Projects
Kolab:16
guam
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 12
View file
guam.spec
Changed
@@ -30,6 +30,7 @@ Source0: guam-%{version}.tar.gz +Patch0001: guam-0.8.2-T1345.patch Patch9991: guam-0.8.2-relax-dependencies.patch BuildRequires: erlang >= 17.4 @@ -98,6 +99,7 @@ %prep %setup -q +%patch0001 -p1 %patch9991 -p1 %build @@ -209,7 +211,10 @@ /opt/%{realname}/ %changelog -* Wed Jul 6 2016 Aaron Seigo <seigo@kolabsystems.com> - 0.8.2-1 +* Fri Jul 8 2016 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 0.8.2-2 +- Fix T1345 + +* Wed Jul 6 2016 Aaron Seigo <seigo@kolabsystems.com> - 0.8.2-1 - Release of version 0.8.2 * Tue Jul 5 2016 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 0.8.1-1
View file
guam-0.8.2-T1345.patch
Added
@@ -0,0 +1,135 @@ +diff --git a/CHANGELOG.md b/CHANGELOG.md +index 5f04931..4c0e9c0 100644 +--- a/CHANGELOG.md ++++ b/CHANGELOG.md +@@ -13,6 +13,24 @@ This project adheres to [Semantic Versioning](http://semver.org/). + ### Fixed + ### Security + ++## [0.8.2] - 2016-07-08 ++### Added ++- listener_pool_size configuration option for listeners ++### Changed ++- Default size of listener pool drops to 10 from 20 ++- Rate limit (by introducing a short wait) connection accept()s ++### Fixed ++- Prevent starvation of the session pool due to clients dropping connections ++ pre-accept() ++ ++## [0.8.1] - 2016-07-06 ++### Added ++- ipv6 connections ++### Changed ++- update to eimap 0.2.5 ++### Fixed ++- Ignore non-listing LIST commands (e.g. requests for the root/separator) ++- Tidy up the server greetings + + ## [0.8.0] - 2016-06-08 + ### Added +diff --git a/apps/kolab_guam/src/kolab_guam_listener.erl b/apps/kolab_guam/src/kolab_guam_listener.erl +index e6eed61..9287eb7 100644 +--- a/apps/kolab_guam/src/kolab_guam_listener.erl ++++ b/apps/kolab_guam/src/kolab_guam_listener.erl +@@ -78,7 +78,7 @@ listen_options(Iface, Hostname, ImplicitTLS, TLSConfig) -> + + default_listen_options(true, TLSConfig) -> default_listen_options() ++ TLSConfig; + default_listen_options(_ImplicitTLS, _Config) -> default_listen_options(). +-default_listen_options() -> [ { reuseaddr, true }, {active, once }, inet6 ]. ++default_listen_options() -> [ { reuseaddr, true }, {active, false}, inet6 ]. + + create_initial_listeners(ListenerPoolSize, PID) when is_pid(PID) -> + lager:debug("Creating session pool of size ~p for listener ~p", [ListenerPoolSize, PID]), +diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl +index 2c3bc1a..4db902d 100644 +--- a/apps/kolab_guam/src/kolab_guam_session.erl ++++ b/apps/kolab_guam/src/kolab_guam_session.erl +@@ -26,7 +26,7 @@ + -export([init/1, handle_call/3, handle_cast/2, handle_info/2, terminate/2, code_change/3]). + + %% state record definition +--record(state, { socket, super_pid, tls_config = [], client_implicit_tls = false, client_tls_active = false, server_config = [], ++-record(state, { listen_socket, socket = undefined, super_pid, tls_config = [], client_implicit_tls = false, client_tls_active = false, server_config = [], + rules_active = [], rules_deciding = [], imap_session, inflator, deflator }). + + %% public API +@@ -40,18 +40,18 @@ init([SupervisorPID, ListenSocket, ServerConfig, ImplicitTLS, TLSConfig, Rules]) + ActiveRules = init_rules(Rules), + gen_server:cast(self(), accept), + %% lager:debug("Rules are ~p from ~p", [ActiveRules, Rules]), +- { ok, #state{ socket = ListenSocket, super_pid = SupervisorPID, client_implicit_tls = ImplicitTLS, tls_config = TLSConfig, server_config = ServerConfig, rules_deciding = ActiveRules } }. ++ { ok, #state{ listen_socket = ListenSocket, super_pid = SupervisorPID, client_implicit_tls = ImplicitTLS, tls_config = TLSConfig, server_config = ServerConfig, rules_deciding = ActiveRules } }. + + handle_call(_Request, _From, State) -> + { reply, ok, State }. + +-handle_cast(accept, State = #state{ socket = ListenSocket, server_config = ServerConfig }) -> ++handle_cast(accept, State = #state{ server_config = ServerConfig } = State) -> + %% try to rate limit our responses a bit here so that hammering the socket with connections is survivable + timer:sleep(3), +- { ok, AcceptSocket, TLSActive } = accept_client(ListenSocket, State), ++ { ok, AcceptSocket, TLSActive } = accept_client(State), + { ok, ImapSession } = eimap:start_link(ServerConfig), + eimap:connect(ImapSession, self(), server_hello), +- { noreply, State#state{ socket = AcceptSocket, imap_session = ImapSession, client_tls_active = TLSActive } }; ++ { noreply, State#state{ listen_socket = undefined, socket = AcceptSocket, imap_session = ImapSession, client_tls_active = TLSActive } }; + handle_cast(_Msg, State) -> + { noreply, State }. + +@@ -108,18 +108,18 @@ handle_info(Info, State) -> + lager:debug("Received unexpected info... ~p", [Info]), + { noreply, State }. + +-terminate(_Reason, #state{ inflator = Inflator, deflator = Deflator, socket = Socket, client_tls_active = TLS }) -> ++terminate(_Reason, #state{ inflator = Inflator, deflator = Deflator, socket = Socket, client_implicit_tls = ImplicitTLS, client_tls_active = TLS }) -> + %lager:debug("Termination!~p", [self()]), + close_zlib_handle(Inflator), + close_zlib_handle(Deflator), +- close_socket(TLS, Socket), ++ close_socket(ImplicitTLS, TLS, Socket), + ok. + + code_change(_OldVsn, State, _Extra) -> + { ok, State }. + + %% private API +-accept_client(ListenSocket, #state{ client_implicit_tls = true, super_pid = SupervisorPID }) -> ++accept_client(#state{ client_implicit_tls = true, listen_socket = ListenSocket, super_pid = SupervisorPID }) -> + AcceptResult = ssl:transport_accept(ListenSocket), + AcceptSocket = post_accept_bookkeeping(implicit_tls, ListenSocket, SupervisorPID, AcceptResult), + %% prep for the next listen +@@ -127,7 +127,7 @@ accept_client(ListenSocket, #state{ client_implicit_tls = true, super_pid = Supe + ok = ssl:setopts(AcceptSocket, [{ active, once }, { mode, binary }]), + % lager:info("~p All done!", [self()]), + { ok, AcceptSocket, true }; +-accept_client(ListenSocket, #state{ super_pid = SupervisorPID }) -> ++accept_client(#state{ listen_socket = ListenSocket, super_pid = SupervisorPID }) -> + AcceptResult = gen_tcp:accept(ListenSocket), + AcceptSocket = post_accept_bookkeeping(no_implicit_tls, ListenSocket, SupervisorPID, AcceptResult), + ok = inet:setopts(AcceptSocket, [{ active, once }, { mode, binary }]), +@@ -136,11 +136,6 @@ accept_client(ListenSocket, #state{ super_pid = SupervisorPID }) -> + post_accept_bookkeeping(ImplicitTls, ListenSocket, SupervisorPID, AcceptResult) -> + %% start a new accepting process to replace this one, which is now in use + supervisor:start_child(SupervisorPID, []), +- %% prep for the next listen +- case ImplicitTls of +- implicit_tls -> ok = ssl:setopts(ListenSocket, [{ active, once }, { mode, binary }]); +- _ -> ok = inet:setopts(ListenSocket, [{ active, once }]) +- end, + %% assert that the accept worked + { ok, AcceptSocket } = AcceptResult, + AcceptSocket. +@@ -148,9 +143,10 @@ post_accept_bookkeeping(ImplicitTls, ListenSocket, SupervisorPID, AcceptResult) + close_zlib_handle(undefined) -> ok; + close_zlib_handle(Z) -> zlib:close(Z). + +-close_socket(_TLS, undefined) -> ok; +-close_socket(true, Socket) -> ssl:close(Socket); +-close_socket(_TLS, Socket) -> gen_tcp:close(Socket). ++close_socket(_ImplicitTLS, _TLS, undefined) -> ok; ++close_socket(_ImplicitTLS, true, Socket) -> ssl:close(Socket); ++close_socket(true, _TLS, Socket) -> ssl:close(Socket); ++close_socket(_ImplicitTLS, _TLS, Socket) -> gen_tcp:close(Socket). + + process_client_data(Socket, Data, #state{ rules_deciding = UndecidedRules, tls_config = TLSConfig, client_tls_active = TLS, rules_active = ActiveRules, socket = Socket, imap_session = ImapSession, inflator = Inflator, deflator = Deflator, server_config = ServerConfig } = State) -> + %%TODO: multipacket input from clients
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +guam (0.8.2-2) unstable; urgency=medium + + * Fix T1345 + + -- Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Fri, 8 Jul 2016 06:06:06 +0600 + guam (0.8.2-1) unstable; urgency=medium * Release of 0.8.2
View file
debian.series
Changed
@@ -1,1 +1,2 @@ guam-0.8.2-relax-dependencies.patch -p1 +guam-0.8.2-T1345.patch -p1
View file
guam.dsc
Changed
@@ -2,7 +2,7 @@ Source: guam Binary: guam Architecture: any -Version: 0.8.2-1 +Version: 0.8.2-2 Maintainer: Christoph Erhardt <kolab@sicherha.de> Homepage: https://kolab.org/about/guam Standards-Version: 3.9.6
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.