Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

Updating Roundcube

https://forum.vestacp.com/viewtopic.php?f=41&t=16660

Page 1 of 2

Updating Roundcube

Posted: Thu Apr 12, 2018 3:57 pm
by themanwhoisit
Hello.
Knows there anybody how to update the Roundcube version of VestaCP without killing it :D?

Re: Updating Roundcube

Posted: Thu Apr 12, 2018 6:52 pm
by yoko eagle
I have same problem. just see the top yellow bar about Security fix for Roundcube.
Anyone can guide me how to update it on vestacp? I use debian 9 machine.

Re: Updating Roundcube

Posted: Thu Apr 12, 2018 7:25 pm
by blockmarc
Hi,
That's the way I did it:



cd /

wget https://github.com/roundcube/roundcubem ... 3.6.tar.gz

tar xfvz /roundcubemail-1.3.6.tar.gz

cd /roundcubemail-1.3.6/

sudo ./bin/installto.sh /var/lib/roundcube

cd /var/lib/roundcube

php composer.phar update --no-dev



I am also on Debian 9 here.
Please note:
Roundcube is stored here at: /var/lib/roundcube
Please check if it is the case on your machine.

Please check if roundcube running after upgrade.

I also must update that config file after upgrade:

/var/lib/roundcube/config/defaults.inc.php

at SMTP settings, in my case I need these settings:

$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';


Earlier I had problems after upgrading of roundcube with the connection to the DB. The problem was caused by resetted DB password. So just check your roundcube config file if any issue.

Good luck!

Re: Updating Roundcube

Posted: Thu Apr 12, 2018 8:49 pm
by floown
@blockmarc : it's the same process for a Ubuntu installation ? (16.04)

Thx

Re: Updating Roundcube

Posted: Thu Apr 12, 2018 11:29 pm
by dpeca
if ''archive'' plugin is not enabled in /etc/roudcube/config.inc.php (and it's not enabled in Debian by default - https://github.com/serghey-rodin/vesta/ ... c.php#L380 ) then Roundcube can not be compromised using security flaw in ''archive'' plugin.

Confirmed by the man that discovered that security flaw.

But it's anyway always good idea to run:
apt-get update && apt-get upgrade -y

Re: Updating Roundcube

Posted: Fri Apr 13, 2018 4:16 am
by plutocrat
I have Ubuntu 16.04. My /var/lib/roundcube looks like this

Code: Select all

/var/lib/roundcube $: ls -hal
total 20K
drwxr-xr-x  5 root     root     4.0K Apr 28  2017 .
drwxr-xr-x 62 root     root     4.0K Mar 28 11:04 ..
lrwxrwxrwx  1 root     root       14 Apr  6  2016 config -> /etc/roundcube
lrwxrwxrwx  1 root     root       23 Apr  6  2016 .htaccess -> /etc/roundcube/htaccess
lrwxrwxrwx  1 root     root       30 Apr  6  2016 index.php -> /usr/share/roundcube/index.php
lrwxrwxrwx  1 root     root       19 Apr  6  2016 logs -> ../../log/roundcube
drwxr-xr-x  2 root     root     4.0K Feb 17  2017 plugins
lrwxrwxrwx  1 root     root       28 Apr  6  2016 program -> /usr/share/roundcube/program
lrwxrwxrwx  1 root     root       31 Apr  6  2016 robots.txt -> /usr/share/roundcube/robots.txt
drwxr-xr-x  2 root     root     4.0K Feb 17  2017 skins
drwxr-x---  2 www-data www-data 4.0K Apr  6  2016 temp
i.e. it seems that roundcube is actually in /usr/share/roundcube/ and various files and directories are linked to it.
So I should presumably install to /usr/share/roundcube ?

Re: Updating Roundcube

Posted: Fri Apr 13, 2018 5:45 am
by plutocrat
Took a backup of /usr/share/roundcube and tried updating there.
Additionally copied a couple of files to the /etc/roundcube dir which is effectively /usr/share/roundcube/config
Ran composer update.

Code: Select all

/usr/share/roundcube $: php composer.phar install --no-dev
Loading composer repositories with package information
Initializing PEAR repository https://pear.php.net
Updating dependencies                                          
Package operations: 2 installs, 5 updates, 2 removals
  - Removing kolab/net_ldap3 (dev-master)
  - Removing pear-pear.php.net/net_ldap2 (2.2.0)
  - Installing composer/semver (dev-master 2b303e4): Cloning 2b303e43d1 from cache
  - Updating roundcube/plugin-installer (0.1.8 => 0.1.9): Downloading (100%)         
  - Removing pear-pear.php.net/mail_mime (1.10.0)
  - Installing pear-pear.php.net/mail_mime (1.10.2): Downloading (100%)         
  - Removing pear-pear.php.net/net_smtp (1.7.2)
  - Installing pear-pear.php.net/net_smtp (1.7.3): Downloading (100%)         
  - Installing pear/net_socket (dev-master 7482c62): Cloning 7482c62dea from cache
  - Updating pear/pear-core-minimal (v1.10.1 => v1.10.3): Downloading (100%)         
  - Updating roundcube/net_sieve (1.5.3 => 1.5.4): Downloading (100%)         
Writing lock file
Generating autoload files
After doing this, I was able to log into roundcube, but no emails showed up in my inbox or sent folders. When I replaced the updated version with the original, my emails re-appeared.
Any ideas? No info is showing up in /var/log/roundcube

Re: Updating Roundcube

Posted: Fri Apr 13, 2018 5:59 am
by MAN5
I did updated Ubuntu 16.0.4 >> Apache2 >> Roundcube 1.3.6. SUCCESS..!
but in funny way.. :-)

YOU MUST DO YOUR SERVER BACKUP FIRST..!!!

1. Remove the current roundcube installation - completely - BUT do not remove the database.. (It will ask on a red popup window. Choose to NO)
2. Reboot the whole server for sake..
3. Download, install fresh roundcube inside '/usr/share/roundcube'

Code: Select all

dpkg --get-selections | grep -i roundcube
apt-get remove <package name>
reboot now
-----------------------------------
mv /usr/share/roundcube /usr/share/roundcube-BKP
mkdir /usr/share/roundcube
cd /usr/share/roundcube/
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6-complete.tar.gz
tar -xvzf roundcubemail-1.3.6-complete.tar.gz
mv /usr/share/roundcube/roundcubemail-1.3.6/* /usr/share/roundcube/
#Make sure all files moved-out from folder roundcubemail-1.3.6. Dont know why the .htaccess file is not moving..


cp /usr/local/vesta/install/ubuntu/16.04/roundcube/apache.conf /etc/roundcube/apache.conf
ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf -f
cp /usr/local/vesta/install/ubuntu/16.04/roundcube/main.inc.php /etc/roundcube/main.inc.php
cp /usr/local/vesta/install/ubuntu/16.04/roundcube/db.inc.php /etc/roundcube/db.inc.php
cp /usr/local/vesta/install/ubuntu/16.04/roundcube/vesta.php /usr/share/roundcube/plugins/password/drivers/vesta.php
cp /usr/local/vesta/install/ubuntu/16.04/roundcube/config.inc.php /etc/roundcube/plugins/password/config.inc.php

#mysql -e "CREATE DATABASE roundcube" 
mysql -e "GRANT ALL ON roundcube.*
TO roundcube@localhost IDENTIFIED BY '$r'"
sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php

mv /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php
mv /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php
chmod 640 /etc/roundcube/debian-db-roundcube.php
chown root:www-data /etc/roundcube/debian-db-roundcube.php

service apache2 restart
service vesta restart

Re: Updating Roundcube

Posted: Fri Apr 13, 2018 7:58 am
by DevilStar
MAN5 wrote:
Fri Apr 13, 2018 5:59 am
 I did updated Ubuntu 16.0.4 >> roundcube 1.3.6. SUCCESS..!
...
site.name/webmail - 404 error now.

Re: Updating Roundcube

Posted: Fri Apr 13, 2018 8:01 am
by MAN5
could u able to see the files list inside '/usr/share/roundcube/' ?
All times are UTC
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/