[postgis-users] Errors with upgrading due to CVE CVE-2022-2625
Regina Obe
lr at pcorp.us
Thu Aug 11 13:18:47 PDT 2022
> > > On 11 Aug 2022, at 18:39, Regina Obe <lr at pcorp.us> wrote:
> > >
> > >> This happens when running the tests for postgis 2.5.5 and 3.2.1.
> >
> > > Is there a reason you are not using 3.2.2 ?
> > > https://postgis.net/2022/07/23/postgis-3.2.2/
> >
> > I've now upgraded to 3.2.2 and the issue remains. When building and
> > running make installcheck-upgrade against a 14.5 postgres cluster it
fails
> with:
> >
> > NOTICE: Packaging extension postgis
> > ERROR: function _postgis_deprecate(text,text,text) is not a member
> > of extension "postgis"
> > DETAIL: An extension is not allowed to replace an object that it
> > does not own.
> > CONTEXT: SQL statement "CREATE EXTENSION postgis SCHEMA public
> > VERSION unpackaged;ALTER EXTENSION postgis UPDATE TO "3.2.2""
> > PL/pgSQL function postgis_extensions_upgrade() line 71 at EXECUTE
> >
> > Am I doing something wrong or is this a fallout from CVE-2022-2625?
> >
> > To clarify from my previous email, I'm not upgrading from 2.5.5, I'm
> > bulding
> > 3.2.2 in isolation and running its tests.
> >
> > --
> > Daniel Gustafsson https://vmware.com/
> >
I've ticketed both of these:
https://trac.osgeo.org/postgis/ticket/5209
https://trac.osgeo.org/postgis/ticket/5210
I think Sandro was working on a fix for these, but guess it didn't make it
into the last micro.
I'm going to double check to confirm it's handled in our latest stable
branches and if it is we can push out a new micro shortly.
Thanks,
Regina
More information about the postgis-users
mailing list