[postgis-users] Errors with upgrading due to CVE CVE-2022-2625
Regina Obe
lr at pcorp.us
Thu Aug 11 13:10:27 PDT 2022
> From: postgis-users [mailto:postgis-users-bounces at lists.osgeo.org] On
Behalf
> Of Daniel Gustafsson
> Sent: Thursday, August 11, 2022 3:45 PM
> To: PostGIS Users Discussion <postgis-users at lists.osgeo.org>
> Subject: Re: [postgis-users] Errors with upgrading due to CVE
CVE-2022-2625
>
> > On 11 Aug 2022, at 18:39, Regina Obe <lr at pcorp.us> wrote:
> >
> >> This happens when running the tests for postgis 2.5.5 and 3.2.1.
>
> > Is there a reason you are not using 3.2.2 ?
> > https://postgis.net/2022/07/23/postgis-3.2.2/
>
> I've now upgraded to 3.2.2 and the issue remains. When building and
> running make installcheck-upgrade against a 14.5 postgres cluster it fails
with:
>
> NOTICE: Packaging extension postgis
> ERROR: function _postgis_deprecate(text,text,text) is not a member of
> extension "postgis"
> DETAIL: An extension is not allowed to replace an object that it does
not
> own.
> CONTEXT: SQL statement "CREATE EXTENSION postgis SCHEMA public
> VERSION unpackaged;ALTER EXTENSION postgis UPDATE TO "3.2.2""
> PL/pgSQL function postgis_extensions_upgrade() line 71 at EXECUTE
>
> Am I doing something wrong or is this a fallout from CVE-2022-2625?
>
> To clarify from my previous email, I'm not upgrading from 2.5.5, I'm
bulding
> 3.2.2 in isolation and running its tests.
>
> --
> Daniel Gustafsson https://vmware.com/
>
Thanks for the report. Yes this is a fallout.
Thanks,
Regina
More information about the postgis-users
mailing list