Bug#1006140: New version can't load old databases

Jochen Sprickerhof jspricke at debian.org
Sat Feb 19 20:21:10 GMT 2022 

Hi Markus,

thanks for your quick reply.

* Markus Koschany <apo at debian.org> [2022-02-19 21:01]:
>That means only hibiscus/jameica require our attention. I would try to remove
>the obsolete connection setting mentioned in #1005838.

Tried that already, did not solve the problem.

>You could also try to
>dump the SQL database with the current version in stable and then try to re-
>import the SQL tables with H2 in unstable. That should actually work because
>the SQL syntax will not have changed. (See also the Upgrading paragraph here
>https://h2database.com/html/migration-to-v2.html)

That would be the plan, yes. But for that we would need to provide both 
versions to our users, thus I propose to upload the new version as a new 
source and binary package.

Also the SQL syntax did change.

>I would advise against that plan because
>
>a) jameica/hibiscus is the only affected package
>
>b) the grave security issues would be present again #1003894.
>
> I have fixed the most severe ones in stable releases by disabling the H2
>console and JNDI lookups. There are probably more issues mentioned by upstream
>here:
>
>https://github.com/h2database/h2database/issues/3360#issuecomment-1018351050
>
>However users would want an up-to-date version of H2 in the future. At some
>point an upgrade is inevitable.
>
>c) two source packages make only sense if we talk about an (important) library
>that is incompatible and breaks many reverse-dependencies. H2 is a database and
>affects only 2 packages.
>
>d) versions 1.4.xxx are no longer supported. 1.4.197 is already four years old.
>That makes security support or any support in general not feasible if we want
>to release this version again for Bookworm.
>
>
>I would contact jameica/hibiscus upstream and report this issue as a bug. A
>database dump and re-import should be possible in any case and depending on a
>supported version of H2 is surely desirable for all parties.

Can you explain how you want to implement this re-import feature then?

I would really appreciate a quick solution here so users of the next 
Ubuntu version would not be locked out of their homebanking system.

I'm happy to help with uploading new versions and NEW is rather empty 
currently so I don't see the point in not doing a proper transition 
here.

Cheers Jochen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20220219/b0025bfc/attachment-0001.sig>

More information about the pkg-java-maintainers mailing list