Fixed merge

Author: ms217

.gitignore

@@ -58,3 +58,9 @@ Temporary Items
 
 # Visual Studio IDE cache/options directory
 .vs/
+
+# do not version control generated config files
+/server/lib/mysql_clientdb.conf
+/server/lib/config.inc.php
+/server/lib/config.inc.local.php
+/interface/lib/config.inc.local.php

CONTRIBUTING.md

@@ -9,6 +9,7 @@ Please do not refactor existing code and do not change the signature or the beha
 * Before opening a new issue, use the search function to check if there isn't a bug report / feature request already.
 * If you are reporting a bug, please share your OS and PHP (CLI) version.
 * If you want to report several bugs or request several features, open a separate issue for each one of them.
+* Do note re-open issues that were closed by the core dev team unless something new and important that is not mentioned in the original issue needs to be added. Permanently re-opening issues that we commented on and closed will get your account banned. You may add comments to issues without re-opening them though.
 
 # Branches
 * If you are a new user, please send an email to: dev [at] ispconfig [dot] org to receive rights to fork the project.

install/dist/conf/gentoo.conf.php

@@ -1,7 +1,7 @@
 <?php
 
 /*
-Copyright (c) 2007, Till Brehm, projektfarm Gmbh
+Copyright (c) 2025, Till Brehm, projektfarm Gmbh
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -43,6 +43,7 @@
 $conf['runlevel'] = '/etc';
 $conf['shells'] = '/etc/shells';
 $conf['pam'] = '/etc/pam.d';
+$conf['default_php'] = "8.2";
 
 //* Services provided by this server, this selection will be overridden by the expert mode
 $conf['services']['mail'] = true;
@@ -91,8 +92,8 @@
 $conf['apache']['vhost_conf_enabled_dir'] = $conf['apache']['vhost_conf_dir'];
 $conf['apache']['vhost_default'] = '00_default_vhost.conf';
 $conf['apache']['vhost_port'] = '8080';
-$conf['apache']['php_ini_path_apache'] = '/etc/php/apache2-php7.4/php.ini';
-$conf['apache']['php_ini_path_cgi'] = '/etc/php/cgi-php7.4/php.ini';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/apache2-php8.2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/cgi-php8.2/php.ini';
 
 //* Website base settings
 $conf['web']['website_basedir'] = '/var/www';
@@ -113,7 +114,7 @@
 $conf['awstats']['buildstaticpages_pl'] = '/usr/bin/awstats_buildstaticpages.pl';
 
 //* Fastcgi
-$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/cgi-php7.4';
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/cgi-php8.2';
 $conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
 $conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
 
@@ -167,6 +168,7 @@
 //* Amavisd
 $conf['amavis']['installed'] = false; // will be detected automatically during installation
 $conf['amavis']['config_file'] = '/etc/amavisd.conf';
+$conf['amavis']['config_dir'] = '/etc';
 $conf['amavis']['init_script'] = 'amavisd';
 
 //* Rspamd
@@ -245,7 +247,7 @@
 $conf['vlogger']['config_dir'] = '/etc/vlogger';
 
 //* cron
-$conf['cron']['init_script'] = 'vixie-cron';
+$conf['cron']['init_script'] = 'cronie';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
 $conf['cron']['group'] = 'cron';
 $conf['cron']['wget'] = '/usr/bin/wget';
@@ -259,3 +261,4 @@
 
 
 ?>
+

install/dist/lib/gentoo.lib.php

@@ -427,15 +427,15 @@ public function configure_dovecot() {
 		foreach ($options as $value) {
 			$value = trim($value);
 			if ($value == '') continue;
-			if (preg_match("|check_recipient_access\s+proxy:mysql:${quoted_config_dir}/mysql-verify_recipients.cf|", $value)) {
+      if (preg_match("|check_recipient_access\s+proxy:mysql:{$quoted_config_dir}/mysql-verify_recipients.cf|", $value)) {
 				continue;
 			}
 			$new_options[] = $value;
 		}
-		if ($configure_lmtp && $conf['mail']['content_filter'] === 'amavisd') {
+    if ($configure_lmtp && (!isset($conf['mail']['content_filter']) || $conf['mail']['content_filter'] === 'amavisd')) {
 			for ($i = 0; isset($new_options[$i]); $i++) {
 				if ($new_options[$i] == 'reject_unlisted_recipient') {
-					array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${config_dir}/mysql-verify_recipients.cf"));
+          array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:{$config_dir}/mysql-verify_recipients.cf"));
 					break;
 				}
 			}
@@ -502,20 +502,26 @@ public function configure_dovecot() {
 
 				// Check if we have a dhparams file and if not, create it
 				if(!file_exists('/etc/dovecot/dh.pem')) {
-					swriteln('Creating new DHParams file, this takes several minutes. Do not interrupt the script.');
+					// Create symlink to ISPConfig dhparam file
+					swriteln('Creating symlink /etc/dovecot/dh.pem to ISPConfig DHParam file.');
+					symlink('/usr/local/ispconfig/interface/ssl/dhparam4096.pem', '/etc/dovecot/dh.pem');
+          
+          /*
+          swriteln('Creating new DHParams file, this takes several minutes. Do not interrupt the script.');
 					if(file_exists('/var/lib/dovecot/ssl-parameters.dat')) {
 						// convert existing ssl parameters file
 						$command = 'dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem';
 						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 					} else {
-						/*
-						   Create a new dhparams file. We use 2048 bit only as it simply takes too long
-						   on smaller systems to generate a 4096 bit dh file (> 30 minutes). If you need
-						   a 4096 bit file, create it manually before you install ISPConfig
-						*/
+						
+						   //Create a new dhparams file. We use 2048 bit only as it simply takes too long
+						   //on smaller systems to generate a 4096 bit dh file (> 30 minutes). If you need
+						  // a 4096 bit file, create it manually before you install ISPConfig
+						
 						$command = 'openssl dhparam -out /etc/dovecot/dh.pem 2048';
 						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 					}
+          */
 				}
 				//remove #2.3+ comment
 				$content = file_get_contents($config_dir.'/'.$configfile);

install/dist/tpl/gentoo/amavisd-ispconfig.conf.master

@@ -105,6 +105,9 @@ $policy_bank{'ORIGINATING'} = {
   originating => 1,
   smtpd_discard_ehlo_keywords => ['8BITMIME'],
 };
+$policy_bank{'MYNETS'} = {
+  originating => 1,
+};
 
 # IP-Addresses for internal networks => load policy MYNETS
 # - requires -o smtp_send_xforward_command=yes in postfix master.cf

install/install.php

@@ -85,8 +85,6 @@
 	chdir( realpath(dirname(__FILE__)) );
 }
 
-//** Install logfile
-define('ISPC_LOG_FILE', '/var/log/ispconfig_install.log');
 define('ISPC_INSTALL_ROOT', realpath(dirname(__FILE__).'/../'));
 
 //** Include the templating lib
@@ -156,10 +154,15 @@
 swriteln($inst->lng('    Tap in "quit" (without the quotes) to stop the installer.'."\n\n"));
 
 //** Check log file is writable (probably not root or sudo)
-if(!is_writable(dirname(ISPC_LOG_FILE))){
-	die("ERROR: Cannot write to the ".dirname(ISPC_LOG_FILE)." directory. Are you root or sudo ?\n\n");
+if(!is_writable(dirname($conf['ispconfig_log_dir']))){
+	die("ERROR: Cannot write to the ".$conf['ispconfig_log_dir']." directory. Are you root or sudo ?\n\n");
 }
 
+if(!is_dir($conf['ispconfig_log_dir'])) {
+	mkdir($conf['ispconfig_log_dir'], 0755, true);
+}
+define('ISPC_LOG_FILE', $conf['ispconfig_log_dir'] . '/install.log');
+
 //** Check for ISPConfig 2.x versions
 if(is_dir('/root/ispconfig') || is_dir('/home/admispconfig')) {
 	if(is_dir('/home/admispconfig')) {

install/lib/installer_base.lib.php

@@ -1072,6 +1072,7 @@ public function remove_postfix_service( $service, $type ) {
 
 			# reduce 3 or more newlines to 2
 			$content = rf($conf['postfix']['config_dir'].'/master.cf');
+			$content = preg_replace( '/^# Data returning from Amavis .*$/m', '', $content );  # Cleanup comment we generated
 			$content = preg_replace( '/(\r?\n){3,}/', '$1$1', $content );
 			wf( $conf['postfix']['config_dir'].'/master.cf', $content );
 
@@ -2618,24 +2619,25 @@ public function configure_bastille_firewall() {
 
 		$row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
 
+		$tcp_public_services = '21 22 25 53 80 110 143 443 3306 8080 10000';
+		$udp_public_services = '53';
+
 		if (!empty($row)) {
 			if(trim($row['tcp_port']) != '' || trim($row['udp_port']) != '') {
 				$tcp_public_services = trim(str_replace(',', ' ', $row['tcp_port']));
 				$udp_public_services = trim(str_replace(',', ' ', $row['udp_port']));
-			} else {
-				$tcp_public_services = '21 22 25 53 80 110 143 443 3306 8080 10000';
-				$udp_public_services = '53';
 			}
 
 			if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
 				$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
 				if($row['tcp_port'] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
 			}
 
-			$content = str_replace('{TCP_PUBLIC_SERVICES}', $tcp_public_services, $content);
-			$content = str_replace('{UDP_PUBLIC_SERVICES}', $udp_public_services, $content);
 		}
 
+		$content = str_replace('{TCP_PUBLIC_SERVICES}', $tcp_public_services, $content);
+		$content = str_replace('{UDP_PUBLIC_SERVICES}', $udp_public_services, $content);
+
 		wf('/etc/Bastille/bastille-firewall.cfg', $content);
 
 		if(is_file($dist_init_scripts.'/bastille-firewall')) caselog('mv -f '.$dist_init_scripts.'/bastille-firewall '.$dist_init_scripts.'/bastille-firewall.backup', __FILE__, __LINE__);
@@ -2788,6 +2790,11 @@ public function configure_apps_vhost() {
 			$apps_vhost_group = escapeshellcmd($conf['web']['apps_vhost_group']);
 			$install_dir = escapeshellcmd($conf['web']['website_basedir'].'/apps');
 
+			//* Get the apps vhost port
+			if($this->is_update == true) {
+				$conf['web']['apps_vhost_port'] = get_apps_vhost_port_number();
+			}
+
 			$command = 'groupadd '.$apps_vhost_user;
 			if(!is_group($apps_vhost_group)) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 

install/sql/ispconfig3.sql

@@ -1949,6 +1949,7 @@ CREATE TABLE IF NOT EXISTS `web_database_user` (
   `database_user` varchar(64) DEFAULT NULL,
   `database_user_prefix` varchar(50) NOT NULL default '',
   `database_password` varchar(64) DEFAULT NULL,
+  `database_password_sha2` varchar(70) DEFAULT NULL,
   `database_password_mongo` varchar(32) DEFAULT NULL,
   PRIMARY KEY (`database_user_id`)
 )  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

install/tpl/amavisd_user_config.master

@@ -85,6 +85,9 @@ $interface_policy{'10026'} = 'ORIGINATING';
 $policy_bank{'ORIGINATING'} = {
   originating => 1,
 };
+$policy_bank{'MYNETS'} = {
+  originating => 1,
+};
 
 # IP-Addresses for internal networks => load policy MYNETS
 # - requires -o smtp_send_xforward_command=yes in postfix master.cf

install/tpl/debian_postfix.conf.master

@@ -26,10 +26,10 @@ relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
 smtpd_helo_required = yes
-smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo{reject_unknown_helo_hostname}, permit
 smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
 smtpd_reject_unlisted_sender = no
-smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining{reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100