From 7ce41e3865da598d2af4102b82e888d2ffed586d Mon Sep 17 00:00:00 2001
From: gumida <gumida@users.noreply.github.com>
Date: Sun, 15 Nov 2020 12:54:34 +0000
Subject: [PATCH 1/3] Changed mta-sts.txt end of line from LF to CRLF per RFC
 8461 (#1863)

---
 conf/mta-sts.txt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/conf/mta-sts.txt b/conf/mta-sts.txt
index 26acc015..e7bdc4c4 100644
--- a/conf/mta-sts.txt
+++ b/conf/mta-sts.txt
@@ -1,4 +1,4 @@
-version: STSv1
-mode: MODE
-mx: PRIMARY_HOSTNAME
-max_age: 604800
+version: STSv1
+mode: MODE
+mx: PRIMARY_HOSTNAME
+max_age: 604800

From 7fd35bbd11a78f4f655e6f05a944a1b627b2e04e Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sun, 15 Nov 2020 17:17:36 -0500
Subject: [PATCH 2/3] Disable default Nextcloud apps that we don't support

Contacts and calendar are the only supported apps in Mail-in-a-Box.

Files can't be disabled.

Fixes #1864
---
 setup/nextcloud.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh
index c4b96f85..72b615aa 100755
--- a/setup/nextcloud.sh
+++ b/setup/nextcloud.sh
@@ -311,6 +311,9 @@ hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable
 sudo -u www-data php /usr/local/lib/owncloud/occ upgrade
 if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
 
+# Disable default apps that we don't support
+sudo -u www-data php /usr/local/lib/owncloud/occ app:disable photos dashboard activity
+
 # Set PHP FPM values to support large file uploads
 # (semicolon is the comment character in this file, hashes produce deprecation warnings)
 tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \

From b85b86e6de8c6b0d134a24122ae1b1a6f8e1d3a7 Mon Sep 17 00:00:00 2001
From: Victor <victorlap@outlook.com>
Date: Mon, 16 Nov 2020 12:03:41 +0100
Subject: [PATCH 3/3] Add download zonefile button to external DNS page (#1853)

Co-authored-by: Joshua Tauberer <jt@occams.info>
---
 api/mailinabox.yml                     | 27 +++++++++++++++++
 management/daemon.py                   |  8 ++++++
 management/dns_update.py               | 11 +++++++
 management/templates/custom-dns.html   |  2 +-
 management/templates/external-dns.html | 40 ++++++++++++++++++++++++++
 5 files changed, 87 insertions(+), 1 deletion(-)

diff --git a/api/mailinabox.yml b/api/mailinabox.yml
index a9a2c124..6358afb4 100644
--- a/api/mailinabox.yml
+++ b/api/mailinabox.yml
@@ -743,6 +743,31 @@ paths:
             text/html:
               schema:
                 type: string
+  /dns/zonefile/{zone}:
+      get:
+          tags:
+              - DNS
+          summary: Get DNS zonefile
+          description: Returns an array of all managed top-level domains.
+          operationId: getDnsZonefile
+          x-codeSamples:
+              - lang: curl
+                source: |
+                    curl -X GET "https://{host}/admin/dns/zonefile/<zone>" \
+                      -u "<email>:<password>"
+          responses:
+              200:
+                  description: Successful operation
+                  content:
+                      application/json:
+                          schema:
+                              $ref: '#/components/schemas/DNSZonefileResponse'
+              403:
+                  description: Forbidden
+                  content:
+                      text/html:
+                          schema:
+                              type: string
   /dns/update:
     post:
       tags:
@@ -2050,6 +2075,8 @@ components:
       items:
         $ref: '#/components/schemas/Hostname'
       description: DNS zones response.
+    DNSZonefileResponse:
+      type: string
     DNSSecondaryNameserverResponse:
       type: object
       required:
diff --git a/management/daemon.py b/management/daemon.py
index ffc6d5d5..3c19367b 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -1,3 +1,5 @@
+#!/usr/local/lib/mailinabox/env/bin/python3
+
 import os, os.path, re, json, time
 import multiprocessing.pool, subprocess
 
@@ -338,6 +340,12 @@ def dns_get_dump():
 	from dns_update import build_recommended_dns
 	return json_response(build_recommended_dns(env))
 
+@app.route('/dns/zonefile/<zone>')
+@authorized_personnel_only
+def dns_get_zonefile(zone):
+	from dns_update import get_dns_zonefile
+	return Response(get_dns_zonefile(zone, env), status=200, mimetype='text/plain')
+
 # SSL
 
 @app.route('/ssl/status')
diff --git a/management/dns_update.py b/management/dns_update.py
index 748f87f1..ccca69cd 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -564,6 +564,17 @@ $TTL 1800           ; default time to live
 
 	return True # file is updated
 
+def get_dns_zonefile(zone, env):
+	for domain, fn in get_dns_zones(env):
+		if zone == domain:
+			break
+	else:
+		raise ValueError("%s is not a domain name that corresponds to a zone." % zone)
+
+	nsd_zonefile = "/etc/nsd/zones/" + fn
+	with open(nsd_zonefile, "r") as f:
+		return f.read()
+
 ########################################################################
 
 def write_nsd_conf(zonefiles, additional_records, env):
diff --git a/management/templates/custom-dns.html b/management/templates/custom-dns.html
index 6984b081..b1b98b9b 100644
--- a/management/templates/custom-dns.html
+++ b/management/templates/custom-dns.html
@@ -89,7 +89,7 @@
   <div class="form-group">
     <div class="col-sm-offset-1 col-sm-11">
       <p class="small">
-        Multiple secondary servers can be separated with commas or spaces (i.e., <code>ns2.hostingcompany.com ns3.hostingcompany.com</code>). 
+        Multiple secondary servers can be separated with commas or spaces (i.e., <code>ns2.hostingcompany.com ns3.hostingcompany.com</code>).
         To enable zone transfers to additional servers without listing them as secondary nameservers, add an IP address or subnet using <code>xfr:10.20.30.40</code> or <code>xfr:10.0.0.0/8</code>.
       </p>
       <p id="secondarydns-clear-instructions" style="display: none" class="small">
diff --git a/management/templates/external-dns.html b/management/templates/external-dns.html
index 6d8f677a..0634ec82 100644
--- a/management/templates/external-dns.html
+++ b/management/templates/external-dns.html
@@ -42,6 +42,19 @@
 	You may need to adopt this technique when adding DomainKeys. Use a tool like <code>named-checkzone</code> to validate your zone file.
 </p>
 
+<h3>Download zonefile</h3>
+<p>You can download your zonefiles here or use the table of records below.</p>
+<form class="form-inline" role="form" onsubmit="do_download_zonefile(); return false;">
+    <div class="form-group">
+        <div class="form-group">
+            <label for="downloadZonefile" class="control-label sr-only">Zone</label>
+            <select id="downloadZonefile" class="form-control" style="width: auto"> </select>
+        </div>
+        <button type="submit" class="btn btn-primary">Download</button>
+    </div>
+</form>
+
+<h3>Records</h3>
 
 <table id="external_dns_settings" class="table">
 	<thead>
@@ -57,6 +70,18 @@
 
 <script>
 function show_external_dns() {
+  api(
+    "/dns/zones",
+    "GET",
+    { },
+    function(data) {
+        var zones = $('#downloadZonefile');
+        zones.text('');
+        for (var j = 0; j < data.length; j++) {
+            zones.append($('<option/>').text(data[j]));
+        }
+    });
+
   $('#external_dns_settings tbody').html("<tr><td colspan='2' class='text-muted'>Loading...</td></tr>")
   api(
     "/dns/dump",
@@ -84,4 +109,19 @@ function show_external_dns() {
       }
     })
 }
+
+function do_download_zonefile() {
+    var zone = $('#downloadZonefile').val();
+
+    api(
+        "/dns/zonefile/"+ zone,
+        "GET",
+        {},
+        function(data) {
+            show_modal_error("Download Zonefile", $("<pre/>").text(data));
+        },
+        function(err) {
+            show_modal_error("Download Zonefile (Error)", $("<pre/>").text(err));
+        });
+}
 </script>