== PostgreSQL Weekly News - November 12 2017 ==

From: David Fetter <david(at)fetter(dot)org>
To: PostgreSQL Announce <pgsql-announce(at)postgresql(dot)org>
Subject: == PostgreSQL Weekly News - November 12 2017 ==
Date: 2017-11-12 21:12:56
Message-ID: 20171112211256.GA17897@fetter.org
Views: Raw Message | Whole Thread | Download mbox
Lists: pgsql-announce

== PostgreSQL Weekly News - November 12 2017 ==

PostgreSQL security releases 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.24 are
out. Please read the announcement below and upgrade at the next available

PGConf.Brazil 2018 will take place in São Paulo, Brazil on August 3-4 2018. The
CfP will open soon.

Nordic PGDay 2018 will be held in Oslo, Norway, at the Radisson Blu Hotel
Nydalen, on March 13, 2018. The CfP is open through December 31, 2017 at

pgDay Paris 2018 will be held in Paris, France at the Espace Saint-Martin, on
March 15 2018. The CfP is open until December 31, 2017.

== PostgreSQL Jobs for November ==


== PostgreSQL Local ==

PGConf Local: Seattle will be held November 13 - 14, 2017.

PGDay Australia 2017 will be held on November 17 in Melbourne.

PostgreSQL Session will take place November 17th, 2017, in Paris, France.

PGDAY Brasilia 2017 will take place December 2, 2017. The CfP
is open at

PGConf Local: Austin will be held December 4 - 5, 2017. Call for Papers is
now open at https://www.pgconf.us/conferences/Austin2017

PGConf.ASIA 2017 will take place on December 4-6 2017 in Akihabara, Tokyo,

FOSDEM PGDay 2018, a one day conference held before the main FOSDEM event will
be held in Brussels, Belgium, on Feb 2nd, 2018.

Prague PostgreSQL Developer Day 2018 (P2D2 2018) is a two-day
conference that will be held on February 14-15 2018 in Prague, Czech Republic.
The CfP is open until January 5, 2018 at https://p2d2.cz/callforpapers

PGConf India 2018 will be on February 22-23, 2018 in Bengaluru, Karnataka.
Proposals are due via https://goo.gl/forms/F9hRjOIsaNasVOAz2 by October 31st, 2017.

PostgreSQL(at)SCaLE is a two day, two track event which takes place on
March 8-9, 2018, at Pasadena Convention Center, as part of SCaLE 16X.
The CfP is open through October 31, 2017 at

PGConf APAC 2018 will be held in Singapore March 22-24, 2018. The CfP is open
at http://2018.pgconfapac.org/cfp through December 4, 2017.

The German-speaking PostgreSQL Conference 2018 will take place on April 13th,
2018 in Berlin. The CfP is open until January 09, 2018 at
http://2018.pgconf.de/de/callforpapers.html and the conference site is at

PGCon 2018 will take place in Ottawa on May 29 - June 2018. The CfP goes out

== PostgreSQL in the News ==

Planet PostgreSQL: http://planet.postgresql.org/

PostgreSQL Weekly News is brought to you this week by David Fetter

Submit news and announcements by Sunday at 3:00pm EST5EDT. Please send English
language ones to david(at)fetter(dot)org, German language to pwn(at)pgug(dot)de, Italian
language to pwn(at)itpug(dot)org(dot)

== Applied Patches ==

Tom Lane pushed:

- Release notes for 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, 9.2.24. In the v10
branch, also back-patch the effects of 1ff01b390 and c29c57890 on these files,
to reduce future maintenance issues. (I'd do it further back, except that the
9.X branches differ anyway due to xlog-to-wal link tag renaming.)

- Fix version numbering foulups exposed by 10.1. configure computed
PG_VERSION_NUM incorrectly. (Coulda sworn I tested that logic back when, but
it had an obvious thinko.) pg_upgrade had not been taught about the new
dispensation with just one part in the major version number. Both things
accidentally failed to fail with 10.0, but with 10.1 we got the wrong results.
Per buildfarm.

- Fix unportable usage of <ctype.h> functions. isdigit(), isspace(), etc are
likely to give surprising results if passed a signed char. We should always
cast the argument to unsigned char to avoid that. Error in commit 63d6b97fd,
found by buildfarm member gaur. Back-patch to 9.3, like that commit.

- Fix unportable spelling of int64 constant. Per buildfarm member pademelon.

- Fix two violations of the ResourceOwnerEnlarge/Remember protocol. The point
of having separate ResourceOwnerEnlargeFoo and ResourceOwnerRememberFoo
functions is so that resource allocation can happen in between. Doing it in
some other order is just wrong. OpenTemporaryFile() did open(), enlarge,
remember, which would leak the open file if the enlarge step ran out of
memory. Because fd.c has its own layer of resource-remembering, the
consequences look like they'd be limited to an intratransaction FD leak, but
it's still not good. IncrBufferRefCount() did enlarge, remember,
incr-refcount, which would blow up if the incr-refcount step ever failed. It
was safe enough when written, but since the introduction of
PrivateRefCountHash, I think the assumption that no error could happen there
is pretty shaky. The odds of real problems from either bug are probably
small, but still, back-patch to supported branches. Thomas Munro and Tom
Lane, per a comment from Andres Freund

- Doc: fix erroneous example. The grammar requires these options to appear the
other way 'round. jotpe(at)posteo(dot)de Discussion:

- Allow --with-bonjour to work with non-macOS implementations of Bonjour. On
macOS the relevant functions require no special library, but elsewhere we need
to pull in libdns_sd. Back-patch to supported branches. No docs change since
the docs do not suggest that this is a Mac-only feature. Luke Lonergan

- Last-minute updates for release notes. Security: CVE-2017-12172,
CVE-2017-15098, CVE-2017-15099

- Add tests for json{b}_populate_recordset() crash case. The problem reported
as CVE-2017-15098 was already resolved in HEAD by commit 37a795a60, but let's
add the relevant test cases anyway. Michael Paquier and Tom Lane, per a
report from David Rowley. Security: CVE-2017-15098

- Revert "Allow --with-bonjour to work with non-macOS implementations of
Bonjour.". Upon further review, our Bonjour code doesn't actually work with
the Avahi not-too-compatible compatibility library. While you can get it to
work on non-macOS platforms if you link to Apple's own mDNSResponder code,
there don't seem to be many people who care about that. Leaving in the
AC_SEARCH_LIBS call seems more likely to encourage people to build broken
configurations than to do anything very useful. Hence, remove the
AC_SEARCH_LIBS call and put in a warning comment instead. Discussion:

- Fix bogus logic for checking executables' versions within pg_upgrade.
Somebody messed up a refactoring here. As it stood, we'd check pg_ctl's
--version output twice for each cluster. Worse, the first check for the new
cluster's version happened before we'd done any validate_exec checks there,
breaking the check ordering the code intended. A. Akenteva Discussion:

- Fix typo in ALTER SYSTEM output. The header comment written into
postgresql.auto.conf by ALTER SYSTEM should match what initdb put there
originally. Feike Steenbergen Discussion:

- Restrict lo_import()/lo_export() via SQL permissions not hard-wired checks.
While it's generally unwise to give permissions on these functions to anyone
but a superuser, we've been moving away from hard-wired permission checks
inside functions in favor of using the SQL permission system to control
access. Bring lo_import() and lo_export() into compliance with that approach.
In particular, this removes the manual configuration option
ALLOW_DANGEROUS_LO_FUNCTIONS. That dates back to 1999 (commit 4cd4a54c8);
it's unlikely anyone has used it in many years. Moreover, if you really want
such behavior, now you can get it with GRANT ... TO PUBLIC instead. Michael
Paquier Discussion:

- Refactor permissions checks for large objects. Up to now, ACL checks for
large objects happened at the level of the SQL-callable functions, which led
to CVE-2017-7548 because of a missing check. Push them down to be enforced in
inv_api.c as much as possible, in hopes of preventing future bugs. This does
have the effect of moving read and write permission errors to happen at
lo_open time not loread or lowrite time, but that seems acceptable. Michael
Paquier and Tom Lane Discussion:

- Tighten test in contrib/bloom/t/001_wal.pl. Make bloom WAL test compare psql
output text, not just result codes; this was evidently the intent all along,
but it was mis-coded. In passing, make sure we will notice any failure in
setup steps. Alexander Korotkov, reviewed by Michael Paquier and Masahiko
Sawada Discussion:

Noah Misch pushed:

- Add a temp-install prerequisite to "check"-like targets not having one.
Makefile.global assigns this prerequisite to every target named "check", but
similar targets must mention it explicitly. Affected targets failed, tested
$PATH binaries, or tested a stale temporary installation. The
src/test/modules examples worked properly when called as "make -C
src/test/modules/$FOO check", but "make -j" allowed the test to start before
the temporary installation was in place. Back-patch to 9.5, where commit
dcae5faccab64776376d354decda0017c648bb53 introduced the shared temp-install.

- start-scripts: switch to $PGUSER before opening $PGLOG. By default, $PGUSER
has permission to unlink $PGLOG. If $PGUSER replaces $PGLOG with a symbolic
link, the server will corrupt the link-targeted file by appending log
messages. Since these scripts open $PGLOG as root, the attack works
regardless of target file ownership. "make install" does not install these
scripts anywhere. Users having manually installed them in the past should
repeat that process to acquire this fix. Most script users have $PGLOG
writable to root only, located in $PGDATA. Just before updating one of these
scripts, such users should rename $PGLOG to $PGLOG.old. The script will then
recreate $PGLOG with proper ownership. Reviewed by Peter Eisentraut.
Reported by Antoine Scemama. Security: CVE-2017-12172

- Ignore XML declaration in xpath_internal(), for UTF8 databases. When a value
contained an XML declaration naming some other encoding, this function
interpreted UTF8 bytes as the named encoding, yielding mojibake. xml_parse()
already has similar logic. This would be necessary but not sufficient for
non-UTF8 databases, so preserve behavior there until the xpath facility can
support such databases comprehensively. Back-patch to 9.3 (all supported
versions). Pavel Stehule and Noah Misch Discussion:

- Fix previous commit's test, for non-UTF8 databases with non-XML builds. To
ensure stable output, catch one more configuration-specific error. Back-patch
to 9.3, like the commit that added the test.

- Make connect/test1 independent of localhost IPv6. Since commit
868898739a8da9ab74c105b8349b7b5c711f265a, it has assumed "localhost" resolves
to both ::1 and We gain nothing from that assumption, and it does
not hold in a default installation of Red Hat Enterprise Linux 5. Back-patch
to 9.3 (all supported versions).

- Add post-2010 ecpg tests to checktcp. This suite had been a proper superset
of the regular ecpg test suite, but the three newest tests didn't reach it.
To make this less likely to recur, delete the extra schedule file and pass the
TCP-specific test on the command line. Back-patch to 9.3 (all supported

Simon Riggs pushed:

- Exclude pg_internal.init from BASE_BACKUP. Add docs to explain this for other
backup mechanisms Author: David Steele <david(at)pgmasters(dot)net> Reviewed-by: Petr
Jelinek <petr(dot)jelinek(at)2ndQuadrant(dot)com> et al

- Remove secondary checkpoint. Previously server reserved WAL for last two
checkpoints, which used too much disk space for small servers. Bumps
PG_CONTROL_VERSION Author: Simon Riggs <simon(at)2ndQuadrant(dot)com> Reviewed-by:
Michael Paquier <michael(dot)paquier(at)gmail(dot)com>

Robert Haas pushed:

- Fix typo in comment. Masahiko Sawada Discussion:

- Fix incorrect comment. Etsuro Fujita Discussion:

- Account for the effect of lossy pages when costing bitmap scans. Dilip Kumar,
reviewed by Alexander Kumenkov, Amul Sul, and me. Some final adjustments by
me. Discussion:

- Add hash partitioning. Hash partitioning is useful when you want to partition
a growing data set evenly. This can be useful to keep table sizes reasonable,
which makes maintenance operations such as VACUUM faster, or to enable
partition-wise join. At present, we still depend on constraint exclusion for
partitioning pruning, and the shape of the partition constraints for hash
partitioning is such that that doesn't work. Work is underway to fix that,
which should both improve performance and make partitioning pruning work with
hash partitioning. Amul Sul, reviewed and tested by Dilip Kumar, Ashutosh
Bapat, Yugo Nagata, Rajkumar Raghuwanshi, Jesper Pedersen, and by me. A few
final tweaks also by me. Discussion:

Peter Eisentraut pushed:

- Expand empty end tag.

- Put markup in the right place.

- Change TRUE/FALSE to true/false. The lower case spellings are C and C++
standard and are used in most parts of the PostgreSQL sources. The upper case
spellings are only used in some files/modules. So standardize on the standard
spellings. The APIs for ICU, Perl, and Windows define their own TRUE and
FALSE, so those are left as is when using those APIs. In code comments, we
use the lower-case spelling for the C concepts and keep the upper-case
spelling for the SQL concepts. Reviewed-by: Michael Paquier

- Remove junk left from DSSSL to XSL conversion.

- Add -wnet to SP invocations. This causes a warning when accidentally
backpatching an XML-style empty-element tag like <xref linkend="abc"/>.

- Add some const decorations to prototypes. Reviewed-by: Fabien COELHO

- Fix some null pointer dereferences in LDAP auth code. An LDAP URL without a
host name such as "ldap://" or without a base DN such as "ldap://localhost"
would cause a crash when reading pg_hba.conf. If no binddn is configured, an
error message might end up trying to print a null pointer, which could crash
on some platforms. Author: Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com>
Reviewed-by: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>

Dean Rasheed pushed:

- Always require SELECT permission for ON CONFLICT DO UPDATE. The update path
of an INSERT ... ON CONFLICT DO UPDATE requires SELECT permission on the
columns of the arbiter index, but it failed to check for that in the case of
an arbiter specified by constraint name. In addition, for a table with row
level security enabled, it failed to check updated rows against the table's
SELECT policies when the update path was taken (regardless of how the arbiter
index was specified). Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS
were introduced. Security: CVE-2017-15099

== Pending Patches ==

Edmund Horner sent in a patch to add some tab completion to the SELECT target
list in psql.

Ashutosh Bapat sent in a patch to improve \d+ output of a partitioned table and
separate default partition from rest of the partitions in psql.

Noah Misch sent in a patch to fix a race to build pg_isolation_regress in "make
-j check-world".

David Rowley sent in a patch to remove useless DISTINCT clauses.

Thomas Munro sent in a patch atop the statement-level rollback patch to document
it better.

Konstantin Knizhnik sent in another revision of a patch to optimize secondary
index lookups.

Raúl Marín Rodríguez sent in three more revisions of a patch to add pow() to

Asim Praveen sent in two more revisions of a patch to change incorrect calls to
PageGetLSN to BufferGetLSNAtomic and assert that locks are properly held in

Kyotaro HORIGUCHI and Pavel Stěhule traded patches to add default namespaces for
XPath expressions.

Amit Langote and David Rowley traded patches to prune partitions faster.

Haribabu Kommi sent in another revision of a patch to create the infrastructure
for pluggable storage.

Nathan Bossart sent in two more revisions of a patch to add new logging for

Haribabu Kommi sent in another revision of a patch to add a pg_stat_wal_write
statistics view.

Haribabu Kommi sent in two more revisions of a patch to refactor handling of
database attributes between pg_dump and pg_dumpall.

Tom Lane sent in a patch to speed up compactify_tuples, this time without a sort

Alexander Korotkov sent in two more revisions of a patch to fix the bloom WAL
tap test.

Thomas Munro sent in a patch to add planning counters to pg_stat_statements.

Michaël Paquier and Fabrízio de Royes Mello traded patches to add session_start
and session_end hooks.

Dmitry Dolgov and Artur Zakirov traded patches to add generic subscripting,
implementing those for arrays and JSON with same.

Masahiko Sawada sent in a patch to remove a duplicate setting in

Kyotaro HORIGUCHI sent in another revision of a patch to restrict the maximum
keep segments by repslots.

Amit Khandekar sent in two more revisions of a patch to enable UPDATEs of a
partition key to move tuples to the appropriate partition.

Etsuro Fujita sent in a patch to reorder header files in alphabetical order.

Robert Haas sent in another revision of a patch to implement parallel append.

Amit Kapila sent in another revision of a patch to ensure that parallel paths
include tlist cost.

Beena Emerson sent in another revision of a patch to implement runtime partiton

Pavel Stěhule sent in two more revisions of a patch to add \graw to psql.

Michaël Paquier sent in a patch to remove ALLOW_DANGEROUS_LO_FUNCTIONS for
LO-related superuser checks, replace superuser checks of large object
import/export by ACL checks, and move ACL checks for large objects when opening

Huong Dangminh sent in a patch to fix an issue where user-defined data types
weren't working right under logical replication.

Mark Rofail sent in another revision of a patch to implement foreign key arrays.

David Rowley sent in a patch to add a mention of CREATE STATISTICS to the event
trigger docs.

Robert Haas sent in another revision of a patch to speed up processing at Gather

Graham Leggett sent in a patch to log SSL certificate verification errors.

Robert Haas and Amit Kapila traded patches to parallelize queries containing

Pavel Stěhule sent in another revision of a patch to add a SERVER_VERSION
variable to psql.

Robert Haas sent in a patch to ensure that GatherMerge pushes tlists down.

Thomas Munro sent in a patch to add a parallel_leader_participation GUC.

Andrey Borodin sent in another revision of a patch to add GiST VACUUM.

Browse pgsql-announce by date

  From Date Subject
Next Message Pavan Deolasee 2017-11-13 02:42:16 PGConf India 2018 - Registrations Open
Previous Message Stephen Frost 2017-11-09 14:29:44 PostgreSQL 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.24 released!