Skip site navigation (1) Skip section navigation (2)

== PostgreSQL Weekly News - August 19 2012 ==

From: David Fetter <david(at)fetter(dot)org>
To: PostgreSQL Announce <pgsql-announce(at)postgresql(dot)org>
Subject: == PostgreSQL Weekly News - August 19 2012 ==
Date: 2012-08-20 06:24:32
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-announce
== PostgreSQL Weekly News - August 19 2012 ==

PostgreSQL security fix versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20 released.
Upgrade ASAP!

Postgres Open 2012 will be in Chicago, IL, USA, September 17-19.  The
schedule is published and registration is open!

== PostgreSQL Product News ==

Pyrseas 0.6.0beta, a toolkit for PostgreSQL version control, released on PGXN.

== PostgreSQL Jobs for August ==

== PostgreSQL Local ==

PostgreSQL Session will be held on October 4th, 2012, in Paris,
France.  More information at:

PostgreSQL Conference Europe 2012 will be in Prague, Czech Republic
on October 23-26.  The call for papers is open.

PostgreSQL Day Argentina 2012 will be held on November 13th in Bernal,
Buenos Aires, at the National University of Quilmes.  It will cover
topics for PostgreSQL users, developers and contributors, as well as
decision and policy makers.  For more information about the
conference, please see the website at

== PostgreSQL in the News ==

Planet PostgreSQL:

PostgreSQL Weekly News is brought to you this week by David Fetter

Submit news and announcements by Sunday at 3:00pm Pacific time.
Please send English language ones to david(at)fetter(dot)org, German language
to pwn(at)pgug(dot)de, Italian language to pwn(at)itpug(dot)org(dot)  Spanish language
to pwn(at)arpug(dot)com(dot)ar(dot)

== Applied Patches ==

Heikki Linnakangas pushed:

- Add runtime checks for number of query parameters passed to libpq
  functions.  The maximum number of parameters supported by the FE/BE
  protocol is 65535, as it's transmitted as a 16-bit unsigned integer.
  However, the nParams arguments to libpq functions are all of type
  'int'. We can't change the signature of libpq functions, but a
  simple bounds check is in order to make it more clear what's going
  wrong if you try to pass more than 65535 parameters.  Per complaint
  from Jim Vanns.

- Fix GiST buffering build bug, which caused "failed to re-find
  parent" errors.  We use a hash table to track the parents of inner
  pages, but when inserting to a leaf page, the caller of
  gistbufferinginserttuples() must pass a correct block number of the
  leaf's parent page. Before gistProcessItup() descends to a child
  page, it checks if the downlink needs to be adjusted to accommodate
  the new tuple, and updates the downlink if necessary.  However,
  updating the downlink might require splitting the page, which might
  move the downlink to a page to the right. gistProcessItup() doesn't
  realize that, so when it descends to the leaf page, it might pass an
  out-of-date parent block number as a result. Fix that by returning
  the block a tuple was inserted to from gistbufferinginserttuples().
  This fixes the bug reported by Zdeněk Jílovec.

- Add SP-GiST support for range types.  The implementation is a
  quad-tree, largely copied from the quad-tree implementation for
  points. The lower and upper bound of ranges are the 2d coordinates,
  with some extra code to handle empty ranges.  I left out the support
  for adjacent operator, -|-, from the original patch.  Not because
  there was necessarily anything wrong with it, but it was more
  complicated than the other operators, and I only have limited time
  for reviewing. That will follow as a separate patch.  Alexander
  Korotkov, reviewed by Jeff Davis and me.

Tom Lane pushed:

- Update time zone data files to tzdata release 2012e.  DST law
  changes in Morocco; Tokelau has relocated to the other side of the
  International Date Line; and apparently Olson had Tokelau's GMT
  offset wrong by an hour even before that.  There are also a large
  number of non-significant changes in this update.  Upstream took the
  opportunity to remove trailing whitespace, and the SCCS-style
  version numbers on the individual files are gone too.

- Prevent access to external files/URLs via XML entity references.
  xml_parse() would attempt to fetch external files or URLs as needed
  to resolve DTD and entity references in an XML value, thus allowing
  unprivileged database users to attempt to fetch data with the
  privileges of the database server.  While the external data wouldn't
  get returned directly to the user, portions of it could be exposed
  in error messages if the data didn't parse as valid XML; and in any
  case the mere ability to check existence of a file might be useful
  to an attacker.  The ideal solution to this would still allow
  fetching of references that are listed in the host system's XML
  catalogs, so that documents can be validated according to installed
  DTDs.  However, doing that with the available libxml2 APIs appears
  complex and error-prone, so we're not going to risk it in a security
  patch that necessarily hasn't gotten wide review.  So this patch
  merely shuts off all access, causing any external fetch to silently
  expand to an empty string.  A future patch may improve this.  In
  HEAD and 9.2, also suppress warnings about undefined entities, which
  would otherwise occur as a result of not loading referenced DTDs.
  Previous branches don't show such warnings anyway, due to different
  error handling arrangements.  Credit to Noah Misch for first
  reporting the problem, and for much work towards a solution, though
  this simplistic approach was not his preference.  Also thanks to
  Daniel Veillard for consultation.  Security: CVE-2012-3489

- Prevent access to external files/URLs via contrib/xml2's
  xslt_process().  libxslt offers the ability to read and write both
  files and URLs through stylesheet commands, thus allowing
  unprivileged database users to both read and write data with the
  privileges of the database server.  Disable that through proper use
  of libxslt's security options.  Also, remove xslt_process()'s
  ability to fetch documents and stylesheets from external files/URLs.
  While this was a documented "feature", it was long regarded as a
  terrible idea.  The fix for CVE-2012-3489 broke that capability, and
  rather than expend effort on trying to fix it, we're just going to
  summarily remove it.  While the ability to write as well as read
  makes this security hole considerably worse than CVE-2012-3489, the
  problem is mitigated by the fact that xslt_process() is not
  available unless contrib/xml2 is installed, and the longstanding
  warnings about security risks from that should have discouraged
  prudent DBAs from installing it in security-exposed databases.
  Reported and fixed by Peter Eisentraut.  Security: CVE-2012-3488

- Update release notes for 9.1.5, 9.0.9, 8.4.13, 8.3.20.

- Resurrect the "last ditch" code path in join_search_one_level().
  This essentially reverts commit
  e54b10a62db2991235fe800c629baef4531a6d67, in which I'd decided that
  the "last ditch" join logic was useless.  The folly of that is now
  exposed by a report from Pavel Stehule: although the function should
  always find at least one join in a self-contained join problem, it
  can still fail to do so in a sub-problem created by artificial
  from_collapse_limit or join_collapse_limit constraints.  Adjust the
  comments to describe this, and simplify the code a bit to match the
  new coding of the earlier loop in the function.  I'm not terribly
  happy about this: I still subscribe to the opinion stated in the
  previous commit message that the "last ditch" code can obscure logic
  bugs elsewhere.  But the alternative seems to be to complicate the
  earlier tests for does-this-relation-have-a-join-clause to the point
  where they can tell whether the join clauses link outside the
  current join sub-problem.  And that looks messy, slow, and possibly
  a source of bugs in itself.  In any case, now is not the time to be
  inserting experimental code into 9.2, so let's just go back to the
  time-tested solution.

- Disallow extensions from owning the schema they are assigned to.
  This situation creates a dependency loop that confuses pg_dump and
  probably other things.  Moreover, since the mental model is that the
  extension "contains" schemas it owns, but "is contained in" its
  extschema (even though neither is strictly true), having both true
  at once is confusing for people too.  So prevent the situation from
  being set up.  Reported and patched by Thom Brown.  Back-patch to
  9.1 where extensions were added.

- Fix rescan logic in nodeCtescan.  The previous coding essentially
  assumed that nodes would be rescanned in the same order they were
  initialized in; or at least that the "leader" of a group of CTEscans
  would be rescanned before any others were required to execute.
  Unfortunately, that isn't even a little bit true.  It's possible to
  devise queries in which the leader isn't rescanned until other
  CTEscans on the same CTE have run to completion, or even in which
  the leader never gets a rescan call at all.  The fix makes the
  leader specially responsible only for initial creation and final
  destruction of the tuplestore; rescan resets are now a symmetrically
  shared responsibility.  This means that we might reset the
  tuplestore multiple times when restarting a plan subtree containing
  multiple CTEscans; but resetting an already-empty tuplestore is
  cheap enough that that doesn't seem like a problem.  Per report from
  Adam Mackler; the new regression test cases are based on his example
  query.  Back-patch to 8.4 where CTE scans were introduced.

- Suppress possibly-uninitialized-variable warning.

- Allow create_index_paths() to consider multiple join bitmapscan
  paths.  In the initial cut at the "parameterized paths" feature, I'd
  simplified create_index_paths() to the point where it would only
  generate a single parameterized bitmap path per relation.
  Experimentation with an example supplied by Josh Berkus convinces me
  that that's not good enough: we really need to consider a bitmap
  path for each possible outer relation.  Otherwise we have
  regressions relative to pre-9.2 versions, in which the planner picks
  a plain indexscan where it should have used a bitmap scan in queries
  involving three or more tables.  Indeed, after fixing this, several
  queries in the regression tests show improved plans as a result of
  using bitmap not plain indexscans.

- Check LIBXML_VERSION instead of testing in configure script.  We had
  put a test for libxml2's xmlStructuredErrorContext variable in
  configure, but of course that doesn't work on Windows builds.  The
  next best alternative seems to be to test the LIBXML_VERSION symbol
  provided by xmlversion.h.  Per report from Talha Bin Rizwan, though
  this fixes it in a different way than his proposed patch.

- Copy-editing for recent window-functions documentation rewrite.  Fix
  grammar, put back some removed information, rearrange for clarity.

- Another round of planner fixes for LATERAL.  Formerly, subquery
  pullup had no need to examine other entries in the range table,
  since they could not contain any references to the subquery being
  pulled up.  That's no longer true with LATERAL, so now we need to be
  able to visit rangetable subexpressions to replace Vars referencing
  the pulled-up subquery.  Also, this means that
  extract_lateral_references must be unsurprised at encountering
  lateral PlaceHolderVars, since such might be created when pulling up
  a subquery that's underneath an outer join with respect to the
  lateral reference.

- Make use of LATERAL in information_schema.sequences view.  It said
  "XXX: The following could be improved if we had LATERAL" ...  so
  let's do that.  No catversion bump since either version of the view
  works fine.

- Allow OLD and NEW in multi-row VALUES within rules.  Now that we
  have LATERAL, it's fairly painless to allow this case, which was
  left as a TODO in the original multi-row VALUES implementation.

- Remove obsolete comment.

- Fix typo in comment.

Bruce Momjian pushed:

- In documentation, change "recommendable" to "recommended", per
  consultation with word definitions.  Backpatch to 9.2.

- Add pg_settings units display for "commit_delay" (ms).  Also remove
  unnecessary units designation in postgresql.conf.sample.

- Add doc example of restricting large object trigger firing to only
  updates of the column of interest.

- Add more limited large object trigger example.

- Revert "commit_delay" change; just add comment that we don't have a
  microsecond specification.

- Properly escape usernames in initdb, so names with single-quotes are
  supported.  Also add assert to catch future breakage.  Also, improve
  documentation that "double"-quotes must be used in pg_hba.conf (not
  single quotes).

- Document that foreign "version" and "type" values are only useful to
  certain foreign data wrappers.

- Add C comment that '=' is not documented for plpgsql assignment.

- Document why you can't use date_trunc("week") on intervals.

- On second thought, explain why date_trunc("week") on interval values
  is not supported in the error message, rather than the docs.

- In psql, if the is no connection object, e.g. due to a server crash,
  require all parameters for \c, rather than using the defaults, which
  might be wrong.

- Update C comment to NOTICE to reflect previous commit changing the
  error level, per report from Tom.

- Add C comment about new \c parameter requirement for crashed

- Properly document that NEW is unassigned in plpgsql for DELETE (not
  NULL), and OLD is unassigned for INSERT, and NEW/OLD are unassigned
  (not NULL) for statement-level triggers.  Per report from Pavel

  suggestion from Ray Stell

- Document that pg_ctl -w allows for the entry of an SSL passphase on
  startup.  Per report from Thom Brown

- Document that PGDATA has to point to the configuration files, rather
  than the actual data storage directory.  Per suggestion from Thom

- Fix SGML markup;  missing tag.

- Revert:  In docs, change a few cases of "not important" to
  "unimportant".  Per request from Heikki Linnakangas

- In docs, clarify that, without ORDER BY, the window frame is all
  rows in the partition.

- In docs, change a few cases of "not important" to "unimportant".

- Add possible alternate tool for pgrminclude, from Peter Geoghegan

- Rewrite window function reference section to more clearly explain
  keywords and concepts, based on suggestions by Florian Pflug.

- Add warning about pg_ctl restart and the use of relative paths on
  the command-line.

- Document that tab completation can interfere with some SQL commands.

- Add URL for include file visualization tool.

- Delete inaccurate C comment about FSM and adding pages, per Robert

- Update 'int' protocol documentation mention to be "signed", per
  request from Dmitriy Igrishin

== Rejected Patches (for now) ==

No one was disappointed this week :-)

== Pending Patches ==

Craig Ringer sent in another revision of the patch to add a
value_to_json for single-datum.

Dean Rasheed sent in another WIP revision of the patch to make views
update-able in the cases where that makes sense.

Pavel Stehule sent in two revisions of a patch to implement shared
"status" variables.

KaiGai Kohei sent in another revision of the patch to refactor ALTER
into a single consistent framework.

Kevin Grittner sent in three revisions of a patch to fix SERIALIZABLE
isolation mode on Windows.

Etsuro Fujita sent in two revisions of a patch to fix an issue with
relative file placements for COPY, the first changing the behavior,
the second leaving the extant behavior in place and documenting same.

Pavel Stehule sent in another revision of the patch to enable COPY to
show the number of rows processed.

Peter Geoghegan sent in another revision of the patch to add
grow_memtuples for sorts.

Peter Eisentraut sent in a patch to unlink the pid file on postmaster

Bruce Momjian sent in a patch to adjust how psql handles quoting of
its own variables when interacting with the shell.

Fabrízio de Royes Mello sent in five revisions of a patch to add

Bruce Momjian sent in a patch to change call sites in psql call the
error reporting function rather than decide willy-nilly whether to
send the output to stdout.

Alvaro Herrera sent in another revision of the patch to add foreign
key locks.

Jeff Janes sent in two revisions of a patch to add tab completion to

Alexander Korotkov sent in a separate patch to add adjacent support
for SP-GiST indexes in the case of range types.

Phil Sorber sent in a patch which enables users to control the display
of boolean values in psql.

Tom Lane sent in a patch to adjust the behavior of rewrite rules in
the case of WITH and LATERAL.

Jeff Janes sent in a patch to fix tab completion for DROP CONSTRAINT
in psql.

Craig Ringer sent in a doc patch to clarify that not everything in
PostgreSQL is controlled under MVCC.

pgsql-announce by date

Next:From: marianDate: 2012-08-20 15:15:51
Subject: Re: DataArchitect 4.3 is available
Previous:From: Hiroshi SaitoDate: 2012-08-20 04:05:21
Subject: psqlODBC 09.01.0200 Released

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group