Page 1 of 2
Updating Roundcube
Posted: Thu Apr 12, 2018 3:57 pm
by themanwhoisit
Hello.
Knows there anybody how to update the Roundcube version of VestaCP without killing it :D?
Re: Updating Roundcube
Posted: Thu Apr 12, 2018 6:52 pm
by yoko eagle
I have same problem. just see the top yellow bar about Security fix for Roundcube.
Anyone can guide me how to update it on vestacp? I use debian 9 machine.
Re: Updating Roundcube
Posted: Thu Apr 12, 2018 7:25 pm
by blockmarc
Hi,
That's the way I did it:
cd /
wget
https://github.com/roundcube/roundcubem ... 3.6.tar.gz
tar xfvz /roundcubemail-1.3.6.tar.gz
cd /roundcubemail-1.3.6/
sudo ./bin/installto.sh /var/lib/roundcube
cd /var/lib/roundcube
php composer.phar update --no-dev
I am also on Debian 9 here.
Please note:
Roundcube is stored here at: /var/lib/roundcube
Please check if it is the case on your machine.
Please check if roundcube running after upgrade.
I also must update that config file after upgrade:
/var/lib/roundcube/config/defaults.inc.php
at SMTP settings, in my case I need these settings:
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
Earlier I had problems after upgrading of roundcube with the connection to the DB. The problem was caused by resetted DB password. So just check your roundcube config file if any issue.
Good luck!
Re: Updating Roundcube
Posted: Thu Apr 12, 2018 8:49 pm
by floown
@blockmarc : it's the same process for a Ubuntu installation ? (16.04)
Thx
Re: Updating Roundcube
Posted: Thu Apr 12, 2018 11:29 pm
by dpeca
if ''archive'' plugin is not enabled in /etc/roudcube/config.inc.php (and it's not enabled in Debian by default -
https://github.com/serghey-rodin/vesta/ ... c.php#L380 ) then Roundcube can not be compromised using security flaw in ''archive'' plugin.
Confirmed by the man that discovered that security flaw.
But it's anyway always good idea to run:
apt-get update && apt-get upgrade -y
Re: Updating Roundcube
Posted: Fri Apr 13, 2018 4:16 am
by plutocrat
I have Ubuntu 16.04. My /var/lib/roundcube looks like this
Code: Select all
/var/lib/roundcube $: ls -hal
total 20K
drwxr-xr-x 5 root root 4.0K Apr 28 2017 .
drwxr-xr-x 62 root root 4.0K Mar 28 11:04 ..
lrwxrwxrwx 1 root root 14 Apr 6 2016 config -> /etc/roundcube
lrwxrwxrwx 1 root root 23 Apr 6 2016 .htaccess -> /etc/roundcube/htaccess
lrwxrwxrwx 1 root root 30 Apr 6 2016 index.php -> /usr/share/roundcube/index.php
lrwxrwxrwx 1 root root 19 Apr 6 2016 logs -> ../../log/roundcube
drwxr-xr-x 2 root root 4.0K Feb 17 2017 plugins
lrwxrwxrwx 1 root root 28 Apr 6 2016 program -> /usr/share/roundcube/program
lrwxrwxrwx 1 root root 31 Apr 6 2016 robots.txt -> /usr/share/roundcube/robots.txt
drwxr-xr-x 2 root root 4.0K Feb 17 2017 skins
drwxr-x--- 2 www-data www-data 4.0K Apr 6 2016 temp
i.e. it seems that roundcube is actually in /usr/share/roundcube/ and various files and directories are linked to it.
So I should presumably install to /usr/share/roundcube ?
Re: Updating Roundcube
Posted: Fri Apr 13, 2018 5:45 am
by plutocrat
Took a backup of /usr/share/roundcube and tried updating there.
Additionally copied a couple of files to the /etc/roundcube dir which is effectively /usr/share/roundcube/config
Ran composer update.
Code: Select all
/usr/share/roundcube $: php composer.phar install --no-dev
Loading composer repositories with package information
Initializing PEAR repository https://pear.php.net
Updating dependencies
Package operations: 2 installs, 5 updates, 2 removals
- Removing kolab/net_ldap3 (dev-master)
- Removing pear-pear.php.net/net_ldap2 (2.2.0)
- Installing composer/semver (dev-master 2b303e4): Cloning 2b303e43d1 from cache
- Updating roundcube/plugin-installer (0.1.8 => 0.1.9): Downloading (100%)
- Removing pear-pear.php.net/mail_mime (1.10.0)
- Installing pear-pear.php.net/mail_mime (1.10.2): Downloading (100%)
- Removing pear-pear.php.net/net_smtp (1.7.2)
- Installing pear-pear.php.net/net_smtp (1.7.3): Downloading (100%)
- Installing pear/net_socket (dev-master 7482c62): Cloning 7482c62dea from cache
- Updating pear/pear-core-minimal (v1.10.1 => v1.10.3): Downloading (100%)
- Updating roundcube/net_sieve (1.5.3 => 1.5.4): Downloading (100%)
Writing lock file
Generating autoload files
After doing this, I was able to log into roundcube, but no emails showed up in my inbox or sent folders. When I replaced the updated version with the original, my emails re-appeared.
Any ideas? No info is showing up in /var/log/roundcube
Re: Updating Roundcube
Posted: Fri Apr 13, 2018 5:59 am
by MAN5
I did updated Ubuntu 16.0.4 >> Apache2 >> Roundcube 1.3.6. SUCCESS..!
but in funny way.. :-)
YOU MUST DO YOUR SERVER BACKUP FIRST..!!!
1. Remove the current roundcube installation - completely -
BUT do not remove the database.. (It will ask on a red popup window. Choose to NO)
2. Reboot the whole server for sake..
3. Download, install fresh roundcube inside '/usr/share/roundcube'
Code: Select all
dpkg --get-selections | grep -i roundcube
apt-get remove <package name>
reboot now
-----------------------------------
mv /usr/share/roundcube /usr/share/roundcube-BKP
mkdir /usr/share/roundcube
cd /usr/share/roundcube/
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6-complete.tar.gz
tar -xvzf roundcubemail-1.3.6-complete.tar.gz
mv /usr/share/roundcube/roundcubemail-1.3.6/* /usr/share/roundcube/
#Make sure all files moved-out from folder roundcubemail-1.3.6. Dont know why the .htaccess file is not moving..
cp /usr/local/vesta/install/ubuntu/16.04/roundcube/apache.conf /etc/roundcube/apache.conf
ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf -f
cp /usr/local/vesta/install/ubuntu/16.04/roundcube/main.inc.php /etc/roundcube/main.inc.php
cp /usr/local/vesta/install/ubuntu/16.04/roundcube/db.inc.php /etc/roundcube/db.inc.php
cp /usr/local/vesta/install/ubuntu/16.04/roundcube/vesta.php /usr/share/roundcube/plugins/password/drivers/vesta.php
cp /usr/local/vesta/install/ubuntu/16.04/roundcube/config.inc.php /etc/roundcube/plugins/password/config.inc.php
#mysql -e "CREATE DATABASE roundcube"
mysql -e "GRANT ALL ON roundcube.*
TO roundcube@localhost IDENTIFIED BY '$r'"
sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php
mv /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php
mv /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php
chmod 640 /etc/roundcube/debian-db-roundcube.php
chown root:www-data /etc/roundcube/debian-db-roundcube.php
service apache2 restart
service vesta restart
Re: Updating Roundcube
Posted: Fri Apr 13, 2018 7:58 am
by DevilStar
MAN5 wrote: ↑Fri Apr 13, 2018 5:59 am
I did updated Ubuntu 16.0.4 >> roundcube 1.3.6. SUCCESS..!
...
site.name/webmail - 404 error now.
Re: Updating Roundcube
Posted: Fri Apr 13, 2018 8:01 am
by MAN5
could u able to see the files list inside '/usr/share/roundcube/' ?