summaryrefslogtreecommitdiff
path: root/src/common
AgeCommit message (Collapse)Author
3 daysStandardize LSN formatting by zero paddingÁlvaro Herrera
This commit standardizes the output format for LSNs to ensure consistent representation across various tools and messages. Previously, LSNs were inconsistently printed as `%X/%X` in some contexts, while others used zero-padding. This often led to confusion when comparing. To address this, the LSN format is now uniformly set to `%X/%08X`, ensuring the lower 32-bit part is always zero-padded to eight hexadecimal digits. Author: Japin Li <[email protected]> Reviewed-by: Masahiko Sawada <[email protected]> Reviewed-by: Álvaro Herrera <[email protected]> Discussion: https://postgr.es/m/ME0P300MB0445CA53CA0E4B8C1879AF84B641A@ME0P300MB0445.AUSP300.PROD.OUTLOOK.COM
2025-05-08Use 'void *' for arbitrary buffers, 'uint8 *' for byte arraysHeikki Linnakangas
A 'void *' argument suggests that the caller might pass an arbitrary struct, which is appropriate for functions like libc's read/write, or pq_sendbytes(). 'uint8 *' is more appropriate for byte arrays that have no structure, like the cancellation keys or SCRAM tokens. Some places used 'char *', but 'uint8 *' is better because 'char *' is commonly used for null-terminated strings. Change code around SCRAM, MD5 authentication, and cancellation key handling to follow these conventions. Discussion: https://www.postgresql.org/message-id/[email protected]
2025-05-05With GB18030, prevent SIGSEGV from reading past end of allocation.Noah Misch
With GB18030 as source encoding, applications could crash the server via SQL functions convert() or convert_from(). Applications themselves could crash after passing unterminated GB18030 input to libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeStringConn(), or PQescapeString(). Extension code could crash by passing unterminated GB18030 input to jsonapi.h functions. All those functions have been intended to handle untrusted, unterminated input safely. A crash required allocating the input such that the last byte of the allocation was the last byte of a virtual memory page. Some malloc() implementations take measures against that, making the SIGSEGV hard to reach. Back-patch to v13 (all supported versions). Author: Noah Misch <[email protected]> Author: Andres Freund <[email protected]> Reviewed-by: Masahiko Sawada <[email protected]> Backpatch-through: 13 Security: CVE-2025-4207
2025-04-21Fix INITCAP() word boundaries for PG_UNICODE_FAST.Jeff Davis
Word boundaries are based on whether a character is alphanumeric or not. For the PG_UNICODE_FAST collation, alphanumeric includes non-ASCII digits; whereas for the PG_C_UTF8 collation, it only includes digits 0-9. Pass down the right information from the pg_locale_t into initcap_wbnext to differentiate the behavior. Reported-by: Noah Misch <[email protected]> Reviewed-by: Noah Misch <[email protected]> Discussion: https://postgr.es/m/[email protected]
2025-04-12Harmonize function parameter names for Postgres 18.Peter Geoghegan
Make sure that function declarations use names that exactly match the corresponding names from function definitions in a few places. These inconsistencies were all introduced during Postgres 18 development. This commit was written with help from clang-tidy, by mechanically applying the same rules as similar clean-up commits (the earliest such commit was commit 035ce1fe).
2025-04-07Use XLOG_CONTROL_FILE macro consistently for control file name.Fujii Masao
The XLOG_CONTROL_FILE macro (defined in access/xlog_internal.h) represents the control file name. While some parts of the codebase already use this macro, others previously hardcoded the file name as a string. This commit replaces those hardcoded strings with the macro, ensuring consistent usage throughout the code. This makes future maintenance easier and improves searchability, for example when grepping for control file usage. Author: Anton A. Melnikov <[email protected]> Reviewed-by: Daniel Gustafsson <[email protected]> Reviewed-by: Kyotaro Horiguchi <[email protected]> Reviewed-by: Masao Fujii <[email protected]> Discussion: https://postgr.es/m/[email protected]
2025-04-03Update Unicode data to Unicode 16.0.0Peter Eisentraut
Reviewed-by: Jeff Davis <[email protected]> Discussion: https://www.postgresql.org/message-id/flat/[email protected]
2025-04-03Update code commentPeter Eisentraut
Commit 4e7f62bc386 added a new input file to a script but didn't update the comment listing the input files.
2025-04-03Fix update-unicode make targetPeter Eisentraut
The addition of SpecialCasing.txt by commit 286a365b9c2 was not added to the make target dependencies, so the invoked script would fail because the required file wasn't downloaded first. (The meson version appears to work correctly.)
2025-03-26Fix integer-overflow problem in scram_SaltedPassword()Richard Guo
Setting the iteration count for SCRAM secret generation to INT_MAX will cause an infinite loop in scram_SaltedPassword() due to integer overflow, as the loop uses the "i <= iterations" comparison. To fix, use "i < iterations" instead. Back-patch to v16 where the user-settable GUC scram_iterations has been added. Author: Kevin K Biju <[email protected]> Reviewed-by: Richard Guo <[email protected]> Reviewed-by: Michael Paquier <[email protected]> Discussion: https://postgr.es/m/CAM45KeEMm8hnxdTOxA98qhfZ9CzGDdgy3mxgJmy0c+2WwjA6Zg@mail.gmail.com
2025-03-25pg_upgrade: Add --swap for faster file transfer.Nathan Bossart
This new option instructs pg_upgrade to move the data directories from the old cluster to the new cluster and then to replace the catalog files with those generated for the new cluster. This mode can outperform --link, --clone, --copy, and --copy-file-range, especially on clusters with many relations. However, this mode creates many garbage files in the old cluster, which can prolong the file synchronization step if --sync-method=syncfs is used. To handle that, we recommend using --sync-method=fsync with this mode, and pg_upgrade internally uses "initdb --sync-only --no-sync-data-files" for file synchronization. pg_upgrade will synchronize the catalog files as they are transferred. We assume that the database files transferred from the old cluster were synchronized prior to upgrade. This mode also complicates reverting to the old cluster, so we recommend restoring from backup upon failure during or after file transfer. We did consider teaching pg_upgrade how to generate a revert script for such failures, but we decided against it due to the rarity of failing during file transfer, the complexity of generating the script, and the potential for misusing the script. The new mode is limited to clusters located in the same file system. With some effort, we could probably support upgrades between different file systems, but this mode is unlikely to offer much benefit if we have to copy the files across file system boundaries. It is also limited to upgrades from version 10 or newer. There are a few known obstacles for using swap mode to upgrade from older versions. For example, the visibility map format changed in v9.6, and the sequence tuple format changed in v10. In fact, swap mode omits the --sequence-data option in its uses of pg_dump and instead reuses the old cluster's sequence data files. While teaching swap mode to deal with these kinds of changes is surely possible (and we may have to deal with similar problems in the future, anyway), it doesn't seem worth the effort to support upgrades from long-unsupported versions. Reviewed-by: Greg Sabino Mullane <[email protected]> Reviewed-by: Robert Haas <[email protected]> Discussion: https://postgr.es/m/Zyvop-LxLXBLrZil%40nathan
2025-03-25initdb: Add --no-sync-data-files.Nathan Bossart
This new option instructs initdb to skip synchronizing any files in database directories, the database directories themselves, and the tablespace directories, i.e., everything in the base/ subdirectory and any other tablespace directories. Other files, such as those in pg_wal/ and pg_xact/, will still be synchronized unless --no-sync is also specified. --no-sync-data-files is primarily intended for internal use by tools that separately ensure the skipped files are synchronized to disk. A follow-up commit will use this to help optimize pg_upgrade's file transfer step. The --sync-method=fsync implementation of this option makes use of a new exclude_dir parameter for walkdir(). When not NULL, exclude_dir specifies a directory to skip processing. The --sync-method=syncfs implementation of this option just skips synchronizing the non-default tablespace directories. This means that initdb will still synchronize some or all of the database files, but there's not much we can do about that. Discussion: https://postgr.es/m/Zyvop-LxLXBLrZil%40nathan
2025-03-20Revert workarounds for -Wmissing-braces false positives on old GCCPeter Eisentraut
We have collected several instances of a workaround for GCC bug 53119, which caused false-positive compiler warnings. This bug has long been fixed, but was still seen on the buildfarm, most recently on lapwing with gcc (Debian 4.7.2-5). (The GCC bug tracker mentions that a fix was backported to 4.7.4 and 4.8.3.) That compiler no longer runs warning-free since commit 6fdd5d95634, so we don't need to keep these workarounds. And furthermore, the consensus appears to be that we don't want to keep supporting that era of platform anymore at all. This reverts the following commits: d937904cce6a3d82e4f9c2127de7b59105a134b3 506428d091760650971433f6bc083531c307b368 b449afb582bb9015bfbb85abc10ce122aef9ec70 6392f2a0968c20ecde4d27b6652703ad931fce92 bad0763a4d7be3005eae35d460c73ac4bc7ebaad 5e0c761d0a13c7b4f7c5de618ac38560d74d74d0 and makes a few similar fixes to newer code. Discussion: https://www.postgresql.org/message-id/flat/e170d61f-01ab-4cf9-ab68-91cd1fac62c5%40eisentraut.org Discussion: https://www.postgresql.org/message-id/flat/CA%2BTgmoYEAm-KKZibAP3hSqbTFTjUd47XtVcf3xSFDpyecXX9uQ%40mail.gmail.com
2025-03-18Fix headerscheck warning.Jeff Davis
Reported-by: Tom Lane <[email protected]> Discussion: https://postgr.es/m/[email protected]
2025-03-15Silence perl criticAndrew Dunstan
Commit 27bdec06841 uses a loop variable that is not strictly local to the loop. Perlcritic disapproves, and there's really no reason as the variable is not used outside the loop. Per buildfarm animals koel and crake.
2025-03-15Optimization for lower(), upper(), casefold() functions.Jeff Davis
Improve performance and reduce table sizes for case mapping. The main case mapping table stores only 16-bit offsets, which can be used to look up the mapped code point in any of the case tables (fold, lower, upper, or title case). Simple case pairs point to the same offsets. Generate a function in generate-unicode_case_table.pl that consists of a nested branches to test for specific codepoint ranges that determine the offset in the main table. Other approaches were considered, such as representing these ranges as another structure (rather than branches in a generated function), or a different approach such as a radix tree, or perfect hashing. The author implemented and tested these alternatives and settled on the generated branches. Author: Alexander Borisov <[email protected]> Reviewed-by: Heikki Linnakangas <[email protected]> Discussion: https://postgr.es/m/7cac7e66-9a3b-4e3f-a997-42aa0c401f80%40gmail.com
2025-03-13pg_noreturn to replace pg_attribute_noreturn()Peter Eisentraut
We want to support a "noreturn" decoration on more compilers besides just GCC-compatible ones, but for that we need to move the decoration in front of the function declaration instead of either behind it or wherever, which is the current style afforded by GCC-style attributes. Also rename the macro to "pg_noreturn" to be similar to the C11 standard "noreturn". pg_noreturn is now supported on all compilers that support C11 (using _Noreturn), as well as GCC-compatible ones (using __attribute__, as before), as well as MSVC (using __declspec). (When PostgreSQL requires C11, the latter two variants can be dropped.) Now, all supported compilers effectively support pg_noreturn, so the extra code for !HAVE_PG_ATTRIBUTE_NORETURN can be dropped. This also fixes a possible problem if third-party code includes stdnoreturn.h, because then the current definition of #define pg_attribute_noreturn() __attribute__((noreturn)) would cause an error. Note that the C standard does not support a noreturn attribute on function pointer types. So we have to drop these here. There are only two instances at this time, so it's not a big loss. In one case, we can make up for it by adding the pg_noreturn to a wrapper function and adding a pg_unreachable(), in the other case, the latter was already done before. Reviewed-by: Dagfinn Ilmari Mannsåker <[email protected]> Reviewed-by: Andres Freund <[email protected]> Discussion: https://www.postgresql.org/message-id/flat/pxr5b3z7jmkpenssra5zroxi7qzzp6eswuggokw64axmdixpnk@zbwxuq7gbbcw
2025-03-13Refactor convert_case() to prepare for optimizations.Jeff Davis
Upcoming optimizations will add complexity to convert_case(). This patch reorganizes slightly so that the complexity can be contained within the logic to convert the case of a single character, rather than mixing it in with logic to iterate through the string. Reviewed-by: Alexander Borisov <[email protected]> Discussion: https://postgr.es/m/[email protected]
2025-02-25Change relpath() et al to return path by valueAndres Freund
For AIO, and also some other recent patches, we need the ability to call relpath() in a critical section. Until now that was not feasible, as it allocated memory. The fact that relpath() allocated memory also made it awkward to use in log messages because we had to take care to free the memory afterwards. Which we e.g. didn't do for when zeroing out an invalid buffer. We discussed other solutions, e.g. filling a pre-allocated buffer that's passed to relpath(), but they all came with plenty downsides or were larger projects. The easiest fix seems to be to make relpath() return the path by value. To be able to return the path by value we need to determine the maximum length of a relation path. This patch adds a long #define that computes the exact maximum, which is verified to be correct in a regression test. As this change the signature of relpath(), extensions using it will need to adapt their code. We discussed leaving a backward-compat shim in place, but decided it's not worth it given the use of relpath() doesn't seem widespread. Discussion: https://postgr.es/m/xeri5mla4b5syjd5a25nok5iez2kr3bm26j2qn4u7okzof2bmf@kwdh2vf7npra
2025-02-20Remove various unnecessary (char *) castsPeter Eisentraut
Remove a number of (char *) casts that are unnecessary. Or in some cases, rewrite the code to make the purpose of the cast clearer. Reviewed-by: Dagfinn Ilmari Mannsåker <[email protected]> Discussion: https://www.postgresql.org/message-id/flat/fd1fcedb-3492-4fc8-9e3e-74b97f2db6c7%40eisentraut.org
2025-02-10Add pg_encoding_set_invalid()Andres Freund
There are cases where we cannot / do not want to error out for invalidly encoded input. In such cases it can be useful to replace e.g. an incomplete multi-byte characters with bytes that will trigger an error when getting validated as part of a larger string. Unfortunately, until now, for some encoding no such sequence existed. For those encodings this commit removes one previously accepted input combination - we consider that to be ok, as the chosen bytes are outside of the valid ranges for the encodings, we just previously failed to detect that. As we cannot add a new field to pg_wchar_table without breaking ABI, this is implemented "in-line" in the newly added function. Author: Noah Misch <[email protected]> Reviewed-by: Andres Freund <[email protected]> Backpatch-through: 13 Security: CVE-2025-1094
2025-01-23Add support for Unicode case folding.Jeff Davis
Expand case mapping tables to include entries for case folding, which are parsed from CaseFolding.txt. Discussion: https://postgr.es/m/a1886ddfcd8f60cb3e905c93009b646b4cfb74c5.camel%40j-davis.com
2025-01-19Be clearer about when jsonapi's need_escapes is neededAndrew Dunstan
Most operations beyond pure json parsing need to set need_escapes to true to get access to field names and string scalars. Document this fact more explicitly. Slightly tweaked patch from: Author: Corey Huinker <[email protected]> Discussion: https://postgr.es/m/CADkLM=c49Vkfg2+A8ubSuEtaGEjuaKZXCA6SrXA8kdwHjx3uxQ@mail.gmail.com
2025-01-17Support Unicode full case mapping and conversion.Jeff Davis
Generate tables from Unicode SpecialCasing.txt to support more sophisticated case mapping behavior: * support case mappings to multiple codepoints, such as "ß" uppercasing to "SS" * support conditional case mappings, such as the "final sigma" * support titlecase variants, such as "dž" uppercasing to "DŽ" but titlecasing to "Dž" Discussion: https://postgr.es/m/[email protected] Discussion: https://postgr.es/m/[email protected] Reviewed-by: Peter Eisentraut, Daniel Verite
2025-01-11Fix a compiler warning in initStringInfo().Tatsuo Ishii
Fix a compiler warning found by Cfbot. This was caused by commit bb86e85e442.
2025-01-10Add new StringInfo APIs to allow callers to specify the buffer size.Tatsuo Ishii
Previously StringInfo APIs allocated buffers with fixed initial allocation size of 1024 bytes. This may be too large and inappropriate for some callers that can do with smaller memory buffers. To fix this, introduce new APIs that allow callers to specify initial buffer size. extern StringInfo makeStringInfoExt(int initsize); extern void initStringInfoExt(StringInfo str, int initsize); Existing APIs (makeStringInfo() and initStringInfo()) are changed to call makeStringInfoExt and initStringInfoExt respectively (via inline helper functions makeStringInfoInternal and initStringInfoInternal), with the default buffer size of 1024. Reviewed-by: Nathan Bossart, David Rowley, Michael Paquier, Gurjeet Singh Discussion: https://postgr.es/m/20241225.123704.1194662271286702010.ishii%40postgresql.org
2025-01-01Update copyright for 2025Bruce Momjian
Backpatch-through: 13
2024-12-25meson: Export all libcommon functions in Windows buildsHeikki Linnakangas
This fixes "unresolved external symbol" errors with extensions that use functions from libcommon. This was reported with pgvector. Reported-by: Andrew Kane Author: Vladlen Popolitov Backpatch-through: 16, where Meson was introduced Discussion: https://www.postgresql.org/message-id/CAOdR5yF0krWrxycA04rgUKCgKugRvGWzzGLAhDZ9bzNv8g0Lag@mail.gmail.com
2024-12-10Fix outdated comment of scram_build_secret()Michael Paquier
This routine documented that "iterations" would use a default value if set to 0 by the caller. However, the iteration should always be set by the caller to a value strictly more than 0, as documented by an assertion. Oversight in b577743000cd, that has made the iteration count of SCRAM configurable. Author: Matheus Alcantara Discussion: https://postgr.es/m/[email protected] Backpatch-through: 16
2024-11-27jsonapi: add lexer option to keep token ownershipAndrew Dunstan
Commit 0785d1b8b adds support for libpq as a JSON client, but allocations for string tokens can still be leaked during parsing failures. This is tricky to fix for the object_field semantic callbacks: the field name must remain valid until the end of the object, but if a parsing error is encountered partway through, object_field_end() won't be invoked and the client won't get a chance to free the field name. This patch adds a flag to switch the ownership of parsed tokens to the lexer. When this is enabled, the client must make a copy of any tokens it wants to persist past the callback lifetime, but the lexer will handle necessary cleanup on failure. Backend uses of the JSON parser don't need to use this flag, since the parser's allocations will occur in a short lived memory context. A -o option has been added to test_json_parser_incremental to exercise the new setJsonLexContextOwnsTokens() API, and the test_json_parser TAP tests make use of it. (The test program now cleans up allocated memory, so that tests can be usefully run under leak sanitizers.) Author: Jacob Champion Discussion: https://postgr.es/m/CAOYmi+kb38EciwyBQOf9peApKGwraHqA7pgzBkvoUnw5BRfS1g@mail.gmail.com
2024-11-26Clean up newlines following left parenthesesÁlvaro Herrera
Most came in during the 17 cycle, so backpatch there. Some (particularly reorderbuffer.h) are very old, but backpatching doesn't seem useful. Like commits c9d297751959, c4f113e8fef9.
2024-11-06Remove unused #include's from bin .c filesPeter Eisentraut
as determined by IWYU Similar to commit dbbca2cf299, but for bin and some related files. Discussion: https://www.postgresql.org/message-id/flat/0df1d5b1-8ca8-4f84-93be-121081bde049%40eisentraut.org
2024-10-30Optimize sifting down in binaryheap.Nathan Bossart
Presently, each iteration of the loop in sift_down() will perform 3 comparisons if both children are larger than the parent node (2 for comparing each child to the parent node, and a third to compare the children to each other). By first comparing the children to each other and then comparing the larger child to the parent node, we can accomplish the same thing with just 2 comparisons (while also not affecting the number of comparisons in any other case). Author: ChangAo Chen Reviewed-by: Robert Haas Discussion: https://postgr.es/m/tencent_0142D8DA90940B9930BCC08348BBD6D0BB07%40qq.com
2024-10-30meson: Add missing dependency to unicode test programsPeter Eisentraut
The test programs in src/common/unicode/ (case_test, category_test, norm_test), don't build with meson if the nls option is enabled, because a libintl dependency is missing. Fix that. (The makefiles are ok.) Reviewed-by: Aleksander Alekseev <[email protected]> Discussion: https://www.postgresql.org/message-id/flat/52db1d2b-4b96-473e-b323-a4b16a950fba%40eisentraut.org
2024-10-28Unify src/common/'s definitions of MaxAllocSize.Tom Lane
As threatened in the previous patch, define MaxAllocSize in src/include/common/fe_memutils.h rather than having several copies of it in different src/common/*.c files. This also provides an opportunity to document it better. While this would probably be safe to back-patch, I'll refrain (for now anyway).
2024-10-28Guard against enormously long input in pg_saslprep().Tom Lane
Coverity complained that pg_saslprep() could suffer integer overflow, leading to under-allocation of the output buffer, if the input string exceeds SIZE_MAX/4. This hazard seems largely hypothetical, but it's easy enough to defend against, so let's do so. This patch creates a third place in src/common/ where we are locally defining MaxAllocSize so that we can test against that in the same way in backend and frontend compiles. That seems like about two places too many, so the next patch will move that into common/fe_memutils.h. I'm hesitant to do that in back branches however. Back-patch to v14. The code looks similar in older branches, but before commit 67a472d71 there was a separate test on the input string length that prevented this hazard. Per Coverity report.
2024-10-18Fix memory leaks from incorrect strsep() usesPeter Eisentraut
Commit 5d2e1cc117b introduced some strsep() uses, but it did the memory management wrong in some cases. We need to keep a separate pointer to the allocate memory so that we can free it later, because strsep() advances the pointer we pass to it, and it at the end it will be NULL, so any free() calls won't do anything. (This fixes two of the four places changed in commit 5d2e1cc117b. The other two don't have this problem.) Reported-by: Alexander Lakhin <[email protected]> Discussion: https://www.postgresql.org/message-id/flat/[email protected]
2024-10-17jsonapi: fully initialize dummy lexerPeter Eisentraut
Valgrind reports that checks on lex->inc_state are undefined for the "dummy lexer" used for incremental parsing, since it's only partially initialized on the stack. This was introduced in 0785d1b8b2. Zero-initialize the whole struct. Author: Jacob Champion <[email protected]> Reported-by: Alexander Lakhin <[email protected]> Discussion: https://www.postgresql.org/message-id/CAOYmi+n9QWr4gsAADZc6qFQjFViXQYVk=gBy_EvxuqsgPJcb_g@mail.gmail.com
2024-10-16Whitespace fixup from generated unicode tables.Jeff Davis
When running the 'update-unicode' build target, generate files that conform to pgindent whitespace rules.
2024-10-02File size in a backup manifest should use uint64, not size_t.Robert Haas
size_t is the size of an object in memory, not the size of a file on disk. Thanks to Tom Lane for noting the error. Discussion: http://postgr.es/m/[email protected]
2024-09-23jsonapi: fix memory leakage during OOM error recovery.Tom Lane
Coverity pointed out that inc_lex_level() would leak memory (not to mention corrupt the pstack data structure) if some but not all of its three REALLOC's failed. To fix, store successfully-updated pointers back into the pstack struct immediately. Oversight in 0785d1b8b, so no need for back-patch.
2024-09-11common/jsonapi: support libpq as a clientPeter Eisentraut
Based on a patch by Michael Paquier. For libpq, use PQExpBuffer instead of StringInfo. This requires us to track allocation failures so that we can return JSON_OUT_OF_MEMORY as needed rather than exit()ing. Author: Jacob Champion <[email protected]> Co-authored-by: Michael Paquier <[email protected]> Co-authored-by: Daniel Gustafsson <[email protected]> Reviewed-by: Peter Eisentraut <[email protected]> Discussion: https://www.postgresql.org/message-id/flat/[email protected]
2024-09-10Protect against small overread in SASLprep validationDaniel Gustafsson
In case of torn UTF8 in the input data we might end up going past the end of the string since we don't account for length. While validation won't be performed on a sequence with a NULL byte it's better to avoid going past the end to beging with. Fix by taking the length into consideration. Author: Jacob Champion <[email protected]> Reviewed-by: Daniel Gustafsson <[email protected]> Discussion: https://postgr.es/m/CAOYmi+mTnmM172g=_+Yvc47hzzeAsYPy2C4UBY3HK9p-AXNV0g@mail.gmail.com
2024-09-03Define PG_TBLSPC_DIR for path pg_tblspc/ in data folderMichael Paquier
Similarly to 2065ddf5e34c, this introduces a define for "pg_tblspc". This makes the style more consistent with the existing PG_STAT_TMP_DIR, for example. There is a difference with the other cases with the introduction of PG_TBLSPC_DIR_SLASH, required in two places for recovery and backups. Author: Bertrand Drouvot Reviewed-by: Ashutosh Bapat, Álvaro Herrera, Yugo Nagata, Michael Paquier Discussion: https://postgr.es/m/[email protected]
2024-09-02Remove support for OpenSSL older than 1.1.0Daniel Gustafsson
OpenSSL 1.0.2 has been EOL from the upstream OpenSSL project for some time, and is no longer the default OpenSSL version with any vendor which package PostgreSQL. By retiring support for OpenSSL 1.0.2 we can remove a lot of no longer required complexity for managing state within libcrypto which is now handled by OpenSSL. Reviewed-by: Jacob Champion <[email protected]> Reviewed-by: Peter Eisentraut <[email protected]> Reviewed-by: Michael Paquier <[email protected]> Discussion: https://postgr.es/m/[email protected] Discussion: https://postgr.es/m/CA+hUKGKh7QrYzu=8yWEUJvXtMVm_CNWH1L_TLWCbZMwbi1XP2Q@mail.gmail.com
2024-08-29Message style improvementsPeter Eisentraut
2024-08-12Remove fe_memutils from libpgcommon_shlibPeter Eisentraut
libpq must not use palloc/pfree. It's not allowed to exit on allocation failure, and mixing the frontend pfree with malloc is architecturally unsound. Remove fe_memutils from the shlib build entirely, to keep devs from accidentally depending on it in the future. Author: Jacob Champion <[email protected]> Discussion: https://www.postgresql.org/message-id/CAOYmi+=pg=W5L1h=3MEP_EB24jaBu2FyATrLXqQHGe7cpuvwyg@mail.gmail.com
2024-08-12Remove support for old realpath() APIPeter Eisentraut
The now preferred way to call realpath() is by passing NULL as the second argument and get a malloc'ed result. We still supported the old way of providing our own buffer as a second argument, for some platforms that didn't support the new way yet. Those were only Solaris less than version 11 and some older AIX versions (7.1 and newer appear to support the new variant). We don't support those platforms versions anymore, so we can remove this extra code. Reviewed-by: Heikki Linnakangas <[email protected]> Discussion: https://www.postgresql.org/message-id/flat/9e638b49-5c3f-470f-a392-2cbedb2f7855%40eisentraut.org
2024-08-07Make fallback MD5 implementation thread-safe on big-endian systemsHeikki Linnakangas
Replace a static scratch buffer with a local variable, because a static buffer makes the function not thread-safe. This function is used in client-code in libpq, so it needs to be thread-safe. It was until commit b67b57a966, which replaced the implementation with the one from pgcrypto. Backpatch to v14, where we switched to the new implementation. Reviewed-by: Robert Haas, Michael Paquier Discussion: https://www.postgresql.org/message-id/[email protected]
2024-08-06Mark misc static global variables as constHeikki Linnakangas
Reviewed-by: Andres Freund Discussion: https://www.postgresql.org/message-id/[email protected]