sthagen
diff --git a/‎doc/src/sgml/config.sgml
Lines changed: 7 additions & 4 deletions b/‎doc/src/sgml/config.sgml
Lines changed: 7 additions & 4 deletions
diff --git a/‎doc/src/sgml/ddl.sgml
Lines changed: 10 additions & 0 deletions b/‎doc/src/sgml/ddl.sgml
Lines changed: 10 additions & 0 deletions
diff --git a/‎doc/src/sgml/protocol.sgml
Lines changed: 5 additions & 5 deletions b/‎doc/src/sgml/protocol.sgml
Lines changed: 5 additions & 5 deletions
diff --git a/‎doc/src/sgml/ref/alter_table.sgml
Lines changed: 8 additions & 8 deletions b/‎doc/src/sgml/ref/alter_table.sgml
Lines changed: 8 additions & 8 deletions
diff --git a/‎doc/src/sgml/ref/create_table.sgml
Lines changed: 11 additions & 1 deletion b/‎doc/src/sgml/ref/create_table.sgml
Lines changed: 11 additions & 1 deletion
diff --git a/‎doc/src/sgml/ref/pg_createsubscriber.sgml
Lines changed: 29 additions & 30 deletions b/‎doc/src/sgml/ref/pg_createsubscriber.sgml
Lines changed: 29 additions & 30 deletions
diff --git a/‎src/backend/catalog/heap.c
Lines changed: 93 additions & 0 deletions b/‎src/backend/catalog/heap.c
Lines changed: 93 additions & 0 deletions
@@ -2788,7 +2788,7 @@ include_dir 'conf.d'
       </varlistentry>
 
       <varlistentry id="guc-io-workers" xreflabel="io_workers">
-       <term><varname>io_workers</varname> (<type>int</type>)
+       <term><varname>io_workers</varname> (<type>integer</type>)
        <indexterm>
         <primary><varname>io_workers</varname> configuration parameter</primary>
        </indexterm>
@@ -8602,7 +8602,8 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv;
         timing information is displayed in
         <link linkend="vacuum-progress-reporting"><structname>pg_stat_progress_vacuum</structname></link>,
         <link linkend="analyze-progress-reporting"><structname>pg_stat_progress_analyze</structname></link>,
-        in the output of <xref linkend="sql-vacuum"/> when the
+        in the output of <xref linkend="sql-vacuum"/> and
+        <xref linkend="sql-analyze"/> when the
         <literal>VERBOSE</literal> option is used, and by autovacuum for
         auto-vacuums and auto-analyzes when
         <xref linkend="guc-log-autovacuum-min-duration"/> is set.
@@ -9340,7 +9341,8 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv;
       <varlistentry id="guc-vacuum-truncate" xreflabel="vacuum_truncate">
        <term><varname>vacuum_truncate</varname> (<type>boolean</type>)
        <indexterm>
-        <primary><varname>vacuum_truncate</varname> configuration parameter</primary>
+        <primary><varname>vacuum_truncate</varname></primary>
+        <secondary>configuration parameter</secondary>
        </indexterm>
        </term>
        <listitem>
@@ -9544,7 +9546,8 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv;
      <varlistentry id="guc-vacuum-max-eager-freeze-failure-rate" xreflabel="vacuum_max_eager_freeze_failure_rate">
       <term><varname>vacuum_max_eager_freeze_failure_rate</varname> (<type>floating point</type>)
       <indexterm>
-       <primary><varname>vacuum_max_eager_freeze_failure_rate</varname> configuration parameter</primary>
+       <primary><varname>vacuum_max_eager_freeze_failure_rate</varname></primary>
+       <secondary>configuration parameter</secondary>
       </indexterm>
       </term>
       <listitem>
 
@@ -419,6 +419,16 @@ CREATE TABLE people (
       <varname>tableoid</varname>.
      </para>
     </listitem>
+    <listitem>
+     <para>
+      A virtual generated column cannot have a user-defined type, and the
+      generation expression of a virtual generated column must not reference
+      user-defined functions or types, that is, it can only use built-in
+      functions or types.  This applies also indirectly, such as for functions
+      or types that underlie operators or casts.  (This restriction does not
+      exist for stored generated columns.)
+     </para>
+    </listitem>
     <listitem>
      <para>
       A generated column cannot have a column default or an identity definition.
 
@@ -7292,8 +7292,8 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;"
        <term>Int64 (XLogRecPtr)</term>
        <listitem>
         <para>
-         The LSN of the abort. This field is available since protocol version
-         4.
+         The LSN of the abort operation, present only when streaming is set to parallel.
+         This field is available since protocol version 4.
         </para>
        </listitem>
       </varlistentry>
@@ -7302,9 +7302,9 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;"
        <term>Int64 (TimestampTz)</term>
        <listitem>
         <para>
-         Abort timestamp of the transaction. The value is in number
-         of microseconds since PostgreSQL epoch (2000-01-01). This field is
-         available since protocol version 4.
+         Abort timestamp of the transaction, present only when streaming is set to
+         parallel. The value is in number of microseconds since PostgreSQL epoch (2000-01-01).
+         This field is available since protocol version 4.
         </para>
        </listitem>
       </varlistentry>
 
@@ -460,16 +460,16 @@ WITH ( MODULUS <replaceable class="parameter">numeric_literal</replaceable>, REM
      <para>
       This form adds a new constraint to a table using the same constraint
       syntax as <link linkend="sql-createtable"><command>CREATE TABLE</command></link>, plus the option <literal>NOT
-      VALID</literal>, which is currently only allowed for foreign key,
-      <literal>CHECK</literal> constraints and not-null constraints.
+      VALID</literal>, which is currently only allowed for foreign-key,
+      <literal>CHECK</literal>, and not-null constraints.
      </para>
 
      <para>
       Normally, this form will cause a scan of the table to verify that all
       existing rows in the table satisfy the new constraint.  But if
       the <literal>NOT VALID</literal> option is used, this
       potentially-lengthy scan is skipped.  The constraint will still be
-      enforced against subsequent inserts or updates (that is, they'll fail
+      applied against subsequent inserts or updates (that is, they'll fail
       unless there is a matching row in the referenced table, in the case
       of foreign keys, or they'll fail unless the new row matches the
       specified check condition).  But the
@@ -591,7 +591,7 @@ WITH ( MODULUS <replaceable class="parameter">numeric_literal</replaceable>, REM
       This form validates a foreign key, check, or not-null constraint that was
       previously created as <literal>NOT VALID</literal>, by scanning the
       table to ensure there are no rows for which the constraint is not
-      satisfied.  If the constraint is not enforced, an error is thrown.
+      satisfied.  If the constraint was set to <literal>NOT ENFORCED</literal>, an error is thrown.
       Nothing happens if the constraint is already marked valid.
       (See <xref linkend="sql-altertable-notes"/> below for an explanation
       of the usefulness of this command.)
@@ -1466,11 +1466,11 @@ WITH ( MODULUS <replaceable class="parameter">numeric_literal</replaceable>, REM
    </para>
 
    <para>
-    Adding an enforced <literal>CHECK</literal> or <literal>NOT NULL</literal>
+    Adding a <literal>CHECK</literal> or <literal>NOT NULL</literal>
     constraint requires scanning the table to verify that existing rows meet the
     constraint, but does not require a table rewrite.  If a <literal>CHECK</literal>
-    constraint is added as <literal>NOT ENFORCED</literal>, the validation will
-    not be performed.
+    constraint is added as <literal>NOT ENFORCED</literal>, no verification will
+    be performed.
    </para>
 
    <para>
@@ -1485,7 +1485,7 @@ WITH ( MODULUS <replaceable class="parameter">numeric_literal</replaceable>, REM
    </para>
 
    <para>
-    Scanning a large table to verify a new foreign key or check constraint
+    Scanning a large table to verify new foreign-key, check, or not-null constraints
     can take a long time, and other updates to the table are locked out
     until the <command>ALTER TABLE ADD CONSTRAINT</command> command is
     committed.  The main purpose of the <literal>NOT VALID</literal>
 
@@ -924,6 +924,15 @@ WITH ( MODULUS <replaceable class="parameter">numeric_literal</replaceable>, REM
       not other generated columns.  Any functions and operators used must be
       immutable.  References to other tables are not allowed.
      </para>
+
+     <para>
+      A virtual generated column cannot have a user-defined type, and the
+      generation expression of a virtual generated column must not reference
+      user-defined functions or types, that is, it can only use built-in
+      functions or types.  This applies also indirectly, such as for functions
+      or types that underlie operators or casts.  (This restriction does not
+      exist for stored generated columns.)
+     </para>
     </listitem>
    </varlistentry>
 
@@ -1694,7 +1703,8 @@ WITH ( MODULUS <replaceable class="parameter">numeric_literal</replaceable>, REM
    <varlistentry id="reloption-vacuum-truncate" xreflabel="vacuum_truncate">
     <term><literal>vacuum_truncate</literal>, <literal>toast.vacuum_truncate</literal> (<type>boolean</type>)
     <indexterm>
-     <primary><varname>vacuum_truncate</varname> storage parameter</primary>
+     <primary><varname>vacuum_truncate</varname></primary>
+     <secondary>storage parameter</secondary>
     </indexterm>
     </term>
     <listitem>
 
@@ -169,36 +169,6 @@ PostgreSQL documentation
      </listitem>
     </varlistentry>
 
-    <varlistentry>
-     <term><option>-R <replaceable class="parameter">objtype</replaceable></option></term>
-     <term><option>--remove=<replaceable class="parameter">objtype</replaceable></option></term>
-     <listitem>
-      <para>
-       Remove all objects of the specified type from specified databases on the
-       target server.
-      </para>
-      <para>
-       <itemizedlist>
-        <listitem>
-         <para>
-          <literal>publications</literal>:
-          The <literal>FOR ALL TABLES</literal> publications established for this
-          subscriber are always removed; specifying this object type causes all
-          other publications replicated from the source server to be dropped as
-          well.
-         </para>
-        </listitem>
-       </itemizedlist>
-      </para>
-      <para>
-       The objects selected to be dropped are individually logged, including during
-       a <option>--dry-run</option>.  There is no opportunity to affect or stop the
-       dropping of the selected objects, so consider taking a backup of them
-       using <application>pg_dump</application>.
-      </para>
-     </listitem>
-    </varlistentry>
-
     <varlistentry>
      <term><option>-s <replaceable class="parameter">dir</replaceable></option></term>
      <term><option>--socketdir=<replaceable class="parameter">dir</replaceable></option></term>
@@ -259,6 +229,35 @@ PostgreSQL documentation
      </listitem>
     </varlistentry>
 
+    <varlistentry>
+     <term><option>--clean=<replaceable class="parameter">objtype</replaceable></option></term>
+     <listitem>
+      <para>
+       Drop all objects of the specified type from specified databases on the
+       target server.
+      </para>
+      <para>
+       <itemizedlist>
+        <listitem>
+         <para>
+          <literal>publications</literal>:
+          The <literal>FOR ALL TABLES</literal> publications established for this
+          subscriber are always dropped; specifying this object type causes all
+          other publications replicated from the source server to be dropped as
+          well.
+         </para>
+        </listitem>
+       </itemizedlist>
+      </para>
+      <para>
+       The objects selected to be dropped are individually logged, including during
+       a <option>--dry-run</option>.  There is no opportunity to affect or stop the
+       dropping of the selected objects, so consider taking a backup of them
+       using <application>pg_dump</application>.
+      </para>
+     </listitem>
+    </varlistentry>
+
     <varlistentry>
      <term><option>--config-file=<replaceable class="parameter">filename</replaceable></option></term>
      <listitem>
 
@@ -664,6 +664,15 @@ CheckAttributeType(const char *attname,
 						   flags);
 	}
 
+	/*
+	 * For consistency with check_virtual_generated_security().
+	 */
+	if ((flags & CHKATYPE_IS_VIRTUAL) && atttypid >= FirstUnpinnedObjectId)
+		ereport(ERROR,
+				errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
+				errmsg("virtual generated column \"%s\" cannot have a user-defined type", attname),
+				errdetail("Virtual generated columns that make use of user-defined types are not yet supported."));
+
 	/*
 	 * This might not be strictly invalid per SQL standard, but it is pretty
 	 * useless, and it cannot be dumped, so we must disallow it.
@@ -3215,6 +3224,86 @@ check_nested_generated(ParseState *pstate, Node *node)
 	check_nested_generated_walker(node, pstate);
 }
 
+/*
+ * Check security of virtual generated column expression.
+ *
+ * Just like selecting from a view is exploitable (CVE-2024-7348), selecting
+ * from a table with virtual generated columns is exploitable.  Users who are
+ * concerned about this can avoid selecting from views, but telling them to
+ * avoid selecting from tables is less practical.
+ *
+ * To address this, this restricts generation expressions for virtual
+ * generated columns are restricted to using built-in functions and types.  We
+ * assume that built-in functions and types cannot be exploited for this
+ * purpose.  Note the overall security also requires that all functions in use
+ * a immutable.  (For example, there are some built-in non-immutable functions
+ * that can run arbitrary SQL.)  The immutability is checked elsewhere, since
+ * that is a property that needs to hold independent of security
+ * considerations.
+ *
+ * In the future, this could be expanded by some new mechanism to declare
+ * other functions and types as safe or trusted for this purpose, but that is
+ * to be designed.
+ */
+
+/*
+ * Callback for check_functions_in_node() that determines whether a function
+ * is user-defined.
+ */
+static bool
+contains_user_functions_checker(Oid func_id, void *context)
+{
+	return (func_id >= FirstUnpinnedObjectId);
+}
+
+/*
+ * Checks for all the things we don't want in the generation expressions of
+ * virtual generated columns for security reasons.  Errors out if it finds
+ * one.
+ */
+static bool
+check_virtual_generated_security_walker(Node *node, void *context)
+{
+	ParseState *pstate = context;
+
+	if (node == NULL)
+		return false;
+
+	if (!IsA(node, List))
+	{
+		if (check_functions_in_node(node, contains_user_functions_checker, NULL))
+			ereport(ERROR,
+					errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
+					errmsg("generation expression uses user-defined function"),
+					errdetail("Virtual generated columns that make use of user-defined functions are not yet supported."),
+					parser_errposition(pstate, exprLocation(node)));
+
+		/*
+		 * check_functions_in_node() doesn't check some node types (see
+		 * comment there).  We handle CoerceToDomain and MinMaxExpr by
+		 * checking for built-in types.  The other listed node types cannot
+		 * call user-definable SQL-visible functions.
+		 *
+		 * We furthermore need this type check to handle built-in, immutable
+		 * polymorphic functions such as array_eq().
+		 */
+		if (exprType(node) >= FirstUnpinnedObjectId)
+			ereport(ERROR,
+					errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
+					errmsg("generation expression uses user-defined type"),
+					errdetail("Virtual generated columns that make use of user-defined types are not yet supported."),
+					parser_errposition(pstate, exprLocation(node)));
+	}
+
+	return expression_tree_walker(node, check_virtual_generated_security_walker, context);
+}
+
+static void
+check_virtual_generated_security(ParseState *pstate, Node *node)
+{
+	check_virtual_generated_security_walker(node, pstate);
+}
+
 /*
  * Take a raw default and convert it to a cooked format ready for
  * storage.
@@ -3254,6 +3343,10 @@ cookDefault(ParseState *pstate,
 			ereport(ERROR,
 					(errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
 					 errmsg("generation expression is not immutable")));
+
+		/* Check security of expressions for virtual generated column */
+		if (attgenerated == ATTRIBUTE_GENERATED_VIRTUAL)
+			check_virtual_generated_security(pstate, expr);
 	}
 	else
 	{