Projects
Kolab:Winterfell
guam
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 24
View file
guam.spec
Changed
@@ -17,8 +17,10 @@ %{!?_unitdir: %global _unitdir /usr/lib/systemd/system} +%define lock_version() %{1}%{?_isa} = %(rpm -q --queryformat "%{VERSION}" %{1}) + Name: guam -Version: 0.8 +Version: 0.8.1 Release: 0.20160219.git%{?dist} Summary: A Smart Reverse IMAP Proxy @@ -31,20 +33,6 @@ Patch9991: guam-0.8-T1312-set-HOME-environment-variable-in-sysvinit-script.patch -Patch0001: 0001-introduce-net_iface-for-listeners.patch -Patch0002: 0002-lets-start-keeping-a-changelog.patch -Patch0003: 0003-enable-ipv6-by-default.patch -Patch0004: 0004-update-this-function-for-the-data-structure-change-i.patch -Patch0005: 0005-correct-version-of-eimap-though-this-is-like-to-bump.patch -Patch0006: 0006-fix-typo.patch -Patch0007: 0007-Correct-the-actual-version-back-to-0.8.patch -Patch0008: 0008-Relax-dependency-on-lager.patch -Patch0009: 0001-make-add_starttls_to_capabilities-work-also-on-the-f.patch -Patch0010: 0006-correct-response-for-mplicit_tls-listeners.patch -Patch0011: 0007-do-a-full-OK-CAPABILITY-banner-for-all-correct_hello.patch -Patch0012: 0008-remove-AUTH-entries-put-LOGINDISABLED-if-we-put-up-a.patch -Patch0013: 0011-switch-to-triggering-on-any-list-where-the-last-two-.patch - BuildRequires: erlang >= 17.4 BuildRequires: erlang-asn1 BuildRequires: erlang-common_test @@ -79,11 +67,11 @@ Requires(pre): shadow-utils Requires(postun): shadow-utils -Requires: erlang >= 17.4 -Requires: erlang-eimap >= 0.1.2 -Requires: erlang-goldrush -Requires: erlang-lager >= 2.1.0 -Requires: erlang-lager_syslog >= 1.0.3 +Requires: %lock_version erlang +Requires: %lock_version erlang-eimap +Requires: %lock_version erlang-goldrush +Requires: %lock_version erlang-lager +Requires: %lock_version erlang-lager_syslog %if 0%{?with_systemd} %if 0%{?suse_version} @@ -113,20 +101,6 @@ %patch9991 -p1 -%patch0001 -p1 -%patch0002 -p1 -%patch0003 -p1 -%patch0004 -p1 -%patch0005 -p1 -%patch0006 -p1 -%patch0007 -p1 -%patch0008 -p1 -%patch0009 -p1 -%patch0010 -p1 -%patch0011 -p1 -%patch0012 -p1 -%patch0013 -p1 - %build rebar compile mkdir -p deps @@ -243,6 +217,9 @@ /opt/%{realname}/ %changelog +* Tue Jul 5 2016 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 0.8.1-1 +- Release of version 0.8.1 + * Fri Jun 10 2016 Aaron Seigo <seigo@kolabsystems.com> - Package version 0.8
View file
0001-introduce-net_iface-for-listeners.patch
Deleted
@@ -1,89 +0,0 @@ -From f527fde7a659f67314adb161025965b242655b83 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Tue, 5 Jan 2016 10:49:13 +0100 -Subject: [PATCH 1/8] introduce net_iface for listeners - ---- - apps/kolab_guam/src/kolab_guam_listener.erl | 17 +++++++++++++---- - docs/deployment.md | 16 ++++++++++++++-- - 2 files changed, 27 insertions(+), 6 deletions(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_listener.erl b/apps/kolab_guam/src/kolab_guam_listener.erl -index 7b7a283..c50b4b1 100644 ---- a/apps/kolab_guam/src/kolab_guam_listener.erl -+++ b/apps/kolab_guam/src/kolab_guam_listener.erl -@@ -35,11 +35,12 @@ start_link(Name, Config) -> supervisor:start_link(?MODULE, [Name, Config]). - %% gen_server API - init([Name, Config]) -> - Host = proplists:get_value(host, Config, none), -+ NetIface = proplists:get_value(net_iface, Config, none), - Port = proplists:get_value(port, Config, ?DEFAULT_IMAP_PORT), - ImplicitTLS = proplists:get_value(implicit_tls, Config, false), - TLSConfig = proplists:get_value(tls_config, Config, []), - Rules = proplists:get_value(rules, Config, []), -- Options = listen_options(Host, ImplicitTLS, TLSConfig), -+ Options = listen_options(NetIface, Host, ImplicitTLS, TLSConfig), - lager:info("Starting listener \"~p\" on port ~B (~p) with ~B rules", [Name, Port, Options, length(Rules)]), - { ok, ListenSocket } = listen(ImplicitTLS, Port, Options), - spawn_link(?MODULE, cleanup, [ListenSocket]), -@@ -55,13 +56,21 @@ init([Name, Config]) -> - imap_config(none) -> kolab_guam_sup:default_imap_server_config(); - imap_config(Backend) -> kolab_guam_sup:imap_server_config(Backend). - --listen_options(none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); --listen_options(Hostname, ImplicitTLS, TLSConfig) -> -+listen_options(none, none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); -+listen_options(none, Hostname, ImplicitTLS, TLSConfig) -> - case inet:gethostbyname(Hostname) of - { ok, { hostent, _HostName, _Unused, inet, _Ver, [IP] } } -> - [ { ip, IP } | default_listen_options(ImplicitTLS, TLSConfig) ]; - _ -> -- listen_options(none, ImplicitTLS, TLSConfig) -+ listen_options(none, none, ImplicitTLS, TLSConfig) -+ end; -+listen_options(Iface, Hostname, ImplicitTLS, TLSConfig) -> -+ { ok, Ifaces } = inet:getifaddrs(), -+ case proplists:get_value(Iface, Ifaces) of -+ undefined -> listen_options(none, Hostname, ImplicitTLS, TLSConfig); -+ Info -> Addr = proplists:get_value(addr, Info, none), -+ lager:info("YEAH! ~p", [Addr]), -+ listen_options(none, Addr, ImplicitTLS, TLSConfig) - end. - - default_listen_options(true, TLSConfig) -> [ { reuseaddr, true }, {active, once } | TLSConfig ]; -diff --git a/docs/deployment.md b/docs/deployment.md -index 33cd450..484d0ed 100644 ---- a/docs/deployment.md -+++ b/docs/deployment.md -@@ -84,14 +84,26 @@ contains the configuration specifics. Example: - { rules, [ { filter_groupware, [] } ] }, - { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } - ] -+ }, -+ { default, [ -+ { net_iface, "eth0" }, -+ { port, 1993 }, -+ { imap_server, default }, -+ { implicit_tls, true }, -+ { rules, [ { filter_groupware, [] } ] }, -+ { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } -+ ] - } - } - - The host entry is optional, and is used to bind the connection to a specific --network interface. Leaving it empty will cause Guam to bind to the port accross -+network interface by ip address. Alternatively, the net_iface may be defined and -+guam will attempt to bind to an address on that network device. net_iface overrides -+host, though host will be used as a fallback if net_iface does not produce a network -+interface. Leaving host and net_iface empty will cause Guam to bind to the port accross - all network interfaces available to it. - --port defines the port it is listening on. -+port defines the port the listener is active on. - - imap_server refers to the entry in the imap_servers block. If not provided, the - default entry in the imap_servers configuration is used. --- -2.5.5 -
View file
0001-make-add_starttls_to_capabilities-work-also-on-the-f.patch
Deleted
@@ -1,37 +0,0 @@ -From f1df1fe2766912652a57c4c2cc1706e8eecf529f Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Tue, 28 Jun 2016 08:47:19 +0200 -Subject: [PATCH] make add_starttls_to_capabilities work also on the first - hello response - -.. which does not have a CAPABILITIES clause. do try to be put it after the -the IMAP4v1 clause, though, for neatness ---- - apps/kolab_guam/src/kolab_guam_session.erl | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index 9439018..1f3869b 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -296,7 +296,16 @@ ensure_hello_has_starttls(ServerResponse) -> - - add_starttls_to_capabilities(ServerHello) -> - case binary:match(ServerHello, <<"CAPABILITY ">>) of -- nomatch -> ServerHello; -+ nomatch -> add_starttls_after_imap4_atom(ServerHello); -+ { Start, End } -> -+ Prefix = binary:part(ServerHello, 0, Start + End), -+ Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), -+ <<Prefix/binary, "STARTTLS ", Suffix/binary>> -+ end. -+ -+add_starttls_after_imap4_atom(ServerHello) -> -+ case binary:match(ServerHello, <<"IMAP4rev1 ">>) of -+ nomatch -> <<"STARTTLS ", ServerHello/binary>>; - { Start, End } -> - Prefix = binary:part(ServerHello, 0, Start + End), - Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), --- -2.5.5 -
View file
0002-lets-start-keeping-a-changelog.patch
Deleted
@@ -1,44 +0,0 @@ -From fde09ae6dd5b38642d8712893f39066d8f4f2091 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 13 Jun 2016 10:28:02 +0200 -Subject: [PATCH 2/8] lets start keeping a changelog - ---- - CHANGELOG.md | 25 +++++++++++++++++++++++++ - 1 file changed, 25 insertions(+) - create mode 100644 CHANGELOG.md - -diff --git a/CHANGELOG.md b/CHANGELOG.md -new file mode 100644 -index 0000000..5f04931 ---- /dev/null -+++ b/CHANGELOG.md -@@ -0,0 +1,25 @@ -+# Changelog -+All notable changes to this project will be documented in this file. -+ -+This project adheres to [Semantic Versioning](http://semver.org/). -+ -+## [Unreleased] -+### Added -+- bind to a network interface (rather than an IP/host) with net_iface -+### Changed -+- upgraded build to rebar3 -+### Deprecated -+### Removed -+### Fixed -+### Security -+ -+ -+## [0.8.0] - 2016-06-08 -+### Added -+- systemd service module -+- sysv init script -+### Changed -+- Upgraded eimap to 0.2.4 -+### Fixed -+- Support more variations of the LIST command args in the filter_groupware rule -+ --- -2.5.5 -
View file
0003-enable-ipv6-by-default.patch
Deleted
@@ -1,51 +0,0 @@ -From 86b9e66beabe4b61e7d091b8df7ad30e293c0cca Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 20 Jun 2016 12:20:06 +0200 -Subject: [PATCH 3/8] enable ipv6 by default - -Summary: -Set the listen socket to ipv6 mode always - -Tested and works with ipv4 addresses as well - -Reviewers: #guam_developers, vanmeeuwen - -Reviewed By: vanmeeuwen - -Differential Revision: https://git.kolab.org/D185 ---- - apps/kolab_guam/src/kolab_guam_listener.erl | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_listener.erl b/apps/kolab_guam/src/kolab_guam_listener.erl -index c50b4b1..ebb0c99 100644 ---- a/apps/kolab_guam/src/kolab_guam_listener.erl -+++ b/apps/kolab_guam/src/kolab_guam_listener.erl -@@ -56,6 +56,7 @@ init([Name, Config]) -> - imap_config(none) -> kolab_guam_sup:default_imap_server_config(); - imap_config(Backend) -> kolab_guam_sup:imap_server_config(Backend). - -+-spec listen_options(Iface :: string(), Hostname :: string(), ImplicitTLS :: boolean(), TLSConfig :: list()) -> list(). - listen_options(none, none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); - listen_options(none, Hostname, ImplicitTLS, TLSConfig) -> - case inet:gethostbyname(Hostname) of -@@ -69,12 +70,13 @@ listen_options(Iface, Hostname, ImplicitTLS, TLSConfig) -> - case proplists:get_value(Iface, Ifaces) of - undefined -> listen_options(none, Hostname, ImplicitTLS, TLSConfig); - Info -> Addr = proplists:get_value(addr, Info, none), -- lager:info("YEAH! ~p", [Addr]), -+ %lager:info("YEAH! ~p", [Addr]), - listen_options(none, Addr, ImplicitTLS, TLSConfig) - end. - --default_listen_options(true, TLSConfig) -> [ { reuseaddr, true }, {active, once } | TLSConfig ]; --default_listen_options(_ImplicitTLS, _Config) -> [ { active, once }, { reuseaddr, true } ]. -+default_listen_options(true, TLSConfig) -> default_listen_options() ++ TLSConfig; -+default_listen_options(_ImplicitTLS, _Config) -> default_listen_options(). -+default_listen_options() -> [ { reuseaddr, true }, {active, once }, inet6 ]. - - create_initial_listeners(PID) when is_pid(PID) -> - lager:debug("Creating session pool for listener ~p", [PID]), --- -2.5.5 -
View file
0004-update-this-function-for-the-data-structure-change-i.patch
Deleted
@@ -1,27 +0,0 @@ -From 130349adeef36dcbcf65e5435d16e66974f60804 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 20 Jun 2016 13:31:59 +0200 -Subject: [PATCH 4/8] update this function for the data structure change in - eimap 0.2 - ---- - apps/kolab_guam/src/kolab_guam_session.erl | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index 60a28cb..69e239c 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -303,7 +303,8 @@ add_starttls_to_capabilities(ServerHello) -> - <<Prefix/binary, "STARTTLS ", Suffix/binary>> - end. - --ensure_hello_does_not_have_starttls(ServerHello) -> -+ensure_hello_does_not_have_starttls(ServerResponse) -> -+ ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), - case binary:match(ServerHello, <<"STARTTLS">>) of - nomatch -> ServerHello; - { Start, End } -> --- -2.5.5 -
View file
0005-correct-version-of-eimap-though-this-is-like-to-bump.patch
Deleted
@@ -1,26 +0,0 @@ -From 1341368e92efcda4d98d0a12a61ce14a102c324b Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 20 Jun 2016 16:57:34 +0200 -Subject: [PATCH 5/8] correct version of eimap (though this is like to bump - again to 0.2.5) - ---- - rebar.config | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rebar.config b/rebar.config -index bd55f4e..3dafb5a 100644 ---- a/rebar.config -+++ b/rebar.config -@@ -5,7 +5,7 @@ - { deps, [ - { lager, "(2.0|2.1|2.2).*", { git, "git://github.com/basho/lager.git", { tag, "2.2.0" } } }, - { lager_syslog, "2.*", { git, "git://github.com/basho/lager_syslog.git", { tag, "2.1.3" } } }, -- { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.2" } } } -+ { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.4" } } } - %% pull in the proper version of meck before jobs 0.3 gets around to pulling in the wrong version - ] - }. --- -2.5.5 -
View file
0006-correct-response-for-mplicit_tls-listeners.patch
Deleted
@@ -1,58 +0,0 @@ -From 18bd1abb8a1221b16b2ec53641b07d8ef49130ea Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Fri, 1 Jul 2016 12:40:04 +0200 -Subject: [PATCH 6/8] correct response for mplicit_tls listeners - ---- - apps/kolab_guam/src/kolab_guam_session.erl | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index 1f3869b..df195a1 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -71,8 +71,8 @@ handle_info({ tcp, Socket, Data }, #state{ client_tls_active = false } = State) - handle_info({ ssl, Socket, Data }, State) -> - %lager:debug("Data coming in from client over SSL, ~p", [Data]), - process_client_data(Socket, Data, State); --handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_tls_active = TLSActive, deflator = Deflator } = State) -> -- CorrectedHello = correct_hello(TLSActive, TLSConfig, ServerHello), -+handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_implicit_tls = ImplicitTLS, client_tls_active = TLSActive, deflator = Deflator } = State) -> -+ CorrectedHello = correct_hello(TLSActive, ImplicitTLS, TLSConfig, ServerHello), - eimap:start_passthrough(ImapSession, self()), - relay_response(Socket, postprocess_server_data(Deflator, <<CorrectedHello/binary, "\r\n">>), TLSActive), - { noreply, State }; -@@ -275,18 +275,26 @@ start_client_compression(Socket, TLS, Tag) -> - set_socket_active(true, Socket) -> ssl:setopts(Socket, [{ active, once }]); - set_socket_active(_, Socket) -> inet:setopts(Socket, [{ active, once }]). - ---spec correct_hello(TLSActive :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). --correct_hello(true, _TLSConfig, ServerHello) -> -+-spec correct_hello(TLSActive :: true | false, ImplicitTLS :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). -+correct_hello(true, true, _TLSConfig, ServerHello) -> -+ % the connection is already secured, so don't advertise starttls to the client -+ build_hello_for_implicit_tls(ServerHello); -+correct_hello(true, _ImplicitTLS, _TLSConfig, ServerHello) -> - % the connection is already secured, so don't advertise starttls to the client - ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSActive, [], ServerHello) -> -+correct_hello(_TLSActive, _ImplicitTLS, [], ServerHello) -> - % guam does not have a TLS config and so can not provide TLS to the client - ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSActive, _TLSConfig, ServerHello) -> -+correct_hello(_TLSActive, _ImplicitTLS, _TLSConfig, ServerHello) -> - % guam has a TLS config, and it is not currently active, so make sure to include - % STARTTLS in our response regardless of what the backend says - ensure_hello_has_starttls(ServerHello). - -+build_hello_for_implicit_tls(ServerResponse) -> -+ NoTLSCapabilities = ensure_hello_does_not_have_starttls(ServerResponse), -+ ServerIdent = proplists:get_value(server_id, ServerResponse, <<>>), -+ <<"* OK [CAPABILITIES ", NoTLSCapabilities/binary, "] ", ServerIdent/binary>>. -+ - ensure_hello_has_starttls(ServerResponse) -> - ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), - case binary:match(ServerHello, <<"STARTTLS">>) of --- -2.5.5 -
View file
0006-fix-typo.patch
Deleted
@@ -1,25 +0,0 @@ -From 06f22152fbb0daf5b1d5cc471cf5de5c587246f7 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 20 Jun 2016 16:57:58 +0200 -Subject: [PATCH 6/8] fix typo - ---- - apps/kolab_guam/src/kolab_guam_session.erl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index 69e239c..9439018 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -282,7 +282,7 @@ correct_hello(true, _TLSConfig, ServerHello) -> - correct_hello(_TLSActive, [], ServerHello) -> - % guam does not have a TLS config and so can not provide TLS to the client - ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSAcive, _TLSConfig, ServerHello) -> -+correct_hello(_TLSActive, _TLSConfig, ServerHello) -> - % guam has a TLS config, and it is not currently active, so make sure to include - % STARTTLS in our response regardless of what the backend says - ensure_hello_has_starttls(ServerHello). --- -2.5.5 -
View file
0007-Correct-the-actual-version-back-to-0.8.patch
Deleted
@@ -1,25 +0,0 @@ -From 1d277e7bf8225600a31413165e9d5ec3cc36a74a Mon Sep 17 00:00:00 2001 -From: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com> -Date: Mon, 27 Jun 2016 15:14:52 +0200 -Subject: [PATCH 7/8] Correct the actual version back to 0.8 - ---- - rel/reltool.config | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rel/reltool.config b/rel/reltool.config -index 1ece54f..298f1ac 100644 ---- a/rel/reltool.config -+++ b/rel/reltool.config -@@ -4,7 +4,7 @@ - {lib_dirs, ["../deps"]}, - {erts, [{mod_cond, derived}, {app_file, strip}]}, - {app_file, strip}, -- {rel, "kolab_guam", "0.9", -+ {rel, "kolab_guam", "0.8", - [ - kernel, - stdlib, --- -2.5.5 -
View file
0007-do-a-full-OK-CAPABILITY-banner-for-all-correct_hello.patch
Deleted
@@ -1,62 +0,0 @@ -From 75ce99f2226438cab4cf57cb8b7dbbe6e4d22885 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Fri, 1 Jul 2016 12:44:09 +0200 -Subject: [PATCH 7/8] do a full "* OK [CAPABILITY" banner for all correct_hello - paths - ---- - apps/kolab_guam/src/kolab_guam_session.erl | 25 +++++++++++-------------- - 1 file changed, 11 insertions(+), 14 deletions(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index df195a1..fb9c72b 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -73,8 +73,10 @@ handle_info({ ssl, Socket, Data }, State) -> - process_client_data(Socket, Data, State); - handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_implicit_tls = ImplicitTLS, client_tls_active = TLSActive, deflator = Deflator } = State) -> - CorrectedHello = correct_hello(TLSActive, ImplicitTLS, TLSConfig, ServerHello), -+ ServerIdent = proplists:get_value(server_id, ServerHello, <<>>), -+ FullGreeting = <<"* OK [CAPABILITIES ", CorrectedHello/binary, "] ", ServerIdent/binary, "\r\n">>, - eimap:start_passthrough(ImapSession, self()), -- relay_response(Socket, postprocess_server_data(Deflator, <<CorrectedHello/binary, "\r\n">>), TLSActive), -+ relay_response(Socket, postprocess_server_data(Deflator, FullGreeting), TLSActive), - { noreply, State }; - handle_info({ { rule_data, Module, ResponseToken }, Data }, #state{ rules_active = ActiveRules } = State) -> - %lager:debug("Got back data requested by rule ~p: ~p", [Module, Data]), -@@ -276,24 +278,19 @@ set_socket_active(true, Socket) -> ssl:setopts(Socket, [{ active, once }]); - set_socket_active(_, Socket) -> inet:setopts(Socket, [{ active, once }]). - - -spec correct_hello(TLSActive :: true | false, ImplicitTLS :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). --correct_hello(true, true, _TLSConfig, ServerHello) -> -+correct_hello(true, true, _TLSConfig, ServerResponse) -> - % the connection is already secured, so don't advertise starttls to the client -- build_hello_for_implicit_tls(ServerHello); --correct_hello(true, _ImplicitTLS, _TLSConfig, ServerHello) -> -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(true, _ImplicitTLS, _TLSConfig, ServerResponse) -> - % the connection is already secured, so don't advertise starttls to the client -- ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSActive, _ImplicitTLS, [], ServerHello) -> -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(_TLSActive, _ImplicitTLS, [], ServerResponse) -> - % guam does not have a TLS config and so can not provide TLS to the client -- ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSActive, _ImplicitTLS, _TLSConfig, ServerHello) -> -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(_TLSActive, _ImplicitTLS, _TLSConfig, ServerResponse) -> - % guam has a TLS config, and it is not currently active, so make sure to include - % STARTTLS in our response regardless of what the backend says -- ensure_hello_has_starttls(ServerHello). -- --build_hello_for_implicit_tls(ServerResponse) -> -- NoTLSCapabilities = ensure_hello_does_not_have_starttls(ServerResponse), -- ServerIdent = proplists:get_value(server_id, ServerResponse, <<>>), -- <<"* OK [CAPABILITIES ", NoTLSCapabilities/binary, "] ", ServerIdent/binary>>. -+ ensure_hello_has_starttls(ServerResponse). - - ensure_hello_has_starttls(ServerResponse) -> - ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), --- -2.5.5 -
View file
0008-Relax-dependency-on-lager.patch
Deleted
@@ -1,25 +0,0 @@ -From 02f346fd187169b850be49ba5589234fefe4b548 Mon Sep 17 00:00:00 2001 -From: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com> -Date: Mon, 27 Jun 2016 15:15:08 +0200 -Subject: [PATCH 8/8] Relax dependency on lager - ---- - rebar.config | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rebar.config b/rebar.config -index 3dafb5a..f08d5ac 100644 ---- a/rebar.config -+++ b/rebar.config -@@ -3,7 +3,7 @@ - - { deps_dir, "deps" }. - { deps, [ -- { lager, "(2.0|2.1|2.2).*", { git, "git://github.com/basho/lager.git", { tag, "2.2.0" } } }, -+ { lager, "3.*", { git, "git://github.com/basho/lager.git" } }, - { lager_syslog, "2.*", { git, "git://github.com/basho/lager_syslog.git", { tag, "2.1.3" } } }, - { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.4" } } } - %% pull in the proper version of meck before jobs 0.3 gets around to pulling in the wrong version --- -2.5.5 -
View file
0008-remove-AUTH-entries-put-LOGINDISABLED-if-we-put-up-a.patch
Deleted
@@ -1,63 +0,0 @@ -From 4cb9fd2e94f7746e5ec05f0cd3c1c7cca895efa3 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Fri, 1 Jul 2016 13:16:16 +0200 -Subject: [PATCH 8/8] remove AUTH= entries, put LOGINDISABLED if we put up a - STARTTLS - ---- - apps/kolab_guam/src/kolab_guam_session.erl | 28 ++++++++++++++++++++++++++-- - 1 file changed, 26 insertions(+), 2 deletions(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index fb9c72b..79114b1 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -305,7 +305,8 @@ add_starttls_to_capabilities(ServerHello) -> - { Start, End } -> - Prefix = binary:part(ServerHello, 0, Start + End), - Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), -- <<Prefix/binary, "STARTTLS ", Suffix/binary>> -+ CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, -+ remove_auth_offers(CorrectHello) - end. - - add_starttls_after_imap4_atom(ServerHello) -> -@@ -314,7 +315,8 @@ add_starttls_after_imap4_atom(ServerHello) -> - { Start, End } -> - Prefix = binary:part(ServerHello, 0, Start + End), - Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), -- <<Prefix/binary, "STARTTLS ", Suffix/binary>> -+ CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, -+ remove_auth_offers(CorrectHello) - end. - - ensure_hello_does_not_have_starttls(ServerResponse) -> -@@ -327,3 +329,25 @@ ensure_hello_does_not_have_starttls(ServerResponse) -> - <<Prefix/binary, Suffix/binary>> - end. - -+remove_auth_offers(ServerHello) -> -+ case binary:match(ServerHello, <<"AUTH=">>) of -+ nomatch -> ensure_advertise_login_disabled(ServerHello); -+ { Start, End } -> -+ Prefix = binary:part(ServerHello, 0, Start), -+ Suffix = -+ case binary:match(ServerHello, <<" ">>, [{ scope, { Start, size(ServerHello) - Start } }]) of -+ nomatch -> -+ %% end of the line, so no suffix -+ <<>>; -+ { SpaceStart, SpaceEnd } -> -+ binary:part(ServerHello, SpaceStart + SpaceEnd, size(ServerHello) - SpaceStart - SpaceEnd) -+ end, -+ remove_auth_offers(<<Prefix/binary, Suffix/binary>>) -+ end. -+ -+ensure_advertise_login_disabled(ServerHello) -> -+ case binary:match(ServerHello, <<"LOGINDISABLED">>) of -+ nomatch -> <<ServerHello/binary, " LOGINDISABLED">>; -+ _ -> ServerHello -+ end. -+ --- -2.5.5 -
View file
0011-switch-to-triggering-on-any-list-where-the-last-two-.patch
Deleted
@@ -1,61 +0,0 @@ -From 7a96caca1d8f8db6f6d7bd625867d5eb292694f0 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 4 Jul 2016 09:47:46 +0200 -Subject: [PATCH 11/11] switch to triggering on any list where the last two - bytes are not "" - -if the suffix of the command is "" that means "this is not really a LIST -command, rather I am wanting the root and separator" .. otherwise known -as IMAP's poorly considered attempt at a poor man's NAMESPACE command ---- - .../src/rules/kolab_guam_rule_filter_groupware.erl | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - -diff --git a/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl b/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl -index a383ad9..49211aa 100644 ---- a/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl -+++ b/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl -@@ -27,14 +27,12 @@ new(_Config) -> #state { blacklist = undefined }. - applies(_ConnectionDetails, Buffer, State) -> - { _Tag, Command, Data } = eimap_utils:split_command_into_components(Buffer), - %lager:debug("********** Checking ...~n Command: ~s ~s", [Command, Data]), -- { apply_if_id_matches(Command, Data, State#state.trigger_commands), State }. -+ { apply_if_id_matches(Command, Data, State), State }. - - apply_to_client_message(ImapSession, Buffer, State) -> - { Tag, Command, Data } = eimap_utils:split_command_into_components(Buffer), - { Active, StateTag }= -- case lists:any(fun(T) -> (Command =:= T) andalso -- ((binary:match(Data, <<"*">>) =/= nomatch) orelse (binary:match(Data, <<"%">>) =/= nomatch)) end, -- State#state.trigger_commands) of -+ case is_triggering_command(Command, Data, State) of - true -> fetch_metadata(ImapSession, State), { true, Tag }; - _ -> { false, <<>> } - end, -@@ -55,16 +53,20 @@ imap_data(blacklist, Response, State) -> - State#state{ blacklist = Blacklist }. - - %%PRIVATE -+is_triggering_command(Command, Data, #state{ trigger_commands = TriggerCommands }) -> -+ lists:any(fun(T) -> (Command =:= T) andalso (binary:longest_common_suffix([Data, <<"\"\"">>]) =:= 2) end, -+ TriggerCommands). -+ - - fetch_metadata(none, #state{ blacklist = undefined }) -> ok; - fetch_metadata(ImapSession, #state{ blacklist = undefined }) -> - eimap:get_folder_metadata(ImapSession, self(), { rule_data, ?MODULE, blacklist }, "*", ["/shared/vendor/kolab/folder-type"]); - fetch_metadata(_ImapSession, _State) -> ok. - --apply_if_id_matches(<<"ID">>, Data, _TriggerCommands) -> -+apply_if_id_matches(<<"ID">>, Data, _State) -> - apply_if_found_kolab(binary:match(Data, <<"/Kolab">>)); --apply_if_id_matches(Command, _Data, TriggerCommands) -> -- case lists:any(fun(T) -> Command =:= T end, TriggerCommands) of -+apply_if_id_matches(Command, Data, State) -> -+ case is_triggering_command(Command, Data, State) of - true -> true; - _ -> notyet - end. --- -2.5.5 -
View file
guam-0.8-debian-concat.patch
Deleted
@@ -1,225 +0,0 @@ -diff -ur guam-0.8.orig/apps/kolab_guam/src/kolab_guam_listener.erl guam-0.8/apps/kolab_guam/src/kolab_guam_listener.erl ---- guam-0.8.orig/apps/kolab_guam/src/kolab_guam_listener.erl 2016-06-08 14:18:58.000000000 +0200 -+++ guam-0.8/apps/kolab_guam/src/kolab_guam_listener.erl 2016-07-01 13:33:11.784314048 +0200 -@@ -35,11 +35,12 @@ - %% gen_server API - init([Name, Config]) -> - Host = proplists:get_value(host, Config, none), -+ NetIface = proplists:get_value(net_iface, Config, none), - Port = proplists:get_value(port, Config, ?DEFAULT_IMAP_PORT), - ImplicitTLS = proplists:get_value(implicit_tls, Config, false), - TLSConfig = proplists:get_value(tls_config, Config, []), - Rules = proplists:get_value(rules, Config, []), -- Options = listen_options(Host, ImplicitTLS, TLSConfig), -+ Options = listen_options(NetIface, Host, ImplicitTLS, TLSConfig), - lager:info("Starting listener \"~p\" on port ~B (~p) with ~B rules", [Name, Port, Options, length(Rules)]), - { ok, ListenSocket } = listen(ImplicitTLS, Port, Options), - spawn_link(?MODULE, cleanup, [ListenSocket]), -@@ -55,17 +56,27 @@ - imap_config(none) -> kolab_guam_sup:default_imap_server_config(); - imap_config(Backend) -> kolab_guam_sup:imap_server_config(Backend). - --listen_options(none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); --listen_options(Hostname, ImplicitTLS, TLSConfig) -> -+-spec listen_options(Iface :: string(), Hostname :: string(), ImplicitTLS :: boolean(), TLSConfig :: list()) -> list(). -+listen_options(none, none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); -+listen_options(none, Hostname, ImplicitTLS, TLSConfig) -> - case inet:gethostbyname(Hostname) of - { ok, { hostent, _HostName, _Unused, inet, _Ver, [IP] } } -> - [ { ip, IP } | default_listen_options(ImplicitTLS, TLSConfig) ]; - _ -> -- listen_options(none, ImplicitTLS, TLSConfig) -+ listen_options(none, none, ImplicitTLS, TLSConfig) -+ end; -+listen_options(Iface, Hostname, ImplicitTLS, TLSConfig) -> -+ { ok, Ifaces } = inet:getifaddrs(), -+ case proplists:get_value(Iface, Ifaces) of -+ undefined -> listen_options(none, Hostname, ImplicitTLS, TLSConfig); -+ Info -> Addr = proplists:get_value(addr, Info, none), -+ %lager:info("YEAH! ~p", [Addr]), -+ listen_options(none, Addr, ImplicitTLS, TLSConfig) - end. - --default_listen_options(true, TLSConfig) -> [ { reuseaddr, true }, {active, once } | TLSConfig ]; --default_listen_options(_ImplicitTLS, _Config) -> [ { active, once }, { reuseaddr, true } ]. -+default_listen_options(true, TLSConfig) -> default_listen_options() ++ TLSConfig; -+default_listen_options(_ImplicitTLS, _Config) -> default_listen_options(). -+default_listen_options() -> [ { reuseaddr, true }, {active, once }, inet6 ]. - - create_initial_listeners(PID) when is_pid(PID) -> - lager:debug("Creating session pool for listener ~p", [PID]), -diff -ur guam-0.8.orig/apps/kolab_guam/src/kolab_guam_session.erl guam-0.8/apps/kolab_guam/src/kolab_guam_session.erl ---- guam-0.8.orig/apps/kolab_guam/src/kolab_guam_session.erl 2016-06-08 14:18:58.000000000 +0200 -+++ guam-0.8/apps/kolab_guam/src/kolab_guam_session.erl 2016-07-01 13:34:12.008992665 +0200 -@@ -71,10 +71,12 @@ - handle_info({ ssl, Socket, Data }, State) -> - %lager:debug("Data coming in from client over SSL, ~p", [Data]), - process_client_data(Socket, Data, State); --handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_tls_active = TLSActive, deflator = Deflator } = State) -> -- CorrectedHello = correct_hello(TLSActive, TLSConfig, ServerHello), -+handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_implicit_tls = ImplicitTLS, client_tls_active = TLSActive, deflator = Deflator } = State) -> -+ CorrectedHello = correct_hello(TLSActive, ImplicitTLS, TLSConfig, ServerHello), -+ ServerIdent = proplists:get_value(server_id, ServerHello, <<>>), -+ FullGreeting = <<"* OK [CAPABILITIES ", CorrectedHello/binary, "] ", ServerIdent/binary, "\r\n">>, - eimap:start_passthrough(ImapSession, self()), -- relay_response(Socket, postprocess_server_data(Deflator, <<CorrectedHello/binary, "\r\n">>), TLSActive), -+ relay_response(Socket, postprocess_server_data(Deflator, FullGreeting), TLSActive), - { noreply, State }; - handle_info({ { rule_data, Module, ResponseToken }, Data }, #state{ rules_active = ActiveRules } = State) -> - %lager:debug("Got back data requested by rule ~p: ~p", [Module, Data]), -@@ -275,17 +277,20 @@ - set_socket_active(true, Socket) -> ssl:setopts(Socket, [{ active, once }]); - set_socket_active(_, Socket) -> inet:setopts(Socket, [{ active, once }]). - ---spec correct_hello(TLSActive :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). --correct_hello(true, _TLSConfig, ServerHello) -> -+-spec correct_hello(TLSActive :: true | false, ImplicitTLS :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). -+correct_hello(true, true, _TLSConfig, ServerResponse) -> - % the connection is already secured, so don't advertise starttls to the client -- ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSActive, [], ServerHello) -> -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(true, _ImplicitTLS, _TLSConfig, ServerResponse) -> -+ % the connection is already secured, so don't advertise starttls to the client -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(_TLSActive, _ImplicitTLS, [], ServerResponse) -> - % guam does not have a TLS config and so can not provide TLS to the client -- ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSAcive, _TLSConfig, ServerHello) -> -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(_TLSActive, _ImplicitTLS, _TLSConfig, ServerResponse) -> - % guam has a TLS config, and it is not currently active, so make sure to include - % STARTTLS in our response regardless of what the backend says -- ensure_hello_has_starttls(ServerHello). -+ ensure_hello_has_starttls(ServerResponse). - - ensure_hello_has_starttls(ServerResponse) -> - ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), -@@ -296,14 +301,26 @@ - - add_starttls_to_capabilities(ServerHello) -> - case binary:match(ServerHello, <<"CAPABILITY ">>) of -- nomatch -> ServerHello; -+ nomatch -> add_starttls_after_imap4_atom(ServerHello); -+ { Start, End } -> -+ Prefix = binary:part(ServerHello, 0, Start + End), -+ Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), -+ CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, -+ remove_auth_offers(CorrectHello) -+ end. -+ -+add_starttls_after_imap4_atom(ServerHello) -> -+ case binary:match(ServerHello, <<"IMAP4rev1 ">>) of -+ nomatch -> <<"STARTTLS ", ServerHello/binary>>; - { Start, End } -> - Prefix = binary:part(ServerHello, 0, Start + End), - Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), -- <<Prefix/binary, "STARTTLS ", Suffix/binary>> -+ CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, -+ remove_auth_offers(CorrectHello) - end. - --ensure_hello_does_not_have_starttls(ServerHello) -> -+ensure_hello_does_not_have_starttls(ServerResponse) -> -+ ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), - case binary:match(ServerHello, <<"STARTTLS">>) of - nomatch -> ServerHello; - { Start, End } -> -@@ -312,3 +329,25 @@ - <<Prefix/binary, Suffix/binary>> - end. - -+remove_auth_offers(ServerHello) -> -+ case binary:match(ServerHello, <<"AUTH=">>) of -+ nomatch -> ensure_advertise_login_disabled(ServerHello); -+ { Start, End } -> -+ Prefix = binary:part(ServerHello, 0, Start), -+ Suffix = -+ case binary:match(ServerHello, <<" ">>, [{ scope, { Start, size(ServerHello) - Start } }]) of -+ nomatch -> -+ %% end of the line, so no suffix -+ <<>>; -+ { SpaceStart, SpaceEnd } -> -+ binary:part(ServerHello, SpaceStart + SpaceEnd, size(ServerHello) - SpaceStart - SpaceEnd) -+ end, -+ remove_auth_offers(<<Prefix/binary, Suffix/binary>>) -+ end. -+ -+ensure_advertise_login_disabled(ServerHello) -> -+ case binary:match(ServerHello, <<"LOGINDISABLED">>) of -+ nomatch -> <<ServerHello/binary, " LOGINDISABLED">>; -+ _ -> ServerHello -+ end. -+ -Only in guam-0.8: CHANGELOG.md -diff -ur guam-0.8.orig/contrib/guam.sysvinit guam-0.8/contrib/guam.sysvinit ---- guam-0.8.orig/contrib/guam.sysvinit 2016-06-08 14:18:58.000000000 +0200 -+++ guam-0.8/contrib/guam.sysvinit 2016-07-01 13:33:49.086734379 +0200 -@@ -11,6 +11,8 @@ - - name=`basename $0` - -+export HOME=/opt/kolab_guam/ -+ - start_cmd="$name start" - restart_cmd="$name restart" - stop_cmd="$name stop" -diff -ur guam-0.8.orig/docs/deployment.md guam-0.8/docs/deployment.md ---- guam-0.8.orig/docs/deployment.md 2016-06-08 14:18:58.000000000 +0200 -+++ guam-0.8/docs/deployment.md 2016-07-01 13:32:52.850100693 +0200 -@@ -84,14 +84,26 @@ - { rules, [ { filter_groupware, [] } ] }, - { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } - ] -+ }, -+ { default, [ -+ { net_iface, "eth0" }, -+ { port, 1993 }, -+ { imap_server, default }, -+ { implicit_tls, true }, -+ { rules, [ { filter_groupware, [] } ] }, -+ { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } -+ ] - } - } - - The host entry is optional, and is used to bind the connection to a specific --network interface. Leaving it empty will cause Guam to bind to the port accross -+network interface by ip address. Alternatively, the net_iface may be defined and -+guam will attempt to bind to an address on that network device. net_iface overrides -+host, though host will be used as a fallback if net_iface does not produce a network -+interface. Leaving host and net_iface empty will cause Guam to bind to the port accross - all network interfaces available to it. - --port defines the port it is listening on. -+port defines the port the listener is active on. - - imap_server refers to the entry in the imap_servers block. If not provided, the - default entry in the imap_servers configuration is used. -diff -ur guam-0.8.orig/rebar.config guam-0.8/rebar.config
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +guam (0.8.1-1) unstable; urgency=medium + + * Release of 0.8.1 + + -- Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Tue, 5 Jul 2016 06:06:06 +0600 + guam (0.8-2mic1) unstable; urgency=medium * add patches from rpm builds
View file
debian.series
Changed
@@ -1,2 +1,1 @@ -guam-0.8-debian-concat.patch -p1 -0011-switch-to-triggering-on-any-list-where-the-last-two-.patch -p1 +guam-0.8-T1312-set-HOME-environment-variable-in-sysvinit-script.patch -p1
View file
guam-0.8.1.tar.gz/CHANGELOG.md
Added
@@ -0,0 +1,25 @@ +# Changelog +All notable changes to this project will be documented in this file. + +This project adheres to [Semantic Versioning](http://semver.org/). + +## [Unreleased] +### Added +- bind to a network interface (rather than an IP/host) with net_iface +### Changed +- upgraded build to rebar3 +### Deprecated +### Removed +### Fixed +### Security + + +## [0.8.0] - 2016-06-08 +### Added +- systemd service module +- sysv init script +### Changed +- Upgraded eimap to 0.2.4 +### Fixed +- Support more variations of the LIST command args in the filter_groupware rule +
View file
guam-0.8.tar.gz/apps/kolab_guam/src/kolab_guam.app.src -> guam-0.8.1.tar.gz/apps/kolab_guam/src/kolab_guam.app.src
Changed
@@ -2,7 +2,7 @@ {application, kolab_guam, [ {description, "IMAP session proxy"}, - {vsn, "0.8"}, + {vsn, "0.8.1"}, {registered, []}, {applications, [ kernel,
View file
guam-0.8.tar.gz/apps/kolab_guam/src/kolab_guam_listener.erl -> guam-0.8.1.tar.gz/apps/kolab_guam/src/kolab_guam_listener.erl
Changed
@@ -35,11 +35,12 @@ %% gen_server API init([Name, Config]) -> Host = proplists:get_value(host, Config, none), + NetIface = proplists:get_value(net_iface, Config, none), Port = proplists:get_value(port, Config, ?DEFAULT_IMAP_PORT), ImplicitTLS = proplists:get_value(implicit_tls, Config, false), TLSConfig = proplists:get_value(tls_config, Config, []), Rules = proplists:get_value(rules, Config, []), - Options = listen_options(Host, ImplicitTLS, TLSConfig), + Options = listen_options(NetIface, Host, ImplicitTLS, TLSConfig), lager:info("Starting listener \"~p\" on port ~B (~p) with ~B rules", [Name, Port, Options, length(Rules)]), { ok, ListenSocket } = listen(ImplicitTLS, Port, Options), spawn_link(?MODULE, cleanup, [ListenSocket]), @@ -55,17 +56,27 @@ imap_config(none) -> kolab_guam_sup:default_imap_server_config(); imap_config(Backend) -> kolab_guam_sup:imap_server_config(Backend). -listen_options(none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); -listen_options(Hostname, ImplicitTLS, TLSConfig) -> +-spec listen_options(Iface :: string(), Hostname :: string(), ImplicitTLS :: boolean(), TLSConfig :: list()) -> list(). +listen_options(none, none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); +listen_options(none, Hostname, ImplicitTLS, TLSConfig) -> case inet:gethostbyname(Hostname) of { ok, { hostent, _HostName, _Unused, inet, _Ver, [IP] } } -> [ { ip, IP } | default_listen_options(ImplicitTLS, TLSConfig) ]; _ -> - listen_options(none, ImplicitTLS, TLSConfig) + listen_options(none, none, ImplicitTLS, TLSConfig) + end; +listen_options(Iface, Hostname, ImplicitTLS, TLSConfig) -> + { ok, Ifaces } = inet:getifaddrs(), + case proplists:get_value(Iface, Ifaces) of + undefined -> listen_options(none, Hostname, ImplicitTLS, TLSConfig); + Info -> Addr = proplists:get_value(addr, Info, none), + %lager:info("YEAH! ~p", [Addr]), + listen_options(none, Addr, ImplicitTLS, TLSConfig) end. -default_listen_options(true, TLSConfig) -> [ { reuseaddr, true }, {active, once } | TLSConfig ]; -default_listen_options(_ImplicitTLS, _Config) -> [ { active, once }, { reuseaddr, true } ]. +default_listen_options(true, TLSConfig) -> default_listen_options() ++ TLSConfig; +default_listen_options(_ImplicitTLS, _Config) -> default_listen_options(). +default_listen_options() -> [ { reuseaddr, true }, {active, once }, inet6 ]. create_initial_listeners(PID) when is_pid(PID) -> lager:debug("Creating session pool for listener ~p", [PID]),
View file
guam-0.8.tar.gz/apps/kolab_guam/src/kolab_guam_session.erl -> guam-0.8.1.tar.gz/apps/kolab_guam/src/kolab_guam_session.erl
Changed
@@ -71,10 +71,12 @@ handle_info({ ssl, Socket, Data }, State) -> %lager:debug("Data coming in from client over SSL, ~p", [Data]), process_client_data(Socket, Data, State); -handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_tls_active = TLSActive, deflator = Deflator } = State) -> - CorrectedHello = correct_hello(TLSActive, TLSConfig, ServerHello), +handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_implicit_tls = ImplicitTLS, client_tls_active = TLSActive, deflator = Deflator } = State) -> + CorrectedHello = correct_hello(TLSActive, ImplicitTLS, TLSConfig, ServerHello), + ServerIdent = proplists:get_value(server_id, ServerHello, <<>>), + FullGreeting = <<"* OK [CAPABILITIES ", CorrectedHello/binary, "] ", ServerIdent/binary, "\r\n">>, eimap:start_passthrough(ImapSession, self()), - relay_response(Socket, postprocess_server_data(Deflator, <<CorrectedHello/binary, "\r\n">>), TLSActive), + relay_response(Socket, postprocess_server_data(Deflator, FullGreeting), TLSActive), { noreply, State }; handle_info({ { rule_data, Module, ResponseToken }, Data }, #state{ rules_active = ActiveRules } = State) -> %lager:debug("Got back data requested by rule ~p: ~p", [Module, Data]), @@ -275,17 +277,20 @@ set_socket_active(true, Socket) -> ssl:setopts(Socket, [{ active, once }]); set_socket_active(_, Socket) -> inet:setopts(Socket, [{ active, once }]). --spec correct_hello(TLSActive :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). -correct_hello(true, _TLSConfig, ServerHello) -> +-spec correct_hello(TLSActive :: true | false, ImplicitTLS :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). +correct_hello(true, true, _TLSConfig, ServerResponse) -> % the connection is already secured, so don't advertise starttls to the client - ensure_hello_does_not_have_starttls(ServerHello); -correct_hello(_TLSActive, [], ServerHello) -> + ensure_hello_does_not_have_starttls(ServerResponse); +correct_hello(true, _ImplicitTLS, _TLSConfig, ServerResponse) -> + % the connection is already secured, so don't advertise starttls to the client + ensure_hello_does_not_have_starttls(ServerResponse); +correct_hello(_TLSActive, _ImplicitTLS, [], ServerResponse) -> % guam does not have a TLS config and so can not provide TLS to the client - ensure_hello_does_not_have_starttls(ServerHello); -correct_hello(_TLSAcive, _TLSConfig, ServerHello) -> + ensure_hello_does_not_have_starttls(ServerResponse); +correct_hello(_TLSActive, _ImplicitTLS, _TLSConfig, ServerResponse) -> % guam has a TLS config, and it is not currently active, so make sure to include % STARTTLS in our response regardless of what the backend says - ensure_hello_has_starttls(ServerHello). + ensure_hello_has_starttls(ServerResponse). ensure_hello_has_starttls(ServerResponse) -> ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), @@ -296,14 +301,26 @@ add_starttls_to_capabilities(ServerHello) -> case binary:match(ServerHello, <<"CAPABILITY ">>) of - nomatch -> ServerHello; + nomatch -> add_starttls_after_imap4_atom(ServerHello); + { Start, End } -> + Prefix = binary:part(ServerHello, 0, Start + End), + Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), + CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, + remove_auth_offers(CorrectHello) + end. + +add_starttls_after_imap4_atom(ServerHello) -> + case binary:match(ServerHello, <<"IMAP4rev1 ">>) of + nomatch -> <<"STARTTLS ", ServerHello/binary>>; { Start, End } -> Prefix = binary:part(ServerHello, 0, Start + End), Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), - <<Prefix/binary, "STARTTLS ", Suffix/binary>> + CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, + remove_auth_offers(CorrectHello) end. -ensure_hello_does_not_have_starttls(ServerHello) -> +ensure_hello_does_not_have_starttls(ServerResponse) -> + ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), case binary:match(ServerHello, <<"STARTTLS">>) of nomatch -> ServerHello; { Start, End } -> @@ -312,3 +329,25 @@ <<Prefix/binary, Suffix/binary>> end. +remove_auth_offers(ServerHello) -> + case binary:match(ServerHello, <<"AUTH=">>) of + nomatch -> ensure_advertise_login_disabled(ServerHello); + { Start, _End } -> + Prefix = binary:part(ServerHello, 0, Start), + Suffix = + case binary:match(ServerHello, <<" ">>, [{ scope, { Start, size(ServerHello) - Start } }]) of + nomatch -> + %% end of the line, so no suffix + <<>>; + { SpaceStart, SpaceEnd } -> + binary:part(ServerHello, SpaceStart + SpaceEnd, size(ServerHello) - SpaceStart - SpaceEnd) + end, + remove_auth_offers(<<Prefix/binary, Suffix/binary>>) + end. + +ensure_advertise_login_disabled(ServerHello) -> + case binary:match(ServerHello, <<"LOGINDISABLED">>) of + nomatch -> <<ServerHello/binary, " LOGINDISABLED">>; + _ -> ServerHello + end. +
View file
guam-0.8.tar.gz/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl -> guam-0.8.1.tar.gz/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl
Changed
@@ -27,14 +27,12 @@ applies(_ConnectionDetails, Buffer, State) -> { _Tag, Command, Data } = eimap_utils:split_command_into_components(Buffer), %lager:debug("********** Checking ...~n Command: ~s ~s", [Command, Data]), - { apply_if_id_matches(Command, Data, State#state.trigger_commands), State }. + { apply_if_id_matches(Command, Data, State), State }. apply_to_client_message(ImapSession, Buffer, State) -> { Tag, Command, Data } = eimap_utils:split_command_into_components(Buffer), { Active, StateTag }= - case lists:any(fun(T) -> (Command =:= T) andalso - ((binary:match(Data, <<"*">>) =/= nomatch) orelse (binary:match(Data, <<"%">>) =/= nomatch)) end, - State#state.trigger_commands) of + case is_triggering_command(Command, Data, State) of true -> fetch_metadata(ImapSession, State), { true, Tag }; _ -> { false, <<>> } end, @@ -55,16 +53,22 @@ State#state{ blacklist = Blacklist }. %%PRIVATE +is_triggering_command(Command, Data, #state{ trigger_commands = TriggerCommands }) -> + %% if the command is in the list of trigger commands and the ending is not "" (which means "send me + %% the root and separator" according to RFC 3501), then it is treated as a triggering event + lists:any(fun(T) -> (Command =:= T) andalso (binary:longest_common_suffix([Data, <<"\"\"">>]) =/= 2) end, + TriggerCommands). + fetch_metadata(none, #state{ blacklist = undefined }) -> ok; fetch_metadata(ImapSession, #state{ blacklist = undefined }) -> eimap:get_folder_metadata(ImapSession, self(), { rule_data, ?MODULE, blacklist }, "*", ["/shared/vendor/kolab/folder-type"]); fetch_metadata(_ImapSession, _State) -> ok. -apply_if_id_matches(<<"ID">>, Data, _TriggerCommands) -> +apply_if_id_matches(<<"ID">>, Data, _State) -> apply_if_found_kolab(binary:match(Data, <<"/Kolab">>)); -apply_if_id_matches(Command, _Data, TriggerCommands) -> - case lists:any(fun(T) -> Command =:= T end, TriggerCommands) of +apply_if_id_matches(Command, Data, State) -> + case is_triggering_command(Command, Data, State) of true -> true; _ -> notyet end.
View file
guam-0.8.tar.gz/docs/deployment.md -> guam-0.8.1.tar.gz/docs/deployment.md
Changed
@@ -84,14 +84,26 @@ { rules, [ { filter_groupware, [] } ] }, { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } ] + }, + { default, [ + { net_iface, "eth0" }, + { port, 1993 }, + { imap_server, default }, + { implicit_tls, true }, + { rules, [ { filter_groupware, [] } ] }, + { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } + ] } } The host entry is optional, and is used to bind the connection to a specific -network interface. Leaving it empty will cause Guam to bind to the port accross +network interface by ip address. Alternatively, the net_iface may be defined and +guam will attempt to bind to an address on that network device. net_iface overrides +host, though host will be used as a fallback if net_iface does not produce a network +interface. Leaving host and net_iface empty will cause Guam to bind to the port accross all network interfaces available to it. -port defines the port it is listening on. +port defines the port the listener is active on. imap_server refers to the entry in the imap_servers block. If not provided, the default entry in the imap_servers configuration is used.
View file
guam-0.8.tar.gz/rebar.config -> guam-0.8.1.tar.gz/rebar.config
Changed
@@ -5,7 +5,7 @@ { deps, [ { lager, "(2.0|2.1|2.2).*", { git, "git://github.com/basho/lager.git", { tag, "2.2.0" } } }, { lager_syslog, "2.*", { git, "git://github.com/basho/lager_syslog.git", { tag, "2.1.3" } } }, - { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.2" } } } + { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.5" } } } %% pull in the proper version of meck before jobs 0.3 gets around to pulling in the wrong version ] }.
View file
guam.dsc
Changed
@@ -2,7 +2,7 @@ Source: guam Binary: guam Architecture: any -Version: 0.8-2mic1 +Version: 0.8.1-1 Maintainer: Christoph Erhardt <kolab@sicherha.de> Homepage: https://kolab.org/about/guam Standards-Version: 3.9.6 @@ -10,5 +10,5 @@ Package-List: guam deb mail extra Files: - 00000000000000000000000000000000 0 guam-0.8.tar.gz + 00000000000000000000000000000000 0 guam-0.8.1.tar.gz 00000000000000000000000000000000 0 debian.tar.gz
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.