684769 – Configuration files are overwritten on package reinstallation

Bug 684769 - Configuration files are overwritten on package reinstallation

Summary: Configuration files are overwritten on package reinstallation

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	cvs
Sub Component:
Version:	5.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Pisar
QA Contact:	Martin Cermak
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-03-14 13:14 UTC by Petr Pisar
Modified:	2013-04-15 09:13 UTC (History)
CC List:	2 users (show)
Fixed In Version:	cvs-1.11.22-9.el5
Doc Type:	Bug Fix
Doc Text:	Cause Not all cvs configuration files are marked as non-relaceble configuration files in package metadata. Consequence Reinstallation or upgrade of cvs package overwrites content of some cvs configuration files (e.g. /etc/pam.d/cvs). Fix All configuration files have been marked as non-replacable. Result After reinstalling or upgrading cvs package, cvs configuration will not get lost.
Clone Of:
Environment:
Last Closed:	2011-10-19 11:20:22 UTC
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:1383	0	normal	SHIPPED_LIVE	cvs bug fix update	2011-10-19 11:20:15 UTC

Description Petr Pisar 2011-03-14 13:14:31 UTC

cvs-1.11.22-7.el5 delivers configuration files:

/etc/pam.d/cvs
/etc/profile.d/cvs.sh
/etc/xinetd.d/cvs

but only /etc/xinetd.d/cvs is protected by %config(noreplace) macro in spec file from silent overwrite while reinstalling/upgrading the cvs package.

Following spec file statements must be prefixed with %config(noreplace) marker:

%{_sysconfdir}/pam.d/*
%{_sysconfdir}/profile.d/*

Especially the PAM configuration file modification can have security implications.

Comment 5 Petr Pisar 2011-08-25 14:57:43 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
    Not all cvs configuration files are marked as non-relaceble
    configuration files in package metadata.
Consequence
    Reinstallation or upgrade of cvs package overwrites content
    of some cvs configuration files (e.g. /etc/pam.d/cvs).
Fix
    All configuration files have been marked as non-replacable.
Result
    After reinstalling or upgrading cvs package, cvs
    configuration will not get lost.

Comment 8 errata-xmlrpc 2011-10-19 11:20:22 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1383.html

Note You need to log in before you can comment on or make changes to this bug.