() after we have already checked that the current
user is the owner of the relation (which should always be the case
during referential integrity checks). Back-patch to 9.5 where RLS
was added.
http://git.postgresql.org/pg/commitdiff/088c83363a11200f2225f279d4a5c6cc6f9db3d2

- Do not write out WCOs in Query. The WithCheckOptions list in Query
are only populated during rewrite and do not need to be written out
or read in as part of a Query structure. Further, move
WithCheckOptions to the bottom and add comments to clarify that it
is only populated during rewrite. Back-patch to 9.5 with a
catversion bump, as we are still in alpha.
http://git.postgresql.org/pg/commitdiff/4158cc3793fe0e074dcb58e91103344c8ffcd6df

- Apply SELECT policies in INSERT/UPDATE+RETURNING. Similar to
7d8db3e, given that INSERT+RETURNING requires SELECT rights on the
table, apply the SELECT policies as WCOs to the tuples being
inserted. Apply the same logic to UPDATE+RETURNING. Back-patch to
9.5 where RLS was added.
http://git.postgresql.org/pg/commitdiff/2ca9d5445c35db8956e4abbf1e653373820e8c0a

- Add regression tests for INSERT/UPDATE+RETURNING. This adds
regressions tests which are specific to INSERT+RETURNING and
UPDATE+RETURNING to ensure that the SELECT policies are added as
WithCheckOptions (and should therefore throw an error when the
policy is violated). Per suggestion from Andres. Back-patch to 9.5
as the prior commit was.
http://git.postgresql.org/pg/commitdiff/be400cd25c7f407111b9617dbf6a5fae761754cb

- Handle append_rel_list in expand_security_qual. During
expand_security_quals, we take the security barrier quals on an RTE
and create a subquery which evaluates the quals. During this, we
have to replace any variables in the outer query which refer to the
original RTE with references to the columns from the subquery. We
need to also perform that replacement for any Vars in the
append_rel_list. Only backpatching to 9.5 as we only go through
this process in 9.4 for auto-updatable security barrier views, which
UNION ALL queries aren't. Discovered by Haribabu Kommi Patch by
Dean Rasheed
http://git.postgresql.org/pg/commitdiff/b7aac36245261eba9eb7d18561ce44220b361959

Andres Freund pushed:

- Re-Align *_freeze_max_age reloption limits with corresponding GUC
limits. In 020235a5754 I lowered the autovacuum_*freeze_max_age
minimums to allow for easier testing of wraparounds. I did not touch
the corresponding per-table limits. While those don't matter for the
purpose of wraparound, it seems more consistent to lower them as
well. It's noteworthy that the previous reloption lower limit for
autovacuum_multixact_freeze_max_age was too high by one magnitude,
even before 020235a5754. Discussion: 26377(dot)1443105453(at)sss(dot)pgh(dot)pa(dot)us
Backpatch: back to 9.0 (in parts), like the prior patch
http://git.postgresql.org/pg/commitdiff/2596d705bdc4ac886a12720b19ef65b3e67b55f7

- Remove outdated comment about relation level autovacuum freeze
limits. The documentation for the
autovacuum_multixact_freeze_max_age and autovacuum_freeze_max_age
relation level parameters contained: "Note that while you can set
autovacuum_multixact_freeze_max_age very small, or even zero, this
is usually unwise since it will force frequent vacuuming." which
hasn't been true since these options were made relation options,
instead of residing in the pg_autovacuum table (834a6da4f7). Remove
the outdated sentence. Even the lowered limits from 2596d70 are high
enough that this doesn't warrant calling out the risk in the CREATE
TABLE docs. Per discussion with Tom Lane and Alvaro Herrera
Discussion: 26377(dot)1443105453(at)sss(dot)pgh(dot)pa(dot)us Backpatch: 9.0- (in
parts)
http://git.postgresql.org/pg/commitdiff/10cfd6f8544ea658c3d87821ab8525296363bbdf

Bruce Momjian pushed:

- docs: update guidelines on when to use GIN and GiST indexes.
Report by Tomas Vondra. Backpatch through 9.5
http://git.postgresql.org/pg/commitdiff/6d8b2aa83af70e20323caf23961667dc4c149276

- to_char(): Do not count negative sign as a digit for time values.
For time masks, like HH24, MI, SS, CC, MM, do not count the negative
sign as part of the zero-padding length specified by the mask, e.g.
have to_char('-4 years'::interval, 'YY') return '-04', not '-4'.
Report by Craig Ringer
http://git.postgresql.org/pg/commitdiff/2d87eedc1d4468d331035bbe55f140f180d20144

- psql: allow \pset C in setting the title, matches \C. Report by
David G. Johnston
http://git.postgresql.org/pg/commitdiff/2145a766044b4de32ab154a074ade0bf78d021df

- to_number(): allow 'V' to divide by 10^(the number of digits)
to_char('V') already multiplied in a similar manner. Report by
Jeremy Lowery
http://git.postgresql.org/pg/commitdiff/28b3a3d41a8b72841a3f5067217f639a7d337c0e

- Have CREATE TABLE LIKE add OID column if any LIKEd table has one
Also, process constraints for LIKEd tables at the end so an OID
column can be referenced in a constraint. Report by Tom Lane
http://git.postgresql.org/pg/commitdiff/b943f502b788a3708ca660785fd14a4ee938fdcd

- docs: clarify JSONB operator descriptions No catalog bump as the
catalog changes are for SQL operator comments. Backpatch through
9.5
http://git.postgresql.org/pg/commitdiff/b852dc4cbd09156e2c74786d5b265f03d45bc404

- docs: Map operator @> to the proper SGML escape for '>' Backpatch
through 9.5
http://git.postgresql.org/pg/commitdiff/23d29cef93ea8d060ceae42146154e45c5a4f862

- docs: add JSONB containment example of a key and empty object.
Backpatch through 9.5
http://git.postgresql.org/pg/commitdiff/b292ee79a6bc8a1a6610181fcdc2c4092c82eaf2

Tom Lane pushed:

- Docs: explain contrib/pg_stat_statements' handling of GC failure.
Failure to perform garbage collection now has a user-visible effect,
so explain that and explain that reducing pgss_max is the way to
prevent it. Per gripe from Andrew Dunstan.
http://git.postgresql.org/pg/commitdiff/f8a5e579d18b268f287d81b8a4bd54955ca90c37

- Perform an immediate shutdown if the postmaster.pid file is removed.
The postmaster now checks every minute or so (worst case, at most
two minutes) that postmaster.pid is still there and still contains
its own PID. If not, it performs an immediate shutdown, as though
it had received SIGQUIT. The original goal behind this change was
to ensure that failed buildfarm runs would get fully cleaned up,
even if the test scripts had left a postmaster running, which is not
an infrequent occurrence. When the buildfarm script removes a test
postmaster's $PGDATA directory, its next check on postmaster.pid
will fail and cause it to exit. Previously, manual intervention was
often needed to get rid of such orphaned postmasters, since they'd
block new test postmasters from obtaining the expected socket
address. However, by checking postmaster.pid and not something
else, we can provide additional robustness: manual removal of
postmaster.pid is a frequent DBA mistake, and now we can at least
limit the damage that will ensue if a new postmaster is started
while the old one is still alive. Back-patch to all supported
branches, since we won't get the desired improvement in buildfarm
reliability otherwise.
http://git.postgresql.org/pg/commitdiff/7e2a18a9161fee7e67642863f72b51d77d3e996f

- Improve documentation of the role-dropping process. In general one
may have to run both REASSIGN OWNED and DROP OWNED to get rid of all
the dependencies of a role to be dropped. This was alluded to in
the REASSIGN OWNED man page, but not really spelled out in full; and
in any case the procedure ought to be documented in a more prominent
place than that. Add a section to the "Database Roles" chapter
explaining this, and do a bit of wordsmithing in the relevant
commands' man pages.
http://git.postgresql.org/pg/commitdiff/1ea0c73c2b112911fb2ef297121be92d3b0ca35e

- Last-minute updates for release notes. Add entries for security and
not-quite-security issues. Security: CVE-2015-5288, CVE-2015-5289
http://git.postgresql.org/pg/commitdiff/272ede71a66892e68d4de285a82f117ce23e10ba

- Fix insufficiently-portable regression test case. Some of the
buildfarm members are evidently miserly enough of stack space to
pass the originally-committed form of this test. Increase the
requirement 10X to hopefully ensure that it fails as-expected
everywhere. Security: CVE-2015-5289
http://git.postgresql.org/pg/commitdiff/9e36c91b468d7d821b77214337ff891811b4b337

- Fix uninitialized-variable bug. For some reason, neither of the
compilers I usually use noticed the uninitialized-variable problem I
introduced in commit 7e2a18a9161fee7e. That's hardly a good enough
excuse though. Committing with brown paper bag on head. In
addition to putting the operations in the right order, move the
declaration of "now" inside the loop; there's no need for it to be
outside, and that does wake up older gcc enough to notice any
similar future problem. Back-patch to 9.4; earlier versions lack
the time-to-SIGKILL stanza so there's no bug.
http://git.postgresql.org/pg/commitdiff/94f5246ce1cac2b3fb976bed5792f39e01a28d08

Noah Misch pushed:

- Prevent stack overflow in container-type functions. A range type
can name another range type as its subtype, and a record type can
bear a column of another record type. Consequently, functions like
range_cmp() and record_recv() are recursive. Functions at risk
include operator family members and referents of pg_type regproc
columns. Treat as recursive any such function that looks up and
calls the same-purpose function for a record column type or the
range subtype. Back-patch to 9.0 (all supported versions). An
array type's element type is never itself an array type, so array
functions are unaffected. Recursion depth proportional to array
dimensionality, found in array_dim_to_jsonb(), is fine thanks to
MAXDIM.
http://git.postgresql.org/pg/commitdiff/30cb12881de55bc91a2cbde29d836bd3332612c3

- Prevent stack overflow in query-type functions. The tsquery,
ltxtquery and query_int data types have a common ancestor. Having
acquired check_stack_depth() calls independently, each was missing
at least one call. Back-patch to 9.0 (all supported versions).
http://git.postgresql.org/pg/commitdiff/5976097c0fce03f8cc201aefc4445ad57e09bb75

- Prevent stack overflow in json-related functions. Sufficiently-deep
recursion heretofore elicited a SIGSEGV. If an application
constructs PostgreSQL json or jsonb values from arbitrary user
input, application users could have exploited this to terminate all
active database connections. That applies to 9.3, where the json
parser adopted recursive descent, and later versions. Only
row_to_json() and array_to_json() were at risk in 9.2, both in a
non-security capacity. Back-patch to 9.2, where the json type was
introduced. Oskari Saarenmaa, reviewed by Michael Paquier.
Security: CVE-2015-5289
http://git.postgresql.org/pg/commitdiff/08fa47c4850cea32c3116665975bca219fbf2fe6

- pgcrypto: Detect and report too-short crypt() salts. Certain short
salts crashed the backend or disclosed a few bytes of backend
memory. For existing salt-induced error conditions, emit a message
saying as much. Back-patch to 9.0 (all supported versions). Josh
Kupershmidt Security: CVE-2015-5288
http://git.postgresql.org/pg/commitdiff/1d812c8b059d0b9b1fba4a459c9876de0f6259b6

- Make prove_installcheck remove the old log directory, if any.
prove_check already has been doing this. Back-patch to 9.4, like
the commit that introduced this logging.
http://git.postgresql.org/pg/commitdiff/03a22f8b1d68754f3ba1fcad977ca44471d21ec1

- Avoid scan-build warning about uninitialized htonl() arguments.
Josh Kupershmidt
http://git.postgresql.org/pg/commitdiff/dfa1cddc4c92cce0c35f926d813894a2b3632c27

Robert Haas pushed:

- Remove more volatile qualifiers. Prior to commit
0709b7ee72e4bc71ad07b7120acd117265ab51d0, access to variables within
a spinlock-protected critical section had to be done through a
volatile pointer, but that should no longer be necessary. This
continues work begun in df4077cda2eae3eb4a5cf387da0c1e7616e73204 and
6ba4ecbf477e0b25dd7bde1b0c4e07fc2da19348. Thomas Munro and Michael
Paquier
http://git.postgresql.org/pg/commitdiff/8f6bb851bdb75d741b3a7543bbf681e3cd7e65dc

- Correct pg_indent to pgindent in various comments. David
Christensen
http://git.postgresql.org/pg/commitdiff/fd5eaad71529d508a1b1e411b3dc16e0b2d33da5

- Hyphenate variable-length for consistency. We hyphenate
"fixed-length" earlier in the same sentence, and overall we more
often use "variable-length" rather than "variable length". Nikolay
Shaplov
http://git.postgresql.org/pg/commitdiff/1e353198612586befd44fe5e87304d08ebfac552

- Add BSWAP64 macro. This is like BSWAP32, but for 64-bit values.
Since we've got two of them now and they have use cases (like
sortsupport) beyond CRCs, move the definitions to their own header
file. Peter Geoghegan
http://git.postgresql.org/pg/commitdiff/c171818b275b9dbd6a1f1cf1666e9e72237f75e6

- Fix typo in docs. Pallavi Sontakke
http://git.postgresql.org/pg/commitdiff/41562b14bb9085378957f9a08de4518ae049ffca

- Remove set_latch_on_sigusr1 flag. This flag has proven to be a
recipe for bugs, and it doesn't seem like it can really buy anything
in terms of performance. So let's just *always* set the process
latch when we receive SIGUSR1 instead of trying to do it only when
needed. Per my recent proposal on pgsql-hackers.
http://git.postgresql.org/pg/commitdiff/db0f6cad4884bd4c835156d3a720d9a79dbd63a9

- Make abbreviated key comparisons for text a bit cheaper. If we do
some byte-swapping while abbreviating, we can do comparisons using
integer arithmetic rather than memcmp. Peter Geoghegan, reviewed
and slightly revised by me.
http://git.postgresql.org/pg/commitdiff/bfb54ff15a447fb22e9deae096e0d45b3e4bd56f

- Speed up text sorts where the same strings occur multiple times.
Cache strxfrm() blobs across calls made to the text SortSupport
abbreviation routine. This can speed up sorting if the same string
needs to be abbreviated many times in a row. Also, cache the result
of the previous strcoll() comparison, so that if we're asked to
compare the same strings agin, we do need to call strcoll() again.
Perhaps surprisingly, these optimizations don't seem to hurt even
when they don't help. memcmp() is really cheap compared to
strcoll() or strxfrm(). Peter Geoghegan, reviewed by me.
http://git.postgresql.org/pg/commitdiff/0e57b4d8bd9674adaf5747421b3255b85e385534

Andrew Dunstan pushed:

- Factor out encoding specific tests for json. This lets us remove
the large alternative results files for the main json and jsonb
tests, which makes modifying those tests simpler for committers and
patch submitters. Backpatch to 9.4 for jsonb and 9.3 for json.
http://git.postgresql.org/pg/commitdiff/b6363772fd5f07dcfff2b4869765705ac9633950

Peter Eisentraut pushed:

- Fix whitespace
http://git.postgresql.org/pg/commitdiff/f20b26960ae62a3ffd12782eea09e0e9c23a2ac1

== Rejected Patches (for now) ==

No one was disappointed this week :-)

== Pending Patches ==

Heikki Linnakangas sent in a patch to use EVP API pgcrypto encryption,
dropping support for OpenSSL 0.9.6 and older.

Stas Kelvich sent in a patch to add tsvector editing functions.

Kyotaro HORIGUCHI sent in two more revisions of a patch to enable
index-only scans with partial indexes.

Haribabu Kommi sent in another revision of a patch to implement
multi-tenancy with RLS.

SAWADA Masahiko sent in two more revisions of a patch to add a
"frozen" bit to the visibility bitmap.

Alexander Korotkov sent in another revision of a patch to refactor the
access method interface.

Amit Kapila sent in another revision of a patch to implement parallel
seq scan.

Rahila Syed sent in two more revisions of a patch to implement a
vacuum progress checker.

Paul Ramsey sent in three more revisions of a patch to add remote
extension support to the PostgreSQL FDW.

Nikolay Shaplov sent in a patch to fix a documentation mistake around
CREATE TYPE.

Ashutosh Bapat sent in a patch to allow PostgreSQL to request and
assume it has gotten sorted data from a foreign server.

David Christensen sent in a patch to teach Catalog.pm how many
attributes there should be per DATA() line.

Michael Paquier sent in three more revisions of a patch to add
recovery regression tests.

Michael Paquier sent in another revision of a patch to fix pl_ctl
start on AIX.

Andreas 'ads' Scherbaum sent in a patch to fix an infelicity in
src/bin/initdb/po/zh_CN.po.

Peter Geoghegan sent in another revision of a patch to add SortSupport
routine for UUID data type.

Anastasia Lubennikova sent in two revisions of a patch to combine
covering and unique functionality for btree indexes.

Pavel Stěhule sent in another revision of a patch to add an ereport
function to PL/PythonU.

Andrei Asyakin sent in a patch to process pg_hba.conf keywords as
case-insensitive.

Peter Geoghegan sent in a patch to prefetch from memtuples array in
tuplesort.

Peter Geoghegan sent in another revision of a patch to reuse
abbreviated keys in ordered [set] aggregates.

Peter Geoghegan sent in another revision of a patch to do some minor
copy-editing of the INSERT documentation.