Opened 21 months ago

Closed 21 months ago

Last modified 3 months ago

#5209 closed defect (fixed)

Upgrade issue with topology: function layertrigger() is not a member of extension "postgis_topology"

Reported by: robe Owned by: strk
Priority: blocker Milestone: PostGIS 2.5.8
Component: topology Version: 3.2.x
Keywords: Cc:

Description

From https://lists.osgeo.org/pipermail/postgis-users/2022-August/045600.html 

When building packages today for the new postgres releases I ran into the below
error for the PostGIS package when running tests:

  ALTER EXTENSION
  ERROR:  function layertrigger() is not a member of extension "postgis_topology"
  DETAIL:  An extension is not allowed to replace an object that it does not own.

It seems that it's related to the CVE which was fixed in the new postgres
releases today.

Change History (12)

comment:1 by robe, 21 months ago

Happens when upgrading from 2.5.5 o 3.2.1

comment:2 by strk, 21 months ago

This issue is present with all PostgreSQL version from 10 to 14, see https://www.postgresql.org/support/security/CVE-2022-2625/

In PostGIS this should be fixed in master branch (3.3.0rc1) with [cb65cd89737d14c386ef004fe270de953338a7e9/git]

I guess we want to backport that commit in all stable branches, not just 3.2 ?

Last edited 21 months ago by strk (previous) (diff)

comment:3 by strk, 21 months ago

according to https://trac.osgeo.org/postgis/wiki/UsersWikiPostgreSQLPostGIS latest PostgreSQL supported by PostGIS 2.5 is 12, earliest supported by PostGIS 3.2 is 9.6

I'm going to setup a PostGIS 12 to test this out locally in all supported version (back to 2.5 branch) and then work on a fix when needed.

comment:4 by strk, 21 months ago

To correct what's written in comment:1 the reported problem happens when upgrading from _unpackaged_ postgis. It's reported to happen in versions 2.5.5 and 3.2.1 but I know it will also happen in versions 3.0.6 and 3.1.6.

It was reported that with 3.2.2 the problem can be reproduced running: make installcheck-upgrade from the build dir.

comment:5 by strk, 21 months ago

The problem can be reproduced in all stable branches with:

regress/run_test.pl -v —extension —upgrade —upgrade-path unpackaged—2.5.8dev regress/regress

The target version has to be replaced with the currently-built and installed postgis version

Version 0, edited 21 months ago by strk (next)

comment:6 by strk, 21 months ago

CI bots are catching the problem already: https://gitlab.com/postgis/postgis/-/jobs/2848275869

comment:7 by Sandro Santilli <strk@…>, 21 months ago

In b8b2614/git:

Package objects before upgrading (only those which exist)

We don't need to upgrade before packaging because objects
created during extension upgrade are automatically packaged.

Packaging upfront fixes creating PostGIS extension from
unpackaged on PostgreSQL versions 10.22, 11.17+, 12.12+, 13.8+
and 14.5+ addressing CVE-2022-2625, see:

https://www.postgresql.org/support/security/CVE-2022-2625/

References #5209 in 3.2 branch (3.2.3dev)

This is a backport of cb65cd8973 which landed in master branch
on July 12 2022.

comment:8 by Sandro Santilli <strk@…>, 21 months ago

In f2c16bd/git:

Package objects before upgrading (only those which exist)

We don't need to upgrade before packaging because objects
created during extension upgrade are automatically packaged.

Packaging upfront fixes creating PostGIS extension from
unpackaged on PostgreSQL versions 10.22, 11.17+, 12.12+, 13.8+
and 14.5+ addressing CVE-2022-2625, see:

https://www.postgresql.org/support/security/CVE-2022-2625/

References #5209 in 3.1 branch (3.1.7dev)

This is a backport of cb65cd8973 which landed in master branch
on July 12 2022.

comment:9 by Sandro Santilli <strk@…>, 21 months ago

In d4c55c6/git:

Package objects before upgrading (only those which exist)

We don't need to upgrade before packaging because objects
created during extension upgrade are automatically packaged.

Packaging upfront fixes creating PostGIS extension from
unpackaged on PostgreSQL versions 10.22, 11.17+, 12.12+, 13.8+
and 14.5+ addressing CVE-2022-2625, see:

https://www.postgresql.org/support/security/CVE-2022-2625/

References #5209 in 3.0 branch (3.0.7dev)

This is a backport of cb65cd8973 which landed in master branch
on July 12 2022.

comment:10 by Sandro Santilli <strk@…>, 21 months ago

Resolution: fixed
Status: newclosed

In 8c63bb6/git:

Package objects before upgrading (only those which exist)

We don't need to upgrade before packaging because objects
created during extension upgrade are automatically packaged.

Packaging upfront fixes creating PostGIS extension from
unpackaged on PostgreSQL versions 10.22, 11.17+, 12.12+, 13.8+
and 14.5+ addressing CVE-2022-2625, see:

https://www.postgresql.org/support/security/CVE-2022-2625/

Closes #5209 in 2.5 branch (2.5.8dev)
Closes #5210 in 2.5 branch (2.5.8dev)

This is a backport of cb65cd8973 which landed in master branch
on July 12 2022.

comment:11 by robe, 21 months ago

Milestone: PostGIS 3.2.3PostGIS 2.5.8

comment:12 by strk, 3 months ago

Summary: Upgrade issue with topologyUpgrade issue with topology: function layertrigger() is not a member of extension "postgis_topology"
Note: See TracTickets for help on using tickets.