Opened 2 years ago

Closed 2 years ago

Last modified 10 months ago

#5209 closed defect (fixed)

Upgrade issue with topology: function layertrigger() is not a member of extension "postgis_topology"

Reported by: robe Owned by: strk
Priority: blocker Milestone: PostGIS 2.5.8
Component: topology Version: 3.2.x
Keywords: Cc:

Description

From https://lists.osgeo.org/pipermail/postgis-users/2022-August/045600.html

When building packages today for the new postgres releases I ran into the below
error for the PostGIS package when running tests:

  ALTER EXTENSION
  ERROR:  function layertrigger() is not a member of extension "postgis_topology"
  DETAIL:  An extension is not allowed to replace an object that it does not own.

It seems that it's related to the CVE which was fixed in the new postgres
releases today. 

Change History (12)

comment:1 by robe, 2 years ago

Happens when upgrading from 2.5.5 o 3.2.1

comment:2 by strk, 2 years ago

This issue is present with all PostgreSQL version from 10 to 14, see https://www.postgresql.org/support/security/CVE-2022-2625/

In PostGIS this should be fixed in master branch (3.3.0rc1) with [cb65cd89737d14c386ef004fe270de953338a7e9/git]

I guess we want to backport that commit in all stable branches, not just 3.2 ?

Last edited 2 years ago by strk (previous) (diff)

comment:3 by strk, 2 years ago

according to https://trac.osgeo.org/postgis/wiki/UsersWikiPostgreSQLPostGIS latest PostgreSQL supported by PostGIS 2.5 is 12, earliest supported by PostGIS 3.2 is 9.6

I'm going to setup a PostGIS 12 to test this out locally in all supported version (back to 2.5 branch) and then work on a fix when needed.

comment:4 by strk, 2 years ago

To correct what's written in comment:1 the reported problem happens when upgrading from _unpackaged_ postgis. It's reported to happen in versions 2.5.5 and 3.2.1 but I know it will also happen in versions 3.0.6 and 3.1.6.

It was reported that with 3.2.2 the problem can be reproduced running: make installcheck-upgrade from the build dir.

comment:5 by strk, 2 years ago

The problem can be reproduced in all stable branches with:

regress/run_test.pl -v --extension --upgrade --upgrade-path unpackaged--2.5.8dev regress/regress

The target version has to be replaced with the currently-built and installed postgis version

Version 0, edited 2 years ago by strk (next)

comment:6 by strk, 2 years ago

CI bots are catching the problem already: https://gitlab.com/postgis/postgis/-/jobs/2848275869

comment:7 by Sandro Santilli <strk@…>, 2 years ago

In b8b2614/git:

Package objects before upgrading (only those which exist)

We don't need to upgrade before packaging because objects
created during extension upgrade are automatically packaged.

Packaging upfront fixes creating PostGIS extension from
unpackaged on PostgreSQL versions 10.22, 11.17+, 12.12+, 13.8+
and 14.5+ addressing CVE-2022-2625, see:

https://www.postgresql.org/support/security/CVE-2022-2625/

References #5209 in 3.2 branch (3.2.3dev)

This is a backport of cb65cd8973 which landed in master branch
on July 12 2022.

comment:8 by Sandro Santilli <strk@…>, 2 years ago

In f2c16bd/git:

Package objects before upgrading (only those which exist)

We don't need to upgrade before packaging because objects
created during extension upgrade are automatically packaged.

Packaging upfront fixes creating PostGIS extension from
unpackaged on PostgreSQL versions 10.22, 11.17+, 12.12+, 13.8+
and 14.5+ addressing CVE-2022-2625, see:

https://www.postgresql.org/support/security/CVE-2022-2625/

References #5209 in 3.1 branch (3.1.7dev)

This is a backport of cb65cd8973 which landed in master branch
on July 12 2022.

comment:9 by Sandro Santilli <strk@…>, 2 years ago

In d4c55c6/git:

Package objects before upgrading (only those which exist)

We don't need to upgrade before packaging because objects
created during extension upgrade are automatically packaged.

Packaging upfront fixes creating PostGIS extension from
unpackaged on PostgreSQL versions 10.22, 11.17+, 12.12+, 13.8+
and 14.5+ addressing CVE-2022-2625, see:

https://www.postgresql.org/support/security/CVE-2022-2625/

References #5209 in 3.0 branch (3.0.7dev)

This is a backport of cb65cd8973 which landed in master branch
on July 12 2022.

comment:10 by Sandro Santilli <strk@…>, 2 years ago

Resolution: fixed
Status: newclosed

In 8c63bb6/git:

Package objects before upgrading (only those which exist)

We don't need to upgrade before packaging because objects
created during extension upgrade are automatically packaged.

Packaging upfront fixes creating PostGIS extension from
unpackaged on PostgreSQL versions 10.22, 11.17+, 12.12+, 13.8+
and 14.5+ addressing CVE-2022-2625, see:

https://www.postgresql.org/support/security/CVE-2022-2625/

Closes #5209 in 2.5 branch (2.5.8dev)
Closes #5210 in 2.5 branch (2.5.8dev)

This is a backport of cb65cd8973 which landed in master branch
on July 12 2022.

comment:11 by robe, 2 years ago

Milestone: PostGIS 3.2.3PostGIS 2.5.8

comment:12 by strk, 10 months ago

Summary: Upgrade issue with topologyUpgrade issue with topology: function layertrigger() is not a member of extension "postgis_topology"
Note: See TracTickets for help on using tickets.