1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

3924 Commits

Author SHA1 Message Date
Florent Daigniere
170b12baf0 fix sieve 2022-12-19 10:19:21 +01:00
bors[bot]
79f01c4e33
Merge #2581
2581: fix missing casting to int for SESSION_KEY_BITS r=nextgens a=fastlorenzo

## What type of PR?

bug-fix

## What does this PR do?

This PR adds a missing env var casting for the `SESSION_KEY_BITS` variable.
When trying to provide a different value via env var, the value is passed as a string and then compared to a int.
The following check then throws a cast error: 50c7fa882e/core/admin/mailu/utils.py (L309-L312)

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.


Co-authored-by: fastlorenzo <git@bernardi.be>
2022-12-14 15:05:03 +00:00
bors[bot]
59220ac83b
Merge #2580
2580: Fixed roundcube carddav module r=mergify[bot] a=fastlorenzo

## What type of PR?

bug-fix

## What does this PR do?

This makes the Carddav module of roundcube to work again.

Changes made:
- Add 2 missing packages in the container (`php81-xmlreader` and `php81-xmlwriter`)
- Disable one rule in snuffleupagus that blocked the web request needed from the plugin to interact with carddav



Co-authored-by: fastlorenzo <git@bernardi.be>
2022-12-14 14:57:07 +00:00
fastlorenzo
135207db3e
fix missing casting to int for SESSION_KEY_BITS
Signed-off-by: fastlorenzo <git@bernardi.be>
2022-12-14 01:00:23 +01:00
fastlorenzo
2fa8dcb51d
Fixed roundcube carddav module
Signed-off-by: fastlorenzo <git@bernardi.be>
2022-12-13 09:37:00 +01:00
bors[bot]
50c7fa882e
Merge #2577
2577: Autofocus the login form on /sso/login r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Autofocus the login form on /sso/login

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-08 20:49:23 +00:00
bors[bot]
f169f81436
Merge #2571
2571: Upgrade to alpine 3.17.0 r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade to alpine 3.17.0.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-08 20:35:17 +00:00
Florent Daigniere
ae6af92b1d it's called libretls! 2022-12-08 16:38:06 +01:00
Florent Daigniere
b630355d03 Autofocus the login form on /sso/login 2022-12-08 15:17:58 +01:00
bors[bot]
1a67921b7c
Merge #2576
2576: Add net_bind_service capability for python executable r=mergify[bot] a=fastlorenzo

## What type of PR?

bug-fix

## What does this PR do?

Fixes capabilities needed to bind on privileged port.


Co-authored-by: fastlorenzo <git@bernardi.be>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-12-07 15:07:14 +00:00
Florent Daigniere
dfaba5bb17
No need for two commands here 2022-12-07 15:51:54 +01:00
fastlorenzo
0209825277
Add net_bind_service capability for python executable
Signed-off-by: fastlorenzo <git@bernardi.be>
2022-12-07 11:43:26 +01:00
Florent Daigniere
8150ca77b2 this isn't required anymore either 2022-12-02 17:29:44 +01:00
Florent Daigniere
622e093122 not required anymore 2022-12-02 17:23:58 +01:00
Florent Daigniere
73107ba112 libressl-dev is broken in the new release 2022-12-02 17:19:11 +01:00
Florent Daigniere
619a5fbda2 Upgrade to alpine 3.17.0 2022-12-02 16:44:44 +01:00
bors[bot]
0bfe3f92a6
Merge #2564
2564: Misc dovecot config changes r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

- fix RECIPIENT_DELIMITER (wrong scope, was ignored)
This can be confirmed using: ``$nc imap 2525 ...`` and delivering to a VERP address
- drop privileges of the LMTP daemon

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-02 10:31:22 +00:00
bors[bot]
8c3da2815d
Merge #2565
2565: Fix DB downgrade r=mergify[bot] a=nextgens

Fix DB downgrade. This isn't used in normal operations but is wrong nevertheless.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-02 10:23:17 +00:00
bors[bot]
cd5e6c896f
Merge #2568
2568: Fix a bug preventing users without IMAP access to access the webmails r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix a bug preventing users without IMAP access to access the webmails

### Related issue(s)
- close #2451

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-30 08:03:50 +00:00
bors[bot]
e20efc5b99
Merge #2567
2567: Remove the dependency on pyOpenSSL r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Remove the dependency on pyOpenSSL

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-11-29 13:07:57 +00:00
Florent Daigniere
c565e69a01
as requested 2022-11-29 13:34:22 +01:00
Florent Daigniere
b553d025eb
remove newline 2022-11-29 13:32:40 +01:00
Florent Daigniere
00f07ef533 close #2451: prevent an auth-loop on webmails 2022-11-29 13:29:03 +01:00
Florent Daigniere
3e38e7b89d Remove the dependency on pyOpenSSL 2022-11-27 16:07:48 +01:00
Florent Daigniere
98f16b1d47 Fix DB downgrade 2022-11-27 13:57:03 +01:00
bors[bot]
a366116cae
Merge #2563
2563: Close #1483: remove postfix's /queue/pid/master.pid r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Remove postfix's /queue/pid/master.pid on startup if there is no other instance running.

### Related issue(s)
- closes #1483

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-27 11:25:43 +00:00
Florent Daigniere
5da2ab8fd1 drop privs 2022-11-27 12:08:15 +01:00
Florent Daigniere
bf588d19a4 Fix RECIPIENT_DELIMITER 2022-11-27 10:58:07 +01:00
Florent Daigniere
86edc3a919 Close #1483: remove postfix's /queue/pid/master.pid 2022-11-27 09:56:04 +01:00
bors[bot]
b49d9ce243
Merge #2561
2561: set the umask when using config-export r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Set a better umask when using config-export


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-26 18:26:05 +00:00
Florent Daigniere
c1062f3db2 set the umask 2022-11-25 17:53:25 +01:00
bors[bot]
0bde746610
Merge #2557
2557: Remove Swarm from master r=mergify[bot] a=nextgens

Remove Swarm from master as discussed.

This hasn't been tested

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-11-25 12:05:31 +00:00
bors[bot]
033889dc95
Merge #2542 #2559
2542: Implement header authentication via external proxy r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

Implement header authentication via external proxy

### Related issue(s)
- closes #1972
- closes #2183

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2559: Turns out that php81-ctype is required by roundcube r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It solves:
```
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "NOTICE: PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function Masterminds\HTML5\Parser\ctype_alpha() in /var/www/roundcube/vendor/masterminds/html5/src/HTML5/Parser/Tokenizer.php:140"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "Stack trace:"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#0 /var/www/roundcube/vendor/masterminds/html5/src/HTML5/Parser/Tokenizer.php(82): Masterminds\HTML5\Parser\Tokenizer->consumeData()"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#1 /var/www/roundcube/vendor/masterminds/html5/src/HTML5.php(161): Masterminds\HTML5\Parser\Tokenizer->parse()"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#2 /var/www/roundcube/vendor/masterminds/html5/src/HTML5.php(89): Masterminds\HTML5->parse('<html>\n    <hea...', Array)"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#3 /var/www/roundcube/program/lib/Roundcube/rcube_washtml.php(700): Masterminds\HTML5->loadHTML('<html>\n    <hea...')"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#4 /var/www/roundcube/program/actions/mail/index.php(975): rcube_washtml->wash('<html>\n    <hea...')"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#5 /var/www/roundcube/program/actions/mail/index.php(1019): rcmail_action_mail_index::wash_html('<!doctype html>...', Array, Array)"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#6 /var/www/roundcube/program/actions/mail/show.php(720): rcmail_action_mail_index::pr..."
```

see https://github.com/roundcube/roundcubemail/issues/7049


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-25 10:40:47 +00:00
bors[bot]
e0d42cadc0
Merge #2546
2546: Implement a GUI for WILDCARD_SENDERS r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

- Implement a GUI for WILDCARD_SENDERS

### Related issue(s)
- closes #2372

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-11-25 10:33:19 +00:00
Alexander Graf
b0990460a4
Fix error display 2022-11-25 11:32:21 +01:00
Alexander Graf
53720876b4
Colorize feature badges 2022-11-25 10:47:49 +01:00
Alexander Graf
a5eeab37e1
Add default for column allow_spoofing 2022-11-25 10:43:00 +01:00
Florent Daigniere
e927426dfa Turns out that php81-ctype is required by roundcube
see https://github.com/roundcube/roundcubemail/issues/7049
2022-11-25 09:37:05 +01:00
Alexander Graf
7828115102
Re-add flavor and steps to wizard. 2022-11-25 08:29:50 +01:00
bors[bot]
0e0ac201fc
Merge #2558
2558: Don't do it as root r=mergify[bot] a=nextgens

A naive attempt to ensure we don't run the PHP stuff as root; without it we mess the permissions up and fail to upgrade the database schema of roundcube

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 20:54:56 +00:00
Florent Daigniere
c4595fddca Change perms first 2022-11-24 19:08:30 +01:00
Florent Daigniere
9566c297d9 Don't do it as root 2022-11-24 18:41:46 +01:00
Florent Daigniere
b3f534a6ac Wizard.html should still be the default destination 2022-11-24 16:37:42 +01:00
Florent Daigniere
d0631558c7 Remove Swarm everywhere.
This hasn't been tested
2022-11-24 16:23:53 +01:00
Florent Daigniere
3721a6aa02 Merge branch 'master' of https://github.com/Mailu/Mailu into HEAD 2022-11-24 15:20:01 +01:00
bors[bot]
2104c04e3b
Merge #2544
2544: Fix #2242: Make quotas adjustable in 50MiB increments r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Make quotas adjustable in 50MiB increments

### Related issue(s)
- closes #2242

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 14:18:10 +00:00
Florent Daigniere
19bd9362d3 As suggested by ghost 2022-11-24 14:56:26 +01:00
bors[bot]
a8630c5a3b
Merge #2550
2550: Webmail hardening r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Add [Snuffleupagus](https://github.com/jvoisin/snuffleupagus/) (a modern Suhosin replacement) to protect webmails.

It may be possible to harden further, by encrypting some of the cookies and auditing the usage of gpg more closely.

This seems to work for me.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 13:36:12 +00:00
Florent Daigniere
12117cef37 Reduce the scope of the try: except 2022-11-24 12:16:25 +01:00
Florent Daigniere
9fcff5e745 Pin what we get from edge 2022-11-24 10:13:04 +01:00