From 357c151ce21d61210d431d9881d8e185ed58407b Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 1 Apr 2021 15:51:49 +0200 Subject: [PATCH 1/6] services.py, python3: missing decode() in subprocess output fetch --- src/yunohost/service.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/yunohost/service.py b/src/yunohost/service.py index d7c3e1db0..e6e960a57 100644 --- a/src/yunohost/service.py +++ b/src/yunohost/service.py @@ -465,6 +465,7 @@ def _get_and_format_service_status(service, infos): if p.returncode == 0: output["configuration"] = "valid" else: + out = out.decode() output["configuration"] = "broken" output["configuration-details"] = out.strip().split("\n") From f878d61f3a916a308d777e7358fb754f595bcc33 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 1 Apr 2021 15:55:46 +0200 Subject: [PATCH 2/6] log.py: don't inject log_ref if the operation didnt start yet --- src/yunohost/log.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/log.py b/src/yunohost/log.py index 7a45565f8..592e76bb4 100644 --- a/src/yunohost/log.py +++ b/src/yunohost/log.py @@ -636,7 +636,7 @@ class OperationLogger(object): # we want to inject the log ref in the exception, such that it may be # transmitted to the webadmin which can then redirect to the appropriate # log page - if isinstance(error, Exception) and not isinstance(error, YunohostValidationError): + if self.started_at and isinstance(error, Exception) and not isinstance(error, YunohostValidationError): error.log_ref = self.name if self.ended_at is not None or self.started_at is None: From 008e9f1dc555f0befdfc62019093f2d31e007e99 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 8 Apr 2021 15:35:09 +0200 Subject: [PATCH 3/6] Missing raw_msg=True --- src/yunohost/dyndns.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/dyndns.py b/src/yunohost/dyndns.py index b2ac3de6d..c7a501b9c 100644 --- a/src/yunohost/dyndns.py +++ b/src/yunohost/dyndns.py @@ -260,7 +260,7 @@ def dyndns_update( ok, result = dig(dyn_host, "A") dyn_host_ip = result[0] if ok == "ok" and len(result) else None if not dyn_host_ip: - raise YunohostError("Failed to resolve %s" % dyn_host) + raise YunohostError("Failed to resolve %s" % dyn_host, raw_msg=True) ok, result = dig(domain, rdtype, resolvers=[dyn_host_ip]) if ok == "ok": From 6fd5f7e86410adc7f647a1d96e078e966f06a294 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 8 Apr 2021 23:56:16 +0200 Subject: [PATCH 4/6] firewall_list: Don't miserably crash when trying to sort port range ("12300:12400", ain't an int) --- src/yunohost/firewall.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/yunohost/firewall.py b/src/yunohost/firewall.py index bc21f1948..af1cea2e3 100644 --- a/src/yunohost/firewall.py +++ b/src/yunohost/firewall.py @@ -188,18 +188,19 @@ def firewall_list(raw=False, by_ip_version=False, list_forwarded=False): for i in ["ipv4", "ipv6"]: f = firewall[i] # Combine TCP and UDP ports - ports[i] = sorted(set(f["TCP"]) | set(f["UDP"])) + ports[i] = sorted(set(f["TCP"]) | set(f["UDP"]), key=lambda p: int(p.split(':')[0]) if isinstance(p, str) else p) if not by_ip_version: # Combine IPv4 and IPv6 ports - ports = sorted(set(ports["ipv4"]) | set(ports["ipv6"])) + ports = sorted(set(ports["ipv4"]) | set(ports["ipv6"]), key=lambda p: int(p.split(':')[0]) if isinstance(p, str) else p) # Format returned dict ret = {"opened_ports": ports} if list_forwarded: # Combine TCP and UDP forwarded ports ret["forwarded_ports"] = sorted( - set(firewall["uPnP"]["TCP"]) | set(firewall["uPnP"]["UDP"]) + set(firewall["uPnP"]["TCP"]) | set(firewall["uPnP"]["UDP"]), + key=lambda p: int(p.split(':')[0]) if isinstance(p, str) else p ) return ret From 575fab8a1985c82b17d7f8915dec9420f59ff6df Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 9 Apr 2021 00:00:40 +0200 Subject: [PATCH 5/6] nginx conf: CSP rules for admin was blocking small images used for checkboxes, radio, pacman in the new webadmin --- data/templates/nginx/plain/yunohost_admin.conf.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/nginx/plain/yunohost_admin.conf.inc b/data/templates/nginx/plain/yunohost_admin.conf.inc index 26f348dea..326e003ee 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf.inc +++ b/data/templates/nginx/plain/yunohost_admin.conf.inc @@ -6,6 +6,6 @@ location /yunohost/admin/ { default_type text/html; index index.html; - more_set_headers "Content-Security-Policy: upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://raw.githubusercontent.com https://paste.yunohost.org wss://$host; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none';"; + more_set_headers "Content-Security-Policy: upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://raw.githubusercontent.com https://paste.yunohost.org wss://$host; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:;"; more_set_headers "Content-Security-Policy-Report-Only:"; } From 2b8ffdfe6602fe097f3ce2499dd2c315dfebc202 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 11 Apr 2021 20:24:59 +0200 Subject: [PATCH 6/6] Update changelog for 4.2.1.1 --- debian/changelog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/debian/changelog b/debian/changelog index fe1f42a23..916ab4edd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +yunohost (4.2.1.1) testing; urgency=low + + - [fix] services.py, python3: missing decode() in subprocess output fetch (357c151c) + - [fix] log.py: don't inject log_ref if the operation didnt start yet (f878d61f) + - [fix] dyndns.py: Missing raw_msg=True (008e9f1d) + - [fix] firewall.py: Don't miserably crash when there are port ranges (6fd5f7e8) + - [fix] nginx conf: CSP rules for admin was blocking small images used for checkboxes, radio, pacman in the new webadmin (575fab8a) + + -- Alexandre Aubin Sun, 11 Apr 2021 20:15:11 +0200 + yunohost (4.2.1) testing; urgency=low - security: Various permissions tweaks to protect from malicious yunohost users (aefc100a, fc26837a)