1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-16 10:59:53 +02:00
Commit Graph

148 Commits

Author SHA1 Message Date
bors[bot]
251db0b1af
Merge #2562
2562: Dynamic address resolution everywhere r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Use dynamic address resolution everywhere.
Derive a new key for admin/SECRET_KEY
Cleanup the environment

This should allow restarting containers.

### Related issue(s)
- closes #1341
- closes #1013
- closes #1430

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-19 10:12:26 +00:00
Florent Daigniere
df924b0864 doh 2022-12-19 11:04:25 +01:00
Florent Daigniere
0fa239da11 These tests are not required anymore 2022-12-19 10:43:40 +01:00
bors[bot]
f169f81436
Merge #2571
2571: Upgrade to alpine 3.17.0 r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade to alpine 3.17.0.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-08 20:35:17 +00:00
Florent Daigniere
e42d029c25 normalize booleans 2022-12-08 17:41:33 +01:00
Florent Daigniere
ae6af92b1d it's called libretls! 2022-12-08 16:38:06 +01:00
Florent Daigniere
4e3874b0c1 Enable dynamic resolution of hostnames 2022-12-08 13:00:50 +01:00
Florent Daigniere
dfaba5bb17
No need for two commands here 2022-12-07 15:51:54 +01:00
fastlorenzo
0209825277
Add net_bind_service capability for python executable
Signed-off-by: fastlorenzo <git@bernardi.be>
2022-12-07 11:43:26 +01:00
Florent Daigniere
622e093122 not required anymore 2022-12-02 17:23:58 +01:00
Florent Daigniere
73107ba112 libressl-dev is broken in the new release 2022-12-02 17:19:11 +01:00
Florent Daigniere
619a5fbda2 Upgrade to alpine 3.17.0 2022-12-02 16:44:44 +01:00
Florent Daigniere
3e38e7b89d Remove the dependency on pyOpenSSL 2022-11-27 16:07:48 +01:00
bors[bot]
a8630c5a3b
Merge #2550
2550: Webmail hardening r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Add [Snuffleupagus](https://github.com/jvoisin/snuffleupagus/) (a modern Suhosin replacement) to protect webmails.

It may be possible to harden further, by encrypting some of the cookies and auditing the usage of gpg more closely.

This seems to work for me.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 13:36:12 +00:00
Florent Daigniere
e03d91a1ec Merge remote-tracking branch 'upstream/master' into oletools 2022-11-24 10:35:03 +01:00
Florent Daigniere
9fcff5e745 Pin what we get from edge 2022-11-24 10:13:04 +01:00
Florent Daigniere
63a12d9857 changes requested by ghost 2022-11-24 10:00:00 +01:00
Florent Daigniere
4881e0db2a ghost is right, it should be pinned here too 2022-11-23 17:15:03 +01:00
Florent Daigniere
adacf579fc Rollback to mysql-connector-python==8.0.29
See #2553
2022-11-23 15:49:58 +01:00
Florent Daigniere
3e45a791cf Implement oletools to filter out bad macros 2022-11-23 15:42:46 +01:00
Florent Daigniere
9e61a33cb2 Merge branch 'master' of https://github.com/Mailu/Mailu into webmail-hardening 2022-11-22 10:03:38 +01:00
Florent Daigniere
d3d7916b58 Merge remote-tracking branch 'upstream/master' into upgrade-alpine 2022-11-21 17:22:15 +01:00
bors[bot]
31c6c26ec8
Merge #2547
2547: Disable libhardened-malloc for non x86. r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Support is going to be a nightmare if RPI4 is not working; We can always reintroduce it later.

### Related issue(s)
- closes #2541 


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-20 16:55:19 +00:00
Florent Daigniere
db9ed1fd59 Disable libhardened-malloc for non x86.
@see #2541

Support is going to be a nightmare if RPI4 is not working.
2022-11-20 16:26:27 +01:00
Florent Daigniere
e5ab9821f9 Add snuffleupagus
This seems to work in my limited testing.
2022-11-18 13:25:02 +01:00
Florent Daigniere
42cd5bf2dc Move it to base since admin will also use it 2022-11-17 15:17:24 +01:00
Florent Daigniere
e5a1a353db Upgrade to alpine 3.16.3
This has PHP fixes and a new rspamd
2022-11-17 14:19:22 +01:00
bors[bot]
68bb8da2b7
Merge #2538
2538: Fix the ARM build again r=mergify[bot] a=nextgens

I have double-checked from the builder and this works.

gcc -v from the alpine image tells me that we have  ``--enable-default-pie``

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-17 11:24:25 +00:00
Florent Daigniere
7745420fe0 Fix the ARM build again 2022-11-17 11:25:33 +01:00
bors[bot]
b66f3fe9de
Merge #2537
2537: Fix the armv7 build (again)! r=mergify[bot] a=nextgens

Revert "simplify": ghostwheel42's approach was right
This reverts commit 04f6bd2633.

Without the build still errors-out because of ``set -euxo pipefail``
see https://github.com/Mailu/Mailu/actions/runs/3479399158/jobs/5817902589

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-17 08:46:32 +00:00
Florent Daigniere
b9b0c77d2e Revert "simplify": ghostwheel42's approach was right
This reverts commit 04f6bd2633.
2022-11-17 09:28:26 +01:00
bors[bot]
f43c8c652e
Merge #2483 #2535
2483: Introduce FETCHMAIL_ENABLED r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?
Add `FETCHMAIL_ENABLED` to enable/disable the Fetchmail functionality in the Admin UI.

### Related issue(s)
- closes #2127

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2535: fix the linux/arm/v7 build r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

The arm builder is running aarch64 ... and there is no package for arm/v7


Co-authored-by: Vincent Kling <v.kling@vinniict.nl>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-16 12:30:33 +00:00
Florent Daigniere
32f3241569 ensure we have -pie too 2022-11-16 12:47:43 +01:00
Florent Daigniere
7ab3d8f9fe There is no good reason not to export them is the base image too 2022-11-16 12:34:45 +01:00
Florent Daigniere
aa44a42654 ensure we compile the wheels with bells and whistles too 2022-11-16 12:33:05 +01:00
Florent Daigniere
04f6bd2633 simplify 2022-11-16 12:23:14 +01:00
Florent Daigniere
d43e7f72df ghostwheel42's suggestion 2022-11-16 11:55:12 +01:00
Florent Daigniere
1f895d5f82 ghostwheel42's suggestion 2022-11-16 11:53:52 +01:00
Florent Daigniere
031a157ad9 fix the linux/arm/v7 build 2022-11-15 17:25:44 +01:00
bors[bot]
04a196c417
Merge #2525 #2534
2525: Switch to GrapheneOS's hardened_malloc r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

Switch to GrapheneOS's hardened_malloc

This was suggested during the dev meeting of the 18/09/22.

It may break things and it may make things unbearably slow... but it should also make the exploitation of memory corruption bugs a lot harder.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2534: Close #2533: document SQLALCHEMY_DATABASE_URI r=mergify[bot] a=nextgens

## What type of PR?

documentation

## What does this PR do?

document SQLALCHEMY_DATABASE_URI

### Related issue(s)
- closes #2533

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-15 12:28:19 +00:00
Florent Daigniere
81628149a2 don't fake the library 2022-11-15 09:17:06 +01:00
Florent Daigniere
9b2f018be6 add --no-cache 2022-11-15 09:09:47 +01:00
Florent Daigniere
455180043d doh 2022-11-14 09:34:43 +01:00
Florent Daigniere
f11c451403 Restrict it to arch where there is a package 2022-11-11 14:12:54 +01:00
Florent Daigniere
97df65e9ef Switch to GrapheneOS's hardened_malloc
This was suggested during the dev meeting of the 18/09/22.

It may break things and it may make things unbearably slow
2022-11-11 13:56:04 +01:00
Alexander Graf
1ae9156756
Add bcyrpt as direct dependency for better crypto. Also some updates 2022-11-08 13:27:33 +01:00
Alexander Graf
047413185e
Mask Flask-SQLAlchemy >= 3.0.0 for now as it breaks mailu 2022-11-08 13:27:33 +01:00
Alexander Graf
7e36694b64
Update python deps 2022-11-08 13:27:33 +01:00
bors[bot]
e0ff135a00
Merge #2498
2498: Implement ITERATE in podop r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

This makes ``doveadm -A`` work.

The easiest way to try it out is:
```
doveadm dict iter proxy:/tmp/podop.socket:auth shared/userdb

or 

doveadm user '*'
```

The protocol is described at https://doc.dovecot.org/developer_manual/design/dict_protocol/
The current version of dovecot is not using flags... so there's little gain in implementing them.

### Related issue(s)
- close #2499

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-11-03 16:54:24 +00:00
Florent Daigniere
ff9f152a52 This may be helpful too 2022-11-01 14:11:59 +01:00
Florent Daigniere
5137b235e9 whitelist what we know works
If other people use other arch and want their builds to go faster we can
whitelist them too after they have confirmed it works.
2022-11-01 13:47:21 +01:00
Alexander Graf
a2d43be6de
Fix building wheels when deps need to compile 2022-11-01 11:02:21 +01:00
Alexander Graf
bba98b320e
Fix armv7 build by manually downloading crates.io index 2022-10-31 23:40:51 +01:00
Florent Daigniere
6def1b555b doh 2022-10-31 10:06:55 +01:00
Florent Daigniere
96d9289630 No need to send an extra \n 2022-10-30 22:12:15 +01:00
Florent Daigniere
cdc9b63a46 Guard the message logging too 2022-10-30 21:54:03 +01:00
Florent Daigniere
2a417dbfc2 doesn't belong here 2022-10-30 21:51:29 +01:00
Florent Daigniere
1ce889b91b Do it the pythonic way 2022-10-30 21:43:34 +01:00
Florent Daigniere
e10527a4bf This is not used anymore 2022-10-30 21:33:10 +01:00
Florent Daigniere
1ae4c37cb9 Don't do fancy, just re-raise it 2022-10-30 21:25:34 +01:00
Florent Daigniere
5ec4277e1e Make it async. I'm not sure it's a good idea 2022-10-30 21:11:45 +01:00
Florent Daigniere
cf34be967c Implement ITERATE 2022-10-30 20:15:10 +01:00
Florent Daigniere
340e359096 doh 2022-10-29 17:13:58 +02:00
Florent Daigniere
076d67b513 follow the protocol 2022-10-29 17:02:52 +02:00
Florent Daigniere
2e467092a2 The newer dovecot sends data podop should ignore 2022-10-29 15:53:55 +02:00
Florent Daigniere
8942448561 Upgrade to alpine 3.16.2
This may fix the build issues on arm
2022-10-29 11:40:14 +02:00
Alexander Graf
024b0573b3
Update build reqs and fix armv7 build 2022-10-28 15:47:48 +02:00
Alexander Graf
7441a420c4
Fix and speed-up arm build. Allow chosing of prod/dev env. 2022-10-14 16:17:46 +02:00
Alexander Graf
146921f619
Move curl to base image 2022-10-14 14:34:58 +02:00
Alexander Graf
4c1071a497
Move all requirements*.txt to base image 2022-10-14 14:34:27 +02:00
Alexander Graf
a29f066858
Move even more python deps to base image 2022-10-12 16:32:27 +02:00
Alexander Graf
8668b269cd
Add requirements.txt for base image 2022-10-12 16:32:26 +02:00
Alexander Graf
9f511faf64
Merge pull request #8 from NeverBehave/master
fix: resolve IPv6 container hostname
2022-10-12 16:32:26 +02:00
Dimitri Huisman
b711f930ef
Merge pull request #9 from vavanade/patch-1
fix docstring
2022-10-12 16:32:26 +02:00
Dimitri Huisman
c0066abd01
Merge pull request #6 from micw/log-failed-dns
Add logging for failed DNS lookups
2022-10-12 16:32:25 +02:00
kaiyou
f63837b8e1
Update to 0.2.0 2022-10-12 16:32:25 +02:00
kaiyou
68d44201ab
Merge pull request #4 from micw/resolve-host-if-address-not-set
Resolve host if address not set
2022-10-12 16:32:25 +02:00
kaiyou
b198fde756
Merge pull request #3 from micw/fix-random-failures
Change test hostnames for stable test results
2022-10-12 16:32:25 +02:00
kaiyou
7f6d51904b
Remove wrong dependency to importlib 2022-10-12 16:32:25 +02:00
kaiyou
ef344c62f6
Add automated tests 2022-10-12 16:32:24 +02:00
kaiyou
74a3e87de3
Fix a couple syntax typos 2022-10-12 16:32:24 +02:00
kaiyou
351b05b92d
Allow jinja to load from file path or handle 2022-10-12 16:32:24 +02:00
kaiyou
0370b26f3e
Initial commit 2022-10-12 16:32:24 +02:00
Alexander Graf
ce9d886195
Merge pull request #10 from ghostwheel42/add_gitignore
Add .gitignore file
2022-10-12 16:32:24 +02:00
kaiyou
dbec5f0a6c
Switch to setuptools and bump the version 2022-10-12 16:32:23 +02:00
kaiyou
3d0d831c76
Version 0.2.4 2022-10-12 16:32:23 +02:00
kaiyou
e2979f9103
Merge pull request #6 from Nebukadneza/fix_py37
Don’t use deprecated now-keyword "async"
2022-10-12 16:32:23 +02:00
kaiyou
6fadd39aea
Merge pull request #3 from Nebukadneza/add_key_url_quoting
URL-Quote the key in HTTP requests
2022-10-12 16:32:23 +02:00
kaiyou
080e76f972
Merge pull request #1 from rakshith-ravi/patch-1
Fixed a small typo
2022-10-12 16:32:23 +02:00
kaiyou
23e5aa2e05
Escape strings properly in the Dovecot dict dialect 2022-10-12 16:32:22 +02:00
kaiyou
814bb1f36d
Properly miss when the web api returns 404 2022-10-12 16:32:22 +02:00
kaiyou
d2b98ae323
Update to 0.2.2 2022-10-12 16:32:22 +02:00
kaiyou
81d171f978
Add some debug logging to the table class 2022-10-12 16:32:22 +02:00
Pierre Jaury
d640da8787
Include package data in the package 2022-10-12 16:32:22 +02:00
Pierre Jaury
c5fa0280a0
Add support for dovecot dict_set operations 2022-10-12 16:32:21 +02:00
Pierre Jaury
eb6b1866f1
Specify dependencies in the setup script 2022-10-12 16:32:21 +02:00
Pierre Jaury
b1b0aeb69d
Initial commit 2022-10-12 16:32:21 +02:00
Alexander Graf
5e552bae69
Add base image 2022-10-12 16:32:20 +02:00