1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-28 23:06:37 +02:00
Commit Graph

3606 Commits

Author SHA1 Message Date
Florent Daigniere
379fe18f7a test dns resolvers at startup 2022-01-05 18:49:30 +01:00
bors[bot]
94bbd25fe8
Merge #2141
2141: update roundcube to 1.5.2 (security fix) r=mergify[bot] a=willofr

New roundcube release (1.5.2) where a XSS is addressed: https://roundcube.net/news/2021/12/30/update-1.5.2-released

## What type of PR?
security fix

## What does this PR do?
Update roundcube from 1.5.1 to 1.5.2
This update fixes an XSS: https://roundcube.net/news/2021/12/30/update-1.5.2-released

### Related issue(s)
None

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: willofr <willofr@users.noreply.github.com>
2022-01-05 12:54:59 +00:00
bors[bot]
a5f6f9676b
Merge #2140
2140: Fix 2138: Pin DANE with the full cert r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Pin the intermediates rather than the root for DANE. If you have setup TLSA records following previous suggestion from Mailu please update them.

This hasn't been tested.

The four options here are:
- stop suggesting DANE records
- send the root CA (4096 bits extra per handshake!)
- pin the intermediates : the downside is that these are only valid for 3y, see https://letsencrypt.org/certificates/ and we should pin 4: R3,R4,E1,E2
- setup a 'full' DANE record in DNS (this is what this PR does)

The high priority is warranted by the fact that some SMTP servers may not trust root CAs and may enforce DANE strictly (it may break things).

### Related issue(s)
- close #2138

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-01-05 11:10:38 +00:00
Florent Daigniere
98973223fd
reduce TTL to 1d 2022-01-05 11:37:29 +01:00
willofr
f330a518fa
Create 2141.bugfix 2022-01-05 11:23:31 +01:00
willofr
93a94d33ce
update roundcube to 1.5.2 (security fix)
New roundcube release (1.5.2) where a XSS is addressed: https://roundcube.net/news/2021/12/30/update-1.5.2-released
2022-01-05 11:17:31 +01:00
Florent Daigniere
792893caae change TTL to 1y 2022-01-05 10:41:25 +01:00
Florent Daigniere
671f3e382a Fix 2138: Pin DANE with the full cert 2022-01-05 10:38:27 +01:00
bors[bot]
6953ee6bde
Merge #2132
2132: Fixes #2131 - Carddav synchronization issue r=mergify[bot] a=bkraul

## What type of PR?

bug-fix

## What does this PR do?
Adds php support for `simplexml` extension which is apparently needed by rainloop to handle carddav synchronizations.

### Related issue(s)
- closes #2131

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: bkraul <bkraul@belmankraul.com>
2022-01-04 15:25:32 +00:00
bors[bot]
393b28a420
Merge #2130
2130: Fix 2125: Make the caller responsible to know whether the rate-limit code should be called or not r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Make the caller responsible to know whether the rate-limit code should be called or not. If the webmail isn't configured its address can't be determined.

The rate limiting code should always be called except when we are verifying temporary tokens from the webmail.

### Related issue(s)
- close #2125 
- close #2129 
- close #2128

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-01-04 15:05:44 +00:00
bkraul
d494dd7d2a Fixes #2131 2022-01-03 07:56:52 -06:00
Florent Daigniere
e42947a815 towncrier 2022-01-03 13:51:30 +01:00
Florent Daigniere
7f89a29790 Fix 2125
Make the caller responsible to know whether the rate-limit code should
be called or not
2022-01-03 13:38:21 +01:00
bors[bot]
3453d12ccb
Merge #2121
2121: Update CHANGELOG.md with items that were not added by mistake. r=mergify[bot] a=Diman0

## What type of PR?

documentation

## What does this PR do?

Due to using the wrong suffix, a lot of newsfragments were not added to the CHANGELOG.md.
This PR amends this. This PR should be backported as well. Otherwise it is very difficult to see what newsfragments are relevant for a new x.y.z. release.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2022-01-01 13:00:19 +00:00
Dimitri Huisman
86eb8f2331 Add newsfragment for PR #2121. 2022-01-01 12:41:37 +00:00
Dimitri Huisman
0f0a2be736 Update CHANGELOG.md with items that were not added by mistake. 2022-01-01 12:35:53 +00:00
bors[bot]
dbdd1c85a0
Merge #2119
2119: Fix #2117. Gpg-agent package was missing for roundcube image. r=mergify[bot] a=Diman0

## What type of PR?

Bug fix

## What does this PR do?
In the past gpg-agent was installed as dependency of gpg for the roundcube image.
The packages gpg and gpgagent are used by the enigmail plugin in roundcube. This plugin is one of the default plugins for roundcube.
After updating to a newer php (debian) image in 1.9, gpg-agent is not installed anymore together with gpg. I suspect this was changed in a newer debian version.

The fix has already been confirmed by the issue reporter. See #2117.

### Related issue(s)
- closes #2117 


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-01-01 11:33:11 +00:00
Florent Daigniere
f8bc7c56a1 typo 2022-01-01 12:30:49 +01:00
Dimitri Huisman
b248026933 Fix #2117. Gpg-agent package was missing for roundcube image. 2022-01-01 10:51:11 +00:00
bors[bot]
65d905fe62
Merge #2099
2099: update Dockerfile to alpine 3.14.3 r=mergify[bot] a=willofr

## What type of PR?
Security fix

## What does this PR do?
Updated the Dockerfile to use the latest alpine version 3.14.3 where several CVEs have been fixed: https://alpinelinux.org/posts/Alpine-3.14.3-released.html
New images successfully built on my test env.

### Related issue(s)
None

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Will <will@packer-output-c8fcfb40-3d93-4475-8f87-e14a9dd683b6>
Co-authored-by: willofr <willofr@users.noreply.github.com>
2021-12-31 12:06:53 +00:00
bors[bot]
3eca813182
Merge #2116
2116: fix 2114: redirect old path r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Old paths may still be cached in browsers, it's easy enough to redirect them

### Related issue(s)
- close #2114


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-12-30 15:24:51 +00:00
bors[bot]
4e358e91e1
Merge #2111
2111: Preparations for 1.9 release r=mergify[bot] a=Diman0

## What type of PR?

Preparations for 1.9 release.

## What does this PR do?
All changes required for the 1.9 release. This PR does not trigger the 1.9 release yet. For that we only have to create a 1.9 branch after this PR has been merged.

Please double check all the documentation. Feel free to directly commit to this branch any spelling errors you see.

After this is merged, I only have to create the 1.9 branch and update the infra project to release 1.9.

### Related issue(s)
- closes #1930

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-12-30 15:05:29 +00:00
bors[bot]
0bdb508824
Merge #2115
2115: Update AUTHORS.md r=mergify[bot] a=ghostwheel42

Update AUTHORS.md

Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-12-30 14:32:11 +00:00
Florent Daigniere
c4675e6e75 fix 2114: redirect old path 2021-12-30 15:29:56 +01:00
Alexander Graf
d29afea5ba
Update AUTHORS.md 2021-12-30 15:28:24 +01:00
Alexander Graf
9d904d1db9
changed semver example to 1.9.x 2021-12-30 15:21:22 +01:00
Florent Daigniere
0298d51003 my edits 2021-12-30 13:00:22 +01:00
Dimitri Huisman
cfd6e91c29 Forgot to mention that Mailu PostgreSQL is deprecated. 2021-12-29 15:17:48 +00:00
Dimitri Huisman
b4d3d4b3c9 Preparations for 1.9 release. 2021-12-29 14:40:45 +00:00
bors[bot]
14177c3f98
Merge #2097
2097: The DB_PORT and ROUNDCUBE_DB_PORT env vars were not used r=mergify[bot] a=Diman0

## What type of PR?

Bug fix

## What does this PR do?
The DB_PORT and ROUNDCUBE_DB_PORT env vars were not used and are not required. 
This PR removes these not used environment variables from the documentation.
The documentation and setup utility are enhanced with instructions how to specify a different port for the database url.

### Related issue(s)
- See #2073


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-12-28 12:56:54 +00:00
bors[bot]
a2b3b44947
Merge #2109
2109: Update AUTHORS.md r=mergify[bot] a=nextgens

Update AUTHORS.md

Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2021-12-28 10:32:11 +00:00
Florent Daigniere
6afdd4d000
Update AUTHORS.md 2021-12-25 17:12:14 +01:00
bors[bot]
23537b513d
Merge #2108
2108: Fix build dependencies pycares r=mergify[bot] a=Erriez

## What type of PR?

Fix missing build dependencies `postfix-mta-sts-resolver` for `pycares` which requires `py3-wheel` and `libffi-dev` packages.
Restore virtual build in single RUN line.

## What does this PR do?

### Related issue(s)
- Mention an issue like: #2106
- Auto close an issue like: closes #2106

Co-authored-by: Erriez <Erriez@users.noreply.github.com>
2021-12-24 15:03:24 +00:00
Erriez
4b0694705c Fix build dependencies pycares 2021-12-24 12:17:57 +01:00
bors[bot]
3be34eaa3e
Merge #2107
2107: Remove weblate from documentation r=mergify[bot] a=Diman0

## What type of PR?

documentation

## What does this PR do?
See #1869. The weblate instance is not available anymore. Therefore this not available weblate instance should not be mentioned in the documentation anymore.

This PR removes it from the documentation

### Related issue(s)
- #1869

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.



Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-12-24 10:07:30 +00:00
Dimitri Huisman
c957911220 Remove weblate option from documentation since it is not available anymore. 2021-12-24 07:46:55 +00:00
bors[bot]
081d443d66
Merge #2101
2101: Fix documentation  INITIAL_ADMIN_* variables r=mergify[bot] a=Erriez

## What type of PR?

Fix `master` documentation `INITIAL_ADMIN_*` environment variables:
- `setup.rst`
- `configuration.rst`

## What does this PR do?

Fix documentation `Docker Compose setup` and `Web settings | Admin account`.

### Related issue(s)
- Mention an issue like: #2092
- Auto close an issue like: closes #2092

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Erriez <Erriez@users.noreply.github.com>
2021-12-23 10:58:05 +00:00
bors[bot]
cd8479414e
Merge #2103
2103: Fix issue 2102 (bug introduced in 2098) r=mergify[bot] a=Diman0

## What type of PR?

Bug-fix

## What does this PR do?
The changes to session management introduced in #2094 #2098 introduced new bugs. This PR addresses these.

### Related issue(s)
- Auto close an issue like: closes #2102

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-12-22 18:39:15 +00:00
Erriez
10756cef7b Fix typo configuration.rst 2021-12-22 19:38:46 +01:00
Dimitri Huisman
51d94b8d14 Fix issue 2102 2021-12-22 17:40:51 +00:00
Erriez
4c52cf1d6a Rewording INITIAL_ADMIN_MODE documentation 2021-12-22 18:18:15 +01:00
Erriez
83d9a81f0f Fix documentation INITIAL_ADMIN_* variables 2021-12-22 15:00:39 +01:00
bors[bot]
ee5fc81b07
Merge #2098
2098: Sessions tweaks2 r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Additional tweaks suggested by `@ghostwheel42:`
- fix cleanup_sessions (important)
- ensure we delete tokens on delete()

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-12-22 13:02:07 +00:00
willofr
83bd3b27aa
Create 2099.bugfix 2021-12-22 11:17:13 +01:00
Will
b2abbc8856 update Dockerfile to alpine 3.14.3 2021-12-22 09:19:44 +00:00
Florent Daigniere
bee6e980e3 doh 2021-12-21 16:23:27 +01:00
Florent Daigniere
6d5926ef29 prettify 2021-12-21 16:06:34 +01:00
Florent Daigniere
58d0faff7f ensure we clear the token on delete() 2021-12-21 15:59:00 +01:00
Florent Daigniere
2b29cfb3f0 fix cleanup_sessions() 2021-12-21 15:55:59 +01:00
Florent Daigniere
f0247a2faf Use self where appropriate 2021-12-21 15:45:05 +01:00