Can someone be kind enough to write a small how-to to remove and install those components??
I can't, I m too damm tired of this ...
I have my restored server on standby until tomorrow 5 am WEST.
After that I start it and open my firewall for incoming mails ... but this one has almost 7 hrs of emails in it ...
Let's hope for the best.
Hi @jasgg_it,
I wrote up the Ubuntu instructions https://forums.zimbra.org/viewtopic.php?f=13&t=70843&p=305284#p305284
Rather than removing and installing, I downgraded the packages using apt-get install package=version.
You can get the version number by using apt-cache showpkg packagename
For the four modules noted, it would be something like:
sudo apt-cache showpkg zimbra-core-components sudo apt-cache showpkg zimbra-jetty-distribution sudo apt-cache showpkg zimbra-ldap-components sudo apt-cache showpkg zimbra-openjdk
Each line spits out a lot of stuff but the most important thing is the current and prior versions.
For some reason, my system did not have zimbra-lapd-components installed although it was available.
In this case I used the referenced version numbers with the package name as follows:
sudo apt-get install zimbra-core-components=3.0.11-1zimbra8.8b1.18.04 sudo apt-get install zimbra-jetty-distribution=9.4.18.v20190429-2.u18 sudo apt-get install zimbra-openjdk=13.0.1-1zimbra8.8b1.18.04 #and optionally??? sudo apt-get install zimbra-ldap-components=2.0.5-1zimbra8.8b1.18.04
This approach should preserve the dependencies.
After that you should be able to do a zmcontrol restart or start/stop
When I did it, I ran into another issue where starting slapd caused the start to request a password. After doing some digging on this issue in other contexts, I dug into the /etc/sudoer.d configuration files and found that slapd was not being authorized to run with No password.
The wiki article (here) https://wiki.zimbra.com/index.php?title=Sudoers on this subject was informative and helped resolve the issue. The bottom line was that the 02_zimbra-ldap configuration file was missing from /etc/sudoers.d/
The contents of that file is a single line used to authorize slapd:
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
Once that was installed in /etc/sudoers.d, I was able to restart zimbra. Hopefully these instructions will help you.
Very disappointing experience.
Solution for Ubuntu posted on Zimbra Forum::
https://forums.zimbra.org/viewtopic.php?f=13&t=70843&p=305286#p305286
I don't know when this post will be available because I just registered this forum account and all my posts are in state "Awaiting moderation"
Anyway, for those of you who are using Ubuntu 18.04 LTS with zimbra 9.0.0.ZEXTRAS.20220402.UBUNTU18.64) this package downgrade will fix it:
apt-get install zimbra-openjdk=13.0.1-1zimbra8.8b1.18.04 zimbra-core-components=3.0.11-1zimbra8.8b1.18.04 zimbra-jetty-distribution=9.4.18.v20190429-2.u18 zimbra-ldap-components=2.0.5-1zimbra8.8b1.18.04
I can confirm these steps worked for me!
Along with the ldap line in the sudoers.d file the above solution worked for us. Did need a full reboot to get the MTA back up which we suspect related to postdrop being rogue in our situation.
We also lost the cerificate installs and zextras theme but that was probably from our attempts to install previous fixes that didnt work.
All is now back up and working which is a relief but underlines there is a problem with the way things are working with Zextra's OSE 9 builds (& their effort on Carbonio) and Zimbra and their determination to diminsh the OSS involvement.
Not sure where we go from here. We have used Zimbra since 2005 and now we are unconvinced the original aims are still valid. Will Carbonio fill the gap and not be so reliant on Zimbra upstream?
Lots to think on, but thanks very much to the Zextras and Zimbra community for getting us here.
While we are good for now on the mailbox issue, I start to worry on whether or not we are protected on cve-2022-27924.
I tried understanding what exactly is the vector of attack and how to protect my server against it. But the CVE does not give much detail.
Any ideas anyone?
My server has automatic updates ON so this morning as done another update ...
But this time I m on it ... now the LDAP service is not starting ...
Starting ldap...Done. Failed. /opt/zimbra/libexec/zmslapd: line 23: /opt/zimbra/common/libexec/slapd: No such file or directory /opt/zimbra/libexec/zmslapd: line 23: /opt/zimbra/common/libexec/slapd: No such file or directory /opt/zimbra/libexec/zmslapd: line 23: /opt/zimbra/common/libexec/slapd: No such file or directory /opt/zimbra/libexec/zmslapd: line 23: /opt/zimbra/common/libexec/slapd: No such file or directory /opt/zimbra/libexec/zmslapd: line 23: /opt/zimbra/common/libexec/slapd: No such file or directory /opt/zimbra/libexec/zmslapd: line 23: /opt/zimbra/common/libexec/slapd: No such file or directory /opt/zimbra/libexec/zmslapd: line 23: /opt/zimbra/common/libexec/slapd: No such file or directory Failed to start slapd. Attempting debug start to determine error.
But if I install the:
sudo apt-get install zimbra-ldap-components=2.0.5-1zimbra8.8b1.18.04
It will ...
This is a full mess ...
PS - Yesterday happened the same, and when I did the upgrade to the P25 patch, it asked me to install the LDAP !!
Was a strange question but I said YES, and after the installation and running the installation of the affected components all started ok.
Hi to all,
as you noticed zimbra has released P25 and this patch seems to have a lot o problems, yesteday they suggest to hold off all the download to this patch and blocked all te connection to their repo.
I suggest you to follow this page : https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P25
After that you need to wait that zextras release the new version that allow you to upgrade or install it to P25.
Hi, is there a solution in Ubuntu 20.04 like in Ubuntu 18.04 and CentOS 7?
Thanks in advance.
Hi,
the solution for Ubuntu 20.04 with the latest zextras zimbra 9.0.0 version is to downgrade the mentioned packages:
apt-get install zimbra-openjdk=13.0.1-1zimbra8.8b1.20.04 zimbra-core-components=3.0.11-1zimbra8.8b1.20.04 zimbra-jetty-distribution=9.4.18.v20190429-2.u20 zimbra-ldap-components=2.0.5-1zimbra8.8b1.20.04
After the downgrade mailboxd is starting again.
Our installed version (downloaded this morning):
zimbra@mail01:~$ zmcontrol -v Release 9.0.0.ZEXTRAS.20220402.UBUNTU20.64 UBUNTU20_64 FOSS edition.
No we are waiting for P25 to be compiled/released by zextras.
Hello,
Is there any solution for this?
As reported when apply P25 we are facing too many problems with Zimbra Services
Regards
@lando4k2 Are you have some problems with login in in admin panel/web mail/imap after rollback this packeges? Becouse today i was try to install lates zextras build of zimbra on ubuntu 20.04, and after aply this method yes zimbra begisn start succesfull, but logins not working, give back error "Authentication failes"
@ccesario no, I downloaded it yesterday for Centos 8 Stream. I can install it (after changing centos-release and os-release) but mailboxes isn't starting. Always JVM issues that remains blocked.
I tried in a clean install and on an existing server. Same results.
People who use CentOS7 is facing this problem? or not?
@funifuni yes.
I'm using CentOS 8 Stream and two days ago I tried a clean install and got exactly the same issue.
@funifuni I have just read the zimbra blog about the incident.
https://blog.zimbra.com/2022/06/update-on-june-2022-zimbra-patch-release/#comments
From a comment on this blog specifying Centos it looks like "yes" Centos is affected as well. (but no version is mentioned)
regards. (matane)