Update changelog for 11.0.11

security: rework previous fixes to use the new use_remote_user_var_in_nginx_conf in ssowat conf introduced in yunohost 11.1.2
Stupid typo
2024-09-03 20:06:27 +02:00 · 2023-01-10 14:04:43 +01:00 · 2023-01-10 14:02:51 +01:00 · 2023-01-10 14:02:51 +01:00 · 2023-01-10 14:02:51 +01:00 · 2023-01-10 14:02:51 +01:00
23 changed files with 59 additions and 260 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,84 +1,11 @@
-ssowat (11.2.1.1) stable; urgency=low
+ssowat (11.0.11) stable; urgency=low

-  - [i18n] Translations updated for Catalan, French, German, Kabyle, Spanish, Swedish
-
-  Thanks to all contributors <3 ! (Alexandre Aubin, Bram, ButterflyOfFire, Carlos Solís, Christian Wehrli, Gregor, xaloc33)
-
- -- OniriCorpe <oniricorpe@yunohost.org>  Mon, 20 May 2024 00:26:37 +0200
-
-ssowat (11.2) stable; urgency=low
-
-  - i18n: Translations updated for Chinese (Simplified), German, Indonesian, Japanese
-
-  Thanks to all contributors <3 ! (Christian Wehrli, motcha, Neko Nekowazarashi, Poesty Li)
-
- -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 17 Jul 2023 16:34:25 +0200
-
-ssowat (11.1.4) stable; urgency=low
-
-  - Releasing as stable
-
- -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 01 Feb 2023 20:28:06 +0100
-
-ssowat (11.1.3) testing; urgency=low
-
-  - debian: have a proper postinst script that reload (not restart, omg) nginx... (beed8a5)
-
- -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 30 Jan 2023 16:33:17 +0100
-
-ssowat (11.1.2.5) testing; urgency=low
-
-  - Fix auth_header parsing when password contains semicolon ([#204](https://github.com/yunohost/ssowat/pull/204))
-
-  Thanks to all contributors <3 ! (ewilly)
-
- -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 19 Jan 2023 17:21:40 +0100
-
-ssowat (11.1.2.4) testing; urgency=low
-
-  - security: rework previous fixes to use the new use_remote_user_var_in_nginx_conf in ssowat conf introduced in yunohost 11.1.2 (8faa805)
-
- -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 10 Jan 2023 00:03:31 +0100
-
-ssowat (11.1.2.3) testing; urgency=low
-
-  - Stupid typo (4e92965)
-
- -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 09 Jan 2023 20:51:17 +0100
-
-ssowat (11.1.2.2) testing; urgency=low
-
-  - Iterate on previous security fixes: ignore Auth header on PROPFIND routes, and don't drop Auth header which are not Basic auth (92f1e05)
-
- -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 09 Jan 2023 19:47:04 +0100
-
-ssowat (11.1.2.1) testing; urgency=low
-
-  - security: clear custom ssowat headers when user is not logged in ([#209](https://github.com/yunohost/ssowat/pull/209))
-  - security: Also check client-provided auth headers to prevent impersonation (7a2d0ed)
+  - Authentication headers are ONLY set when user is logged in and has access to app Prevents impersonating users on public applications where the auth headers were not cleared (676f157)
+  - security: Also check client-provided auth headers to prevent impersonation, based on new use_remote_user_var_in_nginx_conf in ssowatconf (7e8b0e0, f59accd, f939b63, 56c2726)

  Thanks to all contributors <3 ! (selfhoster1312)

- -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 09 Jan 2023 18:32:46 +0100
-
-ssowat (11.1.2) testing; urgency=low
-
-  - [fix] helpers.lua: openssl v3 support for hmac_sha512 ([#208](https://github.com/yunohost/ssowat/pull/208))
-  - [fix] password check, path to yunohost lib changed in 11.x (71f68b0)
-  - [i18n] Translations updated for Basque, German, Polish, Slovak, Spanish, Ukrainian
-
-  Thanks to all contributors <3 ! (Christian Wehrli, Cyril Romain, Grzegorz Cichocki, Jose Riha, quiwy, Tymofii-Lytvynenko, xabirequejo)
-
- -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 06 Jan 2023 00:40:30 +0100
-
-ssowat (11.1.0) testing; urgency=low
-
-  - User info self-edit would not update displayName (which is supposed to be the same as cn) resulting in inconsistencies (e2996f1)
-  - [i18n] Translations updated for Basque, Galician, Slovak, Turkish
-
-  Thanks to all contributors <3 ! (José M, Jose Riha, Sedat Albayrak, xabirequejo)
-
- -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 25 Oct 2022 22:47:20 +0200
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 10 Jan 2023 14:03:06 +0100

 ssowat (11.0.9) stable; urgency=low

--- a/debian/postinst
+++ b/debian/postinst
@ -1,34 +1,5 @@
 #!/bin/bash

-set -e
-
-do_configure() {
-    systemctl reload nginx || true
-}
-
-# summary of how this script can be called:
-#        * <postinst> `configure' <most-recently-configured-version>
-#        * <old-postinst> `abort-upgrade' <new version>
-#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-#          <new-version>
-#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-#          <failed-install-package> <version> `removing'
-#          <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-case "$1" in
-    configure)
-        do_configure
-    ;;
-    abort-upgrade|abort-remove|abort-deconfigure)
-    ;;
-    *)
-        echo "postinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-#DEBHELPER#
-
+yunohost app ssowatconf > /dev/null 2>&1
+service nginx restart > /dev/null 2>&1
 exit 0
--- a/helpers.lua
+++ b/helpers.lua
@ -112,15 +112,14 @@ function hmac_sha512(key, message)
        -- this is really dirty and probably leak the key and the message in the process list
        -- but if someone got there I guess we really have other problems so this is acceptable
        -- and also this is way better than the previous situation
-        local pipe = io.popen("echo -n '" ..message:gsub("'", "'\\''").. "' | openssl dgst -sha512 -hmac '" ..key:gsub("'", "'\\''").. "'")
+        local pipe = io.popen("echo -n '" ..message:gsub("'", "'\\''").. "' | openssl sha512 -hmac '" ..key:gsub("'", "'\\''").. "'")

        -- openssl returns something like this:
        -- root@yunohost:~# echo -n "qsd" | openssl sha512 -hmac "key"
-        -- SHA2-512(stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
+        -- (stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
        --
-        -- so we need to remove the "SHA2-512(stdin)= " at the beginning ("(stdin)= " on older openssl version)
-        local line = pipe:read()
-        local hash = line:sub(line:find("=") + 2)
+        -- so we need to remove the "(stdin)= " at the beginning
+        local hash = pipe:read():sub(string.len("(stdin)= ") + 1)
        pipe:close()

        cache:set(cache_key, hash, conf["session_timeout"])
@ -276,7 +275,7 @@ function validate_or_clear_basic_auth_header_provided_by_client()

    -- Try to authenticate the user,
    -- or remove the Auth header if not valid
-    _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^([^:]+):(.+)$")
+    _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$")
    user = authenticate(user, password)
    if user then
        logger.debug("User got authenticated through basic auth")
@ -376,7 +375,7 @@ function authenticate(user, password)
        end
        cache:add(user.."-password", password, conf["session_timeout"])
        ngx.log(ngx.NOTICE, "Connected as: "..user)
-        logger.info("User "..user.." successfully authenticated from "..ngx.var.remote_addr)
+        logger.info("User "..user.." succesfully authenticated from "..ngx.var.remote_addr)
        return user

    -- Else, the username/email or the password is wrong
@ -784,7 +783,7 @@ function edit_user()
                -- and the new password against the confirmation field's content
                if args.newpassword == args.confirm then
                    -- Check password validity
-                    local result_msg = secure_cmd_password("python3 /usr/lib/python3/dist-packages/yunohost/utils/password.py", args.newpassword)
+                    local result_msg = secure_cmd_password("python3 /usr/lib/moulinette/yunohost/utils/password.py", args.newpassword)
                    validation_error = true
                    if result_msg == nil or result_msg == "" then
                        validation_error = nil
@ -982,7 +981,6 @@ function edit_user()

                 -- No problem so far, we can write modifications to the LDAP
                 if ldap:modify(dn, {'=', cn = cn,
-                                          displayName = cn,
                                          givenName = args.givenName,
                                          sn = args.sn,
                                          mail = mails,
--- a/maintenance/make_changelog.sh
+++ b/maintenance/make_changelog.sh
@ -1,37 +0,0 @@
-VERSION="11.2.1"
-RELEASE="stable"
-REPO=$(basename $(git rev-parse --show-toplevel))
-REPO_URL=$(git remote get-url origin)
-ME=$(git config --get user.name)
-EMAIL=$(git config --get user.email)
-
-LAST_RELEASE=$(git tag --list 'debian/11.*'  --sort="v:refname" | tail -n 1)
-
-echo "$REPO ($VERSION) $RELEASE; urgency=low"
-echo ""
-
-git log $LAST_RELEASE.. -n 10000 --first-parent --pretty=tformat:'  - %b%s (%h)' \
-| sed -E "s&Merge .*#([0-9]+).*\$& \([#\1]\(http://github.com/YunoHost/$REPO/pull/\1\)\)&g" \
-| sed -E "/Co-authored-by: .* <.*>/d" \
-| grep -v "Translations update from Weblate" \
-| tac
-
-TRANSLATIONS=$(git log $LAST_RELEASE... -n 10000 --pretty=format:"%s"  \
-               | grep "Translated using Weblate" \
-               | sed -E "s/Translated using Weblate \((.*)\)/\1/g"  \
-               | sort | uniq | tr '\n' ', ' | sed -e 's/,$//g' -e 's/,/, /g')
-[[ -z "$TRANSLATIONS" ]] || echo "  - [i18n] Translations updated for $TRANSLATIONS"
-
-echo ""
-CONTRIBUTORS=$(git log -n10 --pretty=format:'%Cred%h%Creset %C(bold blue)(%an) %Creset%Cgreen(%cr)%Creset - %s %C(yellow)%d%Creset' --abbrev-commit $LAST_RELEASE... -n 10000 --pretty=format:"%an" \
-               | sort | uniq  | grep -v "$ME" | grep -v 'yunohost-bot' | grep -vi 'weblate' \
-               | tr '\n' ', ' | sed -e 's/,$//g' -e 's/,/, /g')
-[[ -z "$CONTRIBUTORS" ]] || echo "  Thanks to all contributors <3 ! ($CONTRIBUTORS)"
-echo ""
-echo " -- $ME <$EMAIL>  $(date -R)"
-echo ""
-
-
-
-# PR links can be converted to regular texts using : sed -E 's@\[(#[0-9]*)\]\([^ )]*\)@\1@g'
-# Or readded with sed -E 's@#([0-9]*)@[YunoHost#\1](https://github.com/yunohost/yunohost/pull/\1)@g' | sed -E 's@\((\w+)\)@([YunoHost/\1](https://github.com/yunohost/yunohost/commit/\1))@g'
--- a/portal/locales/ca.json
+++ b/portal/locales/ca.json
@ -45,5 +45,5 @@
    "password_too_simple_2": "La contrasenya ha de tenir un mínim de 8 caràcters i ha de contenir dígits, majúscules i minúscules",
    "password_too_simple_3": "La contrasenya ha de tenir un mínim de 8 caràcters i tenir dígits, majúscules, minúscules i caràcters especials",
    "password_too_simple_4": "La contrasenya ha de tenir un mínim de 12 caràcters i tenir dígits, majúscules, minúscules i caràcters especials",
-    "good_practices_about_user_password": "Tria una contrasenya d'un mínim de 8 caràcters - tot i que és de bona pràctica utilitzar contrasenyes més llargues (com per exemple una frase) i/o utilitzar diferents tipus de caràcters (majúscules, minúscules, dígits i caràcters especials)."
+    "good_practices_about_user_password": "Trieu una contrasenya d'un mínim de 8 caràcters ; tot i que és de bona pràctica utilitzar una contrasenya més llarga (és a dir una frase de contrasenya) i/o utilitzar diferents tipus de caràcters (majúscules, minúscules, dígits i caràcters especials)."
 }
--- a/portal/locales/de.json
+++ b/portal/locales/de.json
@ -24,7 +24,7 @@
    "mail_forward": "E-Mail-Weiterleitung",
    "missing_required_fields": "Die notwendigen Felder müssen ausgefüllt werden",
    "new_forward": "neueweiterleitung@anderedomain.org",
-    "new_mail": "neueadresse@meinedomain.org",
+    "new_mail": "neuemail@meinedomain.org",
    "new_password": "Neues Passwort",
    "ok": "OK",
    "password": "Passwort",
@ -35,12 +35,12 @@
    "please_login_from_portal": "Bitte melden Sie sich über das Portal an",
    "portal": "YunoHost-Portal",
    "user_saving_fail": "Neue Kontoinformationen konnten nicht gespeichert werden",
-    "username": "Benutzername",
+    "username": "Anmeldename",
    "wrong_current_password": "Aktuelles Passwort ist falsch",
    "wrong_username_password": "Falscher Anmeldename oder Passwort",
-    "redirection_error_invalid_url": "Weiterleitungsfehler: Ungültige URL",
-    "redirection_error_unmanaged_domain": "Weiterleitungsfehler: Nicht-verwaltete Domain",
-    "good_practices_about_user_password": "Wählen Sie ein Benutzerpasswort mit mindestens 8 Zeichen - es ist jedoch empfehlenswert, ein längeres Passwort (z.B. eine Passphrase) und/oder verschiedene Arten von Zeichen (Groß- und Kleinschreibung, Ziffern und Sonderzeichen) zu verwenden.",
+    "redirection_error_invalid_url": "Fehler bei Weiterleitung: Ungültige URL",
+    "redirection_error_unmanaged_domain": "Fehler bei Weiterleitung: Nicht-verwaltete Domain",
+    "good_practices_about_user_password": "Wähle ein Kontenpasswort mit mindestens 8 Zeichen - es ist jedoch empfehlenswert, ein längeres Passwort (z.B. eine Passphrase) und/oder verschiedene Arten von Zeichen (Groß- und Kleinschreibung, Ziffern und Sonderzeichen) zu verwenden.",
    "password_too_simple_3": "Das Passwort muss mindestens 8 Zeichen lang sein und Grossbuchstaben, Kleinbuchstaben, Zahlen und Sonderzeichen enthalten",
    "password_too_simple_2": "Das Passwort muss mindestens 8 Zeichen lang sein und Gross- und Kleinbuchstaben sowie Zahlen enthalten",
    "password_listed": "Dieses Passwort zählt zu den meistgenutzten Passwörtern der Welt. Bitte wähle ein anderes, einzigartigeres Passwort.",
--- a/portal/locales/es.json
+++ b/portal/locales/es.json
@ -21,7 +21,7 @@
    "logout": "Cerrar sesión",
    "mail_addresses": "Direcciones de correo electrónico",
    "mail_already_used": "Dirección de correo electrónico ya está en uso",
-    "mail_forward": "Dirección de reenvío de correo electrónico",
+    "mail_forward": "Direcciones de reenvío de correo electrónico",
    "missing_required_fields": "Faltan campos obligatorios",
    "new_forward": "nuevoreenvio@midominioexterior.org",
    "new_mail": "nuevomail@midominio.org",
@ -43,7 +43,7 @@
    "password_listed": "Esta contraseña se encuentra entre las contraseñas más utilizadas en el mundo. Por favor, elija algo un poco más único.",
    "password_too_simple_1": "La contraseña debe tener al menos 8 caracteres de longitud",
    "password_too_simple_2": "La contraseña debe tener al menos 8 caracteres de longitud y contiene dígitos, mayúsculas y minúsculas",
-    "password_too_simple_3": "La contraseña debe ser de al menos 8 caracteres de longitud e incluir un número y caracteres en mayúsculas, minúsculas y caracteres especiales",
-    "password_too_simple_4": "La contraseña debe ser de al menos 12 caracteres de longitud e incluir un número, mayúsculas, minúsculas y caracteres especiales",
-    "good_practices_about_user_password": "Está a punto de establecer una nueva contraseña de usuario. La contraseña debería de ser de al menos 8 caracteres, aunque es una buena práctica usar una contraseña más larga (es decir, una frase de paso) y/o usar varias clases de caracteres (mayúsculas, minúsculas, dígitos y caracteres especiales)."
+    "password_too_simple_3": "La contraseña debe tener al menos 8 caracteres de longitud y contiene dígitos, mayúsculas, minúsculas y caracteres especiales",
+    "password_too_simple_4": "La contraseña debe tener al menos 12 caracteres de longitud y contiene dígitos, mayúsculas, minúsculas y caracteres especiales",
+    "good_practices_about_user_password": "Elija una contraseña de usuario de al menos 8 caracteres, aunque es una buena práctica usar una más larga (es decir, una frase de contraseña) y/o usar varios tipos de caracteres (mayúsculas, minúsculas, dígitos y caracteres especiales)."
 }
--- a/portal/locales/eu.json
+++ b/portal/locales/eu.json
@ -5,9 +5,9 @@
    "footerlink_edit": "Editatu profila",
    "redirection_error_unmanaged_domain": "Birzuzenketa errorea: kudeatu gabeko domeinua",
    "redirection_error_invalid_url": "Birbideraketa errorea: URL okerra",
-    "please_login_from_portal": "Hasi saioa atarian",
-    "please_login": "Hasi saioa edukira sartzeko",
-    "logged_out": "Saioa amaituta",
+    "please_login_from_portal": "Mesedez, hasi saioa atarian",
+    "please_login": "Mesedez, hasi saioa edukira sartzeko",
+    "logged_out": "Saioa itxita",
    "wrong_username_password": "Erabiltzaile-izen edo pasahitz okerra",
    "missing_required_fields": "Bete beharreko eremuak",
    "user_saving_fail": "Ezinezkoa izan da erabiltzailearen informazio berria gordetzea",
@ -17,16 +17,16 @@
    "invalid_domain": "Domeinu okerra",
    "invalid_mail": "Helbide elektronikoa ez da zuzena",
    "wrong_current_password": "Oraingo pasahitza okerra da",
-    "good_practices_about_user_password": "Aukeratu gutxienez 8 karaktere dituen erabiltzaile-pasahitz bat — baina gomendioa pasahitz luzeagoak erabiltzea da (adibidez, esaldi bat) edota karaktere desberdinak erabiltzea (larriak, txikiak, zenbakiak eta karaktere bereziak).",
-    "password_too_simple_4": "Pasahitzak 12 karaktere izan behar ditu gutxienez eta zenbakiren bat, hizki larriren bat, txikiren bat eta karaktere bereziren bat izan behar ditu",
-    "password_too_simple_3": "Pasahitzak 8 karaktere izan behar ditu gutxienez eta zenbakiak, hizki larriak, hizki txikiak eta karaktere bereziak izan behar ditu",
-    "password_too_simple_2": "Pasahitzak 8 karaktere izan behar ditu gutxienez eta zenbakiak, hizki larriak eta hizki txikiak izan behar ditu",
-    "password_too_simple_1": "Pasahitzak 8 karaktere izan behar ditu gutxienez",
-    "password_listed": "Pasahitz hau munduko pasahitz erabilienen artean dago. Aukeratu bereziagoa den zerbait.",
+    "good_practices_about_user_password": "Aukeratu gutxienez zortzi karaktere dituen erabiltzaile-pasahitz bat — baina gomendioa pasahitz luzeagoak erabiltzea da (adibidez, esaldi bat) edota karaktere desberdinak erabiltzea (larriak, txikiak, zenbakiak eta karaktere bereziak).",
+    "password_too_simple_4": "Pasahitzak gutxienez 12 karaktere izan behar ditu eta zenbakiak, hizki larriak, hizki txikiak eta karaktere bereziak izan behar ditu",
+    "password_too_simple_3": "Pasahitzak gutxienez zortzi karaktere izan behar ditu eta zenbakiak, hizki larriak, hizki txikiak eta karaktere bereziak izan behar ditu",
+    "password_too_simple_2": "Pasahitzak gutxienez zortzi karaktere izan behar ditu eta zenbakiak, hizki larriak eta hizki txikiak izan behar ditu",
+    "password_too_simple_1": "Pasahitzak gutxienez zortzi karaktere izan behar ditu",
+    "password_listed": "Pasahitz hau munduko pasahitz erabilienen artean dago. Mesedez, aukeratu bereziagoa den zerbait.",
    "password_not_match": "Pasahitzak ez datoz bat",
    "password_changed_error": "Ezin izan da pasahitza aldatu",
    "password_changed": "Pasahitza aldatu da",
-    "logout": "Amaitu saioa",
+    "logout": "Itxi saioa",
    "login": "Hasi saioa",
    "confirm": "Berretsi",
    "new_password": "Pasahitz berria",
--- a/portal/locales/fr.json
+++ b/portal/locales/fr.json
@ -34,16 +34,16 @@
    "please_login": "Veuillez vous identifier pour accéder à cette page",
    "please_login_from_portal": "Veuillez vous identifier depuis le portail",
    "portal": "Portail YunoHost",
-    "user_saving_fail": "Impossible d'enregistrer les nouvelles informations de compte",
-    "username": "Nom du compte",
+    "user_saving_fail": "Impossible d'enregistrer les nouvelles informations utilisateur",
+    "username": "Nom d’utilisateur",
    "wrong_current_password": "Le mot de passe actuel est incorrect",
-    "wrong_username_password": "Nom de compte ou mot de passe incorrect",
-    "redirection_error_invalid_url": "Erreur de redirection : URL invalide",
-    "redirection_error_unmanaged_domain": "Erreur de redirection : domaine non géré",
+    "wrong_username_password": "Nom d’utilisateur ou mot de passe incorrect",
+    "redirection_error_invalid_url": "Erreur de redirection : URL invalide",
+    "redirection_error_unmanaged_domain": "Erreur de redirection : domaine non géré",
    "password_listed": "Ce mot de passe est l'un des mots de passe les plus utilisés dans le monde. Veuillez choisir quelque chose d'un peu plus singulier.",
    "password_too_simple_1": "Le mot de passe doit comporter au moins 8 caractères",
    "password_too_simple_2": "Le mot de passe doit comporter au moins 8 caractères et contenir des chiffres, des majuscules et des minuscules",
    "password_too_simple_3": "Le mot de passe doit comporter au moins 8 caractères et contenir des chiffres, des majuscules, des minuscules et des caractères spéciaux",
    "password_too_simple_4": "Le mot de passe doit comporter au moins 12 caractères et contenir des chiffres, des majuscules, des minuscules et des caractères spéciaux",
-    "good_practices_about_user_password": "Choisissez un mot de passe d’au moins 8 caractères, bien qu'il soit recommandé d'utiliser un mot de passe plus long (c'est-à-dire une phrase secrète) et/ou une combinaison de caractères (majuscules, minuscules, chiffres et caractères spéciaux)."
+    "good_practices_about_user_password": "Choisissez un mot de passe utilisateur d’au moins 8 caractères, bien qu'il soit recommandé d'utiliser un mot de passe plus long (c'est-à-dire une phrase secrète) et/ou une combinaison de caractères (majuscules, minuscules, chiffres et caractères spéciaux)."
 }
--- a/portal/locales/gl.json
+++ b/portal/locales/gl.json
@ -43,7 +43,7 @@
    "mail_addresses": "Enderezos de email",
    "fullname": "Nome completo",
    "password": "Contrasinal",
-    "username": "Identificador",
+    "username": "Nome de usuaria",
    "information": "A túa info",
    "portal": "Portal YunoHost"
 }
--- a/portal/locales/he.json
+++ b/portal/locales/he.json
@ -1 +0,0 @@
-{}
--- a/portal/locales/id.json
+++ b/portal/locales/id.json
@ -2,9 +2,9 @@
    "cancel": "Batal",
    "portal": "Portal YunoHost",
    "information": "Info Anda",
-    "username": "Nama Pengguna",
+    "username": "Nama pengguna",
    "password": "Kata sandi",
-    "fullname": "Nama Lengkap",
+    "fullname": "Nama lengkap",
    "mail_addresses": "Alamat surel",
    "mail_forward": "Alamat surel terusan",
    "new_mail": "surelbaru@domainku.org",
@ -23,7 +23,7 @@
    "password_changed_error": "Tidak dapat mengubah kata sandi",
    "password_not_match": "Kata sandi tidak sama",
    "password_listed": "Kata sandi ini merupakan salah satu kata sandi yang paling sering digunakan di dunia. Coba pilih sesuatu yang lebih unik.",
-    "password_too_simple_1": "Panjang kata sandi harus paling tidak 8 karakter",
+    "password_too_simple_1": "Kata sandi harus memiliki sekurang-kurangnya 8 karakter",
    "wrong_current_password": "Kata sandi saat ini salah",
    "invalid_mail": "Alamat surel tidak valid",
    "mail_already_used": "Alamat surel sudah digunakan",
@ -32,18 +32,11 @@
    "wrong_username_password": "Nama pengguna atau kata sandi salah",
    "logged_out": "Berhasil keluar",
    "please_login": "Masuk untuk mengakses konten ini",
-    "please_login_from_portal": "Silakan masuk dari portal",
+    "please_login_from_portal": "Harap masuk dari portal",
    "redirection_error_invalid_url": "Kesalahan pengalihan: URL tidak valid",
    "redirection_error_unmanaged_domain": "Kesalahan pengalihan: Domain tak dikelola",
    "footerlink_edit": "Sunting profil saya",
    "footerlink_documentation": "Dokumentasi",
    "footerlink_support": "Dukungan",
-    "footerlink_administration": "Administrasi",
-    "password_too_simple_2": "Kata sandi harus sekurang-kurangnya 8 karakter dan memiliki angka, huruf kapital dan huruf kecil",
-    "password_too_simple_3": "Kata sandi harus sekurang-kurangnya 8 karakter dan memiliki angka, huruf kapital, huruf kecil, dan karakter spesial",
-    "password_too_simple_4": "Kata sandi harus sekurang-kurangnya 12 karakter dan memiliki angka, huruf kapital, huruf kecil, dan karakter spesial",
-    "good_practices_about_user_password": "Pilih kata sandi sekurang-kurangnya 8 karakter - meskipun memang adalah hal yang baik jika menggunakan yang lebih panjang (cth. parafrasa) dan/atau menggunakan berbagai macam karakter (kapital, huruf kecil, angka, dan karakter lainnya).",
-    "invalid_domain": "Domain tidak valid di",
-    "invalid_mailforward": "Alamat surel terusan tidak valid",
-    "missing_required_fields": "Isi bidang yang diperlukan"
+    "footerlink_administration": "Administrasi"
 }
--- a/portal/locales/ja.json
+++ b/portal/locales/ja.json
@ -1,49 +0,0 @@
-{
-    "portal": "YunoHost ポータル",
-    "information": "あなたの情報",
-    "username": "ユーザー名",
-    "password": "パスワード",
-    "fullname": "フルネーム",
-    "mail_addresses": "電子メールアドレス",
-    "mail_forward": "電子メール転送アドレス",
-    "new_mail": "newmail@mydomain.org",
-    "add_mail": "電子メール エイリアスを追加",
-    "add_forward": "電子メール転送アドレスを追加",
-    "ok": "OK",
-    "change_password": "パスワード変更",
-    "edit": "編集",
-    "new_password": "新しいパスワード",
-    "confirm": "確認",
-    "logout": "ログアウト",
-    "password_changed": "パスワードが変更されました",
-    "password_not_match": "パスワードが一致しません",
-    "password_too_simple_1": "パスワードは8文字以上である必要があります",
-    "password_too_simple_2": "パスワードは8文字以上で、数字/大文字/小文字の全てを含む必要があります",
-    "password_too_simple_3": "パスワードは8文字以上で、数字/大文字/小文字/特殊文字の全てを含む必要があります",
-    "password_too_simple_4": "パスワードは12文字以上で、数字/大文字/小文字/特殊文字の全てを含む必要があります",
-    "wrong_current_password": "現在のパスワードが間違っています",
-    "invalid_mail": "不正な電子メールアドレス",
-    "invalid_domain": "不正なドメイン",
-    "invalid_mailforward": "不正な電子メール転送アドレス",
-    "mail_already_used": "電子メールアドレスは既に使われています",
-    "information_updated": "情報が更新されました",
-    "user_saving_fail": "新しいユーザー情報を保存できませんでした",
-    "missing_required_fields": "必須フィールドに入力してください",
-    "wrong_username_password": "ユーザー名かパスワードが間違っています",
-    "logged_out": "ログアウトしました",
-    "please_login": "このコンテンツにアクセスするにはログインしてください",
-    "please_login_from_portal": "ポータルからログインしてください",
-    "redirection_error_invalid_url": "リダイレクションエラー: 不正なURL",
-    "redirection_error_unmanaged_domain": "リダイレクションエラー: 管理されていないドメイン",
-    "footerlink_edit": "プロフィールを編集する",
-    "footerlink_documentation": "ドキュメント",
-    "footerlink_support": "サポート",
-    "footerlink_administration": "管理",
-    "cancel": "キャンセル",
-    "new_forward": "newforward@myforeigndomain.org",
-    "current_password": "現在のパスワード",
-    "login": "ログイン",
-    "password_changed_error": "パスワードは変更できませんでした",
-    "password_listed": "このパスワードは世界で最も使われているパスワードのひとつです。もう少しユニークなものを選んでください。",
-    "good_practices_about_user_password": "ユーザーパスワードは最低でも8文字、より長いもの（パスフレーズなど）にしたり、さまざまな種類の文字（大文字、小文字、数字、特殊文字）を使うことが望ましいです。"
-}
--- a/portal/locales/kab.json
+++ b/portal/locales/kab.json
@ -1,5 +1,5 @@
 {
-    "username": "Isem n useqdac",
+    "username": "Nom d'utilisateur",
    "password": "Awal n uɛeddi",
    "fullname": "Isem inek ummid",
    "ok": "Ih",
--- a/portal/locales/ko.json
+++ b/portal/locales/ko.json
@ -1 +0,0 @@
-{}
--- a/portal/locales/lt.json
+++ b/portal/locales/lt.json
@ -1 +0,0 @@
-{}
--- a/portal/locales/pl.json
+++ b/portal/locales/pl.json
@ -3,7 +3,7 @@
    "cancel": "Anuluj",
    "change_password": "Zmień hasło",
    "confirm": "Potwierdź",
-    "current_password": "Aktualne hasło",
+    "current_password": "Aktualne  hasło",
    "edit": "Edytuj",
    "footerlink_administration": "Panel administracyjny",
    "footerlink_documentation": "Dokumentacja",
--- a/portal/locales/pt_BR.json
+++ b/portal/locales/pt_BR.json
@ -1 +0,0 @@
-{}
--- a/portal/locales/sk.json
+++ b/portal/locales/sk.json
@ -7,7 +7,7 @@
    "new_mail": "novymail@mojadomena.org",
    "new_forward": "novepreposielanie@mojadalsiadomena.org",
    "add_mail": "Pridať e-mailovú prezývku/alias",
-    "add_forward": "Pridať e-mailovú adresu pre preposielanie",
+    "add_forward": "Pridat e-mailovú adresu pre preposielanie",
    "ok": "OK",
    "cancel": "Zrušiť",
    "change_password": "Zmeniť heslo",
@ -36,7 +36,7 @@
    "missing_required_fields": "Vyplňte požadované údaje",
    "wrong_username_password": "Chybné meno používateľa alebo heslo",
    "logged_out": "Boli ste odhlásený",
-    "please_login": "Pre zobrazenie obsahu sa, prosím, prihláste",
+    "please_login": "Prihláste sa, prosím, aby ste získali prístup k údajom na tejto stránke",
    "please_login_from_portal": "Prosím, prihláste sa z portálu",
    "redirection_error_invalid_url": "Chyba presmerovania: Neplatná adresa URL",
    "redirection_error_unmanaged_domain": "Chyba presmerovania: Neregistrovaná doména",
--- a/portal/locales/sv.json
+++ b/portal/locales/sv.json
@ -45,5 +45,5 @@
    "please_login_from_portal": "Logga in från portalen",
    "please_login": "Logga in för att få tillgång till det här innehållet",
    "invalid_mailforward": "Ogiltig e-post vidarebefordringsadress",
-    "good_practices_about_user_password": "Välj ett användarlösenord på minst åtta tecken - även om det är bra att använda längre (dvs ett lösenord) och / eller använda olika typer av tecken (versaler gemener, siffror och specialtecken)."
+    "good_practices_about_user_password": "Välj ett användarlösenord på minst åtta tecken - även om det är bra att använda längre (dvs ett lösenord) och / eller använda olika typer av tecken (versaler, versaler, siffror och specialtecken)."
 }
--- a/portal/locales/tr.json
+++ b/portal/locales/tr.json
@ -40,9 +40,9 @@
    "wrong_username_password": "Yanlış kullanıcı adı veya parola",
    "redirection_error_unmanaged_domain": "Yönlendirme hatası: Yönetilmeyen alan",
    "redirection_error_invalid_url": "Yönlendirme hatası: Geçersiz URL",
-    "good_practices_about_user_password": "En az 8 karakterden oluşan bir kullanıcı şifresi seçin - daha uzun olanları (örneğin bir şifre) ve / veya çeşitli karakterleri (büyük harf, küçük harf, rakam ve özel karakterler) kullanmak daha iyidir.",
-    "password_too_simple_4": "Şifrenin en az 12 karakter uzunluğunda olması ve rakam, büyük ve küçük harfler, özel karakterler içermesi gerekir",
-    "password_too_simple_3": "Şifrenin en az 8 karakter uzunluğunda olması ve rakam, büyük ve küçük harfler, özel karakterler içermesi gerekir",
+    "good_practices_about_user_password": "En az 8 karakterden oluşan bir kullanıcı şifresi seçin - daha uzun olanları (örneğin bir şifre) ve / veya çeşitli karakterleri (büyük harf, küçük harf, rakam ve özel karakterler) kullanmak iyi bir uygulamadır.",
+    "password_too_simple_4": "Şifrenin en az 12 karakter uzunluğunda olması ve rakam, üst, alt ve özel karakterler içermesi gerekir",
+    "password_too_simple_3": "Şifrenin en az 8 karakter uzunluğunda olması ve rakam, üst, alt ve özel karakterler içermesi gerekir",
    "password_too_simple_2": "Şifrenin en az 8 karakter uzunluğunda olması ve rakam, üst ve alt karakterler içermesi gerekir",
    "password_too_simple_1": "Şifre en az 8 karakter uzunluğunda olmalı",
    "password_listed": "Bu şifre dünyada en çok kullanılan şifreler arasındadır. Lütfen biraz daha benzersiz bir şey seçin."
--- a/portal/locales/uk.json
+++ b/portal/locales/uk.json
@ -1,7 +1,7 @@
 {
    "cancel": "Скасувати",
    "logged_out": "Ви вийшли з системи",
-    "footerlink_administration": "Адміністрування",
+    "footerlink_administration": "Адміністрація",
    "footerlink_support": "Підтримка",
    "footerlink_documentation": "Документація",
    "footerlink_edit": "Редагувати мій профіль",
--- a/portal/locales/zh_Hans.json
+++ b/portal/locales/zh_Hans.json
@ -1,7 +1,7 @@
 {
    "footerlink_administration": "管理",
    "footerlink_support": "支持",
-    "footerlink_documentation": "文档",
+    "footerlink_documentation": "文献资料",
    "footerlink_edit": "编辑我的个人资料",
    "redirection_error_unmanaged_domain": "重定向错误：非托管域",
    "redirection_error_invalid_url": "重定向错误：无效的 URL",
@ -34,16 +34,16 @@
    "edit": "编辑",
    "change_password": "更改密码",
    "cancel": "取消",
-    "ok": "ОК",
+    "ok": "好",
    "add_forward": "添加电子邮件转发地址",
    "add_mail": "添加电子邮件别名",
-    "new_forward": "新转发@我的外部域.org",
-    "new_mail": "新邮件@我的域.org",
+    "new_forward": "新前进@我的外国域名.org",
+    "new_mail": "新邮件@我的域名.org",
    "mail_forward": "邮件转发地址",
    "mail_addresses": "电子邮件地址",
    "fullname": "全名",
    "password": "密码",
    "username": "用户名",
    "information": "您的资料",
-    "portal": "YunoHost 门户"
+    "portal": "YunoHost门户"
 }
Author	SHA1	Message	Date
Alexandre Aubin	226e3bdf4c	Update changelog for 11.0.11	2023-01-10 14:04:43 +01:00
Alexandre Aubin	56c2726237	security: rework previous fixes to use the new use_remote_user_var_in_nginx_conf in ssowat conf introduced in yunohost 11.1.2	2023-01-10 14:02:51 +01:00
Alexandre Aubin	f939b63241	Stupid typo	2023-01-10 14:02:51 +01:00
Alexandre Aubin	f59accd10e	Iterate on previous security fixes: ignore Auth header on PROPFIND routes, and don't drop Auth header which are not Basic auth	2023-01-10 14:02:51 +01:00
Alexandre Aubin	7e8b0e037f	security: Also check client-provided auth headers to prevent impersonation	2023-01-10 14:02:51 +01:00
selfhoster1312	676f157194	Authentication headers are ONLY set when user is logged in and has access to app Prevents impersonating users on public applications where the auth headers were not cleared	2023-01-10 14:02:51 +01:00