| From: | "Abraham, Danny" <danny_abraham(at)bmc(dot)com> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [EXTERNAL] Re: Asking for OK for a nasty trick to resolve PG CVE-2025-1094 i |
| Date: | 2025-03-06 09:33:39 |
| Message-ID: | 14fc085b-1d48-4bc0-9d44-1d11507c0ded@bmc.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-performance |
Explanation.
We have hundreds of pg servers (mainly linux).
App is 7×24.
We think that patching the server to 15.12.will cost about 30 times more compared to patching the pg client ( mainly qa effort).
The app working fine using [libpq, psql] on both Linux as well as Windows.
Would love to hear your opinion.
Thanks
Danny
Sent from Workspace ONE Boxer
On Mar 6, 2025 10:11, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> wrote:
[redirecting to pgsql-general]
On Thu, 2025-03-06 at 07:39 +0000, Abraham, Danny wrote:
> I have many customers using PG 15.3 happily, and I cannot just snap upgrade them all to 15.12.
Why do you think you cannot do that?
In the long run, you'll be sorry if you don't.
It is just a matter of replacing the software and restarting the database server.
> I have tested a nasty trick of replacing PSQL,LIBPQ and several other DLL's so that
> I have a PG client 15.12 within the folders of Server 15.3.
>
> All working just fine.
>
> I plan to ship it as a patch - but would like to hear you opinion on this "merge".
>
> (Of course, the next version will use PG 17.4, so this is just an SOS action).
>
> Directory of C:\Users\dbauser\Desktop\15.12
>
> 02/20/2025 11:48 AM 4,696,576 libcrypto-3-x64.dll
> 02/20/2025 11:48 AM 1,850,401 libiconv-2.dll
> 02/20/2025 11:48 AM 475,769 libintl-9.dll
> 02/20/2025 11:48 AM 323,584 libpq.dll
> 02/20/2025 11:48 AM 779,776 libssl-3-x64.dll
> 02/20/2025 11:48 AM 52,736 libwinpthread-1.dll
> 02/20/2025 11:48 AM 604,160 psql.exe
>
> ==
> C:\Program Files\BMC Software\Control-M Server\pgsql\bin>postgres -V
> postgres (PostgreSQL) 15.3
>
> C:\Program Files\BMC Software\Control-M Server\pgsql\bin>psql -V
> psql (PostgreSQL) 15.12
There is nothing fundamentally evil about upgrading the client.
But what is the point? Why are you worried about client bugs more than
about server bugs? The latter are much more likely to eat your data.
But then, if you are using Windows, perhaps you don't care a lot about
your data...
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron Johnson | 2025-03-06 09:37:56 | psql and regex not like |
| Previous Message | Igor Korot | 2025-03-06 09:18:29 | Re: Quesion about querying distributed databases |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron Johnson | 2025-03-06 10:08:42 | Re: [EXTERNAL] Re: Asking for OK for a nasty trick to resolve PG CVE-2025-1094 i |
| Previous Message | Ron Johnson | 2025-03-06 08:27:09 | Re: Asking for OK for a nasty trick to resolve PG CVE-2025-1094 i |