[postgis-tickets] [SCM] PostGIS branch stable-2.5 updated. 2.5.7-20-g8c63bb614

git at osgeo.org git at osgeo.org
Fri Aug 12 09:26:50 PDT 2022


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PostGIS".

The branch, stable-2.5 has been updated
       via  8c63bb614b0515df955164b7d96eb992858b376a (commit)
      from  2a1d759245f256d0a20c1fd0848ef15aefa9f34c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8c63bb614b0515df955164b7d96eb992858b376a
Author: Sandro Santilli <strk at kbt.io>
Date:   Tue Jul 12 07:30:57 2022 +0200

    Package objects before upgrading (only those which exist)
    
    We don't need to upgrade before packaging because objects
    created during extension upgrade are automatically packaged.
    
    Packaging upfront fixes creating PostGIS extension from
    unpackaged on PostgreSQL versions 10.22, 11.17+, 12.12+, 13.8+
    and 14.5+ addressing CVE-2022-2625, see:
    
      https://www.postgresql.org/support/security/CVE-2022-2625/
    
    Closes #5209 in 2.5 branch (2.5.8dev)
    Closes #5210 in 2.5 branch (2.5.8dev)
    
    This is a backport of cb65cd8973 which landed in master branch
    on July 12 2022.

diff --git a/NEWS b/NEWS
index 7c06e0f6f..3032aa435 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@ PostGIS 2.5.8dev
  * Bug fixes *
 
   - #5202, Guard against downgrades (Sandro Santilli)
+  - #5209, #5210, Fix upgrades with CVE-2022-2625 PostgreSQL fix
 
 PostGIS 2.5.7
 2022/07/19
diff --git a/extensions/postgis/Makefile.in b/extensions/postgis/Makefile.in
index 1b1788010..d3b53c635 100644
--- a/extensions/postgis/Makefile.in
+++ b/extensions/postgis/Makefile.in
@@ -51,6 +51,7 @@ EXTENSION_UPGRADE_SCRIPTS = \
 
 # Scripts making up the extension upgrade-from-unpackaged file
 # NOTE: order matters
+# TODO: DROPME
 EXTENSION_UNPACKAGED_UPGRADE_SCRIPTS = \
 	sql_bits/postgis.sql \
 	sql_bits/rtpostgis.sql
@@ -79,12 +80,10 @@ $(EXTENSION).control: $(EXTENSION).control.in Makefile
 sql/$(EXTENSION)--$(EXTVERSION).sql: sql/$(EXTENSION).sql | sql
 	cp $< $@
 
-sql/$(EXTENSION)--unpackaged--$(EXTVERSION).sql: $(EXTENSION_UNPACKAGED_UPGRADE_SCRIPTS) sql/$(EXTENSION)--ANY--$(EXTVERSION).sql ../../utils/create_unpackaged.pl Makefile | sql
-	# Ensure version is correct
-	cat sql/$(EXTENSION)--ANY--$(EXTVERSION).sql > $@
-	cat $(EXTENSION_UNPACKAGED_UPGRADE_SCRIPTS) \
-		| $(PERL) ../../utils/create_unpackaged.pl postgis \
-		>> $@
+sql/$(EXTENSION)--unpackaged--$(EXTVERSION).sql: sql/$(EXTENSION)--ANY--$(EXTVERSION).sql ../../utils/create_unpackaged.pl Makefile | sql
+	cat sql/$(EXTENSION)--$(EXTVERSION).sql | $(PERL) @top_srcdir@/utils/create_unpackaged.pl postgis > $@
+	# Upgrade after packaging
+	cat $< >> $@
 
 unpackaged_check.sql: unpackaged_check.sql.in Makefile
 	cat $< \
diff --git a/extensions/postgis_sfcgal/Makefile.in b/extensions/postgis_sfcgal/Makefile.in
index 4d375196c..3c262daea 100644
--- a/extensions/postgis_sfcgal/Makefile.in
+++ b/extensions/postgis_sfcgal/Makefile.in
@@ -84,12 +84,12 @@ sql_bits/sfcgal_comments.sql: ../../doc/sfcgal_comments.sql
 #grep all lines that start with CREATE OR REPLACE FUNCTION, TRIGGER...
 #then replace CREATE OR REPLACE .. with ALTER EXTENSION..;
 #then remove default values and extra junk
-sql/$(EXTENSION)--unpackaged--$(EXTVERSION).sql: $(EXTENSION_UNPACKAGED_UPGRADE_SCRIPTS) sql/$(EXTENSION)--ANY--$(EXTVERSION).sql ../../utils/create_unpackaged.pl Makefile | sql
-	# Ensure version is correct
-	cat sql/$(EXTENSION)--ANY--$(EXTVERSION).sql > $@
-	cat $(EXTENSION_UNPACKAGED_UPGRADE_SCRIPTS) \
-		| $(PERL) ../../utils/create_unpackaged.pl ${EXTENSION} \
-		>> $@
+sql/$(EXTENSION)--unpackaged--$(EXTVERSION).sql: sql_bits/sfcgal.sql sql/$(EXTENSION)--ANY--$(EXTVERSION).sql ../../utils/create_unpackaged.pl Makefile | sql
+	cat $< \
+		| $(PERL) @top_srcdir@/utils/create_unpackaged.pl ${EXTENSION} \
+		> $@
+	# Upgrade after packaging
+	cat sql/$(EXTENSION)--ANY--$(EXTVERSION).sql >> $@
 
 sql_bits/sfcgal_upgrade.sql : ../../postgis/sfcgal_upgrade.sql
 	mkdir -p sql_bits
diff --git a/extensions/postgis_topology/Makefile.in b/extensions/postgis_topology/Makefile.in
index 9ea82a315..29023434f 100644
--- a/extensions/postgis_topology/Makefile.in
+++ b/extensions/postgis_topology/Makefile.in
@@ -70,10 +70,10 @@ sql_bits/topology.sql: ../../topology/topology.sql
 sql_bits/topology_comments.sql: ../../doc/topology_comments.sql
 	cp $< $@
 
-sql/$(EXTENSION)--unpackaged--$(EXTVERSION).sql: ../../topology/topology.sql ../../utils/create_unpackaged.pl sql/$(EXTENSION)--ANY--$(EXTVERSION).sql Makefile | sql
-	# Ugprade before packaging
-	cat sql/$(EXTENSION)--ANY--$(EXTVERSION).sql > $@
-	cat $< | $(PERL) ../../utils/create_unpackaged.pl postgis_topology >> $@
+sql/$(EXTENSION)--unpackaged--$(EXTVERSION).sql: ../../topology/topology.sql ../../utils/create_unpackaged.pl sql/topology_upgrade.sql Makefile | sql
+	cat $< | $(PERL) @top_srcdir@/utils/create_unpackaged.pl postgis_topology > $@
+	# Ugprade after packaging (TODO: use ANY--TARGET path?)
+	cat sql/topology_upgrade.sql >> $@
 
 #upgrade script should have everything but table, schema, type creation/alter
 #NOTE: we assume all object definitions end in ;
diff --git a/utils/create_unpackaged.pl b/utils/create_unpackaged.pl
index 84f7aeeb9..3017d92e4 100755
--- a/utils/create_unpackaged.pl
+++ b/utils/create_unpackaged.pl
@@ -4,7 +4,7 @@
 # PostGIS - Spatial Types for PostgreSQL
 # http://postgis.net
 #
-# Copyright (C) 2013 Sandro Santilli <strk at kbt.io>
+# Copyright (C) 2013-2022 Sandro Santilli <strk at kbt.io>
 #
 # This is free software; you can redistribute and/or modify it under
 # the terms of the GNU General Public Licence. See the COPYING file.
@@ -131,15 +131,29 @@ sub add_if_not_exists
   print <<"EOF"
 DO \$\$
 BEGIN
- ALTER EXTENSION $extname ADD $obj;
- RAISE NOTICE 'newly registered $obj';
-EXCEPTION WHEN object_not_in_prerequisite_state THEN
+
+	-- TODO: check if ownership of the object
+	--       matches ownership of the extension
+	--       the object to the extension
+
+	ALTER EXTENSION $extname ADD $obj;
+	RAISE NOTICE 'newly registered $obj';
+
+EXCEPTION
+WHEN object_not_in_prerequisite_state THEN
   IF SQLERRM ~ '\\m$extname\\M'
   THEN
     RAISE NOTICE 'already registered $obj';
   ELSE
     RAISE EXCEPTION '%', SQLERRM;
   END IF;
+WHEN
+	undefined_function
+	-- TODO: handle more exceptions ?
+THEN
+	RAISE NOTICE 'undefined function $obj';
+WHEN OTHERS THEN
+	RAISE EXCEPTION 'Trying to add $obj to $extname, got % (%)', SQLERRM, SQLSTATE;
 END;
 \$\$ LANGUAGE 'plpgsql';
 EOF

-----------------------------------------------------------------------

Summary of changes:
 NEWS                                    |  1 +
 extensions/postgis/Makefile.in          | 11 +++++------
 extensions/postgis_sfcgal/Makefile.in   | 12 ++++++------
 extensions/postgis_topology/Makefile.in |  8 ++++----
 utils/create_unpackaged.pl              | 22 ++++++++++++++++++----
 5 files changed, 34 insertions(+), 20 deletions(-)


hooks/post-receive
-- 
PostGIS


More information about the postgis-tickets mailing list