1 |
Koozali SME Server 10 Alpha 2 Release |
Koozali SME Server 10 Alpha 4 Release Notes |
2 |
===================================== |
===================================== |
3 |
|
|
4 |
31 May 2017 |
These are draft only and are in a constat state of update. |
5 |
|
|
6 |
The Koozali SME Server development team is pleased to announce the release of |
27 Dec 2018 |
7 |
SME Server 10 Alpha 3 which will be the next major release of SME Server. |
|
8 |
|
The Koozali SME Server development team is pleased to announce the |
9 |
|
release of SME Server 10 Alpha 4 which will be the next major release of |
10 |
|
SME Server. |
11 |
|
|
12 |
This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. |
This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. |
13 |
|
|
14 |
*************************** |
*************************** |
15 |
Koozali SME Server users should not upgrade production servers to this release |
Koozali SME Server users should not upgrade production servers to this |
16 |
but those who can are encouraged to load the alpha to a dedicated test machine |
release but those who can are encouraged to load the alpha to a |
17 |
and take part in the testing phase. |
dedicated test machine and take part in the testing phase. |
18 |
*************************** |
*************************** |
19 |
|
|
20 |
Some notes on Koozali SME Server 10 can be found at |
Some notes on Koozali SME Server 10 can be found at |
21 |
https://wiki.contribs.org/SME_Server_10.0_Development |
https://wiki.contribs.org/SME_Server_10.0_Development |
22 |
|
|
23 |
|
SME10 Roadmap - Alpha 4 |
24 |
|
https://wiki.contribs.org/SME10_Roadmap#SME_10_Alpha_4 |
25 |
|
|
26 |
Bug reports and reports of potential bugs should be raised in the bug |
Bug reports and reports of potential bugs should be raised in the bug |
27 |
tracker (and only there, please); |
tracker (and only there, please); |
28 |
|
|
29 |
https://bugs.koozali.org/ |
https://bugs.koozali.org/ |
30 |
|
|
31 |
Download |
Download |
32 |
======== |
======== |
52 |
|
|
53 |
As such, we ask for a donation to offset costs and fund further development. |
As such, we ask for a donation to offset costs and fund further development. |
54 |
|
|
55 |
a) If you are a school, a church, a non-profit organisation or an individual |
a) If you are a school, a church, a non-profit organisation or an |
56 |
using SME Server for private purposes, we would appreciate you to contribute |
individual using SME Server for private purposes, we would appreciate |
57 |
within your means toward the costs associated with hosting, maintenance and |
you to contribute within your means toward the costs associated with |
58 |
development. |
hosting, maintenance and development. |
59 |
|
|
60 |
b) If you are a company or an integrator and you are deploying SME Server in |
b) If you are a company or an integrator and you are deploying SME |
61 |
the course of your work to generate revenue, we expect you to make a donation |
Server in the course of your work to generate revenue, we expect you to |
62 |
commensurate with the level of revenue you generate and the number of servers |
make a donation commensurate with the level of revenue you generate and |
63 |
your have in the field. Please, help the project |
the number of servers your have in the field. Please, help the project |
64 |
|
|
65 |
Please visit https://wiki.koozali.org/Donate to donate. |
Please visit https://wiki.koozali.org/Donate to donate. |
66 |
|
|
67 |
Koozali Inc is happy to supply an invoice for any donations received, |
Koozali Inc is happy to supply an invoice for any donations received, |
68 |
simply email treasurer@koozali.org |
simply email treasurer at koozali.org |
69 |
|
|
70 |
Notes |
Notes |
71 |
===== |
===== |
72 |
In-place upgrades are not supported. It is necessary to backup and then restore. |
In-place upgrades are not supported. It is necessary to backup and then |
73 |
|
restore. |
74 |
(Remember, testing purpose only) |
(Remember, testing purpose only) |
75 |
|
|
76 |
The spare handling for RAID arrays is not implemented. |
The spare handling for RAID arrays is not implemented. |
77 |
|
|
78 |
USB installs are now supported, see: https://wiki.koozali.org/Install_From_USB |
USB installs are now supported, see: |
79 |
|
https://wiki.koozali.org/Install_From_USB |
80 |
|
|
81 |
Current installer is still branded CentOS. A kickstart script allows you to go through the graphical installation process. If your disk is not empty, you will need to use the Anaconda interface to format it and partition it. If it is empty all is automatic. You will have to set your root password twice: once during Anaconda installation (you could use a lame password), a second time in the Koozali SME server configuration process. |
Current installer is still branded CentOS. A kickstart script allows you |
82 |
|
to go through the graphical installation process. If your disk is not |
83 |
|
empty, you will need to use the Anaconda interface to format it and |
84 |
|
partition it. If it is empty all is automatic. You will have to set your |
85 |
|
root password twice: once during Anaconda installation (you could use a |
86 |
|
lame password), a second time in the Koozali SME server configuration |
87 |
|
process. |
88 |
|
|
89 |
Major changes in this release |
Major changes in this release |
90 |
============================= |
============================= |
91 |
This release is based on CentOS 7 |
This release is based on CentOS 7.# |
92 |
|
|
93 |
Changes in this release |
Changes in this release |
94 |
======================= |
======================= |
95 |
see above |
see above and below |
96 |
|
|
97 |
General features |
General features |
98 |
================ |
================ |
99 |
- Based on CentOS 7.2.1511 and all available updates |
- Based on CentOS 7.6.1810 and all available updates |
100 |
|
|
101 |
Detailed changes in this release |
Detailed changes in this release |
102 |
======================= |
======================= |
103 |
Only the changes since SME Server 10 Alpha2 are listed, mainly |
Only the changes since SME Server 10 Alpha3 are listed, mainly |
104 |
autogenerated from the changelogs. |
autogenerated from the changelogs. |
105 |
|
|
106 |
Packages altered by Centos, Redhat, and Fedora-associated developers are |
Packages altered by Centos, Redhat, and Fedora-associated developers are |
107 |
not included. |
not included. |
108 |
|
|
|
General features - Based on CentOS 7.2.1511 and all available updates |
|
|
|
|
109 |
Backups |
Backups |
110 |
|
|
111 |
e-smith-backup |
# e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme |
112 |
- added lock during backup to avoid multiple instance running [SME: 9127] |
- added patch for workstation backup lock [SME: 9127] |
113 |
- code from Stefano Zamboni <zamboni@mind-at-work.it> |
- code from Stefano Zamboni <zamboni@mind-at-work.it> |
|
- added support back to ext2 and ext3 [SME: 9299] |
|
|
- fix removable device detection [SME: 9299] |
|
|
- console restoration can be launched again from console [SME: 9550] |
|
|
- fixed bug on the dar catalog when backups are not added in it [SME: 9563] |
|
|
- Added e-smith-backup-2.6.0.bz9563.UpdateDarCatalogFollowingBackups.patch |
|
|
- Remove the dar exclusion message in the email if there is no exclusion. |
|
|
- Modified e-smith-backup-2.6.0.Do_Dar_Exclusion.patch [SME: 9633] |
|
|
- Added two commented files backup.{include,exclude} in /etc/backup-data.d |
|
|
- Modified e-smith-backup-2.6.0.Add_Or_Remove_Path_In_Backup.patch [SME: 9607] |
|
|
- Add or remove path in your backup by a file *.include and *.exclude |
|
|
- Added e-smith-backup-2.6.0.Add_Or_Remove_Path_In_Backup.patch [SME: 9607] |
|
|
- Test if the remote host (cifs/nfs) is up, else save and display a warning. |
|
|
- Added e-smith-backup-2.6.0.bz9090.Testing_the_remote_host_parameters.patch [SME: 9090] |
|
|
- The 'tar backup to desktop' of the backup panel takes consideration of exclusion |
|
|
- Added e-smith-backup-2.6.0.Do_Tar_Exclusion_In_Panel.patch [SME: 9635] |
|
|
- The 'dar workstation backup' of the backup panel takes consideration of exclusion |
|
|
- Added e-smith-backup-2.6.0.Do_Dar_Exclusion.patch [SME: 9633] |
|
|
- The 'tar backup' of the console takes consideration of exclusion and display a page with the exclusion content |
|
|
- e-smith-backup-2.6.0.Do_Tar_Exclusion_In_the_console.patch [SME: 9635] |
|
114 |
|
|
115 |
File Server |
File Server |
116 |
|
|
117 |
e-smith-proftpd |
# e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
118 |
- fix typos [SME: 6804] |
- fix typo in /server-resources/regedit/win10samba.reg [SME: 10515] |
|
- set default as required |
|
|
- NB: client must be set as active connection, not passive |
|
|
- updated patch for certificate chain |
|
|
- Thanks to Daniel Berteaud |
|
|
- Adding TLS support to proftp configuration [SME: 6804] |
|
|
- default is enabled but not required, only TLSv1.1 and v1.2 |
|
|
e-smith-samba |
|
|
- fix outlook error code 0x8004011c [SME: 10169] |
|
|
- when setting up and email account on a win10 computer joined to a domain (with roaming profiles) |
|
|
- add systemd skip redirect [SME: 9688] |
|
|
- Fix deprecated syntax '~' in rsyslog [SME: 9398] |
|
|
- added e-smith-samba-2.6.0.bz9398.DeprecatedRsyslogSyntaxSamba.patch |
|
|
proftpd |
|
|
- AllowChrootSymlinks off could cause login failures depending on filesystem |
|
|
permissions: use the IDs of the logging-in user to perform the directory |
|
|
walk, looking for symlinks, to be more consistent with similar checks done |
|
|
during login (#1443507, upstream bug 4306) |
|
|
- Crypt::CrackLib always available now |
|
|
- Update to 1.3.5e |
|
|
- SFTP clients using umac-64@openssh.com digest failed to connect |
|
|
(upstream bug 4287) |
|
|
- SFTP rekeying failure with ProFTPD 1.3.5d, caused by null pointer |
|
|
dereference (upstream bug 4288) |
|
|
- AllowChrootSymlinks off did not check entire DefaultRoot path for symlinks |
|
|
(CVE-2017-7418, upstream bug 4295) |
|
|
- Change shellbangs in shipped perl scripts to use system perl |
|
|
- Drop EL-5 support |
|
|
- Drop BuildRoot: and Group: tags |
|
|
- Drop explicit buildroot cleaning in %install section |
|
|
- Drop explicit %clean section |
|
|
- /etc/pam.d/password-auth always available now |
|
|
- pcre 7.0 or later always available now |
|
|
- Properly allocate (and clear) the UMAC contexts, to fix segfault in mod_sftp |
|
|
(#1420365, upstream bug 4287) |
|
|
- Update to 1.3.5d |
|
|
- Support OpenSSL 1.1.x API (upstream bug 4275) |
|
|
Bug fixes: |
|
|
- SSH rekey during authentication can cause issues with clients |
|
|
(upstream bug 4254) |
|
|
- Recursive SCP uploads of multiple directories not handled properly |
|
|
(upstream bug 4257) |
|
|
- LIST returns different results for file, depending on path syntax |
|
|
(upstream bug 4259) |
|
|
- "AuthAliasOnly on" in server config breaks anonymous logins |
|
|
(upstream bug 4255) |
|
|
- CapabilitiesEngine directive not honored for <IfUser>/<IfGroup> sections |
|
|
(upstream bug 4272) |
|
|
- Memory leak when mod_facl is used (upstream bug 4278) |
|
|
- All FTP logins treated as anonymous logins again (upstream bug 4283, |
|
|
regression in 1.3.5c of upstream bug 3307) |
|
|
- Handle client/server version skew in mod_sql_mysql |
|
|
(https://forums.proftpd.org/smf/index.php?topic=11887.0) |
|
|
- Fix a possible cause of segfaults in mod_sftp (#1337880, upstream bug 4203) |
|
|
- See if we can fix crash in mod_lang |
|
|
- BR: perl-generators for correct dependencies in utils sub-package |
|
|
- Prefer %global over %define |
|
119 |
|
|
120 |
LDAP |
# samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
121 |
|
# samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
122 |
|
# samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
123 |
|
# samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
124 |
|
# samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
125 |
|
# samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
126 |
|
# samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
127 |
|
# samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
128 |
|
# samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
129 |
|
# samba-winbind-modules updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
130 |
|
# samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
131 |
|
# samba-winbind-clients updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
132 |
|
# libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
133 |
|
# samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
134 |
|
# libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
135 |
|
# samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
136 |
|
- import 4.6.2-12 [SME: 10429] |
137 |
|
- change gnutls-devel >= 3.4.7 to gnutls-devel to allow build |
138 |
|
- import to SME the two last upstream releases [SME: 10326] |
139 |
|
- resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275 |
140 |
|
- resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 |
141 |
|
- resolves: #1484423 - Require at least krb5 version 1.15.1 |
142 |
|
- resolves: #1484713 - Fix password changes for users via smbpasswd |
143 |
|
- resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO |
144 |
|
returned errors |
145 |
|
- resolves: #1481188 - Fix 'net ads changetrustpw' |
146 |
|
- resolves: #1459936 - Fix regression with "follow symlinks = no" |
147 |
|
- resolves: #1461336 - Fix smbclient username parsing |
148 |
|
- resolves: #1460937 - Fix username normalization with winbind |
149 |
|
- resolves: #1459179 - Fix smbclient session setup printing |
150 |
|
- related: #1277999 - Add missing patchset |
151 |
|
- resolves: #1431986 - Fix expand_msdfs VFS module |
152 |
|
|
153 |
e-smith-ldap |
LDAP |
|
- Disable SSLv3, but keep the possibility to enable it again [SME: 10108] |
|
|
- Better default cipher suite, and honor global suite [SME: 10108] |
|
|
- systemd skip redirect [SME: 9688] |
|
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, |
|
154 |
|
|
155 |
Localisation |
Localisation |
156 |
|
|
157 |
smeserver-locale |
# smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme |
158 |
- apply 2017-04-26 translation patch [SME: 10252] |
- apply locale 2018-12-14 patch |
159 |
- updated donate patch to correct location https://wiki.koozali.org/Donate [SME: 9595] |
- apply locale 2017-12-02 patch |
|
- applied smeserver-locale-2.6.0-locale-2017-03-03 |
|
|
- Added translations smeserver-locale-2.6.0-locale-2016-07-17.patch |
|
|
- fix wrongly converted http to https in |
|
|
- URL starting with http:// or ftp:// |
|
|
- fix path to documentations (wiki) [SME: 9595] |
|
|
- convert all koozali url to https |
|
|
- change http://www.smeserver.org\donate to https://wiki.koozali.org/donate [SME: 9595] |
|
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, |
|
|
- change contribs.org to koozali.org [SME: 9595] |
|
160 |
|
|
161 |
Mail Server |
Mail Server |
162 |
|
|
163 |
e-smith-email |
# clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme |
164 |
- fix webmail status not displaying correctly in manager [SME: 9594] |
- Update to 0.100.2 [SME: 10578] |
165 |
- More change from smtpd to qpsmtpd in masq templates [SME: 9561] |
|
166 |
- Replace smtpd with qpsmtpd in smtp-auth-proxy [SME: 9554] |
# e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme |
167 |
e-smith-pop3 |
- fix undefined fqdn for pop3 [SME: 10257] |
168 |
- Honor ConcurrencyLimit and ConcurrencyLimitPerIP prop for pop3 and pop3s |
|
169 |
[SME: 10271] |
# qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme |
170 |
e-smith-qmail |
- add support to force spamcheck on specific IP for fetchmail [SME: 10290] |
171 |
- Add possibility to exclude users or members of other groups from group |
|
172 |
email address [SME: 9523] |
# smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme |
173 |
qmail |
- add forcespamcheck support for fetchmail [SME: 10290] |
174 |
- added documentation [SME: 9705] |
- Log DMARC reporting in syslog instead of sending email to the admin. |
175 |
- added binaries ipmetest et ipmeprint to help configuration |
Also suppress SSL connection failed warnings [SME: 10298] |
176 |
- add moreip to avoid loop [SME: 9705] |
|
177 |
- patch from Scott Gifford |
# djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme |
178 |
- remove qmail-0.0.0.0.patch as it is included |
- improve short ttl cname resolution and glueless answer from akadns [SME: 8362] |
179 |
- Consider literal <> as null sender [SME: 9884] |
- 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set QUERY_MAXLOOP 160 |
180 |
qpsmtpd |
--import patches from openwrt and rename already applied patches |
181 |
- Removed Message-Id validation, as it rejects MS account validation email [SME: 10139] |
--fix security issues [SME: 10374] |
182 |
- fix whitelist plugin to support helo with naughty rejecting at mail stage [SME: 10112] |
- 020-dnsroots-update.patch: update list of root DNS servers |
183 |
- Validate domains found in uribl with Data::Validate::Domain [SME: 9467] |
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch |
184 |
- Use eval to fetch dkim policies, prevent fatal errors in case of DNS |
- 080-dnscache-cache-negatives.patch: rfc2308 ? |
185 |
timeout [SME: 9480] |
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch |
186 |
- Remove karma rcpt handling (buggy and doesn't make a lot of sense) |
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch |
187 |
[SME: 9462] |
- 270-dnscache-sigpipe-fix.patch: SIGPIPE |
188 |
qpsmtpd-plugins |
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858 |
189 |
- remove whitelit_soft [SME: 10126] |
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392 |
190 |
smeserver-dovecot |
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392 |
191 |
- Better default cipher suite, and honor global suite [SME: 10110] |
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2 |
192 |
smeserver-qpsmtpd |
--bug fixes [SME: 10374] |
193 |
- Turn DMARC reporting off by default [SME: 10303] |
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets |
194 |
- update patch smeserver-qpsmtpd-2.6.0-smtpd_to_qpsmtpd.patch [SME: 9478] |
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records |
195 |
- Greeting property was still attached to smtpd in a template |
--fix issue with short ttl cname like akamaid [SME: 8362] |
196 |
- updated regex for RBL and SBL in smeserver-qpsmtpd-2.6.0-change_rbl_sbl_list_separator.patch |
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch |
197 |
- to take into account list using a subdomain [SME: 10123] |
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl |
198 |
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, |
- 500-cutom-dnscache-maxloop.patch: set max loop to 200 |
199 |
- Turn SPF and DMARC rejects off by default [SME: 9664] |
--needed for previous patches to apply cleanly |
200 |
- Fix disabling DMARC reporting [SME: 9206] |
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch) |
201 |
- Add missing tnef2mime and MaximumDateOffset to qpsmtpd [SME: 9560] |
- 050-tinydns-mmap-leak.patch: report cdb leak |
202 |
smeserver-spamassassin |
- 080-dnscache-cache-negatives.patch: rfc2308 ? |
203 |
- Rewrite spamd run script to add support for --allow-tell [SME: 10137] |
- 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch) |
204 |
|
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch) |
205 |
|
|
206 |
|
# smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme |
207 |
|
- disable auto_learn by default when enabling Bayes [SME: 8160] |
208 |
|
- added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and BayesAutoLearnThresholdNonSpam |
209 |
|
|
210 |
|
# e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme |
211 |
|
- Update aliases files for every groups passed as argument [SME: 10386] |
212 |
|
|
213 |
Server manager |
Server manager |
214 |
|
|
|
e-smith-manager |
|
|
- add a panel to ease reporting bugs [SME: 8783] |
|
|
- Original work from Mats Schuh m.schuh@neckargeo.net |
|
|
- fix warning uninitialized value in lc [SME: 10209] |
|
|
- fix typo in e-smith-manager-2.8.0-bz10167-emptyback.patch |
|
|
- avoid internal server error if empty back parameter [SME: 10167] |
|
|
- return user friendly message |
|
|
- fix too short timeout in server-manager [SME: 9921] |
|
|
- now 30 min as default instead of 5 |
|
|
- possibility to change this and adapt the default 0.66 of timeout remaining to reset it |
|
|
- by default only a session cookie, can activate persistent cookie |
|
|
- sha256 as encryption. |
|
|
- fix bad redirection parameter that might reveal session information to remote site [SME: 9924] |
|
|
- added missing template-begin for tkt.css [SME: 9676] |
|
|
- Update server-manager to Koozali branding [SME: 9676] |
|
|
- We thanks John Crisp for his wonderful work. |
|
|
- change link for donation to koozali.org [SME: 9599] |
|
|
- Fix syntax for removing Indexes options [SME: 9587] |
|
|
- Remove index option for manager's resources [SME: 9587] |
|
|
- fix 307 redirection to http when https is used [SME: 8825] [SME: 9583] |
|
|
- update syntaxe for TKT Auth |
|
|
- bump 8 for typo |
|
|
- Fix a syntax error in server-manager's logout script [SME: 9527] |
|
|
e-smith-starterwebsite |
|
|
- fix can't chownfile index file [SME: 9900] |
|
|
perl-CGI-FormMagick |
|
|
- fix uninitialized value $what_to_make in lc [SME: 10210] |
|
215 |
php |
php |
216 |
- bz2: fix improper error handling in bzread() CVE-2016-5399 |
- load openssl configuration file on startup #1408301 |
217 |
- gd: fix integer overflow in _gd2GetHeader() resulting in |
- gd: fix buffer over-read into uninitialized memory CVE-2017-7890 |
218 |
heap overflow CVE-2016-5766 |
- fix php should provide php(httpd) #1215429 |
219 |
- gd: fix integer overflow in gdImagePaletteToTrueColor() |
- fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010 |
220 |
resulting in heap overflow CVE-2016-5767 |
default value is "yes", preserving previous behaviour |
221 |
- mbstring: fix double free in _php_mb_regex_ereg_replace_exec |
- openssl: fix default_socket_timeout does not work with SSL #1378196 |
222 |
CVE-2016-5768 |
- gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 |
223 |
- don't set environmental variable based on user supplied Proxy |
- gd: Signed Integer Overflow gd_io.c CVE-2016-10168 |
|
request header CVE-2016-5385 |
|
|
- fix segmentation fault in header_register_callback #1344578 |
|
|
- curl: add options to enable TLS #1291667 |
|
|
- mysqli: fix segfault in mysqli_stmt::bind_result() when |
|
|
link is closed #1096800 |
|
|
- fpm: fix incorrectly defined SCRIPT_NAME variable when |
|
|
using Apache #1138563 |
|
|
- core: fix segfault when a zend_extension is loaded twice #1289457 |
|
|
- openssl: change default_md algo from MD5 to SHA1 #1073388 |
|
|
- wddx: fix segfault in php_wddx_serialize_var #1131979 |
|
|
- session: fix segfault in session with rfc1867 #1297179 |
|
224 |
|
|
225 |
Webmail and Groupware |
Webmail and Groupware |
226 |
|
|
|
|
|
227 |
Web Server |
Web Server |
228 |
|
|
|
e-smith-php |
|
|
- clean daily session and tmp folders [SME: 9626] |
|
|
- updated path for ibays' session and tmp folders to /var/cache |
|
|
- add tmp folder to ibays [SME: 7011] |
|
|
- add session folder to ibays [SME: 9620] |
|
|
- change global session folder from /tmp to /var/lib/php/session/ [SME: 139] |
|
|
|
|
229 |
Other fixes and updates |
Other fixes and updates |
230 |
|
|
231 |
e-smith-base |
# e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme |
232 |
- Expand route-bond0 when nic bonding is enabled [SME: 10272] |
- icleaning xinetd.conf fragment out of the package [SME: 10219] |
233 |
- improve regex to catch local [SME: 9724] |
- revert previous change - wrong package |
234 |
- change smtpd to qpsmtpd for default service access [SME: 9478] |
- added post transaction rule for ntp [SME: 10190] |
235 |
- add translation links for manager to most language variations we support [SME: 11121] |
- thank you to Stefano Zamboni for this work |
236 |
- prevent restoration from being called on regular and post-upgrade reboot [SME: 9550] |
|
237 |
- console restoration can be launched again from console |
# smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme |
238 |
- Use ip route syntax to define routes to local network [SME: 10083] |
- add yum-plugin-post-transaction-actions as requirement [SME: 1100] |
239 |
- Allow /32 masks on the external interface, in which case we don't |
|
240 |
check if the gateway is on the correct network) [SME: 9610] |
# e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
241 |
- fix config db locale property [SME: 9724] |
- ease update of e-smith-devtools on non SME builders [SME: 10536] |
242 |
- adapt e-smith service command to systemd [SME: 9672] |
|
243 |
- add systemd skip redirect to e-smith-service [SME: 9688] |
# smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme |
244 |
- fix broken link /etc/init.d/supervise/local link [SME: 9687] |
- exclude libtevent,python-tevent from base and updates to avoid conflict with localy build version of samba [SME: 10573] |
245 |
- fix mysqld to mariadb [SME: 9438] |
- add back perl(LWP::Protocol::https) support [SME: 10516] |
246 |
- fix missing path to chkconfig [SME: 9641] |
- upstream samba packages were not all excluded [SME: 10428] |
247 |
- Fix deprecated syntax '*' in rsyslog [SME: 9398] |
|
248 |
- Added e-smith-base-5.8.0.bz9398.DeprecatedRsyslogSyntax.patch |
# e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme |
249 |
- Set the hostname by hostnamectl [SME: 9631] |
- added post transaction rule for ntp [SME: 10190] |
250 |
- Stefano Zamboni <zamboni@mind-at-work.it> |
- thank you to Stefano Zamboni for this work |
251 |
- fix Lang and keyboard layout configured are not used [SME: 9539] |
|
252 |
- Fix display of email forward fields since smtpd entry has been merged |
# e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
253 |
qpsmtpd [SME: 9552] |
- Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang) |
254 |
e-smith-devtools |
[SME: 10445] |
255 |
- added grub2 directories to ignore list [SME: 10325] |
|
|
- Quote filenames in genfilelist so filenames containing spaces are correctly |
|
|
handled [SME: 9750] |
|
|
e-smith-grub |
|
|
- rebuild for file ownership conflict [SME: 10325] |
|
|
- fix edition and consol grub terminal not visible because of koozali logo [SME: 9728] |
|
|
- enable quota for groups and users with XFS [SME: 10211] |
|
|
- Koozali grub splash screen |
|
|
- Write the full path for the grub Action [SME: 9668] |
|
|
- Added e-smith-grub-2.6.1.bz9668.AddFullPath2GrubAction.patch |
|
|
- New source [SME: 9321] |
|
|
- Adaptation to grub2 [SME: 9321] |
|
|
e-smith-hosts |
|
|
- remove reference to smtpd [SME: 9478] |
|
|
- fix servicename syslog to rsylog [SME: 9691] |
|
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, |
|
|
by assuming the date is correct and changing the weekday. |
|
|
- fix mysqld to mariadb [SME: 9438] |
|
|
e-smith-ibays |
|
|
- fix typo thanks to Stephane de Labrusse [SME: 7011] |
|
|
- ibay to ibays |
|
|
- as per comment 2 of bug 0600 instead of 0700 for perms [SME: 9621] |
|
|
- as discussed, moving cache and tmp out of ibay folder [SME: 9105] [SME: 9621] |
|
|
- creating basedir /var/cache/e-smith/files/ibays for tmp and cache |
|
|
- create tmp folder in ibays when needed [SME: 9105] |
|
|
- create session folder in ibays when needed [SME: 9621] |
|
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, |
|
|
e-smith-lib |
|
|
- remove reference to smtpd in configuration.conf [SME: 9478] |
|
|
- fix console startup display [SME: 9352] |
|
|
- fix service name syslog to rsyslog [SME: 9691] |
|
|
- fix mysqld to mariadb [SME: 9438] |
|
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, |
|
|
- fix esmith::util::serviceControl to manage systemd service [SME: 9660] |
|
|
- Added e-smith-lib-2.6.0.bz9660.serviceControlSystemd.patch |
|
|
e-smith-mysql |
|
|
- systemd skip redirect [SME: 9688] |
|
|
- Corrected a typo in e-smith-mysql-2.6.0.bz9671.RemoveDummyMysqlDatabase.patch |
|
|
- [SME: 9671] |
|
|
- fix broken link /etc/init.d/supervise/mariadb [SME: 9686] |
|
|
- Remove Dummy database from backup and restoration [SME: 9671] |
|
|
- Added e-smith-mysql-2.6.0.bz9671.RemoveDummyMysqlDatabase.patch |
|
|
- fix forgotten mysqld variables in various scripts [SME: 9438] |
|
|
- e-smith-mysql-2.6.0-mariadb_forgotten_var.patch |
|
|
e-smith-ntp |
|
|
- fix wrong link to restart rsyslog [SME: 9690] |
|
|
e-smith-proxy |
|
|
- fix disabling smtp proxy via SM doesn't work [SME: 9639] |
|
|
- redirect squid syslog messages to /var/log/squid/squid.log [SME: 79] |
|
|
- Allow custom file descriptor limit, and set default to 4096 [SME: 9912] |
|
|
e-smith-quota |
|
|
- enable quota for groups and users with XFS [SME: 10211] |
|
|
e-smith-runit |
|
|
- add systemd skip redirect [SME: 9688] |
|
|
e-smith-test |
|
|
- remove reference to smtpd [SME: 9478] |
|
|
- fix servicename syslog to rsyslog [SME: 9691] |
|
|
- fix mysqld to mariadb [SME: 9438] |
|
|
initscripts |
|
|
- use DBUS calls directly instead of calling nmcli (bug #1422820) |
|
|
- rhel-import-state: fix broken order of parameters |
|
|
- import-state: copy just some attributes |
|
|
- functions: systemctl show now returns an error when unit does not exist |
|
|
- import-state: restore also sensitivity part of SELinux context |
|
|
- network: run after network-pre.target |
|
|
- ifup-eth: fix setting preferred_lft and valid_lft |
|
|
- ipv6: wait for all global IPv6 addresses to leave the "tentative" state |
|
|
- source_config: tell NetworkManger to load ifcfg file even for NM_CONTROLLED=no |
|
|
- ifup-aliases: inherit ARPCHECK from parent device |
|
|
- rhel-dmesg: don't start in containers |
|
|
- ifup-eth: fix typo in error message (#1038776) |
|
|
- sysctl.conf: steal comments about /usr,/etc,... from fedora's sysctl.conf |
|
|
- rwtab: /var/lib/nfs needs to copy the files |
|
|
- functions: improve killing loops |
|
|
- ipcalc: detect invalid mask |
|
|
- ifup: set valid_lft and preferred_lft to forever for static ip |
|
|
- service: use systemd mangle for given service |
|
|
- ifup-post: check resolve.conf also with DNS2 |
|
|
- ifdown-post: remove resolv.conf only in specific cases |
|
|
- spec: ghost /var/log/dmesg |
|
|
- network-functions: is_available_wait should wait even in the case that is_available returns 2 |
|
|
- autorelabel: turn quota off before relabeling |
|
|
- autorelabel: call dracut-initramfs-restore before forced reboot |
|
|
mod_auth_tkt |
|
|
- fix redirection when proxy ssl [SME: 8825] [SME: 9583] |
|
|
smeserver-release |
|
|
- Bump new rpm for sme10 alpha2 |
|
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, |
|
|
smeserver-support |
|
|
- exclude samba from centos repo as we have our own with DC support [SME: 10155] |
|
|
- improving link to donation [SME: 9598] |
|
|
- fix hover color [SME: 9676] |
|
|
- Koozali branding of manager [SME: 9676] |
|
|
- new images in archive; removed old images from cvs |
|
|
- updated some css smeserver-support-2.8.0-koozali_manager.patch |
|
|
- reverting partly the changes in last patch [SME: 9598] |
|
|
- wrong catch of proxy related url with the http to https changes |
|
|
- thank to Charlie Brady for reporting |
|
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, |
|
|
- update links to koozali.org [SME: 9598] |
|
|
- Template of os-release [SME: 9580] |
|
|
smeserver-yum |
|
|
- add rpmfusion free el7 RPM GPG KEY [SME: 10263] |
|
|
- avoid reboot for smeserver-locale upgrade [SME: 8705] |
|
|
- code by stefano zamboni <zamboni@mind-at-work.it> |
|
|
- correct service names with plugin to avoid reboot [SME: 8705] |
|
|
- code by stefano zamboni <zamboni@mind-at-work.it> |
|
|
- fix KeyError with plugin to avoid reboot [SME: 8705] |
|
|
- code by stefano zamboni <zamboni@mind-at-work.it> |
|
|
- remove centos contrib repo [SME: 10156] |
|
|
- added centos SCLo SIG gpg rpm signing key [SME: 10119] |
|
|
- will allow to install SCL packages directly from smecontribs |
|
|
- Added smeserver-yum-2.6.0.bz8705.avoidReboot.patch [SME: 8705] |
|
|
- code by stefano zamboni <zamboni@mind-at-work.it> |
|
|
- Avoid to reboot after the installation of a smeserver-* package |
|
|
- add Remi Collet RPM GPG KEY [SME: 9903] |
|
|
- Rpm updates can be downloaded during the night [SME: 1502] |
|
|
- Added smeserver-yum-2.6.0.bz1502.DownloadOnly.patch |
|
|
- Deltarpm is now a setting in the yum panel (disabled by default) |
|
|
- Added smeserver-yum-2.6.0.bz8834.DeltaRpm.patch [SME: 8834] |
|
256 |
|
|
257 |
On behalf of the Koozali SME Server development team |
On behalf of the Koozali SME Server development team |