PostgreSQL Weekly News - October 24, 2021

Posted on 2021-10-24 by PWN

PostgreSQL Weekly News - October 24, 2021

PostgreSQL Product News

JDBC 42.3.0 released.

pgmetrics 1.12, a command-line tool for PostgreSQL metrics, released.

StackGres 1.0.0, a platform for running PostgreSQL on Kubernetes, released.

pgexporter 0.2.0, a Prometheus exporter for PostgreSQL, released

pgAdmin4 6.1, a web- and native GUI control center for PostgreSQL, released.

PostgreSQL Jobs for October

PostgreSQL in the News

Planet PostgreSQL:

PostgreSQL Weekly News is brought to you this week by David Fetter

Submit news and announcements by Sunday at 3:00pm PST8PDT to

Applied Patches

Michaël Paquier pushed:

  • Fix portability issues in new TAP tests of psql. The tests added by c0280bc and d9ddc50 in have introduced commands calling directly psql, making them sensitive to the environment. One issue was that those commands forgot -X to not use a local .psqlrc, causing all those tests to fail if psql cannot properly parse this file. TAP tests should be designed so as they run in an isolated fashion, without any dependency on the environment where they are run. As PostgresNode::psql gives already all the facilities those new tests need, switch to that instead of calling plain psql commands where interactions with a backend are needed. The test is slightly refactored to be able to check after the expected patterns of stdout and stderr, keeping the same amount of coverage as previously. Reported-by: Peter Geoghegan Discussion:

  • Reset properly snapshot export state during transaction abort. During a replication slot creation, an ERROR generated in the same transaction as the one creating a to-be-exported snapshot would have left the backend in an inconsistent state, as the associated static export snapshot state was not being reset on transaction abort, but only on the follow-up command received by the WAL sender that created this snapshot on replication slot creation. This would trigger inconsistency failures if this session tried to export again a snapshot, like during the creation of a replication slot. Note that a snapshot export cannot happen in a transaction block, so there is no need to worry resetting this state for subtransaction aborts. Also, this inconsistent state would very unlikely show up to users. For example, one case where this could happen is an out-of-memory error when building the initial snapshot to-be-exported. Dilip found this problem while poking at a different patch, that caused an error in this code path for reasons unrelated to HEAD. Author: Dilip Kumar Reviewed-by: Michael Paquier, Zhihong Yu Discussion: Backpatch-through: 9.6

  • Block ALTER INDEX/TABLE index_name ALTER COLUMN colname SET (options). The grammar of this command run on indexes with column names has always been authorized by the parser, and it has never been documented. Since 911e702, it is possible to define opclass parameters as of CREATE INDEX, which actually broke the old case of ALTER INDEX/TABLE where relation-level parameters n_distinct and n_distinct_inherited could be defined for an index (see 76a47c0 and its thread where this point has been touched, still remained unused). Attempting to do that in v13~ would cause the index to become unusable, as there is a new dedicated code path to load opclass parameters instead of the relation-level ones previously available. Note that it is possible to fix things with a manual catalog update to bring the relation back online. This commit disables this command for now as the use of column names for indexes does not make sense anyway, particularly when it comes to index expressions where names are automatically computed. One way to properly support this case properly in the future would be to use column numbers when it comes to indexes, in the same way as ALTER INDEX .. ALTER COLUMN .. SET STATISTICS. Partitioned indexes were already blocked, but not indexes. Some tests are added for both cases. There was some code in ANALYZE to enforce n_distinct to be used for an index expression if the parameter was defined, but just remove it for now until/if there is support for this (note that index-level parameters never had support in pg_dump either, previously), so this was just dead code. Reported-by: Matthijs van der Vleuten Author: Nathan Bossart, Michael Paquier Reviewed-by: Vik Fearing, Dilip Kumar Discussion: Backpatch-through: 13

  • Fix build of MSVC with OpenSSL 3.0.0. The build scripts of Visual Studio would fail to detect properly a 3.0.0 build as the check on the second digit was failing. This is adjusted where needed, allowing the builds to complete. Note that the MSIs of OpenSSL mentioned in the documentation have not changed any library names for Win32 and Win64, making this change straight-forward. Reported-by: htalaco, via github Reviewed-by: Daniel Gustafsson Discussion: Backpatch-through: 9.6

  • Fix corruption of pg_shdepend when copying deps from template database. Using for a new database a template database with shared dependencies that need to be copied over was causing a corruption of pg_shdepend because of an off-by-one computation error of the index number used for the values inserted with a slot. Issue introduced by e3931d0. Monitoring the rest of the code, there are no similar mistakes. Reported-by: Sven Klemm Author: Aleksander Alekseev Reviewed-by: Daniel Gustafsson, Michael Paquier Discussion: Backpatch-through: 14

  • doc: Describe calculation method of streaming start for pg_receivewal. The documentation was imprecise about the starting LSN used for WAL streaming if nothing can be found in the local archive directory defined with the pg_receivewal command, so be more talkative on this matter. Extracted from a larger patch by the same author. Author: Ronan Dunklau, Michael Paquier Discussion: Backpatch-through: 10

Heikki Linnakangas pushed:

Álvaro Herrera pushed:

Daniel Gustafsson pushed:

  • Fix sscanf limits in pg_basebackup and pg_dump. Make sure that the string parsing is limited by the size of the destination buffer. In pg_basebackup the available values sent from the server is limited to two characters so there was no risk of overflow. In pg_dump the buffer is bounded by MAXPGPATH, and thus the limit must be inserted via preprocessor expansion and the buffer increased by one to account for the terminator. There is no risk of overflow here, since in this case, the buffer scanned is smaller than the destination buffer. Backpatch the pg_basebackup fix to 11 where it was introduced, and the pg_dump fix all the way down to 9.6. Reviewed-by: Tom Lane Discussion: Backpatch-through: 11 and 9.6

  • Fix bug in TOC file error message printing. If the blob TOC file cannot be parsed, the error message was failing to print the filename as the variable holding it was shadowed by the destination buffer for parsing. When the filename fails to parse, the error will print an empty string: ./pg_restore -d foo -F d dump pg_restore: error: invalid line in large object TOC file "": .. ..instead of the intended error message: ./pg_restore -d foo -F d dump pg_restore: error: invalid line in large object TOC file "dump/blobs.toc": .. Fix by renaming both variables as the shared name was too generic to store either and still convey what the variable held. Backpatch all the way down to 9.6. Reviewed-by: Tom Lane Discussion: Backpatch-through: 9.6

  • Refactor the sslfiles Makefile target for ease of use. The Makefile handling of certificate and keypairs used for TLS testing had become quite difficult to work with. Adding a new cert without the need to regenerate everything was too complicated. This patch refactors the sslfiles make target such that adding a new certificate requires only adding a .config file, adding it to the top of the Makefile, and running make sslfiles. Improvements: - Interfile dependencies should be fixed, with the exception of the CRL dirs. - New certificates have serial numbers based on the current time, reducing the chance of collision. - The CA index state is created on demand and cleaned up automatically at the end of the Make run. - *.config files are now self-contained; one certificate needs one config file instead of two. - Duplication is reduced, and along with it some unneeded code (and possible copy-paste errors). - all configuration files underneath the conf/ directory. The target is moved to its own makefile in order to avoid colliding with global make settings. Author: Jacob Champion Reviewed-by: Michael Paquier Discussion:

  • Fix SSL tests on 32-bit Perl. The certificate serial number generation was changed in b4c4a00ea to use the current timestamp. The testharness must thus interrogate the cert for the serialnumber using "openssl x509" which emits the serial in hex format. Converting the serial to integer format to match whats in pg_stat_ssl requires a 64-bit capable Perl. This adds a fallback to checking for an integer when the tests with a 32-bit Perl. Per failure on buildfarm member prairiedog. Discussion:

Tom Lane pushed:

  • Remove bogus assertion in transformExpressionList(). I think when I added this assertion (in commit 8f889b108), I was only thinking of the use of transformExpressionList at top level of INSERT and VALUES. But it's also called by transformRowExpr(), which can certainly occur in an UPDATE targetlist, so it's inappropriate to suppose that p_multiassign_exprs must be empty. Besides, since the input is not expected to contain ResTargets, there's no reason it should contain MultiAssignRefs either. Hence this code need not be concerned about the state of p_multiassign_exprs, and we should just drop the assertion. Per bug #17236 from ocean_li_996. It's been wrong for years, so back-patch to all supported branches. Discussion:

  • Fix assignment to array of domain over composite. An update such as "UPDATE ... SET fld[n].subfld = whatever" failed if the array elements were domains rather than plain composites. That's because isAssignmentIndirectionExpr() failed to cope with the CoerceToDomain node that would appear in the expression tree in this case. The result would typically be a crash, and even if we accidentally didn't crash, we'd not correctly preserve other fields of the same array element. Per report from Onder Kalaci. Back-patch to v11 where arrays of domains came in. Discussion:

  • pg_dump: Reorganize getTables(). Along the same lines as 047329624, ed2c7f65b and daa9fe8a5, reduce code duplication by having just one copy of the parts of the query that are the same across all server versions; and make the conditionals control the smallest possible amount of code. This also gets rid of the confusing assortment of different ways to accomplish the same result that we had here before. While at it, make sure all three relevant parts of the function list the fields in the same order. This is just neatnik-ism, of course. Discussion:

  • Improve pg_regress.c's infrastructure for issuing psql commands. Support issuing more than one "-c command" switch to a single psql invocation. This allows combining some things that formerly required two or more backend launches into a single session. In particular, we can issue DROP DATABASE as one of the -c commands without getting "DROP DATABASE cannot run inside a transaction block". In addition to reducing the number of sessions needed, this patch also suppresses "NOTICE: database "foo" does not exist, skipping" chatter that was formerly generated during pg_regress's DROP DATABASE (or ROLE) IF NOT EXISTS calls. That moves us another step closer to the ideal of not seeing any messages during successful build/test. This also eliminates some hard-coded restrictions on the length of the commands issued. I don't think we were anywhere near hitting those, but getting rid of the limit is comforting. Patch by me, but thanks to Nathan Bossart for starting the discussion. Discussion:

  • Doc: clarify a critical and undocumented aspect of simplehash.h. I just got burnt by trying to use pg_malloc instead of pg_malloc0 with this. Save the next hacker some time by not leaving this API detail undocumented.

  • pg_dump: fix mis-dumping of non-global default privileges. Non-global default privilege entries should be dumped as-is, not made relative to the default ACL for their object type. This would typically only matter if one had revoked some on-by-default privileges in a global entry, and then wanted to grant them again in a non-global entry. Per report from Boris Korzun. This is an old bug, so back-patch to all supported branches. Neil Chen, test case by Masahiko Sawada Discussion: Discussion:

  • Fix frontend version of sh_error() in simplehash.h. The code does not expect sh_error() to return, but the patch that made this header usable in frontend didn't get that memo. While here, plaster unlikely() on the tests that decide whether to invoke sh_error(), and add our standard copyright notice. Noted by Andres Freund. Back-patch to v13 where this frontend support came in. Discussion:

  • In pg_dump, use simplehash.h to look up dumpable objects by OID. Create a hash table that indexes dumpable objects by CatalogId (that is, catalog OID + object OID). Use this to replace the former catalogIdMap array, as well as various other single- catalog index arrays, and also the extension membership map. In principle this should be faster for databases with many objects, since lookups are now O(1) not O(log N). However, it seems that these lookups are pretty much negligible in context, so that no overall performance change can be measured. But having only one lookup data structure to maintain makes the code simpler and more flexible, so let's do it anyway. Discussion:

  • Fix minor memory leaks in pg_dump. I found these by running pg_dump under "valgrind --leak-check=full". The changes in flagInhIndexes() and getIndexes() replace allocation of an array of which we use only some elements by individual allocations of just the actually-needed objects. The previous coding wasted some memory, but more importantly it confused valgrind's leak tracking. collectComments() and collectSecLabels() remain major blots on the valgrind report, because they don't PQclear their query results, in order to avoid a lot of strdup's. That's a dubious tradeoff, but I'll leave it alone here; an upcoming patch will modify those functions enough to justify changing the tradeoff.

Andres Freund pushed:

Amit Kapila pushed:

Andrew Dunstan pushed:

Noah Misch pushed:

  • Avoid race in RelationBuildDesc() affecting CREATE INDEX CONCURRENTLY. CIC and REINDEX CONCURRENTLY assume backends see their catalog changes no later than each backend's next transaction start. That failed to hold when a backend absorbed a relevant invalidation in the middle of running RelationBuildDesc() on the CIC index. Queries that use the resulting index can silently fail to find rows. Fix this for future index builds by making RelationBuildDesc() loop until it finishes without accepting a relevant invalidation. It may be necessary to reindex to recover from past occurrences; REINDEX CONCURRENTLY suffices. Back-patch to 9.6 (all supported versions). Noah Misch and Andrey Borodin, reviewed (in earlier versions) by Andres Freund. Discussion:

  • Fix CREATE INDEX CONCURRENTLY for the newest prepared transactions. The purpose of commit 8a54e12a38d1545d249f1402f66c8cde2837d97c was to fix this, and it sufficed when the PREPARE TRANSACTION completed before the CIC looked for lock conflicts. Otherwise, things still broke. As before, in a cluster having used CIC while having enabled prepared transactions, queries that use the resulting index can silently fail to find rows. It may be necessary to reindex to recover from past occurrences; REINDEX CONCURRENTLY suffices. Fix this for future index builds by making CIC wait for arbitrarily-recent prepared transactions and for ordinary transactions that may yet PREPARE TRANSACTION. As part of that, have PREPARE TRANSACTION transfer locks to its dummy PGPROC before it calls ProcArrayClearTransaction(). Back-patch to 9.6 (all supported versions). Andrey Borodin, reviewed (in earlier versions) by Andres Freund. Discussion: