|
Bugzilla – Full Text Bug Listing |
| Summary: | latest phpMyAdmin deletes configuration! | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE LINUX 10.0 | Reporter: | Matthias Boettger <matthias.boettger> |
| Component: | Update Problems | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Klaus Kämpf <kkaempf> |
| Severity: | Blocker | ||
| Priority: | P5 - None | CC: | ast, hmuelle, mmarek, security-team, suse-beta |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | SuSE Linux 10.0 | ||
| Whiteboard: | |||
| Found By: | IS&T | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Matthias Boettger
2006-11-25 09:50:34 UTC
it should really not have deleted the configuration :( btw, the .rpmnew will have your configuration data, since it is not generated by RPM itself, but by the %post section Yes you are right, the .rpmnew file includes my old configuration. Matthias: sorry, my bad. See bug 223725. I need to find out whether this is the same as the second bug, or whether things are more complicated. You had your custom configuration in phpMyAdmin/config.inc.php, right? Now, the update should have installed phpMyAdmin/libraries/config.inc.php as part of its payload, renamed it to phpMyAdmin/libraries/config.inc.php.rpmnew and renamed your custom configuration to phpMyAdmin/libraries/config.inc.php. Can you double-check which of the **/config.inc.php* files contains your configuration and which one is only a copy of the default? Thanks! I tried this security update for 10.0 and it does what Michal said. I found my old config in phpMyAdmin/libraries/config.inc.php and the new one was saved as phpMyAdmin/libraries/config.inc.php.rpmnew Matthias, can you confirm / disconfirm comment #5? Thanks! Confirmed, I found my old config in this directory but the configuration must be located in phpMyAdmin/config.inc.php and this one was removed. Yes, mv config.inc.php libraries/config.inc.php was a mistake and I'm sorry for that. I was just affraid that according to your comment #3 (old config in .rpmnew) there was another mistake. Marcus, Anja, Harald: what to do now? Release anothe PMA update with if test -f %{serverroot}%{name}/libraries/config.inc.php -a ! \ -f %{serverroot}%{name}/config.inc.php; then mv %{serverroot}%{name}/libraries/config.inc.php %{serverroot}%{name}/ fi in %post (as attached to bug 223725)? Or release a YOU script doing the same? we have to expect: - old phpMyAdmin - current security broken phpMyAdmin can you handle those cases? I would really suggest a new update to fix this. Old phpMyAdmin won't have any config.inc.php in phpMyAdmin/libraries, so the if condition won't pass. I'll prepare the packages. *** Bug 223725 has been marked as a duplicate of this bug. *** It's not that simple, I'll have to keep phpMyAdmin/config.inc.php in %files... I **hope** I got it right now: - For an update from the good old PMA, I added %ghost .../phpMyAdmin/config.inc.php, so that rpm doesn't delete the file (but there is no need to install it, that's why the ghost), the %post script skips the mv command. - For update from the broken PMA, the %post script moves the file back to the correct place. - For new installation, no config.inc.php gets installed, because the config.default.php is enough. I submitted the packages for 9.3, 10.0, 10.1 and 10.2 MaintenanceTracker-7282 Is the update for 10.2 actually useful right now? The broken package is on the GM so there was no previous security that could have moved the config file away. If someone updates from an older distro to 10.2, the bug will appear, too. On the other hand, the broken package was already on 10.1 GM an noone complained until now. approved this update. |