Security fix for RoundCube package 0.1-RC2.

Today, i have built a new RoundCube package for ISPConfig.
This package is the second package, which is based on RoundCube version 0.1-RC2 and is a security fix. The package is available here: http://ispconfig.bb-hosting.org/downloads/roundcube/roundcubemail-0.1-rc2.pkg

Some details:
-------------
- .htaccess files are added (as they came from RoundCube)
- A new sqlite database has been built according the instructions mentioned here: https://svn.roundcube.net/trunk/roundcubemail/INSTALL


I did not use Sqlite3, because it does no seems to work (yet) with RoundCUbe, as the documentations says:

* SQLite
--------
Sqlite requires specifically php5 (sqlite in php4 currently doesn't work with roundcube), and you need sqlite 2 (preferably 2.8) to setup the sqlite db (sqlite 3.x also doesn't work at the moment).

Special thanks to tensor, who requested me to update the package because of security issues!

I've contacted Till already and asked him to replace the old package with the new one, so it can be downloaded soon from ispconfig.org as well.

 

Just one question about this, in your tutorial to setup RoundCube manually: http://www.howtoforge.com/roundcube_webmail_ispconfig
in the step 4 you say to remove .htaccess files, is it still valid ?

Thanks

 

@Spy,
Adding the original .htaccess files is better, but will cause internal 500 server errors on a default ISPConfig server. If you want to use the .htaccess files, you should change the value for AllowOverride in the server’s http.conf or apache2.conf or add these lines within the Apache directive field of your RoundCube website:

<Directory "/var/www/webX/web">
Options FollowSymLinks
AllowOverride All
</Directory>

(WebX = the webnumber of the site, as created within ISPConfig).
In the mean time i've modified my howto http://www.howtoforge.com/roundcube_webmail_ispconfig and explained this within step 1.

 

ok thanks

 

Ok thanx !
But this package installs roundcube in /home/admispconfig/ispconfig/web/roundcubemail/roundcubemail and not in /home/admispconfig/ispconfig/web/roundcubemail.
Thus, an error occures when you click on the url given is ISPConfig: "The requested URL /roundcubemail/index.php was not found on this server."
https://www.mylittledomaine.org:81/roundcubemail/index.php ---> not working
https://www.mylittledomaine.org:81/roundcubemail/roundcubemail/index.php ---> works ! ... but not easy.

 

Oepss that was not what i wanted! i will update the package today again, so you can visit your webmail at http://www.anydomainonyourserver.tld/roundcubemail again/

Sorry for the inconvenious!

 

No probleme !
I thank you for your work !!!

 

Ok then, i rebuilt the package again in the right way. It can be downloaded from http://ispconfig.bb-hosting.org/downloads/roundcube/roundcubemail-0.1-rc2.pkg
I will contact Till, so that he can upload the rebuilt package to ispconfig.org again.

Before you install it first delete the previous RoundCube package within /home/admispconfig/ispconfig/web/

@mumbly,
Thanks for your feedback!
Fast and good are two things i guess...

 

Thanx a lot !!!
Works like a charm !

 

I've just updated my Roundcube package, too.
it works. Thank you.
Is there any option to show the currently installed version?
So I can see that update has been taken place.

Btw, this is more a question for the developers of ispconfig.
It seems it would be nice to display a detailed version an install history.
via web interface.
I think the same information is already there in ispconfig logs ...

 

Ups, I overlooked that. Should I repeat the update in the right way, now?

 

I mention the update instructions one more time:

Please remove the previous RoundCube package first. This can be done by executing the following commands:

rm /home/admispconfig/ispconfig/web/roundcubemail.tar
rm -r /home/admispconfig/ispconfig/web/roundcubemail
rm -r /home/admispconfig/ispconfig/web/tools/tools/roundcubemail

Then use the update manager within ISPConfig under Management > Updatemanager to perform the update. You can take these steps again, without any problems.


About the installed version:
On the moment within ISPConfig under tools, you see the text "RoundCube" to access your mail.
Maybe it's a nice idea to mention the version there like "RoundCube 0.1-rc2" instead of just "RoundCube".
It's not a detailed log but the ISPConfig manager within ISPConfig tells you already if the update is successful or not.

 

Thank you, I will do this a bit later today.
For Version informations , you said

so the Release information should something like based on RoundCube version 0.1-RC2_fix01 or something like that.
Otherwise is no information for the interested users to see, if a package was updated or not.
In our Case we are two people that are doing ISPConfig stuff. I wanted a way to clarify if something was done, or not.
But as I am said before it's more ISPConfig related and is a nice to have

 

not works

Hello,

I'm just installed your package on new server with latest ISPConfig, but webmail works on xhtps://domain.com:81/roundcubemail/index.php not on I expected xhttp://www.domain.com/roundcubemail/index.php

How to fix this ?

Best Regards,
Dmitry.

 

I don't understand what you mean with xhtps:// and xhttp:// I've just tested the RoundCube package again and it works as exepected. After installation, you should access your RoundCubemail via http(s)://www.anydomainonyourserver.tld:81/roundcubemail and even http(s)://anydomainonyourserver.tld:81/roundcubemail.

 

on domain

But If I want that it works on main apache, not on ispconfig apache ? what I must to do ?

 

Migrating roundcube database SQLITE to MYSQL

Please can someone help my make dump for sqlite.db in /home/admispconfig/ispconfig/web/roundcubemail/sqlite.db ?
I want use mysql databse for users configuration. I have mysql working configuration and now want import users settings.
I dont know how, im not familiar with sqlite db.

 

Please have a look here: http://www.sqlite.org/cvstrac/wiki?p=ConverterTools