ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Kopano Upgrade to 8.5.8

Kopano version 8.5.8 provides an important fix for two critical CVE's (CVE-2018-8950 and CVE-2018-8951).

Unfortunately, Kopano's recommend upgrade process to patch these vunerabilities makes it difficult or too risky to automatically deploy these packages via the regular ClearOS update process.

You can read more about the Kopano upgrade here.

Kopano on ClearOS

If you are running Kopano on ClearOS 7, it is likely version 8.4.5. You will need to upgrade to Kopano 8.5.8 (2018-04-20).

There are different instructions depending on if you upgraded from Zarafa or if had a fresh Kopano installation. Please look at the mysql_database parameter in /etc/kopano/server.cfg e.g.

grep mysql_database /etc/kopano/server.cfg

For this article we'll call the mysql_database you find DATABASE. Most of the instructions are common using the DATABASE parameter. The mysql user is the same as the DATABASE.

Stop incoming mail

Stop any incoming mail…close your firewall, port 25 from Webconfig. New mail coming in will usually attempt re-delivery so you won't lose any messages.

Stop Kopano Services

systemctl stop kopano-server.service
systemctl stop kopano-gateway.service

Backup the Database

If you don't have an up to date backup of the database, now is a good time to start.

Get the Kopano database password:

  [root@system]# cat /var/clearos/system_database/DATABASE

Then dump the database:

  [root@system]# /usr/clearos/sandbox/usr/bin/mysqldump -uDATABASE -p"xxx" DATABASE > /tmp/kopano.dmp

Where xxx is the password retrieved from the first step.

Perform the Upgrade

  ENABLE_BETA=True yum upgrade "*kopano*" "lib*" "python*"

If you use z-push also do:

  ENABLE_BETA=True yum upgrade zarafa-z-push

The “ENABLE_BETA” flag allows you to access the repository where the 8.5.8 packages reside. These packages are not considered to be of 'beta' quality. They have been released by Kopano for production use and verified with their community/customers and ClearCenter's own internal QA team.

Check Database

If you have previously upgrade from Zarafa, your database and username may be 'zarafa' and not 'kopano'. Use the value of DATABASE looked up earlier in the instructions

Login to the system database using the “xxx” password obtained above.

  /usr/clearos/sandbox/usr/bin/mysql -uDATABASE -p"xxx" DATABASE

Run:

  mysql> SELECT MAX(id) from names;

If this returns a value of 31485 or higher, there are too many entries and the database needs to be cleaned.

Run:

  mysql> select namestring, count(*) as c from names group by guid,nameid,namestring having c>=2;

If this returns any row(s), the database is inconsistent and needs to be cleaned.

If either of the two cases indicate areas for concern, run from the command line:

  kopano-dbadm np-stat
  kopano-dbadm k-1216

The clean-up can take a while depending on your database size and hardware configuration.

If you have any issues, check Kopano's troubleshooting guide.

Check all cfg files exist

Check that following cfg files exist in /etc/kopano:

gateway.cfg
ical.cfg
ldap.cfg
presence.cfg
search.cfg
server.cfg
spooler.cfg
presence.cfg

If any are missing, copy in the config files template from /usr/share/doc/kopano/example-config.

You can copy and paste the following into the command line to check and correct:

KOPANO_CFG="gateway.cfg ical.cfg ldap.cfg presence.cfg search.cfg server.cfg spooler.cfg presence.cfg"
for cfg in $KOPANO_CFG; do
    if [ ! -f "/etc/kopano/$cfg" ]; then
        cp "/usr/share/doc/kopano/example-config/$cfg" "/etc/kopano/"
        chown root.kopano "/etc/kopano/$cfg"
        chmod 640 "/etc/kopano/$cfg"
    fi
done;

# The last line is intentionally blank to allow an easy copy and paste

Run ClearOS Upgrade Script

Run the following script to fix systemctl unit files for Kopano:

      /usr/clearos/apps/kopano/deploy/upgrade

This should be unnecessary as it has already run as part of the yum upgrade, but let's do it anyway.

Start up Services

Run:

  kopano-condrestart 

Open Your Firewall

Re-Open Port 25 on your firewall to allow new mail to come in.

Zarafa on ClearOS

ClearOS 6

Unfortunately, if you are running Zarafa on ClearOS 6, you have no alternative to patch these vulnerabilities other than upgrading to ClearOS 7 and Kopano.

Follow the upgrading 6 to 7 knowledge base article here.

ClearOS 7

If you on ClearOS 7, an upgrade to Kopano will work. Follow the Zarafa to Kopano upgrade documentation here.

On completed upgrade, follow the steps at the start of this knowledgbase article to upgrade to 8.5.8.

Related links

content/en_us/kb_kopano_upgrade_8.5.8.txt · Last modified: 2019/07/01 07:05 by nickh

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Akb_kopano_upgrade_8.5.8&1563399150