/[smeserver]/rpms/smeserver-horde/sme10/smeserver-horde-1.0.0-bz10945-bz11443-bz11433-bz11431.patch
ViewVC logotype

Contents of /rpms/smeserver-horde/sme10/smeserver-horde-1.0.0-bz10945-bz11443-bz11433-bz11431.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Mar 10 21:37:12 2021 UTC (3 years, 8 months ago) by jpp
Branch: MAIN
CVS Tags: smeserver-horde-1_0_0-33_el7_sme, smeserver-horde-1_0_0-27_el7_sme, smeserver-horde-1_0_0-25_el7_sme, smeserver-horde-1_0_0-26_el7_sme, smeserver-horde-1_0_0-29_el7_sme, smeserver-horde-1_0_0-30_el7_sme, smeserver-horde-1_0_0-35_el7_sme, smeserver-horde-1_0_0-32_el7_sme, smeserver-horde-1_0_0-28_el7_sme, smeserver-horde-1_0_0-31_el7_sme, smeserver-horde-1_0_0-34_el7_sme, HEAD
* Wed Mar 10 2021 Jean-Philipe Pialasse <tests@pialasse.com> 1.0.0-25.sme
- apply the configuration hash of [SME: 11308]
- improved php basedir, with filtering of noise for gpg [SME: 10945]
- force SSL for horde [SME: 11443]
- fix horde not honoring switch to php-fpm 5.4 [SME: 11433]
- update mail settings for the php-pool [SME: 11431]

1 diff -Nur --no-dereference smeserver-horde-1.0.0.old/createlinks smeserver-horde-1.0.0/createlinks
2 --- smeserver-horde-1.0.0.old/createlinks 2021-03-10 01:11:22.732000000 -0500
3 +++ smeserver-horde-1.0.0/createlinks 2021-03-10 02:00:28.856000000 -0500
4 @@ -219,7 +219,7 @@
5 "/etc/httpd/conf/httpd.conf",
6 $event);
7
8 -foreach $service ( qw(php55-php-fpm php56-php-fpm php70-php-fpm php71-php-fpm php72-php-fpm php73-php-fpm php74-php-fpm) ){
9 +foreach $service ( qw(php-fpm php55-php-fpm php56-php-fpm php70-php-fpm php71-php-fpm php72-php-fpm php73-php-fpm php74-php-fpm) ){
10 safe_symlink("reload-or-restart", "root/etc/e-smith/events/".($event, qw(email-update) )."/services2adjust/$service");
11 }
12
13 diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/defaults/imp/access smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/defaults/imp/access
14 --- smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/defaults/imp/access 2005-03-15 10:17:45.000000000 -0500
15 +++ smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/defaults/imp/access 1969-12-31 19:00:00.000000000 -0500
16 @@ -1 +0,0 @@
17 -SSL
18 diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/migrate/50horde smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/migrate/50horde
19 --- smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/migrate/50horde 1969-12-31 19:00:00.000000000 -0500
20 +++ smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/migrate/50horde 2021-03-10 16:15:43.427000000 -0500
21 @@ -0,0 +1,7 @@
22 +{
23 + #remove access entry for imp as we only accept SSL now
24 + $DB->get_prop_and_delete( 'imp', 'access' );
25 +
26 +
27 +
28 +}
29 diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess
30 --- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess 2021-03-10 01:11:22.695000000 -0500
31 +++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess 2021-03-10 16:15:42.154000000 -0500
32 @@ -16,6 +16,7 @@
33 $OUT .= qq(
34 # Horde specific configuration files.
35 <Directory /usr/share/horde/>
36 + SSLRequireSSL
37 <FilesMatch "test.php\$">
38 Order Deny,Allow
39 Deny from all
40 @@ -46,10 +47,14 @@
41 }
42 else
43 {
44 + my $c = esmith::ConfigDB->open_ro || die "Couldn't open the config database";
45 + my $version = PhpFpmVersionToUse($c->get('horde'),'72');
46 $OUT .= qq(
47 SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
48 - <FilesMatch \.php\$>
49 - SetHandler "proxy:unix:/var/run/php-fpm/horde.sock|fcgi://localhost"
50 + <FilesMatch \\.php\$>
51 + <If "-f \%\{SCRIPT_FILENAME\}">
52 + SetHandler "proxy:unix:/var/run/php-fpm/php$version-horde.sock|fcgi://localhost"
53 + </If>
54 </FilesMatch>
55 RewriteEngine On
56 RewriteCond %{REQUEST_FILENAME} !-d
57 diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases
58 --- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases 2021-03-10 01:11:22.715000000 -0500
59 +++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases 2021-03-10 16:15:42.400000000 -0500
60 @@ -3,7 +3,6 @@
61
62 $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no';
63 my $webmailStatus = $imp{'status'} || "disabled";
64 - my $webmailAccessType = $imp{'access'} || "SSL";
65
66 my $dirs;
67 $dirs{horde} = '/usr/share/horde';
68 @@ -14,7 +13,7 @@
69
70 foreach $place ('webmail','horde')
71 {
72 - if (($port eq "$httpPort") && ($haveSSL eq 'yes') && ($webmailAccessType eq 'SSL'))
73 + if (($port eq "$httpPort") && ($haveSSL eq 'yes') )
74 {
75 my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort";
76 $OUT .= " RewriteRule ^/$place(/.*|\$) https://%{HTTP_HOST}${portspec}/$place\$1 [L,R]\n";
77 diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases
78 --- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases 2021-03-10 01:11:22.715000000 -0500
79 +++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases 2021-03-10 16:15:42.662000000 -0500
80 @@ -1,13 +1,12 @@
81 {
82 $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no';
83 my $webmailStatus = $imp{'status'} || "disabled";
84 - my $webmailAccessType = $imp{'access'} || "SSL";
85 my $syncStatus = $horde{'ActiveSync'} || "disabled";
86
87 return " # ActiveSync is disabled"
88 unless $webmailStatus eq 'enabled' && $syncStatus eq 'enabled';
89
90 - if (($port eq "$httpPort") && ($syncStatus eq 'enabled') && ($haveSSL eq 'yes') && ($webmailAccessType eq 'SSL'))
91 + if (($port eq "$httpPort") && ($syncStatus eq 'enabled') && ($haveSSL eq 'yes') )
92 {
93 my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort";
94 $OUT .= " RewriteRule ^/Microsoft-Server-ActiveSync(/.*|\$) https://%{HTTP_HOST}${portspec}/webmail/rpc.php\$1 [L,R]\n";
95 diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde
96 --- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde 2021-03-10 01:11:22.711000000 -0500
97 +++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde 2021-03-10 16:15:41.907000000 -0500
98 @@ -1,9 +1,10 @@
99 {
100 -use esmith::ConfigDB;
101 -my $c = esmith::ConfigDB->open_ro || die "Couldn't opeen the configuration database\n";
102 -my $horde = $c->get( "horde" );
103 + use esmith::ConfigDB;
104 + use esmith::php;
105 + my $c = esmith::ConfigDB->open_ro || die "Couldn't opeen the configuration database\n";
106 + my $horde = $c->get( "horde" );
107
108 - my $version = $horde->prop('PHPVersion') || '72';
109 + my $version = PhpFpmVersionToUse($horde,"72"); #$horde->prop('PHPVersion') || '72';
110 my $status = $horde->prop('status') || 'disabled';
111 return unless ($status eq 'enabled' && $version eq $PHP_VERSION);
112 my $key = $horde->key;
113 @@ -15,17 +16,26 @@
114 my $post_max_size = $horde->prop('PHPPostMaxSize') || '10M';
115 my $upload_max_filesize = $horde->prop('PHPUploadMaxFilesize') || '10M';
116 my $file_upload = $horde->prop('PHPFileUpload') || 'enabled';
117 - my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data:/usr/share/php";
118 + my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data/:/usr/share/php".
119 + ":/opt/remi/php55/root/usr/share/pear-data/:/opt/remi/php56/root/usr/share/pear-data/".
120 + ":/opt/remi/php70/root/usr/share/pear-data/:/opt/remi/php71/root/usr/share/pear-data/:/opt/remi/php72/root/usr/share/pear-data/: /opt/remi/php73/root/usr/share/pear-data/: /opt/remi/php74/root/usr/share/pear-data/".
121 + ":/opt/remi/php55/root/usr/share/pear/:/opt/remi/php56/root/usr/share/pear/".
122 + ":/opt/remi/php70/root/usr/share/pear/:/opt/remi/php71/root/usr/share/pear/:/opt/remi/php72/root/usr/share/pear/: /opt/remi/php73/root/usr/share/pear/: /opt/remi/php74/root/usr/share/pear/" ;
123 my $open_basedir = $horde->prop('PHPBaseDir') || '/usr/share/horde' .
124 - ':/etc/horde/' .
125 - ':/var/lib/php/' . $key .
126 - ":$include_path" .
127 - ":/etc/resolv.conf".
128 - ":/usr/bin/gpg" ;
129 + ':/etc/horde/' .
130 + ':/var/lib/php/' . $key .
131 + ":$include_path" .
132 + ":/etc/resolv.conf".
133 + ":/usr/bin/gpg:/usr/bin/gpg2:/usr/bin/hunspell:/usr/bin/openssl:/home/e-smith/ssl.crt/:/usr/bin/convert:/usr/bin/identify:/usr/bin/misc/magic".
134 + ":/usr/bin/quota:/bin/grep:/etc/mtab";
135 + # needed for php-fpm 5.4, does not seem to handle the sys_temp_dir
136 + # not that a security concern as systemd use a rooted /tmp
137 + $open_basedir .= ":/tmp/" if $version eq "";
138 my $disabled_functions = $horde->prop('PHPDisabledFunctions') || 'system,show_source,' .
139 'symlink,exec,dl,shell_exec,' .
140 'passthru,phpinfo,' .
141 'escapeshellarg,escapeshellcmd';
142 + my $MailForceSender = $horde->prop('MailForceSender') || "$name\@$DomainName";
143 # Format vars
144 $file_upload = ($file_upload =~ m/^1|yes|on|enabled$/) ? 'on' : 'off';
145 $allow_url_fopen = "off" ; # ($allow_url_fopen =~ m/^1|yes|on|enabled$/) ? 'on' : 'off';
146 @@ -40,7 +50,7 @@
147 listen.owner = root
148 listen.group = www
149 listen.mode = 0660
150 -listen = /var/run/php-fpm/$pool_name.sock
151 +listen = /var/run/php-fpm/php$version-$pool_name.sock
152 pm = dynamic
153 pm.max_children = 15
154 pm.start_servers = 3
155 @@ -52,7 +62,7 @@
156 php_admin_value[opcache.file_cache] = /var/lib/php/$key/opcache
157 php_admin_value[upload_tmp_dir] = /var/lib/php/$key/tmp
158 php_admin_value[sys_temp_dir] = /var/lib/php/$key/tmp
159 -php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
160 +php_admin_value[mail.force_extra_parameters] = '-f $MailForceSender'
161 php_admin_flag[display_errors] = off
162 php_admin_value[error_reporting] =E_ERROR | E_WARNING | E_PARSE
163 php_admin_value[error_log] = /var/log/$key/error.log
164 diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/rsyslog.conf/32horde smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/rsyslog.conf/32horde
165 --- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/rsyslog.conf/32horde 2021-03-10 01:11:22.720000000 -0500
166 +++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/rsyslog.conf/32horde 2021-03-10 16:15:42.922000000 -0500
167 @@ -1,4 +1,7 @@
168 # horde logging
169 +# first remove noise with php base dir
170 +if $programname == "HORDE" and $msg contains '/home/e-smith/.pearrc' then stop
171 +if $programname == "HORDE" and $msg contains '/gpg) is not within the allowed path' then stop
172 :programname, isequal, "HORDE" /var/log/horde/error.log
173 :programname, isequal, "HORDE" stop
174 if $msg contains 'DIGEST-MD5 common mech free' then stop

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed