First Last Prev Next    This bug is not in your last search results.
Bug 51527 - Newline character in SQL password string
Newline character in SQL password string
Status: REOPENED
Product: UCS
Classification: Unclassified
Component: Mail - Horde
UCS 4.4
Other Linux
: P5 major (vote)
: ---
Assigned To: Mail maintainers
Mail maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-18 17:06 CEST by Hendrik Peter
Modified: 2020-07-03 20:54 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
peichert: Patch_Available+

Attachments
Bug Screenshot 10-ucs.php (6.06 KB, image/png)
2020-06-18 17:06 CEST, Hendrik Peter 		Details
Error on Web surface (15.09 KB, image/png)
2020-06-18 17:07 CEST, Hendrik Peter 		Details
Patch 10-ucs.php (73 bytes, patch)
2020-06-18 17:10 CEST, Hendrik Peter 		Details | Diff
unified diff Patch (383 bytes, patch)
2020-06-19 09:44 CEST, Hendrik Peter 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hendrik Peter univentionstaff 2020-06-18 17:06:42 CEST 
Created attachment 10397 [details]
Bug Screenshot 10-ucs.php

Bug got created by Bug #49587 solution. This bug makes Horde unusable with App version 4.0.0-12.

Conffile "10-ucs.php" reads the SQL password from file "/etc/horde.secret" with python function open(). This function adds a Newline character ('\n') to the string output, which falsify the $conf['sql']['password'] attribute value. Horde can't reach it's own Database anymore.

A fix is attached.
Comment 1 Hendrik Peter univentionstaff 2020-06-18 17:07:18 CEST 
Created attachment 10398 [details]
Error on Web surface
Comment 2 Hendrik Peter univentionstaff 2020-06-18 17:10:37 CEST 
Created attachment 10399 [details]
Patch 10-ucs.php
Comment 3 Florian Best univentionstaff 2020-06-18 17:18:43 CEST 
Can you please attach a unified diff (diff -u) with the whole filepath.
Comment 4 Hendrik Peter univentionstaff 2020-06-19 09:44:20 CEST 
Created attachment 10400 [details]
unified diff Patch

(In reply to Florian Best from comment #3)
> Can you please attach a unified diff (diff -u) with the whole filepath.
Comment 5 Ingo Steuwer univentionstaff 2020-06-19 09:55:46 CEST 
When does this happen? For all installations, after an update, "sometimes" ?
Comment 6 Hendrik Peter univentionstaff 2020-06-19 11:35:25 CEST 
This bug occurs on longer existing Customer systems, due to an EOL character in file /etc/horde.secret, which apparently got carried over through upgrade.

This was manually removed and fixed. Report can be closed as invalid.
Comment 7 Florian Best univentionstaff 2020-06-24 14:00:10 CEST 
The patch is against a package which doesn't exist in the Univention Products but in a customer fork/package.
The bug therefore needs to be tracked elsewhere.
Comment 8 Florian Best univentionstaff 2020-06-24 17:43:56 CEST 
(In reply to Florian Best from comment #7)
> The patch is against a package which doesn't exist in the Univention
> Products but in a customer fork/package.
> The bug therefore needs to be tracked elsewhere.
Oh, I got wrong information from Hendrik here.

The correct git repository for the patch is:
https://git.knut.univention.de/univention/components/horde/
First Last Prev Next    This bug is not in your last search results.