Bug 88621 - "portupgrade horde" overwrites config file
Summary: "portupgrade horde" overwrites config file
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Thierry Thomas
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-07 19:40 UTC by Heinrich Rebehn
Modified: 2005-11-26 11:30 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Heinrich Rebehn 2005-11-07 19:40:14 UTC
After portupgrading horde, the config file 

/usr/local/www/horde/config/conf.php          

is replaced by a default one which allows full admin access to horde
for everyone.
Although the install script kindly renames my customized config
file to 'conf.php.previous' so i do not have to restore it from
backup, i consider it a grave security bug, when after the upgrade
everyone is greeted "Welcome Administrator".

I upgraded to horde-3.0.6

Fix: 

The install script should not replace the customized config files,
rather install the package provided ones as 'conf.php.new' or such,
so the admin can merge by hand.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2005-11-07 20:08:00 UTC
Responsible Changed
From-To: freebsd-ports-bugs->thierry

Over to maintainer
Comment 2 Thierry Thomas freebsd_committer freebsd_triage 2005-11-13 20:31:29 UTC
State Changed
From-To: open->closed


I have committed a patch which should do what you expect. 

Thanks for the report!
Comment 3 Heinrich Rebehn 2005-11-25 11:41:10 UTC
Sorry, the problem persists with horde-3.0.7.
Still the default config file is installed inviting everyone as
administrator.

The install reports:
--->   /usr/local/www/horde/config/conf.php not installed ***
--->       please copy from
/usr/local/www/horde/config/conf.php.previous ***
--->                or from /usr/local/www/horde/config/conf.php.new
  ***
--->   /usr/local/www/horde/config/mime_drivers.php not installed ***
--->       please copy from
/usr/local/www/horde/config/mime_drivers.php.previous ***
--->                or from
/usr/local/www/horde/config/mime_drivers.php.new      ***

but this is not true. /usr/local/www/horde/config/conf.php *IS* installed.

Regards,

Heinrich Rebehn
Comment 4 Thierry Thomas freebsd_committer freebsd_triage 2005-11-26 11:25:35 UTC
Le Ven 25 nov 05 à 12:50:07 +0100, Heinrich Rebehn <rebehn@ant.uni-bremen.de>
 écrivait :
> The following reply was made to PR ports/88621; it has been noted by GNATS.
> 
> From: Heinrich Rebehn <rebehn@ant.uni-bremen.de>
> To: bug-followup@FreeBSD.org,  rebehn@ant.uni-bremen.de
> Cc:  
> Subject: Re: ports/88621: "portupgrade horde" overwrites config file
> Date: Fri, 25 Nov 2005 12:41:10 +0100
> 
>  Sorry, the problem persists with horde-3.0.7.
>  Still the default config file is installed inviting everyone as
>  administrator.
>  
>  The install reports:
>  --->   /usr/local/www/horde/config/conf.php not installed ***
>  --->       please copy from
>  /usr/local/www/horde/config/conf.php.previous ***
>  --->                or from /usr/local/www/horde/config/conf.php.new
>    ***
>  --->   /usr/local/www/horde/config/mime_drivers.php not installed ***
>  --->       please copy from
>  /usr/local/www/horde/config/mime_drivers.php.previous ***
>  --->                or from
>  /usr/local/www/horde/config/mime_drivers.php.new      ***
>  
>  but this is not true. /usr/local/www/horde/config/conf.php *IS* installed.

Are you sure? I cannot reproduce it: just before the lines

 --->   /usr/local/www/horde/config/conf.php not installed ***
 --->       please copy from
        /usr/local/www/horde/config/conf.php.previous ***
 --->                or from /usr/local/www/horde/config/conf.php.new

are echoed, pkg_install does `mv conf.php conf.php.new'. Just conf.xml
should be installed.

However, there still exists a problem: if there is no conf.php or just
the default one is the same for Horde, and the first person is greeted
as Administrator.

We have to find a better solution.

Regards,
-- 
Th. Thomas.