From b5412109e4081b6358a9aaa3791056fd54abb530 Mon Sep 17 00:00:00 2001 From: Nate Chadwick Date: Wed, 2 Aug 2023 13:53:20 -0400 Subject: [PATCH] Cleanup uninstall scripts to avoid errors on missing files. Fix issue in install.bat that was creating a couple of rogue directories. --- modules/patch-tools/install.bat | 5 ++- modules/patch-tools/uninstall.bat | 69 +++++++++++++++++++---------- modules/patch-tools/uninstall.sh | 73 ++++++++++++++++++++++--------- 3 files changed, 102 insertions(+), 45 deletions(-) diff --git a/modules/patch-tools/install.bat b/modules/patch-tools/install.bat index b2a12a43de..c76a233402 100644 --- a/modules/patch-tools/install.bat +++ b/modules/patch-tools/install.bat @@ -19,7 +19,10 @@ set INSTALL_DIR = %~pd1 if exist %~pd1Version.properties ( echo PercussionCMS installation detected... ) else ( echo "Version.properties not found at %INSTALL_DIR%Version.properties. Please confirm that %INSTALL_DIR% contains a Percussion installation."; pause; exit 1) -if exist backup ( echo Backup directory detected... ) else ( mkdir backup; echo "Created patch backup folder to enable patch rollback with uninstall.bat") +if exist backup ( echo Backup directory detected... ) else ( + mkdir backup + echo "Created patch backup folder to enable patch rollback with uninstall.bat" +) echo Backing up existing files... if not exist backup\sys_resources\webapps\secure\WEB-INF\lib ( diff --git a/modules/patch-tools/uninstall.bat b/modules/patch-tools/uninstall.bat index 8f17a1ba43..7d777ee27b 100644 --- a/modules/patch-tools/uninstall.bat +++ b/modules/patch-tools/uninstall.bat @@ -21,39 +21,63 @@ if exist %~pd1Version.properties ( echo PercussionCMS installation detected... if exist backup ( echo Backup directory detected... ) else ( echo "Unable to rollback patch due to missing backup folder.";exit) -echo "Reverting Commons Text for CVE-2022-42889..." -copy /V /Z /D /Y backup\sys_resources\webapps\secure\WEB-INF\lib\commons-text-1.9.jar %~pd1sys_resources\webapps\secure\WEB-INF\lib\commons-text-1.9.jar -del /F /Q %~pd1sys_resources\webapps\secure\WEB-INF\lib\commons-text-1.10.0jar +if exist backup\sys_resources\webapps\secure\WEB-INF\lib\commons-text-1.9.jar ( + echo "Reverting Commons Text for CVE-2022-42889..." + copy /V /Z /D /Y backup\sys_resources\webapps\secure\WEB-INF\lib\commons-text-1.9.jar %~pd1sys_resources\webapps\secure\WEB-INF\lib\commons-text-1.9.jar + del /F /Q %~pd1sys_resources\webapps\secure\WEB-INF\lib\commons-text-1.10.0jar -copy /V /Z /D /Y backup\jetty\defaults\lib\perc\commons-text-1.9.jar %~pd1jetty\defaults\lib\perc\ -del /F /Q %~pd1jetty\defaults\lib\perc\commons-text-1.10.0.jar + copy /V /Z /D /Y backup\jetty\defaults\lib\perc\commons-text-1.9.jar %~pd1jetty\defaults\lib\perc\ + del /F /Q %~pd1jetty\defaults\lib\perc\commons-text-1.10.0.jar -copy /V /Z /D /Y backup\rxconfig\SiteConfigs\$log$\lib\commons-text-1.9.ja %~pd1rxconfig\SiteConfigs\$log$\lib\ -del /F /Q %~pd1rxconfig\SiteConfigs\$log$\lib\commons-text-1.10.0.jar + copy /V /Z /D /Y backup\rxconfig\SiteConfigs\$log$\lib\commons-text-1.9.ja %~pd1rxconfig\SiteConfigs\$log$\lib\ + del /F /Q %~pd1rxconfig\SiteConfigs\$log$\lib\commons-text-1.10.0.jar -copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\commons-text-1.9.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ -del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\commons-text-1.10.0.jar + copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\commons-text-1.9.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ + del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\commons-text-1.10.0.jar +) -echo "Reverting Spring Security for CVE-2022-31692.." -copy /V /Z /D /Y backup\sys_resources\webapps\secure\WEB-INF\lib\spring-security-*-5.6.2.jar %~pd1sys_resources\webapps\secure\WEB-INF\lib\ -del /F /Q %~pd1sys_resources\webapps\secure\WEB-INF\lib\spring-security-*-5.6.9.jar +if exist backup\sys_resources\webapps\secure\WEB-INF\lib\spring-security-core-5.6.2.jar ( + echo "Reverting Spring Security for CVE-2022-31692.." + copy /V /Z /D /Y backup\sys_resources\webapps\secure\WEB-INF\lib\spring-security-*-5.6.2.jar %~pd1sys_resources\webapps\secure\WEB-INF\lib\ + del /F /Q %~pd1sys_resources\webapps\secure\WEB-INF\lib\spring-security-*-5.6.9.jar +) -echo "Reverting Apache Shiro for CVE-2022-40664 ..." -copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\shiro-*-1.7.1.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ -del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\shiro-*-1.10.0.jar +if exist backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\shiro-core-1.7.1.jar ( + echo "Reverting Apache Shiro for CVE-2022-40664 ..." + copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\shiro-*-1.7.1.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ + del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\shiro-*-1.10.0.jar +) echo "Reverting Percussion application updates to resolve issues..." -copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\test\sql.jsp %~pd1jetty\base\webapps\Rhythmyx\test\ +if exist backup\jetty\base\webapps\Rhythmyx\test\sql.jsp ( + copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\test\sql.jsp %~pd1jetty\base\webapps\Rhythmyx\test\ +) + +if exist backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\perc-system-8.1.2.1.jar ( + del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\perc-system-8.1.2.1.jar + copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\perc-system-8.1.2.1.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ +) else ( + del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\perc-system-8.1.2.1.jar + copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\perc-system-8.1.2.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ +) -copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\perc-system-8.1.2.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ -del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\perc-system-8.1.2.1.jar +if exist backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\sitemanage-8.1.2.1.jar ( + del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\sitemanage-8.1.2.1.jar + copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\sitemanage-8.1.2.1.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ +) else ( + del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\sitemanage-8.1.2.1.jar + copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\sitemanage-8.1.2.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ +) -copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\sitemanage-8.1.2.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ -del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\sitemanage-8.1.2.1.jar +if exist backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\rxutils-8.1.2.1.jar ( + del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\rxutils-8.1.2.1.jar + copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\rxutils-8.1.2.1.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ -copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\rxutils-8.1.2.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ -del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\rxutils-8.1.2.1.jar +) else ( + del /F /Q %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\rxutils-8.1.2.1.jar + copy /V /Z /D /Y backup\jetty\base\webapps\Rhythmyx\WEB-INF\lib\rxutils-8.1.2.jar %~pd1jetty\base\webapps\Rhythmyx\WEB-INF\lib\ +) echo -------------------------------------------- @@ -76,6 +100,5 @@ exit 0 :helpFunction echo( echo "Usage: %0 For example: %0 C:\Percussion\" - echo "Note: Include the trailing backslash in the path." echo( pause diff --git a/modules/patch-tools/uninstall.sh b/modules/patch-tools/uninstall.sh index d259b73fb1..3c2a1c700e 100755 --- a/modules/patch-tools/uninstall.sh +++ b/modules/patch-tools/uninstall.sh @@ -36,37 +36,68 @@ fi echo "Rolling back patch..." -echo "Reverting Commons Text for CVE-2022-42889..." -/bin/cp -rf backup/sys_resources/webapps/secure/WEB-INF/lib/commons-text-1.9.jar $INSTALL_DIR/sys_resources/webapps/secure/WEB-INF/lib/commons-text-1.9.jar -rm -f $INSTALL_DIR/sys_resources/webapps/secure/WEB-INF/lib/commons-text-1.10.0.jar - -/bin/cp -rf backup/jetty/defaults/lib/perc/commons-text-1.9.jar $INSTALL_DIR/jetty/defaults/lib/perc/commons-text-1.9.jar -rm -f $INSTALL_DIR/jetty/defaults/lib/perc/commons-text-1.10.0.jar +if [ -e "backup/sys_resources/webapps/secure/WEB-INF/lib/commons-text-1.9.jar" ] +then + echo "Reverting Commons Text for CVE-2022-42889..." + /bin/cp -rf backup/sys_resources/webapps/secure/WEB-INF/lib/commons-text-1.9.jar $INSTALL_DIR/sys_resources/webapps/secure/WEB-INF/lib/commons-text-1.9.jar + rm -f $INSTALL_DIR/sys_resources/webapps/secure/WEB-INF/lib/commons-text-1.10.0.jar -/bin/cp -rf backup/rxconfig/SiteConfigs/\$log\$/lib/commons-text-1.9.jar $INSTALL_DIR/rxconfig/SiteConfigs/\$log\$/lib/commons-text-1.9.jar -rm -f $INSTALL_DIR/rxconfig/SiteConfigs/\$log\$/lib/commons-text-1.10.0.jar + /bin/cp -rf backup/jetty/defaults/lib/perc/commons-text-1.9.jar $INSTALL_DIR/jetty/defaults/lib/perc/commons-text-1.9.jar + rm -f $INSTALL_DIR/jetty/defaults/lib/perc/commons-text-1.10.0.jar -/bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/commons-text-1.9.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/commons-text-1.9.jar -rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/commons-text-1.10.0.jar + /bin/cp -rf backup/rxconfig/SiteConfigs/\$log\$/lib/commons-text-1.9.jar $INSTALL_DIR/rxconfig/SiteConfigs/\$log\$/lib/commons-text-1.9.jar + rm -f $INSTALL_DIR/rxconfig/SiteConfigs/\$log\$/lib/commons-text-1.10.0.jar + /bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/commons-text-1.9.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/commons-text-1.9.jar + rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/commons-text-1.10.0.jar +fi -echo "Reverting Spring Security for CVE-2022-31692.." -/bin/cp -rf backup/sys_resources/webapps/secure/WEB-INF/lib/spring-security-*-5.6.2.jar $INSTALL_DIR/sys_resources/webapps/secure/WEB-INF/lib -rm -f $INSTALL_DIR/sys_resources/webapps/secure/WEB-INF/lib/spring-security-*-5.6.9.jar +if [ -e "backup/sys_resources/webapps/secure/WEB-INF/lib/spring-security-core-5.6.2.jar" ] +then + echo "Reverting Spring Security for CVE-2022-31692.." + /bin/cp -rf backup/sys_resources/webapps/secure/WEB-INF/lib/spring-security-*-5.6.2.jar $INSTALL_DIR/sys_resources/webapps/secure/WEB-INF/lib + rm -f $INSTALL_DIR/sys_resources/webapps/secure/WEB-INF/lib/spring-security-*-5.6.9.jar +fi -echo "Reverting Apache Shiro for CVE-2022-40664 ..." -/bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/shiro-*-1.7.1.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/ -rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/shiro-*-1.10.0.jar +if [ -e "backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/shiro-core-1.7.1.jar" ] +then + echo "Reverting Apache Shiro for CVE-2022-40664 ..." + /bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/shiro-*-1.7.1.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/ + rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/shiro-*-1.10.0.jar +fi echo "Reverting Percussion application updates that resolved issues..." -/bin/cp -rf backup/jetty/base/webapps/Rhythmyx/test/sql.jsp $INSTALL_DIR/jetty/base/webapps/Rhythmyx/test/sql.jsp +/bin/cp -rf backup/jetty/base/webapps/Rhythmyx/test/sql.jsp $INSTALL_DIR/jetty/base/webapps/Rhythmyx/test/sql.jsp + +if [ -e "backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/perc-system-8.1.2.1.jar" ] +then + rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/perc-system-8.1.2.1.jar + /bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/perc-system-8.1.2.1.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/perc-system-8.1.2.1.jar + +else + /bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/perc-system-8.1.2.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/perc-system-8.1.2.jar + rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/perc-system-8.1.2.1.jar +fi + +if [ -e "backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/sitemanage-8.1.2.1.jar" ] +then + rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/sitemanage-8.1.2.1.jar + /bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/sitemanage-8.1.2.1.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/sitemanage-8.1.2.1.jar +else + /bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/sitemanage-8.1.2.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/sitemanage-8.1.2.jar + rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/sitemanage-8.1.2.1.jar +fi -/bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/perc-system-8.1.2.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/perc-system-8.1.2.jar -rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/perc-system-8.1.2.1.jar +if [ -e "backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/rxutils-8.1.2.1.jar" ] +then + rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/rxutils-8.1.2.1.jar + /bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/rxutils-8.1.2.1.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/rxutils-8.1.2.1.jar -/bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/sitemanage-8.1.2.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/sitemanage-8.1.2.jar -rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/sitemanage-8.1.2.1.jar +else + /bin/cp -rf backup/jetty/base/webapps/Rhythmyx/WEB-INF/lib/rxutils-8.1.2.jar $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/rxutils-8.1.2.jar + rm -f $INSTALL_DIR/jetty/base/webapps/Rhythmyx/WEB-INF/lib/rxutils-8.1.2.1.jar +fi echo "--------------------------------------------" echo "Uninstall of Percussion CMS patch completed."