1 |
diff -Nur --no-dereference smeserver-horde-1.0.0.old/createlinks smeserver-horde-1.0.0/createlinks |
2 |
--- smeserver-horde-1.0.0.old/createlinks 2021-03-10 01:11:22.732000000 -0500 |
3 |
+++ smeserver-horde-1.0.0/createlinks 2021-03-10 02:00:28.856000000 -0500 |
4 |
@@ -219,7 +219,7 @@ |
5 |
"/etc/httpd/conf/httpd.conf", |
6 |
$event); |
7 |
|
8 |
-foreach $service ( qw(php55-php-fpm php56-php-fpm php70-php-fpm php71-php-fpm php72-php-fpm php73-php-fpm php74-php-fpm) ){ |
9 |
+foreach $service ( qw(php-fpm php55-php-fpm php56-php-fpm php70-php-fpm php71-php-fpm php72-php-fpm php73-php-fpm php74-php-fpm) ){ |
10 |
safe_symlink("reload-or-restart", "root/etc/e-smith/events/".($event, qw(email-update) )."/services2adjust/$service"); |
11 |
} |
12 |
|
13 |
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/defaults/imp/access smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/defaults/imp/access |
14 |
--- smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/defaults/imp/access 2005-03-15 10:17:45.000000000 -0500 |
15 |
+++ smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/defaults/imp/access 1969-12-31 19:00:00.000000000 -0500 |
16 |
@@ -1 +0,0 @@ |
17 |
-SSL |
18 |
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/migrate/50horde smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/migrate/50horde |
19 |
--- smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/migrate/50horde 1969-12-31 19:00:00.000000000 -0500 |
20 |
+++ smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/migrate/50horde 2021-03-10 16:15:43.427000000 -0500 |
21 |
@@ -0,0 +1,7 @@ |
22 |
+{ |
23 |
+ #remove access entry for imp as we only accept SSL now |
24 |
+ $DB->get_prop_and_delete( 'imp', 'access' ); |
25 |
+ |
26 |
+ |
27 |
+ |
28 |
+} |
29 |
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess |
30 |
--- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess 2021-03-10 01:11:22.695000000 -0500 |
31 |
+++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess 2021-03-10 16:15:42.154000000 -0500 |
32 |
@@ -16,6 +16,7 @@ |
33 |
$OUT .= qq( |
34 |
# Horde specific configuration files. |
35 |
<Directory /usr/share/horde/> |
36 |
+ SSLRequireSSL |
37 |
<FilesMatch "test.php\$"> |
38 |
Order Deny,Allow |
39 |
Deny from all |
40 |
@@ -46,10 +47,14 @@ |
41 |
} |
42 |
else |
43 |
{ |
44 |
+ my $c = esmith::ConfigDB->open_ro || die "Couldn't open the config database"; |
45 |
+ my $version = PhpFpmVersionToUse($c->get('horde'),'72'); |
46 |
$OUT .= qq( |
47 |
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1 |
48 |
- <FilesMatch \.php\$> |
49 |
- SetHandler "proxy:unix:/var/run/php-fpm/horde.sock|fcgi://localhost" |
50 |
+ <FilesMatch \\.php\$> |
51 |
+ <If "-f \%\{SCRIPT_FILENAME\}"> |
52 |
+ SetHandler "proxy:unix:/var/run/php-fpm/php$version-horde.sock|fcgi://localhost" |
53 |
+ </If> |
54 |
</FilesMatch> |
55 |
RewriteEngine On |
56 |
RewriteCond %{REQUEST_FILENAME} !-d |
57 |
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases |
58 |
--- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases 2021-03-10 01:11:22.715000000 -0500 |
59 |
+++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases 2021-03-10 16:15:42.400000000 -0500 |
60 |
@@ -3,7 +3,6 @@ |
61 |
|
62 |
$haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no'; |
63 |
my $webmailStatus = $imp{'status'} || "disabled"; |
64 |
- my $webmailAccessType = $imp{'access'} || "SSL"; |
65 |
|
66 |
my $dirs; |
67 |
$dirs{horde} = '/usr/share/horde'; |
68 |
@@ -14,7 +13,7 @@ |
69 |
|
70 |
foreach $place ('webmail','horde') |
71 |
{ |
72 |
- if (($port eq "$httpPort") && ($haveSSL eq 'yes') && ($webmailAccessType eq 'SSL')) |
73 |
+ if (($port eq "$httpPort") && ($haveSSL eq 'yes') ) |
74 |
{ |
75 |
my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort"; |
76 |
$OUT .= " RewriteRule ^/$place(/.*|\$) https://%{HTTP_HOST}${portspec}/$place\$1 [L,R]\n"; |
77 |
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases |
78 |
--- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases 2021-03-10 01:11:22.715000000 -0500 |
79 |
+++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases 2021-03-10 16:15:42.662000000 -0500 |
80 |
@@ -1,13 +1,12 @@ |
81 |
{ |
82 |
$haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no'; |
83 |
my $webmailStatus = $imp{'status'} || "disabled"; |
84 |
- my $webmailAccessType = $imp{'access'} || "SSL"; |
85 |
my $syncStatus = $horde{'ActiveSync'} || "disabled"; |
86 |
|
87 |
return " # ActiveSync is disabled" |
88 |
unless $webmailStatus eq 'enabled' && $syncStatus eq 'enabled'; |
89 |
|
90 |
- if (($port eq "$httpPort") && ($syncStatus eq 'enabled') && ($haveSSL eq 'yes') && ($webmailAccessType eq 'SSL')) |
91 |
+ if (($port eq "$httpPort") && ($syncStatus eq 'enabled') && ($haveSSL eq 'yes') ) |
92 |
{ |
93 |
my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort"; |
94 |
$OUT .= " RewriteRule ^/Microsoft-Server-ActiveSync(/.*|\$) https://%{HTTP_HOST}${portspec}/webmail/rpc.php\$1 [L,R]\n"; |
95 |
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde |
96 |
--- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde 2021-03-10 01:11:22.711000000 -0500 |
97 |
+++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde 2021-03-10 16:15:41.907000000 -0500 |
98 |
@@ -1,9 +1,10 @@ |
99 |
{ |
100 |
-use esmith::ConfigDB; |
101 |
-my $c = esmith::ConfigDB->open_ro || die "Couldn't opeen the configuration database\n"; |
102 |
-my $horde = $c->get( "horde" ); |
103 |
+ use esmith::ConfigDB; |
104 |
+ use esmith::php; |
105 |
+ my $c = esmith::ConfigDB->open_ro || die "Couldn't opeen the configuration database\n"; |
106 |
+ my $horde = $c->get( "horde" ); |
107 |
|
108 |
- my $version = $horde->prop('PHPVersion') || '72'; |
109 |
+ my $version = PhpFpmVersionToUse($horde,"72"); #$horde->prop('PHPVersion') || '72'; |
110 |
my $status = $horde->prop('status') || 'disabled'; |
111 |
return unless ($status eq 'enabled' && $version eq $PHP_VERSION); |
112 |
my $key = $horde->key; |
113 |
@@ -15,17 +16,26 @@ |
114 |
my $post_max_size = $horde->prop('PHPPostMaxSize') || '10M'; |
115 |
my $upload_max_filesize = $horde->prop('PHPUploadMaxFilesize') || '10M'; |
116 |
my $file_upload = $horde->prop('PHPFileUpload') || 'enabled'; |
117 |
- my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data:/usr/share/php"; |
118 |
+ my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data/:/usr/share/php". |
119 |
+ ":/opt/remi/php55/root/usr/share/pear-data/:/opt/remi/php56/root/usr/share/pear-data/". |
120 |
+ ":/opt/remi/php70/root/usr/share/pear-data/:/opt/remi/php71/root/usr/share/pear-data/:/opt/remi/php72/root/usr/share/pear-data/: /opt/remi/php73/root/usr/share/pear-data/: /opt/remi/php74/root/usr/share/pear-data/". |
121 |
+ ":/opt/remi/php55/root/usr/share/pear/:/opt/remi/php56/root/usr/share/pear/". |
122 |
+ ":/opt/remi/php70/root/usr/share/pear/:/opt/remi/php71/root/usr/share/pear/:/opt/remi/php72/root/usr/share/pear/: /opt/remi/php73/root/usr/share/pear/: /opt/remi/php74/root/usr/share/pear/" ; |
123 |
my $open_basedir = $horde->prop('PHPBaseDir') || '/usr/share/horde' . |
124 |
- ':/etc/horde/' . |
125 |
- ':/var/lib/php/' . $key . |
126 |
- ":$include_path" . |
127 |
- ":/etc/resolv.conf". |
128 |
- ":/usr/bin/gpg" ; |
129 |
+ ':/etc/horde/' . |
130 |
+ ':/var/lib/php/' . $key . |
131 |
+ ":$include_path" . |
132 |
+ ":/etc/resolv.conf". |
133 |
+ ":/usr/bin/gpg:/usr/bin/gpg2:/usr/bin/hunspell:/usr/bin/openssl:/home/e-smith/ssl.crt/:/usr/bin/convert:/usr/bin/identify:/usr/bin/misc/magic". |
134 |
+ ":/usr/bin/quota:/bin/grep:/etc/mtab"; |
135 |
+ # needed for php-fpm 5.4, does not seem to handle the sys_temp_dir |
136 |
+ # not that a security concern as systemd use a rooted /tmp |
137 |
+ $open_basedir .= ":/tmp/" if $version eq ""; |
138 |
my $disabled_functions = $horde->prop('PHPDisabledFunctions') || 'system,show_source,' . |
139 |
'symlink,exec,dl,shell_exec,' . |
140 |
'passthru,phpinfo,' . |
141 |
'escapeshellarg,escapeshellcmd'; |
142 |
+ my $MailForceSender = $horde->prop('MailForceSender') || "$name\@$DomainName"; |
143 |
# Format vars |
144 |
$file_upload = ($file_upload =~ m/^1|yes|on|enabled$/) ? 'on' : 'off'; |
145 |
$allow_url_fopen = "off" ; # ($allow_url_fopen =~ m/^1|yes|on|enabled$/) ? 'on' : 'off'; |
146 |
@@ -40,7 +50,7 @@ |
147 |
listen.owner = root |
148 |
listen.group = www |
149 |
listen.mode = 0660 |
150 |
-listen = /var/run/php-fpm/$pool_name.sock |
151 |
+listen = /var/run/php-fpm/php$version-$pool_name.sock |
152 |
pm = dynamic |
153 |
pm.max_children = 15 |
154 |
pm.start_servers = 3 |
155 |
@@ -52,7 +62,7 @@ |
156 |
php_admin_value[opcache.file_cache] = /var/lib/php/$key/opcache |
157 |
php_admin_value[upload_tmp_dir] = /var/lib/php/$key/tmp |
158 |
php_admin_value[sys_temp_dir] = /var/lib/php/$key/tmp |
159 |
-php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName } |
160 |
+php_admin_value[mail.force_extra_parameters] = '-f $MailForceSender' |
161 |
php_admin_flag[display_errors] = off |
162 |
php_admin_value[error_reporting] =E_ERROR | E_WARNING | E_PARSE |
163 |
php_admin_value[error_log] = /var/log/$key/error.log |
164 |
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/rsyslog.conf/32horde smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/rsyslog.conf/32horde |
165 |
--- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/rsyslog.conf/32horde 2021-03-10 01:11:22.720000000 -0500 |
166 |
+++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/rsyslog.conf/32horde 2021-03-10 16:15:42.922000000 -0500 |
167 |
@@ -1,4 +1,7 @@ |
168 |
# horde logging |
169 |
+# first remove noise with php base dir |
170 |
+if $programname == "HORDE" and $msg contains '/home/e-smith/.pearrc' then stop |
171 |
+if $programname == "HORDE" and $msg contains '/gpg) is not within the allowed path' then stop |
172 |
:programname, isequal, "HORDE" /var/log/horde/error.log |
173 |
:programname, isequal, "HORDE" stop |
174 |
if $msg contains 'DIGEST-MD5 common mech free' then stop |