1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-12 10:45:38 +02:00
Commit Graph

3874 Commits

Author SHA1 Message Date
Florent Daigniere
3721a6aa02 Merge branch 'master' of https://github.com/Mailu/Mailu into HEAD 2022-11-24 15:20:01 +01:00
Florent Daigniere
19bd9362d3 As suggested by ghost 2022-11-24 14:56:26 +01:00
bors[bot]
a8630c5a3b
Merge #2550
2550: Webmail hardening r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Add [Snuffleupagus](https://github.com/jvoisin/snuffleupagus/) (a modern Suhosin replacement) to protect webmails.

It may be possible to harden further, by encrypting some of the cookies and auditing the usage of gpg more closely.

This seems to work for me.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 13:36:12 +00:00
Florent Daigniere
9fcff5e745 Pin what we get from edge 2022-11-24 10:13:04 +01:00
Florent Daigniere
63a12d9857 changes requested by ghost 2022-11-24 10:00:00 +01:00
bors[bot]
5a7d73dc3d
Merge #2554
2554: Rollback to mysql-connector-python==8.0.29 r=mergify[bot] a=nextgens

See #2553

## What type of PR?

bug-fix

## What does this PR do?

Rollback to mysql-connector-python==8.0.29

### Related issue(s)
- closes #2553 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-23 19:20:57 +00:00
Florent Daigniere
4881e0db2a ghost is right, it should be pinned here too 2022-11-23 17:15:03 +01:00
Florent Daigniere
c1144612be
fix sorting 2022-11-23 17:13:15 +01:00
Florent Daigniere
4d8bd210c5
Update run_dev.sh 2022-11-23 17:07:48 +01:00
Florent Daigniere
ee512112fb
fix flask db history 2022-11-23 17:07:19 +01:00
Florent Daigniere
adacf579fc Rollback to mysql-connector-python==8.0.29
See #2553
2022-11-23 15:49:58 +01:00
bors[bot]
9c6e9b05db
Merge #2543
2543: Fix #2231: make public announcements work r=nextgens a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Ensure public announcements bypass filters.

They can still time-out... but this is already a big improvement that we should be able to backport.

### Related issue(s)
- closes #2231

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-23 09:32:17 +00:00
Florent Daigniere
9fa3a3e0c7 doc 2022-11-22 10:17:10 +01:00
Florent Daigniere
e94f6eaf33 towncrier 2022-11-22 10:11:23 +01:00
Florent Daigniere
9e61a33cb2 Merge branch 'master' of https://github.com/Mailu/Mailu into webmail-hardening 2022-11-22 10:03:38 +01:00
bors[bot]
6a3daa75ac
Merge #2539
2539: Upgrade alpine, make setup use the base image r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade alpine, make setup use the base image, introduce a health-check, drop privileges. Drop privileges on admin too.

It may or may not help #2536

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-21 18:16:26 +00:00
Florent Daigniere
f994c8687e doh 2022-11-21 18:12:11 +01:00
Florent Daigniere
44c47586ea Fix potential permission problems 2022-11-21 17:50:57 +01:00
Florent Daigniere
d3d7916b58 Merge remote-tracking branch 'upstream/master' into upgrade-alpine 2022-11-21 17:22:15 +01:00
bors[bot]
c1da586444
Merge #2526
2526: Upgrade Snappymail to 2.21 and merge the webmail containers r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade Snappymail to 2.21 and merge the webmail containers. This will make the CI faster and should simplify things going forward (hardening but also allow running more than one webmail at the time, ...).

- enable APCu
- add new test to ensure we redirect to SSO and have disabled the admin panel
- add all the packaged dictionaries for spell checking
- harden the configuration of the webmails a bit (more to come in a separate PR)
- turn off deprecation warnings (php8.1 is too new)
- turn off error reporting (log them instead)
- return HTTP302 when we should
- gpg-verify the signature of the webmails we ship
- upgrade to snappymail 2.21, switch to the new json config format
- use socrates as it's meant to so that helm users can do their thing
- run the HTTPd and PHP as different users
- redirect the PHP errors to stderr

## Related issue(s)
- closes #2466
- closes #948
- closes #2250

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-21 15:28:57 +00:00
Florent Daigniere
ab852772f9 Bump snappymail to 2.21.3 2022-11-21 16:04:00 +01:00
Florent Daigniere
28d720bbc9 As requested 2022-11-21 14:54:36 +01:00
bors[bot]
d650a9cc0f
Merge #2548
2548: Fetchmail improvements (2) r=mergify[bot] a=nextgens

Follow-up to #2529

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-21 10:04:37 +00:00
Florent Daigniere
45b01db9de Fix the language switcher 2022-11-21 11:01:01 +01:00
Florent Daigniere
3fc0a0e7fa Merge branch 'master' of https://github.com/Mailu/Mailu into fetchmail-improvements 2022-11-21 10:40:02 +01:00
Florent Daigniere
4da2db1b0b add comment as requested 2022-11-21 10:38:44 +01:00
Florent Daigniere
c79e8d3852 Fix display bug 2022-11-21 10:37:36 +01:00
bors[bot]
553b02fb3d
Merge #2529
2529: Improve fetchmail r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Improve fetchmail:
- allow delivery via LMTP (faster, bypassing the filters)
- allow several folders to be retrieved
- run fetchmail as non-root
- tweak the compose file to ensure we have all the dependencies

### Related issue(s)
- closes #1231 
- closes #2246 
- closes #711

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-11-21 09:28:15 +00:00
bors[bot]
31c6c26ec8
Merge #2547
2547: Disable libhardened-malloc for non x86. r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Support is going to be a nightmare if RPI4 is not working; We can always reintroduce it later.

### Related issue(s)
- closes #2541 


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-20 16:55:19 +00:00
bors[bot]
604eb69122
Merge #2545
2545: Don't force a password reset r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't force a password reset. You may want to edit the user without changing his password.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-20 16:48:29 +00:00
Florent Daigniere
dcf11aea48 Don't force a password reset 2022-11-20 16:33:21 +01:00
Florent Daigniere
db9ed1fd59 Disable libhardened-malloc for non x86.
@see #2541

Support is going to be a nightmare if RPI4 is not working.
2022-11-20 16:26:27 +01:00
Florent Daigniere
f802601a08
Update f4f0f89e0047_.py 2022-11-20 15:00:04 +01:00
Florent Daigniere
d5ac9199a0
Update 7ac252f2bbbf_.py 2022-11-20 14:59:06 +01:00
Florent Daigniere
ef9cc3c866 Show spoofing on /admin/user/list too 2022-11-20 11:09:04 +01:00
Florent Daigniere
38507b2e1b Close #2372: Implement a GUI for WILDCARD_SENDERS 2022-11-20 10:19:28 +01:00
Florent Daigniere
6a22c82c02 Fix run_dev 2022-11-20 10:17:19 +01:00
Florent Daigniere
b20bf996ec Fix #2231: make public announcements work 2022-11-19 18:44:30 +01:00
Florent Daigniere
840b2bd9df block o:0:{} too 2022-11-18 16:00:31 +01:00
Florent Daigniere
017ea5298e typo 2022-11-18 15:52:56 +01:00
Florent Daigniere
2a4f6836cf protect unserialize() 2022-11-18 15:39:32 +01:00
Florent Daigniere
e5ab9821f9 Add snuffleupagus
This seems to work in my limited testing.
2022-11-18 13:25:02 +01:00
Florent Daigniere
bdc085048d Restore the Dockerfile like it was 2022-11-18 10:40:42 +01:00
Florent Daigniere
b28798c74f doh 2022-11-17 18:46:04 +01:00
Florent Daigniere
1bfab1dbfa Maybe fix the test? 2022-11-17 18:32:39 +01:00
Florent Daigniere
6137f93d23 add a GTUBE test to check the antispam 2022-11-17 18:17:41 +01:00
Florent Daigniere
3cb87b6e49 Update entry 2022-11-17 18:10:53 +01:00
Florent Daigniere
e3b875aa6b Well, -i stands for --insecure 2022-11-17 18:09:00 +01:00
Florent Daigniere
3b5b00d87d towncrier 2022-11-17 16:37:17 +01:00
Florent Daigniere
e79d7fed55 Reduce the number of warnings on the CI 2022-11-17 16:21:52 +01:00