Page 5 of 7
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Posted: Tue Jun 25, 2019 3:53 pm
by loadaccess_jt
loadaccess_jt wrote:Release 8.8.12.GA.3794.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.12_P3.
I just did an apt update/upgrade on all my servers (multi setup), restarted, left a new message open (with the image in my signature) and no longer appear to be having the issue.
If that changes I'll report back, but it looks like it's fixed (at least on the above version).
Turns out I was wrong, it was late and admittedly I didn't do much testing. It doesn't appear to affect new messages now, but on reply's it is still an issue.
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Posted: Tue Jun 25, 2019 8:09 pm
by toslan
gbkersey wrote:Amazing... I don't think they had time to test the patch to mbox war..... from the git log:
commit 302b9ec9d99004670e046af58919635618cbf739 (HEAD -> develop, origin/develop, origin/HEAD)
Author: Aumin Patel <auminpatel007@gmail.com>
Date: Tue Jun 11 14:55:01 2019 +0530
ZBUG-7209 : decoding the cid of inline images for owasp feature
commit a0a68883536d3baf0cb64fcea2f3d061a33218ec
Author: Aumin Patel <auminpatel007@gmail.com>
Date: Mon Jun 10 18:03:10 2019 +0530
ZBUG-7209 : adding html-decoder for inline images for owasp feature to decode the @ character
My date math is a bit suspect, but how many hours is it betewwn 3PM India time and noon Central Daylight time in the US??? Not very long...
Anyway, the fix that worked for me (so far) is just to revert the zimbra-mbox-war package to to the original version shipped with 8.8.12 - zimbra-mbox-war_8.8.12.1553847719 - then - su - zimbra -c "zmmailboxdctl restart"
I guess Quality Control is a thing of the past.
Could you explain in more detail this workaround?
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Posted: Wed Jun 26, 2019 12:24 am
by dominix
@toslan
that mean if you reinstall the package zimbra-mbox-war_8.8.12.1553847719 from the original install ( zcs-8.8.12_GA_3794.WHATEVER_64.20190329045002.tgz ) you will fix the bug, but you will not fix the breach that the P3 patch did fix.
that said, it doesn't worked for me...
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Posted: Wed Jun 26, 2019 6:38 am
by oetiker
Hi
I did unpack the two dpkg files the special thing is that only one file is different....
zimbra-mbox-war_8.8.12.1553847719-1.u16_amd64.deb
zimbra-mbox-war_8.8.12.1559550747-1.u16_amd64.deb
Code: Select all
diff -r orig p3
diff -r orig/control p3/control
2c2
< Version: 8.8.12.1553847719-1.u16
---
> Version: 8.8.12.1559550747-1.u16
5c5
< Installed-Size: 27358
---
> Installed-Size: 27423
diff -r orig/md5sums p3/md5sums
44c44
< cd1653b71b091cea5f77025ea01bd1ca opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-r239.jar
---
> b2f9662bc3c7e5d26161fe494dd2da2f opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
68c68
< f2e3f2561704b630b3a598009d553528 usr/share/doc/zimbra-mbox-war/changelog.Debian.gz
---
> 77456bf964fb0c0e517314e5b9c14f39 usr/share/doc/zimbra-mbox-war/changelog.Debian.gz
Only in p3/opt/zimbra/jetty_base/webapps/service/WEB-INF/lib: owasp-java-html-sanitizer-20190503.1.jar
Only in orig/opt/zimbra/jetty_base/webapps/service/WEB-INF/lib: owasp-java-html-sanitizer-r239.jar
Binary files orig/usr/share/doc/zimbra-mbox-war/changelog.Debian.gz and p3/usr/share/doc/zimbra-mbox-war/changelog.Debian.gz differ
I have in my patched version 8.8.12p3 both files
Code: Select all
431645 209 -rw-r--r-- 1 zimbra zimbra 194485 Jun 6 14:39 /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
431520 209 -r--r--r-- 1 root root 194485 Jun 6 14:50 /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
in the original pkg is only the file
owasp-java-html-sanitizer-r239.jar and in the new version is only the file
owasp-java-html-sanitizer-20190503.1.jarstrange...
and the two files are exactly the same ...
Code: Select all
# md5sum /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
b2f9662bc3c7e5d26161fe494dd2da2f /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
# md5sum /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
b2f9662bc3c7e5d26161fe494dd2da2f /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Posted: Wed Jun 26, 2019 6:42 am
by oetiker
original patched 8.8.12p3 the two files are the same:
Code: Select all
find /opt/zimbra -name owasp-java-html-sanitizer\* -exec md5sum {} \; -ls
b2f9662bc3c7e5d26161fe494dd2da2f /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
146166 192 -rw-r--r-- 1 zimbra zimbra 194485 Jun 6 14:39 /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-20190503.1.jar
b2f9662bc3c7e5d26161fe494dd2da2f /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
156534 192 -r--r--r-- 1 root root 194485 Jun 6 14:50 /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
install original
zimbra-mbox-war_8.8.12.1553847719-1.u16_amd64.deb from the zimbra 8.8.12 tar file
Code: Select all
find /opt/zimbra -name owasp-java-html-sanitizer\* -exec md5sum {} \; -ls
cd1653b71b091cea5f77025ea01bd1ca /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-r239.jar
148621 128 -rw-r--r-- 1 root root 127438 Mar 29 10:10 /opt/zimbra/jetty_base/webapps/service/WEB-INF/lib/owasp-java-html-sanitizer-r239.jar
b2f9662bc3c7e5d26161fe494dd2da2f /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
156534 192 -r--r--r-- 1 root root 194485 Jun 6 14:50 /opt/zimbra/lib/jars/owasp-java-html-sanitizer-r239.jar
they are different...
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Posted: Wed Jun 26, 2019 11:02 am
by mgarbin
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Posted: Wed Jun 26, 2019 11:23 am
by oetiker
this was not helping in my case .... bug is still there ...
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Posted: Wed Jun 26, 2019 3:18 pm
by Half-Ogre
Confirm that this fix is not working on 8.8.12p3 opensource. Also have few systems affected this bug.Its not critical but damn annoying.
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Posted: Wed Jun 26, 2019 3:20 pm
by juliano.morona
Unfortunately, this patch didn't solve the bug
Re: 8.8.12 Patch 3 breaks inline signatures and creates multiple attachments
Posted: Wed Jun 26, 2019 4:13 pm
by jered
I applied this, restarted zimbra, and reloaded my browser but this does not seem to have helped.
Is there some special step to rebuild the JS archives that are delivered to the browser?