Commit Graph

55 Commits

Author SHA1 Message Date
Robert Haas
0b49642b99 pg_standby: Avoid writing one byte beyond the end of the buffer.
Previously, read() might have returned a length equal to the buffer
length, and then the subsequent store to buf[len] would write a
zero-byte one byte past the end.  This doesn't seem likely to be
a security issue, but there's some chance it could result in
pg_standby misbehaving.

Spotted by Coverity; patch by Michael Paquier, reviewed by me.
2015-01-15 09:26:03 -05:00
Noah Misch
0ffc201a51 Add file version information to most installed Windows binaries.
Prominent binaries already had this metadata.  A handful of minor
binaries, such as pg_regress.exe, still lack it; efforts to eliminate
such exceptions are welcome.

Michael Paquier, reviewed by MauMau.
2014-07-14 14:07:52 -04:00
Bruce Momjian
1494931d73 Remove MinGW readdir/errno bug workaround fixed on 2003-10-10 2014-03-21 13:47:37 -04:00
Bruce Momjian
6f03927fce Properly check for readdir/closedir() failures
Clear errno before calling readdir() and handle old MinGW errno bug
while adding full test coverage for readdir/closedir failures.

Backpatch through 8.4.
2014-03-21 13:45:11 -04:00
Tom Lane
01824385ae Prevent potential overruns of fixed-size buffers.
Coverity identified a number of places in which it couldn't prove that a
string being copied into a fixed-size buffer would fit.  We believe that
most, perhaps all of these are in fact safe, or are copying data that is
coming from a trusted source so that any overrun is not really a security
issue.  Nonetheless it seems prudent to forestall any risk by using
strlcpy() and similar functions.

Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.

In addition, fix a potential null-pointer-dereference crash in
contrib/chkpass.  The crypt(3) function is defined to return NULL on
failure, but chkpass.c didn't check for that before using the result.
The main practical case in which this could be an issue is if libc is
configured to refuse to execute unapproved hashing algorithms (e.g.,
"FIPS mode").  This ideally should've been a separate commit, but
since it touches code adjacent to one of the buffer overrun changes,
I included it in this commit to avoid last-minute merge issues.
This issue was reported by Honza Horak.

Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()
2014-02-17 11:20:21 -05:00
Tom Lane
60ff2fdd99 Centralize getopt-related declarations in a new header file pg_getopt.h.
We used to have externs for getopt() and its API variables scattered
all over the place.  Now that we find we're going to need to tweak the
variable declarations for Cygwin, it seems like a good idea to have
just one place to tweak.

In this commit, the variables are declared "#ifndef HAVE_GETOPT_H".
That may or may not work everywhere, but we'll soon find out.

Andres Freund
2014-02-15 14:31:30 -05:00
Kevin Grittner
b64b5ccb6a Silence benign warnings from clang version 3.0-6ubuntu3. 2013-11-07 16:35:43 -06:00
Bruce Momjian
9af4159fce pgindent run for release 9.3
This is the first run of the Perl-based pgindent script.  Also update
pgindent instructions.
2013-05-29 16:58:43 -04:00
Tom Lane
3c07fbf40b Use pqsignal() in contrib programs rather than calling signal(2) directly.
The semantics of signal(2) are more variable than one could wish; in
particular, on strict-POSIX platforms the signal handler will be reset
to SIG_DFL when the signal is delivered.  This demonstrably breaks
pg_test_fsync's use of SIGALRM.  The other changes I made are not
absolutely necessary today, because the called handlers all exit the
program anyway.  But it seems like a good general practice to use
pqsignal() exclusively in Postgres code, now that we have it available
everywhere.
2013-03-17 16:09:47 -04:00
Bruce Momjian
49ec613201 In our source code, make a copy of getopt's 'optarg' string arguments,
rather than just storing a pointer.
2012-10-12 13:35:43 -04:00
Peter Eisentraut
bb7520cc26 Make documentation of --help and --version options more consistent
Before, some places didn't document the short options (-? and -V),
some documented both, some documented nothing, and they were listed in
various orders.  Now this is hopefully more consistent and complete.
2012-06-18 02:46:59 +03:00
Peter Eisentraut
72155b29a8 pg_standby: Remove tabs from string literals
And align a bit better with the rest of the debug output.
2012-05-23 19:58:17 +03:00
Peter Eisentraut
510860a6a5 Small cleanups of contrib --help output 2012-05-20 01:14:25 +03:00
Peter Eisentraut
85612039b9 Message style improvements 2011-08-14 21:03:08 +03:00
Bruce Momjian
6560407c7d Pgindent run before 9.1 beta2. 2011-06-09 14:32:50 -04:00
Peter Eisentraut
4d7d6386d7 Remove literal tabs from message strings 2011-05-28 01:01:42 +03:00
Alvaro Herrera
c6eb5740b3 Fix assorted typos 2011-05-12 08:52:56 -04:00
Peter Eisentraut
b24181b26f Improve pg_archivecleanup and pg_standby --help output
For consistency with other tools, put the options before further usage
information.

In pg_standby, remove the supposedly deprecated -l option from the
given example invocation.
2011-05-05 23:19:13 +03:00
Bruce Momjian
d7a714828f Use consistent spacing for PGAPPICON Makefile option. 2011-01-24 20:46:30 -05:00
Magnus Hagander
fe9b36fd59 Convert cvsignore to gitignore, and add .gitignore for build targets. 2010-09-22 12:57:04 +02:00
Magnus Hagander
9f2e211386 Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
Heikki Linnakangas
de4e18a34d Fix typos in comments, spotted by Josh Kupershmidt. 2010-05-15 09:31:57 +00:00
Bruce Momjian
395d1259ad Add PGFILEDESC description to Makefiles for all /contrib executables.
Add PGAPPICON to all executable makefiles.
2010-05-12 11:33:10 +00:00
Bruce Momjian
65e806cba1 pgindent run for 9.0 2010-02-26 02:01:40 +00:00
Heikki Linnakangas
48912acc08 Disable triggering failover with a signal in pg_standby on Windows, because
Windows doesn't do signal processing like other platforms do. It never
really worked, but recent changes to the signal handling made it crash.

This fixes bug #4961. Patch by Fujii Masao.
2009-11-04 12:51:30 +00:00
Heikki Linnakangas
fe1cc1e730 pg_standby doesn't need to be linked with libpq. Fujii Masao. 2009-07-16 09:59:46 +00:00
Tom Lane
888bcdb9e0 Make prior patch pgindent-safe. 2009-06-25 19:33:25 +00:00
Heikki Linnakangas
8fd733bd19 Disable pg_standby -l option because the backend doesn't expect the recovered
file to be a symlink. We tried to fix this issue with an earlier server-side
patch, but it didn't fix the whole issue.

The same bug is present in older releases as well, but the 8.4 train is
about to leave the station, and I'm not sure if have consensus on whether
we can remove the -l option in back-branches or do we need to attempt a
server-side fix to make symlinking safe.

Patch by Simon Riggs, per discussion on bug identified by Fujii Masao.
2009-06-25 12:03:11 +00:00
Heikki Linnakangas
efa8544fd5 Fix a few errors in comments. Patch by Fujii Masao, plus the one in
visibilitymap.c by me.
2009-06-18 10:08:08 +00:00
Bruce Momjian
d747140279 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list
provided by Andrew.
2009-06-11 14:49:15 +00:00
Heikki Linnakangas
9e403c2587 Add recovery_end_command option to recovery.conf. recovery_end_command
is run at the end of archive recovery, providing a chance to do external
cleanup. Modify pg_standby so that it no longer removes the trigger file,
that is to be done using the recovery_end_command now.

Provide a "smart" failover mode in pg_standby, where we don't fail over
immediately, but only after recovering all unapplied WAL from the archive.
That gives you zero data loss assuming all WAL was archived before
failover, which is what most users of pg_standby actually want.

recovery_end_command by Simon Riggs, pg_standby changes by Fujii Masao and
myself.
2009-05-14 20:31:09 +00:00
Tom Lane
c7662960b1 Make pg_standby's maxretries option do what one would expect. Fujii Masao 2009-03-26 22:29:13 +00:00
Heikki Linnakangas
753a040486 Don't set the signal handler for SIGQUIT on Windows. Buildfarm shows that
reinstalling the default signal handler doesn't work as it is on Windows.
Presumably core dumps on SIGQUIT are not a problem on Windows, so rather
than figure out what header files or other changes are required to make it
work, just don't bother.
2009-03-18 20:30:35 +00:00
Heikki Linnakangas
47ce595502 Don't intercept SIGQUIT as a signal to trigger failover; that's what
postmaster uses for immediate shutdown. Trap SIGUSR1 as the preferred
signal for that.

Per report by Fujii Masao and subsequent discussion on -hackers.
2009-03-18 19:27:28 +00:00
Peter Eisentraut
b6e4c8f255 Equip the programs installed by contrib with proper --help and --version
options and normally formatted help output.
2009-02-27 09:30:21 +00:00
Tom Lane
e228624011 Remove references to pgsql-ports and pgsql-patches mailing lists from
various documentation, since those lists are now dead/deprecated.
Point to pgsql-bugs and/or pgsql-hackers as appropriate.
2009-01-06 17:27:06 +00:00
Bruce Momjian
1b92aeb93e Improve comment about why sleep is used by pg_standby to handle 'copy'
file size problem.
2008-12-15 22:13:02 +00:00
Bruce Momjian
eb88e7ee2c Add comment about GNUWin32's cp not having the file system problem. 2008-12-15 21:39:25 +00:00
Bruce Momjian
78b25fd2e9 Add missing 'break' in Win32 switch statement, reported by Martin Zaun 2008-12-15 21:11:54 +00:00
Heikki Linnakangas
cac2f697ee Fix WAL file cutoff point calculation in pg_standby.
Patch by Simon Riggs, per bug report from Ferenc Felhoffer
2008-07-08 15:11:58 +00:00
Andrew Dunstan
53972b460c Add $PostgreSQL$ markers to a lot of files that were missing them.
This particular batch was just for *.c and *.h file.

The changes were made with the following 2 commands:

find . \( \( -name 'libstemmer' -o -name 'expected' -o -name 'ppport.h' \) -prune \) -o  \( -name '*.[ch]'  \) \( -exec grep -q '\$PostgreSQL' {} \; -o -print \) | while read file ; do head -n 1 < $file | grep -q '^/\*' && echo $file; done | xargs -l sed -i -e '1s/^\// /' -e '1i/*\n * $PostgreSQL:$ \n *'

find . \( \( -name 'libstemmer' -o -name 'expected' -o -name 'ppport.h' \) -prune \) -o  \( -name '*.[ch]'  \) \( -exec grep -q '\$PostgreSQL' {} \; -o -print \) | xargs -l sed -i -e '1i/*\n * $PostgreSQL:$ \n */'
2008-05-17 01:28:26 +00:00
Heikki Linnakangas
f0eb3e5e58 Fix incorrect archive truncation point calculation in the %r recovery_command
parameter. This fixes bug 4137 reported by Wojciech Strzalka, where a WAL
file is deleted too early when starting the recovery of a warm standby server.

Also add a sanity check in pg_standby so that it will refuse to delete anything
earlier than the file being restored, and improve the debug message in case
nothing is deleted.

Simon Riggs. Backpatch to 8.3, which is where %r was introduced.
2008-05-09 14:27:47 +00:00
Bruce Momjian
fdf5a5efb7 pgindent run for 8.3. 2007-11-15 21:14:46 +00:00
Bruce Momjian
541ff409cc Remove references to READMEs from /contrib Makefiles. 2007-11-10 23:59:52 +00:00
Bruce Momjian
c3c69ab4fd Move most /contrib README files into SGML. Some still need conversion
or will never be converted.
2007-11-10 23:30:46 +00:00
Tom Lane
f18dfc4835 Minor improvements in backup and recovery:
- create a separate archive_mode GUC, on which archive_command is dependent

- %r option in recovery.conf sends last restartpoint to recovery command

- %r used in pg_standby, updated README

- minor other code cleanup in pg_standby

- doc on Warm Standby now mentions pg_standby and %r

- log_restartpoints recovery option emits LOG message at each restartpoint

- end of recovery now displays last transaction end time, as requested
  by Warren Little; also shown at each restartpoint

- restart archiver if needed to carry away WAL files at shutdown

Simon Riggs
2007-09-26 22:36:30 +00:00
Magnus Hagander
bbef913250 Quote pathnames so pg_standby works with paths that have
spaces in them.

ISHIDA Akio
2007-07-16 08:40:52 +00:00
Tom Lane
84a0445c4d Change a couple of exit(0) to return 0 to suppress complaints from
not-too-bright compilers.  Per buildfarm results.
2007-07-15 22:54:21 +00:00
Tom Lane
b09c248bdd Fix PGXS conventions so that extensions can be built against Postgres
installations whose pg_config program does not appear first in the PATH.
Per gripe from Eddie Stanley and subsequent discussions with Fabien Coelho
and others.
2007-06-26 22:05:04 +00:00
Peter Eisentraut
7ce9b3683e Make some messages more consistent 2007-05-31 15:13:06 +00:00