The latest patch release is now available from Zimbra, it can be downloaded from the ZCS Repo - make sure you take a backup first and reboot after the patch is installed.
Details of the patch is on the Zimbra wiki here: https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P26
BTW, it looks as though Zimbra is back to building the OSS Version of Zimbra and it's available for Rocky Linux 8, download details are on the wiki Patch page.
I've just installed the patch on my Zextras build of ZCS without any noticeable effect on the server. 🙂
Is this patch available for Zextras build (ubuntu)?
I've upgraded using zcs-9.0.0_ZEXTRAS_20220713.UBUNTU18_64.20220705100434 and doing
apt install zimbra-ldap-patch
right after, but zmcontrol -v still reports an unknown patch version:
Release 9.0.0.ZEXTRAS.20220713.UBUNTU18.64 UBUNTU18_64 FOSS edition.
having a look at /usr/share/doc/zimbra-patch/changelog.Debian.gz reports:
zimbra-patch (9.0.0.1618926120.p14-1.u18) stable; urgency=medium
Hi @maxxer ,
synacor don't release anymore a complete patch for zimbra 9.
zimbra-patch is a metapackage that contain information about all the pieces to download for your upgrade, they stopped to deploy up to p14.
Well if you want to fully patch your zimbra 9 core you need to wait zextras build and then install over it... All the package that you find into zimbra repo are only a "little pieces of upgrade" .
@mgarbo actually the same with 8.8.15 returns the correct patch number:
zimbra-patch/sconosciuto 8.8.15.1658841204.p33-1.u16 amd64 [aggiornabile da: 8.8.15.1643980846.p30-1.u16]
@mgarbo actually the same with 8.8.15 returns the correct patch number:
zimbra-patch/sconosciuto 8.8.15.1658841204.p33-1.u16 amd64 [aggiornabile da: 8.8.15.1643980846.p30-1.u16]
Zimbra 8.8.15 is fully supported by Synacor patch.
Zimbra 9 not more.
@mgarbo thanks.
If only Zextras had open sourced their build system, we wouldn't have to wait so long! I hope they can build a patched version soon!
There are build scripts available from ianw1974 on the Zimbra forums and possibly others.
Just an update to my post above. The builds from Ian are here: https://zimbra-builds.lsltd.org/
I wonder if it's safe/possible to switch from Zextras build to Ian's ones. I guess I'll have to try. I saw the builds site, unfortunately the last files are from late May.
Also, Ian doesn't set BUILD_NO variable. It shouldn't matter in terms of LDAP upgrade and DB migrations, is it?
There should be no problem with that. When all the debacle with the patch problems I basically had a server that would receive inbound mail but nothing else. At that point I tried building a new test server which, at various points, I used both the Zextras build and one from Ian and upgraded one version with the same build from Zextras or Ian (depending on which order I was installing them) and that never caused me any problems. From the link I gave you earlier you'll find a link to the Zimbra github page.
@mgarbo thanks.
If only Zextras had open sourced their build system, we wouldn't have to wait so long! I hope they can build a patched version soon!
Hmmm, all the opensource code used by zextras for zimbra 9 build is the same that you can find on zimbra github, nothing more...
https://www.zextras.com/zextras-build-based-on-zimbra-official-repository/
Zextras doesn't maintain zimbra code, zextras help the community to do a zimbra 9 custom build, but is a "plus" of their service.
As told by @phoenix if you want to proceed to create your custom build you are free to do by your own.
Since we already have P26 installed, I assue we are not vulnerable to CVE-2022-37042, which is described here.
Is anyone able to confirm?
Hi mik, how did you do the upgrade to P26? with which procedure?
Thank you!
version compiled by zextras is on p25.
the vulnerability was fixed from path p26 for zimbra 9, and p33 for zimbra 8.8.15