Staging/1.5.14 (hestiacp#2572)

jaapmarcus · web-flow · commit 74b223432928 · 2022-05-03T10:51:54.000+02:00
* Update changelog with correct CVE number * Add check for adding / changing mx record (hestiacp#2559) * Add check for adding / changing mx record * Fix issue with TXT > 255 chars * Change vars * Add tests for login actions * Update version and changelog * Skip 2 tests that have not been implemented yet
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 All notable changes to this project will be documented in this file.
 
 
+## [1.5.14] - Service release
+
+### Bugfixes
+
+- Fixed an issue with login with ipv6 (#2564)
+- Fixed an issue with dns records containing an . (#2559)
+
 ## [1.5.13] - Service release
 
 ### Bugfixes
@@ -12,7 +19,7 @@ All notable changes to this project will be documented in this file.
 
 ### Bugfixes
 
-- Fixed vulnerability with Sed [CVE-2022-XXXX](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-XXXX)
+- Fixed vulnerability with Sed [CVE-2022-1509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1509)
 - Remove localhost exception for invalidating sessions [SSD disclosure](https://ssd-disclosure.com/ssd-advisory-vestacp-multiple-vulnerabilities/)
 
 ## [1.5.11] - Service release
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.5.12 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
+**Latest stable release:** Version 1.5.14 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>
diff --git a/bin/v-change-dns-record b/bin/v-change-dns-record
@@ -16,7 +16,7 @@ domain=$2
 domain_idn=$2
 id=$3
 record=$4
-type=$5
+rtype=$5
 dvalue=$(idn -t --quiet -u "$6" )
 priority=$7
 restart=$8
@@ -42,7 +42,7 @@ format_domain_idn
 #----------------------------------------------------------#
 
 check_args '6' "$#" 'USER DOMAIN ID RECORD TYPE VALUE [PRIORITY] [RESTART] [TTL]'
-is_format_valid 'user' 'domain' 'id' 'record' 'type' 'dvalue'
+is_format_valid 'user' 'domain' 'id' 'record'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
@@ -66,31 +66,47 @@ unset TTL
 line=$(grep "ID='$id'" $USER_DATA/dns/$domain.conf)
 parse_object_kv_list "$line"
 
-if [ -z "$type" ]; then
-    type=$TYPE
+if [ -z "$rtype" ]; then
+    rtype=$TYPE
+fi
+
+if [ -z "$priority" ]; then
+    priority=$PRIORITY
 fi
 
 # Null priority for none MX/SRV records
-if [ "$type" != 'MX' ] && [ "$TYPE" != 'SRV' ]; then
+if [ "$rtype" != 'MX' ] && [ "$rtype" != 'SRV' ]; then
     priority=''
 fi
 
 # Add trailing dot at the end of NS/CNAME/MX/PTR/SRV record
-if [[ $type =~ NS|CNAME|MX|PTR|SRV ]]; then
+if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
     trailing_dot=$(echo "$dvalue" | grep "\.$")
     if [ -z "$trailing_dot" ]; then
         dvalue="$dvalue."
     fi
 fi
 
+if [ "$rtype" != "CAA" ]; then
+    dvalue=${dvalue//\"/}
+
+    if [ "$rtype" != 'SRV' ] && [[ "$dvalue" =~ [\;[:space:]] ]]; then
+        dvalue='"'"$dvalue"'"'
+    fi
+fi
+
+
+#RTYPE wasn't checked make sure to do it now correctly 
+is_format_valid 'user' 'domain' 'id' 'record' 'rtype' 'dvalue'
+
 # Additional verifications
 is_dns_fqnd "$TYPE" "$dvalue"
 is_dns_nameserver_valid "$domain" "$TYPE" "$dvalue"
 
-if [[ "$RECORD" == "$record" ]] && [[ "$TYPE" == "$type" ]] && [[ "$PRIORITY" -eq "$priority" ]] \
+if [[ "$RECORD" == "$record" ]] && [[ "$TYPE" == "$rtype" ]] && [[ "$PRIORITY" -eq "$priority" ]] \
         && [[ "$VALUE" == "$dvalue" ]] && [[ "$SUSPENDED" == 'no' ]] && [[ "$TTL" -eq "$ttl" ]]; then
     echo "No pending changes in DNS entry."
-    exit "$E_EXSIST"
+    exit "$E_EXISTS"
 fi
 
 # Generating timestamp
@@ -99,7 +115,7 @@ time=$(echo "$time_n_date" |cut -f 1 -d \ )
 date=$(echo "$time_n_date" |cut -f 2 -d \ )
 
 # Adding record
-dns_rec="ID='$id' RECORD='$record' TYPE='$type' PRIORITY='$priority'"
+dns_rec="ID='$id' RECORD='$record' TYPE='$rtype' PRIORITY='$priority'"
 dns_rec="$dns_rec VALUE='$dvalue' SUSPENDED='no' TIME='$time' DATE='$date'"
 [ -n "$ttl" ] && dns_rec="$dns_rec TTL='$ttl'"
 # Deleting old record
@@ -135,7 +151,7 @@ $BIN/v-restart-dns "$restart"
 check_result $? "DNS restart failed" >/dev/null
 
 # Logging
-$BIN/v-log-action "$user" "Info" "DNS" "DNS record value changed (Type: $type, Record: $record, Value: $dvalue, Domain: $domain)."
+$BIN/v-log-action "$user" "Info" "DNS" "DNS record value changed (Type: $rtype, Record: $record, Value: $dvalue, Domain: $domain)."
 log_event "$OK" "$ARGUMENTS"
 
 exit
diff --git a/bin/v-check-user-hash b/bin/v-check-user-hash
@@ -13,7 +13,7 @@
 # Argument definition
 user=$1
 hash=$2; HIDE=2
-ip=${3-127.0.0.1}
+ip46=${3-127.0.0.1}
 
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf
@@ -32,7 +32,7 @@ date=$(echo "$time_n_date" |cut -f 2 -d \ )
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER HASH'
-is_format_valid 'user'
+is_format_valid 'user' 'ip46'
 
 # Checking user
 if [ ! -d "$HESTIA/data/users/$user" ] && [ "$user" != 'root' ]; then
@@ -47,7 +47,7 @@ is_hash_valid
 # Checking empty hash
 if [[ -z "$hash" ]]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -68,7 +68,7 @@ then
         method='sha-512'
     else
         echo "Error: password missmatch"
-        echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+        echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
         exit 9
     fi
 else
@@ -79,14 +79,14 @@ fi
 # Checking salt
 if [ -z "$salt" ]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
 # Comparing hashes
 if [[ "$shadow" != "$hash" ]]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -95,6 +95,6 @@ fi
 #----------------------------------------------------------#
 
 # Logging
-echo "$date $time $user $ip successfully logged in" >> $HESTIA/log/auth.log
+echo "$date $time $user $ip46 successfully logged in" >> $HESTIA/log/auth.log
 
 exit
diff --git a/bin/v-check-user-password b/bin/v-check-user-password
@@ -13,7 +13,8 @@
 # Argument definition
 user=$1
 password=$2; HIDE=2
-ip=${3-127.0.0.1}
+ip46=${3-127.0.0.1}
+return_hash=${4-no}
 
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf
@@ -31,23 +32,20 @@ date=$(echo "$time_n_date" |cut -f 2 -d \ )
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER PASSWORD'
-is_format_valid 'user'
+check_args '2' "$#" 'USER PASSWORD [ip] [RETURN_HASH]'
+is_format_valid 'user' 'password' 'ip46'
 
 # Checking user
 if [ ! -d "$HESTIA/data/users/$user" ] && [ "$user" != 'root' ]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
-# Checking user password
-is_password_valid
-
 # Checking empty password
 if [[ -z "$password" ]]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -71,7 +69,7 @@ then
         method='sha-512'
     else
         echo "Error: password missmatch"
-        echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+        echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
         exit 9
     fi
 else
@@ -81,7 +79,7 @@ fi
 
 if [ -z "$salt" ]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -98,7 +96,7 @@ fi
 result=$(grep "^$user:$hash:" /etc/shadow 2>/dev/null)
 if [[ -z "$result" ]]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -107,6 +105,6 @@ fi
 #----------------------------------------------------------#
 
 # Logging
-echo "$date $time $user $ip successfully logged in" >> $HESTIA/log/auth.log
+echo "$date $time $user $ip46 successfully logged in" >> $HESTIA/log/auth.log
 
 exit
diff --git a/bin/v-get-user-salt b/bin/v-get-user-salt
@@ -12,7 +12,7 @@
 
 # Argument definition
 user=$1
-ip=${2-127.0.0.1}
+ip46=${2-127.0.0.1}
 format=${3-shell}
 
 # Includes
@@ -63,13 +63,13 @@ csv_list() {
 #----------------------------------------------------------#
 
 
-check_args '1' "$#" 'USER [IP] [SALT]'
-is_format_valid 'user' 'ip'
+check_args '1' "$#" 'USER [IP] [FORMAT]'
+is_format_valid 'user' 'ip46'
 
 # Checking user
 if [ ! -d "$HESTIA/data/users/$user" ]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -90,12 +90,12 @@ then
         method='sha-512'
     else
         echo "Error: password missmatch"
-        echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+        echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
         exit 9
     fi
 elif [[ "$shadow" =~ ! ]]; then 
     echo "Error: Account has been suspended"
-    echo "$date $time $user $ip has been suspended" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 has been suspended" >> $HESTIA/log/auth.log
     exit 5
 else
     salt=${shadow:0:2}
@@ -104,7 +104,7 @@ fi
 
 if [ -z "$salt" ]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
diff --git a/func/domain.sh b/func/domain.sh
@@ -512,9 +512,22 @@ update_domain_zone() {
         if [ "$TYPE" = 'CNAME' ] || [ "$TYPE" = 'MX' ]; then
             VALUE=$(idn --quiet -a -t "$VALUE")
         fi
-
-        if [ "$TYPE" = 'TXT' ] && [[ ${VALUE:0:1} != '"' ]]; then
-            VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
+        
+        if [ "$TYPE" = 'TXT' ]; then
+            txtlength=${#VALUE}
+            if [ $txtlength -gt 255 ]; then
+                already_chunked=0
+                if [[ $VALUE == *"\" \""* ]] || [[ $VALUE == *"\"\""* ]]; then
+                    already_chunked=1
+                fi
+                if [ $already_chunked -eq 0 ]; then
+                    if [[ ${VALUE:0:1} = '"' ]]; then
+                        txtlength=$(( $txtlength - 2 ))
+                        VALUE=${VALUE:1:txtlength}
+                    fi
+                    VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
+                fi
+            fi
         fi
 
         if [ "$SUSPENDED" != 'yes' ]; then
diff --git a/func/main.sh b/func/main.sh
@@ -876,7 +876,7 @@ is_common_format_valid() {
 }
 
 is_no_new_line_format() {
-    test=$(echo $1 | sed -e 's/\.*$//g' -e 's/^\.*//g');
+    test=$(echo $1 | head -n1 );
     if [[ "$test" != "$1" ]]; then
       check_result "$E_INVALID" "invalid value :: $1"
     fi
diff --git a/install/hst-install-debian.sh b/install/hst-install-debian.sh
@@ -31,7 +31,7 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.5.13'
+HESTIA_INSTALL_VER='1.5.14'
 # Dependencies
 pma_v='5.1.3'
 rc_v="1.5.2"
diff --git a/install/hst-install-ubuntu.sh b/install/hst-install-ubuntu.sh
@@ -31,7 +31,7 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.5.13'
+HESTIA_INSTALL_VER='1.5.14'
 # Dependencies
 pma_v='5.1.3'
 rc_v="1.5.2"
diff --git a/src/deb/hestia/control b/src/deb/hestia/control
@@ -1,7 +1,7 @@
 Source: hestia
 Package: hestia
 Priority: optional
-Version: 1.5.13
+Version: 1.5.14
 Section: admin
 Maintainer: HestiaCP <info@hestiacp.com>
 Homepage: https://www.hestiacp.com
diff --git a/test/checks.bats b/test/checks.bats
diff --git a/test/test.bats b/test/test.bats

Original file line number	Diff line number	Diff line change
`@@ -876,7 +876,7 @@ is_common_format_valid() {`
`876`	`876`	`}`
`877`	`877`
`878`	`878`	`is_no_new_line_format() {`
`879`		`- test=$(echo $1 \| sed -e 's/\.$//g' -e 's/^\.//g');`
	`879`	`+ test=$(echo $1 \| head -n1 );`
`880`	`880`	`if [[ "$test" != "$1" ]]; then`
`881`	`881`	`check_result "$E_INVALID" "invalid value :: $1"`
`882`	`882`	`fi`