relcache reload works.  In the patched code, a relcache entry in process of
being rebuilt doesn't get unhooked from the relcache hash table; which means
that if a cache flush occurs due to sinval queue overrun while we're
rebuilding it, the entry could get blown away by RelationCacheInvalidate,
resulting in crash or misbehavior.  Fix by ensuring that an entry being
rebuilt has positive refcount, so it won't be seen as a target for removal
if a cache flush occurs.  (This will mean that the entry gets rebuilt twice
in such a scenario, but that's okay.)  It appears that the problem can only
arise within a transaction that has previously reassigned the relfilenode of
a pre-existing table, via TRUNCATE or a similar operation.  Per bug #5412
from Rusty Conover.

Back-patch to 8.2, same as the patch that introduced the problem.
I think that the failure can't actually occur in 8.2, since it lacks the
rd_newRelfilenodeSubid optimization, but let's make it work like the later
branches anyway.

Patch by Heikki, slightly editorialized on by me.

to one that's up to date with Windows 2003R2.

Windows timezone name where the information in the registry is
incomplete, instead of aborting.

This fixes cases when the registry information is incomplete for
a timezone that is alphabetically before the one that is in use.

Per report from Alexander Forschner

case the registry data doesn't follow the format we expect, to facilitate
debugging.

Sync perl's ppport.h on all branches back to 7.4 with recent update on HEAD, ensuring we can build older branches with modern Perl installations.

reasonably promptly, by adding CHECK_FOR_INTERRUPTS in the per-page loops.

Tatsuhito Kasahara

Windows, thanks to a feature in CRT called Parameter Validation.

Backpatch to 8.2, which is the oldest version supported on Windows. In
8.2 and 8.3 also backpatch the earlier change to use DEVNULL instead of
NULL_DEV #define for a /dev/null-like device. NULL_DEV was hard-coded to
"/dev/null" regardless of platform, which didn't work on Windows, while
DEVNULL works on all platforms. Restarting syslogger didn't work on
Windows on versions 8.3 and below because of that.

unsatisfiable query, such as indexcol && empty_array.  It should return -1
to tell GIN no scan is required; but silly typo disabled the logic for that,
resulting in unnecessary "GIN indexes do not support whole-index scans" error.
Per bug report from Jeff Trout.

Back-patch to 8.3 where the logic was introduced.

by a superuser -- "ALTER USER f RESET setting" already disallows removing such a
setting.

Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database
owner that's not superuser.

so that we won't try to attach any context printouts to messages that get
emitted while exiting.  Per report from Dennis Koegel, the context functions
won't necessarily work after we've started shutting down the backend, and it
seems possible that debug_query_string could be pointing at freed storage
as well.  The context information doesn't seem particularly relevant to
such messages anyway, so there's little lost by suppressing it.

Back-patch to all supported branches.  I can only demonstrate a crash with
log_disconnections messages back to 8.1, but the risk seems real in 8.0 and
before anyway.

Fujii Masao

tag 8.3.10

7.4.28.

The latter is considered unwarranted chumminess with the implementation,
and can lead to crashes with recent Perl versions.

Report and fix by Tim Bunce.  Back-patch to all versions containing the
questionable coding pattern.

Samoa, Chile; corrections to recent changes in Paraguay and Bangladesh.

--single-transaction are both used and the failure happens in commit,
e.g. failed deferred trigger.  Also properly free BEGIN/COMMIT result
structures from --single-transaction.

Per report from Dominic Bevacqua

Tim Landscheidt

the GSSAPI libraries crash.

Noted by Zdenek Kotala

Bangladesh, Mexico, Paraguay.

unless (1) the @ isn't quoted and (2) the filename isn't empty.  This guards
against unexpectedly treating usernames or other strings in "flat files"
as inclusion requests, as seen in a recent trouble report from Ed L.
The empty-filename case would be guaranteed to misbehave anyway, because our
subsequent path-munging behavior results in trying to read the directory
containing the current input file.

I think this might finally explain the report at
http://archives.postgresql.org/pgsql-bugs/2004-05/msg00132.php
of a crash after printing "authentication file token too long, skipping",
since I was able to duplicate that message (though not a crash) on a
platform where stdio doesn't refuse to read directories.  We never got
far in investigating that problem, but now I'm suspicious that the trigger
condition was an @ in the flat password file.

Back-patch to all active branches since the problem can be demonstrated in all
branches except HEAD.  The test case, creating a user named "@", doesn't cause
a problem in HEAD since we got rid of the flat password file.  Nonetheless it
seems like a good idea to not consider quoted @ as a file inclusion spec,
so I changed HEAD too.

set ferror() but never set feof().  This is known to be the case for recent
glibc when trying to read a directory as a file, and might be true for other
platforms/cases too.  Per report from Ed L.  (There is more that we ought to
do about his report, but this is one easily identifiable issue.)

in versions >= 8.3).  The core code is more robust and efficient than what
was there before, and this also reduces risks involved in swapping different
libxml error handler settings.

Before 8.3, there is still some risk of problems if add-on modules such as
Perl invoke libxml without setting their own error handler.  Given the lack
of reports I'm not sure there's a risk in practice, so I didn't take the
step of actually duplicating the core code into older contrib/xml2 branches.
Instead I just tweaked the existing code to ensure it didn't leave a dangling
pointer to short-lived memory when throwing an error.

too, instead of duplicating the functionality (badly).

I renamed xml_init to pg_xml_init, because the former seemed just a bit too
generic to be safe as a global symbol.  I considered likewise renaming
xml_ereport to pg_xml_ereport, but felt that the reference to ereport probably
made it sufficiently PG-centric already.

formats; a null string must not be formatted as a numeric. The more exotic
formats latex and troff also incorrectly formatted all strings as numerics
when numericlocale was on.

Backpatch to 8.1 where numericlocale option was added.

This fixes bug #5355 reported by Andy Lester.

This involves modifying the module to have a stable ABI, that is, the
xslt_process() function still exists even without libxslt.  It throws a
runtime error if called, but doesn't prevent executing the CREATE FUNCTION
call.  This is a good thing anyway to simplify cross-version upgrades.

These are unnecessary and probably dangerous.  I don't see any immediate
risk situations in the core XML support or contrib/xml2 itself, but there
could be issues with external uses of libxml2, and in any case it's an
accident waiting to happen.

Prior to 8.3, these changes are not critical for compatibility with core
Postgres, since core had no libxml2 calls then.  However there is still
a risk if contrib/xml2 is used along with libxml2 functionality in Perl
or other loadable modules.  So back-patch to all versions.

Also back-patch addition of regression tests.  I'm not sure how many of
the cases are interesting without the interaction with core xml code,
but a silly regression test is still better than none at all.

I was afraid to do this when these changes were first made, but now that
8.4 has seen some field use it should be all right to back-patch.  These
changes are really quite necessary in order to give xml.c any hope of
co-existing with loadable modules that also wish to use libxml2.

We had originally made the stronger assumption that NOT A refutes any B
if B implies A, but this fails in three-valued logic, because we need to
prove B is false not just that it's not true.  However the logic does
go through if B is equal to A.

Recognizing this limited case is enough to handle examples that arise when
we have simplified "bool_var = true" or "bool_var = false" to just "bool_var"
or "NOT bool_var".  If we had not done that simplification then the
btree-operator proof logic would have been able to prove that the expressions
were contradictory, but only for identical expressions being compared to the
constants; so handling identical A and B covers all the same cases.

The motivation for doing this is to avoid unexpected asymmetrical behavior
when a partitioned table uses a boolean partitioning column, as in today's
gripe from Dominik Sander.

Back-patch to 8.2, which is as far back as predicate_refuted_by attempts to
do anything at all with NOTs.

how often we do SSL session key renegotiation. Can be set to
0 to disable renegotiation completely, which is required if
a broken SSL library is used (broken patches to CVE-2009-3555
a known cause) or when using a client library that can't do
renegotiation.

The main motivation for changing this is bug #4921, in which it's pointed out
that it's no longer safe to apply ltree operations to the result of
ARRAY(SELECT ...) if the sub-select might return no rows.  Before 8.3,
the ARRAY() construct would return NULL, which might or might not be helpful
but at least it wouldn't result in an error.  Now it returns an empty array
which results in a failure for no good reason, since the ltree operations
are all perfectly capable of dealing with zero-element arrays.

As far as I can find, these ltree functions are the only places where zero
array dimensionality is rejected unnecessarily.

Back-patch to 8.3 to prevent behavioral regression of queries that worked
in older releases.

segment of XLOG_BACKUP_END record even if the the record is placed
at a segment boundary. Furthermore the previous implementation could
return nonexistent segment file name when the boundary is in segments
that has "FE" suffix; We never use segments with "FF" suffix.

Backpatch to 8.0, where hot backup was introduced.

Reported by Fujii Masao.

old memory context in plpython.  Before only one of them was marked
volatile, but per report from Zdenek Kotala, some compilers do the
wrong thing here.