/[smeserver]/cdrom.image/sme10/README.txt
ViewVC logotype

Annotation of /cdrom.image/sme10/README.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.4 - (hide annotations) (download)
Fri Dec 28 03:33:50 2018 UTC (5 years, 11 months ago) by jpp
Branch: MAIN
Changes since 1.3: +163 -365 lines
Content type: text/plain
new release

1 jpp 1.4 Koozali SME Server 10 Alpha 4 Release Notes
2 unnilennium 1.3 =====================================
3    
4 jpp 1.4 These are draft only and are in a constat state of update.
5 unnilennium 1.3
6 jpp 1.4 27 Dec 2018
7    
8     The Koozali SME Server development team is pleased to announce the
9     release of SME Server 10 Alpha 4 which will be the next major release of
10     SME Server.
11 unnilennium 1.3
12     This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.
13    
14     ***************************
15 jpp 1.4 Koozali SME Server users should not upgrade production servers to this
16     release but those who can are encouraged to load the alpha to a
17     dedicated test machine and take part in the testing phase.
18 unnilennium 1.3 ***************************
19    
20 jpp 1.4 Some notes on Koozali SME Server 10 can be found at
21 unnilennium 1.3 https://wiki.contribs.org/SME_Server_10.0_Development
22    
23 jpp 1.4 SME10 Roadmap - Alpha 4
24     https://wiki.contribs.org/SME10_Roadmap#SME_10_Alpha_4
25    
26 unnilennium 1.3 Bug reports and reports of potential bugs should be raised in the bug
27     tracker (and only there, please);
28    
29 jpp 1.4 https://bugs.koozali.org/
30 unnilennium 1.3
31     Download
32     ========
33     You can download SME Server 10 from
34     https://mirror.koozali.org/smeserver/releases/testing/10/
35     or for other methods see https://wiki.koozali.org/SME_Server:Download
36    
37     Please note it may take up to 48 hours for mirrors to finish syncing,
38     during this time you may experience problems.
39    
40     About SME Server
41     ================
42     SME Server is the leading Linux distribution for small and medium
43     enterprises. SME Server is brought to you by Koozali Foundation, Inc.,
44     a non-profit corporation that exists to provide marketing and legal support
45     for SME Server.
46    
47     SME Server is freely available under the GNU General Public License and
48     is only possible through the efforts of the SME Server community.
49    
50     However, the availability and quality of SME Server is dependent on
51     meeting our expenses, such as hosting costs, server hardware, etc.
52    
53     As such, we ask for a donation to offset costs and fund further development.
54    
55 jpp 1.4 a) If you are a school, a church, a non-profit organisation or an
56     individual using SME Server for private purposes, we would appreciate
57     you to contribute within your means toward the costs associated with
58     hosting, maintenance and development.
59    
60     b) If you are a company or an integrator and you are deploying SME
61     Server in the course of your work to generate revenue, we expect you to
62     make a donation commensurate with the level of revenue you generate and
63     the number of servers your have in the field. Please, help the project
64 unnilennium 1.3
65     Please visit https://wiki.koozali.org/Donate to donate.
66    
67     Koozali Inc is happy to supply an invoice for any donations received,
68 jpp 1.4 simply email treasurer at koozali.org
69 unnilennium 1.3
70     Notes
71     =====
72 jpp 1.4 In-place upgrades are not supported. It is necessary to backup and then
73     restore.
74 unnilennium 1.3 (Remember, testing purpose only)
75    
76     The spare handling for RAID arrays is not implemented.
77    
78 jpp 1.4 USB installs are now supported, see:
79     https://wiki.koozali.org/Install_From_USB
80 unnilennium 1.3
81 jpp 1.4 Current installer is still branded CentOS. A kickstart script allows you
82     to go through the graphical installation process. If your disk is not
83     empty, you will need to use the Anaconda interface to format it and
84     partition it. If it is empty all is automatic. You will have to set your
85     root password twice: once during Anaconda installation (you could use a
86     lame password), a second time in the Koozali SME server configuration
87     process.
88 unnilennium 1.3
89     Major changes in this release
90     =============================
91 jpp 1.4 This release is based on CentOS 7.#
92 unnilennium 1.3
93     Changes in this release
94     =======================
95 jpp 1.4 see above and below
96 unnilennium 1.3
97     General features
98     ================
99 jpp 1.4 - Based on CentOS 7.6.1810 and all available updates
100 unnilennium 1.3
101     Detailed changes in this release
102     =======================
103 jpp 1.4 Only the changes since SME Server 10 Alpha3 are listed, mainly
104 unnilennium 1.3 autogenerated from the changelogs.
105    
106     Packages altered by Centos, Redhat, and Fedora-associated developers are
107     not included.
108    
109     Backups
110    
111 jpp 1.4 # e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme
112     - added patch for workstation backup lock [SME: 9127]
113 unnilennium 1.3 - code from Stefano Zamboni <zamboni@mind-at-work.it>
114    
115     File Server
116    
117 jpp 1.4 # e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
118     - fix typo in /server-resources/regedit/win10samba.reg [SME: 10515]
119    
120     # samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
121     # samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
122     # samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
123     # samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
124     # samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
125     # samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
126     # samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
127     # samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
128     # samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
129     # samba-winbind-modules updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
130     # samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
131     # samba-winbind-clients updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
132     # libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
133     # samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
134     # libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
135     # samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
136     - import 4.6.2-12 [SME: 10429]
137     - change gnutls-devel >= 3.4.7 to gnutls-devel to allow build
138     - import to SME the two last upstream releases [SME: 10326]
139     - resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275
140     - resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163
141     - resolves: #1484423 - Require at least krb5 version 1.15.1
142     - resolves: #1484713 - Fix password changes for users via smbpasswd
143     - resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO
144     returned errors
145     - resolves: #1481188 - Fix 'net ads changetrustpw'
146     - resolves: #1459936 - Fix regression with "follow symlinks = no"
147     - resolves: #1461336 - Fix smbclient username parsing
148     - resolves: #1460937 - Fix username normalization with winbind
149     - resolves: #1459179 - Fix smbclient session setup printing
150     - related: #1277999 - Add missing patchset
151     - resolves: #1431986 - Fix expand_msdfs VFS module
152 unnilennium 1.3
153     LDAP
154    
155     Localisation
156    
157 jpp 1.4 # smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme
158     - apply locale 2018-12-14 patch
159     - apply locale 2017-12-02 patch
160 unnilennium 1.3
161     Mail Server
162    
163 jpp 1.4 # clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme
164     - Update to 0.100.2 [SME: 10578]
165    
166     # e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme
167     - fix undefined fqdn for pop3 [SME: 10257]
168    
169     # qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme
170     - add support to force spamcheck on specific IP for fetchmail [SME: 10290]
171    
172     # smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme
173     - add forcespamcheck support for fetchmail [SME: 10290]
174     - Log DMARC reporting in syslog instead of sending email to the admin.
175     Also suppress SSL connection failed warnings [SME: 10298]
176    
177     # djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme
178     - improve short ttl cname resolution and glueless answer from akadns [SME: 8362]
179     - 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set QUERY_MAXLOOP 160
180     --import patches from openwrt and rename already applied patches
181     --fix security issues [SME: 10374]
182     - 020-dnsroots-update.patch: update list of root DNS servers
183     - 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch
184     - 080-dnscache-cache-negatives.patch: rfc2308 ?
185     - 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch
186     - 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch
187     - 270-dnscache-sigpipe-fix.patch: SIGPIPE
188     - 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
189     - 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
190     - 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
191     - 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2
192     --bug fixes [SME: 10374]
193     - 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets
194     - 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records
195     --fix issue with short ttl cname like akamaid [SME: 8362]
196     - 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch
197     - 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
198     - 500-cutom-dnscache-maxloop.patch: set max loop to 200
199     --needed for previous patches to apply cleanly
200     - 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)
201     - 050-tinydns-mmap-leak.patch: report cdb leak
202     - 080-dnscache-cache-negatives.patch: rfc2308 ?
203     - 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch)
204     - 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)
205    
206     # smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme
207     - disable auto_learn by default when enabling Bayes [SME: 8160]
208     - added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and BayesAutoLearnThresholdNonSpam
209    
210     # e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
211     - Update aliases files for every groups passed as argument [SME: 10386]
212 unnilennium 1.3
213     Server manager
214    
215     php
216 jpp 1.4 - load openssl configuration file on startup #1408301
217     - gd: fix buffer over-read into uninitialized memory CVE-2017-7890
218     - fix php should provide php(httpd) #1215429
219     - fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010
220     default value is "yes", preserving previous behaviour
221     - openssl: fix default_socket_timeout does not work with SSL #1378196
222     - gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167
223     - gd: Signed Integer Overflow gd_io.c CVE-2016-10168
224 unnilennium 1.3
225     Webmail and Groupware
226    
227 jpp 1.4 Web Server
228    
229     Other fixes and updates
230    
231     # e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme
232     - icleaning xinetd.conf fragment out of the package [SME: 10219]
233     - revert previous change - wrong package
234     - added post transaction rule for ntp [SME: 10190]
235     - thank you to Stefano Zamboni for this work
236 unnilennium 1.3
237 jpp 1.4 # smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme
238     - add yum-plugin-post-transaction-actions as requirement [SME: 1100]
239    
240     # e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
241     - ease update of e-smith-devtools on non SME builders [SME: 10536]
242    
243     # smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme
244     - exclude libtevent,python-tevent from base and updates to avoid conflict with localy build version of samba [SME: 10573]
245     - add back perl(LWP::Protocol::https) support [SME: 10516]
246     - upstream samba packages were not all excluded [SME: 10428]
247 unnilennium 1.3
248 jpp 1.4 # e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
249     - added post transaction rule for ntp [SME: 10190]
250     - thank you to Stefano Zamboni for this work
251 unnilennium 1.3
252 jpp 1.4 # e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
253     - Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang)
254     [SME: 10445]
255 unnilennium 1.3
256    
257 jpp 1.4 On behalf of the Koozali SME Server development team

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed