Projects
Kolab:Winterfell
guam
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 24
View file
guam.spec
Changed
@@ -17,8 +17,10 @@ %{!?_unitdir: %global _unitdir /usr/lib/systemd/system} +%define lock_version() %{1}%{?_isa} = %(rpm -q --queryformat "%{VERSION}" %{1}) + Name: guam -Version: 0.8 +Version: 0.8.1 Release: 0.20160219.git%{?dist} Summary: A Smart Reverse IMAP Proxy @@ -31,20 +33,6 @@ Patch9991: guam-0.8-T1312-set-HOME-environment-variable-in-sysvinit-script.patch -Patch0001: 0001-introduce-net_iface-for-listeners.patch -Patch0002: 0002-lets-start-keeping-a-changelog.patch -Patch0003: 0003-enable-ipv6-by-default.patch -Patch0004: 0004-update-this-function-for-the-data-structure-change-i.patch -Patch0005: 0005-correct-version-of-eimap-though-this-is-like-to-bump.patch -Patch0006: 0006-fix-typo.patch -Patch0007: 0007-Correct-the-actual-version-back-to-0.8.patch -Patch0008: 0008-Relax-dependency-on-lager.patch -Patch0009: 0001-make-add_starttls_to_capabilities-work-also-on-the-f.patch -Patch0010: 0006-correct-response-for-mplicit_tls-listeners.patch -Patch0011: 0007-do-a-full-OK-CAPABILITY-banner-for-all-correct_hello.patch -Patch0012: 0008-remove-AUTH-entries-put-LOGINDISABLED-if-we-put-up-a.patch -Patch0013: 0011-switch-to-triggering-on-any-list-where-the-last-two-.patch - BuildRequires: erlang >= 17.4 BuildRequires: erlang-asn1 BuildRequires: erlang-common_test @@ -79,11 +67,11 @@ Requires(pre): shadow-utils Requires(postun): shadow-utils -Requires: erlang >= 17.4 -Requires: erlang-eimap >= 0.1.2 -Requires: erlang-goldrush -Requires: erlang-lager >= 2.1.0 -Requires: erlang-lager_syslog >= 1.0.3 +Requires: %lock_version erlang +Requires: %lock_version erlang-eimap +Requires: %lock_version erlang-goldrush +Requires: %lock_version erlang-lager +Requires: %lock_version erlang-lager_syslog %if 0%{?with_systemd} %if 0%{?suse_version} @@ -113,20 +101,6 @@ %patch9991 -p1 -%patch0001 -p1 -%patch0002 -p1 -%patch0003 -p1 -%patch0004 -p1 -%patch0005 -p1 -%patch0006 -p1 -%patch0007 -p1 -%patch0008 -p1 -%patch0009 -p1 -%patch0010 -p1 -%patch0011 -p1 -%patch0012 -p1 -%patch0013 -p1 - %build rebar compile mkdir -p deps @@ -243,6 +217,9 @@ /opt/%{realname}/ %changelog +* Tue Jul 5 2016 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 0.8.1-1 +- Release of version 0.8.1 + * Fri Jun 10 2016 Aaron Seigo <seigo@kolabsystems.com> - Package version 0.8
View file
0001-introduce-net_iface-for-listeners.patch
Deleted
@@ -1,89 +0,0 @@ -From f527fde7a659f67314adb161025965b242655b83 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Tue, 5 Jan 2016 10:49:13 +0100 -Subject: [PATCH 1/8] introduce net_iface for listeners - ---- - apps/kolab_guam/src/kolab_guam_listener.erl | 17 +++++++++++++---- - docs/deployment.md | 16 ++++++++++++++-- - 2 files changed, 27 insertions(+), 6 deletions(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_listener.erl b/apps/kolab_guam/src/kolab_guam_listener.erl -index 7b7a283..c50b4b1 100644 ---- a/apps/kolab_guam/src/kolab_guam_listener.erl -+++ b/apps/kolab_guam/src/kolab_guam_listener.erl -@@ -35,11 +35,12 @@ start_link(Name, Config) -> supervisor:start_link(?MODULE, [Name, Config]). - %% gen_server API - init([Name, Config]) -> - Host = proplists:get_value(host, Config, none), -+ NetIface = proplists:get_value(net_iface, Config, none), - Port = proplists:get_value(port, Config, ?DEFAULT_IMAP_PORT), - ImplicitTLS = proplists:get_value(implicit_tls, Config, false), - TLSConfig = proplists:get_value(tls_config, Config, []), - Rules = proplists:get_value(rules, Config, []), -- Options = listen_options(Host, ImplicitTLS, TLSConfig), -+ Options = listen_options(NetIface, Host, ImplicitTLS, TLSConfig), - lager:info("Starting listener \"~p\" on port ~B (~p) with ~B rules", [Name, Port, Options, length(Rules)]), - { ok, ListenSocket } = listen(ImplicitTLS, Port, Options), - spawn_link(?MODULE, cleanup, [ListenSocket]), -@@ -55,13 +56,21 @@ init([Name, Config]) -> - imap_config(none) -> kolab_guam_sup:default_imap_server_config(); - imap_config(Backend) -> kolab_guam_sup:imap_server_config(Backend). - --listen_options(none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); --listen_options(Hostname, ImplicitTLS, TLSConfig) -> -+listen_options(none, none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); -+listen_options(none, Hostname, ImplicitTLS, TLSConfig) -> - case inet:gethostbyname(Hostname) of - { ok, { hostent, _HostName, _Unused, inet, _Ver, [IP] } } -> - [ { ip, IP } | default_listen_options(ImplicitTLS, TLSConfig) ]; - _ -> -- listen_options(none, ImplicitTLS, TLSConfig) -+ listen_options(none, none, ImplicitTLS, TLSConfig) -+ end; -+listen_options(Iface, Hostname, ImplicitTLS, TLSConfig) -> -+ { ok, Ifaces } = inet:getifaddrs(), -+ case proplists:get_value(Iface, Ifaces) of -+ undefined -> listen_options(none, Hostname, ImplicitTLS, TLSConfig); -+ Info -> Addr = proplists:get_value(addr, Info, none), -+ lager:info("YEAH! ~p", [Addr]), -+ listen_options(none, Addr, ImplicitTLS, TLSConfig) - end. - - default_listen_options(true, TLSConfig) -> [ { reuseaddr, true }, {active, once } | TLSConfig ]; -diff --git a/docs/deployment.md b/docs/deployment.md -index 33cd450..484d0ed 100644 ---- a/docs/deployment.md -+++ b/docs/deployment.md -@@ -84,14 +84,26 @@ contains the configuration specifics. Example: - { rules, [ { filter_groupware, [] } ] }, - { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } - ] -+ }, -+ { default, [ -+ { net_iface, "eth0" }, -+ { port, 1993 }, -+ { imap_server, default }, -+ { implicit_tls, true }, -+ { rules, [ { filter_groupware, [] } ] }, -+ { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } -+ ] - } - } - - The host entry is optional, and is used to bind the connection to a specific --network interface. Leaving it empty will cause Guam to bind to the port accross -+network interface by ip address. Alternatively, the net_iface may be defined and -+guam will attempt to bind to an address on that network device. net_iface overrides -+host, though host will be used as a fallback if net_iface does not produce a network -+interface. Leaving host and net_iface empty will cause Guam to bind to the port accross - all network interfaces available to it. - --port defines the port it is listening on. -+port defines the port the listener is active on. - - imap_server refers to the entry in the imap_servers block. If not provided, the - default entry in the imap_servers configuration is used. --- -2.5.5 -
View file
0001-make-add_starttls_to_capabilities-work-also-on-the-f.patch
Deleted
@@ -1,37 +0,0 @@ -From f1df1fe2766912652a57c4c2cc1706e8eecf529f Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Tue, 28 Jun 2016 08:47:19 +0200 -Subject: [PATCH] make add_starttls_to_capabilities work also on the first - hello response - -.. which does not have a CAPABILITIES clause. do try to be put it after the -the IMAP4v1 clause, though, for neatness ---- - apps/kolab_guam/src/kolab_guam_session.erl | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index 9439018..1f3869b 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -296,7 +296,16 @@ ensure_hello_has_starttls(ServerResponse) -> - - add_starttls_to_capabilities(ServerHello) -> - case binary:match(ServerHello, <<"CAPABILITY ">>) of -- nomatch -> ServerHello; -+ nomatch -> add_starttls_after_imap4_atom(ServerHello); -+ { Start, End } -> -+ Prefix = binary:part(ServerHello, 0, Start + End), -+ Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), -+ <<Prefix/binary, "STARTTLS ", Suffix/binary>> -+ end. -+ -+add_starttls_after_imap4_atom(ServerHello) -> -+ case binary:match(ServerHello, <<"IMAP4rev1 ">>) of -+ nomatch -> <<"STARTTLS ", ServerHello/binary>>; - { Start, End } -> - Prefix = binary:part(ServerHello, 0, Start + End), - Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), --- -2.5.5 -
View file
0002-lets-start-keeping-a-changelog.patch
Deleted
@@ -1,44 +0,0 @@ -From fde09ae6dd5b38642d8712893f39066d8f4f2091 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 13 Jun 2016 10:28:02 +0200 -Subject: [PATCH 2/8] lets start keeping a changelog - ---- - CHANGELOG.md | 25 +++++++++++++++++++++++++ - 1 file changed, 25 insertions(+) - create mode 100644 CHANGELOG.md - -diff --git a/CHANGELOG.md b/CHANGELOG.md -new file mode 100644 -index 0000000..5f04931 ---- /dev/null -+++ b/CHANGELOG.md -@@ -0,0 +1,25 @@ -+# Changelog -+All notable changes to this project will be documented in this file. -+ -+This project adheres to [Semantic Versioning](http://semver.org/). -+ -+## [Unreleased] -+### Added -+- bind to a network interface (rather than an IP/host) with net_iface -+### Changed -+- upgraded build to rebar3 -+### Deprecated -+### Removed -+### Fixed -+### Security -+ -+ -+## [0.8.0] - 2016-06-08 -+### Added -+- systemd service module -+- sysv init script -+### Changed -+- Upgraded eimap to 0.2.4 -+### Fixed -+- Support more variations of the LIST command args in the filter_groupware rule -+ --- -2.5.5 -
View file
0003-enable-ipv6-by-default.patch
Deleted
@@ -1,51 +0,0 @@ -From 86b9e66beabe4b61e7d091b8df7ad30e293c0cca Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 20 Jun 2016 12:20:06 +0200 -Subject: [PATCH 3/8] enable ipv6 by default - -Summary: -Set the listen socket to ipv6 mode always - -Tested and works with ipv4 addresses as well - -Reviewers: #guam_developers, vanmeeuwen - -Reviewed By: vanmeeuwen - -Differential Revision: https://git.kolab.org/D185 ---- - apps/kolab_guam/src/kolab_guam_listener.erl | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_listener.erl b/apps/kolab_guam/src/kolab_guam_listener.erl -index c50b4b1..ebb0c99 100644 ---- a/apps/kolab_guam/src/kolab_guam_listener.erl -+++ b/apps/kolab_guam/src/kolab_guam_listener.erl -@@ -56,6 +56,7 @@ init([Name, Config]) -> - imap_config(none) -> kolab_guam_sup:default_imap_server_config(); - imap_config(Backend) -> kolab_guam_sup:imap_server_config(Backend). - -+-spec listen_options(Iface :: string(), Hostname :: string(), ImplicitTLS :: boolean(), TLSConfig :: list()) -> list(). - listen_options(none, none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); - listen_options(none, Hostname, ImplicitTLS, TLSConfig) -> - case inet:gethostbyname(Hostname) of -@@ -69,12 +70,13 @@ listen_options(Iface, Hostname, ImplicitTLS, TLSConfig) -> - case proplists:get_value(Iface, Ifaces) of - undefined -> listen_options(none, Hostname, ImplicitTLS, TLSConfig); - Info -> Addr = proplists:get_value(addr, Info, none), -- lager:info("YEAH! ~p", [Addr]), -+ %lager:info("YEAH! ~p", [Addr]), - listen_options(none, Addr, ImplicitTLS, TLSConfig) - end. - --default_listen_options(true, TLSConfig) -> [ { reuseaddr, true }, {active, once } | TLSConfig ]; --default_listen_options(_ImplicitTLS, _Config) -> [ { active, once }, { reuseaddr, true } ]. -+default_listen_options(true, TLSConfig) -> default_listen_options() ++ TLSConfig; -+default_listen_options(_ImplicitTLS, _Config) -> default_listen_options(). -+default_listen_options() -> [ { reuseaddr, true }, {active, once }, inet6 ]. - - create_initial_listeners(PID) when is_pid(PID) -> - lager:debug("Creating session pool for listener ~p", [PID]), --- -2.5.5 -
View file
0004-update-this-function-for-the-data-structure-change-i.patch
Deleted
@@ -1,27 +0,0 @@ -From 130349adeef36dcbcf65e5435d16e66974f60804 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 20 Jun 2016 13:31:59 +0200 -Subject: [PATCH 4/8] update this function for the data structure change in - eimap 0.2 - ---- - apps/kolab_guam/src/kolab_guam_session.erl | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index 60a28cb..69e239c 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -303,7 +303,8 @@ add_starttls_to_capabilities(ServerHello) -> - <<Prefix/binary, "STARTTLS ", Suffix/binary>> - end. - --ensure_hello_does_not_have_starttls(ServerHello) -> -+ensure_hello_does_not_have_starttls(ServerResponse) -> -+ ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), - case binary:match(ServerHello, <<"STARTTLS">>) of - nomatch -> ServerHello; - { Start, End } -> --- -2.5.5 -
View file
0005-correct-version-of-eimap-though-this-is-like-to-bump.patch
Deleted
@@ -1,26 +0,0 @@ -From 1341368e92efcda4d98d0a12a61ce14a102c324b Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 20 Jun 2016 16:57:34 +0200 -Subject: [PATCH 5/8] correct version of eimap (though this is like to bump - again to 0.2.5) - ---- - rebar.config | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rebar.config b/rebar.config -index bd55f4e..3dafb5a 100644 ---- a/rebar.config -+++ b/rebar.config -@@ -5,7 +5,7 @@ - { deps, [ - { lager, "(2.0|2.1|2.2).*", { git, "git://github.com/basho/lager.git", { tag, "2.2.0" } } }, - { lager_syslog, "2.*", { git, "git://github.com/basho/lager_syslog.git", { tag, "2.1.3" } } }, -- { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.2" } } } -+ { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.4" } } } - %% pull in the proper version of meck before jobs 0.3 gets around to pulling in the wrong version - ] - }. --- -2.5.5 -
View file
0006-correct-response-for-mplicit_tls-listeners.patch
Deleted
@@ -1,58 +0,0 @@ -From 18bd1abb8a1221b16b2ec53641b07d8ef49130ea Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Fri, 1 Jul 2016 12:40:04 +0200 -Subject: [PATCH 6/8] correct response for mplicit_tls listeners - ---- - apps/kolab_guam/src/kolab_guam_session.erl | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index 1f3869b..df195a1 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -71,8 +71,8 @@ handle_info({ tcp, Socket, Data }, #state{ client_tls_active = false } = State) - handle_info({ ssl, Socket, Data }, State) -> - %lager:debug("Data coming in from client over SSL, ~p", [Data]), - process_client_data(Socket, Data, State); --handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_tls_active = TLSActive, deflator = Deflator } = State) -> -- CorrectedHello = correct_hello(TLSActive, TLSConfig, ServerHello), -+handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_implicit_tls = ImplicitTLS, client_tls_active = TLSActive, deflator = Deflator } = State) -> -+ CorrectedHello = correct_hello(TLSActive, ImplicitTLS, TLSConfig, ServerHello), - eimap:start_passthrough(ImapSession, self()), - relay_response(Socket, postprocess_server_data(Deflator, <<CorrectedHello/binary, "\r\n">>), TLSActive), - { noreply, State }; -@@ -275,18 +275,26 @@ start_client_compression(Socket, TLS, Tag) -> - set_socket_active(true, Socket) -> ssl:setopts(Socket, [{ active, once }]); - set_socket_active(_, Socket) -> inet:setopts(Socket, [{ active, once }]). - ---spec correct_hello(TLSActive :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). --correct_hello(true, _TLSConfig, ServerHello) -> -+-spec correct_hello(TLSActive :: true | false, ImplicitTLS :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). -+correct_hello(true, true, _TLSConfig, ServerHello) -> -+ % the connection is already secured, so don't advertise starttls to the client -+ build_hello_for_implicit_tls(ServerHello); -+correct_hello(true, _ImplicitTLS, _TLSConfig, ServerHello) -> - % the connection is already secured, so don't advertise starttls to the client - ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSActive, [], ServerHello) -> -+correct_hello(_TLSActive, _ImplicitTLS, [], ServerHello) -> - % guam does not have a TLS config and so can not provide TLS to the client - ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSActive, _TLSConfig, ServerHello) -> -+correct_hello(_TLSActive, _ImplicitTLS, _TLSConfig, ServerHello) -> - % guam has a TLS config, and it is not currently active, so make sure to include - % STARTTLS in our response regardless of what the backend says - ensure_hello_has_starttls(ServerHello). - -+build_hello_for_implicit_tls(ServerResponse) -> -+ NoTLSCapabilities = ensure_hello_does_not_have_starttls(ServerResponse), -+ ServerIdent = proplists:get_value(server_id, ServerResponse, <<>>), -+ <<"* OK [CAPABILITIES ", NoTLSCapabilities/binary, "] ", ServerIdent/binary>>. -+ - ensure_hello_has_starttls(ServerResponse) -> - ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), - case binary:match(ServerHello, <<"STARTTLS">>) of --- -2.5.5 -
View file
0006-fix-typo.patch
Deleted
@@ -1,25 +0,0 @@ -From 06f22152fbb0daf5b1d5cc471cf5de5c587246f7 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 20 Jun 2016 16:57:58 +0200 -Subject: [PATCH 6/8] fix typo - ---- - apps/kolab_guam/src/kolab_guam_session.erl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index 69e239c..9439018 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -282,7 +282,7 @@ correct_hello(true, _TLSConfig, ServerHello) -> - correct_hello(_TLSActive, [], ServerHello) -> - % guam does not have a TLS config and so can not provide TLS to the client - ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSAcive, _TLSConfig, ServerHello) -> -+correct_hello(_TLSActive, _TLSConfig, ServerHello) -> - % guam has a TLS config, and it is not currently active, so make sure to include - % STARTTLS in our response regardless of what the backend says - ensure_hello_has_starttls(ServerHello). --- -2.5.5 -
View file
0007-Correct-the-actual-version-back-to-0.8.patch
Deleted
@@ -1,25 +0,0 @@ -From 1d277e7bf8225600a31413165e9d5ec3cc36a74a Mon Sep 17 00:00:00 2001 -From: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com> -Date: Mon, 27 Jun 2016 15:14:52 +0200 -Subject: [PATCH 7/8] Correct the actual version back to 0.8 - ---- - rel/reltool.config | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rel/reltool.config b/rel/reltool.config -index 1ece54f..298f1ac 100644 ---- a/rel/reltool.config -+++ b/rel/reltool.config -@@ -4,7 +4,7 @@ - {lib_dirs, ["../deps"]}, - {erts, [{mod_cond, derived}, {app_file, strip}]}, - {app_file, strip}, -- {rel, "kolab_guam", "0.9", -+ {rel, "kolab_guam", "0.8", - [ - kernel, - stdlib, --- -2.5.5 -
View file
0007-do-a-full-OK-CAPABILITY-banner-for-all-correct_hello.patch
Deleted
@@ -1,62 +0,0 @@ -From 75ce99f2226438cab4cf57cb8b7dbbe6e4d22885 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Fri, 1 Jul 2016 12:44:09 +0200 -Subject: [PATCH 7/8] do a full "* OK [CAPABILITY" banner for all correct_hello - paths - ---- - apps/kolab_guam/src/kolab_guam_session.erl | 25 +++++++++++-------------- - 1 file changed, 11 insertions(+), 14 deletions(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index df195a1..fb9c72b 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -73,8 +73,10 @@ handle_info({ ssl, Socket, Data }, State) -> - process_client_data(Socket, Data, State); - handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_implicit_tls = ImplicitTLS, client_tls_active = TLSActive, deflator = Deflator } = State) -> - CorrectedHello = correct_hello(TLSActive, ImplicitTLS, TLSConfig, ServerHello), -+ ServerIdent = proplists:get_value(server_id, ServerHello, <<>>), -+ FullGreeting = <<"* OK [CAPABILITIES ", CorrectedHello/binary, "] ", ServerIdent/binary, "\r\n">>, - eimap:start_passthrough(ImapSession, self()), -- relay_response(Socket, postprocess_server_data(Deflator, <<CorrectedHello/binary, "\r\n">>), TLSActive), -+ relay_response(Socket, postprocess_server_data(Deflator, FullGreeting), TLSActive), - { noreply, State }; - handle_info({ { rule_data, Module, ResponseToken }, Data }, #state{ rules_active = ActiveRules } = State) -> - %lager:debug("Got back data requested by rule ~p: ~p", [Module, Data]), -@@ -276,24 +278,19 @@ set_socket_active(true, Socket) -> ssl:setopts(Socket, [{ active, once }]); - set_socket_active(_, Socket) -> inet:setopts(Socket, [{ active, once }]). - - -spec correct_hello(TLSActive :: true | false, ImplicitTLS :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). --correct_hello(true, true, _TLSConfig, ServerHello) -> -+correct_hello(true, true, _TLSConfig, ServerResponse) -> - % the connection is already secured, so don't advertise starttls to the client -- build_hello_for_implicit_tls(ServerHello); --correct_hello(true, _ImplicitTLS, _TLSConfig, ServerHello) -> -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(true, _ImplicitTLS, _TLSConfig, ServerResponse) -> - % the connection is already secured, so don't advertise starttls to the client -- ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSActive, _ImplicitTLS, [], ServerHello) -> -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(_TLSActive, _ImplicitTLS, [], ServerResponse) -> - % guam does not have a TLS config and so can not provide TLS to the client -- ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSActive, _ImplicitTLS, _TLSConfig, ServerHello) -> -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(_TLSActive, _ImplicitTLS, _TLSConfig, ServerResponse) -> - % guam has a TLS config, and it is not currently active, so make sure to include - % STARTTLS in our response regardless of what the backend says -- ensure_hello_has_starttls(ServerHello). -- --build_hello_for_implicit_tls(ServerResponse) -> -- NoTLSCapabilities = ensure_hello_does_not_have_starttls(ServerResponse), -- ServerIdent = proplists:get_value(server_id, ServerResponse, <<>>), -- <<"* OK [CAPABILITIES ", NoTLSCapabilities/binary, "] ", ServerIdent/binary>>. -+ ensure_hello_has_starttls(ServerResponse). - - ensure_hello_has_starttls(ServerResponse) -> - ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), --- -2.5.5 -
View file
0008-Relax-dependency-on-lager.patch
Deleted
@@ -1,25 +0,0 @@ -From 02f346fd187169b850be49ba5589234fefe4b548 Mon Sep 17 00:00:00 2001 -From: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com> -Date: Mon, 27 Jun 2016 15:15:08 +0200 -Subject: [PATCH 8/8] Relax dependency on lager - ---- - rebar.config | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rebar.config b/rebar.config -index 3dafb5a..f08d5ac 100644 ---- a/rebar.config -+++ b/rebar.config -@@ -3,7 +3,7 @@ - - { deps_dir, "deps" }. - { deps, [ -- { lager, "(2.0|2.1|2.2).*", { git, "git://github.com/basho/lager.git", { tag, "2.2.0" } } }, -+ { lager, "3.*", { git, "git://github.com/basho/lager.git" } }, - { lager_syslog, "2.*", { git, "git://github.com/basho/lager_syslog.git", { tag, "2.1.3" } } }, - { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.4" } } } - %% pull in the proper version of meck before jobs 0.3 gets around to pulling in the wrong version --- -2.5.5 -
View file
0008-remove-AUTH-entries-put-LOGINDISABLED-if-we-put-up-a.patch
Deleted
@@ -1,63 +0,0 @@ -From 4cb9fd2e94f7746e5ec05f0cd3c1c7cca895efa3 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Fri, 1 Jul 2016 13:16:16 +0200 -Subject: [PATCH 8/8] remove AUTH= entries, put LOGINDISABLED if we put up a - STARTTLS - ---- - apps/kolab_guam/src/kolab_guam_session.erl | 28 ++++++++++++++++++++++++++-- - 1 file changed, 26 insertions(+), 2 deletions(-) - -diff --git a/apps/kolab_guam/src/kolab_guam_session.erl b/apps/kolab_guam/src/kolab_guam_session.erl -index fb9c72b..79114b1 100644 ---- a/apps/kolab_guam/src/kolab_guam_session.erl -+++ b/apps/kolab_guam/src/kolab_guam_session.erl -@@ -305,7 +305,8 @@ add_starttls_to_capabilities(ServerHello) -> - { Start, End } -> - Prefix = binary:part(ServerHello, 0, Start + End), - Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), -- <<Prefix/binary, "STARTTLS ", Suffix/binary>> -+ CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, -+ remove_auth_offers(CorrectHello) - end. - - add_starttls_after_imap4_atom(ServerHello) -> -@@ -314,7 +315,8 @@ add_starttls_after_imap4_atom(ServerHello) -> - { Start, End } -> - Prefix = binary:part(ServerHello, 0, Start + End), - Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), -- <<Prefix/binary, "STARTTLS ", Suffix/binary>> -+ CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, -+ remove_auth_offers(CorrectHello) - end. - - ensure_hello_does_not_have_starttls(ServerResponse) -> -@@ -327,3 +329,25 @@ ensure_hello_does_not_have_starttls(ServerResponse) -> - <<Prefix/binary, Suffix/binary>> - end. - -+remove_auth_offers(ServerHello) -> -+ case binary:match(ServerHello, <<"AUTH=">>) of -+ nomatch -> ensure_advertise_login_disabled(ServerHello); -+ { Start, End } -> -+ Prefix = binary:part(ServerHello, 0, Start), -+ Suffix = -+ case binary:match(ServerHello, <<" ">>, [{ scope, { Start, size(ServerHello) - Start } }]) of -+ nomatch -> -+ %% end of the line, so no suffix -+ <<>>; -+ { SpaceStart, SpaceEnd } -> -+ binary:part(ServerHello, SpaceStart + SpaceEnd, size(ServerHello) - SpaceStart - SpaceEnd) -+ end, -+ remove_auth_offers(<<Prefix/binary, Suffix/binary>>) -+ end. -+ -+ensure_advertise_login_disabled(ServerHello) -> -+ case binary:match(ServerHello, <<"LOGINDISABLED">>) of -+ nomatch -> <<ServerHello/binary, " LOGINDISABLED">>; -+ _ -> ServerHello -+ end. -+ --- -2.5.5 -
View file
0011-switch-to-triggering-on-any-list-where-the-last-two-.patch
Deleted
@@ -1,61 +0,0 @@ -From 7a96caca1d8f8db6f6d7bd625867d5eb292694f0 Mon Sep 17 00:00:00 2001 -From: Aaron Seigo <aseigo@kde.org> -Date: Mon, 4 Jul 2016 09:47:46 +0200 -Subject: [PATCH 11/11] switch to triggering on any list where the last two - bytes are not "" - -if the suffix of the command is "" that means "this is not really a LIST -command, rather I am wanting the root and separator" .. otherwise known -as IMAP's poorly considered attempt at a poor man's NAMESPACE command ---- - .../src/rules/kolab_guam_rule_filter_groupware.erl | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - -diff --git a/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl b/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl -index a383ad9..49211aa 100644 ---- a/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl -+++ b/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl -@@ -27,14 +27,12 @@ new(_Config) -> #state { blacklist = undefined }. - applies(_ConnectionDetails, Buffer, State) -> - { _Tag, Command, Data } = eimap_utils:split_command_into_components(Buffer), - %lager:debug("********** Checking ...~n Command: ~s ~s", [Command, Data]), -- { apply_if_id_matches(Command, Data, State#state.trigger_commands), State }. -+ { apply_if_id_matches(Command, Data, State), State }. - - apply_to_client_message(ImapSession, Buffer, State) -> - { Tag, Command, Data } = eimap_utils:split_command_into_components(Buffer), - { Active, StateTag }= -- case lists:any(fun(T) -> (Command =:= T) andalso -- ((binary:match(Data, <<"*">>) =/= nomatch) orelse (binary:match(Data, <<"%">>) =/= nomatch)) end, -- State#state.trigger_commands) of -+ case is_triggering_command(Command, Data, State) of - true -> fetch_metadata(ImapSession, State), { true, Tag }; - _ -> { false, <<>> } - end, -@@ -55,16 +53,20 @@ imap_data(blacklist, Response, State) -> - State#state{ blacklist = Blacklist }. - - %%PRIVATE -+is_triggering_command(Command, Data, #state{ trigger_commands = TriggerCommands }) -> -+ lists:any(fun(T) -> (Command =:= T) andalso (binary:longest_common_suffix([Data, <<"\"\"">>]) =:= 2) end, -+ TriggerCommands). -+ - - fetch_metadata(none, #state{ blacklist = undefined }) -> ok; - fetch_metadata(ImapSession, #state{ blacklist = undefined }) -> - eimap:get_folder_metadata(ImapSession, self(), { rule_data, ?MODULE, blacklist }, "*", ["/shared/vendor/kolab/folder-type"]); - fetch_metadata(_ImapSession, _State) -> ok. - --apply_if_id_matches(<<"ID">>, Data, _TriggerCommands) -> -+apply_if_id_matches(<<"ID">>, Data, _State) -> - apply_if_found_kolab(binary:match(Data, <<"/Kolab">>)); --apply_if_id_matches(Command, _Data, TriggerCommands) -> -- case lists:any(fun(T) -> Command =:= T end, TriggerCommands) of -+apply_if_id_matches(Command, Data, State) -> -+ case is_triggering_command(Command, Data, State) of - true -> true; - _ -> notyet - end. --- -2.5.5 -
View file
guam-0.8-debian-concat.patch
Deleted
@@ -1,225 +0,0 @@ -diff -ur guam-0.8.orig/apps/kolab_guam/src/kolab_guam_listener.erl guam-0.8/apps/kolab_guam/src/kolab_guam_listener.erl ---- guam-0.8.orig/apps/kolab_guam/src/kolab_guam_listener.erl 2016-06-08 14:18:58.000000000 +0200 -+++ guam-0.8/apps/kolab_guam/src/kolab_guam_listener.erl 2016-07-01 13:33:11.784314048 +0200 -@@ -35,11 +35,12 @@ - %% gen_server API - init([Name, Config]) -> - Host = proplists:get_value(host, Config, none), -+ NetIface = proplists:get_value(net_iface, Config, none), - Port = proplists:get_value(port, Config, ?DEFAULT_IMAP_PORT), - ImplicitTLS = proplists:get_value(implicit_tls, Config, false), - TLSConfig = proplists:get_value(tls_config, Config, []), - Rules = proplists:get_value(rules, Config, []), -- Options = listen_options(Host, ImplicitTLS, TLSConfig), -+ Options = listen_options(NetIface, Host, ImplicitTLS, TLSConfig), - lager:info("Starting listener \"~p\" on port ~B (~p) with ~B rules", [Name, Port, Options, length(Rules)]), - { ok, ListenSocket } = listen(ImplicitTLS, Port, Options), - spawn_link(?MODULE, cleanup, [ListenSocket]), -@@ -55,17 +56,27 @@ - imap_config(none) -> kolab_guam_sup:default_imap_server_config(); - imap_config(Backend) -> kolab_guam_sup:imap_server_config(Backend). - --listen_options(none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); --listen_options(Hostname, ImplicitTLS, TLSConfig) -> -+-spec listen_options(Iface :: string(), Hostname :: string(), ImplicitTLS :: boolean(), TLSConfig :: list()) -> list(). -+listen_options(none, none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); -+listen_options(none, Hostname, ImplicitTLS, TLSConfig) -> - case inet:gethostbyname(Hostname) of - { ok, { hostent, _HostName, _Unused, inet, _Ver, [IP] } } -> - [ { ip, IP } | default_listen_options(ImplicitTLS, TLSConfig) ]; - _ -> -- listen_options(none, ImplicitTLS, TLSConfig) -+ listen_options(none, none, ImplicitTLS, TLSConfig) -+ end; -+listen_options(Iface, Hostname, ImplicitTLS, TLSConfig) -> -+ { ok, Ifaces } = inet:getifaddrs(), -+ case proplists:get_value(Iface, Ifaces) of -+ undefined -> listen_options(none, Hostname, ImplicitTLS, TLSConfig); -+ Info -> Addr = proplists:get_value(addr, Info, none), -+ %lager:info("YEAH! ~p", [Addr]), -+ listen_options(none, Addr, ImplicitTLS, TLSConfig) - end. - --default_listen_options(true, TLSConfig) -> [ { reuseaddr, true }, {active, once } | TLSConfig ]; --default_listen_options(_ImplicitTLS, _Config) -> [ { active, once }, { reuseaddr, true } ]. -+default_listen_options(true, TLSConfig) -> default_listen_options() ++ TLSConfig; -+default_listen_options(_ImplicitTLS, _Config) -> default_listen_options(). -+default_listen_options() -> [ { reuseaddr, true }, {active, once }, inet6 ]. - - create_initial_listeners(PID) when is_pid(PID) -> - lager:debug("Creating session pool for listener ~p", [PID]), -diff -ur guam-0.8.orig/apps/kolab_guam/src/kolab_guam_session.erl guam-0.8/apps/kolab_guam/src/kolab_guam_session.erl ---- guam-0.8.orig/apps/kolab_guam/src/kolab_guam_session.erl 2016-06-08 14:18:58.000000000 +0200 -+++ guam-0.8/apps/kolab_guam/src/kolab_guam_session.erl 2016-07-01 13:34:12.008992665 +0200 -@@ -71,10 +71,12 @@ - handle_info({ ssl, Socket, Data }, State) -> - %lager:debug("Data coming in from client over SSL, ~p", [Data]), - process_client_data(Socket, Data, State); --handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_tls_active = TLSActive, deflator = Deflator } = State) -> -- CorrectedHello = correct_hello(TLSActive, TLSConfig, ServerHello), -+handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_implicit_tls = ImplicitTLS, client_tls_active = TLSActive, deflator = Deflator } = State) -> -+ CorrectedHello = correct_hello(TLSActive, ImplicitTLS, TLSConfig, ServerHello), -+ ServerIdent = proplists:get_value(server_id, ServerHello, <<>>), -+ FullGreeting = <<"* OK [CAPABILITIES ", CorrectedHello/binary, "] ", ServerIdent/binary, "\r\n">>, - eimap:start_passthrough(ImapSession, self()), -- relay_response(Socket, postprocess_server_data(Deflator, <<CorrectedHello/binary, "\r\n">>), TLSActive), -+ relay_response(Socket, postprocess_server_data(Deflator, FullGreeting), TLSActive), - { noreply, State }; - handle_info({ { rule_data, Module, ResponseToken }, Data }, #state{ rules_active = ActiveRules } = State) -> - %lager:debug("Got back data requested by rule ~p: ~p", [Module, Data]), -@@ -275,17 +277,20 @@ - set_socket_active(true, Socket) -> ssl:setopts(Socket, [{ active, once }]); - set_socket_active(_, Socket) -> inet:setopts(Socket, [{ active, once }]). - ---spec correct_hello(TLSActive :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). --correct_hello(true, _TLSConfig, ServerHello) -> -+-spec correct_hello(TLSActive :: true | false, ImplicitTLS :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). -+correct_hello(true, true, _TLSConfig, ServerResponse) -> - % the connection is already secured, so don't advertise starttls to the client -- ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSActive, [], ServerHello) -> -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(true, _ImplicitTLS, _TLSConfig, ServerResponse) -> -+ % the connection is already secured, so don't advertise starttls to the client -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(_TLSActive, _ImplicitTLS, [], ServerResponse) -> - % guam does not have a TLS config and so can not provide TLS to the client -- ensure_hello_does_not_have_starttls(ServerHello); --correct_hello(_TLSAcive, _TLSConfig, ServerHello) -> -+ ensure_hello_does_not_have_starttls(ServerResponse); -+correct_hello(_TLSActive, _ImplicitTLS, _TLSConfig, ServerResponse) -> - % guam has a TLS config, and it is not currently active, so make sure to include - % STARTTLS in our response regardless of what the backend says -- ensure_hello_has_starttls(ServerHello). -+ ensure_hello_has_starttls(ServerResponse). - - ensure_hello_has_starttls(ServerResponse) -> - ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), -@@ -296,14 +301,26 @@ - - add_starttls_to_capabilities(ServerHello) -> - case binary:match(ServerHello, <<"CAPABILITY ">>) of -- nomatch -> ServerHello; -+ nomatch -> add_starttls_after_imap4_atom(ServerHello); -+ { Start, End } -> -+ Prefix = binary:part(ServerHello, 0, Start + End), -+ Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), -+ CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, -+ remove_auth_offers(CorrectHello) -+ end. -+ -+add_starttls_after_imap4_atom(ServerHello) -> -+ case binary:match(ServerHello, <<"IMAP4rev1 ">>) of -+ nomatch -> <<"STARTTLS ", ServerHello/binary>>; - { Start, End } -> - Prefix = binary:part(ServerHello, 0, Start + End), - Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), -- <<Prefix/binary, "STARTTLS ", Suffix/binary>> -+ CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, -+ remove_auth_offers(CorrectHello) - end. - --ensure_hello_does_not_have_starttls(ServerHello) -> -+ensure_hello_does_not_have_starttls(ServerResponse) -> -+ ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), - case binary:match(ServerHello, <<"STARTTLS">>) of - nomatch -> ServerHello; - { Start, End } -> -@@ -312,3 +329,25 @@ - <<Prefix/binary, Suffix/binary>> - end. - -+remove_auth_offers(ServerHello) -> -+ case binary:match(ServerHello, <<"AUTH=">>) of -+ nomatch -> ensure_advertise_login_disabled(ServerHello); -+ { Start, End } -> -+ Prefix = binary:part(ServerHello, 0, Start), -+ Suffix = -+ case binary:match(ServerHello, <<" ">>, [{ scope, { Start, size(ServerHello) - Start } }]) of -+ nomatch -> -+ %% end of the line, so no suffix -+ <<>>; -+ { SpaceStart, SpaceEnd } -> -+ binary:part(ServerHello, SpaceStart + SpaceEnd, size(ServerHello) - SpaceStart - SpaceEnd) -+ end, -+ remove_auth_offers(<<Prefix/binary, Suffix/binary>>) -+ end. -+ -+ensure_advertise_login_disabled(ServerHello) -> -+ case binary:match(ServerHello, <<"LOGINDISABLED">>) of -+ nomatch -> <<ServerHello/binary, " LOGINDISABLED">>; -+ _ -> ServerHello -+ end. -+ -Only in guam-0.8: CHANGELOG.md -diff -ur guam-0.8.orig/contrib/guam.sysvinit guam-0.8/contrib/guam.sysvinit ---- guam-0.8.orig/contrib/guam.sysvinit 2016-06-08 14:18:58.000000000 +0200 -+++ guam-0.8/contrib/guam.sysvinit 2016-07-01 13:33:49.086734379 +0200 -@@ -11,6 +11,8 @@ - - name=`basename $0` - -+export HOME=/opt/kolab_guam/ -+ - start_cmd="$name start" - restart_cmd="$name restart" - stop_cmd="$name stop" -diff -ur guam-0.8.orig/docs/deployment.md guam-0.8/docs/deployment.md ---- guam-0.8.orig/docs/deployment.md 2016-06-08 14:18:58.000000000 +0200 -+++ guam-0.8/docs/deployment.md 2016-07-01 13:32:52.850100693 +0200 -@@ -84,14 +84,26 @@ - { rules, [ { filter_groupware, [] } ] }, - { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } - ] -+ }, -+ { default, [ -+ { net_iface, "eth0" }, -+ { port, 1993 }, -+ { imap_server, default }, -+ { implicit_tls, true }, -+ { rules, [ { filter_groupware, [] } ] }, -+ { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } -+ ] - } - } - - The host entry is optional, and is used to bind the connection to a specific --network interface. Leaving it empty will cause Guam to bind to the port accross -+network interface by ip address. Alternatively, the net_iface may be defined and -+guam will attempt to bind to an address on that network device. net_iface overrides -+host, though host will be used as a fallback if net_iface does not produce a network -+interface. Leaving host and net_iface empty will cause Guam to bind to the port accross - all network interfaces available to it. - --port defines the port it is listening on. -+port defines the port the listener is active on. - - imap_server refers to the entry in the imap_servers block. If not provided, the - default entry in the imap_servers configuration is used. -diff -ur guam-0.8.orig/rebar.config guam-0.8/rebar.config ---- guam-0.8.orig/rebar.config 2016-06-08 14:18:58.000000000 +0200 -+++ guam-0.8/rebar.config 2016-07-01 13:33:41.190645404 +0200 -@@ -3,9 +3,9 @@ - - { deps_dir, "deps" }. - { deps, [ -- { lager, "(2.0|2.1|2.2).*", { git, "git://github.com/basho/lager.git", { tag, "2.2.0" } } }, -+ { lager, "3.*", { git, "git://github.com/basho/lager.git" } }, - { lager_syslog, "2.*", { git, "git://github.com/basho/lager_syslog.git", { tag, "2.1.3" } } }, -- { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.2" } } } -+ { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.4" } } } - %% pull in the proper version of meck before jobs 0.3 gets around to pulling in the wrong version - ] - }. -diff -ur guam-0.8.orig/rel/reltool.config guam-0.8/rel/reltool.config ---- guam-0.8.orig/rel/reltool.config 2016-06-08 14:18:58.000000000 +0200 -+++ guam-0.8/rel/reltool.config 2016-07-01 13:33:35.894585727 +0200 -@@ -4,7 +4,7 @@ - {lib_dirs, ["../deps"]}, - {erts, [{mod_cond, derived}, {app_file, strip}]}, - {app_file, strip}, -- {rel, "kolab_guam", "0.9", -+ {rel, "kolab_guam", "0.8", - [ - kernel, - stdlib,
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +guam (0.8.1-1) unstable; urgency=medium + + * Release of 0.8.1 + + -- Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Tue, 5 Jul 2016 06:06:06 +0600 + guam (0.8-2mic1) unstable; urgency=medium * add patches from rpm builds
View file
debian.series
Changed
@@ -1,2 +1,1 @@ -guam-0.8-debian-concat.patch -p1 -0011-switch-to-triggering-on-any-list-where-the-last-two-.patch -p1 +guam-0.8-T1312-set-HOME-environment-variable-in-sysvinit-script.patch -p1
View file
guam-0.8.1.tar.gz/CHANGELOG.md
Added
@@ -0,0 +1,25 @@ +# Changelog +All notable changes to this project will be documented in this file. + +This project adheres to [Semantic Versioning](http://semver.org/). + +## [Unreleased] +### Added +- bind to a network interface (rather than an IP/host) with net_iface +### Changed +- upgraded build to rebar3 +### Deprecated +### Removed +### Fixed +### Security + + +## [0.8.0] - 2016-06-08 +### Added +- systemd service module +- sysv init script +### Changed +- Upgraded eimap to 0.2.4 +### Fixed +- Support more variations of the LIST command args in the filter_groupware rule +
View file
guam-0.8.tar.gz/apps/kolab_guam/src/kolab_guam.app.src -> guam-0.8.1.tar.gz/apps/kolab_guam/src/kolab_guam.app.src
Changed
@@ -2,7 +2,7 @@ {application, kolab_guam, [ {description, "IMAP session proxy"}, - {vsn, "0.8"}, + {vsn, "0.8.1"}, {registered, []}, {applications, [ kernel,
View file
guam-0.8.tar.gz/apps/kolab_guam/src/kolab_guam_listener.erl -> guam-0.8.1.tar.gz/apps/kolab_guam/src/kolab_guam_listener.erl
Changed
@@ -35,11 +35,12 @@ %% gen_server API init([Name, Config]) -> Host = proplists:get_value(host, Config, none), + NetIface = proplists:get_value(net_iface, Config, none), Port = proplists:get_value(port, Config, ?DEFAULT_IMAP_PORT), ImplicitTLS = proplists:get_value(implicit_tls, Config, false), TLSConfig = proplists:get_value(tls_config, Config, []), Rules = proplists:get_value(rules, Config, []), - Options = listen_options(Host, ImplicitTLS, TLSConfig), + Options = listen_options(NetIface, Host, ImplicitTLS, TLSConfig), lager:info("Starting listener \"~p\" on port ~B (~p) with ~B rules", [Name, Port, Options, length(Rules)]), { ok, ListenSocket } = listen(ImplicitTLS, Port, Options), spawn_link(?MODULE, cleanup, [ListenSocket]), @@ -55,17 +56,27 @@ imap_config(none) -> kolab_guam_sup:default_imap_server_config(); imap_config(Backend) -> kolab_guam_sup:imap_server_config(Backend). -listen_options(none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); -listen_options(Hostname, ImplicitTLS, TLSConfig) -> +-spec listen_options(Iface :: string(), Hostname :: string(), ImplicitTLS :: boolean(), TLSConfig :: list()) -> list(). +listen_options(none, none, ImplicitTLS, TLSConfig) -> default_listen_options(ImplicitTLS, TLSConfig); +listen_options(none, Hostname, ImplicitTLS, TLSConfig) -> case inet:gethostbyname(Hostname) of { ok, { hostent, _HostName, _Unused, inet, _Ver, [IP] } } -> [ { ip, IP } | default_listen_options(ImplicitTLS, TLSConfig) ]; _ -> - listen_options(none, ImplicitTLS, TLSConfig) + listen_options(none, none, ImplicitTLS, TLSConfig) + end; +listen_options(Iface, Hostname, ImplicitTLS, TLSConfig) -> + { ok, Ifaces } = inet:getifaddrs(), + case proplists:get_value(Iface, Ifaces) of + undefined -> listen_options(none, Hostname, ImplicitTLS, TLSConfig); + Info -> Addr = proplists:get_value(addr, Info, none), + %lager:info("YEAH! ~p", [Addr]), + listen_options(none, Addr, ImplicitTLS, TLSConfig) end. -default_listen_options(true, TLSConfig) -> [ { reuseaddr, true }, {active, once } | TLSConfig ]; -default_listen_options(_ImplicitTLS, _Config) -> [ { active, once }, { reuseaddr, true } ]. +default_listen_options(true, TLSConfig) -> default_listen_options() ++ TLSConfig; +default_listen_options(_ImplicitTLS, _Config) -> default_listen_options(). +default_listen_options() -> [ { reuseaddr, true }, {active, once }, inet6 ]. create_initial_listeners(PID) when is_pid(PID) -> lager:debug("Creating session pool for listener ~p", [PID]),
View file
guam-0.8.tar.gz/apps/kolab_guam/src/kolab_guam_session.erl -> guam-0.8.1.tar.gz/apps/kolab_guam/src/kolab_guam_session.erl
Changed
@@ -71,10 +71,12 @@ handle_info({ ssl, Socket, Data }, State) -> %lager:debug("Data coming in from client over SSL, ~p", [Data]), process_client_data(Socket, Data, State); -handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_tls_active = TLSActive, deflator = Deflator } = State) -> - CorrectedHello = correct_hello(TLSActive, TLSConfig, ServerHello), +handle_info({ server_hello, ServerHello }, #state{ imap_session = ImapSession, tls_config = TLSConfig, socket = Socket, client_implicit_tls = ImplicitTLS, client_tls_active = TLSActive, deflator = Deflator } = State) -> + CorrectedHello = correct_hello(TLSActive, ImplicitTLS, TLSConfig, ServerHello), + ServerIdent = proplists:get_value(server_id, ServerHello, <<>>), + FullGreeting = <<"* OK [CAPABILITIES ", CorrectedHello/binary, "] ", ServerIdent/binary, "\r\n">>, eimap:start_passthrough(ImapSession, self()), - relay_response(Socket, postprocess_server_data(Deflator, <<CorrectedHello/binary, "\r\n">>), TLSActive), + relay_response(Socket, postprocess_server_data(Deflator, FullGreeting), TLSActive), { noreply, State }; handle_info({ { rule_data, Module, ResponseToken }, Data }, #state{ rules_active = ActiveRules } = State) -> %lager:debug("Got back data requested by rule ~p: ~p", [Module, Data]), @@ -275,17 +277,20 @@ set_socket_active(true, Socket) -> ssl:setopts(Socket, [{ active, once }]); set_socket_active(_, Socket) -> inet:setopts(Socket, [{ active, once }]). --spec correct_hello(TLSActive :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). -correct_hello(true, _TLSConfig, ServerHello) -> +-spec correct_hello(TLSActive :: true | false, ImplicitTLS :: true | false, TlSConfig :: [] | list(), ServerHello :: binary()) -> CorrectedHello :: binary(). +correct_hello(true, true, _TLSConfig, ServerResponse) -> % the connection is already secured, so don't advertise starttls to the client - ensure_hello_does_not_have_starttls(ServerHello); -correct_hello(_TLSActive, [], ServerHello) -> + ensure_hello_does_not_have_starttls(ServerResponse); +correct_hello(true, _ImplicitTLS, _TLSConfig, ServerResponse) -> + % the connection is already secured, so don't advertise starttls to the client + ensure_hello_does_not_have_starttls(ServerResponse); +correct_hello(_TLSActive, _ImplicitTLS, [], ServerResponse) -> % guam does not have a TLS config and so can not provide TLS to the client - ensure_hello_does_not_have_starttls(ServerHello); -correct_hello(_TLSAcive, _TLSConfig, ServerHello) -> + ensure_hello_does_not_have_starttls(ServerResponse); +correct_hello(_TLSActive, _ImplicitTLS, _TLSConfig, ServerResponse) -> % guam has a TLS config, and it is not currently active, so make sure to include % STARTTLS in our response regardless of what the backend says - ensure_hello_has_starttls(ServerHello). + ensure_hello_has_starttls(ServerResponse). ensure_hello_has_starttls(ServerResponse) -> ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), @@ -296,14 +301,26 @@ add_starttls_to_capabilities(ServerHello) -> case binary:match(ServerHello, <<"CAPABILITY ">>) of - nomatch -> ServerHello; + nomatch -> add_starttls_after_imap4_atom(ServerHello); + { Start, End } -> + Prefix = binary:part(ServerHello, 0, Start + End), + Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), + CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, + remove_auth_offers(CorrectHello) + end. + +add_starttls_after_imap4_atom(ServerHello) -> + case binary:match(ServerHello, <<"IMAP4rev1 ">>) of + nomatch -> <<"STARTTLS ", ServerHello/binary>>; { Start, End } -> Prefix = binary:part(ServerHello, 0, Start + End), Suffix = binary:part(ServerHello, Start + End, size(ServerHello) - Start - End), - <<Prefix/binary, "STARTTLS ", Suffix/binary>> + CorrectHello = <<Prefix/binary, "STARTTLS ", Suffix/binary>>, + remove_auth_offers(CorrectHello) end. -ensure_hello_does_not_have_starttls(ServerHello) -> +ensure_hello_does_not_have_starttls(ServerResponse) -> + ServerHello = proplists:get_value(capabilities, ServerResponse, <<>>), case binary:match(ServerHello, <<"STARTTLS">>) of nomatch -> ServerHello; { Start, End } -> @@ -312,3 +329,25 @@ <<Prefix/binary, Suffix/binary>> end. +remove_auth_offers(ServerHello) -> + case binary:match(ServerHello, <<"AUTH=">>) of + nomatch -> ensure_advertise_login_disabled(ServerHello); + { Start, _End } -> + Prefix = binary:part(ServerHello, 0, Start), + Suffix = + case binary:match(ServerHello, <<" ">>, [{ scope, { Start, size(ServerHello) - Start } }]) of + nomatch -> + %% end of the line, so no suffix + <<>>; + { SpaceStart, SpaceEnd } -> + binary:part(ServerHello, SpaceStart + SpaceEnd, size(ServerHello) - SpaceStart - SpaceEnd) + end, + remove_auth_offers(<<Prefix/binary, Suffix/binary>>) + end. + +ensure_advertise_login_disabled(ServerHello) -> + case binary:match(ServerHello, <<"LOGINDISABLED">>) of + nomatch -> <<ServerHello/binary, " LOGINDISABLED">>; + _ -> ServerHello + end. +
View file
guam-0.8.tar.gz/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl -> guam-0.8.1.tar.gz/apps/kolab_guam/src/rules/kolab_guam_rule_filter_groupware.erl
Changed
@@ -27,14 +27,12 @@ applies(_ConnectionDetails, Buffer, State) -> { _Tag, Command, Data } = eimap_utils:split_command_into_components(Buffer), %lager:debug("********** Checking ...~n Command: ~s ~s", [Command, Data]), - { apply_if_id_matches(Command, Data, State#state.trigger_commands), State }. + { apply_if_id_matches(Command, Data, State), State }. apply_to_client_message(ImapSession, Buffer, State) -> { Tag, Command, Data } = eimap_utils:split_command_into_components(Buffer), { Active, StateTag }= - case lists:any(fun(T) -> (Command =:= T) andalso - ((binary:match(Data, <<"*">>) =/= nomatch) orelse (binary:match(Data, <<"%">>) =/= nomatch)) end, - State#state.trigger_commands) of + case is_triggering_command(Command, Data, State) of true -> fetch_metadata(ImapSession, State), { true, Tag }; _ -> { false, <<>> } end, @@ -55,16 +53,22 @@ State#state{ blacklist = Blacklist }. %%PRIVATE +is_triggering_command(Command, Data, #state{ trigger_commands = TriggerCommands }) -> + %% if the command is in the list of trigger commands and the ending is not "" (which means "send me + %% the root and separator" according to RFC 3501), then it is treated as a triggering event + lists:any(fun(T) -> (Command =:= T) andalso (binary:longest_common_suffix([Data, <<"\"\"">>]) =/= 2) end, + TriggerCommands). + fetch_metadata(none, #state{ blacklist = undefined }) -> ok; fetch_metadata(ImapSession, #state{ blacklist = undefined }) -> eimap:get_folder_metadata(ImapSession, self(), { rule_data, ?MODULE, blacklist }, "*", ["/shared/vendor/kolab/folder-type"]); fetch_metadata(_ImapSession, _State) -> ok. -apply_if_id_matches(<<"ID">>, Data, _TriggerCommands) -> +apply_if_id_matches(<<"ID">>, Data, _State) -> apply_if_found_kolab(binary:match(Data, <<"/Kolab">>)); -apply_if_id_matches(Command, _Data, TriggerCommands) -> - case lists:any(fun(T) -> Command =:= T end, TriggerCommands) of +apply_if_id_matches(Command, Data, State) -> + case is_triggering_command(Command, Data, State) of true -> true; _ -> notyet end.
View file
guam-0.8.tar.gz/docs/deployment.md -> guam-0.8.1.tar.gz/docs/deployment.md
Changed
@@ -84,14 +84,26 @@ { rules, [ { filter_groupware, [] } ] }, { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } ] + }, + { default, [ + { net_iface, "eth0" }, + { port, 1993 }, + { imap_server, default }, + { implicit_tls, true }, + { rules, [ { filter_groupware, [] } ] }, + { tls_config, [ { certfile, "/etc/ssl/sample.pem" } ] } + ] } } The host entry is optional, and is used to bind the connection to a specific -network interface. Leaving it empty will cause Guam to bind to the port accross +network interface by ip address. Alternatively, the net_iface may be defined and +guam will attempt to bind to an address on that network device. net_iface overrides +host, though host will be used as a fallback if net_iface does not produce a network +interface. Leaving host and net_iface empty will cause Guam to bind to the port accross all network interfaces available to it. -port defines the port it is listening on. +port defines the port the listener is active on. imap_server refers to the entry in the imap_servers block. If not provided, the default entry in the imap_servers configuration is used.
View file
guam-0.8.tar.gz/rebar.config -> guam-0.8.1.tar.gz/rebar.config
Changed
@@ -5,7 +5,7 @@ { deps, [ { lager, "(2.0|2.1|2.2).*", { git, "git://github.com/basho/lager.git", { tag, "2.2.0" } } }, { lager_syslog, "2.*", { git, "git://github.com/basho/lager_syslog.git", { tag, "2.1.3" } } }, - { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.2" } } } + { eimap, ".*", { git, "https://git.kolab.org/diffusion/EI/eimap.git", { tag, "0.2.5" } } } %% pull in the proper version of meck before jobs 0.3 gets around to pulling in the wrong version ] }.
View file
guam.dsc
Changed
@@ -2,7 +2,7 @@ Source: guam Binary: guam Architecture: any -Version: 0.8-2mic1 +Version: 0.8.1-1 Maintainer: Christoph Erhardt <kolab@sicherha.de> Homepage: https://kolab.org/about/guam Standards-Version: 3.9.6 @@ -10,5 +10,5 @@ Package-List: guam deb mail extra Files: - 00000000000000000000000000000000 0 guam-0.8.tar.gz + 00000000000000000000000000000000 0 guam-0.8.1.tar.gz 00000000000000000000000000000000 0 debian.tar.gz
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.