On Tue, Dec 31, 2024 at 10:23:29AM +0900, Michael Paquier wrote:
> On Mon, Dec 30, 2024 at 04:58:26PM -0500, Bruce Momjian wrote:
> > I saw your question and was kind of stumped about how to answer. We
> > rarely look at back branches for backpatch analysis, so I think we are
> > kind of confused on how to answer. Under what circumstances are you
> > supported versions of Postgres that we don't support? Is this part of
> > Debian policy?
>
> So am I (I'd say that you are on your own for this one, still..).
> It is the first time I hear about that on the lists, but perhaps
> Christoph Berg would know better? Adding him in CC for comments.
>
> Applying patches to older branches is a speciality in itself, and
> requires a lot of work and analysis (not planning to do that here for
> this specific CVE). The good thing is that 5a2fed911a85 has some
> regression tests, so you could be more confident that what you are
> doing is rather right. Now the code in this area has changed slightly
> because of the introduction of parallel workers in 9.6, so that could
> be tricky. I'd suggest to *not* bypass the work across multiple
> branches at once as it can help in dealing with conflicts in a more
> granular way, even if it may increase the analysis burden quite a bit.
>
Ack. I worked my way one branch at a time, specifically for the reason
you cited.
> While on it, note also 73c9f91a1b6d by the way, which is a follow up
> of 5a2fed911a85 for CVE-2024-10978 related to parallel workers, it
> would not apply to 9.4, for sure.
>
Definitely. That was relatively straightforward to figure out and
confirm.
Thanks for the hints.
Regards,
-Roberto
--
Roberto C. Sánchez
