3555 Commits (3e51d15b03f84ce5e74ea9f869a4c9649b8f9205)
 

Author SHA1 Message Date
bors[bot] 94bbd25fe8
Merge #2141
2141: update roundcube to 1.5.2 (security fix) r=mergify[bot] a=willofr

New roundcube release (1.5.2) where a XSS is addressed: https://roundcube.net/news/2021/12/30/update-1.5.2-released

## What type of PR?
security fix

## What does this PR do?
Update roundcube from 1.5.1 to 1.5.2
This update fixes an XSS: https://roundcube.net/news/2021/12/30/update-1.5.2-released

### Related issue(s)
None

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: willofr <willofr@users.noreply.github.com>
3 years ago
bors[bot] a5f6f9676b
Merge #2140
2140: Fix 2138: Pin DANE with the full cert r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Pin the intermediates rather than the root for DANE. If you have setup TLSA records following previous suggestion from Mailu please update them.

This hasn't been tested.

The four options here are:
- stop suggesting DANE records
- send the root CA (4096 bits extra per handshake!)
- pin the intermediates : the downside is that these are only valid for 3y, see https://letsencrypt.org/certificates/ and we should pin 4: R3,R4,E1,E2
- setup a 'full' DANE record in DNS (this is what this PR does)

The high priority is warranted by the fact that some SMTP servers may not trust root CAs and may enforce DANE strictly (it may break things).

### Related issue(s)
- close #2138

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
3 years ago
Florent Daigniere 98973223fd
reduce TTL to 1d 3 years ago
willofr f330a518fa
Create 2141.bugfix 3 years ago
willofr 93a94d33ce
update roundcube to 1.5.2 (security fix)
New roundcube release (1.5.2) where a XSS is addressed: https://roundcube.net/news/2021/12/30/update-1.5.2-released
3 years ago
Florent Daigniere 792893caae change TTL to 1y 3 years ago
Florent Daigniere 671f3e382a Fix 2138: Pin DANE with the full cert 3 years ago
bors[bot] 6953ee6bde
Merge #2132
2132: Fixes #2131 - Carddav synchronization issue r=mergify[bot] a=bkraul

## What type of PR?

bug-fix

## What does this PR do?
Adds php support for `simplexml` extension which is apparently needed by rainloop to handle carddav synchronizations.

### Related issue(s)
- closes #2131

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: bkraul <bkraul@belmankraul.com>
3 years ago
bors[bot] 393b28a420
Merge #2130
2130: Fix 2125: Make the caller responsible to know whether the rate-limit code should be called or not r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Make the caller responsible to know whether the rate-limit code should be called or not. If the webmail isn't configured its address can't be determined.

The rate limiting code should always be called except when we are verifying temporary tokens from the webmail.

### Related issue(s)
- close #2125 
- close #2129 
- close #2128

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
bkraul d494dd7d2a Fixes #2131 3 years ago
Florent Daigniere e42947a815 towncrier 3 years ago
Florent Daigniere 7f89a29790 Fix 2125
Make the caller responsible to know whether the rate-limit code should
be called or not
3 years ago
bors[bot] 3453d12ccb
Merge #2121
2121: Update CHANGELOG.md with items that were not added by mistake. r=mergify[bot] a=Diman0

## What type of PR?

documentation

## What does this PR do?

Due to using the wrong suffix, a lot of newsfragments were not added to the CHANGELOG.md.
This PR amends this. This PR should be backported as well. Otherwise it is very difficult to see what newsfragments are relevant for a new x.y.z. release.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Dimitri Huisman 86eb8f2331 Add newsfragment for PR #2121. 3 years ago
Dimitri Huisman 0f0a2be736 Update CHANGELOG.md with items that were not added by mistake. 3 years ago
bors[bot] dbdd1c85a0
Merge #2119
2119: Fix #2117. Gpg-agent package was missing for roundcube image. r=mergify[bot] a=Diman0

## What type of PR?

Bug fix

## What does this PR do?
In the past gpg-agent was installed as dependency of gpg for the roundcube image.
The packages gpg and gpgagent are used by the enigmail plugin in roundcube. This plugin is one of the default plugins for roundcube.
After updating to a newer php (debian) image in 1.9, gpg-agent is not installed anymore together with gpg. I suspect this was changed in a newer debian version.

The fix has already been confirmed by the issue reporter. See #2117.

### Related issue(s)
- closes #2117 


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere f8bc7c56a1 typo 3 years ago
Dimitri Huisman b248026933 Fix #2117. Gpg-agent package was missing for roundcube image. 3 years ago
bors[bot] 65d905fe62
Merge #2099
2099: update Dockerfile to alpine 3.14.3 r=mergify[bot] a=willofr

## What type of PR?
Security fix

## What does this PR do?
Updated the Dockerfile to use the latest alpine version 3.14.3 where several CVEs have been fixed: https://alpinelinux.org/posts/Alpine-3.14.3-released.html
New images successfully built on my test env.

### Related issue(s)
None

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Will <will@packer-output-c8fcfb40-3d93-4475-8f87-e14a9dd683b6>
Co-authored-by: willofr <willofr@users.noreply.github.com>
3 years ago
bors[bot] 3eca813182
Merge #2116
2116: fix 2114: redirect old path r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Old paths may still be cached in browsers, it's easy enough to redirect them

### Related issue(s)
- close #2114


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
bors[bot] 4e358e91e1
Merge #2111
2111: Preparations for 1.9 release r=mergify[bot] a=Diman0

## What type of PR?

Preparations for 1.9 release.

## What does this PR do?
All changes required for the 1.9 release. This PR does not trigger the 1.9 release yet. For that we only have to create a 1.9 branch after this PR has been merged.

Please double check all the documentation. Feel free to directly commit to this branch any spelling errors you see.

After this is merged, I only have to create the 1.9 branch and update the infra project to release 1.9.

### Related issue(s)
- closes #1930

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
bors[bot] 0bdb508824
Merge #2115
2115: Update AUTHORS.md r=mergify[bot] a=ghostwheel42

Update AUTHORS.md

Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
Florent Daigniere c4675e6e75 fix 2114: redirect old path 3 years ago
Alexander Graf d29afea5ba
Update AUTHORS.md 3 years ago
Alexander Graf 9d904d1db9
changed semver example to 1.9.x 3 years ago
Florent Daigniere 0298d51003 my edits 3 years ago
Dimitri Huisman cfd6e91c29 Forgot to mention that Mailu PostgreSQL is deprecated. 3 years ago
Dimitri Huisman b4d3d4b3c9 Preparations for 1.9 release. 3 years ago
bors[bot] 14177c3f98
Merge #2097
2097: The DB_PORT and ROUNDCUBE_DB_PORT env vars were not used r=mergify[bot] a=Diman0

## What type of PR?

Bug fix

## What does this PR do?
The DB_PORT and ROUNDCUBE_DB_PORT env vars were not used and are not required. 
This PR removes these not used environment variables from the documentation.
The documentation and setup utility are enhanced with instructions how to specify a different port for the database url.

### Related issue(s)
- See #2073


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
bors[bot] a2b3b44947
Merge #2109
2109: Update AUTHORS.md r=mergify[bot] a=nextgens

Update AUTHORS.md

Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
3 years ago
Florent Daigniere 6afdd4d000
Update AUTHORS.md 3 years ago
bors[bot] 23537b513d
Merge #2108
2108: Fix build dependencies pycares r=mergify[bot] a=Erriez

## What type of PR?

Fix missing build dependencies `postfix-mta-sts-resolver` for `pycares` which requires `py3-wheel` and `libffi-dev` packages.
Restore virtual build in single RUN line.

## What does this PR do?

### Related issue(s)
- Mention an issue like: #2106
- Auto close an issue like: closes #2106

Co-authored-by: Erriez <Erriez@users.noreply.github.com>
3 years ago
Erriez 4b0694705c Fix build dependencies pycares 3 years ago
bors[bot] 3be34eaa3e
Merge #2107
2107: Remove weblate from documentation r=mergify[bot] a=Diman0

## What type of PR?

documentation

## What does this PR do?
See #1869. The weblate instance is not available anymore. Therefore this not available weblate instance should not be mentioned in the documentation anymore.

This PR removes it from the documentation

### Related issue(s)
- #1869

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.



Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Dimitri Huisman c957911220 Remove weblate option from documentation since it is not available anymore. 3 years ago
bors[bot] 081d443d66
Merge #2101
2101: Fix documentation  INITIAL_ADMIN_* variables r=mergify[bot] a=Erriez

## What type of PR?

Fix `master` documentation `INITIAL_ADMIN_*` environment variables:
- `setup.rst`
- `configuration.rst`

## What does this PR do?

Fix documentation `Docker Compose setup` and `Web settings | Admin account`.

### Related issue(s)
- Mention an issue like: #2092
- Auto close an issue like: closes #2092

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Erriez <Erriez@users.noreply.github.com>
3 years ago
bors[bot] cd8479414e
Merge #2103
2103: Fix issue 2102 (bug introduced in 2098) r=mergify[bot] a=Diman0

## What type of PR?

Bug-fix

## What does this PR do?
The changes to session management introduced in #2094 #2098 introduced new bugs. This PR addresses these.

### Related issue(s)
- Auto close an issue like: closes #2102

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Erriez 10756cef7b Fix typo configuration.rst 3 years ago
Dimitri Huisman 51d94b8d14 Fix issue 2102 3 years ago
Erriez 4c52cf1d6a Rewording INITIAL_ADMIN_MODE documentation 3 years ago
Erriez 83d9a81f0f Fix documentation INITIAL_ADMIN_* variables 3 years ago
bors[bot] ee5fc81b07
Merge #2098
2098: Sessions tweaks2 r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Additional tweaks suggested by `@ghostwheel42:`
- fix cleanup_sessions (important)
- ensure we delete tokens on delete()

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
willofr 83bd3b27aa
Create 2099.bugfix 3 years ago
Will b2abbc8856 update Dockerfile to alpine 3.14.3 3 years ago
Florent Daigniere bee6e980e3 doh 3 years ago
Florent Daigniere 6d5926ef29 prettify 3 years ago
Florent Daigniere 58d0faff7f ensure we clear the token on delete() 3 years ago
Florent Daigniere 2b29cfb3f0 fix cleanup_sessions() 3 years ago
Florent Daigniere f0247a2faf Use self where appropriate 3 years ago
Florent Daigniere c161a2c987 syntax 3 years ago