diff --git a/core/base/requirements-build.txt b/core/base/requirements-build.txt index ed145a00..ea2e4f3f 100644 --- a/core/base/requirements-build.txt +++ b/core/base/requirements-build.txt @@ -1,3 +1,3 @@ -pip==23.3.1 -setuptools==68.2.2 -wheel==0.41.3 +pip==24.0 +setuptools==69.5.1 +wheel==0.43.0 diff --git a/core/base/requirements-prod.txt b/core/base/requirements-prod.txt index 0ae4b0e2..6152a45a 100644 --- a/core/base/requirements-prod.txt +++ b/core/base/requirements-prod.txt @@ -1,87 +1,87 @@ -aiodns==3.1.1 -aiohttp==3.9.3 +aiodns==3.2.0 +aiohttp==3.9.5 aiosignal==1.3.1 alembic==1.13.1 aniso8601==9.0.1 attrs==23.2.0 -Babel==2.14.0 -bcrypt==4.1.2 -blinker==1.7.0 -certifi==2023.11.17 +Babel==2.15.0 +bcrypt==4.1.3 +blinker==1.8.1 +certifi==2024.2.2 cffi==1.16.0 charset-normalizer==3.3.2 click==8.1.7 colorclass==2.2.2 -cryptography==42.0.5 +cryptography==42.0.6 defusedxml==0.7.1 Deprecated==1.2.14 -dnspython==2.5.0 +dnspython==2.6.1 dominate==2.9.1 easygui==0.98.3 -email-validator==2.1.0.post1 -Flask==3.0.1 +email-validator==2.1.1 +Flask==3.0.3 flask-babel==4.0.0 Flask-Bootstrap==3.3.7.1 -Flask-DebugToolbar==0.14.1 +Flask-DebugToolbar==0.15.1 Flask-Login==0.6.3 -flask-marshmallow==1.1.0 -Flask-Migrate==4.0.5 +flask-marshmallow==1.2.1 +Flask-Migrate==4.0.7 flask-restx==1.3.0 Flask-SQLAlchemy==3.1.1 Flask-WTF==1.2.1 frozenlist==1.4.1 greenlet==3.0.3 gunicorn==22.0.0 -idna==3.6 -importlib-resources==6.1.1 +idna==3.7 +importlib-resources==6.4.0 infinity==1.5 intervals==0.9.2 -itsdangerous==2.1.2 -Jinja2==3.1.3 -jsonschema==4.21.1 +itsdangerous==2.2.0 +Jinja2==3.1.4 +jsonschema==4.22.0 jsonschema-specifications==2023.12.1 -limits==3.7.0 -Mako==1.3.0 -MarkupSafe==2.1.4 -marshmallow==3.20.2 -marshmallow-sqlalchemy==0.30.0 -msoffcrypto-tool==5.3.1 -multidict==6.0.4 -mysql-connector-python==8.3.0 +limits==3.11.0 +Mako==1.3.3 +MarkupSafe==2.1.5 +marshmallow==3.21.2 +marshmallow-sqlalchemy==1.0.0 +msoffcrypto-tool==5.4.0 +multidict==6.0.5 +mysql-connector-python==8.4.0 olefile==0.47 oletools==0.60.1 -packaging==23.2 +packaging==24.0 passlib==1.7.4 pcodedmp==1.2.6 podop @ file:///app/libs/podop postfix-mta-sts-resolver==1.4.0 psycopg2-binary==2.9.9 pycares==4.4.0 -pycparser==2.21 -Pygments==2.17.2 +pycparser==2.22 +Pygments==2.18.0 pyparsing==2.4.7 -python-dateutil==2.8.2 +python-dateutil==2.9.0.post0 python-magic==0.4.27 -pytz==2023.3.post1 +pytz==2024.1 PyYAML==6.0.1 -Radicale==3.1.8 -redis==5.0.1 -referencing==0.32.1 +Radicale==3.1.9 +redis==5.0.4 +referencing==0.35.1 requests==2.31.0 -rpds-py==0.17.1 +rpds-py==0.18.0 six==1.16.0 socrate @ file:///app/libs/socrate -SQLAlchemy==2.0.25 +SQLAlchemy==2.0.30 srslib==0.1.4 tabulate==0.9.0 tenacity==8.2.3 -typing_extensions==4.9.0 -urllib3==2.1.0 -validators==0.22.0 +typing_extensions==4.11.0 +urllib3==2.2.1 +validators==0.28.1 visitor==0.1.3 -vobject==0.9.6.1 -watchdog==3.0.0 -Werkzeug==3.0.1 +vobject==0.9.7 +watchdog==4.0.0 +Werkzeug==3.0.3 wrapt==1.16.0 WTForms==3.1.2 WTForms-Components==0.10.5 diff --git a/docs/Dockerfile b/docs/Dockerfile index 958eaf87..a9dbb109 100644 --- a/docs/Dockerfile +++ b/docs/Dockerfile @@ -1,5 +1,5 @@ # Convert .rst files to .html in temporary build container -FROM python:3.12.0-alpine3.18 AS build +FROM python:3.12.3-alpine3.19 AS build ARG version=master ENV VERSION=$version @@ -16,7 +16,7 @@ RUN apk add --no-cache --virtual .build-deps \ # Build nginx deployment image including generated html -FROM nginx:1.25.3-alpine +FROM nginx:1.25.5-alpine ARG version=master ARG pinned_version=master @@ -30,4 +30,4 @@ COPY --from=build /build/$VERSION /build/$VERSION EXPOSE 80/tcp CMD nginx -g "daemon off;" -RUN echo $pinned_version >> /version \ No newline at end of file +RUN echo $pinned_version >> /version diff --git a/docs/requirements.txt b/docs/requirements.txt index 46d263a7..56a54f27 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,5 +1,5 @@ recommonmark==0.7.1 -Sphinx==7.2.6 -sphinx-autobuild==2021.3.14 -sphinx-rtd-theme==1.3.0 -docutils==0.18.1 +Sphinx==7.3.7 +sphinx-autobuild==2024.4.16 +sphinx-rtd-theme==2.0.0 +docutils==0.20.1 diff --git a/tests/requirements.txt b/tests/requirements.txt index 67060918..013248c9 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,3 +1,3 @@ -docker==4.2.2 -colorama==0.4.3 -managesieve==0.7.1 +docker==7.0.0 +colorama==0.4.6 +managesieve==0.8 diff --git a/towncrier/newsfragments/3032.misc b/towncrier/newsfragments/3032.misc index 1ecc2b57..6d6f4d86 100644 --- a/towncrier/newsfragments/3032.misc +++ b/towncrier/newsfragments/3032.misc @@ -1 +1,2 @@ Update all python dependencies in preparation of next Mailu release. +Update snappymail to 2.36.1 diff --git a/webmails/Dockerfile b/webmails/Dockerfile index 03389ff6..8477126a 100644 --- a/webmails/Dockerfile +++ b/webmails/Dockerfile @@ -55,7 +55,7 @@ COPY roundcube/config/config.inc.carddav.php /var/www/roundcube/plugins/carddav/ # snappymail -ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.31.0/snappymail-2.31.0.tar.gz +ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.36.1/snappymail-2.36.1.tar.gz RUN set -euxo pipefail \ ; mkdir /var/www/snappymail \ diff --git a/webmails/snuffleupagus.rules b/webmails/snuffleupagus.rules index b3f69819..4cbe966d 100644 --- a/webmails/snuffleupagus.rules +++ b/webmails/snuffleupagus.rules @@ -71,6 +71,7 @@ sp.disable_function.function("include").drop() # Prevent `system`-related injections sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop(); +sp.disable_function.function("exec_shell").filename_r("/var/www/snappymail/snappymail/v/[0-9]+\.[0-9]+\.[0-9]+/app/libraries/snappymail/gpg/base.php").allow(); sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop(); sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop(); # This is **very** broad but doing better is non-straightforward @@ -91,17 +92,18 @@ sp.disable_function.function("ini_get").filename("/var/www/roundcube/plugins/man sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").drop(); sp.disable_function.function("ini_get").param("option").value("open_basedir").drop(); sp.disable_function.function("ini_get").param("option").value_r("suhosin").drop(); +sp.disable_function.function("function_exists").filename_r("/var/www/snappymail/snappymail/v/[0-9]+\.[0-9]+\.[0-9]+/app/libraries/snappymail/gpg/base.php").allow(); sp.disable_function.function("function_exists").param("function").value("eval").drop(); sp.disable_function.function("function_exists").param("function").value("exec").drop(); sp.disable_function.function("function_exists").param("function").value("system").drop(); sp.disable_function.function("function_exists").param("function").value("shell_exec").drop(); sp.disable_function.function("function_exists").param("function").value("proc_open").drop(); sp.disable_function.function("function_exists").param("function").value("passthru").drop(); +sp.disable_function.function("is_callable").filename_r("/var/www/snappymail/snappymail/v/[0-9]+\.[0-9]+\.[0-9]+/app/libraries/snappymail/gpg/base.php").allow(); sp.disable_function.function("is_callable").param("value").value("eval").drop(); sp.disable_function.function("is_callable").param("value").value("exec").drop(); sp.disable_function.function("is_callable").param("value").value("system").drop(); sp.disable_function.function("is_callable").param("value").value("shell_exec").drop(); -sp.disable_function.function("is_callable").filename_r("^/var/www/snappymail/snappymail/v/[0-9]+\.[0-9]+\.[0-9]+/app/libraries/snappymail/pgp/gpg\.php$").param("value").value("proc_open").allow(); sp.disable_function.function("is_callable").param("value").value("proc_open").drop(); sp.disable_function.function("is_callable").param("value").value("passthru").drop();