1 Topic by dmitridb (edited by dmitridb 2014-02-09 03:34:47)

  • dmitridb
  • Member
  • Offline
  • Registered: 2014-02-06
  • Posts: 5

Topic: [SOLVED]OpenBSD 5.4-stable & roundcubemail from possibly outdated pkgs

Obligatory requirements...

iRedMail version: 0.8.6
DB Backend: mysql
OS version: OpenBSD 5.4-stable

So here's the scenario... TL;DR I'd like iRedMail's scripts to use the RCM_USE_SOURCE directive on OpenBSD instead of the package versions.

I've tried installing iRedMail to an OpenBSD server, and noticed that it installs an old version of roundcubemail from the available packages. I guessed that there's some kind of backpatch stuff going on like in debian stable to the old version -- For example, this http://www.debian.org/security/2013/dsa-2787 as well as this https://lists.debian.org/debian-securit … 00198.html shows that they've patched things to account for security holes in roundcubemail in the debian packages. Fantastic and all, but I've no idea if this is the case for the OpenBSD packages, and asking around it seems not.

The consensus from some other OpenBSD users on freenode was to upgrade to 5.5-beta (formerly 5.4-current) if I want a guarantee of some up-to-date roundcubemail packages, as there's no indication that there's any fixes in the 5.4-stable packages, and a check in the OpenBSD snapshot packages indeed does show that -beta/-current has this particular goody in there, but I decided to try and take a different route which negates the need to mess around with the OS that much. Noticing that in iRedMail-0.8.6/conf/roundcube we have something of a switch on line 40 for OpenBSD that looks something like: export RCM_USE_SOURCE='NO' , I was hoping that it'd be as simple as switching that to 'YES' in order to cause the scripts to use the source version from tarball of roundcubemail according to the only greppable check I can find for RCM_USE_SOURCE, in the rcm_install() function contained in functions/roundcubemail.sh, but it appears this is not the case -- Running the installation of iRedMail left me with the potentially sketchy OpenBSD 5.4-stable package version of things still (roundcubemail 0.9.2), as according to this:

http://www.cvedetails.com/vulnerability … dcube.html

I'm supposing that there's additional steps that I'll have to take in order to get a fresher version of Roundcube working with things, but I'm kind of stumped as to where to go and kind of out of time what with time constraints to figure it out myself right away. I have to go through the process of reinstalling OpenBSD and throwing iRedMail on top of it once more, as there's no uninstall scripts at all for this whole thing for OpenBSD. I'd like to keep the shell-scripted install of roundcube via iRedMail's tightly-integrated scripts as clean as possible. Does anyone have any direction as to what I'd be able to do in order to work this out properly, or have any idea if this package is somehow safe?

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,091

Re: [SOLVED]OpenBSD 5.4-stable & roundcubemail from possibly outdated pkgs

I didn't try to use Roundcube source tarball on OpenBSD, but i can help test it.
Come back to you later.

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,091

Re: [SOLVED]OpenBSD 5.4-stable & roundcubemail from possibly outdated pkgs

Here's patch based on the latest DEVELOPMENT version of iRedMail, you can edit related files in iRedMail-0.8.6 manually.
Let me know whether it works for you or not.

Maybe we should switch to source tarball for Roundcube on OpenBSD? Binary packages are not updated when new version of Roundcube is available.

diff -r 5dd90f7fa829 iRedMail/conf/roundcube
--- a/iRedMail/conf/roundcube    Thu Feb 06 11:23:28 2014 +0800
+++ b/iRedMail/conf/roundcube    Fri Feb 07 12:51:54 2014 +0800
@@ -35,12 +35,12 @@
     export RCM_HTTPD_ROOT="${HTTPD_SERVERROOT}/roundcube"
     export RCM_HTTPD_ROOT_SYMBOL_LINK="${RCM_HTTPD_ROOT}"
 
-elif [ X"${DISTRO}" == X'OPENBSD' ]; then
+#elif [ X"${DISTRO}" == X'OPENBSD' ]; then
     # Install Roundcube with binary package
-    export RCM_USE_SOURCE='NO'
+    #export RCM_USE_SOURCE='NO'
 
-    export RCM_HTTPD_ROOT="${HTTPD_SERVERROOT}/roundcubemail"
-    export RCM_HTTPD_ROOT_SYMBOL_LINK="${RCM_HTTPD_ROOT}"
+    #export RCM_HTTPD_ROOT="${HTTPD_SERVERROOT}/roundcubemail"
+    #export RCM_HTTPD_ROOT_SYMBOL_LINK="${RCM_HTTPD_ROOT}"
 
 else
     export RCM_HTTPD_ROOT="${HTTPD_SERVERROOT}/roundcubemail-${RCM_VERSION}"
diff -r 5dd90f7fa829 iRedMail/functions/packages.sh
--- a/iRedMail/functions/packages.sh    Thu Feb 06 11:23:28 2014 +0800
+++ b/iRedMail/functions/packages.sh    Fri Feb 07 12:51:54 2014 +0800
@@ -265,7 +265,8 @@
     # Roundcube
     if [ X"${USE_RCM}" == X"YES" ]; then
         if [ X"${DISTRO}" == X'OPENBSD' ]; then
-            ALL_PKGS="${ALL_PKGS} roundcubemail"
+            #ALL_PKGS="${ALL_PKGS} roundcubemail"
+            ALL_PKGS="${ALL_PKGS} php-pspell pecl-fileinfo"
 
             # MySQL driver for PHP, required by Roundcube.
             [ X"${BACKEND}" == X'OPENLDAP' ] && ALL_PKGS="${ALL_PKGS} php-pdo_mysql"
diff -r 5dd90f7fa829 iRedMail/pkgs/MD5.openbsd
--- a/iRedMail/pkgs/MD5.openbsd    Thu Feb 06 11:23:28 2014 +0800
+++ b/iRedMail/pkgs/MD5.openbsd    Fri Feb 07 12:51:54 2014 +0800
@@ -1,2 +1,3 @@
 0c3406444444c15d1c76a38500693a1c  misc/iRedAdmin-0.3.tar.bz2
 af334b09d503e0257080928eb8666837  misc/iRedAPD-1.4.2.tar.bz2
+757f6ab3306d4abf8da6664ae65138d7  misc/roundcubemail-0.9.5.tar.gz

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,091

Re: [SOLVED]OpenBSD 5.4-stable & roundcubemail from possibly outdated pkgs

Well, i updated development version of iRedMail, it's now easier to switch to use Roundcube source tarball. Just set 'RCM_USE_SOURCE' to 'YES' in conf/roundcube.

https://bitbucket.org/zhb/iredmail/comm … 7480dc63c8
https://bitbucket.org/zhb/iredmail/comm … 542a975116

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,091

Re: [SOLVED]OpenBSD 5.4-stable & roundcubemail from possibly outdated pkgs

By the way, you can use this third-party service to update binary packages for OpenBSD -stable:
https://stable.mtier.org/index.php

6 Reply by dmitridb

  • dmitridb
  • Member
  • Offline
  • Registered: 2014-02-06
  • Posts: 5

Re: [SOLVED]OpenBSD 5.4-stable & roundcubemail from possibly outdated pkgs

Wonderful, thanks for the prompt reply and wonderful product altogether, it's fantastic! OpenBSD wasn't working back home in virtualbox to test it right away, but I've managed to test it just now, and I can confirm the patch in the development tree works great. However, we were also able to update roundcubemail within its own facilities to do an update on itself as well just in case anyone else reading this might find it handy.