Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tq6Zg-00H5Dd-Pz
	for pgsql-general@arkaria.postgresql.org; Thu, 06 Mar 2025 08:27:24 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tq6Zf-0035hf-Hj
	for pgsql-general@arkaria.postgresql.org; Thu, 06 Mar 2025 08:27:23 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ronljohnsonjr@gmail.com>)
	id 1tq6Zf-0035hS-6W
	for pgsql-general@lists.postgresql.org; Thu, 06 Mar 2025 08:27:23 +0000
Received: from mail-oa1-x2d.google.com ([2001:4860:4864:20::2d])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <ronljohnsonjr@gmail.com>)
	id 1tq6Zd-001GOe-19
	for pgsql-general@postgresql.org;
	Thu, 06 Mar 2025 08:27:22 +0000
Received: by mail-oa1-x2d.google.com with SMTP id 586e51a60fabf-2a01bcd0143so527639fac.2
        for <pgsql-general@postgresql.org>; Thu, 06 Mar 2025 00:27:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1741249640; x=1741854440; darn=postgresql.org;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=5gd0h9fW+LdnT1zI2D0RTCBWHy3JW1XhxjOTeYR63vE=;
        b=mdtcE/h6XI2+j0mKI6ho2amdlsd6stB0dSMneTpkR35h3IClz2h/bvbtwY4VpIum6j
         /aYAbwBE5UAVSM0ByMZg6afgsGeVNn89AqxsBHtuiAZENsenVqUAW+uAiG5rvMs0jpC3
         //O/lnCDnuqUwxQhpxhji429Q9f/CTv/laJRYc3TW4Kz6/UpaVUQLL3miNr+VztMDinJ
         FDNfcySikjxaPhfnxhjpWvHDd95Tyqqp1Ou/40r/oqbUqtUVnzprp6ZktX1VnZ8aamox
         /6TZZzTP2kYnDNC8adsltLe6dUE/gN+nH/VZ47In2Oz7atipSzi8F795c+u6bifNniHS
         yogQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741249640; x=1741854440;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=5gd0h9fW+LdnT1zI2D0RTCBWHy3JW1XhxjOTeYR63vE=;
        b=JN9yS/qXKhCRidUTHcZXPs9v0u06p3IfeiRmzmtpZmhMjAXAhkUIEGLF3NVKjU0x3K
         BzMv4GDfJ7q7sXW229jXvB/yUNGBZU1r7+vLGbQjLY+sFcu7scmnBnSDgTb+r+8hxuAn
         0mndu7HogJwWSdLHPtEq8x5d8/zInFdWhQibFHGGzLVa3sKZf6wEkUqqBGXN1RDQcSGi
         /gblcnniSvL3SXtteSB8kKxFxraqZoU7e/JWjQw0XlfGpFVKxoYTELTTTsOmMIYifiGT
         yNcgksCUZZvWYQiDXrQ6dmReSL+2s1+JfwY4SAY9HMW/hTnPwetsSwQLFZRVI65uowk/
         00iQ==
X-Gm-Message-State: AOJu0YyFQGNRvLPX9BL4abWoJ36lIwcUbQojxRRGgPSP9vpGxpQmIGFf
	tnEUopalXkAnxahdVPb+ETBnJkPNL4jKjYVl+cXq9vdxjnVNUbVuoM+MJ62I1JcMQeRLSLLN9b0
	bAa3LQczvvfsOykXcBRdH1G/enFc41g==
X-Gm-Gg: ASbGncta0LB8yTBktNKOMwQRvsKOITtITtNCQ3MR0i33EE8hxt7lF4ma0oGweS3f+UT
	m9x7ez1MUyM7fx/FhQCR3gujck7CRdei5lOhcN/T5RTXzLavbtDvx8685ywP/MxOwto7FOSO7sD
	j+SFKCsCREcBXBSAa3tHx+LYepJNilXvjNoP0JZNm/kZgfmQl6xl5XDuatKD2/
X-Google-Smtp-Source: AGHT+IFeelreVxALyCPwhE3jjUvJA0QaSlaYqoqmzLkyG9ZMVVF+MdldxF1/mu6qf0gEwVmoyxpCDh/bgB/j1p0uy8w=
X-Received: by 2002:a05:6870:46a9:b0:2c1:5027:494a with SMTP id
 586e51a60fabf-2c21c91e043mr3678776fac.14.1741249640664; Thu, 06 Mar 2025
 00:27:20 -0800 (PST)
MIME-Version: 1.0
References: <SA1PR02MB969837F0BEDE8CD64AE703958ECA2@SA1PR02MB9698.namprd02.prod.outlook.com>
 <b76f0f54cbf8bd4ebe84eecea44168f23fcc2074.camel@cybertec.at>
In-Reply-To: <b76f0f54cbf8bd4ebe84eecea44168f23fcc2074.camel@cybertec.at>
From: Ron Johnson <ronljohnsonjr@gmail.com>
Date: Thu, 6 Mar 2025 03:27:09 -0500
X-Gm-Features: AQ5f1JonOJv0L1EfYZDT9QeeqUGCdl7fph5IHx0K7JdjT57M_IEyDfcNuus9TzY
Message-ID: <CANzqJaBnOKu5BO_Bwe934ZbBr0m54RmWujEQQnS58qy2nLvHdw@mail.gmail.com>
Subject: Re: Asking for OK for a nasty trick to resolve PG CVE-2025-1094 i
To: pgsql-general <pgsql-general@postgresql.org>, "Abraham, Danny" <danny_abraham@bmc.com>
Content-Type: multipart/alternative; boundary="0000000000004c16b4062fa846cd"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CANzqJaBnOKu5BO_Bwe934ZbBr0m54RmWujEQQnS58qy2nLvHdw%40mail.gmail.com>
Precedence: bulk

--0000000000004c16b4062fa846cd
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 6, 2025 at 3:12=E2=80=AFAM Laurenz Albe <laurenz.albe@cybertec.=
at>
wrote:

> [redirecting to pgsql-general]
>
> On Thu, 2025-03-06 at 07:39 +0000, Abraham, Danny wrote:
> > I have many customers using PG 15.3 happily, and I cannot just snap
> upgrade them all to 15.12.
>
> Why do you think you cannot do that?
> In the long run, you'll be sorry if you don't.
> It is just a matter of replacing the software and restarting the database
> server.
>

It really is that simple.  On Linux, at least, it takes me less than two
minutes to:
1. Pause streaming replication between 2 nodes.
2. Stop PG on both nodes.
3. Install the new software.
4. Start PG on both nodes.
5. Resume streaming replication.

That's using PowerShell to do everything; a noticeable part of that 110
seconds is the ssh overhead of logging in and out of servers over our
network, and even more is taken up by me scanning for errors between each
step, and then pasting the next set of commands.

If all your database servers are Windows, then the PS to stop, install and
start on a remote node *should* be even faster (especially if you don't
have replication).

--=20
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!

--0000000000004c16b4062fa846cd
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Thu, Mar 6, 2025 at 3:12=E2=80=AFAM La=
urenz Albe &lt;<a href=3D"mailto:laurenz.albe@cybertec.at">laurenz.albe@cyb=
ertec.at</a>&gt; wrote:</div><div class=3D"gmail_quote gmail_quote_containe=
r"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bord=
er-left:1px solid rgb(204,204,204);padding-left:1ex">[redirecting to pgsql-=
general]<br>
<br>
On Thu, 2025-03-06 at 07:39 +0000, Abraham, Danny wrote:<br>
&gt; I have many customers using PG 15.3 happily, and I cannot just snap up=
grade them all to 15.12.<br>
<br>
Why do you think you cannot do that?<br>
In the long run, you&#39;ll be sorry if you don&#39;t.<br>
It is just a matter of replacing the software and restarting the database s=
erver.<br></blockquote><div><br></div><div>It really is that simple.=C2=A0 =
On Linux, at least, it takes me less than two minutes to:</div><div>1. Paus=
e streaming replication between 2 nodes.</div><div>2. Stop PG on both nodes=
.</div><div>3. Install the new software.</div><div>4. Start PG on both node=
s.</div><div>5. Resume streaming replication.</div><div><br></div><div>That=
&#39;s using PowerShell to do everything; a noticeable part of that 110 sec=
onds is the ssh overhead of logging in and out of servers over our network,=
 and even more is taken up by me scanning for errors between each step, and=
 then pasting the next set of commands.</div><div><br></div><div>If all you=
r database servers are Windows, then the PS to stop, install and start on a=
 remote node <i>should</i>=C2=A0be even faster (especially if you don&#39;t=
 have=C2=A0replication).</div><div><br></div></div><span class=3D"gmail_sig=
nature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><di=
v dir=3D"ltr">Death to &lt;Redacted&gt;, and butter sauce.<div>Don&#39;t bo=
il me, I&#39;m still alive.<br><div><div>&lt;Redacted&gt; lobster!</div></d=
iv></div></div></div></div>

--0000000000004c16b4062fa846cd--