1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

86 Commits

Author SHA1 Message Date
Florent Daigniere
dfaba5bb17
No need for two commands here 2022-12-07 15:51:54 +01:00
fastlorenzo
0209825277
Add net_bind_service capability for python executable
Signed-off-by: fastlorenzo <git@bernardi.be>
2022-12-07 11:43:26 +01:00
Florent Daigniere
3e38e7b89d Remove the dependency on pyOpenSSL 2022-11-27 16:07:48 +01:00
bors[bot]
a8630c5a3b
Merge #2550
2550: Webmail hardening r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Add [Snuffleupagus](https://github.com/jvoisin/snuffleupagus/) (a modern Suhosin replacement) to protect webmails.

It may be possible to harden further, by encrypting some of the cookies and auditing the usage of gpg more closely.

This seems to work for me.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 13:36:12 +00:00
Florent Daigniere
9fcff5e745 Pin what we get from edge 2022-11-24 10:13:04 +01:00
Florent Daigniere
63a12d9857 changes requested by ghost 2022-11-24 10:00:00 +01:00
Florent Daigniere
4881e0db2a ghost is right, it should be pinned here too 2022-11-23 17:15:03 +01:00
Florent Daigniere
adacf579fc Rollback to mysql-connector-python==8.0.29
See #2553
2022-11-23 15:49:58 +01:00
Florent Daigniere
9e61a33cb2 Merge branch 'master' of https://github.com/Mailu/Mailu into webmail-hardening 2022-11-22 10:03:38 +01:00
Florent Daigniere
d3d7916b58 Merge remote-tracking branch 'upstream/master' into upgrade-alpine 2022-11-21 17:22:15 +01:00
bors[bot]
31c6c26ec8
Merge #2547
2547: Disable libhardened-malloc for non x86. r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Support is going to be a nightmare if RPI4 is not working; We can always reintroduce it later.

### Related issue(s)
- closes #2541 


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-20 16:55:19 +00:00
Florent Daigniere
db9ed1fd59 Disable libhardened-malloc for non x86.
@see #2541

Support is going to be a nightmare if RPI4 is not working.
2022-11-20 16:26:27 +01:00
Florent Daigniere
e5ab9821f9 Add snuffleupagus
This seems to work in my limited testing.
2022-11-18 13:25:02 +01:00
Florent Daigniere
42cd5bf2dc Move it to base since admin will also use it 2022-11-17 15:17:24 +01:00
Florent Daigniere
e5a1a353db Upgrade to alpine 3.16.3
This has PHP fixes and a new rspamd
2022-11-17 14:19:22 +01:00
bors[bot]
68bb8da2b7
Merge #2538
2538: Fix the ARM build again r=mergify[bot] a=nextgens

I have double-checked from the builder and this works.

gcc -v from the alpine image tells me that we have  ``--enable-default-pie``

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-17 11:24:25 +00:00
Florent Daigniere
7745420fe0 Fix the ARM build again 2022-11-17 11:25:33 +01:00
bors[bot]
b66f3fe9de
Merge #2537
2537: Fix the armv7 build (again)! r=mergify[bot] a=nextgens

Revert "simplify": ghostwheel42's approach was right
This reverts commit 04f6bd2633.

Without the build still errors-out because of ``set -euxo pipefail``
see https://github.com/Mailu/Mailu/actions/runs/3479399158/jobs/5817902589

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-17 08:46:32 +00:00
Florent Daigniere
b9b0c77d2e Revert "simplify": ghostwheel42's approach was right
This reverts commit 04f6bd2633.
2022-11-17 09:28:26 +01:00
bors[bot]
f43c8c652e
Merge #2483 #2535
2483: Introduce FETCHMAIL_ENABLED r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?
Add `FETCHMAIL_ENABLED` to enable/disable the Fetchmail functionality in the Admin UI.

### Related issue(s)
- closes #2127

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2535: fix the linux/arm/v7 build r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

The arm builder is running aarch64 ... and there is no package for arm/v7


Co-authored-by: Vincent Kling <v.kling@vinniict.nl>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-16 12:30:33 +00:00
Florent Daigniere
32f3241569 ensure we have -pie too 2022-11-16 12:47:43 +01:00
Florent Daigniere
7ab3d8f9fe There is no good reason not to export them is the base image too 2022-11-16 12:34:45 +01:00
Florent Daigniere
aa44a42654 ensure we compile the wheels with bells and whistles too 2022-11-16 12:33:05 +01:00
Florent Daigniere
04f6bd2633 simplify 2022-11-16 12:23:14 +01:00
Florent Daigniere
d43e7f72df ghostwheel42's suggestion 2022-11-16 11:55:12 +01:00
Florent Daigniere
1f895d5f82 ghostwheel42's suggestion 2022-11-16 11:53:52 +01:00
Florent Daigniere
031a157ad9 fix the linux/arm/v7 build 2022-11-15 17:25:44 +01:00
bors[bot]
04a196c417
Merge #2525 #2534
2525: Switch to GrapheneOS's hardened_malloc r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

Switch to GrapheneOS's hardened_malloc

This was suggested during the dev meeting of the 18/09/22.

It may break things and it may make things unbearably slow... but it should also make the exploitation of memory corruption bugs a lot harder.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2534: Close #2533: document SQLALCHEMY_DATABASE_URI r=mergify[bot] a=nextgens

## What type of PR?

documentation

## What does this PR do?

document SQLALCHEMY_DATABASE_URI

### Related issue(s)
- closes #2533

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-15 12:28:19 +00:00
Florent Daigniere
81628149a2 don't fake the library 2022-11-15 09:17:06 +01:00
Florent Daigniere
9b2f018be6 add --no-cache 2022-11-15 09:09:47 +01:00
Florent Daigniere
455180043d doh 2022-11-14 09:34:43 +01:00
Florent Daigniere
f11c451403 Restrict it to arch where there is a package 2022-11-11 14:12:54 +01:00
Florent Daigniere
97df65e9ef Switch to GrapheneOS's hardened_malloc
This was suggested during the dev meeting of the 18/09/22.

It may break things and it may make things unbearably slow
2022-11-11 13:56:04 +01:00
Alexander Graf
1ae9156756
Add bcyrpt as direct dependency for better crypto. Also some updates 2022-11-08 13:27:33 +01:00
Alexander Graf
047413185e
Mask Flask-SQLAlchemy >= 3.0.0 for now as it breaks mailu 2022-11-08 13:27:33 +01:00
Alexander Graf
7e36694b64
Update python deps 2022-11-08 13:27:33 +01:00
bors[bot]
e0ff135a00
Merge #2498
2498: Implement ITERATE in podop r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

This makes ``doveadm -A`` work.

The easiest way to try it out is:
```
doveadm dict iter proxy:/tmp/podop.socket:auth shared/userdb

or 

doveadm user '*'
```

The protocol is described at https://doc.dovecot.org/developer_manual/design/dict_protocol/
The current version of dovecot is not using flags... so there's little gain in implementing them.

### Related issue(s)
- close #2499

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-11-03 16:54:24 +00:00
Florent Daigniere
ff9f152a52 This may be helpful too 2022-11-01 14:11:59 +01:00
Florent Daigniere
5137b235e9 whitelist what we know works
If other people use other arch and want their builds to go faster we can
whitelist them too after they have confirmed it works.
2022-11-01 13:47:21 +01:00
Alexander Graf
a2d43be6de
Fix building wheels when deps need to compile 2022-11-01 11:02:21 +01:00
Alexander Graf
bba98b320e
Fix armv7 build by manually downloading crates.io index 2022-10-31 23:40:51 +01:00
Florent Daigniere
6def1b555b doh 2022-10-31 10:06:55 +01:00
Florent Daigniere
96d9289630 No need to send an extra \n 2022-10-30 22:12:15 +01:00
Florent Daigniere
cdc9b63a46 Guard the message logging too 2022-10-30 21:54:03 +01:00
Florent Daigniere
2a417dbfc2 doesn't belong here 2022-10-30 21:51:29 +01:00
Florent Daigniere
1ce889b91b Do it the pythonic way 2022-10-30 21:43:34 +01:00
Florent Daigniere
e10527a4bf This is not used anymore 2022-10-30 21:33:10 +01:00
Florent Daigniere
1ae4c37cb9 Don't do fancy, just re-raise it 2022-10-30 21:25:34 +01:00
Florent Daigniere
5ec4277e1e Make it async. I'm not sure it's a good idea 2022-10-30 21:11:45 +01:00
Florent Daigniere
cf34be967c Implement ITERATE 2022-10-30 20:15:10 +01:00