From 889118aeb65ded96df76d43e67a7bae8a81ac387 Mon Sep 17 00:00:00 2001 From: Michael Kroes Date: Sat, 5 Oct 2019 22:12:00 +0200 Subject: [PATCH 01/11] Upgraded Nextcloud to 16.0.5 (#1648) * Upgraded Nextcloud to 16.0.5 * Improved Nextcloud upgrade detection --- CHANGELOG.md | 7 +++++++ setup/nextcloud.sh | 16 ++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6688e676..a1bdab03 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ CHANGELOG ========= +Under Development +----------------- + +Software updates: + +* Upgraded Nextcloud from 15.0.8 to 16.0.5 (with Contacts from 3.1.1 to 3.1.4 and Calendar from 1.6.5 to 1.7.1) + v0.43 (September 1, 2019) ------------------------- diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index d5a8e7c5..99efebf8 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -40,18 +40,18 @@ InstallNextcloud() { # their github repositories. mkdir -p /usr/local/lib/owncloud/apps - wget_verify https://github.com/nextcloud/contacts/releases/download/v3.1.1/contacts.tar.gz a06bd967197dcb03c94ec1dbd698c037018669e5 /tmp/contacts.tgz + wget_verify https://github.com/nextcloud/contacts/releases/download/v3.1.4/contacts.tar.gz 297cb38c0ba9ba7ad7b8b61108033af8d7eccd96 /tmp/contacts.tgz tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/ rm /tmp/contacts.tgz - wget_verify https://github.com/nextcloud/calendar/releases/download/v1.6.5/calendar.tar.gz 79941255521a5172f7e4ce42dc7773838b5ede2f /tmp/calendar.tgz + wget_verify https://github.com/nextcloud/calendar/releases/download/v1.7.1/calendar.tar.gz bd7c846bad06da6d6ba04280f6fbf37ef846c2ad /tmp/calendar.tgz tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/ rm /tmp/calendar.tgz # Starting with Nextcloud 15, the app user_external is no longer included in Nextcloud core, # we will install from their github repository. if [[ $version =~ ^15 ]]; then - wget_verify https://github.com/nextcloud/user_external/releases/download/v0.6.3/user_external-0.6.3.tar.gz 0f756d35fef6b64a177d6a16020486b76ea5799c /tmp/user_external.tgz + wget_verify https://github.com/nextcloud/user_external/releases/download/v0.7.0/user_external-0.7.0.tar.gz 555a94811daaf5bdd336c5e48a78aa8567b86437 /tmp/user_external.tgz tar -xf /tmp/user_external.tgz -C /usr/local/lib/owncloud/apps/ rm /tmp/user_external.tgz fi @@ -91,8 +91,8 @@ InstallNextcloud() { } # Nextcloud Version to install. Checks are done down below to step through intermediate versions. -nextcloud_ver=15.0.8 -nextcloud_hash=4129d8d4021c435f2e86876225fb7f15adf764a3 +nextcloud_ver=16.0.5 +nextcloud_hash=46e8ec989de9aad9967a5a54ddb84ce8b8e2c54c # Current Nextcloud Version, #1623 # Checking /usr/local/lib/owncloud/version.php shows version of the Nextcloud application, not the DB @@ -142,10 +142,14 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^13 ]]; then # If we are running Nextcloud 13, upgrade to Nextcloud 14 InstallNextcloud 14.0.6 4e43a57340f04c2da306c8eea98e30040399ae5a - elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^14 ]]; then + CURRENT_NEXTCLOUD_VER="14.0.6" + fi + if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^14 ]]; then # During the upgrade from Nextcloud 14 to 15, user_external may cause the upgrade to fail. # We will disable it here before the upgrade and install it again after the upgrade. hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable user_external + InstallNextCloud 15.0.8 4129d8d4021c435f2e86876225fb7f15adf764a3 + CURRENT_NEXTCLOUD_VER="15.0.8" fi fi From 70f05e9d5283a3ef0f99ddb92005c36ba64acf49 Mon Sep 17 00:00:00 2001 From: Brendan Hide Date: Thu, 3 Oct 2019 20:10:14 +0200 Subject: [PATCH 02/11] Ensure the universe repository is enabled A minimal Ubuntu server installation might not have universe enabled by default. By adding it, we ensure we can install packages only available in universe, such as python3-pip Merges #1650. --- setup/system.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/setup/system.sh b/setup/system.sh index ccc60231..df5f2856 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -86,6 +86,10 @@ if [ ! -f /usr/bin/add-apt-repository ]; then apt_install software-properties-common fi +# Ensure the universe repository is enabled since some of our packages +# come from there and minimal Ubuntu installs may have it turned off. +hide_output add-apt-repository -y universe + # Install the certbot PPA. hide_output add-apt-repository -y ppa:certbot/certbot From 24a567c3bed4123cd7baf46e0e17e3dfd8e52139 Mon Sep 17 00:00:00 2001 From: Jeff Volkenant Date: Fri, 6 Sep 2019 12:59:30 -0700 Subject: [PATCH 03/11] Fix mailinabox-postgrey-whitelist cron job return code for file over 28 days Merges #1639 --- CHANGELOG.md | 4 ++++ setup/mail-postfix.sh | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a1bdab03..1ee9280f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,10 @@ Software updates: * Upgraded Nextcloud from 15.0.8 to 16.0.5 (with Contacts from 3.1.1 to 3.1.4 and Calendar from 1.6.5 to 1.7.1) +Mail: + +* Fetching of updated whitelist for greylisting was fetching each day instead of every month. + v0.43 (September 1, 2019) ------------------------- diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh index 283d08af..e39f8aff 100755 --- a/setup/mail-postfix.sh +++ b/setup/mail-postfix.sh @@ -218,7 +218,7 @@ cat > /etc/cron.daily/mailinabox-postgrey-whitelist << EOF; # Mail-in-a-Box # check we have a postgrey_whitelist_clients file and that it is not older than 28 days -if [ ! -f /etc/postgrey/whitelist_clients ] || find /etc/postgrey/whitelist_clients -mtime +28 > /dev/null ; then +if [ ! -f /etc/postgrey/whitelist_clients ] || find /etc/postgrey/whitelist_clients -mtime +28 | grep -q '.' ; then # ok we need to update the file, so lets try to fetch it if curl https://postgrey.schweikert.ch/pub/postgrey_whitelist_clients --output /tmp/postgrey_whitelist_clients -sS --fail > /dev/null 2>&1 ; then # if fetching hasn't failed yet then check it is a plain text file From ed02e2106b274268f8210984e7d0f760dcbeb32c Mon Sep 17 00:00:00 2001 From: jvolkenant Date: Mon, 28 Oct 2019 03:27:54 -0700 Subject: [PATCH 04/11] Update zpush to 2.5.1 (#1654) --- setup/zpush.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/zpush.sh b/setup/zpush.sh index 0cbd30ad..a1253d2d 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -22,8 +22,8 @@ apt_install \ phpenmod -v php imap # Copy Z-Push into place. -VERSION=2.5.0 -TARGETHASH=30ce5c1af3f10939036361b6032d1187651b621e +VERSION=2.5.1 +TARGETHASH=4fa55863a429b0033497ae477aca4c8699b8f332 needs_update=0 #NODOC if [ ! -f /usr/local/lib/z-push/version ]; then needs_update=1 #NODOC From 50e9e8af30ee8392d4afd1a8b6564d149fde803d Mon Sep 17 00:00:00 2001 From: Victor Date: Mon, 28 Oct 2019 11:29:40 +0100 Subject: [PATCH 05/11] Sort custom dns table based on fqdn, rtype, and value (#1651) --- management/templates/custom-dns.html | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/management/templates/custom-dns.html b/management/templates/custom-dns.html index 56facdc9..a2d5042d 100644 --- a/management/templates/custom-dns.html +++ b/management/templates/custom-dns.html @@ -192,6 +192,22 @@ function show_current_custom_dns() { $('#custom-dns-current').fadeIn(); else $('#custom-dns-current').fadeOut(); + + var reverse_fqdn = function(el) { + el.qname = el.qname.split('.').reverse().join('.'); + return el; + } + var sort = function(a, b) { + if(a.qname === b.qname) { + if(a.rtype === b.rtype) { + return a.value > b.value ? 1 : -1; + } + return a.rtype > b.rtype ? 1 : -1; + } + return a.qname > b.qname ? 1 : -1; + } + + data = data.map(reverse_fqdn).sort(sort).map(reverse_fqdn); $('#custom-dns-current').find("tbody").text(''); for (var i = 0; i < data.length; i++) { From 7558ffd4f35a2cdfbfcd5ee9b917431550a8344b Mon Sep 17 00:00:00 2001 From: notEvil Date: Mon, 28 Oct 2019 11:31:50 +0100 Subject: [PATCH 06/11] Allow dns zone transfer from IPv6 (#1643) --- management/dns_update.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/management/dns_update.py b/management/dns_update.py index dba6dbc1..762c4719 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -876,7 +876,10 @@ def get_secondary_dns(custom_dns, mode=None): if not hostname.startswith("xfr:"): if mode == "xfr": response = dns.resolver.query(hostname+'.', "A") - hostname = str(response[0]) + values.extend(map(str, response)) + response = dns.resolver.query(hostname+'.', "AAAA") + values.extend(map(str, response)) + continue values.append(hostname) # This is a zone-xfer-only IP address. Do not return if From df80b9fc714cfc8f0237dbd328ea8e09c5347261 Mon Sep 17 00:00:00 2001 From: jvolkenant Date: Sat, 2 Nov 2019 12:28:37 -0700 Subject: [PATCH 07/11] Allow user_external for Nextcloud 16 (and eventually 17) (#1655) --- setup/nextcloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index 99efebf8..b38e1f65 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -50,7 +50,7 @@ InstallNextcloud() { # Starting with Nextcloud 15, the app user_external is no longer included in Nextcloud core, # we will install from their github repository. - if [[ $version =~ ^15 ]]; then + if [[ $version =~ ^1[567] ]]; then wget_verify https://github.com/nextcloud/user_external/releases/download/v0.7.0/user_external-0.7.0.tar.gz 555a94811daaf5bdd336c5e48a78aa8567b86437 /tmp/user_external.tgz tar -xf /tmp/user_external.tgz -C /usr/local/lib/owncloud/apps/ rm /tmp/user_external.tgz From cde4e0caca75164f883f72ababc06dec5a5d051d Mon Sep 17 00:00:00 2001 From: Dan Jensen Date: Sat, 2 Nov 2019 14:29:05 -0500 Subject: [PATCH 08/11] Change SSL notification email subject (#1653) Previously the notification email sent when a box's SSL certificate is automatically updated said, "Error Provisioning TLS Certificate" even when there was no error. This changes the subject line to "TLS Certificate Provisioning Results", which is more accurate. --- management/daily_tasks.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/management/daily_tasks.sh b/management/daily_tasks.sh index 3054dd33..2f723352 100755 --- a/management/daily_tasks.sh +++ b/management/daily_tasks.sh @@ -19,7 +19,7 @@ fi management/backup.py | management/email_administrator.py "Backup Status" # Provision any new certificates for new domains or domains with expiring certificates. -management/ssl_certificates.py -q | management/email_administrator.py "Error Provisioning TLS Certificate" +management/ssl_certificates.py -q | management/email_administrator.py "TLS Certificate Provisioning Result" # Run status checks and email the administrator if anything changed. management/status_checks.py --show-changes | management/email_administrator.py "Status Checks Change Notice" From b50dfb7f9370a1bebd4c66576ecbd4c10cece8cd Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 2 Nov 2019 15:57:14 -0400 Subject: [PATCH 09/11] changelog entries --- CHANGELOG.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ee9280f..3e59bda9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,11 +7,26 @@ Under Development Software updates: * Upgraded Nextcloud from 15.0.8 to 16.0.5 (with Contacts from 3.1.1 to 3.1.4 and Calendar from 1.6.5 to 1.7.1) +* Upgraded Z-Push to 2.5.1. + +Control panel: + +* The Custom DNS list of records is now sorted. +* The emails that report TLS provisioning results now has a less scary subject line. Mail: * Fetching of updated whitelist for greylisting was fetching each day instead of every month. +DNS: + +* Automatic autoconfig.* subdomains can now be suppressed with custom DNS records. +* DNS zone transfer now works with IPv6 addresses. + +Setup: + +* An Ubuntu package source was missing on systems where it defaults off. + v0.43 (September 1, 2019) ------------------------- From fa792f664ec8da60539862c846c12bbe9fead7a7 Mon Sep 17 00:00:00 2001 From: Victor Date: Sun, 3 Nov 2019 19:31:29 +0100 Subject: [PATCH 10/11] Use correct setting for .editorconfig indent_style (#1670) --- .editorconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.editorconfig b/.editorconfig index 593ae64e..fbe828c3 100644 --- a/.editorconfig +++ b/.editorconfig @@ -13,7 +13,7 @@ trim_trailing_whitespace = true insert_final_newline = true [Makefile] -indent_style = tabs +indent_style = tab indent_size = 4 [Vagrantfile] @@ -23,7 +23,7 @@ indent_size = 2 indent_size = 2 [*.py] -indent_style = tabs +indent_style = tab [*.js] indent_size = 2 From 2f54f39f318eb2dfe17b1edbd6b2eb20395db3de Mon Sep 17 00:00:00 2001 From: Edwin Schaap Date: Sun, 10 Nov 2019 17:58:22 +0100 Subject: [PATCH 11/11] If xfr is subnet, do not create "notify" entry (#1672) --- management/dns_update.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/management/dns_update.py b/management/dns_update.py index 762c4719..257deffa 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -523,9 +523,11 @@ zone: """ % (domain, zonefile) # If custom secondary nameservers have been set, allow zone transfers - # and notifies to them. + # and, if not a subnet, notifies to them. for ipaddr in get_secondary_dns(additional_records, mode="xfr"): - nsdconf += "\n\tnotify: %s NOKEY\n\tprovide-xfr: %s NOKEY\n" % (ipaddr, ipaddr) + if "/" not in ipaddr: + nsdconf += "\n\tnotify: %s NOKEY" % (ipaddr) + nsdconf += "\n\tprovide-xfr: %s NOKEY\n" % (ipaddr) # Check if the file is changing. If it isn't changing, # return False to flag that no change was made.