/[smeserver]/cdrom.image/sme10/README.txt
ViewVC logotype

Diff of /cdrom.image/sme10/README.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.2 by unnilennium, Wed May 31 17:36:06 2017 UTC Revision 1.4 by jpp, Fri Dec 28 03:33:50 2018 UTC
# Line 1  Line 1 
1  Koozali SME Server 10 Alpha 2 Release  Koozali SME Server 10 Alpha 4 Release Notes
2  =====================================  =====================================
3    
4  31 May 2017  These are draft only and are in a constat state of update.
5    
6  The Koozali SME Server development team is pleased to announce the release of  27 Dec 2018
7  SME Server 10 Alpha 3 which will be the next major release of SME Server.  
8    The Koozali SME Server development team is pleased to announce the
9  This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.  release of SME Server 10 Alpha 4 which will be the next major release of
10    SME Server.
11  ***************************  
12  Koozali SME Server users should not upgrade production servers to this release  This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.
13  but those who can are encouraged to load the alpha to a dedicated test machine  
14  and take part in the testing phase.  ***************************
15  ***************************  Koozali SME Server users should not upgrade production servers to this
16    release but those who can are encouraged to load the alpha to a
17  Some notes on Koozali SME Server 10 can be found at  dedicated test machine and take part in the testing phase.
18  https://wiki.contribs.org/SME_Server_10.0_Development  ***************************
19    
20  Bug reports and reports of potential bugs should be raised in the bug  Some notes on Koozali SME Server 10 can be found at
21  tracker (and only there, please);  https://wiki.contribs.org/SME_Server_10.0_Development
22    
23      https://bugs.koozali.org/  SME10 Roadmap - Alpha 4
24    https://wiki.contribs.org/SME10_Roadmap#SME_10_Alpha_4
25  Download  
26  ========  Bug reports and reports of potential bugs should be raised in the bug
27  You can download SME Server 10 from  tracker (and only there, please);
28  https://mirror.koozali.org/smeserver/releases/testing/10/  
29  or for other methods see https://wiki.koozali.org/SME_Server:Download       https://bugs.koozali.org/
30    
31  Please note it may take up to 48 hours for mirrors to finish syncing,  Download
32  during this time you may experience problems.  ========
33    You can download SME Server 10 from
34  About SME Server  https://mirror.koozali.org/smeserver/releases/testing/10/
35  ================  or for other methods see https://wiki.koozali.org/SME_Server:Download
36  SME Server is the leading Linux distribution for small and medium  
37  enterprises. SME Server is brought to you by Koozali Foundation, Inc.,  Please note it may take up to 48 hours for mirrors to finish syncing,
38  a non-profit corporation that exists to provide marketing and legal support  during this time you may experience problems.
39  for SME Server.  
40    About SME Server
41  SME Server is freely available under the GNU General Public License and  ================
42  is only possible through the efforts of the SME Server community.  SME Server is the leading Linux distribution for small and medium
43    enterprises. SME Server is brought to you by Koozali Foundation, Inc.,
44  However, the availability and quality of SME Server is dependent on  a non-profit corporation that exists to provide marketing and legal support
45  meeting our expenses, such as hosting costs, server hardware, etc.  for SME Server.
46    
47  As such, we ask for a donation to offset costs and fund further development.  SME Server is freely available under the GNU General Public License and
48    is only possible through the efforts of the SME Server community.
49  a) If you are a school, a church, a non-profit organisation or an individual  
50  using SME Server for private purposes, we would appreciate you to contribute  However, the availability and quality of SME Server is dependent on
51  within your means toward the costs associated with hosting, maintenance and  meeting our expenses, such as hosting costs, server hardware, etc.
52  development.  
53    As such, we ask for a donation to offset costs and fund further development.
54  b) If you are a company or an integrator and you are deploying SME Server in  
55  the course of your work to generate revenue, we expect you to make a donation  a) If you are a school, a church, a non-profit organisation or an
56  commensurate with the level of revenue you generate and the number of servers  individual using SME Server for private purposes, we would appreciate
57  your have in the field. Please, help the project  you to contribute within your means toward the costs associated with
58    hosting, maintenance and development.
59  Please visit https://wiki.koozali.org/Donate to donate.  
60    b) If you are a company or an integrator and you are deploying SME
61  Koozali Inc is happy to supply an invoice for any donations received,  Server in the course of your work to generate revenue, we expect you to
62  simply email treasurer@koozali.org  make a donation commensurate with the level of revenue you generate and
63    the number of servers your have in the field. Please, help the project
64  Notes  
65  =====  Please visit https://wiki.koozali.org/Donate to donate.
66  In-place upgrades are not supported. It is necessary to backup and then restore.  
67  (Remember, testing purpose only)  Koozali Inc is happy to supply an invoice for any donations received,
68    simply email treasurer at koozali.org
69  The spare handling for RAID arrays is not implemented.  
70    Notes
71  USB installs are now supported, see: https://wiki.koozali.org/Install_From_USB  =====
72    In-place upgrades are not supported. It is necessary to backup and then
73  Current installer is still branded CentOS. A kickstart script allows you to go through the graphical installation process. If your disk is not empty, you will need to use the Anaconda interface to format it and partition it. If it is empty all is automatic. You will have to set your root password twice: once during Anaconda installation (you could use a lame password), a second time in the Koozali SME server configuration process.  restore.
74    (Remember, testing purpose only)
75  Major changes in this release  
76  =============================  The spare handling for RAID arrays is not implemented.
77  This release is based on CentOS 7  
78    USB installs are now supported, see:
79  Changes in this release  https://wiki.koozali.org/Install_From_USB
80  =======================  
81  see above  Current installer is still branded CentOS. A kickstart script allows you
82    to go through the graphical installation process. If your disk is not
83  General features  empty, you will need to use the Anaconda interface to format it and
84  ================  partition it. If it is empty all is automatic. You will have to set your
85  - Based on CentOS 7.2.1511 and all available updates  root password twice: once during Anaconda installation (you could use a
86    lame password), a second time in the Koozali SME server configuration
87  Detailed changes in this release  process.
88  =======================  
89  Only the changes since SME Server 10 Alpha2 are listed, mainly  Major changes in this release
90  autogenerated from the changelogs.  =============================
91    This release is based on CentOS 7.#
92  Packages altered by Centos, Redhat, and Fedora-associated developers are  
93  not included.  Changes in this release
94    =======================
95  General features - Based on CentOS 7.2.1511 and all available updates  see above and below
96    
97  Backups  General features
98    ================
99  e-smith-backup  - Based on CentOS 7.6.1810 and all available updates
100  - added lock during backup to avoid multiple instance running [SME: 9127]  
101  - code from Stefano Zamboni <zamboni@mind-at-work.it>  Detailed changes in this release
102  - added support back to ext2 and ext3 [SME: 9299]  =======================
103  - fix removable device detection [SME: 9299]  Only the changes since SME Server 10 Alpha3 are listed, mainly
104  - console restoration can be launched again from console [SME: 9550]  autogenerated from the changelogs.
105  - fixed bug on the dar catalog when backups are not added in it [SME: 9563]  
106  - Added e-smith-backup-2.6.0.bz9563.UpdateDarCatalogFollowingBackups.patch  Packages altered by Centos, Redhat, and Fedora-associated developers are
107  - Remove the dar exclusion message in the email if there is no exclusion.  not included.
108  - Modified e-smith-backup-2.6.0.Do_Dar_Exclusion.patch [SME: 9633]  
109  - Added two commented files backup.{include,exclude} in /etc/backup-data.d  Backups
110  - Modified e-smith-backup-2.6.0.Add_Or_Remove_Path_In_Backup.patch [SME: 9607]  
111  - Add or remove path in your backup by a file *.include and *.exclude  # e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme
112  - Added e-smith-backup-2.6.0.Add_Or_Remove_Path_In_Backup.patch [SME: 9607]  - added patch for workstation backup lock [SME: 9127]
113  - Test if the remote host (cifs/nfs) is up, else save and display a warning.  - code from Stefano Zamboni <zamboni@mind-at-work.it>
114  - Added e-smith-backup-2.6.0.bz9090.Testing_the_remote_host_parameters.patch [SME: 9090]  
115  - The 'tar backup to desktop' of the backup panel takes consideration of exclusion  File Server
116  - Added e-smith-backup-2.6.0.Do_Tar_Exclusion_In_Panel.patch [SME: 9635]  
117  - The 'dar workstation backup' of the backup panel takes consideration of exclusion  # e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
118  - Added e-smith-backup-2.6.0.Do_Dar_Exclusion.patch [SME: 9633]  - fix typo in  /server-resources/regedit/win10samba.reg  [SME: 10515]
119  - The 'tar backup' of the console takes consideration of exclusion and display a page with the exclusion content  
120  - e-smith-backup-2.6.0.Do_Tar_Exclusion_In_the_console.patch [SME: 9635]  # samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
121    # samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
122  File Server  # samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
123    # samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
124  e-smith-proftpd  # samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
125  - fix typos [SME: 6804]  # samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
126  - set default as required  # samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
127  - NB: client must be set as active connection, not passive  # samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
128  - updated patch for certificate chain  # samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
129  - Thanks to Daniel Berteaud  # samba-winbind-modules updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
130  - Adding TLS support to proftp configuration [SME: 6804]  # samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
131  - default is enabled but not required, only TLSv1.1 and v1.2  # samba-winbind-clients updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
132  e-smith-samba  # libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
133  - fix outlook error code 0x8004011c [SME: 10169]  # samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
134  - when setting up and email account on a win10 computer joined to a domain (with roaming profiles)  # libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
135  - add systemd skip redirect [SME: 9688]  # samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
136  - Fix deprecated syntax '~' in rsyslog [SME: 9398]  - import 4.6.2-12 [SME: 10429]
137  - added e-smith-samba-2.6.0.bz9398.DeprecatedRsyslogSyntaxSamba.patch  - change gnutls-devel >= 3.4.7 to gnutls-devel to allow build
138  proftpd  - import to SME the two last upstream releases [SME: 10326]
139  - AllowChrootSymlinks off could cause login failures depending on filesystem  - resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275
140  permissions: use the IDs of the logging-in user to perform the directory  - resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163
141  walk, looking for symlinks, to be more consistent with similar checks done  - resolves: #1484423 - Require at least krb5 version 1.15.1
142  during login (#1443507, upstream bug 4306)  - resolves: #1484713 - Fix password changes for users via smbpasswd
143  - Crypt::CrackLib always available now  - resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO
144  - Update to 1.3.5e                         returned errors
145  - SFTP clients using umac-64@openssh.com digest failed to connect  - resolves: #1481188 - Fix 'net ads changetrustpw'
146  (upstream bug 4287)  - resolves: #1459936 - Fix regression with "follow symlinks = no"
147  - SFTP rekeying failure with ProFTPD 1.3.5d, caused by null pointer  - resolves: #1461336 - Fix smbclient username parsing
148  dereference (upstream bug 4288)  - resolves: #1460937 - Fix username normalization with winbind
149  - AllowChrootSymlinks off did not check entire DefaultRoot path for symlinks  - resolves: #1459179 - Fix smbclient session setup printing
150  (CVE-2017-7418, upstream bug 4295)  - related: #1277999 - Add missing patchset
151  - Change shellbangs in shipped perl scripts to use system perl  - resolves: #1431986 - Fix expand_msdfs VFS module
152  - Drop EL-5 support  
153  - Drop BuildRoot: and Group: tags  LDAP
154  - Drop explicit buildroot cleaning in %install section  
155  - Drop explicit %clean section  Localisation
156  - /etc/pam.d/password-auth always available now  
157  - pcre 7.0 or later always available now  # smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme
158  - Properly allocate (and clear) the UMAC contexts, to fix segfault in mod_sftp  - apply locale 2018-12-14 patch
159  (#1420365, upstream bug 4287)  - apply locale 2017-12-02 patch
160  - Update to 1.3.5d  
161  - Support OpenSSL 1.1.x API (upstream bug 4275)  Mail Server
162  Bug fixes:  
163  - SSH rekey during authentication can cause issues with clients  # clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme
164  (upstream bug 4254)  - Update to 0.100.2 [SME: 10578]
165  - Recursive SCP uploads of multiple directories not handled properly  
166  (upstream bug 4257)  # e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme
167  - LIST returns different results for file, depending on path syntax  - fix undefined fqdn for pop3 [SME: 10257]
168  (upstream bug 4259)  
169  - "AuthAliasOnly on" in server config breaks anonymous logins  # qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme
170  (upstream bug 4255)  - add support to force spamcheck on specific IP for fetchmail [SME: 10290]
171  - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup> sections  
172  (upstream bug 4272)  # smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme
173  - Memory leak when mod_facl is used (upstream bug 4278)  - add forcespamcheck support for fetchmail [SME: 10290]
174  - All FTP logins treated as anonymous logins again (upstream bug 4283,  - Log DMARC reporting in syslog instead of sending email to the admin.
175  regression in 1.3.5c of upstream bug 3307)    Also suppress SSL connection failed warnings [SME: 10298]
176  - Handle client/server version skew in mod_sql_mysql  
177  (https://forums.proftpd.org/smf/index.php?topic=11887.0)  # djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme
178  - Fix a possible cause of segfaults in mod_sftp (#1337880, upstream bug 4203)  - improve short ttl cname resolution and glueless answer from akadns [SME: 8362]
179  - See if we can fix crash in mod_lang  - 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set  QUERY_MAXLOOP 160
180  - BR: perl-generators for correct dependencies in utils sub-package  --import patches from openwrt and rename already applied patches
181  - Prefer %global over %define  --fix security issues [SME: 10374]
182    - 020-dnsroots-update.patch: update list of root DNS servers
183  LDAP  - 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch
184    - 080-dnscache-cache-negatives.patch: rfc2308 ?
185  e-smith-ldap  - 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch
186  - Disable SSLv3, but keep the possibility to enable it again [SME: 10108]  - 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch
187  - Better default cipher suite, and honor global suite [SME: 10108]  - 270-dnscache-sigpipe-fix.patch: SIGPIPE
188  - systemd skip redirect [SME: 9688]  - 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
189  - Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,  - 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
190    - 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
191  Localisation  - 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2
192    --bug fixes [SME: 10374]
193  smeserver-locale  - 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets
194  - apply 2017-04-26 translation patch [SME: 10252]  - 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records
195  - updated donate patch to correct location https://wiki.koozali.org/Donate [SME: 9595]  --fix issue with short ttl cname like akamaid [SME: 8362]
196  - applied smeserver-locale-2.6.0-locale-2017-03-03  - 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch
197  - Added translations smeserver-locale-2.6.0-locale-2016-07-17.patch  - 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
198  - fix wrongly converted http to https in  - 500-cutom-dnscache-maxloop.patch: set max loop to 200
199  - URL starting with http:// or ftp://  --needed for previous patches to apply cleanly
200  - fix path to documentations (wiki) [SME: 9595]  - 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)
201  - convert all koozali url to https  - 050-tinydns-mmap-leak.patch: report cdb leak
202  - change http://www.smeserver.org\donate to https://wiki.koozali.org/donate [SME: 9595]  - 080-dnscache-cache-negatives.patch: rfc2308 ?
203  - Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,  - 090-tinydns-one-second.patch: improve tinydns with 8 or more  concurent connections (for 240-*.patch)
204  - change contribs.org to koozali.org [SME: 9595]  - 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)
205    
206  Mail Server  # smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme
207    - disable auto_learn by default when enabling Bayes [SME: 8160]
208  e-smith-email  - added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and BayesAutoLearnThresholdNonSpam
209  - fix webmail status not displaying correctly in manager [SME: 9594]  
210  - More change from smtpd to qpsmtpd in masq templates [SME: 9561]  # e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
211  - Replace smtpd with qpsmtpd in smtp-auth-proxy [SME: 9554]  - Update aliases files for every groups passed as argument [SME: 10386]
212  e-smith-pop3  
213  - Honor ConcurrencyLimit and ConcurrencyLimitPerIP prop for pop3 and pop3s  Server manager
214  [SME: 10271]  
215  e-smith-qmail  php
216  - Add possibility to exclude users or members of other groups from group  - load openssl configuration file on startup #1408301
217  email address [SME: 9523]  - gd: fix buffer over-read into uninitialized memory CVE-2017-7890
218  qmail  - fix php should provide php(httpd) #1215429
219  - added documentation [SME: 9705]  - fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010
220  - added binaries ipmetest et ipmeprint to help configuration  default value is "yes", preserving previous behaviour
221  - add moreip to avoid loop [SME: 9705]  - openssl: fix default_socket_timeout does not work with SSL #1378196
222  - patch from Scott Gifford  - gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167
223  - remove qmail-0.0.0.0.patch as it is included  - gd: Signed Integer Overflow gd_io.c CVE-2016-10168
224  - Consider literal <> as null sender [SME: 9884]  
225  qpsmtpd  Webmail and Groupware
226  - Removed Message-Id validation, as it rejects MS account validation email [SME: 10139]  
227  - fix whitelist plugin to support helo with naughty rejecting at mail stage [SME: 10112]  Web Server
228  - Validate domains found in uribl with Data::Validate::Domain [SME: 9467]  
229  - Use eval to fetch dkim policies, prevent fatal errors in case of DNS  Other fixes and updates
230  timeout [SME: 9480]  
231  - Remove karma rcpt handling (buggy and doesn't make a lot of sense)  # e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme
232  [SME: 9462]  - icleaning xinetd.conf fragment out of the package [SME: 10219]
233  qpsmtpd-plugins  - revert previous change - wrong package
234  - remove whitelit_soft [SME: 10126]  - added post transaction rule for ntp [SME: 10190]
235  smeserver-dovecot  - thank you to Stefano Zamboni for this work
236  - Better default cipher suite, and honor global suite [SME: 10110]  
237  smeserver-qpsmtpd  # smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme
238  - Turn DMARC reporting off by default [SME: 10303]  - add yum-plugin-post-transaction-actions as requirement [SME: 1100]
239  - update patch smeserver-qpsmtpd-2.6.0-smtpd_to_qpsmtpd.patch [SME: 9478]  
240  - Greeting property was still attached to smtpd in a template  # e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
241  - updated regex for RBL and SBL in smeserver-qpsmtpd-2.6.0-change_rbl_sbl_list_separator.patch  - ease update of e-smith-devtools on non SME builders [SME: 10536]
242  - to take into account list using a subdomain [SME: 10123]  
243  - Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,  # smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme
244  - Turn SPF and DMARC rejects off by default [SME: 9664]  - exclude libtevent,python-tevent from base and updates to avoid conflict with localy build version of samba [SME: 10573]
245  - Fix disabling DMARC reporting [SME: 9206]  - add back perl(LWP::Protocol::https) support  [SME: 10516]
246  - Add missing tnef2mime and MaximumDateOffset to qpsmtpd [SME: 9560]  - upstream samba packages were not all excluded [SME: 10428]
247  smeserver-spamassassin  
248  - Rewrite spamd run script to add support for --allow-tell [SME: 10137]  # e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
249    - added post transaction rule for ntp [SME: 10190]
250  Server manager  - thank you to Stefano Zamboni for this work
251    
252  e-smith-manager  # e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
253  - add a panel to ease reporting bugs [SME: 8783]  - Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang)
254  - Original work from Mats Schuh m.schuh@neckargeo.net    [SME: 10445]
255  - fix warning uninitialized value in lc [SME: 10209]  
256  - fix typo in e-smith-manager-2.8.0-bz10167-emptyback.patch  
257  - avoid internal server error if empty back parameter [SME: 10167]  On behalf of the Koozali SME Server development team
 - return user friendly message  
 - fix too short timeout in server-manager [SME: 9921]  
 - now 30 min as default instead of 5  
 - possibility to change this and adapt the default 0.66 of timeout remaining to reset it  
 - by default only a session cookie, can activate persistent cookie  
 - sha256 as encryption.  
 - fix bad redirection parameter that might reveal session information to remote site [SME: 9924]  
 - added missing template-begin for tkt.css [SME: 9676]  
 - Update server-manager to Koozali branding [SME: 9676]  
 - We thanks John Crisp for his wonderful work.  
 - change link for donation to koozali.org [SME: 9599]  
 - Fix syntax for removing Indexes options [SME: 9587]  
 - Remove index option for manager's resources [SME: 9587]  
 - fix 307 redirection to http when https is used [SME: 8825] [SME: 9583]  
 - update syntaxe for TKT Auth  
 - bump 8 for typo  
 - Fix a syntax error in server-manager's logout script [SME: 9527]  
 e-smith-starterwebsite  
 - fix can't chownfile index file [SME: 9900]  
 perl-CGI-FormMagick  
 - fix uninitialized value $what_to_make in lc [SME: 10210]  
 php  
 - bz2: fix improper error handling in bzread() CVE-2016-5399  
 - gd: fix integer overflow in _gd2GetHeader() resulting in  
 heap overflow CVE-2016-5766  
 - gd: fix integer overflow in gdImagePaletteToTrueColor()  
 resulting in heap overflow CVE-2016-5767  
 - mbstring: fix double free in _php_mb_regex_ereg_replace_exec  
 CVE-2016-5768  
 - don't set environmental variable based on user supplied Proxy  
 request header CVE-2016-5385  
 - fix segmentation fault in header_register_callback #1344578  
 - curl: add options to enable TLS #1291667  
 - mysqli: fix segfault in mysqli_stmt::bind_result() when  
 link is closed #1096800  
 - fpm: fix incorrectly defined SCRIPT_NAME variable when  
 using Apache #1138563  
 - core: fix segfault when a zend_extension is loaded twice #1289457  
 - openssl: change default_md algo from MD5 to SHA1 #1073388  
 - wddx: fix segfault in php_wddx_serialize_var #1131979  
 - session: fix segfault in session with rfc1867 #1297179  
   
 Webmail and Groupware  
   
   
 Web Server  
   
 e-smith-php  
 - clean daily session and tmp folders [SME: 9626]  
 - updated path for ibays' session and tmp folders to /var/cache  
 - add tmp folder to ibays [SME: 7011]  
 - add session folder to ibays [SME: 9620]  
 - change global session folder from /tmp to /var/lib/php/session/ [SME: 139]  
   
 Other fixes and updates  
   
 e-smith-base  
 - Expand route-bond0 when nic bonding is enabled [SME: 10272]  
 - improve regex to catch local [SME: 9724]  
 - change smtpd to qpsmtpd for default service access [SME: 9478]  
 - add translation links for manager to most language variations we support [SME: 11121]  
 - prevent restoration from being called on regular and post-upgrade reboot [SME: 9550]  
 - console restoration can be launched again from console  
 - Use ip route syntax to define routes to local network [SME: 10083]  
 - Allow /32 masks on the external interface, in which case we don't  
 check if the gateway is on the correct network) [SME: 9610]  
 - fix config db locale property [SME: 9724]  
 - adapt e-smith service command to systemd [SME: 9672]  
 - add systemd skip redirect to e-smith-service [SME: 9688]  
 - fix broken link /etc/init.d/supervise/local link [SME: 9687]  
 - fix mysqld to mariadb [SME: 9438]  
 - fix missing path to chkconfig [SME: 9641]  
 - Fix deprecated syntax '*' in rsyslog [SME: 9398]  
 - Added e-smith-base-5.8.0.bz9398.DeprecatedRsyslogSyntax.patch  
 - Set the hostname by hostnamectl [SME: 9631]  
 - Stefano Zamboni <zamboni@mind-at-work.it>  
 - fix Lang and keyboard layout configured are not used [SME: 9539]  
 - Fix display of email forward fields since smtpd entry has been merged  
 qpsmtpd [SME: 9552]  
 e-smith-devtools  
 - added grub2 directories to ignore list [SME: 10325]  
 - Quote filenames in genfilelist so filenames containing spaces are correctly  
 handled [SME: 9750]  
 e-smith-grub  
 - rebuild for file ownership conflict [SME: 10325]  
 - fix edition and consol grub terminal not visible because of koozali logo [SME: 9728]  
 - enable quota for groups and users with XFS [SME: 10211]  
 - Koozali grub splash screen  
 - Write the full path for the grub Action [SME: 9668]  
 - Added e-smith-grub-2.6.1.bz9668.AddFullPath2GrubAction.patch  
 - New source [SME: 9321]  
 - Adaptation to grub2 [SME: 9321]  
 e-smith-hosts  
 - remove reference to smtpd [SME: 9478]  
 - fix servicename syslog to rsylog [SME: 9691]  
 - Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,  
 by assuming the date is correct and changing the weekday.  
 - fix mysqld to mariadb [SME: 9438]  
 e-smith-ibays  
 - fix typo thanks to Stephane de Labrusse [SME: 7011]  
 - ibay to ibays  
 - as per comment 2 of bug 0600 instead of 0700 for perms [SME: 9621]  
 - as discussed, moving cache and tmp out of ibay folder [SME: 9105] [SME: 9621]  
 - creating basedir /var/cache/e-smith/files/ibays for tmp and cache  
 - create tmp folder in ibays when needed [SME: 9105]  
 - create session folder in ibays when needed [SME: 9621]  
 - Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,  
 e-smith-lib  
 - remove reference to smtpd in configuration.conf [SME: 9478]  
 - fix console startup display [SME: 9352]  
 - fix service name syslog to rsyslog [SME: 9691]  
 - fix mysqld to mariadb [SME: 9438]  
 - Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,  
 - fix esmith::util::serviceControl to manage systemd service [SME: 9660]  
 - Added e-smith-lib-2.6.0.bz9660.serviceControlSystemd.patch  
 e-smith-mysql  
 - systemd skip redirect [SME: 9688]  
 - Corrected a typo in e-smith-mysql-2.6.0.bz9671.RemoveDummyMysqlDatabase.patch  
 - [SME: 9671]  
 - fix broken link /etc/init.d/supervise/mariadb [SME: 9686]  
 - Remove Dummy database from backup and restoration [SME: 9671]  
 - Added e-smith-mysql-2.6.0.bz9671.RemoveDummyMysqlDatabase.patch  
 - fix forgotten mysqld variables in various scripts [SME: 9438]  
 - e-smith-mysql-2.6.0-mariadb_forgotten_var.patch  
 e-smith-ntp  
 - fix wrong link to restart rsyslog [SME: 9690]  
 e-smith-proxy  
 - fix disabling smtp proxy via SM doesn't work [SME: 9639]  
 - redirect squid syslog messages to /var/log/squid/squid.log [SME: 79]  
 - Allow custom file descriptor limit, and set default to 4096 [SME: 9912]  
 e-smith-quota  
 - enable quota for groups and users with XFS [SME: 10211]  
 e-smith-runit  
 - add systemd skip redirect [SME: 9688]  
 e-smith-test  
 - remove reference to smtpd [SME: 9478]  
 - fix servicename syslog to rsyslog [SME: 9691]  
 - fix mysqld to mariadb [SME: 9438]  
 initscripts  
 - use DBUS calls directly instead of calling nmcli (bug #1422820)  
 - rhel-import-state: fix broken order of parameters  
 - import-state: copy just some attributes  
 - functions: systemctl show now returns an error when unit does not exist  
 - import-state: restore also sensitivity part of SELinux context  
 - network: run after network-pre.target  
 - ifup-eth: fix setting preferred_lft and valid_lft  
 - ipv6: wait for all global IPv6 addresses to leave the "tentative" state  
 - source_config: tell NetworkManger to load ifcfg file even for NM_CONTROLLED=no  
 - ifup-aliases: inherit ARPCHECK from parent device  
 - rhel-dmesg: don't start in containers  
 - ifup-eth: fix typo in error message (#1038776)  
 - sysctl.conf: steal comments about /usr,/etc,... from fedora's sysctl.conf  
 - rwtab: /var/lib/nfs needs to copy the files  
 - functions: improve killing loops  
 - ipcalc: detect invalid mask  
 - ifup: set valid_lft and preferred_lft to forever for static ip  
 - service: use systemd mangle for given service  
 - ifup-post: check resolve.conf also with DNS2  
 - ifdown-post: remove resolv.conf only in specific cases  
 - spec: ghost /var/log/dmesg  
 - network-functions: is_available_wait should wait even in the case that is_available returns 2  
 - autorelabel: turn quota off before relabeling  
 - autorelabel: call dracut-initramfs-restore before forced reboot  
 mod_auth_tkt  
 - fix redirection when proxy ssl [SME: 8825] [SME: 9583]  
 smeserver-release  
 - Bump new rpm for sme10 alpha2  
 - Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,  
 smeserver-support  
 - exclude samba from centos repo as we have our own with DC support [SME: 10155]  
 - improving link to donation [SME: 9598]  
 - fix hover color [SME: 9676]  
 - Koozali branding of manager [SME: 9676]  
 - new images in archive; removed old images from cvs  
 - updated some css smeserver-support-2.8.0-koozali_manager.patch  
 - reverting partly the changes in last patch [SME: 9598]  
 - wrong catch of proxy related url with the http to https changes  
 - thank to Charlie Brady for reporting  
 - Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,  
 - update links to koozali.org [SME: 9598]  
 - Template of os-release [SME: 9580]  
 smeserver-yum  
 - add rpmfusion free el7 RPM GPG KEY [SME: 10263]  
 - avoid reboot for smeserver-locale upgrade [SME: 8705]  
 - code by stefano zamboni <zamboni@mind-at-work.it>  
 - correct service names with plugin to avoid reboot [SME: 8705]  
 - code by stefano zamboni <zamboni@mind-at-work.it>  
 - fix KeyError with plugin to avoid reboot [SME: 8705]  
 - code by stefano zamboni <zamboni@mind-at-work.it>  
 - remove centos contrib repo [SME: 10156]  
 - added centos SCLo SIG gpg rpm signing key [SME: 10119]  
 - will allow to install SCL packages directly from smecontribs  
 - Added smeserver-yum-2.6.0.bz8705.avoidReboot.patch [SME: 8705]  
 - code by stefano zamboni <zamboni@mind-at-work.it>  
 - Avoid to reboot after the installation of a smeserver-* package  
 - add Remi Collet RPM GPG KEY [SME: 9903]  
 - Rpm updates can be downloaded during the night [SME: 1502]  
 - Added smeserver-yum-2.6.0.bz1502.DownloadOnly.patch  
 - Deltarpm is now a setting in the yum panel (disabled by default)  
 - Added smeserver-yum-2.6.0.bz8834.DeltaRpm.patch [SME: 8834]  
   
 On behalf of the Koozali SME Server development team  


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed