Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-odbc-owner+archive@lists.postgresql.org>)
	id 1tkM6e-00381P-TR
	for pgsql-odbc@arkaria.postgresql.org; Tue, 18 Feb 2025 11:49:41 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-odbc-owner+archive@lists.postgresql.org>)
	id 1tkM6d-009VE8-MC
	for pgsql-odbc@arkaria.postgresql.org; Tue, 18 Feb 2025 11:49:39 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <daniel@yesql.se>)
	id 1tkM6d-009VE0-Az
	for pgsql-odbc@lists.postgresql.org; Tue, 18 Feb 2025 11:49:39 +0000
Received: from smtp.outgoing.loopia.se ([93.188.3.37])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <daniel@yesql.se>)
	id 1tkM6a-001VXE-1B
	for pgsql-odbc@postgresql.org;
	Tue, 18 Feb 2025 11:49:38 +0000
Received: from s807.loopia.se (localhost [127.0.0.1])
	by s807.loopia.se (Postfix) with ESMTP id E14A529BC97
	for <pgsql-odbc@postgresql.org>; Tue, 18 Feb 2025 12:49:32 +0100 (CET)
Received: from s981.loopia.se (unknown [172.22.191.6])
	by s807.loopia.se (Postfix) with ESMTP id CC41B29B92E;
	Tue, 18 Feb 2025 12:49:32 +0100 (CET)
Received: from s473.loopia.se (unknown [172.22.191.6])
	by s981.loopia.se (Postfix) with ESMTP id CA1AC22B1705;
	Tue, 18 Feb 2025 12:49:32 +0100 (CET)
X-Virus-Scanned: amavisd-new at amavis.loopia.se
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2
 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1] autolearn=disabled
Authentication-Results: s473.loopia.se (amavisd-new); dkim=pass (2048-bit key)
 header.d=yesql.se
Received: from s934.loopia.se ([172.22.191.6])
 by s473.loopia.se (s473.loopia.se [172.22.190.13]) (amavisd-new, port 10024)
 with UTF8LMTP id 3WWTSbeIGZ3m; Tue, 18 Feb 2025 12:49:32 +0100 (CET)
X-Loopia-Auth: user
X-Loopia-User: daniel@yesql.se
X-Loopia-Originating-IP: 89.255.232.193
Received: from smtpclient.apple (customer-89-255-232-193.stosn.net
 [89.255.232.193])
	(Authenticated sender: daniel@yesql.se)
	by s934.loopia.se (Postfix) with ESMTPSA id 535887CEA60;
	Tue, 18 Feb 2025 12:49:32 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se;
	s=loopiadkim1707475645; t=1739879372;
	bh=apnuGar77bGVKLAgVsIlh6TwrtBdrPcZqBw/YmVHBCQ=;
	h=Subject:From:In-Reply-To:Date:Cc:References:To;
	b=gOi5E+mCu9JahFPAa2i2K3RxtlV9WiQqw3EcjzMeJD58YDIlqMtBqX3ixCOEQew7Z
	 LXl16c9Ce+Oa2iCcs1N+WtgySTTHqkAVz4+A+biDRnc7XgkQb3hiihaYpKX9EhkVf8
	 iHc44WmmpBbeppwrDOLj9hJjiFLHEnIsJJ0p13MFtmTDIrHsioh2b8JMZu2dZNk7eV
	 HQpgVT4+b3RcmGkwEZs/1HU0p9TpG+T0jFHe8jtzZ3SLB4vPJE/X802IumSpwr0kUh
	 wXkLEBkeXuoofK1PUCmx37Oafe6gJ6HwXFbz3IvPYG/utT0CClFwfhESydUa0U1Jkc
	 uGDS7FSdkLfSg==
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.1\))
Subject: Re: Hash Value for Updated POSTGRESQL?
From: Daniel Gustafsson <daniel@yesql.se>
In-Reply-To: 
 <PH8PR09MB9833528FB0652B092226E53C93FE2@PH8PR09MB9833.namprd09.prod.outlook.com>
Date: Tue, 18 Feb 2025 12:49:21 +0100
Cc: "pgsql-odbc@postgresql.org" <pgsql-odbc@postgresql.org>,
 "LeMaster, James C" <LeMasterJC@gru.com>,
 "Gause Jr, George" <GauseG1@gru.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2D4A1EED-E6AD-4AD9-BDD2-CCA07847CF68@yesql.se>
References: 
 <PH8PR09MB9833528FB0652B092226E53C93FE2@PH8PR09MB9833.namprd09.prod.outlook.com>
To: "Moore, David A" <MOOREDA9@gru.com>
X-Mailer: Apple Mail (2.3776.700.51.11.1)
List-Id: <pgsql-odbc.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-odbc@lists.postgresql.org>
List-Owner: <mailto:pgsql-odbc-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-odbc>
Archived-At: 
 <https://www.postgresql.org/message-id/2D4A1EED-E6AD-4AD9-BDD2-CCA07847CF68%40yesql.se>
Precedence: bulk

> On 14 Feb 2025, at 20:33, Moore, David A <MOOREDA9@gru.com> wrote:
>=20
> Hello,  We are a NERC regulated organization in the critical =
infrastructure arena. The most recent zero-day injection bug =
(CVE-2025-1094) has us concerned. We are attempting to update our =
postgresql, which has several dependencies in our organization. We are =
failing to find a md5 to verify authenticity and perform an integrity =
check on the installation file. I have researched this and finding =
nothing on this topic except for other orgs finding the same issues. Can =
you please advise us on this and any method of verification that you may =
provide that will satisfy our stringent compliance requirements?

First of all, you are emailing the discussion list for the postgres ODBC =
driver
but reading your email I'm fairly sure you mean the postgres server and =
not the
ODBC driver.

Regarding package signatures, the postgres project only offers source =
core
downloads and for those hash fingerprints are available.  See for =
example the
17.3 version:

	https://www.postgresql.org/ftp/source/v17.3/

If you download a pre-built package or installer you need to check with =
whom it
is you are downloading from.

--
Daniel Gustafsson