public inbox for [email protected]
help / color / mirror / Atom feedFrom: Laurenz Albe <[email protected]>
To: Abraham, Danny <[email protected]>
To: [email protected]
Subject: Re: Asking for OK for a nasty trick to resolve PG CVE-2025-1094 i
Date: Thu, 06 Mar 2025 09:11:41 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <SA1PR02MB969837F0BEDE8CD64AE703958ECA2@SA1PR02MB9698.namprd02.prod.outlook.com>
References: <SA1PR02MB969837F0BEDE8CD64AE703958ECA2@SA1PR02MB9698.namprd02.prod.outlook.com>
[redirecting to pgsql-general]
On Thu, 2025-03-06 at 07:39 +0000, Abraham, Danny wrote:
> I have many customers using PG 15.3 happily, and I cannot just snap upgrade them all to 15.12.
Why do you think you cannot do that?
In the long run, you'll be sorry if you don't.
It is just a matter of replacing the software and restarting the database server.
> I have tested a nasty trick of replacing PSQL,LIBPQ and several other DLL's so that
> I have a PG client 15.12 within the folders of Server 15.3.
>
> All working just fine.
>
> I plan to ship it as a patch - but would like to hear you opinion on this "merge".
>
> (Of course, the next version will use PG 17.4, so this is just an SOS action).
>
> Directory of C:\Users\dbauser\Desktop\15.12
>
> 02/20/2025 11:48 AM 4,696,576 libcrypto-3-x64.dll
> 02/20/2025 11:48 AM 1,850,401 libiconv-2.dll
> 02/20/2025 11:48 AM 475,769 libintl-9.dll
> 02/20/2025 11:48 AM 323,584 libpq.dll
> 02/20/2025 11:48 AM 779,776 libssl-3-x64.dll
> 02/20/2025 11:48 AM 52,736 libwinpthread-1.dll
> 02/20/2025 11:48 AM 604,160 psql.exe
>
> ==
> C:\Program Files\BMC Software\Control-M Server\pgsql\bin>postgres -V
> postgres (PostgreSQL) 15.3
>
> C:\Program Files\BMC Software\Control-M Server\pgsql\bin>psql -V
> psql (PostgreSQL) 15.12
There is nothing fundamentally evil about upgrading the client.
But what is the point? Why are you worried about client bugs more than
about server bugs? The latter are much more likely to eat your data.
But then, if you are using Windows, perhaps you don't care a lot about
your data...
Yours,
Laurenz Albe
view thread (7+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Asking for OK for a nasty trick to resolve PG CVE-2025-1094 i
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox