From 54dc06416b3a87d7ef6cbfd2b760c69cd37a753c Mon Sep 17 00:00:00 2001 From: downtownallday Date: Sat, 29 Jan 2022 12:19:31 -0500 Subject: [PATCH 01/21] Periodically clean the roundcube database --- setup/webmail.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/setup/webmail.sh b/setup/webmail.sh index 88733b45..63586d81 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -238,3 +238,12 @@ chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite # Enable PHP modules. phpenmod -v php mcrypt imap ldap restart_service php7.2-fpm + +# Periodically clean the roundcube database (see roundcubemail/INSTALL) +cat > /etc/cron.daily/mailinabox-roundcubemail << EOF +#!/bin/bash +# Mail-in-a-Box +# Clean up the roundcube database +cd $RCM_DIR && bin/cleandb.sh >/dev/null +EOF +chmod +x /etc/cron.daily/mailinabox-roundcubemail From fd2ff00a6efb53302d9699aaeaee465f3f7da597 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Sat, 29 Jan 2022 15:22:01 -0500 Subject: [PATCH 02/21] Use persistent_login plugin's "Auth Token" support for Roundcube. The old way was very insecure and is subject to dictionary attack of the unsalted encrypted password stored in a browser cookie. --- conf/persistent_login-sqlite.sql | 14 ++++++++++++++ setup/webmail.sh | 15 +++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 conf/persistent_login-sqlite.sql diff --git a/conf/persistent_login-sqlite.sql b/conf/persistent_login-sqlite.sql new file mode 100644 index 00000000..5bffc9a6 --- /dev/null +++ b/conf/persistent_login-sqlite.sql @@ -0,0 +1,14 @@ +PRAGMA foreign_keys = ON; + +CREATE TABLE IF NOT EXISTS `auth_tokens` ( + `token` TEXT NOT NULL, + `expires` TEXT NOT NULL, + `user_id` INTEGER NOT NULL, + `user_name` TEXT NOT NULL, + `user_pass` TEXT NOT NULL, + `host` TEXT NOT NULL, + PRIMARY KEY(`token`), + FOREIGN KEY(`user_id`) REFERENCES `users`(`user_id`) ON DELETE CASCADE +); + +CREATE INDEX IF NOT EXISTS `user_id_fk_auth_tokens` ON `auth_tokens`(`user_id`); diff --git a/setup/webmail.sh b/setup/webmail.sh index 63586d81..1e1740c2 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -195,6 +195,15 @@ cat > ${RCM_PLUGIN_DIR}/carddav/config.inc.php < EOF +# Configure persistent_login (required database tables are created +# later in this script) +cat > ${RCM_PLUGIN_DIR}/persistent_login/config.inc.php < +EOF + # Create writable directories. mkdir -p /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube chown -R www-data.www-data /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube @@ -235,6 +244,12 @@ ${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite +# Create persistent login plugin's database tables +# TODO: use sql from this PR if it gets committed (been waiting 2 +# weeks and counting...): +# https://github.com/mfreiholz/persistent_login/pull/63 +sqlite3 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite < conf/persistent_login-sqlite.sql + # Enable PHP modules. phpenmod -v php mcrypt imap ldap restart_service php7.2-fpm From 82e203b3ec40701bb53f1f11db84b7215b9be062 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Tue, 8 Feb 2022 11:35:27 -0500 Subject: [PATCH 03/21] Fix issue where a postfix/submission connection using TLS on port 465 would be reported as "insecure" --- .../reporting/capture/db/SqliteEventStore.py | 12 +++++++ .../capture/mail/DovecotLogHandler.py | 3 +- .../capture/mail/PostfixLogHandler.py | 36 +++++++++++++++++-- management/reporting/capture/tests/run.sh | 4 ++- 4 files changed, 50 insertions(+), 5 deletions(-) diff --git a/management/reporting/capture/db/SqliteEventStore.py b/management/reporting/capture/db/SqliteEventStore.py index f6e782e8..9b793009 100644 --- a/management/reporting/capture/db/SqliteEventStore.py +++ b/management/reporting/capture/db/SqliteEventStore.py @@ -24,6 +24,9 @@ mta_conn_fields = [ 'remote_auth_success', 'remote_auth_attempts', 'remote_used_starttls', + 'remote_used_tls', + 'tls_version', + 'tls_cipher', 'disposition', ] @@ -207,6 +210,15 @@ schema_updates = [ "UPDATE db_info SET value='2' WHERE key='schema_version'" ], + # update 3 + [ + "ALTER TABLE mta_connection ADD COLUMN remote_used_tls INTEGER DEFAULT 0", + "ALTER TABLE mta_connection ADD COLUMN tls_version TEXT DEFAULT NULL COLLATE NOCASE", + "ALTER TABLE mta_connection ADD COLUMN tls_cipher TEXT DEFAULT NULL COLLATE NOCASE", + + "UPDATE db_info SET value='3' WHERE key='schema_version'" + ], + ] diff --git a/management/reporting/capture/mail/DovecotLogHandler.py b/management/reporting/capture/mail/DovecotLogHandler.py index a5360f9d..8a17b582 100644 --- a/management/reporting/capture/mail/DovecotLogHandler.py +++ b/management/reporting/capture/mail/DovecotLogHandler.py @@ -530,5 +530,6 @@ class DovecotLogHandler(CommonHandler): self.store(match['imap_conn']) return - self.log_match('IGNORED', None, line) + if 'imap' in line: + self.log_match('IGNORED', None, line) diff --git a/management/reporting/capture/mail/PostfixLogHandler.py b/management/reporting/capture/mail/PostfixLogHandler.py index 72c382cf..b7f80d9e 100644 --- a/management/reporting/capture/mail/PostfixLogHandler.py +++ b/management/reporting/capture/mail/PostfixLogHandler.py @@ -131,6 +131,12 @@ class PostfixLogHandler(CommonHandler): # 2=message_id self.re_postfix_message_id = re.compile('postfix/cleanup\[\d+\]: ([A-F0-9]+): message-id=(<[^>]*>)') + # 5a. Feb 8 08:25:37 mail postfix/cleanup[6908]: 74D901FB74: replace: header Received: from [IPv6:::1] (unknown [IPv6:xxx])??(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))??(No client certificate requested)??by myhost. from unknown[x:x:x:x:x]; from= to= proto=ESMTP helo=<[IPv6:::1]>: Received: from authenticated-user (myhost.com [a.b.c.d])??(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))??(No client certificate requested)??by myhost.com (Postfix) with ESMTPSA id 34E902FB74??for ; Tue, 8 Feb 2022 08:25:37 -0500 (GMT) + # 1=postfix_msg_id + # 2=tls version (eg "1.3") + # 3=tls cipher (eg "TLS_AES_128_GCM_SHA256") + self.re_postfix_tls = re.compile('postfix/cleanup\[\d+\]: ([A-F0-9]+): replace: header Received: [^;]*\(using (TLSv[^ ]*) with cipher ([^ ]*)') + # 6. opendkim: POSTFIX-MSG-ID: # Dec 6 08:21:33 mail opendkim[6267]: DD95A1F796: s=pf2014 d=github.com SSL # SSL: @@ -535,7 +541,8 @@ class PostfixLogHandler(CommonHandler): "service": "smtpd" if m.group(2)=="smtpd" else "submission", "service_tid": m.group(3), "remote_host": m.group(4), - "remote_ip": m.group(5) + "remote_ip": m.group(5), + 'remote_used_tls': 0, } self.add_new_connection(mta_conn) return { 'mta_conn': mta_conn } @@ -843,6 +850,22 @@ class PostfixLogHandler(CommonHandler): return { 'mta_conn':mta_conn, 'mta_accept':mta_accept } return True + + def match_postfix_tls(self, line): + # 5a. Feb 8 08:25:37 mail postfix/cleanup[6908]: 74D901FB74: replace: header Received: from [IPv6:::1] (unknown [IPv6:xxx])??(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))??(No client certificate requested)??by myhost. from unknown[x:x:x:x:x]; from= to= proto=ESMTP helo=<[IPv6:::1]>: Received: from authenticated-user (myhost.com [a.b.c.d])??(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))??(No client certificate requested)??by myhost.com (Postfix) with ESMTPSA id 34E902FB74??for ; Tue, 8 Feb 2022 08:25:37 -0500 (GMT) + m = self.re_postfix_tls.search(line) + if m: + postfix_msg_id = m.group(1) + v = { + 'remote_used_tls': 1, + 'tls_version': m.group(2), + 'tls_cipher': m.group(3) + } + mta_conn, mta_accept = self.find_by_postfix_msg_id(postfix_msg_id) + if mta_conn and 'tls_version' not in mta_conn: + mta_conn.update(v) + return { 'mta_conn':mta_conn, 'mta_accept':mta_accept } + return True def match_opendkim(self, line): @@ -1231,6 +1254,7 @@ class PostfixLogHandler(CommonHandler): 'disposition': 'reject' }) elif mta_conn.get('remote_used_starttls',0)==0 and \ + mta_conn.get('remote_used_tls',0)==0 and \ mta_conn.get('remote_ip') != '127.0.0.1': mta_conn.update({ 'disposition': 'insecure' @@ -1349,6 +1373,11 @@ class PostfixLogHandler(CommonHandler): self.log_match('message_id', match, line) return + match = self.match_postfix_tls(line) + if match: + self.log_match('tls', match, line) + return + match = self.match_opendkim(line) if match: self.log_match('opendkim', match, line) @@ -1394,7 +1423,8 @@ class PostfixLogHandler(CommonHandler): # we're done - not queued and disconnected ... save it self.store(match['mta_conn']) return - - self.log_match('IGNORED', None, line) + + if 'postfix' in line: + self.log_match('IGNORED', None, line) diff --git a/management/reporting/capture/tests/run.sh b/management/reporting/capture/tests/run.sh index 17a87168..b5ca9ff2 100755 --- a/management/reporting/capture/tests/run.sh +++ b/management/reporting/capture/tests/run.sh @@ -8,6 +8,7 @@ log="./mail.log" pos="./pos.json" sqlite="./capture.sqlite" config="./config.json" +loglevel="debug" #debug | info if [ -e "./debug.log" ]; then log="./debug.log" @@ -31,4 +32,5 @@ fi echo "USING LOG: $log" echo "DB: $sqlite" -python3 ../capture.py -d -loglevel info $@ -logfile "$log" -posfile "$pos" -sqlitefile "$sqlite" -config "$config" +echo "LOGLEVEL: $loglevel" +python3 ../capture.py -d -loglevel $loglevel $@ -logfile "$log" -posfile "$pos" -sqlitefile "$sqlite" -config "$config" From 98f4e5b2fc61e18d0f74dd2b37afa9df51c7ef9c Mon Sep 17 00:00:00 2001 From: downtownallday Date: Sun, 6 Mar 2022 17:42:51 -0500 Subject: [PATCH 04/21] Add a changelog of commits for each release --- changelog/gen.sh | 127 +++++++++++++++++++++++++++++++++++++++++++++ changelog/v0.52.md | 32 ++++++++++++ changelog/v0.53.md | 19 +++++++ changelog/v0.54.md | 50 ++++++++++++++++++ changelog/v55.md | 46 ++++++++++++++++ changelog/v56.md | 30 +++++++++++ 6 files changed, 304 insertions(+) create mode 100755 changelog/gen.sh create mode 100644 changelog/v0.52.md create mode 100644 changelog/v0.53.md create mode 100644 changelog/v0.54.md create mode 100644 changelog/v55.md create mode 100644 changelog/v56.md diff --git a/changelog/gen.sh b/changelog/gen.sh new file mode 100755 index 00000000..d0b32fae --- /dev/null +++ b/changelog/gen.sh @@ -0,0 +1,127 @@ +#!/bin/bash + +# +# save a list of commits as markdown for a given tag or for a tag +# determined automatically from bootstrap.sh and the current tag list +# +# this should be run from master, right before pushing a new release +# tag +# + +scriptdir=$(dirname "$0") +miabdir="$scriptdir/.." + +branch=$(git branch --show-current) +if [ $? -ne 0 ]; then + exit 1 +fi +echo "Branch: $branch" + +tag_from_bootstrap() { + TAG=$(grep TAG= "$miabdir/setup/bootstrap.sh" | head -1 | awk -F= '{print $2}') + if [ $? -ne 0 -o -z "$TAG" ]; then + echo "Could not determine code version from bootstrap.sh !!!" 1>&2 + return 1 + fi +} + +tag_from_git() { + local code="0" + case "$1" in + # the argument is a negative number (or blank). return the nth + # tag from bottom of the list given by `git tag` + -* | "" ) + TAG=$(git tag | tail ${1:--1} | head -1) + code=$? + ;; + + # else, return the tag prior to the tag given + * ) + TAG=$(git tag | grep -B1 -F "$1" | head -1) + code=$? + esac + + if [ $code -ne 0 -o -z "$TAG" ]; then + echo "Could not determine code version from git tag !!! arg=${1} code=$code" 1>&2 + return 1 + fi +} + +tag_exists() { + local count + count=$(git tag | grep -c -xF "$1") + [ $count -eq 1 ] && return 0 + [ $count -eq 0 ] && return 1 + # should never happen... + echo "Problem: tag '$1' matches more than one line in git tag. Exiting." + exit 1 +} + +create_changelog() { + local from_ref="$1" + local to_ref="$2" + echo "Running: git log $from_ref..$to_ref" 1>&2 + echo "| COMMIT | DATE | AUTHOR | TITLE |" + echo "| ------ | ---- | ------ | ----- |" + git log --no-merges --format="| [%h](https://github.com/downtownallday/mailinabox-ldap/commit/%H) | %cs | _%an_ | %s |" $from_ref..$to_ref +} + + +# +# if a tag was given on the command line: +# output commits between +# a. tag prior to tag given, and +# b. tag given + +if [ ! -z "$1" ]; then + to_ref="$1" + tag_from_git "$1" || exit 1 + from_ref="$TAG" + echo "Creating: $scriptdir/$to_ref.md" + cat > "$scriptdir/$to_ref.md" <> "$scriptdir/$to_ref.md" || exit 1 + +else + tag_from_bootstrap || exit 1 + bs_tag="$TAG" + echo -n "Bootstrap.sh tag $bs_tag: " + if tag_exists "$bs_tag"; then + echo "already exists" + of="$scriptdir/$branch.md" + if [ "$branch" != "master" ]; then + from_ref="master" + to_ref="$branch" + title="Unmerged commits from feature branch _${branch}_" + else + tag_from_git || exit 1 + from_ref="$TAG" + to_ref="HEAD" + title="Commits on $branch since $from_ref" + fi + + else + echo "is new" + if [ "$branch" != "master" ]; then + of="$scriptdir/$branch.md" + from_ref="master" + to_ref="$branch" + title="Unmerged commits from feature branch _${branch}_" + else + of="$scriptdir/$bs_tag" + tag_from_git || exit 1 + from_ref="$TAG" + to_ref="HEAD" + title="Commits for $bs_tag" + fi + fi + + echo "Creating: $of" + cat > "$of" <> "$of" || exit 1 + +fi + diff --git a/changelog/v0.52.md b/changelog/v0.52.md new file mode 100644 index 00000000..7d12ce4e --- /dev/null +++ b/changelog/v0.52.md @@ -0,0 +1,32 @@ +## Commits for v0.52 +| COMMIT | DATE | AUTHOR | TITLE | +| ------ | ---- | ------ | ----- | +| [90d63fd](https://github.com/downtownallday/mailinabox-ldap/commit/90d63fd208ebeca9378a31d97f844363296d6f51) | 2021-01-31 | _Joshua Tauberer_ | v0.52 | +| [e81963e](https://github.com/downtownallday/mailinabox-ldap/commit/e81963e585f51b520461c951fd61f510d1b1679d) | 2021-01-31 | _Joshua Tauberer_ | Remove the instructions for checking that release tags are signed by me since I am not going to do that anymore | +| [b1d703a](https://github.com/downtownallday/mailinabox-ldap/commit/b1d703a5e717c086aea0e37e9b14f78150181880) | 2021-01-31 | _Joshua Tauberer_ | Disable Backblaze B2 backups until #1899 is resolved | +| [e3d98b7](https://github.com/downtownallday/mailinabox-ldap/commit/e3d98b781ea44218a9b063c01d3f9b603ac26427) | 2021-01-28 | _Felix Spöttel_ | Warn when connection to Spamhaus times out (#1817) | +| [50d50ba](https://github.com/downtownallday/mailinabox-ldap/commit/50d50ba6538f03bcb35e6e2b580b413ae1275b45) | 2021-01-28 | _jvolkenant_ | Update zpush to 2.6.1 (#1908) | +| [9b89a5c](https://github.com/downtownallday/mailinabox-ldap/commit/9b89a5c504c0b0e54db8df7c1974c6a65e79d24c) | 2021-01-13 | _downtownallday_ | Better handling of mail addressed to an alias | +| [523a63f](https://github.com/downtownallday/mailinabox-ldap/commit/523a63f776dc07e174ba21f8e562ea9837193ccb) | 2021-01-12 | _downtownallday_ | Make the default table row limit 500 instead of 1000 | +| [3e2858f](https://github.com/downtownallday/mailinabox-ldap/commit/3e2858f5def9ccdc944d684b5f334c4674b3d7e9) | 2021-01-12 | _downtownallday_ | Change wording | +| [2a0e50c](https://github.com/downtownallday/mailinabox-ldap/commit/2a0e50c8d47d67a69036ffcc6ebf27f34d0d32d3) | 2021-01-11 | _downtownallday_ | Initial commit of a log capture and reporting feature | +| [879467d](https://github.com/downtownallday/mailinabox-ldap/commit/879467d358d375c83225e57056569f305a1d969d) | 2021-01-05 | _Josh Brown_ | Fix typo in users.html (#1895) | +| [8025c41](https://github.com/downtownallday/mailinabox-ldap/commit/8025c41ee40707b2ce954a762b9d076bf48cc012) | 2021-01-03 | _Nicolas North_ | Bump TTL for NS records to 1800 (30 min) to 86400 (1 day) as some registries require this (#1892) | +| [7a5d729](https://github.com/downtownallday/mailinabox-ldap/commit/7a5d729a537221e043d5d24779ccb2a5f1b8cd05) | 2021-01-03 | _Josh Brown_ | Fix misspelling (#1893) | +| [e2f9cd8](https://github.com/downtownallday/mailinabox-ldap/commit/e2f9cd845a362cff0c4e0dfc8b387978f5b17dd3) | 2020-12-28 | _jcm-shove-it_ | Update roundcube to 1.4.10 (#1891) | +| [e26cf45](https://github.com/downtownallday/mailinabox-ldap/commit/e26cf4512c3e2c82a46824ce17bfe99da292d58a) | 2020-12-25 | _Joshua Tauberer_ | Update CHANGELOG | +| [c728005](https://github.com/downtownallday/mailinabox-ldap/commit/c7280055a83085b3d3efd5a9296a1bea4923315c) | 2020-12-25 | _jvolkenant_ | Implement SPF/DMARC checks, add spam weight to those mails (#1836) | +| [003e8b7](https://github.com/downtownallday/mailinabox-ldap/commit/003e8b7bb1579accd78dfd9d7b9e1e3b8a150f7b) | 2020-12-25 | _Hilko_ | Adjust max-recursion-queries to fix alternating rdns status (#1876) | +| [86f3eee](https://github.com/downtownallday/mailinabox-ldap/commit/86f3eee23f6b5c7a06c4691f3d9a1031ad48d4bb) | 2020-12-21 | _downtownallday_ | Removing Travis CI completely in favor of local vagrant/virtualbox tests. | +| [f5521b4](https://github.com/downtownallday/mailinabox-ldap/commit/f5521b45b585802b7c83b0aea40ca37b218d4adb) | 2020-12-21 | _downtownallday_ | Add tests for dmarc reject and spf softfail | +| [4cc672e](https://github.com/downtownallday/mailinabox-ldap/commit/4cc672e85294352f4f23158f7d92b0cb5296caef) | 2020-12-21 | _downtownallday_ | Modify the handling of SPF checks and spam rules for policyd-spf | +| [3422cc6](https://github.com/downtownallday/mailinabox-ldap/commit/3422cc61cede26d819d774a0a7cdabb0a85e3586) | 2020-12-19 | _Hilko_ | Include en_US.UTF-8 locale in daemon startup (#1883) | +| [4c9bae5](https://github.com/downtownallday/mailinabox-ldap/commit/4c9bae517637cd0b4583143a868defd0703be2b9) | 2020-11-27 | _downtownallday_ | Create a default "pre-commit" set of virtual machines | +| [8664afa](https://github.com/downtownallday/mailinabox-ldap/commit/8664afa99798c9dbd7b52cf67da7e90b3280bbf0) | 2020-11-26 | _Hilko_ | Implement Backblaze for Backup (#1812) | +| [82229ce](https://github.com/downtownallday/mailinabox-ldap/commit/82229ce04baef6aeabd74a2c88e414b51236884d) | 2020-11-26 | _Joshua Tauberer_ | Document how to start the control panel from the command line and in debugging use a stable API key | +| [f66e609](https://github.com/downtownallday/mailinabox-ldap/commit/f66e609d3fb00f2e3c0ef8185f16975dd181b665) | 2020-11-26 | _Richard Willis_ | Api spec cleanup (#1869) | +| [b85b86e](https://github.com/downtownallday/mailinabox-ldap/commit/b85b86e6de8c6b0d134a24122ae1b1a6f8e1d3a7) | 2020-11-16 | _Victor_ | Add download zonefile button to external DNS page (#1853) | +| [7fd35bb](https://github.com/downtownallday/mailinabox-ldap/commit/7fd35bbd11a78f4f655e6f05a944a1b627b2e04e) | 2020-11-15 | _Joshua Tauberer_ | Disable default Nextcloud apps that we don't support | +| [7ce41e3](https://github.com/downtownallday/mailinabox-ldap/commit/7ce41e3865da598d2af4102b82e888d2ffed586d) | 2020-11-15 | _gumida_ | Changed mta-sts.txt end of line from LF to CRLF per RFC 8461 (#1863) | +| [840f84d](https://github.com/downtownallday/mailinabox-ldap/commit/840f84da1a4741036a1ba92da27bc900ff3a8ad3) | 2020-10-07 | _Jeff Volkenant_ | Custom spamassassin rules for bad SPF/DMARC headers | +| [3a59fe8](https://github.com/downtownallday/mailinabox-ldap/commit/3a59fe834fc852625becee0f45322c786bb05f46) | 2020-10-07 | _Jeff Volkenant_ | OpenDKIM/OpenDMARC header checks | diff --git a/changelog/v0.53.md b/changelog/v0.53.md new file mode 100644 index 00000000..08d5713c --- /dev/null +++ b/changelog/v0.53.md @@ -0,0 +1,19 @@ +## Commits for v0.53 +| COMMIT | DATE | AUTHOR | TITLE | +| ------ | ---- | ------ | ----- | +| [a697cd2](https://github.com/downtownallday/mailinabox-ldap/commit/a697cd2f01169218690179b72fa8d743385039ae) | 2021-04-13 | _Downtown Allday_ | Reflect new upstream default branch | +| [f14eb2c](https://github.com/downtownallday/mailinabox-ldap/commit/f14eb2cdce9d82267b85fbfed70ce95f4b7e4d69) | 2021-04-12 | _Downtown Allday_ | v0.53 | +| [87cc106](https://github.com/downtownallday/mailinabox-ldap/commit/87cc10657413aa78ab32f1c1b5856cf2c47431da) | 2021-04-07 | _downtownallday_ | Add 'last 7 days' and 'last 30 days' to report date range dropdown | +| [3be7ba7](https://github.com/downtownallday/mailinabox-ldap/commit/3be7ba7c86520f20dcc354be872078250e5831d0) | 2021-04-07 | _downtownallday_ | Set the default interface for bridged networks to avoid interactive 'vagrant up'. Thx to https://stackoverflow.com/questions/33250304/how-to-automatically-select-bridged-network-interfaces-in-vagrant | +| [002c4ed](https://github.com/downtownallday/mailinabox-ldap/commit/002c4edb88928fdc28bfe42ecda5e50b40bc104f) | 2021-04-07 | _downtownallday_ | Fix table alignment | +| [b7faafc](https://github.com/downtownallday/mailinabox-ldap/commit/b7faafca6b9ceea06c697237622df714dbb61668) | 2021-03-17 | _downtownallday_ | Only consider messages that weren't rejected | +| [6653dbb](https://github.com/downtownallday/mailinabox-ldap/commit/6653dbb2e2357462d22685a06f688f1fb02ed3cd) | 2021-02-28 | _Joshua Tauberer_ | Sort the Custom DNS by zone and qname, and add an option to go back to the old sort order (creation order) | +| [5fc1162](https://github.com/downtownallday/mailinabox-ldap/commit/5fc11623556481019e6797c86565daa7577eb47b) | 2021-02-28 | _Joshua Tauberer_ | Other CHANGELOG entries | +| [a839602](https://github.com/downtownallday/mailinabox-ldap/commit/a839602cba8eb36b8e4a13f46ed76aeea8249766) | 2021-02-28 | _Paul_ | Enable sending DMARC failure reports (#1929) | +| [055ac07](https://github.com/downtownallday/mailinabox-ldap/commit/055ac076630241afe3464c09e2dd37886a497a47) | 2021-02-28 | _davDevOps_ | Update roundcube to 1.4.11 | +| [c7b295f](https://github.com/downtownallday/mailinabox-ldap/commit/c7b295f4030f9efbfcf3d23e842aef4b68b9fa82) | 2021-02-28 | _davDevOps_ | Update zpush to 2.6.2 | +| [d36a2cc](https://github.com/downtownallday/mailinabox-ldap/commit/d36a2cc938eea2b216b424084e1b82e34eee98c4) | 2021-02-28 | _Joshua Tauberer_ | Enable Backblaze B2 backups | +| [82ca54d](https://github.com/downtownallday/mailinabox-ldap/commit/82ca54df962196466a0f8c02d28a8a605e777716) | 2021-02-28 | _jeremitu_ | Fixed #1894 log date over year change, START_DATE < END_DATE now. (#1905) | +| [e5d762d](https://github.com/downtownallday/mailinabox-ldap/commit/e5d762da381134be8843ee1d0ee183e61de51d8a) | 2021-02-19 | _downtownallday_ | Don't report the api key to syslog | +| [af62e7a](https://github.com/downtownallday/mailinabox-ldap/commit/af62e7a99bbe2852632daf274a4d8ad29a0cd523) | 2021-02-06 | _jvolkenant_ | Fixes unbound variable when upgrading from Nextcloud 13 (#1913) | +| [2b44fe4](https://github.com/downtownallday/mailinabox-ldap/commit/2b44fe4a12ee2cbf272ea48b80c18540ce1bacef) | 2021-01-14 | _downtownallday_ | Only show alias if one | diff --git a/changelog/v0.54.md b/changelog/v0.54.md new file mode 100644 index 00000000..5ffb75a2 --- /dev/null +++ b/changelog/v0.54.md @@ -0,0 +1,50 @@ +## Commits for v0.54 +| COMMIT | DATE | AUTHOR | TITLE | +| ------ | ---- | ------ | ----- | +| [4cb46ea](https://github.com/downtownallday/mailinabox-ldap/commit/4cb46ea4658b91240c5676c52746e48aaaba7b3f) | 2021-06-20 | _Joshua Tauberer_ | v0.54 | +| [0f09880](https://github.com/downtownallday/mailinabox-ldap/commit/0f09880aa6ae44fcf0eed183a12d69971b54cfe4) | 2021-06-07 | _downtownallday_ | add -H option to /bin/chown call in case 'encrypted' is a symbolic link | +| [0b2e504](https://github.com/downtownallday/mailinabox-ldap/commit/0b2e504d7f6b586599f6943f3e32d77bfcd90ecc) | 2021-05-16 | _downtownallday_ | Remove extraneous hr's | +| [e15d198](https://github.com/downtownallday/mailinabox-ldap/commit/e15d198eb6a58e619321ac6b3f61ddefbf649497) | 2021-05-16 | _downtownallday_ | Fix typo | +| [b0b9f0e](https://github.com/downtownallday/mailinabox-ldap/commit/b0b9f0e9023dea264d66b2225cffe5b4c3aa4c4f) | 2021-05-16 | _downtownallday_ | Update wording | +| [35fa3fe](https://github.com/downtownallday/mailinabox-ldap/commit/35fa3fe891574ce43705cec39c5b5e48cd4172ea) | 2021-05-15 | _Joshua Tauberer_ | Changelog entries | +| [d510c8a](https://github.com/downtownallday/mailinabox-ldap/commit/d510c8ae2a5b55ef1b22cc57c8ff8a2fe8597546) | 2021-05-15 | _Joshua Tauberer_ | Enable and recommend port 465 for mail submission instead of port 587 (fixes #1849) | +| [e283a12](https://github.com/downtownallday/mailinabox-ldap/commit/e283a1204728024c3e0cf77fdb5292fbdecde85f) | 2021-05-15 | _Joshua Tauberer_ | Add null SPF, DMARC, and MX records for automatically generated autoconfig, autodiscover, and mta-sts subdomains; add null MX records for custom A-record subdomains | +| [e421add](https://github.com/downtownallday/mailinabox-ldap/commit/e421addf1c13f4ba13f09b645f6d83a1772e4483) | 2021-05-09 | _Joshua Tauberer_ | Pre-load domain purpopses when building DNS zonefiles rather than querying mail domains at each subdomain | +| [354a774](https://github.com/downtownallday/mailinabox-ldap/commit/354a774989b52a6084a9610dace0539d995ceead) | 2021-05-09 | _Joshua Tauberer_ | Remove a debug line added in 8cda58fb | +| [aaa81ec](https://github.com/downtownallday/mailinabox-ldap/commit/aaa81ec87979decb50a352bee30d93e3d748439d) | 2021-05-08 | _Joshua Tauberer_ | Fix indentation issue in bc4ae51c2d19c7753d1c2e65bc26b443dd5048c8 | +| [dbd6dae](https://github.com/downtownallday/mailinabox-ldap/commit/dbd6dae5ceda7cc0ce2c132be1f0b795f0a2c363) | 2021-05-08 | _Joshua Tauberer_ | Fix exit status issue cased by 69fc2fdd | +| [d4c5872](https://github.com/downtownallday/mailinabox-ldap/commit/d4c5872547ee0222759be7c195a358698c5dfa66) | 2021-05-08 | _John @ S4_ | Make clear that non-AWS S3 backups are supported (#1947) | +| [3701e05](https://github.com/downtownallday/mailinabox-ldap/commit/3701e05d925fe780e1a43e4d54b247473136f841) | 2021-05-08 | _Thomas Urban_ | Rewrite envelope from address in sieve forwards (#1949) | +| [bc4ae51](https://github.com/downtownallday/mailinabox-ldap/commit/bc4ae51c2d19c7753d1c2e65bc26b443dd5048c8) | 2021-05-08 | _Hala Alajlan_ | Handle query dns timeout unhandled error (#1950) | +| [12aaebf](https://github.com/downtownallday/mailinabox-ldap/commit/12aaebfc54972cab4edd990f1eec519535314a69) | 2021-05-08 | _Jawad Seddar_ | `custom.yaml`: add support for X-Frame-Options header and proxy_redirect off (#1954) | +| [4981353](https://github.com/downtownallday/mailinabox-ldap/commit/49813534bdaeaa82e3ac1ee70b78e91af5783dba) | 2021-05-08 | _jvolkenant_ | Updated Nextcloud to 20.0.8, contacts to 3.5.1, calendar to 2.2.0 (#1960) | +| [16e81e1](https://github.com/downtownallday/mailinabox-ldap/commit/16e81e14392ed70ce36c241b53c83e2751060e5f) | 2021-05-08 | _jvolkenant_ | Fix to allow for non forced "enforce" MTA_STS_MODE (#1970) | +| [2e7f283](https://github.com/downtownallday/mailinabox-ldap/commit/2e7f2835e734ff1bd02830953b5476fa66866336) | 2021-05-08 | _Joshua Tauberer_ | v0.53a | +| [8a5f9f4](https://github.com/downtownallday/mailinabox-ldap/commit/8a5f9f464ad170da78c0595314cf598ed80797db) | 2021-05-08 | _Joshua Tauberer_ | Download Z-Push from alternate site | +| [69fc2fd](https://github.com/downtownallday/mailinabox-ldap/commit/69fc2fdd3aa0e1c88d7fa7434560025e1b97848c) | 2021-05-03 | _Joshua Tauberer_ | Hide spurrious Nextcloud setup output | +| [9b07d86](https://github.com/downtownallday/mailinabox-ldap/commit/9b07d86bf786bda73bc8c5ad95d2d9cb9e08be3f) | 2021-05-03 | _Joshua Tauberer_ | Use $(...) notation instead of legacy backtick notation for embedded shell commands | +| [ae3feeb](https://github.com/downtownallday/mailinabox-ldap/commit/ae3feebd80195bd467262208f2cdada1b3fc458b) | 2021-05-03 | _Joshua Tauberer_ | Fix warnings reported by shellcheck | +| [2c295bc](https://github.com/downtownallday/mailinabox-ldap/commit/2c295bcafd8e00a8f6a33a8b9d827a7aeacedbb5) | 2021-04-23 | _Joshua Tauberer_ | Upgrade the Roundcube persistent login cookie encryption to AES-256-CBC and increase the key length accordingly | +| [30f9cc0](https://github.com/downtownallday/mailinabox-ldap/commit/30f9cc07cdba2570d9ea7439b82a47f05c08b119) | 2021-04-15 | _downtownallday_ | Clarify entry description | +| [39a07bd](https://github.com/downtownallday/mailinabox-ldap/commit/39a07bd3a37687600a7a3b22b523acf5ce9db4c9) | 2021-04-15 | _downtownallday_ | when encryption-at-rest is enabled, ensure postgrey loads the local client whitelist file after a re-mount | +| [8cda58f](https://github.com/downtownallday/mailinabox-ldap/commit/8cda58fb2282f53ed0bb5c3707bafe031c2ae7d7) | 2021-04-12 | _Joshua Tauberer_ | Speed up status checks a bit by removing a redundant check if the PRIMARY_HOSTNAME certificate is signed and valid | +| [178c587](https://github.com/downtownallday/mailinabox-ldap/commit/178c5876542d3b9c756e4f153d02167dd169bf86) | 2021-04-12 | _Joshua Tauberer_ | Migrate to the ECDSAP256SHA256 (13) DNSSEC algorithm | +| [36d9cbb](https://github.com/downtownallday/mailinabox-ldap/commit/36d9cbb4e8586e909b2a4d0b482322a44b3b1958) | 2021-04-12 | _downtownallday_ | Split the User Activity/IMAP connections tab into two tables to better deal with the quantity of data | +| [34569d2](https://github.com/downtownallday/mailinabox-ldap/commit/34569d24a95a547100a185107d8722de9d29c9c2) | 2021-04-11 | _Joshua Tauberer_ | v0.53 | +| [212b0b7](https://github.com/downtownallday/mailinabox-ldap/commit/212b0b74cb9fca10a91e298b6915891f7f8d2401) | 2021-04-10 | _downtownallday_ | Add missing file | +| [26609c4](https://github.com/downtownallday/mailinabox-ldap/commit/26609c422358b96ccf96eabc7c211c6ae687f663) | 2021-04-10 | _downtownallday_ | Fix cell alignment | +| [b881325](https://github.com/downtownallday/mailinabox-ldap/commit/b881325bcbd0091da66068c0e1b3aa6a301e3ba7) | 2021-04-10 | _downtownallday_ | Add ability to view message headers in the user activity panel ... and add message-id to output detail | +| [f80978b](https://github.com/downtownallday/mailinabox-ldap/commit/f80978b6d812a9678299088554b46086943555f8) | 2021-04-10 | _downtownallday_ | Add missing import | +| [2ec25b7](https://github.com/downtownallday/mailinabox-ldap/commit/2ec25b75c1aa5bc73eadb29513986c32b498e8f9) | 2021-04-10 | _downtownallday_ | Switch to ES6 modules | +| [c1d9219](https://github.com/downtownallday/mailinabox-ldap/commit/c1d92195d861f2f0374cf1f16499ed328a588bfe) | 2021-04-09 | _downtownallday_ | Change text case | +| [8093837](https://github.com/downtownallday/mailinabox-ldap/commit/8093837e933ef693832cbb793be19ae4d2b811d7) | 2021-04-09 | _downtownallday_ | use systemctl 'restart' instead of 'start' | +| [0df9de3](https://github.com/downtownallday/mailinabox-ldap/commit/0df9de30c9aa4d2447407878290e45352fea7d59) | 2021-04-09 | _downtownallday_ | Manage the local Postgrey whitelist in the admin console | +| [82e06a6](https://github.com/downtownallday/mailinabox-ldap/commit/82e06a6f15ca816e385d454fc644329523eeaedd) | 2021-04-09 | _downtownallday_ | Include remote_host, remote_ip and failure_info with user's received mail details | +| [0ec968c](https://github.com/downtownallday/mailinabox-ldap/commit/0ec968c3b6ff2bfc9e2792e7c81fb2fa53f54983) | 2021-04-09 | _downtownallday_ | Fix model update on create and activate | +| [606e5e0](https://github.com/downtownallday/mailinabox-ldap/commit/606e5e056923b02de4c0971b8e542dccf34754cc) | 2021-04-08 | _downtownallday_ | Better handling of timeseries containing just one value | +| [26319ac](https://github.com/downtownallday/mailinabox-ldap/commit/26319ac59bc43da7efbd359b36a3a832c994d1ef) | 2021-04-08 | _downtownallday_ | Add 'today' and 'yesterday' to date range picker | +| [b4c2cde](https://github.com/downtownallday/mailinabox-ldap/commit/b4c2cdef7d59b2354ab4190b874c0b00e642809a) | 2021-04-08 | _downtownallday_ | Include IMAP connection records in overall db stats table | +| [721dd12](https://github.com/downtownallday/mailinabox-ldap/commit/721dd1273fdf168136e3df0f186c689b1eecaa3c) | 2021-04-08 | _downtownallday_ | Add IMAP connection reporting Fix binsizes and barwidths on timeseries charts Fix timezone issue in timeseries scales | +| [ac811bc](https://github.com/downtownallday/mailinabox-ldap/commit/ac811bcbd1b7a879b30e824c1e844395d05efdad) | 2021-04-07 | _downtownallday_ | Add some test scripts | +| [2b3c2fc](https://github.com/downtownallday/mailinabox-ldap/commit/2b3c2fcc02c2edc779e7188e92365768cadfd7fd) | 2021-04-07 | _downtownallday_ | Fix slowness when typing in search box | +| [33ea865](https://github.com/downtownallday/mailinabox-ldap/commit/33ea865d65509651c6788338365a408302696a3e) | 2021-04-07 | _downtownallday_ | Capture Dovecot logs | diff --git a/changelog/v55.md b/changelog/v55.md new file mode 100644 index 00000000..c3d5d800 --- /dev/null +++ b/changelog/v55.md @@ -0,0 +1,46 @@ +## Commits for v55 +| COMMIT | DATE | AUTHOR | TITLE | +| ------ | ---- | ------ | ----- | +| [65861c6](https://github.com/downtownallday/mailinabox-ldap/commit/65861c68b728b0cf290724fd8f8da013b779eb7c) | 2021-10-18 | _Joshua Tauberer_ | Version 55 | +| [71a7a3e](https://github.com/downtownallday/mailinabox-ldap/commit/71a7a3e201d69fee53419d822e47ddd6ee177fc5) | 2021-10-18 | _Joshua Tauberer_ | Upgrade to Roundcube 1.5 | +| [1c3bca5](https://github.com/downtownallday/mailinabox-ldap/commit/1c3bca53bb7f42604b917d85e79339c5fda7690e) | 2021-10-18 | _Richard Willis_ | Fix broken link in external-dns.html (#2045) | +| [b643cb3](https://github.com/downtownallday/mailinabox-ldap/commit/b643cb3478c619b000f7350bbd450e2184cc8a2b) | 2021-10-13 | _ukfhVp0zms_ | Update calendar/contacts android app info (#2044) | +| [31dc967](https://github.com/downtownallday/mailinabox-ldap/commit/31dc96757c4bfd0ac50487404bc7cfe8f3551144) | 2021-10-02 | _downtownallday_ | Add help text | +| [113b7bd](https://github.com/downtownallday/mailinabox-ldap/commit/113b7bd827f9f16c45e4403448f7a65b9c353f74) | 2021-09-24 | _Joshua Tauberer_ | Disable SMTPUTF8 in Postfix because Dovecot LMTP doesn't support it and bounces messages that require SMTPUTF8 | +| [3e19f85](https://github.com/downtownallday/mailinabox-ldap/commit/3e19f85fadf41a600678f21bad1562647a961809) | 2021-09-24 | _Joshua Tauberer_ | Add domain maps from Unicode forms of internationalized domains to their ASCII forms | +| [11e84d0](https://github.com/downtownallday/mailinabox-ldap/commit/11e84d0d40e9db8a4ec2208823bcdbfee84c2028) | 2021-09-24 | _Joshua Tauberer_ | Move automatically generated aliases to a separate database table | +| [79966e3](https://github.com/downtownallday/mailinabox-ldap/commit/79966e36e3f74a50e923c74e83faf76e16c6ef13) | 2021-09-24 | _Joshua Tauberer_ | Set a cookie for /admin/munin pages to grant access to Munin reports | +| [66b15d4](https://github.com/downtownallday/mailinabox-ldap/commit/66b15d42a505feecd1013bcb41ee2aa73ca850ee) | 2021-09-24 | _Joshua Tauberer_ | CHANGELOG entries | +| [df46e13](https://github.com/downtownallday/mailinabox-ldap/commit/df46e1311b05d4f01e1908dbfaa4102c18aa9094) | 2021-09-24 | _drpixie_ | Include NSD config files from /etc/nsd/nsd.conf.d/*.conf (#2035) | +| [353084c](https://github.com/downtownallday/mailinabox-ldap/commit/353084ce6726e7aaee9b9df1c87dd03df29c5f9e) | 2021-09-19 | _Elsie Hupp_ | Use "smart invert" for dark mode (#2038) | +| [763cdfc](https://github.com/downtownallday/mailinabox-ldap/commit/763cdfcd7ec7ce88d2e236c5c7c27d699dfb2bf5) | 2021-09-14 | _downtownallday_ | remove /admin/me call, which is no longer available, and use the new api_credentials Object, which used to be a String. add X-Requested-With header to requests so 401's are not returned by daemon.py. | +| [9ea03e1](https://github.com/downtownallday/mailinabox-ldap/commit/9ea03e18c9a9a28ce8e3c4421625c337e2f8217d) | 2021-09-14 | _downtownallday_ | automatically install avahi for systems with a .local tld | +| [4b285c3](https://github.com/downtownallday/mailinabox-ldap/commit/4b285c3201efe8a7105260d69761a9128d5e61a4) | 2021-09-14 | _downtownallday_ | Prepare for multiple base system support and automatically update and remove stale vagrant boxes | +| [3d32dba](https://github.com/downtownallday/mailinabox-ldap/commit/3d32dbab225b38f0bcb5d1e87cd14e7c132d2599) | 2021-09-14 | _downtownallday_ | Explicitly create a /etc/ldap/ldap.conf in the docker image so ldap tools recognize the system's trusted root certificate list | +| [3f2b2ef](https://github.com/downtownallday/mailinabox-ldap/commit/3f2b2ef1466ae5846cd74cea47c395a1290d5719) | 2021-09-14 | _downtownallday_ | Stop the capture daemon during ehdd shutdown to avoid "busy" mount | +| [91079ab](https://github.com/downtownallday/mailinabox-ldap/commit/91079ab9347b7326a11c4011ce7c6cf8cf8b1491) | 2021-09-10 | _mailinabox-contributor_ | add numeric flag value to DNSSEC DS status message (#2033) | +| [e5909a6](https://github.com/downtownallday/mailinabox-ldap/commit/e5909a62870fc3a9d39a7ffe63a5264f9666ea79) | 2021-09-06 | _Joshua Tauberer_ | Allow non-admin login to the control panel and show/hide menu items depending on the login state | +| [26932ec](https://github.com/downtownallday/mailinabox-ldap/commit/26932ecb103b326069f3653e4420d770189c1460) | 2021-09-06 | _Joshua Tauberer_ | Add a 'welcome' panel to the control panel and make it the default page instead of the status checks which take too long to load | +| [e884c47](https://github.com/downtownallday/mailinabox-ldap/commit/e884c4774f3ef4fc01e43595e46948456a76ddbf) | 2021-09-06 | _Joshua Tauberer_ | Replace HMAC-based session API keys with tokens stored in memory in the daemon process | +| [53ec0f3](https://github.com/downtownallday/mailinabox-ldap/commit/53ec0f39cb074dc43a2f8b245aa8d4d12c74914e) | 2021-09-06 | _Joshua Tauberer_ | Use 'secrets' to generate the system API key and remove some debugging-related code | +| [700188c](https://github.com/downtownallday/mailinabox-ldap/commit/700188c44392aaa3a1e5cd5feaa59767db38cb53) | 2021-09-06 | _Joshua Tauberer_ | Roundcube 1.5 RC | +| [4f8697c](https://github.com/downtownallday/mailinabox-ldap/commit/4f8697c07dd2e78dbe2de15fc198a9ff7e556429) | 2021-08-23 | _downtownallday_ | change badge link | +| [71526bc](https://github.com/downtownallday/mailinabox-ldap/commit/71526bc2947d13f44a0c58b77773b12ff9096f0c) | 2021-08-23 | _downtownallday_ | Add badge | +| [be932af](https://github.com/downtownallday/mailinabox-ldap/commit/be932af8139d359f9dff9fd461edb4314d309229) | 2021-08-23 | _downtownallday_ | git remote url does not contain .git extension in github actions | +| [0876a9a](https://github.com/downtownallday/mailinabox-ldap/commit/0876a9a7de98b621cde9c38aaad2d65794143a84) | 2021-08-23 | _downtownallday_ | non-standard git remotes in github actions | +| [0c2c76a](https://github.com/downtownallday/mailinabox-ldap/commit/0c2c76a6dcc7d71c1b6a7528383bcb36370c094d) | 2021-08-23 | _downtownallday_ | Patch upstream to install php-xml instead of php-xsl | +| [2a9fcd7](https://github.com/downtownallday/mailinabox-ldap/commit/2a9fcd7101c8f9d286b3ba1ca4442c08dff8a698) | 2021-08-23 | _downtownallday_ | add upgrade-from-upstream job | +| [c29eb2f](https://github.com/downtownallday/mailinabox-ldap/commit/c29eb2fb23d54a8d4dd254cb0a7ce15620e8ee31) | 2021-08-23 | _downtownallday_ | add 127.0.1.1 if it does not exist | +| [f8a679b](https://github.com/downtownallday/mailinabox-ldap/commit/f8a679b9c27f654e250d04cb4c63ca7080dc586d) | 2021-08-23 | _downtownallday_ | ensure system hostname is resolvable locally | +| [71d3b79](https://github.com/downtownallday/mailinabox-ldap/commit/71d3b79965e123c50cc8fd4f50fcc7799496ff51) | 2021-08-23 | _downtownallday_ | avoid installing php-xsl, which is a virtual package provided by php-xml on github images | +| [bad57e8](https://github.com/downtownallday/mailinabox-ldap/commit/bad57e8688b97f01011978be124ca1a9b15eec82) | 2021-08-23 | _downtownallday_ | Try running update-alternatives for php 7.2 as before system-setup | +| [d8c52fe](https://github.com/downtownallday/mailinabox-ldap/commit/d8c52fedc58584febdf54f8e86ebb6b6749e170d) | 2021-08-23 | _downtownallday_ | Try using nanasess/setup-php action to resolve issue where setup/webmail.sh, which runs the roundcubemail/bin/updatedb.sh script, fails with "Unsupported PHP version. Required PHP >= 5.4 and < 8.0" indicating that PHP >= 8.0 is actually installed! | +| [5911f05](https://github.com/downtownallday/mailinabox-ldap/commit/5911f05f89801a34690c4cf471fdbb1afdc40d31) | 2021-08-23 | _downtownallday_ | use sudo | +| [c855133](https://github.com/downtownallday/mailinabox-ldap/commit/c855133c412e556a9f7134feecec1581a0062083) | 2021-08-23 | _downtownallday_ | fix formatting | +| [7fd1f0a](https://github.com/downtownallday/mailinabox-ldap/commit/7fd1f0ae312956ef545904a64b66adf29ace17ef) | 2021-08-23 | _downtownallday_ | Initial commit | +| [ba80d9e](https://github.com/downtownallday/mailinabox-ldap/commit/ba80d9e72dd984af0ee733d55291a00e7f8685e6) | 2021-08-23 | _David Duque_ | Show backup retention period form when configuring B2 backups (#2024) | +| [67b5711](https://github.com/downtownallday/mailinabox-ldap/commit/67b5711c683df8f05acd48ce13c4afcb2c5d3008) | 2021-08-22 | _Joshua Tauberer_ | Recommend that DS records be updated to not use SHA1 and exclude MUST NOT methods (SHA1) and the unlikely option RSASHA1-NSEC3-SHA1 (7) + SHA-384 (4) from the DS record suggestions | +| [20ccda8](https://github.com/downtownallday/mailinabox-ldap/commit/20ccda8710411552d69978aeff41a9281fbb2012) | 2021-08-22 | _myfirstnameispaul_ | Re-order DS record algorithms by digest type and revise warning message. | +| [0ba841c](https://github.com/downtownallday/mailinabox-ldap/commit/0ba841c7b66979e00e0d790b53555f05f72e9063) | 2021-08-22 | _NewbieOrange_ | fail2ban now supports ipv6 (#2015) | +| [daad122](https://github.com/downtownallday/mailinabox-ldap/commit/daad122236f7eca841e9a46fa19dd57f44bcb5ac) | 2021-08-16 | _lamkin_ | Ignore bad encoding in email addresses when parsing maillog files (#2017) | +| [21ad26e](https://github.com/downtownallday/mailinabox-ldap/commit/21ad26e452efebf5cfcac951ff9c723f9da6966a) | 2021-07-28 | _NewbieOrange_ | Disable auto-complete for 2FA code in the control panel login form (#2013) | diff --git a/changelog/v56.md b/changelog/v56.md new file mode 100644 index 00000000..29c8fdf9 --- /dev/null +++ b/changelog/v56.md @@ -0,0 +1,30 @@ +## Commits for v56 +| COMMIT | DATE | AUTHOR | TITLE | +| ------ | ---- | ------ | ----- | +| [3a7de05](https://github.com/downtownallday/mailinabox-ldap/commit/3a7de051ee1e87d08589a946e3d05bbf6f6806fc) | 2022-01-19 | _Joshua Tauberer_ | Version 56 (January 19, 2022) | +| [d6cd4e8](https://github.com/downtownallday/mailinabox-ldap/commit/d6cd4e826cc0568ec4453dc5d26e3d380f6b3912) | 2022-01-11 | _downtownallday_ | Ensure pip3 is installed before installing email_validator | +| [f11cb04](https://github.com/downtownallday/mailinabox-ldap/commit/f11cb04a72a5215810e92f64140a556101f2086f) | 2022-01-08 | _Darek Kowalski_ | Update Vagrant private IP address, fix issue #2062 (#2064) | +| [cb564a1](https://github.com/downtownallday/mailinabox-ldap/commit/cb564a130a8bf6f59d147f8434d246c0bc9c03a9) | 2022-01-08 | _Joshua Tauberer_ | Fix DNS secondary nameserver refesh failure retry period | +| [d1d6318](https://github.com/downtownallday/mailinabox-ldap/commit/d1d63188628b58273f2726a51fa8befceb4327fb) | 2022-01-08 | _Joshua Tauberer_ | Set systemd journald log retention to 10 days (from no limit) to reduce disk usage | +| [34b7a02](https://github.com/downtownallday/mailinabox-ldap/commit/34b7a02f4f4e4f1b76fa94021851af8e72d2e24b) | 2022-01-08 | _Joshua Tauberer_ | Update Roundcube to 1.5.2 | +| [a312acc](https://github.com/downtownallday/mailinabox-ldap/commit/a312acc3bc44ce163ceb5d15ffd38ea5ee16f1fb) | 2022-01-08 | _Joshua Tauberer_ | Update to Nextcloud 20.0.8 and update apps | +| [aab1ec6](https://github.com/downtownallday/mailinabox-ldap/commit/aab1ec691c1cdfbf56332642277434892336ac91) | 2022-01-08 | _Joshua Tauberer_ | CHANGELOG entries | +| [520caf6](https://github.com/downtownallday/mailinabox-ldap/commit/520caf65571c0cdbac88e7fb56c04bacfb112778) | 2022-01-02 | _Erik Hennig_ | fix: typo in system backup template (#2081) | +| [c92fd02](https://github.com/downtownallday/mailinabox-ldap/commit/c92fd022627a95e9a25cd2c177a97d93335d8ab2) | 2021-12-25 | _jvolkenant_ | Don't die if column already exists on Nextcloud 18 upgrade (#2078) | +| [a85c429](https://github.com/downtownallday/mailinabox-ldap/commit/a85c429a857c21b64bf3c510f63f86bc2bf3d2df) | 2021-12-19 | _Arno Hautala_ | regex change to exclude comma from sasl_username (#2074) | +| [d9cd7d2](https://github.com/downtownallday/mailinabox-ldap/commit/d9cd7d2002ae3fdf88ef289db65c4aa94ac2a341) | 2021-12-15 | _downtownallday_ | Add a setup mod to configure unattended-upgrades to email root on failures | +| [177fd19](https://github.com/downtownallday/mailinabox-ldap/commit/177fd19b9b34831e51f51950e93d746b73de6555) | 2021-12-05 | _downtownallday_ | Increase session lifetime from 10 minutes to 1 hour | +| [6c24a13](https://github.com/downtownallday/mailinabox-ldap/commit/6c24a130b93093b0be29c4050f48536e94323455) | 2021-12-05 | _downtownallday_ | Display common name in the directory | +| [50a5cb9](https://github.com/downtownallday/mailinabox-ldap/commit/50a5cb90bc63d3f492641bf39ed943886f9c4eab) | 2021-11-30 | _Ilnahro_ | Include rsync to the installed basic packages (#2067) | +| [aac878d](https://github.com/downtownallday/mailinabox-ldap/commit/aac878dce51832827613c60d6f0cfafd1a5fa61d) | 2021-11-23 | _steadfasterX_ | fix: key flag id for KSK, fix format (#2063) | +| [1828538](https://github.com/downtownallday/mailinabox-ldap/commit/182853864651cbd40ab2cf76698cf1877b1acf94) | 2021-11-15 | _downtownallday_ | Refresh script for latest roundcube carddav plugin Belongs with last commit... | +| [0621687](https://github.com/downtownallday/mailinabox-ldap/commit/06216876a23a55db6fce7d36502863d459fcc6c5) | 2021-11-15 | _downtownallday_ | Update roundcube carddav plugin to support roundcube 1.5 and close a security hole | +| [58b0323](https://github.com/downtownallday/mailinabox-ldap/commit/58b0323b3626d29a8c8a419f72fecf32ee4509c5) | 2021-11-04 | _jvolkenant_ | Update persistent_login for Roundcube 1.5 (#2055) | +| [646f971](https://github.com/downtownallday/mailinabox-ldap/commit/646f971d8bac7671646e4167b71b45b4b609e048) | 2021-10-31 | _kiekerjan_ | Update mailinabox.yml (#2054) | +| [86067be](https://github.com/downtownallday/mailinabox-ldap/commit/86067be1425cb7df60c347dc1998ce9fc533acdd) | 2021-10-27 | _Felix Spöttel_ | fix(docs): set a schema for /logout responses (#2051) | +| [3bb6f02](https://github.com/downtownallday/mailinabox-ldap/commit/3bb6f021a73635668f966f5cd784060d493b018e) | 2021-10-27 | _downtownallday_ | Fix tests that were broken by commit bb54370 | +| [db8e0fd](https://github.com/downtownallday/mailinabox-ldap/commit/db8e0fdf660ef944f962109f4f732914d4fde531) | 2021-10-27 | _downtownallday_ | Remove /etc/ldap/ldap.conf creation as it's now created by the Nextcloud docker image | +| [c67ff24](https://github.com/downtownallday/mailinabox-ldap/commit/c67ff241c43aa101e3e830795ae0fea54c947f67) | 2021-10-23 | _Joshua Tauberer_ | Updates to security.md | +| [7b4cd44](https://github.com/downtownallday/mailinabox-ldap/commit/7b4cd443bf3f49c66ee2eb7f695b6a53232f7d81) | 2021-10-22 | _Joshua Tauberer_ | How to report security issues | +| [3401754](https://github.com/downtownallday/mailinabox-ldap/commit/34017548d5833e598fc0b72f9b816fa788c119d3) | 2021-10-22 | _Joshua Tauberer_ | Don't crash if a custom DNS entry is not under a zone managed by the box, fixes #1961 | +| [bb54370](https://github.com/downtownallday/mailinabox-ldap/commit/bb543700f5d15b724d91c27ecd93e65e13c415e2) | 2021-10-19 | _downtownallday_ | Fix smart host alias (alias with no forward to's). Postfix recently started rejecting these mails with "Sender address rejected: domain not found". This ensures the special case is handled properly. | From 70475cc2943a49842bbd4cfb43d39ba82e382603 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Fri, 8 Apr 2022 10:05:34 -0400 Subject: [PATCH 05/21] Allow the nextcloud service account to be able to change user account passwords. This should be removed once Nextcloud Server iss 18406 is fixed. --- setup/ldap.sh | 9 +++++++++ tests/suites/ldap-access.sh | 29 +++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/setup/ldap.sh b/setup/ldap.sh index 4621e793..6e1f32dc 100755 --- a/setup/ldap.sh +++ b/setup/ldap.sh @@ -579,6 +579,15 @@ apply_access_control() { ldapmodify -Q -Y EXTERNAL -H ldapi:/// >/dev/null < Date: Sat, 9 Apr 2022 07:18:22 -0400 Subject: [PATCH 06/21] Fix detection of installed nc app The script erroneously determined the contacts app was installed because it matched "contactsintegration" --- setup/mods.available/remote-nextcloud-use-miab.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/mods.available/remote-nextcloud-use-miab.sh b/setup/mods.available/remote-nextcloud-use-miab.sh index fc93b344..0f12745e 100755 --- a/setup/mods.available/remote-nextcloud-use-miab.sh +++ b/setup/mods.available/remote-nextcloud-use-miab.sh @@ -377,7 +377,7 @@ install_app() { if [ ! -x /usr/bin/sudo ]; then say "WARNING: sudo is not installed: Unable to run occ to check and/or install Nextcloud app \"$app\"." - elif [ -z "$(sudo -E -u www-data php $NCDIR/occ app:list | grep $app)" ]; then + elif [ -z "$(sudo -E -u www-data php $NCDIR/occ app:list | grep -F "${app}:")" ]; then say_verbose "Install app '$app'" sudo -E -u www-data php $NCDIR/occ app:install $app [ $? -ne 0 ] && die "Unable to install Nextcloud app '$app'" From ee8d627c3b6822bfb5dd3eb441fe42428a15f4de Mon Sep 17 00:00:00 2001 From: downtownallday Date: Sun, 6 Mar 2022 10:53:00 -0500 Subject: [PATCH 07/21] Improve formatting of setup output --- setup/start.sh | 4 +++- tests/lib/system.sh | 38 +++++++++++++++++++++++++++---- tests/system-setup/setup-funcs.sh | 33 ++++++++++++++++++++------- 3 files changed, 62 insertions(+), 13 deletions(-) diff --git a/setup/start.sh b/setup/start.sh index 9c9e521d..ec1abbaa 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -156,7 +156,9 @@ fi # if [ -d "${LOCAL_MODS_DIR:-local}" ]; then for mod in $(ls "${LOCAL_MODS_DIR:-local}" | grep -v '~$'); do - ${LOCAL_MODS_DIR:-local}/$mod + if [ -x ${LOCAL_MODS_DIR:-local}/$mod ]; then + ${LOCAL_MODS_DIR:-local}/$mod |& sed -e "s/^/mod(${mod%%.*}): /" + fi done fi diff --git a/tests/lib/system.sh b/tests/lib/system.sh index 552ab86a..21809afd 100644 --- a/tests/lib/system.sh +++ b/tests/lib/system.sh @@ -49,11 +49,18 @@ dump_file_if_exists() { } update_system_time() { - if [ ! -x /usr/sbin/ntpdate ]; then - wait_for_apt - apt-get install -y -qq ntpdate || return 1 + if systemctl is-active --quiet ntp; then + # ntpd is running and running ntpdate will fail with "the NTP + # socket is in use" + echo "ntpd is already running, not updating time" + return 0 fi - ntpdate -s ntp.ubuntu.com && echo "System time updated" + if [ ! -x /usr/sbin/ntpdate ]; then + echo "Installing ntpdate" + wait_for_apt + exec_no_output apt-get install -y ntpdate || return 1 + fi + ntpdate ntp.ubuntu.com } set_system_hostname() { @@ -110,3 +117,26 @@ install_docker() { || return 5 } + +exec_no_output() { + # This function hides the output of a command unless the command + # fails + local of=$(mktemp) + "$@" &> "$of" + local code=$? + + if [ $code -ne 0 ]; then + echo "" 1>&2 + echo "FAILED: $@" 1>&2 + echo "-----------------------------------------" 1>&2 + echo "Return code: $code" 1>&2 + echo "Output:" 1>&2 + cat "$of" 1>&2 + echo "-----------------------------------------" 1>&2 + fi + + # Remove temporary file. + rm -f "$of" + [ $code -ne 0 ] && return 1 + return 0 +} diff --git a/tests/system-setup/setup-funcs.sh b/tests/system-setup/setup-funcs.sh index 07821a29..6080c1f3 100755 --- a/tests/system-setup/setup-funcs.sh +++ b/tests/system-setup/setup-funcs.sh @@ -2,7 +2,7 @@ # # requires: # -# test scripts: [ lib/misc.sh, lib/system.sh ] +# test scripts: [ lib/misc.sh, lib/system.sh, lib/color-output.sh ] # @@ -81,7 +81,7 @@ init_test_system() { # update package lists before installing anything H2 "apt-get update" wait_for_apt - apt-get update -qq || die "apt-get update failed!" + exec_no_output apt-get update -qq || die "apt-get update failed!" # upgrade packages - if we don't do this and something like bind # is upgraded through automatic upgrades (because maybe MiaB was @@ -90,15 +90,24 @@ init_test_system() { if is_false "$TRAVIS" && [ "$SKIP_SYSTEM_UPDATE" != "1" ]; then H2 "apt-get upgrade" wait_for_apt - apt-get upgrade -qq || die "apt-get upgrade failed!" + cp /var/log/apt/history.log /tmp/history.log \ + || die "Unable to copy /var/log/apt/history.log to /tmp" + exec_no_output apt-get upgrade -y --with-new-pkgs \ + || die "apt-get upgrade failed!" + diff /tmp/history.log /var/log/apt/history.log \ + | sed 's/^> //' \ + | awk '/^(Upgrade|Install): / { print $0 }' + rm -f /tmp/history.log fi # install avahi if the system dns domain is .local - note that # /bin/dnsdomainname returns empty string at this point case "$PRIMARY_HOSTNAME" in *.local ) + H2 "Install avahi" wait_for_apt - apt-get install -y -qq avahi-daemon || die "could not install avahi" + exec_no_output apt-get install -y avahi-daemon \ + || die "could not install avahi" ;; esac } @@ -131,8 +140,10 @@ init_miab_testing() { # python3-dnspython: is used by the python scripts in 'tests' and is # not installed by setup # also install 'jq' for json processing + echo "Install python3-dnspython, jq" wait_for_apt - apt-get install -y -qq python3-dnspython jq + exec_no_output apt-get install -y python3-dnspython jq \ + || die "Unable to install setup prerequisites !!" # copy in pre-built MiaB-LDAP ssl files # 1. avoid the lengthy generation of DH params @@ -228,12 +239,15 @@ miab_ldap_install() { # but only when in interactive mode. make sure it's also installed # in non-interactive mode if [ ! -z "${NONINTERACTIVE:-}" ]; then - H2 "Install email_validator python3 module" + echo "Install email_validator python3 module" wait_for_apt - apt-get install -y -qq python3-pip || die "Unable to install pip3!" - pip3 install -q "email_validator>=1.0.0" || die "Unable to install email_validator python3 module!" + exec_no_output apt-get install -y -qq python3-pip \ + || die "Unable to install pip !" + exec_no_output pip3 install -q "email_validator>=1.0.0" \ + || die "Unable to install email_validator !" fi + H2 "Run mailinabox-ldap setup" # if EHDD_KEYFILE is set, use encryption-at-rest support if [ ! -z "$EHDD_KEYFILE" ]; then ehdd/start-encrypted.sh @@ -249,6 +263,7 @@ miab_ldap_install() { die "MiaB-LDAP setup failed!" fi + H2 "Post-setup actions" workaround_dovecot_sieve_bug # set actual STORAGE_ROOT, STORAGE_USER, PRIVATE_IP, etc @@ -258,6 +273,8 @@ miab_ldap_install() { if systemctl is-active --quiet avahi-daemon; then systemctl restart avahi-daemon fi + + H2 "miab-ldap install success" } From 6ff93bb87e86fde270da5b667ab89fe86eab7364 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Wed, 4 May 2022 11:19:46 -0400 Subject: [PATCH 08/21] add miab directory as 'safe' for git --- tests/system-setup/setup-funcs.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tests/system-setup/setup-funcs.sh b/tests/system-setup/setup-funcs.sh index 6080c1f3..a4bdbe47 100755 --- a/tests/system-setup/setup-funcs.sh +++ b/tests/system-setup/setup-funcs.sh @@ -140,11 +140,17 @@ init_miab_testing() { # python3-dnspython: is used by the python scripts in 'tests' and is # not installed by setup # also install 'jq' for json processing - echo "Install python3-dnspython, jq" + echo "Install python3-dnspython, jq, git" wait_for_apt - exec_no_output apt-get install -y python3-dnspython jq \ + exec_no_output apt-get install -y python3-dnspython jq git \ || die "Unable to install setup prerequisites !!" - + + + # tell git our directory is safe (new requirement for git 2.35.2) + if [ -d .git ]; then + git config --global --add safe.directory "$(pwd)" + fi + # copy in pre-built MiaB-LDAP ssl files # 1. avoid the lengthy generation of DH params if ! mkdir -p $STORAGE_ROOT/ssl; then From 379ae8ea8c4a098950df6b8ffc15b935f561965d Mon Sep 17 00:00:00 2001 From: downtownallday Date: Sun, 12 Jun 2022 17:22:47 -0400 Subject: [PATCH 09/21] Add .md file extension --- changelog/gen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/gen.sh b/changelog/gen.sh index d0b32fae..784317a5 100755 --- a/changelog/gen.sh +++ b/changelog/gen.sh @@ -109,7 +109,7 @@ else to_ref="$branch" title="Unmerged commits from feature branch _${branch}_" else - of="$scriptdir/$bs_tag" + of="$scriptdir/$bs_tag.md" tag_from_git || exit 1 from_ref="$TAG" to_ref="HEAD" From 1f8849021abadc7c440e895e2feb2eb9916542a0 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Sun, 12 Jun 2022 17:42:19 -0400 Subject: [PATCH 10/21] Update changelog --- changelog/v57.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 changelog/v57.md diff --git a/changelog/v57.md b/changelog/v57.md new file mode 100644 index 00000000..dde918ae --- /dev/null +++ b/changelog/v57.md @@ -0,0 +1,16 @@ +## Commits for v57 +| COMMIT | DATE | AUTHOR | TITLE | +| ------ | ---- | ------ | ----- | +| [6ff93bb](https://github.com/downtownallday/mailinabox-ldap/commit/6ff93bb87e86fde270da5b667ab89fe86eab7364) | 2022-06-05 | _downtownallday_ | add miab directory as 'safe' for git | +| [ee8d627](https://github.com/downtownallday/mailinabox-ldap/commit/ee8d627c3b6822bfb5dd3eb441fe42428a15f4de) | 2022-06-05 | _downtownallday_ | Improve formatting of setup output | +| [9004bb6](https://github.com/downtownallday/mailinabox-ldap/commit/9004bb6e8ecf4ef8062859693919215149c68c47) | 2022-06-05 | _jbandholz_ | Add IPV6 addresses to fail2ban ignoreip (#2069) | +| [69d8fde](https://github.com/downtownallday/mailinabox-ldap/commit/69d8fdef9915127f016eb6424322a149cdff25d7) | 2022-06-05 | _m-picc_ | Specify b2sdk version 1.14.1 (#2125) | +| [eeee712](https://github.com/downtownallday/mailinabox-ldap/commit/eeee712cf3ad4d337479956f2c036071cc7e93c9) | 2022-05-04 | _Austin Ewens_ | Switched to using tags over releases for NextCloud contacts/calendar (#2105) | +| [9b0da60](https://github.com/downtownallday/mailinabox-ldap/commit/9b0da60c24701041e7dadfc9556f84d727c4b319) | 2022-04-09 | _downtownallday_ | Fix detection of installed nc app The script erroneously determined the contacts app was installed because it matched "contactsintegration" | +| [70475cc](https://github.com/downtownallday/mailinabox-ldap/commit/70475cc2943a49842bbd4cfb43d39ba82e382603) | 2022-04-08 | _downtownallday_ | Allow the nextcloud service account to be able to change user account passwords. This should be removed once Nextcloud Server iss 18406 is fixed. | +| [6e40c69](https://github.com/downtownallday/mailinabox-ldap/commit/6e40c69cb5e04b633384135417c451882dc594a9) | 2022-03-26 | _lamberete_ | Error message using IPv4 instead of failing IPv6. | +| [c0e54f8](https://github.com/downtownallday/mailinabox-ldap/commit/c0e54f87d70cd4b33b5e20e26d3ab454f0c0724f) | 2022-03-26 | _lamberete_ | Sorting ds records on report. | +| [98f4e5b](https://github.com/downtownallday/mailinabox-ldap/commit/98f4e5b2fc61e18d0f74dd2b37afa9df51c7ef9c) | 2022-03-06 | _downtownallday_ | Add a changelog of commits for each release | +| [82e203b](https://github.com/downtownallday/mailinabox-ldap/commit/82e203b3ec40701bb53f1f11db84b7215b9be062) | 2022-02-08 | _downtownallday_ | Fix issue where a postfix/submission connection using TLS on port 465 would be reported as "insecure" | +| [fd2ff00](https://github.com/downtownallday/mailinabox-ldap/commit/fd2ff00a6efb53302d9699aaeaee465f3f7da597) | 2022-01-29 | _downtownallday_ | Use persistent_login plugin's "Auth Token" support for Roundcube. The old way was very insecure and is subject to dictionary attack of the unsalted encrypted password stored in a browser cookie. | +| [54dc064](https://github.com/downtownallday/mailinabox-ldap/commit/54dc06416b3a87d7ef6cbfd2b760c69cd37a753c) | 2022-01-29 | _downtownallday_ | Periodically clean the roundcube database | From c5afd69f5000db46753c990be510592ceae2ebee Mon Sep 17 00:00:00 2001 From: downtownallday Date: Sun, 12 Jun 2022 17:44:48 -0400 Subject: [PATCH 11/21] Update changelog --- changelog/v57.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/changelog/v57.md b/changelog/v57.md index dde918ae..0f2429f7 100644 --- a/changelog/v57.md +++ b/changelog/v57.md @@ -1,6 +1,11 @@ ## Commits for v57 | COMMIT | DATE | AUTHOR | TITLE | | ------ | ---- | ------ | ----- | +| [1f88490](https://github.com/downtownallday/mailinabox-ldap/commit/1f8849021abadc7c440e895e2feb2eb9916542a0) | 2022-06-12 | _downtownallday_ | Update changelog | +| [379ae8e](https://github.com/downtownallday/mailinabox-ldap/commit/379ae8ea8c4a098950df6b8ffc15b935f561965d) | 2022-06-12 | _downtownallday_ | Add .md file extension | +| [2aca421](https://github.com/downtownallday/mailinabox-ldap/commit/2aca421415f9f498c21a49588d1cff6ce3d8f2de) | 2022-06-12 | _Joshua Tauberer_ | Version 57 | +| [99474b3](https://github.com/downtownallday/mailinabox-ldap/commit/99474b348f0dd2632057c18c6a8c4e6464962878) | 2022-06-12 | _Joshua Tauberer_ | Update backup to be compatible with duplicity 0.8.23 | +| [8bebaf6](https://github.com/downtownallday/mailinabox-ldap/commit/8bebaf6a484a38aca199bdbe68e937abc6a1394d) | 2022-06-11 | _Joshua Tauberer_ | Simplify duplicity command line by omitting rsync options if the backup target type is not rsync | | [6ff93bb](https://github.com/downtownallday/mailinabox-ldap/commit/6ff93bb87e86fde270da5b667ab89fe86eab7364) | 2022-06-05 | _downtownallday_ | add miab directory as 'safe' for git | | [ee8d627](https://github.com/downtownallday/mailinabox-ldap/commit/ee8d627c3b6822bfb5dd3eb441fe42428a15f4de) | 2022-06-05 | _downtownallday_ | Improve formatting of setup output | | [9004bb6](https://github.com/downtownallday/mailinabox-ldap/commit/9004bb6e8ecf4ef8062859693919215149c68c47) | 2022-06-05 | _jbandholz_ | Add IPV6 addresses to fail2ban ignoreip (#2069) | From 0ef7b33a551237fe554caabdfc60571a94298812 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Tue, 14 Jun 2022 05:39:32 -0400 Subject: [PATCH 12/21] Remove output prefix It's too difficult to read, especially when getting user input via stdin --- setup/start.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup/start.sh b/setup/start.sh index ec1abbaa..4dcb9be8 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -157,7 +157,9 @@ fi if [ -d "${LOCAL_MODS_DIR:-local}" ]; then for mod in $(ls "${LOCAL_MODS_DIR:-local}" | grep -v '~$'); do if [ -x ${LOCAL_MODS_DIR:-local}/$mod ]; then - ${LOCAL_MODS_DIR:-local}/$mod |& sed -e "s/^/mod(${mod%%.*}): /" + echo "" + echo "Running mod: ${LOCAL_MODS_DIR:-local}/$mod" + ${LOCAL_MODS_DIR:-local}/$mod fi done fi From e710d3212f02ac60dda744f019d2ffb69cf88c12 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Tue, 21 Jun 2022 20:39:05 -0400 Subject: [PATCH 13/21] changelog --- changelog/v57a.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 changelog/v57a.md diff --git a/changelog/v57a.md b/changelog/v57a.md new file mode 100644 index 00000000..d4807b11 --- /dev/null +++ b/changelog/v57a.md @@ -0,0 +1,6 @@ +## Commits for v57a +| COMMIT | DATE | AUTHOR | TITLE | +| ------ | ---- | ------ | ----- | +| [3c3d62a](https://github.com/downtownallday/mailinabox-ldap/commit/3c3d62ac2709ee510214878ef06af0c6009f4e0b) | 2022-06-19 | _Joshua Tauberer_ | Version 57a | +| [d829d74](https://github.com/downtownallday/mailinabox-ldap/commit/d829d74048ce9cc3cfda51f45428cfe482a1ce02) | 2022-06-18 | _Joshua Tauberer_ | Pin b2sdk to version 1.14.1 in the virtualenv also | +| [0ef7b33](https://github.com/downtownallday/mailinabox-ldap/commit/0ef7b33a551237fe554caabdfc60571a94298812) | 2022-06-14 | _downtownallday_ | Remove output prefix It's too difficult to read, especially when getting user input via stdin | From 8e6e4480b2eb5b457779bced03f342f3c9e45e7b Mon Sep 17 00:00:00 2001 From: downtownallday Date: Wed, 22 Jun 2022 11:19:33 -0400 Subject: [PATCH 14/21] Output message about ignoring errors --- tests/lib/carddav.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/lib/carddav.sh b/tests/lib/carddav.sh index 9d90cef2..ef137d30 100644 --- a/tests/lib/carddav.sh +++ b/tests/lib/carddav.sh @@ -247,9 +247,7 @@ roundcube_force_carddav_refresh() { [ -z "$carddav_major" ] && carddav_major="3" if [ $carddav_major -eq 3 ]; then - if [ ! -e "$RCM_DIR/bin/carddav_refresh.sh" ]; then - echo "Please ignore the following errors about no such table carddav_addressbooks and carddav_migrations" - fi + # old version sync_script="$assets_dir/mail/roundcube/carddav_refresh_v3.sh" else sync_script="$assets_dir/mail/roundcube/carddav_refresh.sh" @@ -261,6 +259,7 @@ roundcube_force_carddav_refresh() { fi pushd "$RCM_DIR" >/dev/null + echo "Please ignore errors about 'no such table carddav_addressbooks' and 'no such table carddav_migrations'" bin/carddav_refresh.sh "$user" "$pass" code=$? popd >/dev/null From cab78e8d9a228b9625ed8d7d14db14ce784e715e Mon Sep 17 00:00:00 2001 From: downtownallday Date: Wed, 22 Jun 2022 11:19:58 -0400 Subject: [PATCH 15/21] Change comment --- tests/system-setup/upgrade.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/system-setup/upgrade.sh b/tests/system-setup/upgrade.sh index ae18a7b5..39b44349 100755 --- a/tests/system-setup/upgrade.sh +++ b/tests/system-setup/upgrade.sh @@ -1,9 +1,9 @@ #!/bin/bash # setup MiaB-LDAP by: -# 1. installing upstream MiaB +# 1. installing a prior version of MiaB-LDAP # 2. adding some data (users/aliases/etc) -# 3. upgrading to MiaB-LDAP +# 3. upgrading to master branch version of MiaB-LDAP # # See setup-defaults.sh for usernames and passwords. # From 1622b326d5b317ba479b90213df66dc6e2c1d619 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Wed, 22 Jun 2022 11:20:41 -0400 Subject: [PATCH 16/21] Update version used for upgrade-to-master tests --- tests/system-setup/setup-defaults.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/system-setup/setup-defaults.sh b/tests/system-setup/setup-defaults.sh index 8424f5c0..c6f1ebd4 100755 --- a/tests/system-setup/setup-defaults.sh +++ b/tests/system-setup/setup-defaults.sh @@ -42,4 +42,4 @@ export UPSTREAM_TAG="${UPSTREAM_TAG:-}" # For setup scripts that install miabldap releases export MIABLDAP_GIT="${MIABLDAP_GIT:-https://github.com/downtownallday/mailinabox-ldap.git}" -export MIABLDAP_RELEASE_TAG="${MIABLDAP_RELEASE_TAG:-v56}" +export MIABLDAP_RELEASE_TAG="${MIABLDAP_RELEASE_TAG:-v57}" From 65a393cb3fc8086be05b86cbbffc7e40978531ca Mon Sep 17 00:00:00 2001 From: downtownallday Date: Wed, 22 Jun 2022 11:21:22 -0400 Subject: [PATCH 17/21] Fix the installed state version parsing logic --- tests/lib/installed-state.sh | 41 ++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/tests/lib/installed-state.sh b/tests/lib/installed-state.sh index 860e7e62..b092b98f 100644 --- a/tests/lib/installed-state.sh +++ b/tests/lib/installed-state.sh @@ -6,6 +6,29 @@ # installations to a subsequent MiaB-LDAP upgrade # +parse_miab_version_string() { + local tmpfile + tmpfile=$(mktemp) + awk -F- ' +/^v[0-9]+\./ { split($1,a,"."); print "MAJOR="substr(a[1],2); print "MINOR="a[2]; print "RELEASE="$2; next } + +/^v[0-9]+[a-z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"a"+1; print "RELEASE="; next } + +/^v[0-9]+[A-Z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"A"+1; print "RELEASE="; next } + +/^v[0-9]+$/ { print "MAJOR="substr($1,2); print "MINOR="; print "RELEASE="; next } + +{ exit 1 }' >> "$tmpfile" <<< "$1" + + if [ $? -ne 0 ]; then + rm -f "$tmpfile" + return 1 + fi + source "$tmpfile" + rm -f "$tmpfile" + return 0 +} + installed_state_capture() { # users and aliases @@ -29,8 +52,18 @@ installed_state_capture() { fi H2 "create info.txt" echo "STATE_VERSION=1" > "$info" - echo "GIT_VERSION='$(git describe)'" >>"$info" - git describe | awk -F- '{ split($1,a,"."); print "MAJOR="substr(a[1],2); print "MINOR="a[2]; print "RELEASE="$2 }' >>"$info" + local gitver=$(git describe) + echo "GIT_VERSION='$gitver'" >>"$info" + + parse_miab_version_string "$gitver" + if [ $? -ne 0 ]; then + echo "Unable to parse version string: $gitver" + return 1 + fi + echo "MAJOR=$MAJOR" >>"$info" + echo "MINOR=$MINOR" >>"$info" + echo "RELEASE=$RELEASE" >>"$info" + echo "GIT_ORIGIN='$(git remote -v | grep ^origin | grep 'fetch)$' | awk '{print $2}')'" >>"$info" echo "MIGRATION_VERSION=$([ -e "$STORAGE_ROOT/mailinabox.version" ] && cat "$STORAGE_ROOT/mailinabox.version")" >>"$info" echo "MIGRATION_ML_VERSION=$([ -e "$STORAGE_ROOT/mailinabox-ldap.version" ] && cat "$STORAGE_ROOT/mailinabox-ldap.version")" >>"$info" @@ -85,14 +118,14 @@ installed_state_compare() { # source "$s1/info.txt" MAJOR_A="$MAJOR" - MINOR_A="$MINOR" + MINOR_A="${MINOR:-0}" RELEASE_A="${RELEASE:-0}" PROD_A="miab" grep "mailinabox-ldap" <<<"$GIT_ORIGIN" >/dev/null && PROD_A="miabldap" source "$s2/info.txt" MAJOR_B="$MAJOR" - MINOR_B="$MINOR" + MINOR_B="${MINOR:-0}" RELEASE_B="${RELEASE:-0}" PROD_B="miab" grep "mailinabox-ldap" <<<"$GIT_ORIGIN" >/dev/null && PROD_B="miabldap" From c79fca6a4539926efa9864bc6cf8ff32cce429a8 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Wed, 22 Jun 2022 11:23:32 -0400 Subject: [PATCH 18/21] Allow .local domains as valid email address, which fixes an issue caused by the 'email_validator' python module that was recently updated to version 1.2.1 --- management/mailconfig.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/management/mailconfig.py b/management/mailconfig.py index 2b432f6c..3ae3adb8 100755 --- a/management/mailconfig.py +++ b/management/mailconfig.py @@ -14,11 +14,20 @@ import subprocess, shutil, os, sqlite3, re, ldap3, uuid, hashlib import utils, backend from email_validator import validate_email as validate_email_, EmailNotValidError import idna +import socket import logging log = logging.getLogger(__name__) +# remove "local" as a "special use domain" from email_validator +# globally because validate validate_email_(email, +# test_environment=True) is broken in email_validator 1.2.1 +# @TODO: remove once email_validator's test_environment argument is fixed (see validate_email() below) +import email_validator as _evx +_evx.SPECIAL_USE_DOMAIN_NAMES.remove("local") + + # # LDAP notes: # @@ -74,11 +83,18 @@ def validate_email(email, mode=None): # Check the syntax of the address. try: + # allow .local domains to pass when they refer to the local machine + email_domain = get_domain(email) + test_env = ( + email_domain.endswith(".local") and + email_domain == socket.getfqdn() + ) validate_email_(email, allow_smtputf8=False, check_deliverability=False, - allow_empty_local=(mode=="alias") - ) + allow_empty_local=(mode=="alias"), + test_environment=test_env + ) except EmailNotValidError: return False From 82599e542efb675b38d773753bc778f170bdb259 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Wed, 22 Jun 2022 12:01:01 -0400 Subject: [PATCH 19/21] If git describe fails, assume new undetermined version --- tests/lib/installed-state.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tests/lib/installed-state.sh b/tests/lib/installed-state.sh index b092b98f..40c8ff8a 100644 --- a/tests/lib/installed-state.sh +++ b/tests/lib/installed-state.sh @@ -55,10 +55,17 @@ installed_state_capture() { local gitver=$(git describe) echo "GIT_VERSION='$gitver'" >>"$info" - parse_miab_version_string "$gitver" - if [ $? -ne 0 ]; then - echo "Unable to parse version string: $gitver" - return 1 + if [ -z "$gitver" ]; then + # git: "No names found, cannot describe anything" + MAJOR=999 + MINOR= + RELEASE= + else + parse_miab_version_string "$gitver" + if [ $? -ne 0 ]; then + echo "Unable to parse version string: '$gitver'" + return 1 + fi fi echo "MAJOR=$MAJOR" >>"$info" echo "MINOR=$MINOR" >>"$info" From 7f18e6ca3c54614eb8c4e759cbc660d29da804ac Mon Sep 17 00:00:00 2001 From: downtownallday Date: Thu, 23 Jun 2022 17:45:40 -0400 Subject: [PATCH 20/21] Upgrade persistent login plugin to version 5.3.0 --- conf/persistent_login-sqlite.sql | 14 -------------- setup/webmail.sh | 7 ++----- 2 files changed, 2 insertions(+), 19 deletions(-) delete mode 100644 conf/persistent_login-sqlite.sql diff --git a/conf/persistent_login-sqlite.sql b/conf/persistent_login-sqlite.sql deleted file mode 100644 index 5bffc9a6..00000000 --- a/conf/persistent_login-sqlite.sql +++ /dev/null @@ -1,14 +0,0 @@ -PRAGMA foreign_keys = ON; - -CREATE TABLE IF NOT EXISTS `auth_tokens` ( - `token` TEXT NOT NULL, - `expires` TEXT NOT NULL, - `user_id` INTEGER NOT NULL, - `user_name` TEXT NOT NULL, - `user_pass` TEXT NOT NULL, - `host` TEXT NOT NULL, - PRIMARY KEY(`token`), - FOREIGN KEY(`user_id`) REFERENCES `users`(`user_id`) ON DELETE CASCADE -); - -CREATE INDEX IF NOT EXISTS `user_id_fk_auth_tokens` ON `auth_tokens`(`user_id`); diff --git a/setup/webmail.sh b/setup/webmail.sh index 1e1740c2..3079b099 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -38,7 +38,7 @@ apt_install \ # the error message. VERSION=1.5.2 HASH=208ce4ca0be423cc0f7070ff59bd03588b4439bf -PERSISTENT_LOGIN_VERSION=59ca1b0d3a02cff5fa621c1ad581d15f9d642fe8 +PERSISTENT_LOGIN_VERSION=version-5.3.0 HTML5_NOTIFIER_VERSION=68d9ca194212e15b3c7225eb6085dbcf02fd13d7 # version 0.6.4+ CARDDAV_VERSION=4.3.0 CARDDAV_HASH=4ad7df8843951062878b1375f77c614f68bc5c61 @@ -245,10 +245,7 @@ chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite # Create persistent login plugin's database tables -# TODO: use sql from this PR if it gets committed (been waiting 2 -# weeks and counting...): -# https://github.com/mfreiholz/persistent_login/pull/63 -sqlite3 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite < conf/persistent_login-sqlite.sql +sqlite3 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite < ${RCM_PLUGIN_DIR}/persistent_login/sql/sqlite.sql # Enable PHP modules. phpenmod -v php mcrypt imap ldap From 14232464193417a9e9fc6592837681f4e7b0ea5e Mon Sep 17 00:00:00 2001 From: downtownallday Date: Thu, 23 Jun 2022 17:46:50 -0400 Subject: [PATCH 21/21] Better handling of git formatted versions eg "v57a-6-g82599e5" --- tests/lib/installed-state.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/lib/installed-state.sh b/tests/lib/installed-state.sh index 40c8ff8a..83426aa5 100644 --- a/tests/lib/installed-state.sh +++ b/tests/lib/installed-state.sh @@ -12,11 +12,11 @@ parse_miab_version_string() { awk -F- ' /^v[0-9]+\./ { split($1,a,"."); print "MAJOR="substr(a[1],2); print "MINOR="a[2]; print "RELEASE="$2; next } -/^v[0-9]+[a-z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"a"+1; print "RELEASE="; next } +$1 ~ /^v[0-9]+[a-z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"a"+1; print "RELEASE="; next } -/^v[0-9]+[A-Z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"A"+1; print "RELEASE="; next } +$1 ~ /^v[0-9]+[A-Z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"A"+1; print "RELEASE="; next } -/^v[0-9]+$/ { print "MAJOR="substr($1,2); print "MINOR="; print "RELEASE="; next } +$1 ~ /^v[0-9]+$/ { print "MAJOR="substr($1,2); print "MINOR="; print "RELEASE="; next } { exit 1 }' >> "$tmpfile" <<< "$1"