On Tue, Dec 31, 2024 at 10:23:29AM +0900, Michael Paquier wrote: > On Mon, Dec 30, 2024 at 04:58:26PM -0500, Bruce Momjian wrote: > > I saw your question and was kind of stumped about how to answer. We > > rarely look at back branches for backpatch analysis, so I think we are > > kind of confused on how to answer. Under what circumstances are you > > supported versions of Postgres that we don't support? Is this part of > > Debian policy? > > So am I (I'd say that you are on your own for this one, still..). > It is the first time I hear about that on the lists, but perhaps > Christoph Berg would know better? Adding him in CC for comments. > > Applying patches to older branches is a speciality in itself, and > requires a lot of work and analysis (not planning to do that here for > this specific CVE). The good thing is that 5a2fed911a85 has some > regression tests, so you could be more confident that what you are > doing is rather right. Now the code in this area has changed slightly > because of the introduction of parallel workers in 9.6, so that could > be tricky. I'd suggest to *not* bypass the work across multiple > branches at once as it can help in dealing with conflicts in a more > granular way, even if it may increase the analysis burden quite a bit. > Ack. I worked my way one branch at a time, specifically for the reason you cited.
> While on it, note also 73c9f91a1b6d by the way, which is a follow up > of 5a2fed911a85 for CVE-2024-10978 related to parallel workers, it > would not apply to 9.4, for sure. > Definitely. That was relatively straightforward to figure out and confirm. Thanks for the hints. Regards, -Roberto -- Roberto C. Sánchez
