4164 Commits (31faee4218a545bad3f2c9f88c73b9297cb59d2c)
 

Author SHA1 Message Date
Florent Daigniere e94f6eaf33 towncrier 2 years ago
Florent Daigniere 9e61a33cb2 Merge branch 'master' of https://github.com/Mailu/Mailu into webmail-hardening 2 years ago
bors[bot] 6a3daa75ac
Merge #2539
2539: Upgrade alpine, make setup use the base image r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade alpine, make setup use the base image, introduce a health-check, drop privileges. Drop privileges on admin too.

It may or may not help #2536

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere f994c8687e doh 2 years ago
Florent Daigniere 44c47586ea Fix potential permission problems 2 years ago
Florent Daigniere d3d7916b58 Merge remote-tracking branch 'upstream/master' into upgrade-alpine 2 years ago
bors[bot] c1da586444
Merge #2526
2526: Upgrade Snappymail to 2.21 and merge the webmail containers r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade Snappymail to 2.21 and merge the webmail containers. This will make the CI faster and should simplify things going forward (hardening but also allow running more than one webmail at the time, ...).

- enable APCu
- add new test to ensure we redirect to SSO and have disabled the admin panel
- add all the packaged dictionaries for spell checking
- harden the configuration of the webmails a bit (more to come in a separate PR)
- turn off deprecation warnings (php8.1 is too new)
- turn off error reporting (log them instead)
- return HTTP302 when we should
- gpg-verify the signature of the webmails we ship
- upgrade to snappymail 2.21, switch to the new json config format
- use socrates as it's meant to so that helm users can do their thing
- run the HTTPd and PHP as different users
- redirect the PHP errors to stderr

## Related issue(s)
- closes #2466
- closes #948
- closes #2250

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere ab852772f9 Bump snappymail to 2.21.3 2 years ago
Florent Daigniere 28d720bbc9 As requested 2 years ago
bors[bot] d650a9cc0f
Merge #2548
2548: Fetchmail improvements (2) r=mergify[bot] a=nextgens

Follow-up to #2529

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere 45b01db9de Fix the language switcher 2 years ago
Florent Daigniere 3fc0a0e7fa Merge branch 'master' of https://github.com/Mailu/Mailu into fetchmail-improvements 2 years ago
Florent Daigniere 4da2db1b0b add comment as requested 2 years ago
Florent Daigniere c79e8d3852 Fix display bug 2 years ago
bors[bot] 553b02fb3d
Merge #2529
2529: Improve fetchmail r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Improve fetchmail:
- allow delivery via LMTP (faster, bypassing the filters)
- allow several folders to be retrieved
- run fetchmail as non-root
- tweak the compose file to ensure we have all the dependencies

### Related issue(s)
- closes #1231 
- closes #2246 
- closes #711

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2 years ago
bors[bot] 31c6c26ec8
Merge #2547
2547: Disable libhardened-malloc for non x86. r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Support is going to be a nightmare if RPI4 is not working; We can always reintroduce it later.

### Related issue(s)
- closes #2541 


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
bors[bot] 604eb69122
Merge #2545
2545: Don't force a password reset r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't force a password reset. You may want to edit the user without changing his password.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere dcf11aea48 Don't force a password reset 2 years ago
Florent Daigniere db9ed1fd59 Disable libhardened-malloc for non x86.
@see #2541

Support is going to be a nightmare if RPI4 is not working.
2 years ago
Florent Daigniere f802601a08
Update f4f0f89e0047_.py 2 years ago
Florent Daigniere d5ac9199a0
Update 7ac252f2bbbf_.py 2 years ago
Florent Daigniere 7822b41048 same for domains 2 years ago
Florent Daigniere ef9cc3c866 Show spoofing on /admin/user/list too 2 years ago
Florent Daigniere 38507b2e1b Close #2372: Implement a GUI for WILDCARD_SENDERS 2 years ago
Florent Daigniere 6a22c82c02 Fix run_dev 2 years ago
Florent Daigniere cf7404e26c Fix #2242: Make quotas adjustable in 50MiB increments 2 years ago
Florent Daigniere b20bf996ec Fix #2231: make public announcements work 2 years ago
Florent Daigniere e2d4e3eb2e Implement header authentication via external proxy 2 years ago
Florent Daigniere 840b2bd9df block o:0:{} too 2 years ago
Florent Daigniere 017ea5298e typo 2 years ago
Florent Daigniere 2a4f6836cf protect unserialize() 2 years ago
Florent Daigniere e5ab9821f9 Add snuffleupagus
This seems to work in my limited testing.
2 years ago
Florent Daigniere bdc085048d Restore the Dockerfile like it was 2 years ago
Florent Daigniere b28798c74f doh 2 years ago
Florent Daigniere 1bfab1dbfa Maybe fix the test? 2 years ago
Florent Daigniere 6137f93d23 add a GTUBE test to check the antispam 2 years ago
Florent Daigniere 3cb87b6e49 Update entry 2 years ago
Florent Daigniere e3b875aa6b Well, -i stands for --insecure 2 years ago
Florent Daigniere 3b5b00d87d towncrier 2 years ago
Florent Daigniere e79d7fed55 Reduce the number of warnings on the CI 2 years ago
Florent Daigniere 699be6f9fa Drop privs when running admin too 2 years ago
Florent Daigniere 42cd5bf2dc Move it to base since admin will also use it 2 years ago
Florent Daigniere 80559ecb71 optimize caching 2 years ago
Florent Daigniere 21b9f76ebc setup doesn't need root 2 years ago
Florent Daigniere e5a1a353db Upgrade to alpine 3.16.3
This has PHP fixes and a new rspamd
2 years ago
Florent Daigniere 86637f0259 Make setup use the base image 2 years ago
bors[bot] 68bb8da2b7
Merge #2538
2538: Fix the ARM build again r=mergify[bot] a=nextgens

I have double-checked from the builder and this works.

gcc -v from the alpine image tells me that we have  ``--enable-default-pie``

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere 7745420fe0 Fix the ARM build again 2 years ago
bors[bot] b66f3fe9de
Merge #2537
2537: Fix the armv7 build (again)! r=mergify[bot] a=nextgens

Revert "simplify": ghostwheel42's approach was right
This reverts commit 04f6bd2633.

Without the build still errors-out because of ``set -euxo pipefail``
see https://github.com/Mailu/Mailu/actions/runs/3479399158/jobs/5817902589

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere b9b0c77d2e Revert "simplify": ghostwheel42's approach was right
This reverts commit 04f6bd2633.
2 years ago