Merge remote-tracking branch 'upstream/main' into main

2025-06-07 18:50:54 +00:00 · 2021-05-08 15:04:07 +02:00 · 2021-05-08 15:04:07 +02:00 · 0cd8d7f203
commit 0cd8d7f203
parent 91df3ac550 d4c5872547
11 changed files with 42 additions and 23 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,11 @@ In Development
 * Migrate to the ECDSAP256SHA256 DNSSEC algorithm. If a DS record is set for any of your domain names that have DNS hosted on your box, you will be prompted by status checks to update the DS record.
 * Roundcube's login cookie is updated to use a new encryption algorithm (AES-256-CBC instead of DES-EDE-CBC).

+v0.53a (May 8, 2021)
+--------------------
+
+The download URL for Z-Push has been revised becaue the old URL stopped working.
+
 v0.53 (April 12, 2021)
 ----------------------

--- a/README.md
+++ b/README.md
@ -58,7 +58,7 @@ Clone this repository and checkout the tag corresponding to the most recent rele

 	$ git clone https://github.com/mail-in-a-box/mailinabox
 	$ cd mailinabox
-	$ git checkout v0.53
+	$ git checkout v0.53a

 Begin the installation.

--- a/management/status_checks.py
+++ b/management/status_checks.py
@ -664,6 +664,8 @@ def check_mail_domain(domain, env, output):

 	if mx is None:
 		mxhost = None
+	elif mx == "[timeout]":
+        mxhost = None
 	else:
 		# query_dns returns a semicolon-delimited list
 		# of priority-host pairs.
--- a/management/templates/system-backup.html
+++ b/management/templates/system-backup.html
@ -5,7 +5,7 @@

 <h2>Backup Status</h2>

-<p>The box makes an incremental backup each night. By default the backup is stored on the machine itself, but you can also have it stored on Amazon S3.</p>
+<p>The box makes an incremental backup each night. By default the backup is stored on the machine itself, but you can also store in on S3-compatible services like Amazon Web Services (AWS).</p>

 <h3>Configuration</h3>

@ -17,7 +17,7 @@
        <option value="off">Nowhere (Disable Backups)</option>
        <option value="local">{{hostname}}</option>
        <option value="rsync">rsync</option>
-        <option value="s3">Amazon S3</option>
+        <option value="s3">S3 (Amazon or compatible) </option>
        <option value="b2">Backblaze B2</option>
      </select>
    </div>
@ -73,8 +73,8 @@
  <!-- S3 BACKUP -->
  <div class="form-group backup-target-s3">
    <div class="col-sm-10 col-sm-offset-2">
-      <p>Backups are stored in an Amazon Web Services S3 bucket. You must have an AWS account already.</p>
-      <p>You MUST manually copy the encryption password from <tt class="backup-encpassword-file"></tt> to a safe and secure location. You will need this file to decrypt backup files. It is NOT stored in your Amazon S3 bucket.</p>
+      <p>Backups are stored in an S3-compatible bucket. You must have an AWS or other S3 service account already.</p>
+      <p>You MUST manually copy the encryption password from <tt class="backup-encpassword-file"></tt> to a safe and secure location. You will need this file to decrypt backup files. It is <b>NOT</b> stored in your S3 bucket.</p>
    </div>
  </div>
  <div class="form-group backup-target-s3">
@ -84,7 +84,7 @@
        {% for name, host in backup_s3_hosts %}
          <option value="{{host}}">{{name}}</option>
        {% endfor %}
-        <option value="other">Other</option>
+        <option value="other">Other (non AWS)</option>
      </select>
    </div>
  </div>
@ -343,4 +343,4 @@ function init_inputs(target_type) {
    set_host($('#backup-target-s3-host-select').val());
  }
 }
-</script>
+</script>
--- a/management/web_update.py
+++ b/management/web_update.py
@ -160,17 +160,27 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 			for path, url in yaml.get("proxies", {}).items():
 				# Parse some flags in the fragment of the URL.
 				pass_http_host_header = False
+				proxy_redirect_off = False
+				frame_options_header_sameorigin = False
 				m = re.search("#(.*)$", url)
 				if m:
 					for flag in m.group(1).split(","):
 						if flag == "pass-http-host":
 							pass_http_host_header = True
+						elif flag == "no-proxy-redirect":
+							proxy_redirect_off = True
+						elif flag == "frame-options-sameorigin":
+							frame_options_header_sameorigin = True
 					url = re.sub("#(.*)$", "", url)

 				nginx_conf_extra += "\tlocation %s {" % path
 				nginx_conf_extra += "\n\t\tproxy_pass %s;" % url
+				if proxy_redirect_off:
+					nginx_conf_extra += "\n\t\tproxy_redirect off;"
 				if pass_http_host_header:
 					nginx_conf_extra += "\n\t\tproxy_set_header Host $http_host;"
+				if frame_options_header_sameorigin:
+					nginx_conf_extra += "\n\t\tproxy_set_header X-Frame-Options SAMEORIGIN;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Host $http_host;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Proto $scheme;"
@ -251,3 +261,4 @@ def get_web_domains_info(env):
 		}
 		for domain in get_web_domains(env)
 	]
+
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
 	# want to display in status checks.
 	if [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' )" == "Ubuntu 18.04 LTS" ]; then
 		# This machine is running Ubuntu 18.04.
-		TAG=v0.53
+		TAG=v0.53a

 	elif [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' )" == "Ubuntu 14.04 LTS" ]; then
 		# This machine is running Ubuntu 14.04.
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@ -183,6 +183,7 @@ plugin {
  sieve_after = $STORAGE_ROOT/mail/sieve/global_after
  sieve = $STORAGE_ROOT/mail/sieve/%d/%n.sieve
  sieve_dir = $STORAGE_ROOT/mail/sieve/%d/%n
+  sieve_redirect_envelope_from = recipient
 }
 EOF

--- a/setup/nextcloud.sh
+++ b/setup/nextcloud.sh
@ -97,12 +97,12 @@ InstallNextcloud() {
 }

 # Nextcloud Version to install. Checks are done down below to step through intermediate versions.
-nextcloud_ver=20.0.1
-nextcloud_hash=f2b3faa570c541df73f209e873a1c2852e79eab8
-contacts_ver=3.4.1
-contacts_hash=aee680a75e95f26d9285efd3c1e25cf7f3bfd27e
-calendar_ver=2.1.2
-calendar_hash=930c07863bb7a65652dec34793802c8d80502336
+nextcloud_ver=20.0.8
+nextcloud_hash=372b0b4bb07c7984c04917aff86b280e68fbe761
+contacts_ver=3.5.1
+contacts_hash=d2ffbccd3ed89fa41da20a1dff149504c3b33b93
+calendar_ver=2.2.0
+calendar_hash=673ad72ca28adb8d0f209015ff2dca52ffad99af
 user_external_ver=1.0.0
 user_external_hash=3bf2609061d7214e7f0f69dd8883e55c4ec8f50a

--- a/setup/start.sh
+++ b/setup/start.sh
@ -94,7 +94,7 @@ PUBLIC_IP=$PUBLIC_IP
 PUBLIC_IPV6=$PUBLIC_IPV6
 PRIVATE_IP=$PRIVATE_IP
 PRIVATE_IPV6=$PRIVATE_IPV6
-MTA_STS_MODE=${MTA_STS_MODE-}
+MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce}
 EOF

 # Start service configuration.
--- a/setup/web.sh
+++ b/setup/web.sh
@ -126,13 +126,13 @@ chmod a+r /var/lib/mailinabox/mozilla-autoconfig.xml
 # nginx configuration at /.well-known/mta-sts.txt
 # more documentation is available on: 
 # https://www.uriports.com/blog/mta-sts-explained/
-# default mode is "enforce". Change to "testing" which means
-# "Messages will be delivered as though there was no failure
-# but a report will be sent if TLS-RPT is configured" if you
-# are not sure you want this yet. Or "none".
+# default mode is "enforce". In /etc/mailinabox.conf change
+# "MTA_STS_MODE=testing" which means "Messages will be delivered
+# as though there was no failure but a report will be sent if
+# TLS-RPT is configured" if you are not sure you want this yet. Or "none".
 PUNY_PRIMARY_HOSTNAME=$(echo "$PRIMARY_HOSTNAME" | idn2)
 cat conf/mta-sts.txt \
-        | sed "s/MODE/${MTA_STS_MODE:-enforce}/" \
+        | sed "s/MODE/${MTA_STS_MODE}/" \
        | sed "s/PRIMARY_HOSTNAME/$PUNY_PRIMARY_HOSTNAME/" \
         > /var/lib/mailinabox/mta-sts.txt
 chmod a+r /var/lib/mailinabox/mta-sts.txt
--- a/setup/zpush.sh
+++ b/setup/zpush.sh
@ -23,7 +23,7 @@ phpenmod -v php imap

 # Copy Z-Push into place.
 VERSION=2.6.2
-TARGETHASH=4b312d64227ef887b24d9cc8f0ae17519586f6e2
+TARGETHASH=f0e8091a8030e5b851f5ba1f9f0e1a05b8762d80
 needs_update=0 #NODOC
 if [ ! -f /usr/local/lib/z-push/version ]; then
 	needs_update=1 #NODOC
@ -33,12 +33,12 @@ elif [[ $VERSION != $(cat /usr/local/lib/z-push/version) ]]; then
 fi
 if [ $needs_update == 1 ]; then
 	# Download
-	wget_verify "https://stash.z-hub.io/rest/api/latest/projects/ZP/repos/z-push/archive?at=refs%2Ftags%2F$VERSION&format=zip" $TARGETHASH /tmp/z-push.zip
+	wget_verify "https://github.com/Z-Hub/Z-Push/archive/refs/tags/$VERSION.zip" $TARGETHASH /tmp/z-push.zip

 	# Extract into place.
 	rm -rf /usr/local/lib/z-push /tmp/z-push
 	unzip -q /tmp/z-push.zip -d /tmp/z-push
-	mv /tmp/z-push/src /usr/local/lib/z-push
+	mv /tmp/z-push/*/src /usr/local/lib/z-push
 	rm -rf /tmp/z-push.zip /tmp/z-push

 	rm -f /usr/sbin/z-push-{admin,top}