From 10050aa6010eb78a75bbd963bf758051271d7736 Mon Sep 17 00:00:00 2001
From: Yoann Colin <yoann@gwerlas.net>
Date: Sat, 9 Feb 2019 03:24:03 +0100
Subject: [PATCH 01/15] Upgrade to NextCloud 14 (#1504)

* Upgraded Nextcloud from 13.0.6 to 14.0.6.
* Upgraded Contacts from 2.1.5 to 2.1.8.
* Upgraded Calendar from 1.6.1 to 1.6.4.
* Cleanup unsupported version upgrades: Since an upgrade to v0.30 is mandatory before moving upward, I removed the checks for Nextcloud prior version 12.
* Fix the storage root path.
* Add missing indices. Thx @yodax for your feedback.
---
 CHANGELOG.md       |  6 ++++++
 setup/nextcloud.sh | 31 ++++++++++++++-----------------
 2 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 298791ba..6fdffbab 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,12 @@ System:
 
 * Missing brute force login attack prevention (fail2ban) filters which stopped working on Ubuntu 18.04 were added back.
 
+Contacts/Calendar:
+
+* Upgraded Nextcloud from 13.0.6 to 14.0.6.
+* Upgraded Contacts from 2.1.5 to 2.1.8.
+* Upgraded Calendar from 1.6.1 to 1.6.4.
+
 v0.40 (January 12, 2019)
 ------------------------
 
diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh
index 167c2012..9476bbf8 100755
--- a/setup/nextcloud.sh
+++ b/setup/nextcloud.sh
@@ -39,11 +39,11 @@ InstallNextcloud() {
 	# their github repositories.
 	mkdir -p /usr/local/lib/owncloud/apps
 
-	wget_verify https://github.com/nextcloud/contacts/releases/download/v2.1.5/contacts.tar.gz b7460d15f1b78d492ed502d778c0c458d503ba17 /tmp/contacts.tgz
+	wget_verify https://github.com/nextcloud/contacts/releases/download/v2.1.8/contacts.tar.gz b5d5bbee33f0c32b124b46cb6aaab90c695ac170 /tmp/contacts.tgz
 	tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
 	rm /tmp/contacts.tgz
 
-	wget_verify https://github.com/nextcloud/calendar/releases/download/v1.6.1/calendar.tar.gz f93a247cbd18bc624f427ba2a967d93ebb941f21 /tmp/calendar.tgz
+	wget_verify https://github.com/nextcloud/calendar/releases/download/v1.6.4/calendar.tar.gz d8a7950dba14803472b6c19625a8ceb23d6fd4ef /tmp/calendar.tgz
 	tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
 	rm /tmp/calendar.tgz
 
@@ -72,11 +72,14 @@ InstallNextcloud() {
 			sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off
 			echo "...which seemed to work."
 		fi
+
+		# Add missing indices. NextCloud didn't include this in the normal upgrade because it might take some time.
+		sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-indices
 	fi
 }
 
-nextcloud_ver=13.0.6
-nextcloud_hash=33e41f476f0e2be5dc7cdb9d496673d9647aa3d6
+nextcloud_ver=14.0.6
+nextcloud_hash=4e43a57340f04c2da306c8eea98e30040399ae5a
 
 # Check if Nextcloud dir exist, and check if version matches nextcloud_ver (if either doesn't - install/upgrade)
 if [ ! -d /usr/local/lib/owncloud/ ] \
@@ -93,11 +96,11 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
 		echo "Upgrading Nextcloud --- backing up existing installation, configuration, and database to directory to $BACKUP_DIRECTORY..."
 		cp -r /usr/local/lib/owncloud "$BACKUP_DIRECTORY/owncloud-install"
 	fi
-	if [ -e /home/user-data/owncloud/owncloud.db ]; then
-		cp /home/user-data/owncloud/owncloud.db $BACKUP_DIRECTORY
+	if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
+		cp $STORAGE_ROOT/owncloud/owncloud.db $BACKUP_DIRECTORY
 	fi
-	if [ -e /home/user-data/owncloud/config.php ]; then
-		cp /home/user-data/owncloud/config.php $BACKUP_DIRECTORY
+	if [ -e $STORAGE_ROOT/owncloud/config.php ]; then
+		cp $STORAGE_ROOT/owncloud/config.php $BACKUP_DIRECTORY
 	fi
 
 	# If ownCloud or Nextcloud was previously installed....
@@ -105,19 +108,13 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
 		# Database migrations from ownCloud are no longer possible because ownCloud cannot be run under
 		# PHP 7.
 		if grep -q "OC_VersionString = '[89]\." /usr/local/lib/owncloud/version.php; then
-			echo "Upgrades from Mail-in-a-Box prior to v0.26c (dated February 13, 2018) with Nextcloud < 12.0.5 (you have ownCloud 8 or 9) are not supported. Upgrade to Mail-in-a-Box version v0.28 first. Setup aborting."
+			echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 8 or 9) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup aborting."
 			exit 1
 		fi
-		if grep -q "OC_VersionString = '10\." /usr/local/lib/owncloud/version.php; then
-			echo "Upgrades from Mail-in-a-Box prior to v0.26c (dated February 13, 2018) with Nextcloud < 12.0.5 (you have ownCloud 10) are not supported. Upgrade to Mail-in-a-Box version v0.28 first. Setup aborting."
+		if grep -q "OC_VersionString = '1[012]\." /usr/local/lib/owncloud/version.php; then
+			echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup aborting."
 			exit 1
 		fi
-
-		# If we are upgrading from Nextcloud 11 we should go to Nextcloud 12 first.
-		if grep -q "OC_VersionString = '11\." /usr/local/lib/owncloud/version.php; then
-			echo "We are running Nextcloud 11, upgrading to Nextcloud 12.0.5 first"
-			InstallNextcloud 12.0.5 d25afbac977a4e331f5e38df50aed0844498ca86
-		fi
 	fi
 
 	InstallNextcloud $nextcloud_ver $nextcloud_hash

From bad38840d80b4f87ae5cc6d7afc5a682acb8c108 Mon Sep 17 00:00:00 2001
From: Ryan Stubbs <mail@ryanstubbs.co.uk>
Date: Tue, 12 Feb 2019 01:14:56 +0000
Subject: [PATCH 02/15] Fix type on alias edit page (#1520)

---
 management/templates/aliases.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/management/templates/aliases.html b/management/templates/aliases.html
index 89af221f..e8d0cb1c 100644
--- a/management/templates/aliases.html
+++ b/management/templates/aliases.html
@@ -51,7 +51,7 @@
       <div class="radio">
         <label>
           <input id="addaliasForwardsToNotAdvanced" name="addaliasForwardsToDivToggle" type="radio" checked onclick="$('#addaliasForwardsToDiv').toggle(false)">
-          Any mail user listed in the Fowards To box can send mail claiming to be from <span class="regularalias">the alias address</span><span class="catchall domainalias">any address on the alias domain</span>.
+          Any mail user listed in the Forwards To box can send mail claiming to be from <span class="regularalias">the alias address</span><span class="catchall domainalias">any address on the alias domain</span>.
         </label>
       </div>
       <div class="radio">

From adddd95e38647598bd318c84b98a42ea98085b52 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Mon, 25 Feb 2019 13:18:30 -0500
Subject: [PATCH 03/15] add lmtp_destination_recipient_limit=1 to work around
 spampd bug, see #1523

---
 CHANGELOG.md          | 4 ++++
 setup/mail-postfix.sh | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6fdffbab..9e529052 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,10 @@ System:
 
 * Missing brute force login attack prevention (fail2ban) filters which stopped working on Ubuntu 18.04 were added back.
 
+Mail:
+
+* Incoming messages addressed to more than one local user were rejected because of a bug in spampd packaged by Ubuntu 18.04. A workaround was added.
+
 Contacts/Calendar:
 
 * Upgraded Nextcloud from 13.0.6 to 14.0.6.
diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index 0c9bc97c..4d66cd58 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -173,8 +173,11 @@ tools/editconf.py /etc/postfix/main.cf \
 #
 # In a basic setup we would pass mail directly to Dovecot by setting
 # virtual_transport to `lmtp:unix:private/dovecot-lmtp`.
-#
 tools/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025
+# Because of a spampd bug, limit the number of recipients in each connection.
+# See https://github.com/mail-in-a-box/mailinabox/issues/1523.
+tools/editconf.py /etc/postfix/main.cf lmtp_destination_recipient_limit=1
+
 
 # Who can send mail to us? Some basic filters.
 #

From 149552f79b865d35e1d421ad1c2b6d6d0135420e Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Tue, 26 Feb 2019 18:15:36 -0500
Subject: [PATCH 04/15] systemctl link should use -f to avoid an error if a
 system service already exists with that name but points to a different file

https://discourse.mailinabox.email/t/new-error-failed-systemctl-link-conf-mailinabox-service/4626/2
---
 CHANGELOG.md        | 1 +
 setup/management.sh | 2 +-
 setup/munin.sh      | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9e529052..a60ba3a0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ In Development
 System:
 
 * Missing brute force login attack prevention (fail2ban) filters which stopped working on Ubuntu 18.04 were added back.
+* Upgrades would fail if Mail-in-a-Box moved to a different directory in `systemctl link`.
 
 Mail:
 
diff --git a/setup/management.sh b/setup/management.sh
index 9c221198..f7621a8b 100755
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -93,7 +93,7 @@ source $venv/bin/activate
 exec python `pwd`/management/daemon.py
 EOF
 chmod +x $inst_dir/start
-hide_output systemctl link conf/mailinabox.service
+hide_output systemctl link -f conf/mailinabox.service
 hide_output systemctl daemon-reload
 hide_output systemctl enable mailinabox.service
 
diff --git a/setup/munin.sh b/setup/munin.sh
index 8a85085d..3cb1cd9d 100755
--- a/setup/munin.sh
+++ b/setup/munin.sh
@@ -64,7 +64,7 @@ mkdir -p /var/lib/munin-node/plugin-state/
 # Create a systemd service for munin.
 ln -sf $(pwd)/management/munin_start.sh /usr/local/lib/mailinabox/munin_start.sh
 chmod 0744 /usr/local/lib/mailinabox/munin_start.sh
-hide_output systemctl link conf/munin.service
+hide_output systemctl link -f conf/munin.service
 hide_output systemctl daemon-reload
 hide_output systemctl unmask munin.service
 hide_output systemctl enable munin.service

From dd7a2aa8a6702de0cbe0e7f766bd05d03dff9733 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Tue, 26 Feb 2019 18:17:50 -0500
Subject: [PATCH 05/15] v0.41

---
 CHANGELOG.md       | 4 ++--
 README.md          | 4 ++--
 setup/bootstrap.sh | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a60ba3a0..089aa68d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,8 @@
 CHANGELOG
 =========
 
-In Development
---------------
+v0.41 (February 26, 2019)
+-------------------------
 
 System:
 
diff --git a/README.md b/README.md
index 300fe496..01997fd4 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ by him:
 	$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
 	gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
 
-	$ git verify-tag v0.40
+	$ git verify-tag v0.41
 	gpg: Signature made ..... using RSA key ID C10BDD81
 	gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
 	gpg: WARNING: This key is not certified with a trusted signature!
@@ -71,7 +71,7 @@ and on his [personal homepage](https://razor.occams.info/). (Of course, if this
 
 Checkout the tag corresponding to the most recent release:
 
-	$ git checkout v0.40
+	$ git checkout v0.41
 
 Begin the installation.
 
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index 3442499d..74bf5e16 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
 	# want to display in status checks.
 	if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
 		# This machine is running Ubuntu 18.04.
-		TAG=v0.40
+		TAG=v0.41
 
 	elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
 		# This machine is running Ubuntu 14.04.

From fb25013334dcb05fa6a025c8fe0694b96c05001b Mon Sep 17 00:00:00 2001
From: mbraem <1116286+mbraem@users.noreply.github.com>
Date: Sun, 14 Apr 2019 20:17:43 +0200
Subject: [PATCH 06/15] user privileges is a set (#1551)

fixes #1540
---
 management/mailconfig.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index 28e1c623..5f253c14 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -150,7 +150,7 @@ def get_mail_users_ex(env, with_archived=False):
 					if email in active_accounts: continue
 					user = {
 						"email": email,
-						"privileges": "",
+						"privileges": [],
 						"status": "inactive",
 						"mailbox": mbox,
 					}

From 9b46637aff8851db98f9eac1f38b9a32f69a14fa Mon Sep 17 00:00:00 2001
From: dexbleeker <dex@bleeker.nl>
Date: Sun, 14 Apr 2019 20:19:21 +0200
Subject: [PATCH 07/15] Update Roundcube to version 1.3.9 (#1546)

---
 CHANGELOG.md     | 4 ++++
 setup/webmail.sh | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 089aa68d..32f04763 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,10 @@
 CHANGELOG
 =========
 
+In Development
+--------------
+ * Update to Roundcube 1.3.9.
+
 v0.41 (February 26, 2019)
 -------------------------
 
diff --git a/setup/webmail.sh b/setup/webmail.sh
index b0e11c9b..cbe6bfca 100755
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -28,8 +28,8 @@ apt_install \
 # Install Roundcube from source if it is not already present or if it is out of date.
 # Combine the Roundcube version number with the commit hash of plugins to track
 # whether we have the latest version of everything.
-VERSION=1.3.8
-HASH=90c7900ccf7b2f46fe49c650d5adb9b85ee9cc22
+VERSION=1.3.9
+HASH=02850972b416bbfa1c13580f16d06fd7ae2774aa
 PERSISTENT_LOGIN_VERSION=dc5ca3d3f4415cc41edb2fde533c8a8628a94c76
 HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
 CARDDAV_VERSION=3.0.3

From 25fec63a03be972c8989eeada1ca09b9d7b7ae50 Mon Sep 17 00:00:00 2001
From: just4t <just4test@gmx.com>
Date: Sun, 14 Apr 2019 22:33:50 +0200
Subject: [PATCH 08/15] RAM limit to 502Mb to meet EC2 & Vultr 512Mb inst.
 (#1560)

AS told here: https://github.com/mail-in-a-box/mailinabox/pull/1534
---
 setup/preflight.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/preflight.sh b/setup/preflight.sh
index d087efe2..2547c410 100644
--- a/setup/preflight.sh
+++ b/setup/preflight.sh
@@ -26,7 +26,7 @@ fi
 #
 # Skip the check if we appear to be running inside of Vagrant, because that's really just for testing.
 TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}')
-if [ $TOTAL_PHYSICAL_MEM -lt 500000 ]; then
+if [ $TOTAL_PHYSICAL_MEM -lt 490000 ]; then
 if [ ! -d /vagrant ]; then
 	TOTAL_PHYSICAL_MEM=$(expr \( \( $TOTAL_PHYSICAL_MEM \* 1024 \) / 1000 \) / 1000)
 	echo "Your Mail-in-a-Box needs more memory (RAM) to function properly."

From aff80ac58cf85e6674a03cd2638db3442e774d4b Mon Sep 17 00:00:00 2001
From: jvolkenant <jeff@volkenant.net>
Date: Thu, 9 May 2019 10:13:24 -0700
Subject: [PATCH 09/15] Autodiscovery fix for additional hosted email domains,
 Fixes #941 (#1467)

---
 conf/nginx-alldomains.conf | 3 +++
 management/dns_update.py   | 9 +++++++++
 management/web_update.py   | 6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/conf/nginx-alldomains.conf b/conf/nginx-alldomains.conf
index 1db7606c..1b3ad5a9 100644
--- a/conf/nginx-alldomains.conf
+++ b/conf/nginx-alldomains.conf
@@ -18,6 +18,9 @@
 	location = /.well-known/autoconfig/mail/config-v1.1.xml {
 		alias /var/lib/mailinabox/mozilla-autoconfig.xml;
 	}
+	location = /mail/config-v1.1.xml {
+		alias /var/lib/mailinabox/mozilla-autoconfig.xml;
+	}
 
 	# Roundcube Webmail configuration.
 	rewrite ^/mail$ /mail/ redirect;
diff --git a/management/dns_update.py b/management/dns_update.py
index 5c1969d7..006a00c2 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -288,6 +288,15 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
 			if not has_rec(qname, "SRV"):
 				records.append((qname, "SRV", "0 0 443 " + env["PRIMARY_HOSTNAME"] + ".", "Recommended. Specifies the hostname of the server that handles CardDAV/CalDAV services for email addresses on this domain."))
 
+        # Adds autoconfiguration A records for all domains.
+        # This allows the following clients to automatically configure email addresses in the respective applications.
+        # autodiscover.* - Z-Push ActiveSync Autodiscover
+        # autoconfig.* - Thunderbird Autoconfig
+	if not has_rec("autodiscover", "A"):
+		records.append(("autodiscover", "A", env["PUBLIC_IP"], "Provides email configuration autodiscovery support for Z-Push ActiveSync Autodiscover."))
+	if not has_rec("autoconfig", "A"):
+		records.append(("autoconfig", "A", env["PUBLIC_IP"], "Provides email configuration autodiscovery support for Thunderbird Autoconfig."))
+
 	# Sort the records. The None records *must* go first in the nsd zone file. Otherwise it doesn't matter.
 	records.sort(key = lambda rec : list(reversed(rec[0].split(".")) if rec[0] is not None else ""))
 
diff --git a/management/web_update.py b/management/web_update.py
index 61b38a7b..12959632 100644
--- a/management/web_update.py
+++ b/management/web_update.py
@@ -29,6 +29,12 @@ def get_web_domains(env, include_www_redirects=True, exclude_dns_elsewhere=True)
 		# IP address than this box. Remove those domains from our list.
 		domains -= get_domains_with_a_records(env)
 
+	# Add Autoconfiguration domains, allowing us to serve correct SSL certs.
+	# 'autoconfig.' for Mozilla Thunderbird auto setup.
+	# 'autodiscover.' for Activesync autodiscovery.
+	domains |= set('autoconfig.' + maildomain for maildomain in get_mail_domains(env))
+	domains |= set('autodiscover.' + maildomain for maildomain in get_mail_domains(env))
+
 	# Ensure the PRIMARY_HOSTNAME is in the list so we can serve webmail
 	# as well as Z-Push for Exchange ActiveSync. This can't be removed
 	# by a custom A/AAAA record and is never a 'www.' redirect.

From 77b2246010f72e03ff4b57e6c003db77ad1fdb3d Mon Sep 17 00:00:00 2001
From: Pascal Garber <pascal@jumplink.eu>
Date: Sun, 12 May 2019 14:09:30 +0200
Subject: [PATCH 10/15] Backup Amazon S3: Added support for custom endpoints
 (#1427)

---
 management/backup.py                    |  9 +++++++-
 management/templates/system-backup.html | 29 +++++++++++++++++++++++--
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/management/backup.py b/management/backup.py
index e15fbbbf..93136bf5 100755
--- a/management/backup.py
+++ b/management/backup.py
@@ -419,15 +419,22 @@ def list_target_files(config):
 		fix_boto() # must call prior to importing boto
 		import boto.s3
 		from boto.exception import BotoServerError
+		custom_region = False
 		for region in boto.s3.regions():
 			if region.endpoint == target.hostname:
 				break
 		else:
-			raise ValueError("Invalid S3 region/host.")
+			# If region is not found this is a custom region
+			custom_region = True
 
 		bucket = target.path[1:].split('/')[0]
 		path = '/'.join(target.path[1:].split('/')[1:]) + '/'
 
+		# Create a custom region with custom endpoint
+		if custom_region:
+			from boto.s3.connection import S3Connection
+			region = boto.s3.S3RegionInfo(name=bucket, endpoint=target.hostname, connection_cls=S3Connection)
+
 		# If no prefix is specified, set the path to '', otherwise boto won't list the files
 		if path == '/':
 			path = ''
diff --git a/management/templates/system-backup.html b/management/templates/system-backup.html
index be528f19..3860edb7 100644
--- a/management/templates/system-backup.html
+++ b/management/templates/system-backup.html
@@ -77,15 +77,22 @@
     </div>
   </div>
   <div class="form-group backup-target-s3">
-    <label for="backup-target-s3-host" class="col-sm-2 control-label">S3 Region</label>
+    <label for="backup-target-s3-host-select" class="col-sm-2 control-label">S3 Region</label>
     <div class="col-sm-8">
-      <select class="form-control" rows="1" id="backup-target-s3-host">
+      <select class="form-control" rows="1" id="backup-target-s3-host-select">
         {% for name, host in backup_s3_hosts %}
           <option value="{{host}}">{{name}}</option>
         {% endfor %}
+        <option value="other">Other</option>
       </select>
     </div>
   </div>
+  <div class="form-group backup-target-s3">
+    <label for="backup-target-s3-host" class="col-sm-2 control-label">S3 Host / Endpoint</label>
+    <div class="col-sm-8">
+      <input type="text" placeholder="Endpoint" class="form-control" rows="1" id="backup-target-s3-host">
+    </div>
+  </div>
   <div class="form-group backup-target-s3">
     <label for="backup-target-s3-path" class="col-sm-2 control-label">S3 Path</label>
     <div class="col-sm-8">
@@ -139,6 +146,8 @@ function toggle_form() {
   var target_type = $("#backup-target-type").val();
   $(".backup-target-local, .backup-target-rsync, .backup-target-s3").hide();
   $(".backup-target-" + target_type).show();
+
+  init_inputs(target_type);
 }
 
 function nice_size(bytes) {
@@ -278,4 +287,20 @@ function set_custom_backup() {
     });
   return false;
 }
+
+function init_inputs(target_type) {
+  function set_host(host) {
+    if(host !== 'other') {
+      $("#backup-target-s3-host").val(host);
+    } else {
+      $("#backup-target-s3-host").val('');
+    }
+  }
+  if (target_type == "s3") {
+    $('#backup-target-s3-host-select').off('change').on('change', function() {
+      set_host($('#backup-target-s3-host-select').val());
+    });
+    set_host($('#backup-target-s3-host-select').val());
+  }
+}
 </script>

From 0d4c6937927a498bf7faf8e468cba4d37eafe745 Mon Sep 17 00:00:00 2001
From: Michael Heuberger <michael.heuberger@binarykitchen.com>
Date: Mon, 13 May 2019 00:10:34 +1200
Subject: [PATCH 11/15] Add missing login form method to keep LastPass happy
 (#1565)

---
 management/templates/login.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/management/templates/login.html b/management/templates/login.html
index 04c27279..b6e74df6 100644
--- a/management/templates/login.html
+++ b/management/templates/login.html
@@ -17,13 +17,13 @@ sudo tools/mail.py user make-admin me@{{hostname}}</pre>
   {% endif %}
   <hr>
 </div>
-</div>  
+</div>
 {% endif %}
 
 <p style="margin: 2em; text-align: center;">Log in here for your Mail-in-a-Box control panel.</p>
 
 <div style="margin: 0 auto; max-width: 32em;">
-  <form class="form-horizontal" role="form" onsubmit="do_login(); return false;">
+  <form class="form-horizontal" role="form" onsubmit="do_login(); return false;" method="get">
     <div class="form-group">
       <label for="inputEmail3" class="col-sm-3 control-label">Email</label>
       <div class="col-sm-9">
@@ -76,7 +76,7 @@ function do_login() {
   "/me",
   "GET",
   { },
-  function(response){ 
+  function(response){
     // This API call always succeeds. It returns a JSON object indicating
     // whether the request was authenticated or not.
     if (response.status != "ok") {

From 4232a1205c300254be8052c1e9f105b519e44d66 Mon Sep 17 00:00:00 2001
From: jvolkenant <jeff@volkenant.net>
Date: Wed, 15 May 2019 11:46:52 -0700
Subject: [PATCH 12/15] fix dovecot message about SSLv2 not supported by
 OpenSSL (#1580)

---
 setup/mail-dovecot.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 4bcc53aa..6098e295 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -80,11 +80,12 @@ tools/editconf.py /etc/dovecot/conf.d/10-auth.conf \
 # Enable SSL, specify the location of the SSL certificate and private key files.
 # Disable obsolete SSL protocols and allow only good ciphers per http://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/.
 # Enable strong ssl dh parameters
+
 tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
 	ssl=required \
 	"ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \
 	"ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \
-	"ssl_protocols=!SSLv3 !SSLv2" \
+	"ssl_protocols=!SSLv3" \
 	"ssl_cipher_list=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" \
 	"ssl_prefer_server_ciphers = yes" \
 	"ssl_dh_parameters_length = 2048"

From 85e59245fdfd2a2e633a890927a89adba79e1bf5 Mon Sep 17 00:00:00 2001
From: cmharper <1422608+cmharper@users.noreply.github.com>
Date: Wed, 15 May 2019 18:57:06 +0000
Subject: [PATCH 13/15] hide 'RTNETLINK answers: Network is unreachable' error
 message during setup if IPv6 is not available (#1576)

---
 setup/functions.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup/functions.sh b/setup/functions.sh
index 1a74edfd..3bb96b7a 100644
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -1,7 +1,7 @@
 # Turn on "strict mode." See http://redsymbol.net/articles/unofficial-bash-strict-mode/.
 # -e: exit if any command unexpectedly fails.
 # -u: exit if we have a variable typo.
-# -o pipefail: don't ignore errors in the non-last command in a pipeline 
+# -o pipefail: don't ignore errors in the non-last command in a pipeline
 set -euo pipefail
 
 function hide_output {
@@ -127,7 +127,7 @@ function get_default_privateip {
 	if [ "$1" == "6" ]; then target=2001:4860:4860::8888; fi
 
 	# Get the route information.
-	route=$(ip -$1 -o route get $target | grep -v unreachable)
+	route=$(ip -$1 -o route get $target 2>/dev/null | grep -v unreachable)
 
 	# Parse the address out of the route information.
 	address=$(echo $route | sed "s/.* src \([^ ]*\).*/\1/")

From c6fa0d23df986f9065108b58f984026204cd4e20 Mon Sep 17 00:00:00 2001
From: jvolkenant <jeff@volkenant.net>
Date: Wed, 15 May 2019 11:58:40 -0700
Subject: [PATCH 14/15] check that munin-cron is not running (via cron) when it
 is run in setup, fixes #660 (#1579)

---
 setup/munin.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/setup/munin.sh b/setup/munin.sh
index 3cb1cd9d..df7af601 100755
--- a/setup/munin.sh
+++ b/setup/munin.sh
@@ -76,4 +76,8 @@ restart_service munin-node
 # generate initial statistics so the directory isn't empty
 # (We get "Pango-WARNING **: error opening config file '/root/.config/pango/pangorc': Permission denied"
 # if we don't explicitly set the HOME directory when sudo'ing.)
-sudo -H -u munin munin-cron
+# We check to see if munin-cron is already running, if it is, there is no need to run it simultaneously
+# generating an error.
+if [ ! -f /var/run/munin/munin-update.lock ]; then
+	sudo -H -u munin munin-cron
+fi

From 6e5ceab0f8d6496ae9dda5ae4cb134f16fa11626 Mon Sep 17 00:00:00 2001
From: jvolkenant <jeff@volkenant.net>
Date: Wed, 15 May 2019 11:59:32 -0700
Subject: [PATCH 15/15] hide virtualenv output (#1578)

---
 setup/management.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/management.sh b/setup/management.sh
index f7621a8b..3a6e187b 100755
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -38,7 +38,7 @@ inst_dir=/usr/local/lib/mailinabox
 mkdir -p $inst_dir
 venv=$inst_dir/env
 if [ ! -d $venv ]; then
-	virtualenv -ppython3 $venv
+	hide_output virtualenv -ppython3 $venv
 fi
 
 # Upgrade pip because the Ubuntu-packaged version is out of date.