From 8a5f9f464ad170da78c0595314cf598ed80797db Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sat, 8 May 2021 07:59:51 -0400
Subject: [PATCH 1/8] Download Z-Push from alternate site

The old server has been down for a few days.

Solution from https://discourse.mailinabox.email/t/temporary-fix-for-failed-wget-o-tmp-z-push-zip-https-stash-z-hub-io/8028. Fixes #1974.
---
 setup/zpush.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/setup/zpush.sh b/setup/zpush.sh
index 1a84e86a..fa564188 100755
--- a/setup/zpush.sh
+++ b/setup/zpush.sh
@@ -23,7 +23,7 @@ phpenmod -v php imap
 
 # Copy Z-Push into place.
 VERSION=2.6.2
-TARGETHASH=4b312d64227ef887b24d9cc8f0ae17519586f6e2
+TARGETHASH=f0e8091a8030e5b851f5ba1f9f0e1a05b8762d80
 needs_update=0 #NODOC
 if [ ! -f /usr/local/lib/z-push/version ]; then
 	needs_update=1 #NODOC
@@ -33,12 +33,12 @@ elif [[ $VERSION != `cat /usr/local/lib/z-push/version` ]]; then
 fi
 if [ $needs_update == 1 ]; then
 	# Download
-	wget_verify "https://stash.z-hub.io/rest/api/latest/projects/ZP/repos/z-push/archive?at=refs%2Ftags%2F$VERSION&format=zip" $TARGETHASH /tmp/z-push.zip
+	wget_verify "https://github.com/Z-Hub/Z-Push/archive/refs/tags/$VERSION.zip" $TARGETHASH /tmp/z-push.zip
 
 	# Extract into place.
 	rm -rf /usr/local/lib/z-push /tmp/z-push
 	unzip -q /tmp/z-push.zip -d /tmp/z-push
-	mv /tmp/z-push/src /usr/local/lib/z-push
+	mv /tmp/z-push/*/src /usr/local/lib/z-push
 	rm -rf /tmp/z-push.zip /tmp/z-push
 
 	rm -f /usr/sbin/z-push-{admin,top}

From 2e7f2835e734ff1bd02830953b5476fa66866336 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sat, 8 May 2021 08:12:53 -0400
Subject: [PATCH 2/8] v0.53a

---
 CHANGELOG.md       | 5 +++++
 README.md          | 2 +-
 setup/bootstrap.sh | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a75a9a43..09b4c15e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+v0.53a (May 8, 2021)
+--------------------
+
+The download URL for Z-Push has been revised becaue the old URL stopped working.
+
 v0.53 (April 12, 2021)
 ----------------------
 
diff --git a/README.md b/README.md
index 2813ed73..e08312fa 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ Clone this repository and checkout the tag corresponding to the most recent rele
 
 	$ git clone https://github.com/mail-in-a-box/mailinabox
 	$ cd mailinabox
-	$ git checkout v0.53
+	$ git checkout v0.53a
 
 Begin the installation.
 
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index d804cadf..80ea2078 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
 	# want to display in status checks.
 	if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
 		# This machine is running Ubuntu 18.04.
-		TAG=v0.53
+		TAG=v0.53a
 
 	elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
 		# This machine is running Ubuntu 14.04.

From 16e81e14392ed70ce36c241b53c83e2751060e5f Mon Sep 17 00:00:00 2001
From: jvolkenant <jeff@volkenant.net>
Date: Sat, 8 May 2021 05:18:49 -0700
Subject: [PATCH 3/8] Fix to allow for non forced "enforce" MTA_STS_MODE
 (#1970)

---
 setup/start.sh |  2 +-
 setup/web.sh   | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/setup/start.sh b/setup/start.sh
index 0cca66be..bd743ac5 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -94,7 +94,7 @@ PUBLIC_IP=$PUBLIC_IP
 PUBLIC_IPV6=$PUBLIC_IPV6
 PRIVATE_IP=$PRIVATE_IP
 PRIVATE_IPV6=$PRIVATE_IPV6
-MTA_STS_MODE=${MTA_STS_MODE-}
+MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce}
 EOF
 
 # Start service configuration.
diff --git a/setup/web.sh b/setup/web.sh
index 42c301ec..4433ff0d 100755
--- a/setup/web.sh
+++ b/setup/web.sh
@@ -126,13 +126,13 @@ chmod a+r /var/lib/mailinabox/mozilla-autoconfig.xml
 # nginx configuration at /.well-known/mta-sts.txt
 # more documentation is available on: 
 # https://www.uriports.com/blog/mta-sts-explained/
-# default mode is "enforce". Change to "testing" which means
-# "Messages will be delivered as though there was no failure
-# but a report will be sent if TLS-RPT is configured" if you
-# are not sure you want this yet. Or "none".
+# default mode is "enforce". In /etc/mailinabox.conf change
+# "MTA_STS_MODE=testing" which means "Messages will be delivered
+# as though there was no failure but a report will be sent if
+# TLS-RPT is configured" if you are not sure you want this yet. Or "none".
 PUNY_PRIMARY_HOSTNAME=$(echo "$PRIMARY_HOSTNAME" | idn2)
 cat conf/mta-sts.txt \
-        | sed "s/MODE/${MTA_STS_MODE:-enforce}/" \
+        | sed "s/MODE/${MTA_STS_MODE}/" \
         | sed "s/PRIMARY_HOSTNAME/$PUNY_PRIMARY_HOSTNAME/" \
          > /var/lib/mailinabox/mta-sts.txt
 chmod a+r /var/lib/mailinabox/mta-sts.txt

From 49813534bdaeaa82e3ac1ee70b78e91af5783dba Mon Sep 17 00:00:00 2001
From: jvolkenant <jeff@volkenant.net>
Date: Sat, 8 May 2021 05:24:04 -0700
Subject: [PATCH 4/8] Updated Nextcloud to 20.0.8, contacts to 3.5.1, calendar
 to 2.2.0 (#1960)

---
 setup/nextcloud.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh
index 3d865359..57e5e039 100755
--- a/setup/nextcloud.sh
+++ b/setup/nextcloud.sh
@@ -97,12 +97,12 @@ InstallNextcloud() {
 }
 
 # Nextcloud Version to install. Checks are done down below to step through intermediate versions.
-nextcloud_ver=20.0.1
-nextcloud_hash=f2b3faa570c541df73f209e873a1c2852e79eab8
-contacts_ver=3.4.1
-contacts_hash=aee680a75e95f26d9285efd3c1e25cf7f3bfd27e
-calendar_ver=2.1.2
-calendar_hash=930c07863bb7a65652dec34793802c8d80502336
+nextcloud_ver=20.0.8
+nextcloud_hash=372b0b4bb07c7984c04917aff86b280e68fbe761
+contacts_ver=3.5.1
+contacts_hash=d2ffbccd3ed89fa41da20a1dff149504c3b33b93
+calendar_ver=2.2.0
+calendar_hash=673ad72ca28adb8d0f209015ff2dca52ffad99af
 user_external_ver=1.0.0
 user_external_hash=3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
 

From 12aaebfc54972cab4edd990f1eec519535314a69 Mon Sep 17 00:00:00 2001
From: Jawad Seddar <jawad.seddar@gmail.com>
Date: Sat, 8 May 2021 14:25:33 +0200
Subject: [PATCH 5/8] `custom.yaml`: add support for X-Frame-Options header and
 proxy_redirect off (#1954)

---
 management/web_update.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/management/web_update.py b/management/web_update.py
index 83aa91bf..5048cbab 100644
--- a/management/web_update.py
+++ b/management/web_update.py
@@ -160,17 +160,27 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 			for path, url in yaml.get("proxies", {}).items():
 				# Parse some flags in the fragment of the URL.
 				pass_http_host_header = False
+				proxy_redirect_off = False
+				frame_options_header_sameorigin = False
 				m = re.search("#(.*)$", url)
 				if m:
 					for flag in m.group(1).split(","):
 						if flag == "pass-http-host":
 							pass_http_host_header = True
+						elif flag == "no-proxy-redirect":
+							proxy_redirect_off = True
+						elif flag == "frame-options-sameorigin":
+							frame_options_header_sameorigin = True
 					url = re.sub("#(.*)$", "", url)
 
 				nginx_conf_extra += "\tlocation %s {" % path
 				nginx_conf_extra += "\n\t\tproxy_pass %s;" % url
+				if proxy_redirect_off:
+					nginx_conf_extra += "\n\t\tproxy_redirect off;"
 				if pass_http_host_header:
 					nginx_conf_extra += "\n\t\tproxy_set_header Host $http_host;"
+				if frame_options_header_sameorigin:
+					nginx_conf_extra += "\n\t\tproxy_set_header X-Frame-Options SAMEORIGIN;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Host $http_host;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Proto $scheme;"
@@ -251,3 +261,4 @@ def get_web_domains_info(env):
 		}
 		for domain in get_web_domains(env)
 	]
+

From bc4ae51c2d19c7753d1c2e65bc26b443dd5048c8 Mon Sep 17 00:00:00 2001
From: Hala Alajlan <36444614+halaalajlan@users.noreply.github.com>
Date: Sat, 8 May 2021 15:26:40 +0300
Subject: [PATCH 6/8] Handle query dns timeout unhandled error (#1950)

Co-authored-by: hala alajlan <halalajlan@gmail.com>
---
 management/status_checks.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/management/status_checks.py b/management/status_checks.py
index 607fd578..1b2a16ca 100755
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -664,6 +664,8 @@ def check_mail_domain(domain, env, output):
 
 	if mx is None:
 		mxhost = None
+	elif mx == "[timeout]":
+        mxhost = None
 	else:
 		# query_dns returns a semicolon-delimited list
 		# of priority-host pairs.

From 3701e05d925fe780e1a43e4d54b247473136f841 Mon Sep 17 00:00:00 2001
From: Thomas Urban <soletan@users.noreply.github.com>
Date: Sat, 8 May 2021 14:30:53 +0200
Subject: [PATCH 7/8] Rewrite envelope from address in sieve forwards (#1949)

Fixes #1946.
---
 setup/mail-dovecot.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index b569c40d..26d32895 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -183,6 +183,7 @@ plugin {
   sieve_after = $STORAGE_ROOT/mail/sieve/global_after
   sieve = $STORAGE_ROOT/mail/sieve/%d/%n.sieve
   sieve_dir = $STORAGE_ROOT/mail/sieve/%d/%n
+  sieve_redirect_envelope_from = recipient
 }
 EOF
 

From d4c5872547ee0222759be7c195a358698c5dfa66 Mon Sep 17 00:00:00 2001
From: "John @ S4" <64874788+John-S4@users.noreply.github.com>
Date: Sat, 8 May 2021 05:32:58 -0700
Subject: [PATCH 8/8] Make clear that non-AWS S3 backups are supported (#1947)

Just a few wording changes to show that it is possible to make S3 backups to other services than AWS - prompted by a thread on MIAB discourse.
---
 management/templates/system-backup.html | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/management/templates/system-backup.html b/management/templates/system-backup.html
index 7cdc3803..a63b38e6 100644
--- a/management/templates/system-backup.html
+++ b/management/templates/system-backup.html
@@ -5,7 +5,7 @@
 
 <h2>Backup Status</h2>
 
-<p>The box makes an incremental backup each night. By default the backup is stored on the machine itself, but you can also have it stored on Amazon S3.</p>
+<p>The box makes an incremental backup each night. By default the backup is stored on the machine itself, but you can also store in on S3-compatible services like Amazon Web Services (AWS).</p>
 
 <h3>Configuration</h3>
 
@@ -17,7 +17,7 @@
         <option value="off">Nowhere (Disable Backups)</option>
         <option value="local">{{hostname}}</option>
         <option value="rsync">rsync</option>
-        <option value="s3">Amazon S3</option>
+        <option value="s3">S3 (Amazon or compatible) </option>
         <option value="b2">Backblaze B2</option>
       </select>
     </div>
@@ -73,8 +73,8 @@
   <!-- S3 BACKUP -->
   <div class="form-group backup-target-s3">
     <div class="col-sm-10 col-sm-offset-2">
-      <p>Backups are stored in an Amazon Web Services S3 bucket. You must have an AWS account already.</p>
-      <p>You MUST manually copy the encryption password from <tt class="backup-encpassword-file"></tt> to a safe and secure location. You will need this file to decrypt backup files. It is NOT stored in your Amazon S3 bucket.</p>
+      <p>Backups are stored in an S3-compatible bucket. You must have an AWS or other S3 service account already.</p>
+      <p>You MUST manually copy the encryption password from <tt class="backup-encpassword-file"></tt> to a safe and secure location. You will need this file to decrypt backup files. It is <b>NOT</b> stored in your S3 bucket.</p>
     </div>
   </div>
   <div class="form-group backup-target-s3">
@@ -84,7 +84,7 @@
         {% for name, host in backup_s3_hosts %}
           <option value="{{host}}">{{name}}</option>
         {% endfor %}
-        <option value="other">Other</option>
+        <option value="other">Other (non AWS)</option>
       </select>
     </div>
   </div>
@@ -343,4 +343,4 @@ function init_inputs(target_type) {
     set_host($('#backup-target-s3-host-select').val());
   }
 }
-</script>
\ No newline at end of file
+</script>