The way I understand it, and I'm happy for someone to correct me if I'm wrong, but I believe that the patch updates supplied by an rpm/deb repository were simply to allow you to apply those patches without having to build Zimbra from scratch and running ./install.sh to update your system.
Previously, with at least Zimbra 8 or earlier versions, the rpm/deb repositories didn't exist, so upgrades in the past were done by ./install.sh by downloading the quarterly compiled OSE/FOSS build that Zimbra at the time (under previous ownership like Yahoo/EMC/VMware). It was only until a certain 8.x release that the rpm/deb repositories became available allowing for updates to be applied to the system and thus not requiring another compile.
Since the latest updates relating to the patches that were applied late last year when 3 certain vulnerable files were deleted were patched and released via the repositories for Zimbra 8.x, for anyone running Zimbra 9 or later, I had to patch manually in my scripts prior to building. Subsequently, approximately 3 weeks later those patches did make it into the Zimbra repositories. At this point, it was no longer required for my scripts to patch Zimbra, I could then rely on Zimbra's build repositories.
Therefore, providing that patches make it to the Zimbra build repositories, and I or anyone else builds an updated Zimbra every quarter or however often they want, then those patches will be included in the build. It does however mean running ./install.sh to then upgrade your system, rather than rely on those patches coming through a rpm/deb repository that no longer exists for Zimbra 9 or higher.
If the patches do not make it into the Zimbra build repositories, then it will mean manual intervention like what I did a few months back by patching prior to building. Either way, a build was made that included that patch.
Previously, with at least Zimbra 8 or earlier versions, the rpm/deb repositories didn't exist, so upgrades in the past were done by ./install.sh by downloading the quarterly compiled OSE/FOSS build that Zimbra at the time (under previous ownership like Yahoo/EMC/VMware). It was only until a certain 8.x release that the rpm/deb repositories became available allowing for updates to be applied to the system and thus not requiring another compile.
Since the latest updates relating to the patches that were applied late last year when 3 certain vulnerable files were deleted were patched and released via the repositories for Zimbra 8.x, for anyone running Zimbra 9 or later, I had to patch manually in my scripts prior to building. Subsequently, approximately 3 weeks later those patches did make it into the Zimbra repositories. At this point, it was no longer required for my scripts to patch Zimbra, I could then rely on Zimbra's build repositories.
Therefore, providing that patches make it to the Zimbra build repositories, and I or anyone else builds an updated Zimbra every quarter or however often they want, then those patches will be included in the build. It does however mean running ./install.sh to then upgrade your system, rather than rely on those patches coming through a rpm/deb repository that no longer exists for Zimbra 9 or higher.
If the patches do not make it into the Zimbra build repositories, then it will mean manual intervention like what I did a few months back by patching prior to building. Either way, a build was made that included that patch.
Statistics: Posted by ianw1974 — Sat Feb 03, 2024 2:06 pm