Zimbra 10.1.2 Released - Please Post Patch/Upgrade Results Here

Ask questions about your setup or get help installing ZCS server (ZD section below).
User avatar
cayaraa
Outstanding Member
Outstanding Member
Posts: 344
Joined: Sat Sep 13, 2014 12:33 am
ZCS/ZD Version: ZCS 10 NE & ZCS 10 FOSS

Re: Zimbra 10.1.2 Released - Please Post Patch/Upgrade Results Here

Post by cayaraa »

JDunphy wrote: Wed Oct 09, 2024 4:51 pm Can we do something like this at the nginx level and restart the proxy until we can test and deploy this recent patch that may have non security related updates.

Code: Select all

    location ~* /(service|principals|dav|\.well-known|home|octopus|shf|user|certauth|spnegoauth|(zimbra/home)|(zimbra/user))/
    {
        # ZBUG-2706  Memcached poisoning with unauthenticated request
        if ($request_uri ~* "%0A|%0D") {
            return 403;
        }

        #%%% tmp until patch can be tested?
        if ($request_uri ~* "graphql"  && $request_method = GET) {
            return 403;
        }
I don't think the above code works (nginx doesn't like &&). I've been playing around with using this on my test site, and so far, it seems to be working:

Code: Select all

#%%% tmp until patch 10.0.10 can be tested
set $and 1;

if ($request_uri !~* "graphql") {
    set $and 0;
}
if ($request_method != GET) {
    set $and 0;
}
if ($and) {
    return 403;
}
In the following files:

/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.default.template
/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template
/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.template
/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.template

-Aaron
User avatar
wentum
Advanced member
Advanced member
Posts: 54
Joined: Fri Apr 04, 2014 10:49 am
Location: Pforzheim (Germany)
ZCS/ZD Version: Release 9.0.0.GA.3924 _P30
Contact:

Re: Zimbra 10.1.2 Released - Please Post Patch/Upgrade Results Here

Post by wentum »

Hello Aaron,

this sounds really cool!

I checked those mentioned files but I ask myself where to put it there?
Where did you put it to make it work?

Regards
Joerg
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 925
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 9.0.0_P42 NETWORK Edition

Re: Zimbra 10.1.2 Released - Please Post Patch/Upgrade Results Here

Post by JDunphy »

cayaraa wrote: Tue Oct 22, 2024 8:17 pm
I don't think the above code works (nginx doesn't like &&). I've been playing around with using this on my test site, and so far, it seems to be working:

-Aaron
Nice! ....Thanks for sharing your solution. The only other way I can think of given nginx's limited if directive or your working solution might be the following:

Code: Select all


location ~* /(service|principals|dav|\.well-known|home|octopus|shf|user|certauth|spnegoauth|(zimbra/home)|(zimbra/user))/ {

    # ZBUG-2706  Memcached poisoning with unauthenticated request 
    if ($request_uri ~* "%0A|%0D") {
        return 403;
    }

    # %%% tmp solution until running patched code that disables this.
    if ($request_method = GET) {
        rewrite ^(.*graphql.*) /forbidden last;
        # more rewrite rules below to block future exploits ;-)
    }
    ...
    ...
}

# %%% added to force query's we want to terminate
location = /forbidden {
    return 403;
}
I have not tested this (nginx -t).
User avatar
cayaraa
Outstanding Member
Outstanding Member
Posts: 344
Joined: Sat Sep 13, 2014 12:33 am
ZCS/ZD Version: ZCS 10 NE & ZCS 10 FOSS

Re: Zimbra 10.1.2 Released - Please Post Patch/Upgrade Results Here

Post by cayaraa »

wentum wrote: Wed Oct 23, 2024 12:27 pm Hello Aaron,

this sounds really cool!

I checked those mentioned files but I ask myself where to put it there?
Where did you put it to make it work?

Regards
Joerg
I was putting them under "# ZBUG-2706" just like JDunphy.

-Aaron
zmcontrol
Posts: 43
Joined: Fri Jul 24, 2020 12:43 am

Re: Send later not working

Post by zmcontrol »

jzzr wrote: Mon Oct 21, 2024 9:09 am Do you restart mailbox servers every night?
jzzr,

I checked and the 'send later' bug continued with or without mailboxd restarting.
However testing has been successful so far with the following commits:

https://github.com/Zimbra/zm-mailbox/co ... /ZBUG-4384
jzzr
Posts: 17
Joined: Fri Aug 12, 2022 5:03 pm

Re: Send later not working

Post by jzzr »

Hello,

Yes, we've just finished testing. And in addition to the bug when rebooting mailboxd, in addition to bug ZBUG-4384, there is a bug with ActiveSync under Android and “send later”.

An account that doesn't use Activesync is fine. But if the account synchronizes with ActiveSync, the message is not sent, it remains in the drafts.

Bug not reported to us before version 10.1.2
lytledd
Outstanding Member
Outstanding Member
Posts: 541
Joined: Sat Sep 13, 2014 12:54 am
ZCS/ZD Version: Release 10.1.0.GA.4200000.UBUNTU22

Re: Zimbra 10.1.2 Released - Please Post Patch/Upgrade Results Here

Post by lytledd »

Tried upgrading from Release 10.1.0.GA.4200000.UBUNTU22.64 UBUNTU22_64 FOSS edition to

zcs-10.1.2_GA_4200000.UBUNTU22_64.20240924075512.tgz

Running on Ubuntu 22.04.5 LTS with 4 Cores & 16GB memory. It failed in the middle of processing.

Both the install logs and the zmsetup logs show there were no errors, but the console output showed

Code: Select all

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/opt/zimbra/data/tmp/mysql/mysql.sock' (111 "Connection refused")
Sat Nov  9 10:31:45 2024: Error while running '/opt/zimbra/bin/mysql --user=zimbra --password=REDACTED --database=zimbra --batch --skip-column-names'.
Reverted the snapshop and then cloned the VM for futher testing.

Should this be a new thread?

Zimbra install logs
https://pastebin.com/hzAiWxTU

zmsetup logs

https://pastebin.com/rdSRNiZD

Thanks!

Doug
jzzr
Posts: 17
Joined: Fri Aug 12, 2022 5:03 pm

Re: Send later not working

Post by jzzr »

Hello,

We sent a case to support for 3 bugs with “send later”: bug when rebooting mailboxd, bug with ActiveSync, bug in mailbox.log (already reported with version 8.8.15).

Result: only the first one resulted in a BUG: ZBUG-4422.

...
User avatar
adrian.gibanel.btactic
Advanced member
Advanced member
Posts: 198
Joined: Thu Jan 30, 2014 11:13 am

Re: Zimbra 10.1.2 Released - Please Post Patch/Upgrade Results Here

Post by adrian.gibanel.btactic »

lytledd wrote: Sat Nov 09, 2024 4:08 pm Tried upgrading from Release 10.1.0.GA.4200000.UBUNTU22.64 UBUNTU22_64 FOSS edition to
zcs-10.1.2_GA_4200000.UBUNTU22_64.20240924075512.tgz

Should this be a new thread?
Unless stated otherwise this forum threads are about Synacor Zimbra NE binary releases.

According to your Zimbra version you seem to have an issue with a Maldua FOSS build. Either use their issues page or their specific thread here in the forum.
jzzr
Posts: 17
Joined: Fri Aug 12, 2022 5:03 pm

Re: Send later not working

Post by jzzr »

Hi

ZBUG-4541 : Bug with "send later" Activesync Android

if you synchronize the account with ActiveSync on Android => messages are not sent, it remains in the drafts

Prior to version 10.1.1, we had no feedback from users on this type of bug.
Post Reply