Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tq6MD-00H1Yd-PM
	for pgsql-general@arkaria.postgresql.org; Thu, 06 Mar 2025 08:13:29 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tq6MC-002jVz-Hh
	for pgsql-general@arkaria.postgresql.org; Thu, 06 Mar 2025 08:13:28 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <laurenz.albe@cybertec.at>)
	id 1tq6KX-002eON-SS
	for pgsql-general@lists.postgresql.org; Thu, 06 Mar 2025 08:11:45 +0000
Received: from mail-wm1-x336.google.com ([2a00:1450:4864:20::336])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <laurenz.albe@cybertec.at>)
	id 1tq6KW-001GFf-0Q
	for pgsql-general@lists.postgresql.org;
	Thu, 06 Mar 2025 08:11:44 +0000
Received: by mail-wm1-x336.google.com with SMTP id 5b1f17b1804b1-43bccfa7b89so2646125e9.2
        for <pgsql-general@lists.postgresql.org>; Thu, 06 Mar 2025 00:11:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cybertec.at; s=google; t=1741248703; x=1741853503; darn=lists.postgresql.org;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date
         :message-id:reply-to;
        bh=uHo1PtmM7DEKIa0kQKEiME4lapC4FhkPxg32Pydbu0E=;
        b=cjS9M6TN7aPzp7qoRbSS+Wlvy5hFDfTMVMjeyICLGl7or1tUNRaCgq+Yu16LZlaprS
         6EHPVCLYhBGYkPAuTPZPjQpIRrEc3XwArk2u83WuUUXbbSAR2JJNTjJIghp3HjxyKiSB
         EMjab08D2d2dTVZjTUkkFuQ36/T1k1/SFHet7ATjbjSUqMcDwSOMSTr/MAZndBKItuBH
         amzTPQZguxbC5KLW7x+nD8HL8YobWZ2w9/x67OgQ3ZrGro2v8IjcQFvt+NIu9j9cSpGL
         DSnNS5YtyGyGNpuWkz2iS1vLHhz/O8leSF6rw4RVWYDxvHMydq1kLfs6poK211WC/kyH
         VAUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741248703; x=1741853503;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:to:from:subject:message-id:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=uHo1PtmM7DEKIa0kQKEiME4lapC4FhkPxg32Pydbu0E=;
        b=lumRozt56WYM6Dqet5xFDZWkuIpr8ArR69DsL2zEZ4VZcvw8hJrRjeywE4vBvuBz6D
         r0CButkTwEf4Ysz7uHU5kkcFx1Ez65/hbTOhNcojbONFwsN60TBYn9Uhl2RU6ilwcEEJ
         Anh3TYGyM8uirPg0llaxMrhA3LEfZKiRSF+wcxzR5pGwdt+4zLcmOSQqocK3Jrp72BAp
         jcSPlE0bw2Jnsz5mPzKxWHPgMij7XNVh8QhkTjvarECqaT96vH6Bj+Oss+hx5dvpUiGe
         nMmj3kqyPg9dAT3XaKgmxDVFF3PmqHojawpF3RtmIc6DoPwOxzjLeshA/TVXEFywkuED
         70TQ==
X-Forwarded-Encrypted: i=1; AJvYcCXpBXanJH97KT9C32FA12YTgc7CX23NfWHi49+i2m2thZIww5A+nCj51Obej6JCoPK31/MzXImMBZzRvJCD@lists.postgresql.org
X-Gm-Message-State: AOJu0Yz9N5UBSObjmxr4fYeTSM0ieEaFHbo5POMYqTJJc0xqp3TWP9bk
	IBAb6mjYbY54FcJr7MLQ394i+TtCCRU0YfdQEsw2+B3+ZFKRqQa5e4OqxGB9dE+ZOMCU0IrSsmG
	I76s=
X-Gm-Gg: ASbGncsCjC+sH1UCUjZ5HVPQzPMwHhs+MTVEjMswLb7dEAa3BBjtzhbvFa0/l4LKzr8
	fGn3C7bvtlmGjBihtdbM7VQ0eetD1J5ty9go5BK1JX+D4i7udk0ysiWZmjWop+na5EKVxy9AQrF
	gbXpMsF7ggo535zR37ZeyqJqoTfEa/fbMUe5h1qJUcr/bWLPsQNuKUk72tBV4OqpzAL9VirG10u
	KLod313Gx4YSkSJJW+bgf/UzSIjRiTXtEx+CJgqQ9x7XZGaUC0RR6bAp4+5EEX4+yBNuU9b6rbA
	geNXDDgT1nu7p9GOpce+Bl5wljhOHyrLhRwU+3itu8u3t9VJX5+v++AdFDgu
X-Google-Smtp-Source: AGHT+IEuKsg9kZXAzs4EWM/NLG1xUIW0MA/EZgeK9RXDpGckKfa2xL3NCld4uvQBYgemMRlYx+NJeQ==
X-Received: by 2002:a05:6000:1848:b0:38a:88ac:f115 with SMTP id ffacd0b85a97d-3911f7b7523mr5136114f8f.34.1741248702796;
        Thu, 06 Mar 2025 00:11:42 -0800 (PST)
Received: from localhost.localdomain ([41.66.98.91])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43bcbcc53d3sm52519495e9.0.2025.03.06.00.11.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 06 Mar 2025 00:11:42 -0800 (PST)
Message-ID: <b76f0f54cbf8bd4ebe84eecea44168f23fcc2074.camel@cybertec.at>
Subject: Re: Asking for OK for a nasty trick to resolve PG CVE-2025-1094 i
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: "Abraham, Danny" <danny_abraham@bmc.com>, 
	pgsql-general@lists.postgresql.org
Date: Thu, 06 Mar 2025 09:11:41 +0100
In-Reply-To: <SA1PR02MB969837F0BEDE8CD64AE703958ECA2@SA1PR02MB9698.namprd02.prod.outlook.com>
References: 
	<SA1PR02MB969837F0BEDE8CD64AE703958ECA2@SA1PR02MB9698.namprd02.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.54.3 (3.54.3-1.fc41) 
MIME-Version: 1.0
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/b76f0f54cbf8bd4ebe84eecea44168f23fcc2074.camel%40cybertec.at>
Precedence: bulk

[redirecting to pgsql-general]

On Thu, 2025-03-06 at 07:39 +0000, Abraham, Danny wrote:
> I have many customers using PG 15.3 happily, and I cannot just snap upgra=
de them all to 15.12.

Why do you think you cannot do that?
In the long run, you'll be sorry if you don't.
It is just a matter of replacing the software and restarting the database s=
erver.

> I have tested a nasty trick of replacing PSQL,LIBPQ and several other DLL=
's so that
> I have a PG client 15.12 within the folders of Server 15.3.
>=20
> All working just fine.
>=20
> I plan to ship it as a patch - but would like to hear you opinion on this=
 "merge".
>=20
> (Of course, the next version will use PG 17.4, so this is just an SOS act=
ion).
>=20
> Directory of C:\Users\dbauser\Desktop\15.12
>=20
> 02/20/2025=C2=A0 11:48 AM=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
 4,696,576 libcrypto-3-x64.dll
> 02/20/2025=C2=A0 11:48 AM=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
 1,850,401 libiconv-2.dll
> 02/20/2025=C2=A0 11:48 AM=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 475,769 libintl-9.dll
> 02/20/2025=C2=A0 11:48 AM=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 323,584 libpq.dll
> 02/20/2025=C2=A0 11:48 AM=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 779,776 libssl-3-x64.dll
> 02/20/2025=C2=A0 11:48 AM=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0 52,736 libwinpthread-1.dll
> 02/20/2025=C2=A0 11:48 AM=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 604,160 psql.exe
>=20
> =3D=3D
> C:\Program Files\BMC Software\Control-M Server\pgsql\bin>postgres -V
> postgres (PostgreSQL) 15.3
>=20
> C:\Program Files\BMC Software\Control-M Server\pgsql\bin>psql -V
> psql (PostgreSQL) 15.12

There is nothing fundamentally evil about upgrading the client.

But what is the point?  Why are you worried about client bugs more than
about server bugs?  The latter are much more likely to eat your data.

But then, if you are using Windows, perhaps you don't care a lot about
your data...

Yours,
Laurenz Albe