Bug#1006140: New version can't load old databases

Sat, 19 Feb 2022 12:24:19 -0800 

Hi Markus,

thanks for your quick reply.

* Markus Koschany <a...@debian.org> [2022-02-19 21:01]:

That means only hibiscus/jameica require our attention. I would try to remove
the obsolete connection setting mentioned in #1005838.


Tried that already, did not solve the problem.


You could also try to
dump the SQL database with the current version in stable and then try to re-
import the SQL tables with H2 in unstable. That should actually work because
the SQL syntax will not have changed. (See also the Upgrading paragraph here
https://h2database.com/html/migration-to-v2.html)
That would be the plan, yes. But for that we would need to provide both versions to our users, thus I propose to upload the new version as a new source and binary package. 

Also the SQL syntax did change.


I would advise against that plan because

a) jameica/hibiscus is the only affected package

b) the grave security issues would be present again #1003894.

I have fixed the most severe ones in stable releases by disabling the H2
console and JNDI lookups. There are probably more issues mentioned by upstream
here:

https://github.com/h2database/h2database/issues/3360#issuecomment-1018351050

However users would want an up-to-date version of H2 in the future. At some
point an upgrade is inevitable.

c) two source packages make only sense if we talk about an (important) library
that is incompatible and breaks many reverse-dependencies. H2 is a database and
affects only 2 packages.

d) versions 1.4.xxx are no longer supported. 1.4.197 is already four years old.
That makes security support or any support in general not feasible if we want
to release this version again for Bookworm.


I would contact jameica/hibiscus upstream and report this issue as a bug. A
database dump and re-import should be possible in any case and depending on a
supported version of H2 is surely desirable for all parties.


Can you explain how you want to implement this re-import feature then?
I would really appreciate a quick solution here so users of the next Ubuntu version would not be locked out of their homebanking system.
I'm happy to help with uploading new versions and NEW is rather empty currently so I don't see the point in not doing a proper transition here. 

Cheers Jochen

Attachment: signature.asc
Description: PGP signature

Reply via email to