Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vVa1s-005GY7-2H for pgsql-bugs@arkaria.postgresql.org; Tue, 16 Dec 2025 18:44:13 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vVa0q-0084Xj-0v for pgsql-bugs@arkaria.postgresql.org; Tue, 16 Dec 2025 18:43:09 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vVa0q-0084Xa-03 for pgsql-bugs@lists.postgresql.org; Tue, 16 Dec 2025 18:43:08 +0000 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vVa0o-0015vn-00 for pgsql-bugs@lists.postgresql.org; Tue, 16 Dec 2025 18:43:08 +0000 Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-b72b495aa81so871201066b.2 for ; Tue, 16 Dec 2025 10:43:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765910584; x=1766515384; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=p8alzuCdZCVe0DACMu1oK/A92NudV6eXJ9rklUUqHxE=; b=ElIoI78rTXSWWO3XEiNtRfgLLVYMF+DN43+Nmo53RtyqJRpiGGVyDxzO1RAGx7FKP5 1enQHgkjQK5joL4EHnGYEL09/f5zSy6e/1O0tosrOGMUIvILRB1cKalhL81IIgwkzNbn ym2q4ly4n2UzeTrabFAW20RMdq41eUEdPgQW4ui02lW78M8MOH0gyfGy9N+SV+biY6hY 60e3qNJyGeu+07qZ2VEmz0oC2zxgKkQeY3wBuoFi7TEbk7sLNVP3/lHjB9zK6bhWAYYL 8XQ1kQs7cvxpGMFhQWcECtB+e9JR7qO5iAFIKbh4Z9Jgv2Q3m5I1BpY6paxBk3SmXuBs Q5VA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765910584; x=1766515384; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=p8alzuCdZCVe0DACMu1oK/A92NudV6eXJ9rklUUqHxE=; b=Ub/Arv3sDfHfpRwsXMjNplIKc/F9VpgqDb5zji/BqQwAsJHvBDEYkOE4oMwOowIR99 G5lctgiTXH1EYkROPRaVt8NpC5KYUXXNL0H5g5bQTZ2ERRODaQxFNHjX0gAWX9M5Jlik LVc5JziEdcCDimhc90ba1skGY704CVuia1/HGQk9DCIzoahUjsYvp2u3orvNX4wstt97 2CantVhxwTTzJrbxpIRXiVw/B6fS/80Q8dxKX93G/9o2bwG4NwdCKXQFZRaoK7anT1jV +QGUAvlqMLTasVRrCV5MYWWpN2NtRMquJB7rISB9mbCKypMkMVTf2qoE04rJqjm5yQnE YAOw== X-Forwarded-Encrypted: i=1; AJvYcCVlQMI649kOMmZWq8rxasjnghHTCl5Hm0+EiD0WVNXn10/JJMbzVQgaESpVTp1vKJMPa7LP0vThfn7H@lists.postgresql.org X-Gm-Message-State: AOJu0YzI6WglF9+7PmpFy2vio5rB2K0pHF4OnYyiY2Ya925iAqofJPYA v+FCnSwaDeAmgfKIZs/pyKSFXQ9qUFE3bQ4EJhtlnbOW5nFTCcbfa3DGYDRDGc/2bzkXKyOSm8j beRoiPdNPWCMyFmUvf70MT5yCs+KqcKQ= X-Gm-Gg: AY/fxX4lhJyH+hyaaL6UxsNIJBPSa7ZGGcTbFO+zUGFlfD/yDgJdc49N/xsmiZcEJYS qcUTQ9SLC45QmAJPp4LSnbHSfaEhUHo3ghF30evECjfcvlEHm4fx1LMPma4ZVmfGZMNWcqHzRDw S5dPqZMf5THXEAqYcrHUo1XnhYu4U1af/k5haL3eE5UOuNcGCxOQqoxgLaSQkTyDhytpf7XDonw DMEzXa/RoWfq5YthpS1wR4GOEDH168b0OPOsVn2uTI9hQQrOA8VsLzAEHke1O55GzPp/B0VeB6F 2O9KT7U416Qky9mQQhHCjaaG58KupwQ7dH0BHg== X-Google-Smtp-Source: AGHT+IGykDj8Q/i5TW8bu6YsgdcFljGuqLNIbTi26d6ZY0dUehq3l9rycdYPDMG7F6cP3ffX8NfXEMb7gw7Fn7IaL0M= X-Received: by 2002:a17:907:980f:b0:b76:3476:a83c with SMTP id a640c23a62f3a-b7d23ad6794mr1467298666b.40.1765910583220; Tue, 16 Dec 2025 10:43:03 -0800 (PST) MIME-Version: 1.0 References: <19354-eefe6d8b3e84f9f2@postgresql.org> <2292889.1765846569@sss.pgh.pa.us> <2393116.1765899706@sss.pgh.pa.us> In-Reply-To: <2393116.1765899706@sss.pgh.pa.us> From: Robert Haas Date: Tue, 16 Dec 2025 13:42:51 -0500 X-Gm-Features: AQt7F2r-ynou3El6qIseEs2KAVJQLjoEZnTIOltsOD2mjm3qmbgTZg-GaDZq69Q Message-ID: Subject: Re: BUG #19354: JOHAB rejects valid byte sequences To: Tom Lane Cc: Jeroen Vermeulen , VASUKI M , pgsql-bugs@lists.postgresql.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Tue, Dec 16, 2025 at 10:41=E2=80=AFAM Tom Lane wrote= : > However, that doesn't mean we can fix pg_johab_mblen() and we're done. > I'm still quite afraid that we'd be introducing security-grade > inconsistencies of interpretation between different PG versions. I understand that fear, but I do not have an opinion either way on whether there would be an actual vulnerability I think there is a good chance that the right going-forward fix is to deprecate the encoding, because according to https://www.unicode.org/Public/MAPPINGS/EASTASIA/ReadMe.txt this and everything else that's now under https://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/ were deprecated in 2001. By the time v19 is released, the deprecation will be a quarter-century old, and the fact that it doesn't work is good evidence that few people will miss it, though perhaps the original poster will want to put forward an argument for why we should still care about this. What to do in the back branches is a more difficult question. Since this is a client-only encoding, there's no issue of what is already stored in the database, and we would not be proposing to change any of the mappings, just allow the ones that don't currently work to do so. I *think* that fixing pg_johab_mblen() would be "forward compatible": the subset of the encoding that already works would continue to behave in the same way, and the rest of it would begin working as well. And, I don't really like throwing up our hands and deciding that already-released features are free to continue not working. That's what bug-fix release are for. On the other hand, fixing this bug which apparently affects very few users, and in the process creating a scarier, CVE-worthy bug would not win us many friends, especially in view of the apparently-low uptake of this encoding. --=20 Robert Haas EDB: http://www.enterprisedb.com