From ace6461fc19150249ad284e7e95ce807d4382ae2 Mon Sep 17 00:00:00 2001 From: lapineige Date: Tue, 30 May 2023 10:49:26 +0200 Subject: [PATCH 1/9] fix syntax --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 4cfbe81..ac25ddf 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -37,5 +37,5 @@ location / { } location ~ ^/(proxy|media) { - more_set_headers "default-src 'none'; upgrade-insecure-requests; sandbox;"; + more_set_headers "Content-Security-Policy : default-src 'none'; upgrade-insecure-requests; sandbox;"; } From a51dcd46d60708179ad87568c7c79c8f72360dcc Mon Sep 17 00:00:00 2001 From: lapineige Date: Tue, 30 May 2023 10:50:14 +0200 Subject: [PATCH 2/9] Bump version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 80a038a..dbbe998 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Federated social networking server built on ActivityPub open protocol", "fr": "Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub" }, - "version": "3.9.3~ynh2", + "version": "3.9.3~ynh3", "url": "https://akkoma.social/", "upstream": { "license": "AGPL-3.0-only", From bd8c1ae9ef098a9011a5d92bc201ca1d7cd57722 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 30 May 2023 08:50:17 +0000 Subject: [PATCH 3/9] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d4060a1..46226bf 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Akkoma is a microblogging server software that can federate (= exchange messages with) other servers that support ActivityPub. What that means is that you can host a server for yourself or your friends and stay in control of your online identity, but still exchange messages with people on larger decentrilized and federated network. Akkoma will federate with all servers that implement ActivityPub, like Friendica, GNU Social, Hubzilla, Mastodon, Misskey, Pleroma, Peertube, or Pixelfed. -**Shipped version:** 3.9.3~ynh2 +**Shipped version:** 3.9.3~ynh3 **Demo:** https://otp.akkoma.dev diff --git a/README_fr.md b/README_fr.md index 0dfd446..ed61abd 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Akkoma is a microblogging server software that can federate (= exchange messages with) other servers that support ActivityPub. What that means is that you can host a server for yourself or your friends and stay in control of your online identity, but still exchange messages with people on larger decentrilized and federated network. Akkoma will federate with all servers that implement ActivityPub, like Friendica, GNU Social, Hubzilla, Mastodon, Misskey, Pleroma, Peertube, or Pixelfed. -**Version incluse :** 3.9.3~ynh2 +**Version incluse :** 3.9.3~ynh3 **Démo :** https://otp.akkoma.dev From c5d1b8a95df22dd5dce7d6ea5dd6c73a0967be95 Mon Sep 17 00:00:00 2001 From: Twizzay <88040412+twizzay-code@users.noreply.github.com> Date: Sat, 10 Jun 2023 04:52:18 -0700 Subject: [PATCH 4/9] Update nginx.conf (#40) * Update nginx.conf Fix bug in which media was being scrubbed out by CSP * Use __PORT__ instead of fixed value --------- Co-authored-by: lapineige --- conf/nginx.conf | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index ac25ddf..d5ac03c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -36,6 +36,19 @@ location / { include conf.d/yunohost_panel.conf.inc; } -location ~ ^/(proxy|media) { - more_set_headers "Content-Security-Policy : default-src 'none'; upgrade-insecure-requests; sandbox;"; +rewrite ^/proxy/(.*)/(.*)/.* /proxy/$1/$2 last; + +location ~ ^/(media|proxy) { + proxy_cache akkoma_media_cache; + proxy_cache_key $host$uri$is_args$args; + proxy_http_version 1.1; + proxy_cache_valid 200 206 301 304 1h; + proxy_cache_lock on; + proxy_ignore_client_abort on; + proxy_buffering on; + chunked_transfer_encoding on; +# added some stuff that seirdy said to add to make me bullet proof. B-) https://akkoma.dev/AkkomaGang/akkoma/issues/547#issuecomment-9261 + more_set_headers "Content-Security-Policy : script-src 'none'; default-src 'none'; upgrade-insecure-requests; base-uri 'none'; form-action 'none'; 'sandbox';"; + + proxy_pass http://localhost:__PORT__; } From 53a7d9ac5208bea4a30d427cb9852a7a0a6e542f Mon Sep 17 00:00:00 2001 From: lapineige Date: Mon, 12 Jun 2023 22:35:41 +0200 Subject: [PATCH 5/9] Fix typo --- conf/nginx.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 8120fe3..2a4dc5a 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -51,7 +51,8 @@ location ~ ^/(media|proxy) { more_set_headers "Content-Security-Policy : script-src 'none'; default-src 'none'; upgrade-insecure-requests; base-uri 'none'; form-action 'none'; 'sandbox';"; proxy_pass http://localhost:__PORT__; -======= +} + location ~ ^/(proxy|media) { more_set_headers "Content-Security-Policy : default-src 'none'; upgrade-insecure-requests; sandbox;"; } From 68e17ef37b09310f32395009c6bfca335891f782 Mon Sep 17 00:00:00 2001 From: lapineige Date: Mon, 12 Jun 2023 22:39:35 +0200 Subject: [PATCH 6/9] Bump version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index dbbe998..5f9c4d4 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Federated social networking server built on ActivityPub open protocol", "fr": "Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub" }, - "version": "3.9.3~ynh3", + "version": "3.9.3~ynh4", "url": "https://akkoma.social/", "upstream": { "license": "AGPL-3.0-only", From 9a996666ab6a7c6105aa9912d6fc60e104692119 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 12 Jun 2023 20:39:39 +0000 Subject: [PATCH 7/9] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 46226bf..b129a98 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Akkoma is a microblogging server software that can federate (= exchange messages with) other servers that support ActivityPub. What that means is that you can host a server for yourself or your friends and stay in control of your online identity, but still exchange messages with people on larger decentrilized and federated network. Akkoma will federate with all servers that implement ActivityPub, like Friendica, GNU Social, Hubzilla, Mastodon, Misskey, Pleroma, Peertube, or Pixelfed. -**Shipped version:** 3.9.3~ynh3 +**Shipped version:** 3.9.3~ynh4 **Demo:** https://otp.akkoma.dev diff --git a/README_fr.md b/README_fr.md index ed61abd..28c5145 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Akkoma is a microblogging server software that can federate (= exchange messages with) other servers that support ActivityPub. What that means is that you can host a server for yourself or your friends and stay in control of your online identity, but still exchange messages with people on larger decentrilized and federated network. Akkoma will federate with all servers that implement ActivityPub, like Friendica, GNU Social, Hubzilla, Mastodon, Misskey, Pleroma, Peertube, or Pixelfed. -**Version incluse :** 3.9.3~ynh3 +**Version incluse :** 3.9.3~ynh4 **Démo :** https://otp.akkoma.dev From 936b359e028c9086e1bb4fd93fd94dc37216fca5 Mon Sep 17 00:00:00 2001 From: YunoHost Bot Date: Thu, 27 Jul 2023 15:49:44 +0200 Subject: [PATCH 8/9] [autopatch] Fix Host and X-Forwarded-For header spoofing (#43) Co-authored-by: tituspijean --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 2a4dc5a..e19f23b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,7 +4,7 @@ location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:__PORT__; From f3abfeadb00f58e801c81a9a3944864825d06ccb Mon Sep 17 00:00:00 2001 From: lapineige Date: Fri, 11 Aug 2023 10:53:33 +0200 Subject: [PATCH 9/9] 2023.08 / 3.10.3 / OTP 25.3.2.5 (#46) * 3.10.3 / OTP 25.3.2.5 Security hotfix * 3.10.3 / OTP 25.3.2.5 Security hotfix * Auto-update README --------- Co-authored-by: yunohost-bot --- README.md | 2 +- README_fr.md | 2 +- conf/amd64.src | 4 ++-- manifest.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b129a98..d7b5d70 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Akkoma is a microblogging server software that can federate (= exchange messages with) other servers that support ActivityPub. What that means is that you can host a server for yourself or your friends and stay in control of your online identity, but still exchange messages with people on larger decentrilized and federated network. Akkoma will federate with all servers that implement ActivityPub, like Friendica, GNU Social, Hubzilla, Mastodon, Misskey, Pleroma, Peertube, or Pixelfed. -**Shipped version:** 3.9.3~ynh4 +**Shipped version:** 3.10.3~ynh1 **Demo:** https://otp.akkoma.dev diff --git a/README_fr.md b/README_fr.md index 28c5145..8921e1d 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Akkoma is a microblogging server software that can federate (= exchange messages with) other servers that support ActivityPub. What that means is that you can host a server for yourself or your friends and stay in control of your online identity, but still exchange messages with people on larger decentrilized and federated network. Akkoma will federate with all servers that implement ActivityPub, like Friendica, GNU Social, Hubzilla, Mastodon, Misskey, Pleroma, Peertube, or Pixelfed. -**Version incluse :** 3.9.3~ynh4 +**Version incluse :** 3.10.3~ynh1 **Démo :** https://otp.akkoma.dev diff --git a/conf/amd64.src b/conf/amd64.src index 2471efa..a81a8ba 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://akkoma-updates.s3-website.fr-par.scw.cloud/stable/akkoma-amd64.zip -SOURCE_SUM=53acaecf82283d724c7c64b403b8130d22cbe050f6c224f55f73a158da2c52fe +SOURCE_URL=https://akkoma-updates.s3-website.fr-par.scw.cloud/stable/akkoma-amd64-debian-bullseye.zip +SOURCE_SUM=20bc9b2c2d07203526b798cc0941768f5f40d1598e501cc426d10f45c434f3b5 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index 5f9c4d4..58325a5 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Federated social networking server built on ActivityPub open protocol", "fr": "Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub" }, - "version": "3.9.3~ynh4", + "version": "3.10.3~ynh1", "url": "https://akkoma.social/", "upstream": { "license": "AGPL-3.0-only",