From 674ce92e925027c4afed71bfaae658f4c1106291 Mon Sep 17 00:00:00 2001 From: matidau <65836048+matidau@users.noreply.github.com> Date: Sat, 2 Sep 2023 20:55:15 +1000 Subject: [PATCH 1/5] Fix z-push-admin broken in v60 (#2263) Update zpush.sh to create two sbin bash scripts for z-push-admin and z-push-top using PHP_VER. --- setup/zpush.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/setup/zpush.sh b/setup/zpush.sh index 3f6037bc..51b197ff 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -41,7 +41,15 @@ if [ $needs_update == 1 ]; then mv /tmp/z-push/*/src /usr/local/lib/z-push rm -rf /tmp/z-push.zip /tmp/z-push + # Create admin and top scripts with PHP_VER rm -f /usr/sbin/z-push-{admin,top} + echo '#!/bin/bash' > /usr/sbin/z-push-admin + echo php$PHP_VER /usr/local/lib/z-push/z-push-admin.php '"$@"' >> /usr/sbin/z-push-admin + chmod 755 /usr/sbin/z-push-admin + echo '#!/bin/bash' > /usr/sbin/z-push-top + echo php$PHP_VER /usr/local/lib/z-push/z-push-top.php '"$@"' >> /usr/sbin/z-push-top + chmod 755 /usr/sbin/z-push-top + echo $VERSION > /usr/local/lib/z-push/version fi From 81866de229ba6889886a9c0bf23d94d0208f3c7e Mon Sep 17 00:00:00 2001 From: Michael Heuberger Date: Sat, 2 Sep 2023 22:59:39 +1200 Subject: [PATCH 2/5] Amend --always option to all git describe commands (#2275) --- management/status_checks.py | 6 +++--- setup/bootstrap.sh | 2 +- setup/questions.sh | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/management/status_checks.py b/management/status_checks.py index b31a9818..07e7dc1d 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -800,7 +800,7 @@ def query_dns(qname, rtype, nxdomain='[Not Set]', at=None, as_list=False): # running bind server), or if the 'at' argument is specified, use that host # as the nameserver. resolver = dns.resolver.get_default_resolver() - + # Make sure at is not a string that cannot be used as a nameserver if at and at not in {'[Not set]', '[timeout]'}: resolver = dns.resolver.Resolver() @@ -912,11 +912,11 @@ def list_apt_updates(apt_update=True): return pkgs def what_version_is_this(env): - # This function runs `git describe --abbrev=0` on the Mail-in-a-Box installation directory. + # This function runs `git describe --always --abbrev=0` on the Mail-in-a-Box installation directory. # Git may not be installed and Mail-in-a-Box may not have been cloned from github, # so this function may raise all sorts of exceptions. miab_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) - tag = shell("check_output", ["/usr/bin/git", "describe", "--abbrev=0"], env={"GIT_DIR": os.path.join(miab_dir, '.git')}).strip() + tag = shell("check_output", ["/usr/bin/git", "describe", "--always", "--abbrev=0"], env={"GIT_DIR": os.path.join(miab_dir, '.git')}).strip() return tag def get_latest_miab_version(): diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh index d5ede149..ee35bcf2 100644 --- a/setup/bootstrap.sh +++ b/setup/bootstrap.sh @@ -73,7 +73,7 @@ fi cd $HOME/mailinabox # Update it. -if [ "$TAG" != $(git describe) ]; then +if [ "$TAG" != $(git describe --always) ]; then echo Updating Mail-in-a-Box to $TAG . . . git fetch --depth 1 --force --prune origin tag $TAG if ! git checkout -q $TAG; then diff --git a/setup/questions.sh b/setup/questions.sh index bf382f49..53e84bea 100644 --- a/setup/questions.sh +++ b/setup/questions.sh @@ -207,6 +207,6 @@ if [ "$PRIVATE_IPV6" != "$PUBLIC_IPV6" ]; then echo "Private IPv6 Address: $PRIVATE_IPV6" fi if [ -f /usr/bin/git ] && [ -d .git ]; then - echo "Mail-in-a-Box Version: " $(git describe) + echo "Mail-in-a-Box Version: " $(git describe --always) fi echo From 3148c621d2a1e432ecb443c287c292cd1b9fd432 Mon Sep 17 00:00:00 2001 From: Dmytro Kyrychuk Date: Sat, 2 Sep 2023 14:03:24 +0300 Subject: [PATCH 3/5] Fix issue with slash (/) characters in B2 Application Key (#2281) Urlencode B2 Application Key when saving configuration, urldecode it back when reading. Duplicity accepts urlencoded target directly, no decoding is necessary when backup is performed. Resolve #1964 --- management/backup.py | 2 +- management/templates/system-backup.html | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/management/backup.py b/management/backup.py index 06285ba5..6642419e 100755 --- a/management/backup.py +++ b/management/backup.py @@ -509,7 +509,7 @@ def list_target_files(config): # Extract information from target b2_application_keyid = target.netloc[:target.netloc.index(':')] - b2_application_key = target.netloc[target.netloc.index(':')+1:target.netloc.index('@')] + b2_application_key = urllib.parse.unquote(target.netloc[target.netloc.index(':')+1:target.netloc.index('@')]) b2_bucket = target.netloc[target.netloc.index('@')+1:] try: diff --git a/management/templates/system-backup.html b/management/templates/system-backup.html index f7305518..a49d235c 100644 --- a/management/templates/system-backup.html +++ b/management/templates/system-backup.html @@ -291,7 +291,7 @@ function show_custom_backup() { var b2_applicationkey = targetPath.split(':')[1].split('@')[0]; var b2_bucket = targetPath.split('@')[1]; $("#backup-target-b2-user").val(b2_application_keyid); - $("#backup-target-b2-pass").val(b2_applicationkey); + $("#backup-target-b2-pass").val(decodeURIComponent(b2_applicationkey)); $("#backup-target-b2-bucket").val(b2_bucket); } toggle_form() @@ -316,7 +316,7 @@ function set_custom_backup() { + "/" + $("#backup-target-rsync-path").val(); target_user = ''; } else if (target_type == "b2") { - target = 'b2://' + $('#backup-target-b2-user').val() + ':' + $('#backup-target-b2-pass').val() + target = 'b2://' + $('#backup-target-b2-user').val() + ':' + encodeURIComponent($('#backup-target-b2-pass').val()) + '@' + $('#backup-target-b2-bucket').val() target_user = ''; target_pass = ''; From df44056baec1a5dbcbd7961b6898689d6bae2f57 Mon Sep 17 00:00:00 2001 From: Alex Date: Sat, 2 Sep 2023 13:07:12 +0200 Subject: [PATCH 4/5] Fix checksums in nextcloud.sh (#2293) --- setup/nextcloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index 9ee1626e..a2d9d2e5 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -204,7 +204,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc CURRENT_NEXTCLOUD_VER="22.2.6" fi if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^22 ]]; then - InstallNextcloud 23.0.12 7aa5d61632c1ccf4ca3ff00fb6b295d318c05599 4.1.0 697f6b4a664e928d72414ea2731cb2c9d1dc3077 3.2.2 ce4030ab57f523f33d5396c6a81396d440756f5f 3.0.0 22cabc88b6fc9c26dad3b46be1a652979c9fcf15 + InstallNextcloud 23.0.12 d138641b8e7aabebe69bb3ec7c79a714d122f729 4.1.0 697f6b4a664e928d72414ea2731cb2c9d1dc3077 3.2.2 ce4030ab57f523f33d5396c6a81396d440756f5f 3.0.0 0df781b261f55bbde73d8c92da3f99397000972f CURRENT_NEXTCLOUD_VER="23.0.12" fi if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^23 ]]; then From 62efe985f17817493119ca8584e5b91ed5e99e59 Mon Sep 17 00:00:00 2001 From: Aaron Ten Clay Date: Sat, 2 Sep 2023 04:10:04 -0700 Subject: [PATCH 5/5] Disable OpenDMARC sending reports (#2299) OpenDMARC report messages, while potentially useful for peer operators of mail servers, are abusable and should not be enabled by default. This change prioritizes the safety of the Box's reputation. --- setup/dkim.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/dkim.sh b/setup/dkim.sh index b2541a12..d2d162a7 100755 --- a/setup/dkim.sh +++ b/setup/dkim.sh @@ -63,7 +63,7 @@ chmod go-rwx $STORAGE_ROOT/mail/dkim tools/editconf.py /etc/opendmarc.conf -s \ "Syslog=true" \ "Socket=inet:8893@[127.0.0.1]" \ - "FailureReports=true" + "FailureReports=false" # SPFIgnoreResults causes the filter to ignore any SPF results in the header # of the message. This is useful if you want the filter to perfrom SPF checks @@ -82,11 +82,11 @@ tools/editconf.py /etc/opendmarc.conf -s \ tools/editconf.py /etc/opendmarc.conf -s \ "SPFSelfValidate=true" -# Enables generation of failure reports for sending domains that publish a +# Disables generation of failure reports for sending domains that publish a # "none" policy. tools/editconf.py /etc/opendmarc.conf -s \ - "FailureReportsOnNone=true" + "FailureReportsOnNone=false" # AlwaysAddARHeader Adds an "Authentication-Results:" header field even to # unsigned messages from domains with no "signs all" policy. The reported DKIM