Merge branch 'main' into release

Author: jaapmarcus

.drone.yml

@@ -86,6 +86,23 @@ steps:
 trigger:
   event: [ push, pull_request ]
 
+---
+kind: pipeline
+type: docker
+name: Linting
+
+concurrency:
+  limit: 1
+
+steps:
+  - name: shellcheck
+    image: koalaman/shellcheck-alpine
+    commands:
+    - ./test/shellcheck.sh
+
+trigger:
+   event: [ pull_request, push ] 
+
 ---
 kind: signature
-hmac: bca7f80ac6198662bc658235d7345485213847f1c00f027e1439775e02776bc7
+hmac: 48d34d11001c99b470114f50c4284fa107a5e61ad08ada38307493b9e9b2883f

CHANGELOG.md

@@ -1,24 +1,66 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
-## [DEVELOPMENT] - Service release 
+## [1.5.0] - Major Release (Feature / Quality Update)
 
-## Features
+### Breaking changes ###
+- **NOTE:** Changes have been made on how phpmyadmin/phppgadmin config are included in apache2 config. To restore to the old behaviour add `IncludeOptional conf.d/*.inc` below `IncludeOptional conf.d/*.conf` in /etc/apache2/apache2.conf and restart your server. 
+- **NOTE:** Hestia packages for arm64 has been added to atp.hestiacp.com please use the normal install instructions instead! For current ARM installs to enable auto update remove the `#` in /etc/apt/sources.list.d/hestia.list `# deb https://apt.hestiacp.com/ focal main` becomes `deb https://apt.hestiacp.com/ focal main` and then run `apt update && apt upgrade -y` 
+
+### Features
+
+- Add support for Dovecote Sieve #2163 (@gejobj)
+- Improve HELO based system and use RDNS lookup instead our old system
+- Add support for PHP 8.1 #2233 
+- Set default php version for new installs to PHP 8.0 
+- Add support for ARM64 Processors
+- Disable access phpmyadmin/phppgadmin over ip address in Apache2 #2072
+
+### Bugfixes
+
+- Disable /reset/ endpoint when POLICY_SYSTEM_PASSWORD_RESET = no #2167
+- Add rate limit forgot password #2199
+- Prevent SOA count up after v-change-dns-records with no changes are made
+- Fix #1296 Log rotate does not rotate logs any more on Ubuntu 20.04 and Debian 11
+- Run shellcheck to improve code quality 
+- Improve ssh port detection for filemanager. Allowing users to create /etc/ssh/sshd.conf.d/custom.conf with custom port
+- Fix an bug in v-add-letsencrypt-host due to changes of Lets Encrypt causing issues with rate limiting
+- Improve Update process Hestia and allow versions to decide a a rebuild is required
+- Add Download SSL certificate function for self generated ssl certificates #2181
+- Block access to .user.ini for Nginx + Apache2 #2179
+- Add support for download B2 backup to local server to allow for restore #2199
+- Update permissions /var/log/roundcube on older installations #2173
+- Update translations
+- Fix Roundcube permissions
+- Add .webp to list of media formats that can be cached by the browser 
+- Disable  /list/log/auth when in Demo mode
+- Fix #1139 By force rebuilding webmail config files
+- Fix a bug in rebuild mysql database @depca
+- Fix #1239 Bug in basic auth not working properly
+- Add validation for email address before install server for admin account
+- Fix bug in v-change-domain-owner #2210
+- Improve input validation Add / Edit User package and improve reading config files to prevent security issues.
+
+
+### Dependencies
+
+- Update Roundcube to 1.5.0 https://roundcube.net/news/2021/10/18/roundcube-1.5.0-released
+- Update jQuery UI to the last version [CVE-2021-41182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182)
 
 ## [1.4.17] - Service release 
 
 ### Bugfixes
 
 - Fix bug with nginx and phmyadmin not loading
+- Fix #2166 Search function broken 
+- Update Quick installers to the last version
 
 ## [1.4.16] - Service release 
 
 ### Bugfixes
 
 - Fix bug with .json not loading on Apache2 due to rule in /etc/apache2/conf.d/phpmyadmin.conf
 
-### Bugfixes
-
 ## [1.4.15] - Service release 
 
 ## Features

README.md

@@ -2,15 +2,18 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.4.17 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
+**Latest stable release:** Version 1.5.0 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>
 **Forums:** [forum.hestiacp.com](https://forum.hestiacp.com/)<br>
 **Discord:** [Join the discussion](https://discord.gg/nXRUZch)<br />
-<br><br>
-[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ST87LQH2CHGLA)
 <br>
+[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ST87LQH2CHGLA)<br /><br />
+Bitcoin : bc1q48jt5wg5jaj8g9zy7c3j03cv57j2m2u5anlutu<br>
+Ethereum : 0xfF3Dd2c889bd0Ff73d8085B84A314FC7c88e5D51<br>
+Binance: bnb1l4ywvw5ejfmsgjdcx8jn5lxj7zsun8ktfu7rh8<br>
+Smart Chain: 0xfF3Dd2c889bd0Ff73d8085B84A314FC7c88e5D51<br>
 
 **Welcome!**
 ---------------------------- 
@@ -19,22 +22,32 @@ Hestia Control Panel is designed to provide administrators an easy to use web an
 Features and Services
 ----------------------------
 * Apache2 and NGINX with PHP-FPM
-* Multiple PHP versions (5.6 - 8.0, 7.4 as default)
+* Multiple PHP versions (5.6 - 8.1, 8.0 as default)
 * DNS Server (Bind) with clustering capabilities
-* POP/IMAP/SMTP mail services with Anti-Virus, Anti-Spam, and Webmail (ClamAV, SpamAssassin, Roundcube, Rainloop)
+* POP/IMAP/SMTP mail services with Anti-Virus, Anti-Spam, and Webmail (ClamAV, SpamAssassin, Sieve, Roundcube, Rainloop)
 * MariaDB and/or PostgreSQL databases
 * Let's Encrypt SSL support with wildcard certificates
 * Firewall with brute-force attack detection and IP lists (iptables, fail2ban, and ipset).
 
 Supported platforms and operating systems
+========================================================
+
+AMD (x86_64 Intel/AMD)
 ----------------------------
-* **CPU Architecture:** AMD64 (x86_64 Intel/AMD)
 * **Debian:** 11, 10 or 9
 * **Ubuntu:** 20.04 LTS or 18.04 LTS
-* **NOTE:** Hestia Control Panel must be installed on top of a fresh operating system installation to ensure proper functionality.
+
+ARM64 (arm64)
+----------------------------
+* **Debian:** 11, 10
+* **Ubuntu:** 20.04 LTS
+* **NOTE:** ARM 64 bit processors only! ARM 32bit (armhf) is currently not supported!
 
 Installing Hestia Control Panel
 ============================
+
+* **NOTE:** Hestia Control Panel must be installed on top of a fresh operating system installation to ensure proper functionality.
+
 While we have taken every effort to make the installation process and the control panel interface as friendly as possible (even for new users), it is assumed that you will have some prior knowledge and understanding in the basics how to set up a Linux server before continuing.
 
 ## Step 1: Log in

bin/v-acknowledge-user-notification

@@ -17,12 +17,12 @@ user=$1
 id=$2
 
 # Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
 # shellcheck source=/usr/local/hestia/func/main.sh
 source $HESTIA/func/main.sh
-# shellcheck source=/usr/local/hestia/conf/hestia.conf
-source $HESTIA/conf/hestia.conf
-
-
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#

bin/v-add-backup-host

@@ -22,10 +22,13 @@ path=${5-/backup}
 port=$6
 
 # Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
 # shellcheck source=/usr/local/hestia/func/main.sh
 source $HESTIA/func/main.sh
-# shellcheck source=/usr/local/hestia/conf/hestia.conf
-source $HESTIA/conf/hestia.conf
+
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
 
 # Paths
 b2cli="/usr/local/bin/b2"
@@ -103,11 +106,14 @@ EOF
 
 if [ "$type" != 'local' ];then
     check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
-    is_format_valid 'user' 'host' 'path' 'port'
+    is_format_valid 'host' 'path' 'port'
+    is_username_format_valid "$username" "username"
     is_password_valid
+    format_no_quotes "$password" "password"
+    
     if [ "$type" = 'sftp' ]; then
         which expect >/dev/null 2>&1
-        check_result $? "expect command not found"  $E_NOTEXIST
+        check_result $? "expect command not found"  "$E_NOTEXIST"
     fi
     if [ "$type" != 'b2' ]; then
         if ! (is_ip_format_valid "$host" >/dev/null); then
@@ -132,10 +138,10 @@ if [ "$type" = 'ftp' ]; then
     fconn=$(ftpc 2>&1)
     ferror=$(echo $fconn |\
         grep -i -e failed -e error -e "can't" -e "not conn" -e "incorrect")
-    if [ ! -z "$ferror" ]; then
+    if [ -n "$ferror" ]; then
         echo "Error: can't login to ftp $user@$host"
         log_event "$E_CONNECT" "$ARGUMENTS"
-        exit $E_CONNECT
+        exit "$E_CONNECT"
     fi
 
     # Checking write permissions
@@ -146,12 +152,12 @@ if [ "$type" = 'ftp' ]; then
         ftmpdir="$path/vst.bK76A9SUkt"
     fi
     ftp_result=$(ftpc "mkdir $ftmpdir" "rm $ftmpdir"|grep -v Trying)
-    if [ ! -z "$ftp_result" ] ; then
+    if [ -n "$ftp_result" ] ; then
         echo "$ftp_result"
         rm -rf $tmpdir
         echo "Error: can't create $ftmpdir folder on the ftp"
         log_event "$E_FTP" "$ARGUMENTS"
-        exit $E_FTP
+        exit "$E_FTP"
     fi
 fi
 
@@ -202,7 +208,7 @@ if [ "$type" = 'b2' ]; then
 
     b2 clear-account > /dev/null 2>&1
     b2 authorize-account "$user" "$raw_password"> /dev/null 2>&1
-    b2 ls --long $host $user > /dev/null 2>&1
+    b2 ls --long "$host" "$user" > /dev/null 2>&1
 
     if [ $? -ne 0 ]; then
         check_result "$E_CONNECT" "b2 failed to verify connection"

bin/v-add-cron-hestia-autoupdate

@@ -15,10 +15,12 @@ user=admin
 mode=$1
 
 # Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
 # shellcheck source=/usr/local/hestia/func/main.sh
 source $HESTIA/func/main.sh
-# shellcheck source=/usr/local/hestia/conf/hestia.conf
-source $HESTIA/conf/hestia.conf
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
 
 
 #----------------------------------------------------------#
@@ -30,7 +32,7 @@ is_package_full 'CRON_JOBS'
 get_next_cronjob
 check_cron_apt=$(grep 'v-update-sys-hestia-all' $USER_DATA/cron.conf)
 check_cron_git=$(grep 'v-update-sys-hestia-git' $USER_DATA/cron.conf)
-if [ ! -z "$check_cron_apt" ] || [ ! -z "$check_cron_git" ]; then
+if [ -n "$check_cron_apt" ] || [ -n "$check_cron_git" ]; then
     exit
 fi
 
@@ -87,7 +89,7 @@ sync_cron_jobs
 #----------------------------------------------------------#
 
 # Increasing cron value
-increase_user_value $user '$U_CRON_JOBS'
+increase_user_value "$user" '$U_CRON_JOBS'
 
 # Restarting crond
 $BIN/v-restart-cron

bin/v-add-cron-job

@@ -25,10 +25,12 @@ job=$8
 restart=$9
 
 # Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
 # shellcheck source=/usr/local/hestia/func/main.sh
 source $HESTIA/func/main.sh
-# shellcheck source=/usr/local/hestia/conf/hestia.conf
-source $HESTIA/conf/hestia.conf
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
 
 HIDE=7
 
@@ -84,7 +86,7 @@ sync_cron_jobs
 increase_user_value $user '$U_CRON_JOBS'
 
 # Restarting crond
-$BIN/v-restart-cron $restart
+$BIN/v-restart-cron "$restart"
 check_result $? "Cron restart failed" >/dev/null
 
 # Logging

bin/v-add-cron-letsencrypt-job

@@ -11,10 +11,12 @@
 #----------------------------------------------------------#
 
 # Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
 # shellcheck source=/usr/local/hestia/func/main.sh
 source $HESTIA/func/main.sh
-# shellcheck source=/usr/local/hestia/conf/hestia.conf
-source $HESTIA/conf/hestia.conf
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
 
 
 #----------------------------------------------------------#
@@ -33,7 +35,7 @@ check_hestia_demo_mode
 # Add cron job
 cmd="sudo $HESTIA/bin/v-update-sys-queue letsencrypt"
 check_cron=$(grep "$cmd" $HESTIA/data/users/admin/cron.conf 2> /dev/null)
-if [ -z "$check_cron" ] && [ ! -z "$CRON_SYSTEM" ]; then
+if [ -z "$check_cron" ] && [ -n "$CRON_SYSTEM" ]; then
     $BIN/v-add-cron-job admin '*/5' '*' '*' '*' '*' "$cmd"
 fi
 

bin/v-add-cron-reports

@@ -17,10 +17,12 @@
 user=$1
 
 # Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
 # shellcheck source=/usr/local/hestia/func/main.sh
 source $HESTIA/func/main.sh
-# shellcheck source=/usr/local/hestia/conf/hestia.conf
-source $HESTIA/conf/hestia.conf
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
 
 
 #----------------------------------------------------------#

bin/v-add-cron-restart-job

@@ -11,10 +11,12 @@
 #----------------------------------------------------------#
 
 # Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
 # shellcheck source=/usr/local/hestia/func/main.sh
 source $HESTIA/func/main.sh
-# shellcheck source=/usr/local/hestia/conf/hestia.conf
-source $HESTIA/conf/hestia.conf
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
 
 
 #----------------------------------------------------------#
@@ -33,7 +35,7 @@ check_hestia_demo_mode
 # Add cron job
 cmd="sudo $HESTIA/bin/v-update-sys-queue restart"
 check_cron=$(grep "$cmd" $HESTIA/data/users/admin/cron.conf 2> /dev/null)
-if [ -z "$check_cron" ] && [ ! -z "$CRON_SYSTEM" ]; then
+if [ -z "$check_cron" ] && [ -n "$CRON_SYSTEM" ]; then
     $BIN/v-add-cron-job admin '*' '*' '*' '*' '*' "$cmd"
 fi