Commit Graph

9664 Commits

Author SHA1 Message Date
Robert Haas
4384a95a57 Fix longstanding typo in V1 calling conventions documentation.
Erik Rijkers
2010-05-16 03:55:41 +00:00
Tom Lane
d7b6c8c0a5 Improve documentation of pg_restore's -l and -L switches to point out their
interactions with filtering switches, such as -n and -t.  Per a complaint
from Russell Smith.
2010-05-15 18:11:07 +00:00
Bruce Momjian
36d3afd2d4 Remove all mentions of EnterpriseDB Advanced Server from pg_upgrade;
EDB must maintain their own patch set for this.
2010-05-13 22:51:00 +00:00
Tom Lane
20db9591b2 Update release notes with security issues.
Security: CVE-2010-1169, CVE-2010-1170
2010-05-13 21:26:59 +00:00
Tom Lane
4b8c969c74 Use an entity instead of non-ASCII letter. Thom Brown 2010-05-13 19:16:14 +00:00
Tom Lane
a4bbfb1aac Use "TOAST table" in place of the vague, not-used-elsewhere phrase
"supplementary storage table".
2010-05-13 18:54:18 +00:00
Tom Lane
9ead05b7c3 Prevent PL/Tcl from loading the "unknown" module from pltcl_modules unless
that is a regular table or view owned by a superuser.  This prevents a
trojan horse attack whereby any unprivileged SQL user could create such a
table and insert code into it that would then get executed in other users'
sessions whenever they call pltcl functions.

Worse yet, because the code was automatically loaded into both the "normal"
and "safe" interpreters at first use, the attacker could execute unrestricted
Tcl code in the "normal" interpreter without there being any pltclu functions
anywhere, or indeed anyone else using pltcl at all: installing pltcl is
sufficient to open the hole.  Change the initialization logic so that the
"unknown" code is only loaded into an interpreter when the interpreter is
first really used.  (That doesn't add any additional security in this
particular context, but it seems a prudent change, and anyway the former
behavior violated the principle of least astonishment.)

Security: CVE-2010-1170
2010-05-13 18:29:12 +00:00
Andrew Dunstan
1f474d299d Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is
fundamentally insecure. Instead apply an opmask to the whole interpreter that
imposes restrictions on unsafe operations. These restrictions are much harder
to subvert than is Safe.pm, since there is no container to be broken out of.
Backported to release 7.4.

In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of
the two interpreters model for plperl and plperlu adopted in release 8.2.

In versions 8.0 and up, the use of Perl's POSIX module to undo its locale
mangling on Windows has become insecure with these changes, so it is
replaced by our own routine, which is also faster.

Nice side effects of the changes include that it is now possible to use perl's
"strict" pragma in a natural way in plperl, and that perl's $a and
$b variables now work as expected in sort routines, and that function
compilation is significantly faster.

Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and
Alexey Klyukin.

Security: CVE-2010-1169
2010-05-13 16:39:43 +00:00
Bruce Momjian
10d66ac8f6 Comment out EnterpriseDB Advanced Server mention in SGML docs. 2010-05-13 15:03:24 +00:00
Magnus Hagander
4cb7536c6b Fix some spelling errors.
Thom Brown
2010-05-13 14:16:41 +00:00
Bruce Momjian
092c36ef99 Fix HISTORY.html build using </link>, not </>. 2010-05-13 12:47:50 +00:00
Peter Eisentraut
3393551d54 Fix vpath installation from distribution tarball (bug #5447) 2010-05-13 11:49:48 +00:00
Bruce Momjian
d8c311c379 Update release notes to current. 2010-05-13 01:57:01 +00:00
Bruce Momjian
9885206cab Move pg_upgrade shared library out into its own /contrib directory
(pg_upgrade_support).
2010-05-13 01:03:01 +00:00
Tom Lane
8aad797362 Preliminary release notes for releases 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25,
7.4.29.
2010-05-12 23:20:49 +00:00
Bruce Momjian
c2e9b2f288 Add pg_upgrade to /contrib; will be in 9.0 beta2.
Add documentation.

Supports migration from PG 8.3 and 8.4.
2010-05-12 02:19:11 +00:00
Robert Haas
8b8009a20d Mention related ALTER TABLE variants in documentation for CLUSTER.
As suggested by Andy Lester.
2010-05-11 16:07:42 +00:00
Tom Lane
4768fd3fd8 Fix typo: PGTYPES_NUM_OVERFLOW should be PGTYPES_NUM_UNDERFLOW.
Noted by KOIZUMI Satoru.
2010-05-09 16:30:31 +00:00
Heikki Linnakangas
1ba23f767b Fix incorrect parameter tag in docs, spotted by KOIZUMI Satoru. 2010-05-05 15:10:25 +00:00
Alvaro Herrera
d64e81c07e Remove spurious dot, per bug #5446 reported by koizumistr@minos.ocn.ne.jp 2010-05-03 15:35:30 +00:00
Heikki Linnakangas
c0de88c415 Change wording so that you don't need to understand that wal_levels
form a hierarchy. Per Simon's suggestion.
2010-05-03 10:31:29 +00:00
Heikki Linnakangas
1b6c7b1c0b Change "literal" tag to the more appropriate "firstterm", when describing
what "eventually consistent" means.
2010-05-03 09:15:17 +00:00
Heikki Linnakangas
f35951619c Add cross-reference from wal_level to hot_standby setting. Update
the PITR documentation to mention that you need to set wal_level to
'archive' or 'hot_standby', to enable WAL archiving. Per Simon's request.
2010-05-03 09:14:17 +00:00
Simon Riggs
abeb17cdae Docs for standbycheck regression tests. 2010-05-02 12:22:40 +00:00
Simon Riggs
98bbab47bc Mention that max_standby_delay has units of milliseconds. Units are mentioned
for all other parameters where the default is expressed in a different unit.
2010-05-02 11:32:53 +00:00
Tom Lane
f9ed327f76 Clean up some awkward, inaccurate, and inefficient processing around
MaxStandbyDelay.  Use the GUC units mechanism for the value, and choose more
appropriate timestamp functions for performing tests with it.  Make the
ps_activity manipulation in ResolveRecoveryConflictWithVirtualXIDs have
behavior similar to ps_activity code elsewhere, notably not updating the
display when update_process_title is off and not truncating the display
contents at an arbitrarily-chosen length.  Improve the docs to be explicit
about what MaxStandbyDelay actually measures, viz the difference between
primary and standby servers' clocks, and the possible hazards if their clocks
aren't in sync.
2010-05-02 02:10:33 +00:00
Tom Lane
170456c9d8 Install hack workaround for failure of 'make all' in VPATH builds.
It appears that gmake gets confused if postgres.sgml is not present in
the working directory, and instantiates some default rule or other that
would let postgres.sgml be built from postgres.xml.  I haven't been able
to track down exactly where that's coming from, but the problem can be
dodged by specifying srcdir explicitly in the rule for postgres.xml.
Per report from Vladimir Kokovic.
2010-05-01 21:31:17 +00:00
Tom Lane
f856fad80b Adjust postgres.xml rule so that make will notice a failure exit from osx.
The previous coding had it in a pipe, which on most shells won't report
the error.  Per experimentation with a bug report from Vladimir Kokovic.
This doesn't actually fix his problem, but it does explain why make
didn't report that there was a problem.
2010-05-01 18:15:07 +00:00
Tom Lane
05f030837c Update our information about OS X shared memory configuration: it's now
possible to set most of the SHM kernel parameters without a reboot.
Also, reorder the paragraph to explain the modern configuration method first.
There are probably not too many people who still care about how to do it on
OS X 10.3 or older.
2010-04-30 22:24:50 +00:00
Tom Lane
854b5eb510 Improve COPY documentation to clarify that it doesn't copy data to or from
child tables.  Per gripe from Jaime Casanova.
2010-04-30 19:49:06 +00:00
Marc G. Fournier
f9d9b2b34a tag for 9.0beta1 2010-04-30 03:16:58 +00:00
Bruce Momjian
616a3b2df4 Documentation fix: CREATE TRIGGER 'WHERE' -> 'WHEN'
Selena Deckelmann
2010-04-29 22:03:41 +00:00
Tom Lane
69f7a4d8e3 Adjust error checks in pg_start_backup and pg_stop_backup to make it possible
to perform a backup without archive_mode being enabled.  This gives up some
user-error protection in order to improve usefulness for streaming-replication
scenarios.  Per discussion.
2010-04-29 21:49:03 +00:00
Tom Lane
f0488bd57c Rename the parameter recovery_connections to hot_standby, to reduce possible
confusion with streaming-replication settings.  Also, change its default
value to "off", because of concern about executing new and poorly-tested
code during ordinary non-replicating operation.  Per discussion.

In passing do some minor editing of related documentation.
2010-04-29 21:36:19 +00:00
Bruce Momjian
72e316e4c8 Doc fix -- last major item should not be a bullet. 2010-04-29 21:02:50 +00:00
Bruce Momjian
fbb68396bb Move alpha release notes into a separate file; re-align sgml tags. 2010-04-29 20:54:28 +00:00
Bruce Momjian
ca2c61caac Update 9.0 release notes to current; add major items and introductory
text.
2010-04-29 20:43:22 +00:00
Tom Lane
a5ec86a7c7 Install a workaround for 'TeX capacity exceeded' problem
when building PDF output for recent versions of the documentation.
There is probably a better answer out there somewhere, but
we need something now so we can build beta releases.
2010-04-29 16:32:41 +00:00
Tom Lane
fa171dd8e5 Fix typo, per Thom Brown. 2010-04-28 21:23:29 +00:00
Tom Lane
77acab75df Modify ShmemInitStruct and ShmemInitHash to throw errors internally,
rather than returning NULL for some-but-not-all failures as they used to.
Remove now-redundant tests for NULL from call sites.

We had to do something about this because many call sites were failing to
check for NULL; and changing it like this seems a lot more useful and
mistake-proof than adding checks to the call sites without them.
2010-04-28 16:54:16 +00:00
Alvaro Herrera
5f70a04c56 Make pg_stats example query result a bit less wide, and add comment about
pg_stats.inherited
2010-04-28 16:48:21 +00:00
Heikki Linnakangas
9b8a73326e Introduce wal_level GUC to explicitly control if information needed for
archival or hot standby should be WAL-logged, instead of deducing that from
other options like archive_mode. This replaces recovery_connections GUC in
the primary, where it now has no effect, but it's still used in the standby
to enable/disable hot standby.

Remove the WAL-logging of "unlogged operations", like creating an index
without WAL-logging and fsyncing it at the end. Instead, we keep a copy of
the wal_mode setting and the settings that affect how much shared memory a
hot standby server needs to track master transactions (max_connections,
max_prepared_xacts, max_locks_per_xact) in pg_control. Whenever the settings
change, at server restart, write a WAL record noting the new settings and
update pg_control. This allows us to notice the change in those settings in
the standby at the right moment, they used to be included in checkpoint
records, but that meant that a changed value was not reflected in the
standby until the first checkpoint after the change.

Bump PG_CONTROL_VERSION and XLOG_PAGE_MAGIC. Whack XLOG_PAGE_MAGIC back to
the sequence it used to follow, before hot standby and subsequent patches
changed it to 0x9003.
2010-04-28 16:10:43 +00:00
Heikki Linnakangas
8f9fe24b10 Add recovery.conf parameters to the documentation index, per suggestion
by Fujii Masao.
2010-04-28 07:34:11 +00:00
Alvaro Herrera
871e73bb27 Reformat code examples in plpgsql docs for better readability in PDF output
Erik Rijkers
2010-04-27 14:32:40 +00:00
Tom Lane
3456cf1831 Update documentation to match pg_stat_activity changes. 2010-04-26 19:56:55 +00:00
Bruce Momjian
132c40424a Document that pgpool can be used with master/slave servers to avoid
problems with non-deterministic functions.
2010-04-26 19:09:25 +00:00
Robert Haas
ab93cd9b05 When we're restricting who can connect, don't allow new walsenders.
Normal superuser processes are allowed to connect even when the database
system is shutting down, or when fewer than superuser_reserved_connection
slots remain.  This is intended to make sure an administrator can log in
and troubleshoot, so don't extend these same courtesies to users connecting
for replication.
2010-04-26 10:52:00 +00:00
Robert Haas
33980a0640 Fix various instances of "the the".
Two of these were pointed out by Erik Rijkers; the rest I found.
2010-04-23 23:21:44 +00:00
Tom Lane
a6dcd19a2a Enforce superuser permissions checks during ALTER ROLE/DATABASE SET, rather
than during define_custom_variable().  This entails rejecting an ALTER
command if the target variable doesn't have a known (non-placeholder)
definition, unless the calling user is superuser.  When the variable *is*
known, we can correctly apply the rule that only superusers can issue ALTER
for SUSET parameters.  This allows define_custom_variable to apply ALTER's
values for SUSET parameters at module load time, secure in the knowledge
that only a superuser could have set the ALTER value.  This change fixes a
longstanding gotcha in the usage of SUSET-level custom parameters; which
is a good thing to fix now that plpgsql defines such a parameter.
2010-04-21 20:54:19 +00:00
Tom Lane
a2c3931a24 Fix pg_hba.conf matching so that replication connections only match records
with database = replication.  The previous coding would allow them to match
ordinary records too, but that seems like a recipe for security breaches.
Improve the messages associated with no-such-pg_hba.conf entry to report
replication connections as such, since that's now a critical aspect of
whether the connection matches.  Make some cursory improvements in the related
documentation, too.
2010-04-21 03:32:53 +00:00
Robert Haas
481cb5d9b5 Rename standby_keep_segments to wal_keep_segments.
Also, make the name of the GUC and the name of the backing variable match.
Alnong the way, clean up a couple of slight typographical errors in the
related docs.
2010-04-20 11:15:06 +00:00
Robert Haas
ee7769bb76 Update docs as to when WAL logging can be skipped.
In 8.4 and prior, WAL-logging could potentially be skipped whenever
archive_mode=off.  With streaming replication, this is now true only
if max_wal_senders=0.

Fujii Masao, with light copyediting by me
2010-04-20 00:26:06 +00:00
Robert Haas
5b89ef384c Add an 'enable_material' GUC.
The logic for determining whether to materialize has been significantly
overhauled for 9.0.  In case there should be any doubt about whether
materialization is a win in any particular case, this should provide a
convenient way of seeing what happens without it; but even with enable_material
turned off, we still materialize in cases where it is required for
correctness.

Thanks to Tom Lane for the review.
2010-04-19 00:55:26 +00:00
Robert Haas
7b130fbc50 Provide better guidance for adjusting shared_buffers. 2010-04-16 21:46:07 +00:00
Bruce Momjian
b4fd1e246e Document that autovacuum cannot vacuum or analyze temporary tables. 2010-04-16 02:22:33 +00:00
Peter Eisentraut
b6c586a36c Improve punctuation 2010-04-15 20:56:13 +00:00
Peter Eisentraut
edde4169b5 IP port -> TCP port
backpatched to 8.1, where this first appeared
2010-04-15 20:48:22 +00:00
Heikki Linnakangas
95eaea4c27 Fix typo, spotted by Erik Rijkers. 2010-04-15 16:25:13 +00:00
Bruce Momjian
0993d2943e Doc change: anyways -> anyway; Erik Rijkers 2010-04-14 02:36:04 +00:00
Bruce Momjian
ea9c103237 Add "SSD" acronym mention for solid state drive mention. 2010-04-13 14:15:25 +00:00
Magnus Hagander
4f57c28da0 Fix typo.
Fujii Masao
2010-04-13 08:19:12 +00:00
Bruce Momjian
325e9cb3a0 Remove example of archive_command from configure section; instead have
users look at the referenced section for examples, per idea from Greg
Smith.
2010-04-12 22:09:58 +00:00
Bruce Momjian
202c655810 Spell out full archive directory specification in 'test -f' continuous
archiving example, per suggestion from Greg Smith.
2010-04-12 19:08:28 +00:00
Heikki Linnakangas
e76b4e0ddb Adjust paragraph about monitoring streaming replication, now that we have
standby_keep_segments.
2010-04-12 10:01:04 +00:00
Heikki Linnakangas
e57cd7f0a1 Change the logic to decide when to delete old WAL segments, so that it
doesn't take into account how far the WAL senders are. This way a hung
WAL sender doesn't prevent old WAL segments from being recycled/removed
in the primary, ultimately causing the disk to fill up. Instead add
standby_keep_segments setting to control how many old WAL segments are
kept in the primary. This also makes it more reliable to use streaming
replication without WAL archiving, assuming that you set
standby_keep_segments high enough.
2010-04-12 09:52:29 +00:00
Robert Haas
1c850fa807 Make smart shutdown work in combination with Hot Standby/Streaming Replication.
At present, killing the startup process does not release any locks it holds,
so we must wait to stop the startup and walreceiver processes until all
read-only backends have exited.  Without this patch, the startup and
walreceiver processes never exit, so the server gets permanently stuck in
a half-shutdown state.

Fujii Masao, with review, docs, and comment adjustments by me.
2010-04-08 01:39:37 +00:00
Heikki Linnakangas
0f11ed5886 Allow quotes to be escaped in recovery.conf, by doubling them. This patch
also makes the parsing a little bit stricter, rejecting garbage after the
parameter value and values with missing ending quotes, for example.
2010-04-07 10:58:49 +00:00
Heikki Linnakangas
370f770c15 Forbid using pg_xlogfile_name() and pg_xlogfile_name_offset() during
recovery. We might want to relax this in the future, but ThisTimeLineID
isn't currently correct in backends during recovery, so the filename
returned was wrong.
2010-04-07 06:12:52 +00:00
Bruce Momjian
08c1d4e560 Reword exclusion constriants to mention that the operator can return
false or null, per Tom.
2010-04-06 02:18:04 +00:00
Tom Lane
87d5c22925 Clean up description of 9.0's incompatible changes in SIMILAR TO and
SQL-style substring().
2010-04-05 02:46:42 +00:00
Tom Lane
60bd2b1941 Arrange to remove pg_default_acl entries completely if their ACL setting
is changed to match the hard-wired default.  This avoids accumulating useless
catalog entries, and also provides a path for dropping the owning role without
using DROP OWNED BY.  Per yesterday's complaint from Jaime Casanova, the
need to use DROP OWNED BY for that is less than obvious, so providing this
alternative method might save some user frustration.
2010-04-05 01:58:03 +00:00
Tom Lane
87ecae72ba Minor wording improvement. 2010-04-03 21:46:59 +00:00
Peter Eisentraut
a8af3d1a57 Clarify documentation of to_char EEEE pattern 2010-04-03 07:53:02 +00:00
Peter Eisentraut
6dcce3985b Remove unnecessary xref endterm attributes and title ids
The endterm attribute is mainly useful when the toolchain does not support
automatic link target text generation for a particular situation.  In  the
past, this was required by the man page tools for all reference page links,
but that is no longer the case, and it now actually gets in the way of
proper automatic link text generation.  The only remaining use cases are
currently xrefs to refsects.
2010-04-03 07:23:02 +00:00
Peter Eisentraut
7969145483 Allow for more room in the man page title, so that
"CREATE TEXT SEARCH CONFIGURATION" is not truncated.
2010-04-03 07:16:05 +00:00
Simon Riggs
3e754a89ea Clarify some behaviours of REASSIGN OWNED and DROP OWNED BY. 2010-04-02 17:29:22 +00:00
Peter Eisentraut
a5c317cf78 Fix the build and install rules for man pages with SQL section != 7
The previous coding failed in various scenarios possibly including vpath
builds and doing make install without preceding make all.
2010-04-02 14:02:49 +00:00
Bruce Momjian
399ea9e7a5 Change test -e to test -f in docs, for portability. 2010-04-01 13:52:56 +00:00
Bruce Momjian
0189c42f31 Add contraint exclusion section to contraint docs.
Takahiro Itagaki
2010-04-01 01:18:17 +00:00
Bruce Momjian
38672aaaa1 Add full names for release note item authors. 2010-04-01 00:32:53 +00:00
Bruce Momjian
570e01becc Use test -e rather than test -f. 2010-04-01 00:31:00 +00:00
Bruce Momjian
8ae5160bf3 Improve 9.0 release notes by removing extra parentheses and linking to a
more appropriate place for exclusion constraints.
2010-04-01 00:18:21 +00:00
Bruce Momjian
d93e4d819c Revert change that prevented ellipses from looking like ../. 2010-03-31 23:51:41 +00:00
Bruce Momjian
c2af244021 Clarify ellipses use in archive_command example, per Josh Kupershmidt. 2010-03-31 23:39:15 +00:00
Bruce Momjian
cba3498596 Document why 'cp -i </dev/null' is suggested for archive command. 2010-03-31 23:35:19 +00:00
Heikki Linnakangas
f185fc3c5e Fix typos, spotted by Thom Brown. 2010-03-31 20:41:50 +00:00
Heikki Linnakangas
ec9ee9381f Enhance standby documentation.
Original patch by Fujii Masao, with heavy editing and bitrot-fixing
after my other commit.
2010-03-31 20:35:09 +00:00
Heikki Linnakangas
259f60e9b6 Mention in the docs that if special keywords like "sameuser" and
"replication" are quoted in pg_hba.conf, they lose their special meaning.
2010-03-31 20:18:10 +00:00
Heikki Linnakangas
991bfe11d2 Enhance documentation of the build-in standby mode, explaining the retry
loop in standby mode, trying to restore from archive, pg_xlog and
streaming.

Move sections around to make the high availability chapter more
coherent: the most prominent part is now a "Log-Shipping Standby Servers"
section that describes what a standby server is (like the old
"Warm Standby Servers for High Availability" section), and how to
set up a warm standby server, including streaming replication, using the
built-in standby mode. The pg_standby method is desribed in another
section called "Alternative method for log shipping", with the added
caveat that it doesn't work with streaming replication.
2010-03-31 19:13:01 +00:00
Peter Eisentraut
29ccc32c30 Separate targets "make docs" and "make install-docs" for the documentation
It is no longer installed by default, but included in "make world"/"make
install-world".  Documentation updated accordingly.

Also, fix vpathsearch function to work when calling make install-docs
without previous make docs.
2010-03-30 00:10:46 +00:00
Peter Eisentraut
3f76f9613d Add note that XML Schema validation is not supported
requested by Andrew Lardinois
2010-03-29 22:01:08 +00:00
Peter Eisentraut
1e24678349 Add some information about what it means for PL/Python to be untrusted.
Similar information already appears in the PL/Perl and PL/Tcl chapters.
2010-03-29 21:35:59 +00:00
Peter Eisentraut
51d2c9b0bb Add some documentation about PL/Python limitations
suggested by Steve White (bug #5272)
2010-03-29 21:20:58 +00:00
Alvaro Herrera
be8cebc717 Prevent ALTER USER f RESET ALL from removing the settings that were put there
by a superuser -- "ALTER USER f RESET setting" already disallows removing such a
setting.

Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database
owner that's not superuser.
2010-03-25 14:44:34 +00:00
Bruce Momjian
5f9d2316d5 Typo fix from IRC breinbaas 2010-03-23 22:37:14 +00:00
Itagaki Takahiro
7e2411429c Remove CRs for each line in pgbench.sgml. 2010-03-23 04:09:17 +00:00
Bruce Momjian
a9ae3c0a56 Add back other xlog() function author names. 2010-03-23 02:28:48 +00:00
Itagaki Takahiro
a887c486d5 Each worker thread will have its own log file in pgbench to avoid interleaved
writes. The first worker still uses "pgbench_log.<pid>" for the name, but
additional workers use "pgbench_log.<pid>.<serial-number>" instead.

Reported by Greg Smith.
2010-03-23 01:29:22 +00:00
Bruce Momjian
1d34814ac2 Properly credit Simon for functions pg_last_xlog_replay_location, etc. 2010-03-22 22:56:52 +00:00
Bruce Momjian
260d843d70 Re-order createuser and vacuumedb documentation options, for
consistency.

Gabrielle (Roth)
2010-03-22 14:56:09 +00:00