From 02544f837c5a88d828ab829bc1b01e193766d469 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 28 Nov 2018 16:16:24 +0100 Subject: [PATCH 1/5] tools_adminpw was still checking the password strength despite --force-password --- src/yunohost/tools.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index 271947b3d..baa614fa5 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -118,7 +118,7 @@ def tools_ldapinit(): return auth -def tools_adminpw(auth, new_password): +def tools_adminpw(auth, new_password, check_strength=True): """ Change admin password @@ -130,7 +130,8 @@ def tools_adminpw(auth, new_password): from yunohost.utils.password import assert_password_is_strong_enough import spwd - assert_password_is_strong_enough("admin", new_password) + if check_strength: + assert_password_is_strong_enough("admin", new_password) new_hash = _hash_user_password(new_password) @@ -416,7 +417,7 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, tools_maindomain(auth, domain) # Change LDAP admin password - tools_adminpw(auth, password) + tools_adminpw(auth, password, check_strength=not force_password) # Enable UPnP silently and reload firewall firewall_upnp('enable', no_refresh=True) From 207c2516b5943019eaf02d51a05ecf82afaefd2d Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 28 Nov 2018 22:01:27 +0000 Subject: [PATCH 2/5] Forgot to get the 'value' key here.. --- src/yunohost/utils/password.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/utils/password.py b/src/yunohost/utils/password.py index 68e51056b..6e8f5ba0a 100644 --- a/src/yunohost/utils/password.py +++ b/src/yunohost/utils/password.py @@ -60,7 +60,7 @@ class PasswordValidator(object): # (or at least that's my understanding -- Alex) settings = json.load(open('/etc/yunohost/settings.json', "r")) setting_key = "security.password." + profile + ".strength" - self.validation_strength = int(settings[setting_key]) + self.validation_strength = int(settings[setting_key]["value"]) except Exception as e: # Fallback to default value if we can't fetch settings for some reason self.validation_strength = 1 From fe0c127aa8107e52bba890e1cb46abe3c7cf8690 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 1 Dec 2018 16:21:59 +0100 Subject: [PATCH 3/5] Log dyndns update only if we really update something (#591) --- src/yunohost/dyndns.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/yunohost/dyndns.py b/src/yunohost/dyndns.py index 3e040d682..dd652119f 100644 --- a/src/yunohost/dyndns.py +++ b/src/yunohost/dyndns.py @@ -206,9 +206,6 @@ def dyndns_update(operation_logger, dyn_host="dyndns.yunohost.org", domain=None, key = keys[0] - operation_logger.related_to.append(('domain', domain)) - operation_logger.start() - # This mean that hmac-md5 is used # (Re?)Trigger the migration to sha256 and return immediately. # The actual update will be done in next run. @@ -258,6 +255,8 @@ def dyndns_update(operation_logger, dyn_host="dyndns.yunohost.org", domain=None, logger.info("No updated needed.") return else: + operation_logger.related_to.append(('domain', domain)) + operation_logger.start() logger.info("Updated needed, going on...") dns_conf = _build_dns_conf(domain) From 65dee220e308a2fad4a65235c6c1ffaebd3761bd Mon Sep 17 00:00:00 2001 From: frju365 Date: Sun, 2 Dec 2018 17:20:03 +0100 Subject: [PATCH 4/5] [fix] Regen nginx conf to be sure it integrates OCSP Stapling (#588) * [fix] Regen nginx conf to be sure it integrates OCSP Stapling * Typo * Regen nginx each time we enable a new cert * add comment about the reason of the PR --- src/yunohost/certificate.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py index 049eeb0f4..0c52f43b1 100644 --- a/src/yunohost/certificate.py +++ b/src/yunohost/certificate.py @@ -803,6 +803,11 @@ def _enable_certificate(domain, new_cert_folder): for service in ("postfix", "dovecot", "metronome"): _run_service_command("restart", service) + if os.path.isfile('/etc/yunohost/installed'): + # regen nginx conf to be sure it integrates OCSP Stapling + # (We don't do this yet if postinstall is not finished yet) + service_regen_conf(names=['nginx']) + _run_service_command("reload", "nginx") From db93aa6d5cded943b3265b77fc8c87a98a137b06 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 2 Dec 2018 16:23:11 +0000 Subject: [PATCH 5/5] Update changelog for 3.3.2 --- debian/changelog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/debian/changelog b/debian/changelog index ca4d8d928..084d7f096 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +yunohost (3.3.2) stable; urgency=low + + * [fix] Regen nginx conf to be sure it integrates OCSP Stapling (#588) + * [fix] Broken new settings and options to control passwords checks / constrains (#589) + * [fix] Log dyndns update only if we really update something (#591) + + -- Alexandre Aubin Sun, 02 Dev 2018 17:23:00 +0000 + +yunohost (3.3.2) stable; urgency=low + + * [fix] Log dyndns update only if we really update something (#591) + * [fix] Broken new settings and options to control passwords checks / constrains (#589) + + -- Alexandre Aubin Sun, 02 Dev 2018 17:17:00 +0000 + yunohost (3.3.1) stable; urgency=low * [fix] Wait for dpkg lock to be free in apt helpers (#571)