Version 1.656

Released: 2023-11-13

Tools for removing old libraries from /usr/local custombuild new

Older CustomBuild versions used to build and install various libraries in /usr/local directory. Later CustomBuild versions switched to using packages provided by the system. Old libraries in /usr/local were never explicitly removed, this can cause compilation and runtime problems because libraries in /usr/local/lib and includes from /usr/local/include is preferred over the system libraries.

With this release new commands are added to CustomBuild to help clean up old files:

  • da build list_removals will detect no longer used libraries in /usr/local and report them as potential software removal actions.
  • da build remove_old_local {library_name} - new command to remove a single package from /usr/local. All removed files are backed-up in case old library removal causes any problems.
  • da build restore_old_local {library_name) - new command for restoring previously removed package back to /usr/local directory.

Removing most libraries are relatively safe. Once the custom library is removed all other libraries or software that was using it will start using default system library instead without rebuilding or re-installing.

List of old packages that can be detected and removed:

  • icu
  • freetype
  • libglib
  • libiconv
  • libjpeg
  • libltdl
  • libmcrypt
  • libmhash
  • libpcre
  • libpcre2
  • libpng
  • libwebp
  • libsodium
  • libspf2
  • libsrs_alt
  • libxml2
  • libxslt
  • libzip
  • ragel


Library libiconv is a special exception. There is no system library for libiconv because all its functionality is embedded in the modern libc library. This means that any library or binary linked against libiconv needs to be rebuilt to remove the no longer necessary link against external library and start relying on the built-in functionality.

After local version of libiconv is removed from /usr/local all CustomBuild managed software needs to be rebuilt using command da build all.

Admin SSL option: admin_ssl_check_expiry_offset new

Should the server have this option enabled:


the new variable admin_ssl_check_expiry_offset (defaults to 0), allows for the admin to re-define the expired time to be early so that the certs can be tried before they actually expire, which is more useful than waiting until after. For example, if you want the admin_ssl_replace_all_expired_invalid option to request a new certificate one week before it expires, use:

da config-set admin_ssl_check_expiry_offset 7

which is in days before expiry.

The typical renew time for a LetsEncrypt/ZeroSSL cert is 30 days before expiry, so this option would be for cases where that had failed or the cert needs to get back onto a renewal schedule for some other reason.

Software version changes custombuild improved

  • phalcon5 updated from 5.3.1 to 5.4.0
  • roundcubemail updated from 1.6.4 to 1.6.5
  • wp-cli updated from 2.8.1 to 2.9.0
  • mod_lsapi updated from 1.1-68 to 1.1-71
  • proftpd updated from 1.3.8 to 1.3.8a
  • redis updated from 7.2.2 to 7.2.3
  • PHP 8.1 updated from 8.1.24 to 8.1.25
  • PHP 8.2 updated from 8.2.11 to 8.2.12
  • exim updated from 4.96.2-12-g29d01ae2a to 4.97
  • PHP 5.3 removed
  • PHP 5.4 removed
  • PHP 5.5 removed

PHP compile script update custombuild improved

PHP compile script is updated to always perform clean build in a new directory. This makes sure previous PHP compilation failures will not interfere with new PHP build.

Compile script is also simplified by removing all special treatment for old libraries in /usr/local directory.

ProFTPD compile script update custombuild improved

Compilation script of ProFTPD is updated:

  • Sources will be downloaded directly from upstream, this allows using any supported version without waiting for it to be published to our files server.
  • Version is updated with a minor release to 1.3.8a.
  • Source archive will be cached and will not be re-downloaded when recompiling.
  • Support for ClamAV integration will be compiled into ProFTPD statically instead of loaded as dynamic module.
  • Configuration for ClamAV integration will be inside main /etc/proftpd.conf file. File /etc/proftpd.clamav.conf will no longer be used.
  • Compile script is updated to harden the final binary by stripping debug symbols, adding stack-protection, enabling full RELRO support, enabling FORTIFY_SOURCE compile time protection.

Admin SSL UI evolution improved

Updated Admin SSL UI:

  • Added Expiry as a column to the table.
  • Added Expiry into the list of possible filters, allowing to filter domains by certificate expiration date.
  • Added Valid as a filter.
  • Fixed issue with Issuer filtering, where incorrect comparison data were sent to the backend.

Admin SSL Filters

Clearing Bayes Data evolution improved

Clearing bayes data in "SpamAssassin" page was impossible for users with limited feature sets, since it involved request to the file manager API. With this change, Evolution would use new endpoint, which are not restricted for limited feature set and would allow clearing the data.

Tabs alignment for the mobile devices evolution improved

Tabs in Evolution's Refreshed layout were improved by aligning the labels to the left side for the mobile devices. This improves the readability on small screens.

Responsive tooltips width evolution improved

Tooltips width were improved to be responsive according to the user's browser width. Previously, tooltips used to go beyond the edges of the browser window if the content was too long.

Radio inputs for protected directories evolution improved

Path inputs within protected directories previously used checkboxes. This gave the impression that multiple paths could be selected when in reality only one could be selected at a time. With this change, checkboxes have been replaced with radio inputs

Custombuild finished tasks evolution improved

Previously only indication that task finished was that the notification at the bottom right of the screen would disappear and a loading icon next to task name would disappear. With this change, after all active custombuild tasks finish, the bell icon will no longer pulsate and a checkmark will be added next to the name of the task.

App Tasks List

Translate API error messages evolution fixed

Some new API error messages were not properly translated and a vague error message was shown. This release adds translations for more types of errors.

Modsecurity API errors after leaving evolution fixed

Users that navigated back to the dashboard after leaving their Modsecurity page got two API error responses. Those unnecessary API requests will no longer be made after navigating away from the page.

Nginx unit evolution fixed

Nginx unit pages had a bunch of small issues. The following used to go outside viewport:

  • "apply template"
  • array editor (path selection)
  • "environment" input

The "dynamic" button was obscured, making it impossible to view when it was set to true. As a result, changed the layout of processes within the "Advanced Options" tab to make the inputs easier to access.

Additionally some inputs weren't validated correctly and submit button wasn't preventing form submission on failing validation.

Empty button on mobile devices evolution fixed

There was an empty Modify action button inside the autoresponders list page, which had no label while in the mobile layout. This was fixed by adding the missing label.

SPAM Filters Adult Filter and FTP Settings Upload checkboxes evolution fixed

Checkboxes in the SPAM Filters (Adult Filter) and FTP Settings (Upload) pages weren't saving their states, and some functionalities were lost. This release restores the functionality of the checkboxes.

Missing DNSSEC button in DNS Management

The DNSSEC link button in the DNS Management page was missing and this release adds it back.

Option to change sent emails limit fixed

Input field for changing daily sent email limit were not visible in the Enhanced skin.

User Profile Page

Use HTTPS when downloading nginx sources custombuild fixed

When building nginx upstream source package will be downloaded over HTTPS instead of plain-text HTTP. All other source packages are already being downloaded over HTTPS.

Zone checks using named-checkzone on Debian 12 fixed

Tool named-checkzone is used to verify if DNS zone is correct before saving it. On Debian 12 this tool is installed in different location. Validation will now search for named-checkzone in all PATH directories instead of using a single hard-coded location. This makes this feature work correctly on Debian 12 systems.

Default domain selection on external login fixed

Performing login from external login page using static HTML form will automatically set default user domain name in the session file.

Preserve MySQL old format passwords during import from cPanel fixed

Import from cPanel script is updated to support importing MySQL accounts that uses old password format. Old password format is only used in very old MySQL servers, servers before MySQL 4.1.

Admin SSL locking fixed

Fixed locking/block issue which would prevent the generation of a new certificate in some specific scenarios. Related error message:

2023:11:02-12:40:47: Ssl::retry_domain: /usr/local/directadmin/data/users/fred/domains/ didn't exist, so tries to create one, but create_admin_domain_request also failed:
Error writing '/usr/local/directadmin/data/users/fred/domains/': Unable to get Lock on file:<br>
file is locked by another process: lock created Thu Nov  2 12:40:45 2023<br>

PHP 5.3, 5.4, 5.5 no longer supported custombuild removed

CustomBuild will no longer support building old PHP versions:

  • PHP version 5.3 - no new releases since 2014-08-14
  • PHP version 5.4 - no new releases since 2015-09-03
  • PHP version 5.5 - no new releases since 2016-07-21
Last Updated: