Update configure for ab969a376
Commit ab969a376 updated configure.ac but neglected to update the actual
configure script. Fix that.
Pointed out by Tom Lane
Branch
--
master
Details
---
https://git.postgresql.org/pg/commitdiff/ca07a6e7bd2cb1d6ea38a036be8d60e196935428
Modified Files
Update Kerberos/GSSAPI configure/meson check
Instead of checking for the much older gss_init_sec_context, check for
gss_store_cred_into which was added in MIT Kerberos 1.11 (circa 2012).
Discussion: https://postgr.es/m/2313469.1681695223%40sss.pgh.pa.us
Branch
--
master
Details
---
De-Revert "Add support for Kerberos credential delegation"
This reverts commit 3d03b24c3 (Revert Add support for Kerberos
credential delegation) which was committed on the grounds of concern
about portability, but on further review and discussion, it's clear that
we are better off explicitly
Explicitly require MIT Kerberos for GSSAPI
WHen building with GSSAPI support, explicitly require MIT Kerberos and
check for gssapi_ext.h in configure.ac and meson.build. Also add
documentation explicitly stating that we now require MIT Kerberos when
building with GSSAPI support.
Reveiwed by:
Revert "Add support for Kerberos credential delegation"
This reverts commit 3d4fa227bce4294ce1cc214b4a9d3b7caa3f0454.
Per discussion and buildfarm, this depends on APIs that seem to not
be available on at least one platform (NetBSD). Should be certainly
possible to rework to be optional on that
password-less connections but only when GSSAPI credentials have been
delegated to the server by the client and GSSAPI is used to
authenticate to the remote system.
Authors: Stephen Frost, Peifeng Qiu
Reviewed-By: David Christensen
Discussion:
https://postgr.es/m/co1pr05mb8023cc2cb575e0faad7df4f8a8
For Kerberos testing, disable DNS lookups
Similar to 8dff2f224, this disables DNS lookups by the Kerberos library
to look up the KDC and the realm while the Kerberos tests are running.
In some environments, these lookups can take a long time and end up
timing out and causing tests to fail.
For Kerberos testing, disable reverse DNS lookup
In our Kerberos test suite, there isn't much need to worry about the
normal canonicalization that Kerberos provides by looking up the reverse
DNS for the IP address connected to, and in some cases it can actively
cause problems (eg: a captive
For Kerberos testing, disable reverse DNS lookup
In our Kerberos test suite, there isn't much need to worry about the
normal canonicalization that Kerberos provides by looking up the reverse
DNS for the IP address connected to, and in some cases it can actively
cause problems (eg: a captive
For Kerberos testing, disable DNS lookups
Similar to 8dff2f224, this disables DNS lookups by the Kerberos library
to look up the KDC and the realm while the Kerberos tests are running.
In some environments, these lookups can take a long time and end up
timing out and causing tests to fail.
For Kerberos testing, disable DNS lookups
Similar to 8dff2f224, this disables DNS lookups by the Kerberos library
to look up the KDC and the realm while the Kerberos tests are running.
In some environments, these lookups can take a long time and end up
timing out and causing tests to fail.
For Kerberos testing, disable DNS lookups
Similar to 8dff2f224, this disables DNS lookups by the Kerberos library
to look up the KDC and the realm while the Kerberos tests are running.
In some environments, these lookups can take a long time and end up
timing out and causing tests to fail.
For Kerberos testing, disable DNS lookups
Similar to 8dff2f224, this disables DNS lookups by the Kerberos library
to look up the KDC and the realm while the Kerberos tests are running.
In some environments, these lookups can take a long time and end up
timing out and causing tests to fail.
For Kerberos testing, disable DNS lookups
Similar to 8dff2f224, this disables DNS lookups by the Kerberos library
to look up the KDC and the realm while the Kerberos tests are running.
In some environments, these lookups can take a long time and end up
timing out and causing tests to fail.
For Kerberos testing, disable reverse DNS lookup
In our Kerberos test suite, there isn't much need to worry about the
normal canonicalization that Kerberos provides by looking up the reverse
DNS for the IP address connected to, and in some cases it can actively
cause problems (eg: a captive
For Kerberos testing, disable reverse DNS lookup
In our Kerberos test suite, there isn't much need to worry about the
normal canonicalization that Kerberos provides by looking up the reverse
DNS for the IP address connected to, and in some cases it can actively
cause problems (eg: a captive
For Kerberos testing, disable reverse DNS lookup
In our Kerberos test suite, there isn't much need to worry about the
normal canonicalization that Kerberos provides by looking up the reverse
DNS for the IP address connected to, and in some cases it can actively
cause problems (eg: a captive
For Kerberos testing, disable reverse DNS lookup
In our Kerberos test suite, there isn't much need to worry about the
normal canonicalization that Kerberos provides by looking up the reverse
DNS for the IP address connected to, and in some cases it can actively
cause problems (eg: a captive
Forgotten catversion bump for 39969e2a1e4d7f5a37f3ef37d53bbfe171e7d77a
Branch
--
master
Details
---
https://git.postgresql.org/pg/commitdiff/e99546f56670491370d7dc63b0693c3aadaa3112
Modified Files
--
src/include/catalog/catversion.h | 2 +-
1 file changed, 1 insertion(+), 1
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> Remove exclusive backup mode
... and that should have included a catversion bump, sorry about that,
though it had just been bumped a couple commits before too.
Thanks,
Stephen
signature.asc
Description: PGP signature
Remove exclusive backup mode
Exclusive-mode backups have been deprecated since 9.6 (when
non-exclusive backups were introduced) due to the issues
they can cause should the system crash while one is running and
generally because non-exclusive provides a much better interface.
Further, exclusive
Use maintenance_io_concurrency for ANALYZE prefetch
When prefetching pages for ANALYZE, we should be using
maintenance_io_concurrenty (by calling
get_tablespace_maintenance_io_concurrency(), not
get_tablespace_io_concurrency()).
ANALYZE prefetching was introduced in c6fc50c, so back-patch to 14.
Use maintenance_io_concurrency for ANALYZE prefetch
When prefetching pages for ANALYZE, we should be using
maintenance_io_concurrenty (by calling
get_tablespace_maintenance_io_concurrency(), not
get_tablespace_io_concurrency()).
ANALYZE prefetching was introduced in c6fc50c, so back-patch to 14.
docs: Add command tags for SQL commands
Commit 6c3ffd6 added a couple new predefined roles but didn't properly
wrap the SQL commands mentioned in the description of those roles with
command tags, so add them now.
Backpatch-through: 14
Reported-by: Michael Banck
Discussion:
docs: Add command tags for SQL commands
Commit 6c3ffd6 added a couple new predefined roles but didn't properly
wrap the SQL commands mentioned in the description of those roles with
command tags, so add them now.
Backpatch-through: 14
Reported-by: Michael Banck
Discussion:
find the new
documentation.
Bruce Momjian and Stephen Frost
Discussion:
https://postgr.es/m/157742545062.1149.11052653770497832538%40wrigleys.postgresql.org
and
https://www.postgresql.org/message-id/20201120211304.gg16...@tamriel.snowman.net
Branch
--
master
Details
---
https
the old name, but not what we changed it
to. So a user who is trying to find out how to set standby_mode in
PostgreSQL 12+, or where pg_resetxlog went, now has more chance of
finding that information.
Craig Ringer and Stephen Frost
Reviewed-by: Euler Taveira
Discussion:
https://postgr.es/m
the old name, but not what we changed it
to. So a user who is trying to find out how to set standby_mode in
PostgreSQL 12+, or where pg_resetxlog went, now has more chance of
finding that information.
Craig Ringer and Stephen Frost
Reviewed-by: Euler Taveira
Discussion:
https://postgr.es/m
the old name, but not what we changed it
to. So a user who is trying to find out how to set standby_mode in
PostgreSQL 12+, or where pg_resetxlog went, now has more chance of
finding that information.
Craig Ringer and Stephen Frost
Reviewed-by: Euler Taveira
Discussion:
https://postgr.es/m
the old name, but not what we changed it
to. So a user who is trying to find out how to set standby_mode in
PostgreSQL 12+, or where pg_resetxlog went, now has more chance of
finding that information.
Craig Ringer and Stephen Frost
Reviewed-by: Euler Taveira
Discussion:
https://postgr.es/m
doc: Define TLS as an acronym
Commit c6763156589 added an acronym reference for "TLS" but the definition
was never added.
Author: Daniel Gustafsson
Reviewed-by: Michael Paquier
Backpatch-through: 9.6
Discussion: https://postgr.es/m/27109504-82db-41a8-8e63-c0498314f...@yesql.se
Branch
--
doc: Define TLS as an acronym
Commit c6763156589 added an acronym reference for "TLS" but the definition
was never added.
Author: Daniel Gustafsson
Reviewed-by: Michael Paquier
Backpatch-through: 9.6
Discussion: https://postgr.es/m/27109504-82db-41a8-8e63-c0498314f...@yesql.se
Branch
--
doc: Define TLS as an acronym
Commit c6763156589 added an acronym reference for "TLS" but the definition
was never added.
Author: Daniel Gustafsson
Reviewed-by: Michael Paquier
Backpatch-through: 9.6
Discussion: https://postgr.es/m/27109504-82db-41a8-8e63-c0498314f...@yesql.se
Branch
--
doc: Define TLS as an acronym
Commit c6763156589 added an acronym reference for "TLS" but the definition
was never added.
Author: Daniel Gustafsson
Reviewed-by: Michael Paquier
Backpatch-through: 9.6
Discussion: https://postgr.es/m/27109504-82db-41a8-8e63-c0498314f...@yesql.se
Branch
--
doc: Define TLS as an acronym
Commit c6763156589 added an acronym reference for "TLS" but the definition
was never added.
Author: Daniel Gustafsson
Reviewed-by: Michael Paquier
Backpatch-through: 9.6
Discussion: https://postgr.es/m/27109504-82db-41a8-8e63-c0498314f...@yesql.se
Branch
--
doc: Define TLS as an acronym
Commit c6763156589 added an acronym reference for "TLS" but the definition
was never added.
Author: Daniel Gustafsson
Reviewed-by: Michael Paquier
Backpatch-through: 9.6
Discussion: https://postgr.es/m/27109504-82db-41a8-8e63-c0498314f...@yesql.se
Branch
--
Change checkpoint_completion_target default to 0.9
Common recommendations are that the checkpoint should be spread out as
much as possible, provided we avoid having it take too long. This
change updates the default to 0.9 (from 0.5) to match that
recommendation.
There was some debate about
Use pre-fetching for ANALYZE
When we have posix_fadvise() available, we can improve the performance
of an ANALYZE by quite a bit by using it to inform the kernel of the
blocks that we're going to be asking for. Similar to bitmap index
scans, the number of buffers pre-fetched is based off of the
.
Stephen Frost and Jakub Wartak
Reviewed-By: Heikki Linnakangas, Tomas Vondra
Discussion:
https://www.postgresql.org/message-id/VI1PR0701MB69603A433348EDCF783C6ECBF6EF0%40VI1PR0701MB6960.eurprd07.prod.outlook.com
Branch
--
master
Details
---
https://git.postgresql.org/pg/commitdiff
Add GSS information to connection authorized log message
GSS information (if used) such as if the connection was authorized using
GSS or if it was encrypted using GSS, and perhaps most importantly, what
the GSS principal used for the authentication was, is extremely useful
but wasn't being
Fix GSS client to non-GSS server connection
If the client is compiled with GSSAPI support and tries to start up GSS
with the server, but the server is not compiled with GSSAPI support, we
would mistakenly end up falling through to call ProcessStartupPacket
with secure_done = true, but the client
Fix GSS client to non-GSS server connection
If the client is compiled with GSSAPI support and tries to start up GSS
with the server, but the server is not compiled with GSSAPI support, we
would mistakenly end up falling through to call ProcessStartupPacket
with secure_done = true, but the client
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Thu, Mar 05, 2020 at 07:32:59PM -0500, David Steele wrote:
> > FWIW, we use static values in our unit tests (which are written in C), then
> > test against packaged versions of Postgres for integration tests.
> >
> > When I saw the
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Thu, Feb 06, 2020 at 09:44:07AM -0500, Stephen Frost wrote:
> > Erm- no, with -Ft + untar-as-root they get owned by "postgres", NOT the
> > original user. That's what I was pointing out up-thread (since it
Greetings,
* Magnus Hagander (mag...@hagander.net) wrote:
> On Thu, Feb 6, 2020 at 8:04 AM Michael Paquier wrote:
> >
> > On Wed, Feb 05, 2020 at 12:22:59PM -0500, Stephen Frost wrote:
> > > In any case, sorry for not responding on this sooner (was traveling for
> &g
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> Prevent running pg_basebackup as root
>
> Similarly to pg_upgrade, pg_ctl and initdb, a root user is able to use
> --version and --help, but cannot execute the actual operation to avoid
> the creation of files with permissions
Improve GSSAPI Encryption startup comment in libpq
The original comment was a bit confusing, pointed out by Alvaro Herrera.
Thread: https://postgr.es/m/20191224151520.GA16435%40alvherre.pgsql
Branch
--
master
Details
---
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Mon, Sep 30, 2019 at 7:28 AM David Steele wrote:
> > I'm surprised that we would consider going to GA with an issue like this
> > outstanding.
>
> Yeah, this is a *bad* problem.
I have to agree with this and I'm also pretty
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> Detect unused steps in isolation specs and do some cleanup
>
> This is useful for developers to find out if an isolation spec is
> over-engineered or if it needs more work by warning at the end of a
> test run if a step is not used,
Greetings,
* Alvaro Herrera (alvhe...@2ndquadrant.com) wrote:
> On 2019-Jun-26, Stephen Frost wrote:
>
> > Isn’t this the one run from pg_upgrade’s tests? We don’t want to break that
> > (and hopefully we haven’t but maybe something did...). Pretty sure we had
> > ne
Greetings,
On Wed, Jun 26, 2019 at 10:51 Tom Lane wrote:
> I wrote:
> > Michael Paquier writes:
> >> If we are on that, we still have src/test/modules/test_pg_dump/ which
> >> is not repeatable with multiple installchecks:
> >>
>
GSSAPI: Improve documentation and tests
The GSSAPI encryption patch neglected to update the protocol
documentation to describe how to set up a GSSAPI encrypted connection
from a client to the server, so fix that by adding the appropriate
documentation to protocol.sgml.
The tests added for
Handle errors during GSSAPI startup better
There was some confusion over the format of the error message returned
from the server during GSSAPI startup; specifically, it was expected
that a length would be returned when, in reality, at this early stage in
the startup sequence, no length is
GSSAPI encryption support
On both the frontend and backend, prepare for GSSAPI encryption
support by moving common code for error handling into a separate file.
Fix a TODO for handling multiple status messages in the process.
Eliminate the OIDs, which have not been needed for some time.
Add
Add support for partial TOAST decompression
When asked for a slice of a TOAST entry, decompress enough to return the
slice instead of decompressing the entire object.
For use cases where the slice is at, or near, the beginning of the entry,
this avoids a lot of unnecessary decompression work.
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Fri, Feb 22, 2019 at 03:26:35PM -0800, Andres Freund wrote:
> > that's useless, because I can't trivially copy the result file into the
> > expected file anymore. I have to figure out where in the tree it
> > is. Which isn't exactly
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Alvaro Herrera writes:
> > On 2019-Feb-08, Michael Paquier wrote:
> >> The timestamp of this commit is a bit messed up:
> >> commit: 13b89f96d07ad3da67b57f66c134c3609bd3e98f
> >> author: Peter Eisentraut
> >> date: Mon, 4 Feb 2019 09:28:17
Add additional partition tests to pg_dump
This adds a few tests for non-inherited constraints.
Author: Amit Langote
Discussion: https://postgr.es/m/20181208001735.GT3415%40tamriel.snowman.net
Branch
--
master
Details
---
Remove dead code in toast_fetch_datum_slice
In toast_fetch_datum_slice(), we Assert() that what is passed in isn't
compressed, but we then later had a check to see what the length of if
what was passed in is compressed. That later check is rather confusing
since toast_fetch_datum_slice() is only
Improve planner stats documentation
It was pointed out that in the planner stats documentation under
Extended Statistics, one of the sentences was a bit awkward. Improve
that by rewording it slightly.
Discussion:
Improve planner stats documentation
It was pointed out that in the planner stats documentation under
Extended Statistics, one of the sentences was a bit awkward. Improve
that by rewording it slightly.
Discussion:
Improve planner stats documentation
It was pointed out that in the planner stats documentation under
Extended Statistics, one of the sentences was a bit awkward. Improve
that by rewording it slightly.
Discussion:
Cleanup minor pg_dump memory leaks
In dumputils, we may have successfully parsed the acls when we discover
that we can't parse the reverse ACLs and then return- check and free
aclitems if that happens.
In dumpTableSchema, move ftoptions and srvname under the relkind !=
RELKIND_VIEW branch (since
Cleanup comments in xlog compression
Skipping over the "hole" in full page images in the XLOG code was
described as being a form of compression, but this got a bit confusing
since we now have PGLZ-based compression happening, so adjust the
wording to discuss "removing" the "hole" and keeping the
Fix typo
Backends don't typically exist uncleanly, but they can certainly exit
uncleanly, and it's exiting uncleanly that's being discussed here.
Branch
--
master
Details
---
https://git.postgresql.org/pg/commitdiff/f502fc88b3c8b4c619a4bcbb86c3225a699c1d45
Modified Files
--
Remove extra word from create sub docs
Improve the documentation in the CREATE SUBSCRIPTION command a bit by
removing an extraneous word and spelling out 'information'.
Branch
--
REL_10_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/cf2245159172836db29d8f0bc7d7164fd33714b1
Fix for globals.c- c.h must come first
Commit da9b580 mistakenly put a system header before postgres.h (which
includes c.h). That can cause portability issues and broke (at least)
builds with older Windows compilers.
Discovered by Mark Dilger.
Discussion:
adminpack: Revoke EXECUTE on pg_logfile_rotate()
In 9.6, we moved a number of functions over to using the GRANT system to
control access instead of having hard-coded superuser checks.
As it turns out, adminpack was creating another function in the catalog
for one of those backend functions where
adminpack: Revoke EXECUTE on pg_logfile_rotate()
In 9.6, we moved a number of functions over to using the GRANT system to
control access instead of having hard-coded superuser checks.
As it turns out, adminpack was creating another function in the catalog
for one of those backend functions where
adminpack: Revoke EXECUTE on pg_logfile_rotate()
In 9.6, we moved a number of functions over to using the GRANT system to
control access instead of having hard-coded superuser checks.
As it turns out, adminpack was creating another function in the catalog
for one of those backend functions where
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost <sfr...@snowman.net> writes:
> > Fix EXEC BACKEND + Windows builds for group privs
>
> jacana seems to think there's still an issue here:
>
> https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=
Skip permissions test under MINGW/Windows
We don't support the same kind of permissions tests on Windows/MINGW, so
these tests really shouldn't be getting run on that platform.
Per buildfarm.
Branch
--
master
Details
---
Fix EXEC BACKEND + Windows builds for group privs
Under EXEC BACKEND we also need to be going through the group privileges
setup since we do support that on Unixy systems, so add that to
SubPostmasterMain().
Under Windows, we need to simply return true from
GetDataDirectoryCreatePerm(), but that
Add default roles for file/program access
This patch adds new default roles named 'pg_read_server_files',
'pg_write_server_files', 'pg_execute_server_program' which
allow an administrator to GRANT to a non-superuser role the ability to
access server-side files or run programs through PostgreSQL
Support new default roles with adminpack
This provides a newer version of adminpack which works with the newly
added default roles to support GRANT'ing to non-superusers access to
read and write files, along with related functions (unlinking files,
getting file length, renaming/removing files,
Rewrite pg_dump TAP tests
This reworks how the tests to run are defined. Instead of having to
define all runs for all tests, we define those tests which should pass
(generally using one of the defined broad hashes), add in any which
should be specific for this test, and exclude any specific runs
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2018-03-14 19:35:40 +, Peter Eisentraut wrote:
> > Remove pg_class.relhaspkey
> >
> > It is not used for anything internally, and it cannot be relied on for
> > external uses, so it can just be removed. To correct recommended way
Fix comment for ExecProcessReturning
resultRelInfo is the argument for the function, not projectReturning.
Author: Etsuro Fujita
Discussion: https://postgr.es/m/5aa8e11e.1040...@lab.ntt.co.jp
Branch
--
master
Details
---
Improve ALTER TABLE synopsis
Add into the ALTER TABLE synopsis the definition of
partition_bound_spec, column_constraint, index_parameters and
exclude_element.
Initial patch by Lætitia Avrot, with further improvements by Amit
Langote and Thomas Munro.
Discussion:
Robert,
* Robert Haas (rh...@postgresql.org) wrote:
> postgres_fdw: Judge password use by run-as user, not session user.
There was apparently a regression test that was broken by this and is
making the buildfarm rather unhappy..
Thanks!
Stephen
signature.asc
Description: Digital signature
Greetings!
This list has now been migrated to new mailing list software known as
'PGLister'. This migration will impact all users of this mailing list
in one way or another.
If you would like to unsubscribe from this mailing list, please click on
'Show Original' or 'Show Headers' in your client
81 matches
Mail list logo