Bug - Migration script ending in error after Step 8 Migrate SysConfig settings

[LuBroering]

Environment

• OS: centos 7
• Browser: -
• Znuny version: Znuny Dev Branch Commit:825e4deb3628a71a5b21c0afeb695616d41e5a03

Expected behaviour

Script running without an Error

Actual behaviour

Script running into Error:
Error: ZZZAAuto backup file not found.

How to reproduce

Steps to reproduce the behavior:

just try to use the script scripts/MigrateToZnuny6_4.pl

Additional information

Should be related to the recent commit
If I comment out the line 96 the script runs through as expected.

Screenshots

[dennykorsukewitz]

Hi @LuBroering ,
thanks for your report.

Should be related to the recent commit
If I comment out the line 96 the script runs through as expected.

Line 96, which file are you talking about?

Currently I could not reproduce this error.
Can you please write down the whole process, with all outputs.

Regards 🚀

[LuBroering]

Hi @dennykorsukewitz ,

Line 96 at scripts/Migration.pm
$SysConfigObject->DeleteZZZAAutoBackup();

sudo -u otrs /opt/otrs/scripts/MigrateToZnuny6_4.pl --verbose

 Migration started ... 

 Checking requirements ... 

    Requirement check for: Check required Perl version ...
    Installed Perl version: v5.16.3. Minimum required Perl version: v5.16.0.
    Requirement check for: Check required database version ...
    Installed database version: MariaDB 10.6.10. Minimum required database version: 5.0.0.
    Requirement check for: Check database charset ...
    The setting character_set_client is: utf8mb3. The setting character_set_database is: utf8mb3. No tables found with invalid charset.
    Requirement check for: Check required Perl modules ...

    Executing /opt/otrs/bin/otrs.CheckModules.pl to check for missing required modules. 

  o Apache::DBI......................ok (v1.12)
  o Apache2::Reload..................ok (v0.13)
  o Archive::Tar.....................ok (v1.92)
  o Archive::Zip.....................ok (v1.30)
  o Authen::SASL.....................ok (v2.15)
  o Crypt::Eksblowfish::Bcrypt.......Not installed! To install, you can use: 'yum install "perl(Crypt::Eksblowfish::Bcrypt)"'. (optional - For strong password hashing.)
  o Crypt::JWT.......................Not installed! To install, you can use: 'yum install "perl(Crypt::JWT)"'. (optional - JSON web token support.)
  o Crypt::OpenSSL::X509.............Not installed! To install, you can use: 'yum install "perl(Crypt::OpenSSL::X509)"'. (optional - X509 certificate support.)
  o CSS::Minifier::XS................Not installed! To install, you can use: 'yum install "perl(CSS::Minifier::XS)"'. (optional - Alternative to CSS::Minifier in XS, which is slightly faster than CSS::Minifier (pure Perl).)
  o Data::UUID.......................ok (v1.0602)
  o Date::Format.....................ok (v2.24)
  o DateTime.........................ok (v1.04)
    o DateTime::TimeZone.............ok (v1.70)
    Please consider updating to version 2.20 or higher: This version includes recent time zone changes for Chile.
  o DBI..............................ok (v1.627)
  o DBD::mysql.......................ok (v4.023)
  o DBD::ODBC........................Not installed! (optional - Required to connect to a MS-SQL database.)
  o DBD::Oracle......................Not installed! (optional - Required to connect to a Oracle database.)
  o DBD::Pg..........................Not installed! To install, you can use: 'yum install "perl(DBD::Pg)"'. (optional - Required to connect to a PostgreSQL database.)
  o Digest::SHA......................ok (v5.85)
  o Encode::HanExtra.................Not installed! To install, you can use: 'yum install "perl(Encode::HanExtra)"'. (optional - Required to handle mails with several Chinese character sets.)
  o Excel::Writer::XLSX..............ok (v0.95)
  o Hash::Merge......................Not installed! To install, you can use: 'yum install "perl(Hash::Merge)"'. (optional - Required for the creation of Excel statistical reports.)
  o IO::Socket::SSL..................ok (v1.94)
    Please consider updating to version 2.066 or higher: This version fixes email sending (bug#14357).
  o JavaScript::Minifier::XS.........Not installed! To install, you can use: 'yum install "perl(JavaScript::Minifier::XS)"'. (optional - Alternative to JavaScript::Minifier in XS, which is slightly faster than JavaScript::Minifier (pure Perl).)
  o Jq...............................Not installed! To install, you can use: 'yum install "perl(Jq)"'. (optional - Support for extended condition checking via Jq for the generic interface.)
  o JSON::XS.........................ok (v4.03)
  o List::Util::XS...................ok (v1.63)
  o LWP::UserAgent...................ok (v6.53)
  o Mail::IMAPClient.................ok (v3.43)
    o IO::Socket::SSL................ok (v1.94)
    Please consider updating to version 2.066 or higher: This version fixes email sending (bug#14357).
    o Authen::NTLM...................Not installed! To install, you can use: 'yum install "perl(Authen::NTLM)"'. (optional - Required for NTLM authentication mechanism in IMAP connections.)
  o ModPerl::Util....................ok (v2.000012)
  o Moo..............................ok (v2.005004)
  o Net::DNS.........................ok (v0.72)
  o Net::LDAP........................ok (v0.56)
  o Net::LDAP::Constant..............ok (v0.20)
  o Net::SMTP........................ok (v2.31)
    Please consider updating to version 3.11 or higher: This version fixes email sending (bug#14357).
  o Spreadsheet::XLSX................Not installed! To install, you can use: 'yum install "perl(Spreadsheet::XLSX)"'. (optional - Spreadsheet::XLSX enables import and export of Excel files in certain dialogs.)
  o Template.........................ok (v2.24)
  o Template::Stash::XS..............ok (undef)
  o Text::Diff::FormattedHTML........ok (v0.08)
  o Text::CSV_XS.....................ok (v1.48)
  o Time::HiRes......................ok (v1.9725)
  o XML::LibXML......................ok (v2.0018)
  o XML::LibXSLT.....................ok (v1.80)
  o XML::Parser......................ok (v2.41)
  o YAML::XS.........................ok (v0.85)
    Requirement check for: Check if database has been backed up ...

        Warning: this script can make changes to your database which are irreversible.
        Make sure you have properly backed up complete database before continuing.


        Did you backup the database? [Y]es/[N]o: y

    Requirement check for: Upgrade database structure ...

Trying to connect to database 'DBI:mysql:database=otrs;host=127.0.0.1' with user 'otrs'...
Connection successful.

    Requirement check for: Migrate SysConfig settings ...

        Warning: The following SysConfig settings will be modified.
        ------------------------------------------------------------------------
        Name:                  Frontend::RichTextHeight
        Change name to:        Frontend::RichText::Settings###Height
        ------------------------------------------------------------------------
        Name:                  Frontend::RichTextPath
        Change name to:        Frontend::RichText::Path
        ------------------------------------------------------------------------
        Name:                  Frontend::RichTextWidth
        Change name to:        Frontend::RichText::Settings###Width
        ------------------------------------------------------------------------

        Should the SysConfig be migrated? [Y]es/[N]o: y


 Executing tasks ... 

    Step 1 of 16: Check required Perl version ...
    Step 2 of 16: Check required database version ...
    Step 3 of 16: Check database charset ...
    Step 4 of 16: Check required Perl modules ...
    Step 5 of 16: Check installed CPAN modules for known vulnerabilities ...
Collecting all installed modules. This can take a while...
Archive-Tar (requires 1.92) has 1 advisories
  * CPANSA-Archive-Tar-2018-01
    In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

    Affected range: <2.28

    CVEs: CVE-2018-12015

    References:
    https://security-tracker.debian.org/tracker/CVE-2018-12015
    https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5

Archive-Zip (requires 1.30) has 1 advisories
  * CPANSA-Archive-Zip-2018-01
    perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.

    Affected range: <1.61

    CVEs: CVE-2018-10860

    References:
    https://security-tracker.debian.org/tracker/CVE-2018-10860
    https://github.com/redhotpenguin/perl-Archive-Zip/pull/33

Compress-Raw-Zlib (requires 2.061) has 1 advisories
  * CPANSA-Compress-Raw-Zlib-2017-01
    Zlib vulnerabilities.

    Affected range: <2.075
    Fixed range: >=2.075

    CVEs: CVE-2016-9843, CVE-2016-9841, CVE-2016-9840, CVE-2016-9842

    References:
    https://metacpan.org/changes/distribution/Compress-Raw-Zlib

DBD-mysql (requires 4.023) has 7 advisories
  * CPANSA-DBD-mysql-2017-02
    The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

    Affected range: <4.044
    Fixed range: >=4.044

    CVEs: CVE-2017-10788

    References:
    https://github.com/perl5-dbi/DBD-mysql/issues/120

  * CPANSA-DBD-mysql-2017-01
    The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

    Affected range: <4.044
    Fixed range: >=4.044

    CVEs: CVE-2017-10789

    References:
    https://github.com/perl5-dbi/DBD-mysql/pull/114

  * CPANSA-DBD-mysql-2016-03
    Out-of-bounds read.

    Affected range: >=2.9003, <4.039
    Fixed range: <2.9003, >=4.039

    CVEs: CVE-2016-1249

    References:
    https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe

  * CPANSA-DBD-mysql-2016-02
    Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

    Affected range: <4.037
    Fixed range: >=4.037

    CVEs: CVE-2016-1246

    References:
    https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2
    http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html

  * CPANSA-DBD-mysql-2016-01
    Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.

    Affected range: <4.034
    Fixed range: >=4.034

    CVEs: CVE-2015-8949

    References:
    https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156

  * CPANSA-DBD-mysql-2015-01
    There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.

    Affected range: <4.041
    Fixed range: >=4.041

    CVEs: CVE-2016-1251

    References:
    https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1

  * CPANSA-DBD-mysql-2014-01
    Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.

    Affected range: <4.028
    Fixed range: >=4.028

    CVEs: CVE-2014-9906

    References:
    https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc
    https://rt.cpan.org/Public/Bug/Display.html?id=97625

DBI (requires 1.627) has 1 advisories
  * CPANSA-DBI-2014-01
    DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.

    Affected range: <1.632
    Fixed range: >=1.632

    References:
    https://metacpan.org/changes/distribution/DBI
    https://rt.cpan.org/Public/Bug/Display.html?id=99508

Data-Dumper (requires 2.145) has 1 advisories
  * CPANSA-Data-Dumper-2014-01
    Infinite recursion.

    Affected range: <2.154
    Fixed range: >=2.154

    CVEs: CVE-2014-4330

    References:
    https://metacpan.org/changes/distribution/Data-Dumper

Email-Address (requires 1.898) has 1 advisories
  * CPANSA-Email-Address-2014-01
    Inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.

    Affected range: <1.905
    Fixed range: >=1.905

    CVEs: CVE-2014-0477

    References:
    https://metacpan.org/changes/distribution/Email-Address

Encode (requires 2.51) has 1 advisories
  * CPANSA-Encode-2016-01
    Loading optional modules from . (current directory).

    Affected range: <2.85
    Fixed range: >=2.85

    CVEs: CVE-2016-1238

    References:
    https://metacpan.org/changes/distribution/Encode
    https://github.com/dankogai/p5-encode/pull/58/commits/12be15d64ce089154c4367dc1842cd0dc0993ec6

File-Path (requires 2.09) has 1 advisories
  * CPANSA-File-Path-2017-01
    Race condition in the rmtree and remove_tree functions allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

    Affected range: <2.13
    Fixed range: >=2.13

    CVEs: CVE-2017-6512

    References:
    https://metacpan.org/changes/distribution/File-Path
    https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2

HTTP-Tiny (requires 0.033) has 1 advisories
  * CPANSA-HTTP-Tiny-2016-01
    Loading modules from . (current directory).

    Affected range: <0.059
    Fixed range: >=0.059

    CVEs: CVE-2016-1238

    References:
    https://metacpan.org/changes/distribution/HTTP-Tiny
    https://github.com/chansen/p5-http-tiny/commit/b239c95ea7a256cfee9b8848f1bd4d1df6e66444

PathTools (requires 3.40) has 2 advisories
  * CPANSA-PathTools-2016-02
    Does not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

    Affected range: <3.65
    Fixed range: >=3.65

    CVEs: CVE-2016-1238

    References:
    https://metacpan.org/changes/distribution/PathTools

  * CPANSA-PathTools-2016-01
    Does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

    Affected range: <3.62
    Fixed range: >=3.62

    CVEs: CVE-2015-8607

    References:
    https://metacpan.org/changes/distribution/PathTools

Storable (requires 2.45) has 1 advisories
  * CPANSA-Storable-2017-01
    Malcrafted storable files or buffers.

    Affected range: <3.05
    Fixed range: >=3.05

    References:
    https://metacpan.org/changes/distribution/Storable
    https://cxsecurity.com/issue/WLB-2007120031

XML-LibXML (requires 2.0018) has 1 advisories
  * CPANSA-XML-LibXML-2015-01
    The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

    Affected range: <2.0120
    Fixed range: >=2.0120

    CVEs: CVE-2015-3451

    References:
    https://metacpan.org/changes/distribution/XML-LibXML

Total advisories found: 20

    WARNING: CPAN::Audit reported that one or more installed CPAN modules have known vulnerabilities (see above). Please note that there might be false positives for distributions patching Perl modules without changing their version number.

    Step 6 of 16: Check if database has been backed up ...
    Step 7 of 16: Upgrade database structure ...

       - Create table smime_keys
       - Add missing foreign keys that point to database table "article"
       - Add table and notification event for user mention support
       - Increase size of columns of database tables oauth2_token_config and oauth2_token
       - Increase size of column of database table calendar_appointment_plugin

    Step 8 of 16: Migrate SysConfig settings ...


 Error: ZZZAAuto backup file not found.



 Not possible to complete migration. Check previous messages for more information.

[jepf]

Internal issue: 380

[jepf]

@LuBroering

Unfortunately we cannot reproduce this problem.

At the start of the migration, a copy of Kernel/System/Config/ZZZAAuto.pm will be created which seems to work for you because otherwise it would immediately fail and stop at the beginning of the migration.

During the migration this backup copy will be read and this fails for you. Could you please try to output the complete path of the file that is being tried to read? Just change line 145 in file scripts/Migration/Znuny/MigrateSysConfigSettings.pm:

-        print "\n\n Error: ZZZAAuto backup file not found.\n";
+        print "\n\n Error: File $FilePath not found.\n";