> o Add ALTER TABLE tab ADD/DROP INHERITS parent
>
> pg_attribute.attislocal has to be set to 'false' for ADD, and
> pg_attribute.attinhcount adjusted appropriately
>
> * Referential Integrity
>
> o Add MATCH PARTIAL referential integrity
> o Change foreign key constraint for array -> element to mean element
> in array?
> o Enforce referential integrity for system tables
>
>
< Referential Integrity
< =====================
<
< * Add MATCH PARTIAL referential integrity
> Triggers
> ========
< * Change foreign key constraint for array -> element to mean element
< in array?
801d804
< * Enforce referential integrity for system tables
and standard_conforming_strings. The encoding changes are needed for proper
escaping in multibyte encodings, as per the SQL-injection vulnerabilities
noted in CVE-2006-2313 and CVE-2006-2314. Concurrent fixes are being applied
to the server to ensure that it rejects queries that may have been corrupted
by attempted SQL injection, but this merely guarantees that unpatched clients
will fail rather than allow injection. An actual fix requires changing the
client-side code. While at it we have also fixed these routines to understand
about standard_conforming_strings, so that the upcoming changeover to SQL-spec
string syntax can be somewhat transparent to client code.
Since the existing API of PQescapeString and PQescapeBytea provides no way to
inform them which settings are in use, these functions are now deprecated in
favor of new functions PQescapeStringConn and PQescapeByteaConn. The new
functions take the PGconn to which the string will be sent as an additional
parameter, and look inside the connection structure to determine what to do.
So as to provide some functionality for clients using the old functions,
libpq stores the latest encoding and standard_conforming_strings values
received from the backend in static variables, and the old functions consult
these variables. This will work reliably in clients using only one Postgres
connection at a time, or even multiple connections if they all use the same
encoding and string syntax settings; which should cover many practical
scenarios.
Clients that use homebrew escaping methods, such as PHP's addslashes()
function or even hardwired regexp substitution, will require extra effort
to fix :-(. It is strongly recommended that such code be replaced by use of
PQescapeStringConn/PQescapeByteaConn if at all feasible.
parser will allow "\'" to be used to represent a literal quote mark. The
"\'" representation has been deprecated for some time in favor of the
SQL-standard representation "''" (two single quote marks), but it has been
used often enough that just disallowing it immediately won't do. Hence
backslash_quote allows the settings "on", "off", and "safe_encoding",
the last meaning to allow "\'" only if client_encoding is a valid server
encoding. That is now the default, and the reason is that in encodings
such as SJIS that allow 0x5c (ASCII backslash) to be the last byte of a
multibyte character, accepting "\'" allows SQL-injection attacks as per
CVE-2006-2314 (further details will be published after release). The
"on" setting is available for backward compatibility, but it must not be
used with clients that are exposed to untrusted input.
Thanks to Akio Ishida and Yasuo Ohgaki for identifying this security issue.
issued by autovacuum. Add accessor functions to them, and use those in the
pg_stat_*_tables system views.
Catalog version bumped due to changes in the pgstat views and the pgstat file.
Patch from Larry Rosenman, minor improvements by me.
throw warnings for 100%-SQL-standard constructs, clean up some minor
infelicities, try to un-break ecpg to the best of my ability. (It's not clear
how ecpg is going to find out the setting of standard_conforming_strings,
though.) I think pg_dump still needs work, too.
(relpages/reltuples). To do this, create formal support in heapam.c for
"overwrite" tuple updates (including xlog replay capability) and use that
instead of the ad-hoc overwrites we'd been using in VACUUM and CREATE INDEX.
Take the responsibility for updating stats during CREATE INDEX out of the
individual index AMs, and do it where it belongs, in catalog/index.c. Aside
from being more modular, this avoids having to update the same tuple twice in
some paths through CREATE INDEX. It's probably not measurably faster, but
for sure it's a lot cleaner than before.
< * %Disallow changing default expression of a SERIAL column?
> * %Disallow changing DEFAULT expression of a SERIAL column?
472a473,476
> * Add DEFAULT .. AS OWNER so permission checks are done as the table
> owner
>
> This would be useful for SERIAL nextval() calls and CHECK constraints.
The former approach used ExclusiveLock on pg_database, which being a
cluster-wide lock meant only one of these operations could proceed at
a time; worse, it also blocked all incoming connections in ReverifyMyDatabase.
Now that we have LockSharedObject(), we can use locks of different types
applied to databases considered as objects. This allows much more
flexible management of the interlocking: two CREATE DATABASEs need not
block each other, and need not block connections except to the template
database being used. Similarly DROP DATABASE doesn't block unrelated
operations. The locking used in flatfiles.c is also much narrower in
scope than before. Per recent proposal.
This formulation requires every AM to provide amvacuumcleanup, unlike before,
but it's surely a whole lot cleaner. Also, add an 'amstorage' column to
pg_am so that we can get rid of hardwired knowledge in DefineOpClass().
support both FOR UPDATE and FOR SHARE in one command, as well as both
NOWAIT and normal WAIT behavior. The more general code is actually
simpler and cleaner.
use RESET CONNECTION:
< * Add RESET SESSION command to reset all session state
> * Add RESET CONNECTION command to reset all session state
447c447
< notify the protocol when a RESET SESSION command is used.
> notify the protocol when a RESET CONNECTION command is used.
< * Add RESET CONNECTION command to reset all session state
> * Add RESET SESSION command to reset all session state
447c447
< notify the protocol when a RESET CONNECTION command is used.
> notify the protocol when a RESET SESSION command is used.
< o %Prevent child tables from altering or dropping constraints
< like CHECK that were inherited from the parent table
< like CHECK that are inherited by child tables
<
< Dropping constraints should only be possible with CASCADE.
<
> like CHECK that are inherited by child tables unless CASCADE
> is used
> o %Prevent child tables from altering or dropping constraints
> like CHECK that were inherited from the parent table
transaction_timestamp() (just like now()).
Also update statement_timeout() to mention it is statement arrival time
that is measured.
Catalog version updated.
o Support ISO INTERVAL syntax if units cannot be determined from
the string, and are supplied after the string
The SQL standard states that the units after the string specify
the units of the string, e.g. INTERVAL '2' MINUTE should
return '00:02:00'. The current behavior has the units
restrict the interval value to the specified unit or unit range,
INTERVAL '70' SECOND returns '00:00:10'.
For syntax that isn't uniquely ISO or PG syntax, like '1' or
'1:30', treat as ISO if there is a range specification clause,
and as PG if there no clause is present, e.g. interpret
'1:30' MINUTE TO SECOND as '1 minute 30 seconds', and
interpret '1:30' as '1 hour, 30 minutes'.
This makes common cases like SELECT INTERVAL '1' MONTH
SQL-standard results. The SQL standard supports a limited
number of unit combinations and doesn't support unit names
in the string. The PostgreSQL syntax is more flexible in
the range of units supported, e.g. PostgreSQL supports
'1 year 1 hour', while the SQL standard does not.
< * -Eventually enable escape_string_warning and standard_conforming_strings
> * -Enable escape_string_warning and standard_conforming_strings
> * Make standard_conforming_strings the default in 8.3?
>
> When this is done, backslash-quote should be prohibited in non-E''
> strings because of possible confusion over how such strings treat
> backslashes. Basically, '' is always safe for a literal single
> quote, while \' might or might not be based on the backslash
> handling rules.
>
compatibility for release 7.2 and earlier. I have not altered any
mentions of release 7.3 or later. The release notes were not modified,
so the changes are still documented, just not in the main docs.
permission item:
< o %Allow pg_hba.conf settings to be controlled via SQL
> o %Allow per-database permissions to be set via GRANT
< This would add a function to load the SQL table from
< pg_hba.conf, and one to writes its contents to the flat file.
< The table should have a line number that is a float so rows
< can be inserted between existing rows, e.g. row 2.5 goes
< between row 2 and row 3.
> Allow database connection checks based on GRANT rules in
> addition to the existing access checks in pg_hba.conf.
>
> o Add new version of PQescapeString() that doesn't double backslashes
> that are part of a client-only multibyte sequence
>
> Single-quote is not a valid byte in any supported client-only
> encoding.
>
> o Add new version of PQescapeString() that doesn't double
> backslashes when standard_conforming_strings is true and
> non-E strings are used
8.0), and add as suggestion to use log_min_error_statement for this
purpose. I also fixed the code so the first EXECUTE has it's prepare,
rather than the last which is what was in the current code. Also remove
"protocol" prefix for SQL EXECUTE output because it is not accurate.
Backpatch to 8.1.X.
CREATE AGGREGATE aggname (input_type) (parameter_list)
along with the old syntax where the input type was named in the parameter
list. This fits more naturally with the way that the aggregate is identified
in DROP AGGREGATE and other utility commands; furthermore it has a natural
extension to handle multiple-input aggregates, where the basetype-parameter
method would get ugly. In fact, this commit fixes the grammar and all the
utility commands to support multiple-input aggregates; but DefineAggregate
rejects it because the executor isn't fixed yet.
I didn't do anything about treating agg(*) as a zero-input aggregate instead
of artificially making it a one-input aggregate, but that should be considered
in combination with supporting multi-input aggregates.
At any rate, here's a revision to CVS HEAD to reflect some changes by
myself and by Seneca Cunningham for the AIX FAQ. It touches on the
following issues:
1. memcpy pointer patch for dynahash.c
2. AIX memory management, which can, for 32 bit cases, bite people
quite unexpectedly...
Chris Browne
< multiple I/O channels simultaneously.
> multiple I/O channels simultaneously. One idea is to create a
> background reader that can pre-fetch sequential and index scan
> pages needed by other backends. This could be expanded to allow
> concurrent reads from multiple devices in a partitioned table.
<P>The maximum table size, row size, and maximum number of columns
can be quadrupled by increasing the default block size to 32k. The
maximum table size can also be increased using table partitioning.</P>
> * Allow log_min_messages to be specified on a per-module basis
>
> This would allow administrators to see more detailed information from
> specific sections of the backend, e.g. checkpoints, autovacuum, etc.
< * Experiment with multi-threaded backend [thread]
> * Experiment with multi-threaded backend for backend creation [thread]
1003a1004,1008
>
> * Experiment with multi-threaded backend better resource utilization
>
> This would allow a single query to make use of multiple CPU's or
> multiple I/O channels simultaneously.
> * Allow the creation of indexes with mixed ascending/descending
> specifiers
>
> This is possible now by creating an operator class with reversed sort
> operators. One complexity is that NULLs would then appear at the start
> of the result set, and this might affect certain sort types, like
> merge join.
>
generated text files. Fix build of that file, too.
Put the text files in the right place during make dist, so there are no
extra manual steps required anymore.
that apply the necessary domain constraint checks immediately. This fixes
cases where domain constraints went unchecked for statement parameters,
PL function local variables and results, etc. We can also eliminate existing
special cases for domains in places that had gotten it right, eg COPY.
Also, allow domains over domains (base of a domain is another domain type).
This almost worked before, but was disallowed because the original patch
hadn't gotten it quite right.
functions are not strict, they will be called (passing a NULL first parameter)
during any attempt to input a NULL value of their datatype. Currently, all
our input functions are strict and so this commit does not change any
behavior. However, this will make it possible to build domain input functions
that centralize checking of domain constraints, thereby closing numerous holes
in our domain support, as per previous discussion.
While at it, I took the opportunity to introduce convenience functions
InputFunctionCall, OutputFunctionCall, etc to use in code that calls I/O
functions. This eliminates a lot of grotty-looking casts, but the main
motivation is to make it easier to grep for these places if we ever need
to touch them again.
used within WAL files. Historically this was the same as the data file
BLCKSZ, but there's no necessary connection, and it's possible that
performance gains might ensue from reducing XLOG_BLCKSZ. In any case
distinguishing two symbols should improve code clarity. This commit
does not actually change the page size, only provide the infrastructure
to make it possible to do so. initdb forced because of addition of a
field to pg_control.
Mark Wong, with some help from Simon Riggs and Tom Lane.
to fix regressions introduced in the recent patch adding additional
\connect options. This is based on work by Volkan YAZICI, although
this version of the patch doesn't bear much resemblance to Volkan's
version.
\connect takes 4 optional arguments: database name, user name, host
name, and port number. If any of those parameters are omitted or
specified as "-", the value of that parameter from the previous
connection is used instead; if there is no previous connection,
the libpq default is used. Note that this behavior makes it
impossible to reuse the libpq defaults without quitting psql and
restarting it; I don't really see the use case for needing to do
that.
var_samp(), stddev_pop(), and stddev_samp(). var_samp() and stddev_samp()
are just renamings of the historical Postgres aggregates variance() and
stddev() -- the latter names have been kept for backward compatibility.
This patch includes updates for the documentation and regression tests.
The catversion has been bumped.
NB: SQL2003 requires that DISTINCT not be specified for any of these
aggregates. Per discussion on -patches, I have NOT implemented this
restriction: if the user asks for stddev(DISTINCT x), presumably they
know what they are doing.
- new function justify_interval(interval)
- modified function justify_hours(interval)
- modified function justify_days(interval)
These functions are defined to meet the requirements as discussed in
this thread. Specifically:
- justify_hours makes certain the sign bit on the hours
matches the sign bit on the days. It only checks the
sign bit on the days, and not the months, when
determining if the hours should be positive or negative.
After the call, -24 < hours < 24.
- justify_days makes certain the sign bit on the days
matches the sign bit on the months. It's behavior does
not depend on the hours, nor does it modify the hours.
After the call, -30 < days < 30.
- justify_interval makes sure the sign bits on all three
fields months, days, and hours are all the same. After
the call, -24 < hours < 24 AND -30 < days < 30.
Mark Dilger
> o Prevent parent tables from altering or dropping constraints
> like CHECK that are inherited by child tables
>
> Dropping constraints should only be possible with CASCADE.
>
< * %Disallow changing sequence characteristics like INCREMENT for SERIAL columns
> * %Disallow ALTER SEQUENCE changes for SERIAL sequences because pg_dump
> does not dump the changes
returning "ASCII code of the first character of the argument"
(see
http://www.postgresql.org/docs/8.1/interactive/functions-string.html,
Table 9-6. "Other String Functions").
Presumably this should read "ASCII code of the first byte of the
argument",
which is what is returned when the argument is a multi-byte character
(although then with UTF-8 at least that might not necessarily be an
ASCII
code).
Ian Barwick
> just that certain commands do. TRUNCATE isn't shown.
Patch against HEAD to add TRUNCATE to the list of commands that aquire
ACCESS EXCLUSIVE.
Jim C. Nasby, Sr.
descriptions after the code are correct). Only shmmax needs to be
multiples of the page size (at least, that's how I interpret the
Darwin code).
Chris Campbell
