Begin forwarded message:
From: David Fetter <david(at)fetter(dot)org>
Date: February 11, 2007 10:58:03 PM PST
To: PostgreSQL Announce <pgsql-announce(at)postgresql(dot)org>
Subject: [ANNOUNCE] == PostgreSQL Weekly News - February 11 2007 ==
== PostgreSQL Weekly News - February 11 2007 ==
Magnus Hagander and Joachim Wieland have put together a doxygen site
for the PostgreSQL source code.
Magnus Hagander is now a committer. Kudos!
Simon Riggs kicked off a new discussion of HOT tables--tables
optimized for extremely frequent updates--with his simplified proposal
for the design and implementation of same.
== PostgreSQL Product News ==
GNUmed version 0.2.4.2 released.
Pgpool 3.2 is out: http://pgfoundry.org/projects/pgpool
Peter Eisentraut has implemented function sql_to_xml(TEXT)
table_to_xmlschema(TEXT) which uses the underlying XML data types in
MicroOLAP Database Designer 1.2.0 BETA 1 for PostgreSQL released.
ht://Miner 0.50 released.
== PostgreSQL Jobs for February ==
== PostgreSQL Local ==
There will be a PostgreSQL booth at CLT on March 3 and 4 in Chemnitz,
Germany. Some of the usual suspects from the German-speaking PostgreSQL
communities will be there. Contact info(at)pgug(dot)de to participate.
There will be a PostgreSQL booth at FOSDEM on February 24 and 25 in
Brussels, Belgium. Many of the usual suspects from the EU PostgreSQL
communities will be there. Contact de(at)postgresql(dot)org to participate.
The Italian PostgreSQL community is looking for sponsors for its
PostgreSQL day in Prato, Italy this summer. Check the link below
== PostgreSQL in the News ==
Planet PostgreSQL: http://www.planetpostgresql.org/
General Bits, Archives and occasional new articles:
PostgreSQL Weekly News is brought to you this week by David Fetter,
Devrim GUNDUZ and Stefan Kaltenbrunner
To get your submission into the upcoming issue, get it to
david(at)fetter(dot)org by Sunday at 3:00pm Pacific Time.
== Applied Patches ==
Magnus Hagander (kudos!) committed:
- Fix pg_standby to build on msvc.
- Fix for early log messages during postmaster startup getting lost
when running as a service on Win32. Per report from Harald Armin
Massa. Backpatched to PostgreSQL 8.1
Neil Conway committed:
- Unbreak the SGML doc build: ":=" is needed to assign to variables if
the RHS of the assignment expands to a reference to the LHS.
Alvaro Herrera committed:
- Heikki Linnakangas's patch which fixes reference-after-free in the
new btree page split code, as reported by the buildfarm via Stefan
- Magnus Hagander's patch which the VC++ build needs to compile the
new strlcat.c file.
Michael Meskes committed:
- Fixed multibyte handling in ecpg per report from HARADA Toshi.
- Backported regression test changes from HEAD so the buildfarm
hopefully gets green again.
- Backported va_list handling cleanup for ecpg.
Peter Eisentraut committed:
- Add support for optionally escaping periods when converting SQL
identifiers to XML names, which will be required for supporting XML
- Add proper mapping of boolean type data to XML Schema.
- StrNCpy -> strlcpy (not complete)
- Remove useless CPPFLAGS.
- Add $PostgreSQL$ marker to contrib makefiles.
- Replace useless uses of := by = in makefiles.
- Normalize fgets() calls to use sizeof() for calculating the buffer
size where possible, and fix some sites that apparently thought that
fgets() will overwrite the buffer by one byte. Also add some
strlcpy() to eliminate some weird memory handling.
- Replace some strncpy() with strlcpy().
- Use memcpy() instead of strncpy() for copying into varlena
- Add strlcat() from OpenBSD, to be used for replacing strncat and
other strange coding practices.
- Move NAMEDATALEN definition from postgres_ext.h to
pg_config_manual.h. It used to be part of libpq's exported interface
many releases ago, but now it's no longer necessary to make it
accessible to clients.
Bruce Momjian committed:
- Update FAQ for new 24-byte header, down from 28.
- Mark TODO as done: "Merge xmin/xmax/cmin/cmax back into three header
- In pgsql/src/backend/utils/adt/formatting.c, remove blank line from
- Add to TODO: "Consider placing all sequences in a single table or
create a system view, now that system tables are full transactional"
- Add URL for "Add support for SQL-standard GENERATED/IDENTITY
columns" to TODO list.
- Pavel Stehule's patch which fixes a bug when localized to_char() day
or month names were incorectly transformed to lower or upper string.
- Korry Douglas's patch which fixes shared_preload_libraries on
Windows hosts. It forces each backend to re-load all
- Teodor Sigaev's patch which adds a lock matrix to documentation.
- Magnus Hagander's Win32 regression test fixes. For win32 in
general, this makes it possible to run the regression tests as an
admin user by using the same restricted token method that's used by
pg_ctl and initdb. For vc++, it adds building of pg_regress.exe,
adds a resultmap, and fixes how it runs the install.
- Simon Riggs's patch which adds /contrib/pg_standby. pg_standby is a
production-ready program that can be used to create a Warm Standby
server. Other configuration is required as well, all of which is
described in the main server manual.
- Heikki Linnakangas's patch which reduces WAL activity for page
- Gavin Sherry' patch which checks whether the role exists before
doing more complex ident and Kerberos authentication checks in the
- Update URL for "Generalized Partial Indexes" paper to point to a
cached version. Backpatch to 8.2.X.
- Document that wal_sync_method open_* methods use O_DIRECT, if
available. Backpatch to 8.2.X.
- Fix bug in our code when using to_timestamp() or to_date() without
"TM". Assume "TM" when input fields are variable-length, like month
or day names. This matches Oracle behavior.
- Stamp bug template for 8.3.
- Stamp releases notes for 8.2.3, 8.1.8, 8.0.12.
- Stamp releases 8.2.3, 8.1.8, 8.0.12. No release notes yet.
- Update FAQ for 8.2.3.
- Backpatch FAQs to 8.2.X branch.
- Update FAQ to show 8.2.2 as the most recent release.
- Update timezone FAQ.
- In TODO, split NAMEDATALEN entry into two parts. The one still on
the TODO list is, "Consider making NAMEDATALEN more configurable in
- Trim down environment variable instructions for Win32, backpatch to
- Add TODO item: "Add a \set variable to control whether \s displays
- Clarify TODO item for \# feature: "Add \# to list command history
like \s, but with line numbers"
Andrew Dunstan committed:
- Pass modern COPY syntax to backend, since copy (query) does not
accept old syntax. Per complaint from Michael Fuhr.
Tom Lane committed:
- Fix another erroneous =-for-:= substitution.
- Improve documentation for CREATE CONSTRAINT TRIGGER.
- Put back some not-so-unnecessary-as-all-that := usages. Per
- Hm, seems my hack on rowtypes regression test has made its output
row order platform-specific. Add an ORDER BY clause to stop
- Minor tweak to make rowtypes regression test run faster. We don't
currently have any better strategy for this query than re-running
the sub-select over and over; it seems unlikely that doing so 10000
times is a more useful test than doing it a few dozen times.
- Call pgstat_drop_database during DROP DATABASE, so that any stats
file entries for the victim database go away sooner rather than
later. We already did the equivalent thing at the per-relation
level, not sure why it's not been done for whole databases. With
this change, pgstat_vacuum_tabstat should usually not find anything
to do; though we still need it as a backstop in case DROPDB or
TABPURGE messages get lost under load.
- Combine cmin and cmax fields of HeapTupleHeaders into a single
field, by keeping private state in each backend that has inserted
and deleted the same tuple during its current top-level transaction.
This is sufficient since there is no need to be able to determine
the cmin/cmax from any other transaction. This gets us back down to
23-byte headers, removing a penalty paid in 8.0 to support
subtransactions. Patch by Heikki Linnakangas, with minor revisions
by moi, following a design hashed out awhile back on the pghackers
- Add missing #define for mingw, per Magnus.
- Fix an ancient logic error in plpgsql's exec_stmt_block: it thought
it could get away with not (re)initializing a local variable if the
variable is marked "isconst" and not "isnull". Unfortunately it
makes this decision after having already freed the old value,
meaning that something like
for i in 1..10 loop
declare c constant text := 'hi there';
leads to subsequent accesses to freed memory, and hence probably
crashes. (In particular, this is why Asif Ali Rehman's bug leads to
crash and not just an unexpectedly-NULL value for SQLERRM: SQLERRM
is marked CONSTANT and so triggers this error.) The whole thing
seems wrong on its face anyway: CONSTANT means that you can't change
the variable inside the block, not that the initializer expression
is guaranteed not to change value across successive block entries.
Hence, remove the "optimization" instead of trying to fix it.
- Rearrange use of plpgsql_add_initdatums() so that only the parsing
of a DECLARE section needs to know about it. Formerly, everyplace
besides DECLARE that created variables needed to do
"plpgsql_add_initdatums(NULL)" to prevent those variables from being
sucked up as part of a subsequent DECLARE block. This is obviously
error-prone, and in fact the SQLSTATE/SQLERRM patch had failed to do
it for those two variables, leading to the bug recently exhibited by
Asif Ali Rehman: a DECLARE within an exception handler tried to
reinitialize SQLERRM. Although the SQLSTATE/SQLERRM patch isn't in
any pre-8.1 branches, and so I can't point to a demonstrable failure
there, it seems wise to back-patch this into the older branches
anyway, just to keep the logic similar to HEAD.
- Add a function pg_stat_clear_snapshot() that discards any statistics
snapshot already collected in the current transaction; this allows
plpgsql functions to watch for stats updates even though they are
confined to a single transaction. Use this instead of the previous
kluge involving pg_stat_file() to wait for the stats collector to
update in the stats regression test. Internally, decouple storage
of stats snapshots from transaction boundaries; they'll now stick
around until someone calls pgstat_clear_snapshot --- which xact.c
still does at transaction end, to maintain the previous behavior.
This makes the logic a lot cleaner, at the price of a couple dozen
cycles per transaction exit.
- Modify the stats regression test to delay until the stats file
actually changes (with an upper limit of 30 seconds), and record the
delay time in the postmaster log. This should give us some info
about what's happening with the intermittent stats failures in
buildfarm. After an idea of Andrew Dunstan's.
- Remove the xlog-centric "database system is ready" message and
replace it with "database system is ready to accept connections",
which is issued by the postmaster when it really is ready to accept
connections. Per proposal from Markus Schiltknecht and subsequent
- Fix PG_VERSION_NUM too.
- Fix wrong spacing (I think Bruce tried to hand-edit this instead of
letting autoconf do it)
- Fix an error in the original coding of holdable cursors:
PersistHoldablePortal thought that it didn't have to reposition the
underlying tuplestore if the portal is atEnd. But this is not so,
because tuplestores have separate read and write cursors ... and the
read cursor hasn't moved from the start. This mistake explains bug
#2970 from William Zhang. Note: the coding here is pretty
inefficient, but given that no one has noticed this bug until now,
I'd say hardly anyone uses the case where the cursor has been
advanced before being persisted. So maybe it's not worth worrying
- Remove typmod checking from the recent security-related patches. It
turns out that ExecEvalVar and friends don't necessarily have access
to a tuple descriptor with correct typmod: it definitely can contain
-1, and possibly might contain other values that are different from
the Var's value. Arguably this should be cleaned up someday, but
it's not a simple change, and in any case typmod discrepancies don't
pose a security hazard. Per reports from numerous people :-( I'm
not entirely sure whether the failure can occur in 8.0 --- the
simple test cases reported so far don't trigger it there. But
back-patch the change all the way anyway.
- In pgsql/src/backend/port/sysv_shmem.c, fix typo in comment.
- Heikki Linnakangas's patch to remove some dead code in
- Fix a performance regression in 8.2: optimization of MIN/MAX into
indexscans had stopped working for tables buried inside views or
sub-selects. This is because I had gotten rid of the
simplify_jointree() preprocessing step, and
optimize_minmax_aggregates() wasn't smart enough to deal with a
non-canonical FromExpr. Per gripe from Bill Howe.
- Docs updates for cross-type hashing.
- Come to think of it, we should check that commutator pairs have the
same merges/hashes property settings.
- Not only did we agree that this 'hint' doesn't belong here, but the
markup's broken. So just remove it...
- Add support for cross-type hashing in hashed subplans (hashed IN/NOT
IN cases that aren't turned into true joins). Since this is the
last missing bit of infrastructure, go ahead and fill out the hash
integer_ops and float_ops opfamilies with cross-type operators. The
operator family project is now DONE...er, except for documentation...
- Repair failure to check that a table is still compatible with a
previously made query plan. Use of ALTER COLUMN TYPE creates a
hazard for cached query plans: they could contain Vars that claim a
column has a different type than it now has. Fix this by checking
during plan startup that Vars at relation scan level match the
current relation tuple descriptor. Since at that point we already
have at least AccessShareLock, we can be sure the column type will
not change underneath us later in the query. However, since a
backend's locks do not conflict against itself, there is still a
hole for an attacker to exploit: he could try to execute ALTER
COLUMN TYPE while a query is in progress in the current backend.
Seal that hole by rejecting ALTER TABLE whenever the target relation
is already open in the current backend. This is a significant
security hole: not only can one trivially crash the backend, but
with appropriate misuse of pass-by-reference datatypes it is
possible to read out arbitrary locations in the server process's
memory, which could allow retrieving database content the user
should not be able to see. Our thanks to Jeff Trout for the initial
report. Security: CVE-2007-0556
- Repair insufficiently careful type checking for SQL-language
functions: we should check that the function code returns the
claimed result datatype every time we parse the function for
execution. Formerly, for simple scalar result types we assumed the
creation-time check was sufficient, but this fails if the function
selects from a table that's been redefined since then, and even more
obviously fails if check_function_bodies had been OFF. This is a
significant security hole: not only can one trivially crash the
backend, but with appropriate misuse of pass-by-reference datatypes
it is possible to read out arbitrary locations in the server
process's memory, which could allow retrieving database content the
user should not be able to see. Our thanks to Jeff Trout for the
initial report. Security: CVE-2007-0555
- Rename MaxTupleSize to MaxHeapTupleSize to clarify that it's not
meant to describe the maximum size of index tuples (which is
typically AM-dependent anyway); and consequently remove the bogus
deduction for "special space" that was built into it. Adjust
TOAST_TUPLE_THRESHOLD and TOAST_MAX_CHUNK_SIZE to avoid wasting two
bytes per toast chunk, and to ensure that the calculation correctly
tracks any future changes in page header size. The computation had
been inaccurate in a way that didn't cause any harm except space
wastage, but future changes could have broken it more drastically.
Fix the calculation of BTMaxItemSize, which was formerly computed as
1 byte more than it could safely be. This didn't cause any harm in
practice because it's only compared against maxalign'd lengths, but
future changes in the size of page headers or btree special space
could have exposed the problem. initdb forced because of change in
TOAST_MAX_CHUNK_SIZE, which alters the storage of toast tables.
== Rejected Patches (for now) ==
Chris Marcellino's patch to add POSIX shared memory support because it
doesn't actually detect whether a shared memory segment is in use.
== Pending Patches ==
Two versions of Simon Riggs's patch which moves a warning in VACUUM to
a spot after lazy_truncate_heap(). Both move the test and WARNING.
The second also adjusts the hint according to relation size.
Guido Goldstein's revised patch which fixes PL/PythonU's handling of
BOOLEAN return functions and, unlike the previous patch, is designed
to work with Python 2.3 as well as later versions.
Gregory Stark sent in a patch to speed up LIMIT/SORT operations, as
typically used in paging out result sets.
Simon Riggs sent in a patch to speed up CLUSTER by avoiding WAL when
archive_command is not set.
Gregory Stark sent in another work-in-progress patch which implements
Chad Wagner sent in a patch which lets psql prompt for variables.
Chris Marcellino sent in a patch to make OS/X use SysV semaphors.
Heikki Linnakangas sent in a patch which refactors findsplitloc and
checksplitloc so that the division of labor is clearer. All the space
calculation inside the loop is now in checksplitloc.
Jeremy Drake sent in a patch which implements regexp_replace with
multiple atoms, regexp_matches, a set-returning function, and
regexp_split. Perl weenies rejoice!
---------------------------(end of broadcast)---------------------------
-To unsubscribe from this list, send an email to:
Information Systems Manager
Chris King Precision Components
www.chrisking.com / 503.972.4050 x230
In response to
pgsql-announce by date
|Next:||From: Peter Eisentraut||Date: 2007-02-13 23:45:48|
|Subject: Advisory on possibly insecure security definer functions|
|Previous:||From: Jeremy Drake||Date: 2007-02-12 09:08:32|
|Subject: Re: [ANNOUNCE] == PostgreSQL Weekly News - February 11 2007 ==|
pdxpug by date
|Next:||From: Selena Deckelmann||Date: 2007-02-13 15:24:44|
|Subject: DOMAINs with David Wheeler|
|Previous:||From: Jeremy Drake||Date: 2007-02-12 09:08:32|
|Subject: Re: [ANNOUNCE] == PostgreSQL Weekly News - February 11 2007 ==|
pgsql-hackers by date
|Next:||From: Bruce Momjian||Date: 2007-02-12 22:29:48|
|Subject: Re: Acclerating INSERT/UPDATE using UPS|
|Previous:||From: Tom Lane||Date: 2007-02-12 21:34:00|
|Subject: Re: Missing directory when building 8.2.3-base |