OTRS upgrade from 5 to 6 - strange error [Solved]

Moderator: crythias

Post Reply
lando
Znuny newbie
Posts: 12
Joined: 22 Feb 2011, 17:41
Znuny Version: 2.4.7

OTRS upgrade from 5 to 6 - strange error [Solved]

Post by lando »

Hello,

during the DB upgrade script, i have that error:

[otrs@helpdesk]$ scripts/DBUpdate-to-6.pl

Migration started ...

Checking requirements ...

Requirement check for: Check framework version ...
Requirement check for: Check required Perl version ...
Requirement check for: Check required database version ...
Requirement check for: Check database charset ...
Requirement check for: Check required Perl modules ...
Requirement check for: Check if database has been backed up ...

Did you backup the database? [Y]es/[N]o: y

Requirement check for: Upgrade database structure ...
Requirement check for: Migrating time zone configuration ...


The currently configured time offset is 2 hours, these are the suggestions for a corresponding OTRS time zone:

Africa/Cairo
Africa/Ceuta
Africa/Johannesburg
Africa/Khartoum
Africa/Maputo
Africa/Tripoli
Africa/Windhoek
Antarctica/Troll
CET
Europe/Amsterdam
Europe/Andorra
Europe/Belgrade
Europe/Berlin
Europe/Brussels
Europe/Budapest
Europe/Copenhagen
Europe/Gibraltar
Europe/Kaliningrad
Europe/Luxembourg
Europe/Madrid
Europe/Malta
Europe/Monaco
Europe/Oslo
Europe/Paris
Europe/Prague
Europe/Rome
Europe/Stockholm
Europe/Tirane
Europe/Vienna
Europe/Warsaw
Europe/Zurich
MET


It seems that Europe/Rome should be the correct time zone to set for your OTRS.

Enter the time zone to use for OTRSTimeZone (leave empty to show a list of all available time zones): Europe/Rome

Enter the time zone to use for UserDefaultTimeZone (leave empty to show a list of all available time zones): Europe/Rome

Enter the time zone to use for TimeZone::Calendar1 (leave empty to show a list of all available time zones): Europe/Rome

Enter the time zone to use for TimeZone::Calendar2 (leave empty to show a list of all available time zones): Europe/Rome

Enter the time zone to use for TimeZone::Calendar3 (leave empty to show a list of all available time zones): Europe/Rome

Enter the time zone to use for TimeZone::Calendar4 (leave empty to show a list of all available time zones): Europe/Rome

Enter the time zone to use for TimeZone::Calendar5 (leave empty to show a list of all available time zones): Europe/Rome

Enter the time zone to use for TimeZone::Calendar6 (leave empty to show a list of all available time zones): Europe/Rome

Enter the time zone to use for TimeZone::Calendar7 (leave empty to show a list of all available time zones): Europe/Rome

Enter the time zone to use for TimeZone::Calendar8 (leave empty to show a list of all available time zones): Europe/Rome

Enter the time zone to use for TimeZone::Calendar9 (leave empty to show a list of all available time zones): Europe/Rome

Requirement check for: Update calendar appointment future tasks ...
Requirement check for: Migrate GenericAgent jobs configuration ...
Requirement check for: Migrate TicketAppointment rules configuration ...
Requirement check for: Create entries in new article table ...
Requirement check for: Migrate ArticleType in ProcessManagement Data ...
Requirement check for: Migrate ArticleType in PostMaster filters ...

Executing tasks ...

Step 1 of 44: Check framework version ...
Step 2 of 44: Check required Perl version ...
Step 3 of 44: Check required database version ...
Step 4 of 44: Check database charset ...
Step 5 of 44: Check required Perl modules ...
Step 6 of 44: Check installed CPAN modules for known vulnerabilities ...
Collecting all installed modules. This can take a while...
Archive-Tar (requires 1.92) has 1 advisories
* CPANSA-Archive-Tar-2018-01
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Affected range: <2.28

CVEs: CVE-2018-12015

References:
https://security-tracker.debian.org/tra ... 2018-12015
https://github.com/jib/archive-tar-new/ ... 68215c1fc5

Archive-Zip (requires 1.30) has 1 advisories
* CPANSA-Archive-Zip-2018-01
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.

Affected range: <1.61

CVEs: CVE-2018-10860

References:
https://security-tracker.debian.org/tra ... 2018-10860
https://github.com/redhotpenguin/perl-A ... ip/pull/33

Compress-Raw-Zlib (requires 2.061) has 1 advisories
* CPANSA-Compress-Raw-Zlib-2017-01
Zlib vulnerabilities.

Affected range: <2.075
Fixed range: >=2.075

CVEs: CVE-2016-9843, CVE-2016-9841, CVE-2016-9840, CVE-2016-9842

References:
https://metacpan.org/changes/distributi ... s-Raw-Zlib

DBD-mysql (requires 4.023) has 7 advisories
* CPANSA-DBD-mysql-2017-02
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

Affected range: <4.044
Fixed range: >=4.044

CVEs: CVE-2017-10788

References:
https://github.com/perl5-dbi/DBD-mysql/issues/120

* CPANSA-DBD-mysql-2017-01
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

Affected range: <4.044
Fixed range: >=4.044

CVEs: CVE-2017-10789

References:
https://github.com/perl5-dbi/DBD-mysql/pull/114

* CPANSA-DBD-mysql-2016-03
Out-of-bounds read.

Affected range: >=2.9003, <4.039
Fixed range: <2.9003, >=4.039

CVEs: CVE-2016-1249

References:
https://github.com/perl5-dbi/DBD-mysql/ ... 995a6fbabe

* CPANSA-DBD-mysql-2016-02
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

Affected range: <4.037
Fixed range: >=4.037

CVEs: CVE-2016-1246

References:
https://github.com/perl5-dbi/DBD-mysql/ ... e85dfdefd2
http://blogs.perl.org/users/mike_b/2016 ... brary.html

* CPANSA-DBD-mysql-2016-01
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.

Affected range: <4.034
Fixed range: >=4.034

CVEs: CVE-2015-8949

References:
https://github.com/perl5-dbi/DBD-mysql/ ... 81460ca156

* CPANSA-DBD-mysql-2015-01
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.

Affected range: <4.041
Fixed range: >=4.041

CVEs: CVE-2016-1251

References:
https://github.com/perl5-dbi/DBD-mysql/ ... 4832adb1b1

* CPANSA-DBD-mysql-2014-01
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.

Affected range: <4.028
Fixed range: >=4.028

CVEs: CVE-2014-9906

References:
https://github.com/perl5-dbi/DBD-mysql/ ... 41ccccf1cc
https://rt.cpan.org/Public/Bug/Display.html?id=97625

DBI (requires 1.627) has 1 advisories
* CPANSA-DBI-2014-01
DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.

Affected range: <1.632
Fixed range: >=1.632

References:
https://metacpan.org/changes/distribution/DBI
https://rt.cpan.org/Public/Bug/Display.html?id=99508

Data-Dumper (requires 2.145) has 1 advisories
* CPANSA-Data-Dumper-2014-01
Infinite recursion.

Affected range: <2.154
Fixed range: >=2.154

CVEs: CVE-2014-4330

References:
https://metacpan.org/changes/distribution/Data-Dumper

Encode (requires 2.51) has 1 advisories
* CPANSA-Encode-2016-01
Loading optional modules from . (current directory).

Affected range: <2.85
Fixed range: >=2.85

CVEs: CVE-2016-1238

References:
https://metacpan.org/changes/distribution/Encode
https://github.com/dankogai/p5-encode/p ... 0dc0993ec6

ExtUtils-MakeMaker (requires 6.68) has 1 advisories
* CPANSA-ExtUtils-MakeMaker-2016-01
Loading modules from . (current directory).

Affected range: <7.22
Fixed range: >=7.22

CVEs: CVE-2016-1238

References:
https://metacpan.org/changes/distributi ... -MakeMaker
https://github.com/Perl-Toolchain-Gang/ ... c390e0ae88

File-Path (requires 2.09) has 1 advisories
* CPANSA-File-Path-2017-01
Race condition in the rmtree and remove_tree functions allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

Affected range: <2.13
Fixed range: >=2.13

CVEs: CVE-2017-6512

References:
https://metacpan.org/changes/distribution/File-Path
https://github.com/jkeenan/File-Path/co ... 552b3a6af2

HTTP-Tiny (requires 0.033) has 1 advisories
* CPANSA-HTTP-Tiny-2016-01
Loading modules from . (current directory).

Affected range: <0.059
Fixed range: >=0.059

CVEs: CVE-2016-1238

References:
https://metacpan.org/changes/distribution/HTTP-Tiny
https://github.com/chansen/p5-http-tiny ... 1df6e66444

PathTools (requires 3.40) has 2 advisories
* CPANSA-PathTools-2016-02
Does not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Affected range: <3.65
Fixed range: >=3.65

CVEs: CVE-2016-1238

References:
https://metacpan.org/changes/distribution/PathTools

* CPANSA-PathTools-2016-01
Does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Affected range: <3.62
Fixed range: >=3.62

CVEs: CVE-2015-8607

References:
https://metacpan.org/changes/distribution/PathTools

Storable (requires 2.45) has 1 advisories
* CPANSA-Storable-2017-01
Malcrafted storable files or buffers.

Affected range: <3.05
Fixed range: >=3.05

References:
https://metacpan.org/changes/distribution/Storable
https://cxsecurity.com/issue/WLB-2007120031

XML-LibXML (requires 2.0018) has 1 advisories
* CPANSA-XML-LibXML-2015-01
The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

Affected range: <2.0120
Fixed range: >=2.0120

CVEs: CVE-2015-3451

References:
https://metacpan.org/changes/distribution/XML-LibXML

Total advisories found: 20

WARNING: CPAN::Audit reported that one or more installed CPAN modules have known vulnerabilities (see above). Please note that there might be false positives for distributions patching Perl modules without changing their version number.

Step 7 of 44: Check if database has been backed up ...
Step 8 of 44: Upgrade database structure ...
[Wed Oct 6 15:27:43 2021] DBUpdate-to-6.pl: DBD::mysql::db do failed: Incorrect string value: '\xC5\x91rizz...' for column 'text' at row 1 at /opt/otrs/Kernel/System/DB.pm line 471.
ERROR: OTRS-otrs.Console.pl-Dev::Code::CPANAudit-10 Perl: 5.16.3 OS: linux Time: Wed Oct 6 13:27:43 2021

Message: Incorrect string value: '\xC5\x91rizz...' for column 'text' at row 1, SQL: 'INSERT INTO notification_event_message (id, notification_id, content_type, language, subject, text)
VALUES
(111, 45, 'text/plain', 'hu', 'E-mail kézbesítési hiba', 'Kedves <OTRS_NOTIFICATION_RECIPIENT_UserFirstname>!

Felhívjuk a figyelmét, hogy a(z) [<OTRS_CONFIG_Ticket::Hook><OTRS_CONFIG_Ticket::HookDivider><OTRS_TICKET_TicketNumber>] jegy e-mail bejegyzésének kézbesítése nem sikerült. Ellen�rizze, hogy nincs-e a címzett e-mail címében hiba, és próbálja meg újra. Kézileg is újraküldheti a bejegyzést a jegyb�l, ha szükséges.

Hibaüzenet:
<OTRS_AGENT_TransmissionStatusMessage>

<OTRS_CONFIG_HttpType>://<OTRS_CONFIG_FQDN>/<OTRS_CONFIG_ScriptAlias>index.pl?Action=AgentTicketZoom\;TicketID=<OTRS_TICKET_TicketID>\;ArticleID=<OTRS_AGENT_ArticleID>

-- <OTRS_CONFIG_NotificationSenderName>')'

Traceback (2875):
Module: scripts::DBUpdateTo6::Base::ExecuteXMLDBString Line: 395
Module: scripts::DBUpdateTo6::Base::ExecuteXMLDBArray Line: 343
Module: scripts::DBUpdateTo6::UpgradeDatabaseStructure::UpdateNotificationTables::Run Line: 192
Module: scripts::DBUpdateTo6::UpgradeDatabaseStructure::Run Line: 143
Module: scripts::DBUpdateTo6::_ExecuteComponent Line: 158
Module: scripts::DBUpdateTo6::Run Line: 70
Module: scripts/DBUpdate-to-6.pl Line: 88


ERROR: OTRS-otrs.Console.pl-Dev::Code::CPANAudit-10 Perl: 5.16.3 OS: linux Time: Wed Oct 6 13:27:43 2021

Message: Error during execution of 'INSERT INTO notification_event_message (id, notification_id, content_type, language, subject, text)
VALUES
(111, 45, 'text/plain', 'hu', 'E-mail kézbesítési hiba', 'Kedves <OTRS_NOTIFICATION_RECIPIENT_UserFirstname>!

Felhívjuk a figyelmét, hogy a(z) [<OTRS_CONFIG_Ticket::Hook><OTRS_CONFIG_Ticket::HookDivider><OTRS_TICKET_TicketNumber>] jegy e-mail bejegyzésének kézbesítése nem sikerült. Ellenőrizze, hogy nincs-e a címzett e-mail címében hiba, és próbálja meg újra. Kézileg is újraküldheti a bejegyzést a jegyből, ha szükséges.

Hibaüzenet:
<OTRS_AGENT_TransmissionStatusMessage>

<OTRS_CONFIG_HttpType>://<OTRS_CONFIG_FQDN>/<OTRS_CONFIG_ScriptAlias>index.pl?Action=AgentTicketZoom\;TicketID=<OTRS_TICKET_TicketID>\;ArticleID=<OTRS_AGENT_ArticleID>

-- <OTRS_CONFIG_NotificationSenderName>')'!

Traceback (2875):
Module: scripts::DBUpdateTo6::Base::ExecuteXMLDBString Line: 398
Module: scripts::DBUpdateTo6::Base::ExecuteXMLDBArray Line: 343
Module: scripts::DBUpdateTo6::UpgradeDatabaseStructure::UpdateNotificationTables::Run Line: 192
Module: scripts::DBUpdateTo6::UpgradeDatabaseStructure::Run Line: 143
Module: scripts::DBUpdateTo6::_ExecuteComponent Line: 158
Module: scripts::DBUpdateTo6::Run Line: 70
Module: scripts/DBUpdate-to-6.pl Line: 88




Not possible to complete migration, check previous messages for more information.

[otrs@helpdesk]$

Any ideas?
Last edited by lando on 06 Oct 2021, 18:06, edited 1 time in total.
lando
Znuny newbie
Posts: 12
Joined: 22 Feb 2011, 17:41
Znuny Version: 2.4.7

Re: OTRS upgrade from 5 to 6 - strange error "Update"

Post by lando »

Update:

I tried to re-launch the script migrator like "su -c "/opt/otrs/scripts/DBUpdate-to-6.pl" otrs" and the erro was change:


Step 7 of 44: Check if database has been backed up ...
Step 8 of 44: Upgrade database structure ...
Step 9 of 44: Migrate configuration ...
Step 10 of 44: Refresh configuration cache after migration of OTRS 5 settings ...
Step 11 of 44: Migrating ticket storage configuration ...
Step 12 of 44: Migrating article search index configuration ...
Step 13 of 44: Migrating ticket zoom customer information widget configuration ...
Step 14 of 44: Drop deprecated table gi_object_lock_state ...
Step 15 of 44: Migrate PossibleNextActions setting ...
Step 16 of 44: Migrate ZoomExpand setting ...
Step 17 of 44: Migrating time zone configuration ...
Step 18 of 44: Migrating modified settings ...
Step 19 of 44: Create appointment calendar tables ...
Step 20 of 44: Create ticket number counter tables ...
Step 21 of 44: Update calendar appointment future tasks ...
Step 22 of 44: Add basic appointment notification for reminders ...
ERROR: OTRS-otrs.Console.pl-Dev::Code::CPANAudit-10 Perl: 5.16.3 OS: linux Time: Wed Oct 6 15:32:59 2021

Message: A notification with the name 'Appointment reminder notification' already exists.

Traceback (2921):
Module: Kernel::System::NotificationEvent::NotificationAdd Line: 311
Module: scripts::DBUpdateTo6::AddAppointmentCalendarNotification::Run Line: 163
Module: scripts::DBUpdateTo6::_ExecuteComponent Line: 158
Module: scripts::DBUpdateTo6::Run Line: 70
Module: /opt/otrs/scripts/DBUpdate-to-6.pl Line: 88




Not possible to complete migration, check previous messages for more information.

[root@helpdesk]#
lando
Znuny newbie
Posts: 12
Joined: 22 Feb 2011, 17:41
Znuny Version: 2.4.7

Re: OTRS upgrade from 5 to 6 - strange error [Solved]

Post by lando »

I tried to choice "UTC" time zone instead of "Europe/Rome" during the "su -c "/opt/otrs/scripts/DBUpdate-to-6.pl otrs" and the migration work fine!
Post Reply