/[smeserver]/rpms/smeserver-horde/sme10/smeserver-horde-1.0.0-bz10945-bz11443-bz11433-bz11431.patch
ViewVC logotype

Annotation of /rpms/smeserver-horde/sme10/smeserver-horde-1.0.0-bz10945-bz11443-bz11433-bz11431.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Wed Mar 10 21:37:12 2021 UTC (3 years, 3 months ago) by jpp
Branch: MAIN
CVS Tags: smeserver-horde-1_0_0-33_el7_sme, smeserver-horde-1_0_0-27_el7_sme, smeserver-horde-1_0_0-25_el7_sme, smeserver-horde-1_0_0-26_el7_sme, smeserver-horde-1_0_0-29_el7_sme, smeserver-horde-1_0_0-30_el7_sme, smeserver-horde-1_0_0-35_el7_sme, smeserver-horde-1_0_0-32_el7_sme, smeserver-horde-1_0_0-28_el7_sme, smeserver-horde-1_0_0-31_el7_sme, smeserver-horde-1_0_0-34_el7_sme, HEAD 
* Wed Mar 10 2021 Jean-Philipe Pialasse <tests@pialasse.com> 1.0.0-25.sme
- apply the configuration hash of [SME: 11308]
- improved php basedir, with filtering of noise for gpg [SME: 10945]
- force SSL for horde [SME: 11443]
- fix horde not honoring switch to php-fpm 5.4 [SME: 11433]
- update mail settings for the php-pool [SME: 11431]
1 jpp 1.1 diff -Nur --no-dereference smeserver-horde-1.0.0.old/createlinks smeserver-horde-1.0.0/createlinks
2     --- smeserver-horde-1.0.0.old/createlinks 2021-03-10 01:11:22.732000000 -0500
3     +++ smeserver-horde-1.0.0/createlinks 2021-03-10 02:00:28.856000000 -0500
4     @@ -219,7 +219,7 @@
5     "/etc/httpd/conf/httpd.conf",
6     $event);
7    
8     -foreach $service ( qw(php55-php-fpm php56-php-fpm php70-php-fpm php71-php-fpm php72-php-fpm php73-php-fpm php74-php-fpm) ){
9     +foreach $service ( qw(php-fpm php55-php-fpm php56-php-fpm php70-php-fpm php71-php-fpm php72-php-fpm php73-php-fpm php74-php-fpm) ){
10     safe_symlink("reload-or-restart", "root/etc/e-smith/events/".($event, qw(email-update) )."/services2adjust/$service");
11     }
12    
13     diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/defaults/imp/access smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/defaults/imp/access
14     --- smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/defaults/imp/access 2005-03-15 10:17:45.000000000 -0500
15     +++ smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/defaults/imp/access 1969-12-31 19:00:00.000000000 -0500
16     @@ -1 +0,0 @@
17     -SSL
18     diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/migrate/50horde smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/migrate/50horde
19     --- smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/migrate/50horde 1969-12-31 19:00:00.000000000 -0500
20     +++ smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/migrate/50horde 2021-03-10 16:15:43.427000000 -0500
21     @@ -0,0 +1,7 @@
22     +{
23     + #remove access entry for imp as we only accept SSL now
24     + $DB->get_prop_and_delete( 'imp', 'access' );
25     +
26     +
27     +
28     +}
29     diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess
30     --- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess 2021-03-10 01:11:22.695000000 -0500
31     +++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess 2021-03-10 16:15:42.154000000 -0500
32     @@ -16,6 +16,7 @@
33     $OUT .= qq(
34     # Horde specific configuration files.
35     <Directory /usr/share/horde/>
36     + SSLRequireSSL
37     <FilesMatch "test.php\$">
38     Order Deny,Allow
39     Deny from all
40     @@ -46,10 +47,14 @@
41     }
42     else
43     {
44     + my $c = esmith::ConfigDB->open_ro || die "Couldn't open the config database";
45     + my $version = PhpFpmVersionToUse($c->get('horde'),'72');
46     $OUT .= qq(
47     SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
48     - <FilesMatch \.php\$>
49     - SetHandler "proxy:unix:/var/run/php-fpm/horde.sock|fcgi://localhost"
50     + <FilesMatch \\.php\$>
51     + <If "-f \%\{SCRIPT_FILENAME\}">
52     + SetHandler "proxy:unix:/var/run/php-fpm/php$version-horde.sock|fcgi://localhost"
53     + </If>
54     </FilesMatch>
55     RewriteEngine On
56     RewriteCond %{REQUEST_FILENAME} !-d
57     diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases
58     --- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases 2021-03-10 01:11:22.715000000 -0500
59     +++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases 2021-03-10 16:15:42.400000000 -0500
60     @@ -3,7 +3,6 @@
61    
62     $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no';
63     my $webmailStatus = $imp{'status'} || "disabled";
64     - my $webmailAccessType = $imp{'access'} || "SSL";
65    
66     my $dirs;
67     $dirs{horde} = '/usr/share/horde';
68     @@ -14,7 +13,7 @@
69    
70     foreach $place ('webmail','horde')
71     {
72     - if (($port eq "$httpPort") && ($haveSSL eq 'yes') && ($webmailAccessType eq 'SSL'))
73     + if (($port eq "$httpPort") && ($haveSSL eq 'yes') )
74     {
75     my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort";
76     $OUT .= " RewriteRule ^/$place(/.*|\$) https://%{HTTP_HOST}${portspec}/$place\$1 [L,R]\n";
77     diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases
78     --- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases 2021-03-10 01:11:22.715000000 -0500
79     +++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases 2021-03-10 16:15:42.662000000 -0500
80     @@ -1,13 +1,12 @@
81     {
82     $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no';
83     my $webmailStatus = $imp{'status'} || "disabled";
84     - my $webmailAccessType = $imp{'access'} || "SSL";
85     my $syncStatus = $horde{'ActiveSync'} || "disabled";
86    
87     return " # ActiveSync is disabled"
88     unless $webmailStatus eq 'enabled' && $syncStatus eq 'enabled';
89    
90     - if (($port eq "$httpPort") && ($syncStatus eq 'enabled') && ($haveSSL eq 'yes') && ($webmailAccessType eq 'SSL'))
91     + if (($port eq "$httpPort") && ($syncStatus eq 'enabled') && ($haveSSL eq 'yes') )
92     {
93     my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort";
94     $OUT .= " RewriteRule ^/Microsoft-Server-ActiveSync(/.*|\$) https://%{HTTP_HOST}${portspec}/webmail/rpc.php\$1 [L,R]\n";
95     diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde
96     --- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde 2021-03-10 01:11:22.711000000 -0500
97     +++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde 2021-03-10 16:15:41.907000000 -0500
98     @@ -1,9 +1,10 @@
99     {
100     -use esmith::ConfigDB;
101     -my $c = esmith::ConfigDB->open_ro || die "Couldn't opeen the configuration database\n";
102     -my $horde = $c->get( "horde" );
103     + use esmith::ConfigDB;
104     + use esmith::php;
105     + my $c = esmith::ConfigDB->open_ro || die "Couldn't opeen the configuration database\n";
106     + my $horde = $c->get( "horde" );
107    
108     - my $version = $horde->prop('PHPVersion') || '72';
109     + my $version = PhpFpmVersionToUse($horde,"72"); #$horde->prop('PHPVersion') || '72';
110     my $status = $horde->prop('status') || 'disabled';
111     return unless ($status eq 'enabled' && $version eq $PHP_VERSION);
112     my $key = $horde->key;
113     @@ -15,17 +16,26 @@
114     my $post_max_size = $horde->prop('PHPPostMaxSize') || '10M';
115     my $upload_max_filesize = $horde->prop('PHPUploadMaxFilesize') || '10M';
116     my $file_upload = $horde->prop('PHPFileUpload') || 'enabled';
117     - my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data:/usr/share/php";
118     + my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data/:/usr/share/php".
119     + ":/opt/remi/php55/root/usr/share/pear-data/:/opt/remi/php56/root/usr/share/pear-data/".
120     + ":/opt/remi/php70/root/usr/share/pear-data/:/opt/remi/php71/root/usr/share/pear-data/:/opt/remi/php72/root/usr/share/pear-data/: /opt/remi/php73/root/usr/share/pear-data/: /opt/remi/php74/root/usr/share/pear-data/".
121     + ":/opt/remi/php55/root/usr/share/pear/:/opt/remi/php56/root/usr/share/pear/".
122     + ":/opt/remi/php70/root/usr/share/pear/:/opt/remi/php71/root/usr/share/pear/:/opt/remi/php72/root/usr/share/pear/: /opt/remi/php73/root/usr/share/pear/: /opt/remi/php74/root/usr/share/pear/" ;
123     my $open_basedir = $horde->prop('PHPBaseDir') || '/usr/share/horde' .
124     - ':/etc/horde/' .
125     - ':/var/lib/php/' . $key .
126     - ":$include_path" .
127     - ":/etc/resolv.conf".
128     - ":/usr/bin/gpg" ;
129     + ':/etc/horde/' .
130     + ':/var/lib/php/' . $key .
131     + ":$include_path" .
132     + ":/etc/resolv.conf".
133     + ":/usr/bin/gpg:/usr/bin/gpg2:/usr/bin/hunspell:/usr/bin/openssl:/home/e-smith/ssl.crt/:/usr/bin/convert:/usr/bin/identify:/usr/bin/misc/magic".
134     + ":/usr/bin/quota:/bin/grep:/etc/mtab";
135     + # needed for php-fpm 5.4, does not seem to handle the sys_temp_dir
136     + # not that a security concern as systemd use a rooted /tmp
137     + $open_basedir .= ":/tmp/" if $version eq "";
138     my $disabled_functions = $horde->prop('PHPDisabledFunctions') || 'system,show_source,' .
139     'symlink,exec,dl,shell_exec,' .
140     'passthru,phpinfo,' .
141     'escapeshellarg,escapeshellcmd';
142     + my $MailForceSender = $horde->prop('MailForceSender') || "$name\@$DomainName";
143     # Format vars
144     $file_upload = ($file_upload =~ m/^1|yes|on|enabled$/) ? 'on' : 'off';
145     $allow_url_fopen = "off" ; # ($allow_url_fopen =~ m/^1|yes|on|enabled$/) ? 'on' : 'off';
146     @@ -40,7 +50,7 @@
147     listen.owner = root
148     listen.group = www
149     listen.mode = 0660
150     -listen = /var/run/php-fpm/$pool_name.sock
151     +listen = /var/run/php-fpm/php$version-$pool_name.sock
152     pm = dynamic
153     pm.max_children = 15
154     pm.start_servers = 3
155     @@ -52,7 +62,7 @@
156     php_admin_value[opcache.file_cache] = /var/lib/php/$key/opcache
157     php_admin_value[upload_tmp_dir] = /var/lib/php/$key/tmp
158     php_admin_value[sys_temp_dir] = /var/lib/php/$key/tmp
159     -php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
160     +php_admin_value[mail.force_extra_parameters] = '-f $MailForceSender'
161     php_admin_flag[display_errors] = off
162     php_admin_value[error_reporting] =E_ERROR | E_WARNING | E_PARSE
163     php_admin_value[error_log] = /var/log/$key/error.log
164     diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/rsyslog.conf/32horde smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/rsyslog.conf/32horde
165     --- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/rsyslog.conf/32horde 2021-03-10 01:11:22.720000000 -0500
166     +++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/rsyslog.conf/32horde 2021-03-10 16:15:42.922000000 -0500
167     @@ -1,4 +1,7 @@
168     # horde logging
169     +# first remove noise with php base dir
170     +if $programname == "HORDE" and $msg contains '/home/e-smith/.pearrc' then stop
171     +if $programname == "HORDE" and $msg contains '/gpg) is not within the allowed path' then stop
172     :programname, isequal, "HORDE" /var/log/horde/error.log
173     :programname, isequal, "HORDE" stop
174     if $msg contains 'DIGEST-MD5 common mech free' then stop
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed