search

nextcloud / passman

🔐 Open source password manager with Nextcloud integration
https://passman.cc
GNU Affero General Public License v3.0
790 stars 108 forks source link

unable to upgrade passman to 2.3.6 from Nextcloud 19.0.1 #663

Closed Githopp192 closed 3 years ago

Githopp192 commented 4 years ago

Steps to reproduce

Upgrade procedure will fail

Expected behaviour

upgrade process should work

Actual behaviour

it is not possible to upgrade from GUI and from CLI CLI message -->

passman new version available: 2.3.6 passman couldn't be updated

Server configuration detail

Operating system: Linux 4.18.0-193.14.2.el8_2.x86_64 #1 SMP Sun Jul 26 03:54:29 UTC 2020 x86_64

Webserver: Apache (fpm-fcgi)

Database: mysql 10.3.17

PHP version:

7.4.10 Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, cgi-fcgi, bcmath, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, gmp, iconv, intl, json, ldap, exif, mysqlnd, PDO, Phar, posix, shmop, SimpleXML, sockets, sodium, sqlite3, sysvmsg, sysvsem, sysvshm, tokenizer, xml, xmlwriter, xsl, mysqli, pdo_mysql, pdo_sqlite, xmlreader, apcu, igbinary, imagick, msgpack, smbclient, zip, memcached, redis, libsmbclient, Zend OPcache

Nextcloud version: 19.0.3 - 19.0.3.1

Updated from an older Nextcloud/ownCloud or fresh install: from 18.0.8

Where did you install Nextcloud from: origin Source (Nextcloud)

Signing status Array ( )
List of activated apps ``` Enabled: - accessibility: 1.5.0 - activity: 2.12.0 - analytics: 2.4.1 - announcementcenter: 3.8.1 - apporder: 0.11.0 - audioplayer: 2.11.2 - audioplayer_editor: 0.2.2 - audioplayer_sonos: 1.1.1 - bookmarks: 3.3.4 - bruteforcesettings: 2.0.1 - calendar: 2.0.4 - circles: 0.19.5 - cloud_federation_api: 1.2.0 - comments: 1.9.0 - contacts: 3.3.0 - contactsinteraction: 1.0.0 - cookbook: 0.7.6 - cospend: 1.0.5 - data_request: 1.6.0 - dav: 1.15.0 - deck: 1.0.5 - dicomviewer: 1.2.2 - documentserver_community: 0.1.7 - drawio: 0.9.7 - event_update_notification: 1.0.2 - extract: 1.2.4 - federatedfilesharing: 1.9.0 - federation: 1.9.0 - files: 1.14.0 - files_3d: 0.3.1 - files_antivirus: 3.0.0 - files_automatedtagging: 1.9.0 - files_downloadactivity: 1.8.0 - files_markdown: 2.3.1 - files_mindmap: 0.0.22 - files_pdfviewer: 1.8.0 - files_photospheres: 1.19.1 - files_rightclick: 0.16.0 - files_sharing: 1.11.0 - files_trashbin: 1.9.0 - files_versions: 1.12.0 - files_videoplayer: 1.8.0 - firstrunwizard: 2.8.0 - flowupload: 1.0.0 - forms: 2.0.4 - gpxedit: 0.0.13 - gpxpod: 4.2.2 - groupfolders: 7.0.0 - impersonate: 1.6.1 - issuetemplate: 0.7.0 - logreader: 2.4.0 - lookup_server_connector: 1.7.0 - maps: 0.1.6 - nextcloud_announcements: 1.8.0 - notes: 3.6.4 - notifications: 2.7.0 - oauth2: 1.7.0 - onlyoffice: 6.0.0 - passman: 2.3.5 - password_policy: 1.9.1 - photos: 1.1.0 - polls: 1.4.3 - privacy: 1.3.0 - provisioning_api: 1.9.0 - quicknotes: 0.6.0 - quota_warning: 1.8.0 - rainloop: 7.0.3 - ransomware_protection: 1.7.0 - recommendations: 0.7.0 - serverinfo: 1.9.0 - settings: 1.1.0 - sharebymail: 1.9.0 - socialsharing_diaspora: 2.1.0 - socialsharing_email: 2.1.0 - socialsharing_facebook: 2.1.0 - socialsharing_twitter: 2.1.0 - spreed: 9.0.4 - support: 1.2.1 - suspicious_login: 3.2.1 - systemtags: 1.9.0 - tasks: 0.13.3 - terms_of_service: 1.5.1 - text: 3.0.1 - theming: 1.10.0 - timemanager: 0.1.4 - twofactor_backupcodes: 1.8.0 - twofactor_totp: 5.0.0 - updatenotification: 1.9.0 - video_converter: 0.1.4 - viewer: 1.3.0 - workflow_ocr: 1.19.0 - workflow_pdf_converter: 1.4.0 - workflow_script: 1.4.0 - workflowengine: 2.1.0 Disabled: - admin_audit - breezedark - dashboard - drop_account - encryption - external - files_accesscontrol - files_external - files_fulltextsearch - fulltextsearch - fulltextsearch_elasticsearch - joplin - jsloader - passwords - registration - richdocuments - socialsharing_googleplus - survey_client - user_ldap - weather ```
Configuration (config/config.php) ``` { "memcache.local": "\\OC\\Memcache\\APCu", "filelocking.enabled": true, "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0, "dbindex": 0, "timeout": 1.5, "password": "***REMOVED SENSITIVE VALUE***" }, "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ ""***REMOVED SENSITIVE VALUE***", ""***REMOVED SENSITIVE VALUE***" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "overwrite.cli.url": "https:\/\/"***REMOVED SENSITIVE VALUE***", "htaccess.RewriteBase": "\/", "overwriteprotocol": "https", "dbtype": "mysql", "version": "19.0.3.1", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "maintenance": false, "theme": "", "loglevel": 0, "updater.release.channel": "stable", "auth.bruteforce.protection.enabled": true, "check_for_working_htaccess": true, "data-fingerprint": ""***REMOVED SENSITIVE VALUE***", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_smtpauthtype": "LOGIN", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpsecure": "tls", "mail_smtpauth": 1, "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": ""***REMOVED SENSITIVE VALUE***", "session_lifetime": 1200, "session_keepalive": false, "logtimezone": ""***REMOVED SENSITIVE VALUE***", "logfile": "\/media\/log\/nextcloud.log", "knowledgebaseenabled": false, "log_rotate_size": "***REMOVED SENSITIVE VALUE***, "mail_sendmailmode": ""***REMOVED SENSITIVE VALUE***", "app_install_overwrite": [ "passman", "dicomviewer", "radio" ] } ```

Are you using external storage, if yes which one: no

Are you using encryption:

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Edg/85.0.564.51

Operating system: Windows 10

Logs

Web server error log ``` ```
Nextcloud log ``` ```
Browser log
--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/93268590-unable-to-upgrade-passman-to-2-3-6-from-nextcloud-19-0-1?utm_campaign=plugin&utm_content=tracker%2F44880056&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F44880056&utm_medium=issues&utm_source=github).
wilya7 commented 4 years ago

I cannot confirm this bug, my update preceded without any problem

Githopp192 commented 4 years ago

you're right .. but the reason for is .. i'm running a OpnSense Firewall and all DNS Requests on .CC Domains will be treated as "suspicious"

--> "GuzzleHttp\Exception\ConnectException: cURL error 6: Could not resolve host: releases.passman.cc (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)"

Proofpoint newly added rules (https://www.proofpoint.com/us/daily-ruleset-update-summary-20200915) -->

alert dns $HOME_NET any -> any any (msg:"ET DNS DNS Query for Suspicious .cz.cc Domain"; 2011374 - ET POLICY HTTP Request to a *.co.cc domain (policy.rules) 2011410 - ET DNS DNS Query for Suspicious .cz.cc Domain (dns.rules)

Also Malwarebytes will block this Domain ! --->

It's possible that Malwarebytes will be able to independently check the site and clear it when they come in tomorrow, so you may want to wait. From the warning you got, it would appear that they have simply blocked all instances of .cc domains due to a high level of malicious behavior by such sites and simply need to check it out.

Githopp192 commented 3 years ago

In the meantime Upgrade was possible (now i'm on NC 19.0.5)

Githopp192 commented 3 years ago

same issue occurred again (on NC 20.0.6, trying to update from 2.3.6 to 2.3.7)

Action interface Port Port Alert

blocked lan 64534 53 ET DNS Query for .cc TLD

binsky08 commented 3 years ago

try to uninstall the app from your NextCloud instance and install it again. Removing the app should not touch its database.

Githopp192 commented 3 years ago

the problem is the OPNSense Firewall, which will block all .CC Domains (reasons you see obove). In the meantime i did temporarely disable this rule and was able to install v.2.3.7.

But there is another issue with the app:

Error passman /appinfo/app.php is not loaded when \OCP\AppFramework\Bootstrap\IBootstrap on the application class is used. Migrate everything from app.php to the Application class.

ScreenShot125

i need to urgently downgrade to 2.3.6 .. the NC-Log will be flooted in a very short time (every second x-messages from this type).

binsky08 commented 3 years ago

No need to downgrade

see #683

Githopp192 commented 3 years ago

yes 👍 .. got it :-)

upgraded again to 2.3.7 and removed app.php.

Now the log is fine.

Thx Timo

Githopp192 commented 3 years ago

but .. the .CC Domains issue remains .. there are many firewall, which block CC-Domains. Maybe you can consider to change your Domain ?

animalillo commented 3 years ago

I don't understand what is the .cc domain thing you are talking about. The app itself shouldn't be making any request to passman.cc and that's the only .cc domain i can think of.

Also I believe that is not a problem related to this project, but something with your specific local configuration.

I'm going to close this issue as the main problem seems to be solved, but if you need any further help, please, feel free to reopen/comment on it.

Githopp192 commented 3 years ago

click on the hompage --> https://apps.nextcloud.com/apps/passman

ScreenShot236

The Top-Level Domain is ".CC".

ScreenShot237

And some pfsense firewalls with IPS (Intrusion Prevention Detection) will block this kind of Domain:

ScreenShot235