Bug 684769 - Configuration files are overwritten on package reinstallation
Summary: Configuration files are overwritten on package reinstallation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: cvs
Version: 5.6
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: rc
: ---
Assignee: Petr Pisar
QA Contact: Martin Cermak
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-14 13:14 UTC by Petr Pisar
Modified: 2013-04-15 09:13 UTC (History)
2 users (show)

Fixed In Version: cvs-1.11.22-9.el5
Doc Type: Bug Fix
Doc Text:
Cause Not all cvs configuration files are marked as non-relaceble configuration files in package metadata. Consequence Reinstallation or upgrade of cvs package overwrites content of some cvs configuration files (e.g. /etc/pam.d/cvs). Fix All configuration files have been marked as non-replacable. Result After reinstalling or upgrading cvs package, cvs configuration will not get lost.
Clone Of:
Environment:
Last Closed: 2011-10-19 11:20:22 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1383 0 normal SHIPPED_LIVE cvs bug fix update 2011-10-19 11:20:15 UTC

Description Petr Pisar 2011-03-14 13:14:31 UTC
cvs-1.11.22-7.el5 delivers configuration files:

/etc/pam.d/cvs
/etc/profile.d/cvs.sh
/etc/xinetd.d/cvs

but only /etc/xinetd.d/cvs is protected by %config(noreplace) macro in spec file from silent overwrite while reinstalling/upgrading the cvs package.

Following spec file statements must be prefixed with %config(noreplace) marker:

%{_sysconfdir}/pam.d/*
%{_sysconfdir}/profile.d/*

Especially the PAM configuration file modification can have security implications.

Comment 5 Petr Pisar 2011-08-25 14:57:43 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
    Not all cvs configuration files are marked as non-relaceble
    configuration files in package metadata.
Consequence
    Reinstallation or upgrade of cvs package overwrites content
    of some cvs configuration files (e.g. /etc/pam.d/cvs).
Fix
    All configuration files have been marked as non-replacable.
Result
    After reinstalling or upgrading cvs package, cvs
    configuration will not get lost.

Comment 8 errata-xmlrpc 2011-10-19 11:20:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1383.html


Note You need to log in before you can comment on or make changes to this bug.