1 |
Koozali SME Server 10 Alpha 4 Release Notes |
Koozali SME Server 10 Final Release Notes "Justine" |
2 |
===================================== |
============================================ |
3 |
|
|
4 |
These are draft only and are in a constat state of update. |
07 June 2021 |
|
|
|
|
27 Dec 2018 |
|
5 |
|
|
6 |
The Koozali SME Server development team is pleased to announce the |
The Koozali SME Server development team is pleased to announce the |
7 |
release of SME Server 10 Alpha 4 which will be the next major release of |
release of SME Server 10 Final which will be the next major release of |
8 |
SME Server. |
SME Server. Code named "Justine" |
9 |
|
|
10 |
This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. |
This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. |
11 |
|
|
12 |
*************************** |
********************************************************** |
13 |
Koozali SME Server users should not upgrade production servers to this |
Koozali SME Server users should not upgrade production servers to this. |
14 |
release but those who can are encouraged to load the alpha to a |
Those with test servers are encouraged to load the release to a |
15 |
dedicated test machine and take part in the testing phase. |
dedicated test machine and take part in the testing phase. |
16 |
*************************** |
********************************************************** |
17 |
|
|
18 |
Some notes on Koozali SME Server 10 can be found at |
Some notes on Koozali SME Server 10 can be found at |
19 |
https://wiki.contribs.org/SME_Server_10.0_Development |
https://wiki.contribs.org/SME_Server_10.0_Development |
20 |
|
|
21 |
SME10 Roadmap - Alpha 4 |
SME10 Roadmap - |
22 |
https://wiki.contribs.org/SME10_Roadmap#SME_10_Alpha_4 |
https://wiki.contribs.org/SME10_Roadmap#SME_10_Final |
23 |
|
|
24 |
Bug reports and reports of potential bugs should be raised in the bug |
Bug reports and reports of potential bugs should be raised in the bug |
25 |
tracker (and only there, please); |
tracker (and only there, please); |
26 |
|
|
27 |
https://bugs.koozali.org/ |
https://bugs.koozali.org/ |
28 |
|
|
29 |
|
Copy of releaase notes may be found here: |
30 |
|
https://lists.contribs.org/pipermail/updatesannounce/ |
31 |
|
|
32 |
Download |
Download |
33 |
======== |
======== |
34 |
You can download SME Server 10 from |
You can download SME Server 10 from |
35 |
https://mirror.koozali.org/smeserver/releases/testing/10/ |
https://mirror.koozali.org/smeserver/releases/testing/10/ |
36 |
or for other methods see https://wiki.koozali.org/SME_Server:Download |
or for other methods see: |
37 |
|
https://wiki.koozali.org/SME_Server:Download |
38 |
|
|
39 |
Please note it may take up to 48 hours for mirrors to finish syncing, |
Please note it may take up to 48 hours for mirrors to finish syncing, |
40 |
during this time you may experience problems. |
during this time you may experience problems. |
73 |
===== |
===== |
74 |
In-place upgrades are not supported. It is necessary to backup and then |
In-place upgrades are not supported. It is necessary to backup and then |
75 |
restore. |
restore. |
|
(Remember, testing purpose only) |
|
76 |
|
|
77 |
The spare handling for RAID arrays is not implemented. |
Restore of a sme9 console or workstation backup is now fully supported, there |
78 |
|
are cautions to be aware of and followed. |
79 |
|
|
80 |
|
Single disk install no longer creates a degraded Raid1 array, Two or more disks |
81 |
|
will be created as a Raid1-6 array, see wiki https://wiki.contribs.org/Raid |
82 |
|
|
83 |
|
The spare handling for RAID arrays is now implemented. |
84 |
|
|
85 |
|
Support for further Raid configuration on install is now implemented - see wiki |
86 |
|
|
87 |
|
New Server-Manager Framework, Mojolicious, is now well on the way to full implementation |
88 |
|
|
89 |
|
USB installs are once again fully supported, |
90 |
|
Note: it is important to use recommended apps to create the boot media |
91 |
|
See: https://wiki.koozali.org/Install_From_USB |
92 |
|
|
93 |
|
Netinstall is once again fully supported, additional repos easily added |
94 |
|
|
95 |
USB installs are now supported, see: |
Install to a system supporting a UEFI BIOS is also now fully supported |
|
https://wiki.koozali.org/Install_From_USB |
|
96 |
|
|
97 |
Current installer is still branded CentOS. A kickstart script allows you |
Console backup, and workstation backup to removable storages is now fully supported. |
98 |
to go through the graphical installation process. If your disk is not |
|
99 |
empty, you will need to use the Anaconda interface to format it and |
Koozali templating is now fully inegrated with systemd |
100 |
partition it. If it is empty all is automatic. You will have to set your |
|
101 |
root password twice: once during Anaconda installation (you could use a |
An enormouse number other under the hood changes, far to numerous to list here |
102 |
lame password), a second time in the Koozali SME server configuration |
|
103 |
process. |
The work that has gone into getting SME 10 to this stage has been enormous, an attempt to list |
104 |
|
and detail the work that has been done in recent months would not do justice to the effort |
105 |
|
contributed by the following, |
106 |
|
|
107 |
|
thank you one and all: |
108 |
|
|
109 |
|
Jean Phillipe Pialasse |
110 |
|
Michel Begue |
111 |
|
Brian Read |
112 |
|
Catton Durbrow |
113 |
|
Chris Sansom-Ninnes |
114 |
|
Jean-pierre Odion |
115 |
|
Zsolt Vasarhelyi |
116 |
|
John Crisp |
117 |
|
Terry Fage |
118 |
|
|
119 |
|
there have also been many others who have done what they can, thank you: |
120 |
|
|
121 |
|
The changes that have been implemented to ensure the Koozali Sme Server way is fully implemented |
122 |
|
have been far reaching, far to many to try and list, suffice to say long live "Justine". |
123 |
|
|
124 |
Major changes in this release |
Major changes in this release |
125 |
============================= |
============================= |
127 |
|
|
128 |
Changes in this release |
Changes in this release |
129 |
======================= |
======================= |
130 |
see above and below |
see above and below, too much to list |
131 |
|
|
132 |
General features |
General features |
133 |
================ |
================ |
134 |
- Based on CentOS 7.6.1810 and all available updates |
- Based on CentOS 7.9.2009 and all available updates |
135 |
|
|
136 |
Detailed changes in this release |
Detailed changes in this release |
137 |
======================= |
======================= |
138 |
Only the changes since SME Server 10 Alpha3 are listed, mainly |
Only the changes since SME Server 10 RC1 are listed, mainly autogenerated from the changelogs. |
|
autogenerated from the changelogs. |
|
139 |
|
|
140 |
Packages altered by Centos, Redhat, and Fedora-associated developers are |
Packages altered by Centos, Redhat, and Fedora-associated developers are not included. |
|
not included. |
|
141 |
|
|
142 |
Backups |
The changelogs are written per package |
143 |
|
|
144 |
# e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme |
SME built or modified packages - ChangeLogs |
|
- added patch for workstation backup lock [SME: 9127] |
|
|
- code from Stefano Zamboni <zamboni@mind-at-work.it> |
|
145 |
|
|
146 |
File Server |
10 June 2021 |
147 |
|
|
148 |
# e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
Backups |
149 |
- fix typo in /server-resources/regedit/win10samba.reg [SME: 10515] |
flexbackup |
150 |
|
- fix package version and release 1.2.1-6.4 |
151 |
|
- new source from debian packages repos 1.2.1-6.4 |
152 |
|
- convert initial release |
153 |
|
- remove /usr/share/lintian directory |
154 |
|
- add convert script to doc directory |
155 |
|
- add debian changelog to doc directory |
156 |
|
|
157 |
# samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
File Server |
158 |
# samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
e-smith-proftpd |
159 |
# samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- restart proftpd on ssl-update [SME: 11603] |
160 |
# samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- cleanup in /etc/rc.d [SME: 9692] |
161 |
# samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- redirect log away from message [SME: 11384] |
162 |
# samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- fix circular Conflict with proftpd [SME: 11357] |
163 |
# samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- improve protect from proftpd.service running [SME: 11106] |
164 |
# samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- protect from proftpd.service running in place of ftp.service [SME: 11106] |
165 |
# samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- remove system-preset file from usr [SME: 10958] |
166 |
# samba-winbind-modules updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- SSL crt and key to self signed if path does not exist [SME: 11316] |
167 |
# samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- add Requires=runit.service [SME: 11245] |
168 |
# samba-winbind-clients updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- execute systemd-reload before service adjust in events [SME: 11228] |
169 |
# libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- remove S95reset-unsavedflag [SME: 11229] |
170 |
# samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- Remove ftp from 'init.d/supervise' [SME: 11106] [SME: 11150] |
171 |
# libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- Move ftp service to systemd [SME: 11106] |
172 |
# samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- Create e-smith-proftpd-update event [SME: 11150] |
173 |
- import 4.6.2-12 [SME: 10429] |
|
174 |
- change gnutls-devel >= 3.4.7 to gnutls-devel to allow build |
e-smith-samba |
175 |
- import to SME the two last upstream releases [SME: 10326] |
- netlogon.bat +x [SME: 11566] |
176 |
- resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275 |
- add possibility to reenable allow execute always on ibays homes or everywhere [SME: 11555] |
177 |
- resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 |
- fix double entries for min protocol [SME: 11558] |
178 |
- resolves: #1484423 - Require at least krb5 version 1.15.1 |
- clean rsyslog syntax for smbd and nmbd [SME: 11422] |
179 |
- resolves: #1484713 - Fix password changes for users via smbpasswd |
- fix noise in message log from nmbd and smbd redirected to dedicated logs [SME: 11349] |
180 |
- resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO |
- allow using user-create-profiledir action with temp or package-update events [SME: 11348] |
181 |
returned errors |
- fix log noise for smb.service [SME: 11157] |
182 |
- resolves: #1481188 - Fix 'net ads changetrustpw' |
- add Restart=always [SME: 11118] |
183 |
- resolves: #1459936 - Fix regression with "follow symlinks = no" |
- add Restart=always [SME: 11117] |
184 |
- resolves: #1461336 - Fix smbclient username parsing |
- migrate nmbd to systemd [SME: 11118] |
185 |
- resolves: #1460937 - Fix username normalization with winbind |
- migrate smbd to systemd [SME: 11117] |
186 |
- resolves: #1459179 - Fix smbclient session setup printing |
create generik smb.service service |
187 |
- related: #1277999 - Add missing patchset |
- create e-smith-samba-update event [SME: 11157] |
188 |
- resolves: #1431986 - Fix expand_msdfs VFS module |
- Fix mutex locking [SME: 11199] |
189 |
|
- Fix pid directory [SME: 11198] |
190 |
|
- Add /etc/krb5.conf as template using templates from smeserver-samba [SME: 11093] |
191 |
|
- remove win98pwdcache.reg from server-resources [SME: 9060] |
192 |
|
- set min server and client protocol SMB2 [SME: 10576] |
193 |
|
add check so max always greater than min |
194 |
|
- add port 445 if min server protocol is SMB2 or SMB3 [SME: 10963] |
195 |
|
|
196 |
LDAP |
LDAP |
197 |
|
e-smith-ldap |
198 |
|
- fix wrong path for templates.metadata [SME: 11595] |
199 |
|
- use template for ssl pem [SME: 11595] |
200 |
|
- fix ldap failing to start on initial boot [SME: 11480] |
201 |
|
- fix wrong alias to ldap.init [SME: 11301] |
202 |
|
- add -update event [SME: 11140] |
203 |
|
- move ldap to systemd [SME: 11099] |
204 |
|
- move ldap.init to systemd [SME: 11096] |
205 |
|
- New protocol default as TLSv1.2 [SME: 10936] |
206 |
|
New property TLSProtocolMin |
207 |
|
Ciphers are now ordered with stronger first |
208 |
|
|
209 |
Localisation |
Localisation |
210 |
|
smeserver-locale |
211 |
# smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme |
- apply local 2021-05-12.patch [SME: 11593] |
212 |
- apply locale 2018-12-14 patch |
- apply local 2021-01-09.patch [SME: 11310] |
213 |
- apply locale 2017-12-02 patch |
- apply local 2019-12-07.patch |
214 |
|
|
215 |
Mail Server |
Mail Server |
216 |
|
djbdns |
217 |
# clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme |
- import modification from SME9 [SME: 11548] |
|
- Update to 0.100.2 [SME: 10578] |
|
|
|
|
|
# e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme |
|
|
- fix undefined fqdn for pop3 [SME: 10257] |
|
|
|
|
|
# qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme |
|
|
- add support to force spamcheck on specific IP for fetchmail [SME: 10290] |
|
|
|
|
|
# smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme |
|
|
- add forcespamcheck support for fetchmail [SME: 10290] |
|
|
- Log DMARC reporting in syslog instead of sending email to the admin. |
|
|
Also suppress SSL connection failed warnings [SME: 10298] |
|
|
|
|
|
# djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme |
|
218 |
- improve short ttl cname resolution and glueless answer from akadns [SME: 8362] |
- improve short ttl cname resolution and glueless answer from akadns [SME: 8362] |
219 |
- 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set QUERY_MAXLOOP 160 |
- 500-cutom-dnscache-maxloop.patch: set QUERY_MAXLEVEL 5 QUERY_MAXLOOP 500 QUERY_MAXNS 16 [SME: 10300] |
|
--import patches from openwrt and rename already applied patches |
|
|
--fix security issues [SME: 10374] |
|
|
- 020-dnsroots-update.patch: update list of root DNS servers |
|
|
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch |
|
|
- 080-dnscache-cache-negatives.patch: rfc2308 ? |
|
|
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch |
|
|
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch |
|
|
- 270-dnscache-sigpipe-fix.patch: SIGPIPE |
|
|
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858 |
|
|
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392 |
|
|
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392 |
|
|
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2 |
|
|
--bug fixes [SME: 10374] |
|
|
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets |
|
|
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records |
|
|
--fix issue with short ttl cname like akamaid [SME: 8362] |
|
|
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch |
|
|
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl |
|
|
- 500-cutom-dnscache-maxloop.patch: set max loop to 200 |
|
|
--needed for previous patches to apply cleanly |
|
|
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch) |
|
|
- 050-tinydns-mmap-leak.patch: report cdb leak |
|
|
- 080-dnscache-cache-negatives.patch: rfc2308 ? |
|
|
- 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch) |
|
|
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch) |
|
|
|
|
|
# smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme |
|
|
- disable auto_learn by default when enabling Bayes [SME: 8160] |
|
|
- added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and BayesAutoLearnThresholdNonSpam |
|
220 |
|
|
221 |
# e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme |
e-smith-email |
222 |
- Update aliases files for every groups passed as argument [SME: 10386] |
- add new RAR file signatures to default mailpatterns database [SME: 11265] |
223 |
|
- webmail is only SSL [SME: 11443] |
224 |
|
- create -update event [SME: 11133] |
225 |
|
- move smtp-auth-proxy to systemd [SME: 11102] |
226 |
|
- allow creation of pseudonyms with setting of local only [SME: 3802] |
227 |
|
|
228 |
|
qmail |
229 |
|
- add remote tls transport for qmail-remote [SME: 9349] |
230 |
|
- updated release number higher than SME9 |
231 |
|
- now TLS and EHLO are defined to allow proper compilation |
232 |
|
- add DEBUG flag for the moment to help configuring -DDEBUG=1 |
233 |
|
|
234 |
|
smeserver-clamav |
235 |
|
- fix typo and missing +x [SME: 11520] |
236 |
|
- fix issues with non epel standard scan.conf [SME: 11520] |
237 |
|
move clamd.conf to scan.conf |
238 |
|
remove alias for clamtop |
239 |
|
add a wrapper for clamdscan to force --fdpass |
240 |
|
- ease use of clamdtop [SME: 11313] |
241 |
|
- fix Transaction check error [SME: 11311] |
242 |
|
- add pid folder /run/clamd/ [SME: 11103] |
243 |
|
few improvements |
244 |
|
- create update event [SME: 11162] |
245 |
|
- Updated to use 0.103+ from EPEL [SME: 11194] |
246 |
|
- Updated to use systemd for clamd [SME: 11103] |
247 |
|
- Updated to use systemd for freshclam [SME: 11104] |
248 |
|
- increase lower memory limit to 1GB [SME: 10833] |
249 |
|
- fix for AllowSupplementaryGroups warning [SME: 10813] |
250 |
|
thanks to bunkobugsy |
251 |
|
|
252 |
|
smeserver-dovecot |
253 |
|
- ssl pem update via template expand in place of copy [SME: 11601] |
254 |
|
- clean rsyslog syntax for dovecot [SME: 11422] |
255 |
|
- add Restart=always [SME: 11101] |
256 |
|
- fix path for event -update [SME: 11101] |
257 |
|
- cleanup /var/service/dovecot [SME: 11101] |
258 |
|
close logger and service from previous runit instance before starting systemd one |
259 |
|
- add systemd drop-in expand in bootstrap-console-save, console-save, post-install, post-upgrade [SME: 11101] |
260 |
|
- move service to systemd [SME: 11101] |
261 |
|
- add imap idle notify interval setting [SME: 10947] |
262 |
|
- fix typo in enabling TLSv1.2 as default [SME: 10934] |
263 |
|
- fix typo in 35ssl template [SME: 10934] |
264 |
|
- fix typo in createlinks [SME: 10932] |
265 |
|
- revert property names with period in it [SME: 10934] |
266 |
|
- add property AcceptFullEmail with enabled as default [SME: 9865] |
267 |
|
|
268 |
|
smeserver-qpsmtpd |
269 |
|
- update depreacted reject_threshold to reject [SME: 11492] |
270 |
|
- remove /usr/lib/systemd/system-preset/80-koozali-qpsmtpd.preset [SME: 10958] |
271 |
|
- modify for clamav 0.103.0 [SME: 11210] |
272 |
|
- roll up patches |
273 |
|
- add Requires=runit.service (qpsmtpd & sqpsmtpd) [SME: 11245] |
274 |
|
- fix service not enabled [SME: 11107] |
275 |
|
remove reset-unsavedflag |
276 |
|
- Move qpsmtpd & sqpsmtpd services to systemd [SME: 11107] |
277 |
|
- Create smeserver-qpsmtpd-update event [SME: 11164] |
278 |
|
- expand badrcptto_ext when needed [SME: 10638] |
279 |
|
this avoid user, group or pseudonyms for internal purpose to be reachable |
280 |
|
from outside |
281 |
|
- minimum Protocol TLSv1.0 [SME: 10460] |
282 |
|
better ciphers order. |
283 |
|
|
284 |
|
smeserver-spamassassin |
285 |
|
- prevent noise in log at spamassassin call from qpsmtpd [SME: 11491] |
286 |
|
- clean rsyslog syntax for spamd [SME: 11422] |
287 |
|
- remove warning while trying to delete file when missing in post script [SME: 11375] |
288 |
|
- remove spamd reference as service use spamassassin.service [SME: 11375] |
289 |
|
migrate spamd propertie SpamLearning to spamassassin |
290 |
|
template for /etc/sysconfig/spamassassin, revert --allow-tell option |
291 |
|
stop spamassassin spamd and delete /etc/systemd/system/spamassassin.service link if exists |
292 |
|
- fix typo [SME: 11361] |
293 |
|
- fix spamd unable to load [SME: 11361] |
294 |
|
- redirect spamd loging to spamd.log instead of message [SME: 11362] |
295 |
|
- add requires DCC as we have built it [SME: 11065] |
296 |
|
- fix smeserver-spamassassin-update event fix [SME: 11166] |
297 |
|
- Start systemd migration. Remove symlinks [SME: 11224] |
298 |
|
- remove refresh clam as this will be provided by clamav |
299 |
|
- require spamassassin 3.4.4 + |
300 |
|
|
301 |
Server manager |
Server manager |
302 |
|
e-smith-formmagick |
303 |
php |
- fix wrong PATH which makes fail grub reconfiguration [SME: 11556] |
304 |
- load openssl configuration file on startup #1408301 |
- increase CSRF timeout from 120s to 180s [SME: 10902] |
305 |
- gd: fix buffer over-read into uninitialized memory CVE-2017-7890 |
added property httpd-admin{csrfTimeout} in second to override |
306 |
- fix php should provide php(httpd) #1215429 |
added hability to ovarride the Timeout from panel to panel |
307 |
- fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010 |
- add update event [SME: 11136] |
308 |
default value is "yes", preserving previous behaviour |
- add locale for CSRF [SME: 10626] |
309 |
- openssl: fix default_socket_timeout does not work with SSL #1378196 |
- add CSRF patch [SME: 10626] - thank you to Daniel Berteaud |
|
- gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 |
|
|
- gd: Signed Integer Overflow gd_io.c CVE-2016-10168 |
|
310 |
|
|
311 |
Webmail and Groupware |
Webmail and Groupware |
312 |
|
smeserver-horde |
313 |
|
- fix missing call to perl module emsith::php [SME: 11489] |
314 |
|
- clean rsyslog syntax for horde [SME: 11422] |
315 |
|
- improved php basedir, with filtering of noise for gpg [SME: 10945] |
316 |
|
- force SSL for horde [SME: 11443] |
317 |
|
- fix horde not honoring switch to php-fpm 5.4 [SME: 11433] |
318 |
|
- update mail settings for the php-pool [SME: 11431] |
319 |
|
- spamd SpamLearning property migrated to spamassassin SpamLearning [SME: 11376] |
320 |
|
- Configuration is not up to date, hash to update [SME: 11308] |
321 |
|
- fix wrong template path for php55, php56 and php [SME: 11255] |
322 |
|
- fix webmail not accessible after enabling from manager [SME: 11233] |
323 |
|
- update rsyslog syntax [SME: 11016] |
324 |
|
move fragment so syntax is similar to message |
325 |
|
- remove harcoded ports [SME: 10969] |
326 |
|
- add gpg to php base dir [SME: 10945] |
327 |
|
- workaround logging noise caused by libsasl [SME: 10943] |
328 |
|
- log as admin and not admin@domain for cli tasks [SME: 10910] |
329 |
|
- fix ingo imap preferences [SME: 10912] |
330 |
|
- allow httpd-auth for calendar, tasks access using rpc.php ... [SME: 10908] |
331 |
|
- add smeserver-horde-update event [SME: 10909] |
332 |
|
- avoid loss of user parameter on Primary Domain change [SME: 1005] |
333 |
|
this will also avoid the loss of parameter if we log with a different virtualhost |
334 |
|
horde preference is now stored with the SME username without @domain |
335 |
|
- fix bad regex to strip domain [SME: 10224] |
336 |
|
also we can now force Primary domain to use as default email |
337 |
|
we can strip heading string from virtualhost domain to create email |
338 |
|
default identity email will update as long as no other identity is created for the user |
339 |
|
- fix typo in php-fpm patch [SME: 10872] |
340 |
|
- remove php3 references [SME: 10866] |
341 |
|
- remove strict and warning alert from error log [SME: 10823] |
342 |
|
- dedicated php-fpm pool for horde [SME: 10872] |
343 |
|
- apply patches from John H. Bennett III [SME: 10717] |
344 |
|
- cvs admin -ko on patch1 |
345 |
|
|
346 |
Web Server |
Web Server |
347 |
|
e-smith-apache |
348 |
|
- add possibility to force https on LAN only [SME: 11511] |
349 |
|
usefull for VPN over port 443 |
350 |
|
- prevent httpd to fail if modSSL defined certs does not exist [SME: 10826] |
351 |
|
default on self generated cert |
352 |
|
- create-update event [SME: 11123] |
353 |
|
- move httpd-e-smith to systemd [SME: 11111] |
354 |
|
changed sigusr1 used in events to reload as defined in the unit file |
355 |
|
- give a logger to httpd-e-smith : journald [SME: 1416] |
356 |
|
- set default SSLStrictSNIVHostCheck to off [SME: 8693] |
357 |
|
- add SNI support for individual certificates per VirtualHosts [SME: 8693] |
358 |
|
- port 80 and 443 should not be hardcoded [SME: 9192] |
359 |
|
- e-smith-apache removing hardcoded ports [SME: 10966] |
360 |
|
- remove php3 and php4 refs [SME: 10867] |
361 |
|
- disable TLSv1 TLSv1.1 by default [SME: 10459] |
362 |
|
|
363 |
Other fixes and updates |
Other fixes and updates |
364 |
|
e-smith-base |
365 |
|
- add local domains in self signed cert alt subjects [SME: 11624] |
366 |
|
add local hosts in self signed cert alt subjects |
367 |
|
modSSL property to disable hosts domains addition : AddDomains AddHosts |
368 |
|
default is enabled when empty |
369 |
|
- fix missing export [SME: 11620] |
370 |
|
- fix issue with adding new user to the ldap db [SME: 11607] |
371 |
|
- always renew self signed certificate [SME: 11552] |
372 |
|
update key / crt if not signed with the right key size |
373 |
|
default to self signed if custom cert and key are not files or not rigth type |
374 |
|
add perl module to help handle certificates and keys |
375 |
|
TODO: check if both key and cert are related, if not default to self signed |
376 |
|
- fix openssl.conf not generated when openldap field are empty [SME: 11569] |
377 |
|
- fix missing path to systemctl for add-wants [SME: 11537] |
378 |
|
- merge dhcpdmanager custom template fragments with core [SME: 10657] |
379 |
|
- remove templates-custom previously owned by a contrib [SME: 11508] |
380 |
|
they got migrated as part as normal backup restore |
381 |
|
- fix masq failing on initial boot [SME: 11479] |
382 |
|
- removing weekly cron for ddns update, targeted script has been removed [SME: 11470] |
383 |
|
- revert e-smith-service file [SME: 9692] |
384 |
|
- add systemctl wrapper [SME: 11345] |
385 |
|
- clean rsyslog syntax for dhcpd [SME: 11422] |
386 |
|
- cleanup /etc/rc.d and /var/service [SME: 9692] |
387 |
|
- remove klogd references [SME: 11363] |
388 |
|
- restore part of pptp code and move to generik vpn entry [SME: 11374] |
389 |
|
- drop dyndns core support [SME: 11415] |
390 |
|
- fix enabled service not started on reboot [SME: 11355] |
391 |
|
unless a power outage, as long as you reboot, halt or shutdown systemd will |
392 |
|
be in sync |
393 |
|
- fix console::startup run twice [SME: 11358 ] |
394 |
|
- improve run order in systemd-default [SME: 11356] |
395 |
|
- fix uninitialized value during post-install [SME: 11350] |
396 |
|
- fix user with rssh shell need to be member of rsshusers group [SME: 9155] |
397 |
|
- add missing /sbin/e-smith/bootstrap-runlevel7 [SME: 11318] |
398 |
|
- fix typo for isolate [SME: 11246] |
399 |
|
- separate bootstrap-console from run level service launch [SME: 11318] |
400 |
|
- only run isolate if sme-server.target is not active [SME: 11246] |
401 |
|
- update system-preset usr/lib file [SME: 10958] |
402 |
|
- fix loss of httpd basic auth [SME: 11309] |
403 |
|
- fix services starting when they are in Wants= for sme-server.target and preset disabled [SME: 11247] |
404 |
|
- rewrite of manageRAID.pl and add_drive_to_raid for SME10 [SME: 10918] |
405 |
|
- added gdisk as a dependency to support GPT systems |
406 |
|
- fix modSSL key crt and keychain files really exist [SME: 11252] |
407 |
|
- add ldap.init as exception for preset |
408 |
|
- fix init-accounts [SME: 9642] |
409 |
|
- validate modSSL key crt and keychain files really exist [SME: 11252] |
410 |
|
if not we use self generated |
411 |
|
- drop pptpd support [SME: 11250] |
412 |
|
- add bash-completion [SME: 11244] |
413 |
|
- improve local service to systemd [SME: 11119] |
414 |
|
now run rc.local file as part of the event |
415 |
|
- move local service to systemd [SME: 11119] |
416 |
|
make it run /etc/rc.d/rc.local |
417 |
|
cleaning /var/service/syslog still there |
418 |
|
- workaround drop-in install section ignored by systemctl preset [SME: 11231] |
419 |
|
some cleanup |
420 |
|
- remove S95reset-unsavedflag [SME: 11229] |
421 |
|
- add exclusion for lpd [SME: 11006] |
422 |
|
- execute systemd-reload before service adjust in events [SME: 11228] |
423 |
|
- fix ExecStart for raidmonitor [SME: 11094] |
424 |
|
- fix permission for /sbin/e-smith/systemd/mdmonitor-pre [SME: 11094] |
425 |
|
- Don't ask for confirmation to save changes on first install configuration [SME: 11193] |
426 |
|
- Fix RAID detection regex for disk redundancy screen [SME: 10918] |
427 |
|
- add Install part of systemd unit [SME: 11100] |
428 |
|
- move dhcpd to systemd [SME: 11100] |
429 |
|
- get dhcpd log out of message [SME: 2408] |
430 |
|
also configure logrotate for /var/log/dhcpd/dhcpd.log and /var/log/dhcpd/current |
431 |
|
- reverte previous changes for service2adjust and util.pm [SME: 11177] |
432 |
|
files are owned by e-smith-lib |
433 |
|
- allow more systemctl controls [SME: 11177] |
434 |
|
convert unrecognized signals from service2adjust in events for systemd |
435 |
|
handle unsupervised services the same way supervised were in adjust-services |
436 |
|
make service-status only log when service disabled and not fail it |
437 |
|
- add template for /etc/systemd/system-preset/49koozali.preset [SME: 11174] |
438 |
|
|
439 |
|
e-smith-devtools |
440 |
|
- netlogon.bat +x [SME: 11566] |
441 |
|
- add update event [SME: 11126] |
442 |
|
|
443 |
|
e-smith-domains |
444 |
|
- setup dns services on domain creation and other events [SME: 10115] |
445 |
|
- avoid encoding of utf strings in domain table [SME: 11391] |
446 |
|
this will mess with some languages |
447 |
|
- Create e-smith-domains-update event [SME: 11128] |
448 |
|
|
449 |
|
e-smith-grub |
450 |
|
- set missing locale if update-grub called by server-manager [SME: 11559] |
451 |
|
- fix unable to boot on a non xfs root filesystem [SME: 11365] |
452 |
|
- cleanup remove /boot/grub dir [SME: 11354] |
453 |
|
- Add support for EFI systems [SME: 10998] |
454 |
|
- add update event [SME: 11137] |
455 |
|
|
456 |
|
e-smith-lib |
457 |
|
- update copyright dates, and make it easier to change from spec file [SME: 11570] |
458 |
|
- partial revert of signals [SME: 11177] |
459 |
|
signal s not passed to runit services (dnscache*, qmail, qpsmtpd...) |
460 |
|
services handled by systemd crash if they do not have Restart=always defined |
461 |
|
- add support for signals SIG* with systemd [SME: 11177] |
462 |
|
fix typo for reload-or-try-restart |
463 |
|
unsupervised services: really stop when disabled and start stopped enabled ones |
464 |
|
- remove error when sending sighup event [SME: 11177] |
465 |
|
- allow more systemctl controls [SME: 11177] |
466 |
|
convert unrecognized signals from service2adjust in events for systemd |
467 |
|
handle unsupervised services the same way supervised were in adjust-services |
468 |
|
- create e-smith-lib-event [SME: 11141] |
469 |
|
- add support for systemctl reload-or-restart, try-restart, enable -now [SME: 10848] |
470 |
|
|
471 |
|
e-smith-nutUPS |
472 |
|
- fix start ordering nut.service [SME: 11488] |
473 |
|
- fix ExecStartPre path for /usr/lib/tmpfiles.d/nut-run.conf [SME: 11488] |
474 |
|
- fix ExecStartPre path for nut.service [SME: 11488] |
475 |
|
- fix template path for monitor [SME: 9423] |
476 |
|
- Fix preset line endings in 49-koozali.preset [SME: 11215] |
477 |
|
- add update event to avoid reboot [SME: 11146] |
478 |
|
- adapt nut UPS for systemd [SME: 9423] |
479 |
|
|
480 |
|
e-smith-packetfilter |
481 |
|
- fix dropin file not expanded on initial installation [SME: 11528] |
482 |
|
- fix noise on logrotate, doing a restart instead of reload [SME: 11451] |
483 |
|
- move ulogd to systemd [SME: 11426] |
484 |
|
- require ulogd 2 [SME: 11426] |
485 |
|
- remove pptpd last references [SME: 11420] |
486 |
|
- remove /usr/lib/systemd/system-preset/80-koozali-packetfilter.preset [SME: 10958] |
487 |
|
- drop pptpd support [SME: 11251] |
488 |
|
- launch masq using systemd unit [SME: 11089] |
489 |
|
- create event to avoid reboot on update [SME: 11122] |
490 |
|
|
491 |
|
e-smith-radiusd |
492 |
|
- remove services2adjust in bootstrap-console-save event, this put systemd in a loop [SME: 11602] |
493 |
|
- ssl pem using template in place of copy [SME: 11602] |
494 |
|
- radiusd needs ldap started before [SME: 11302] |
495 |
|
- add Restart=always [SME: 11113] |
496 |
|
change group of pem file to radiusd |
497 |
|
- create -update event [SME: 11155] |
498 |
|
- move radiusd to systemd {SME: 11113] |
499 |
|
remove noise from spec file |
500 |
|
- fix server restartting with virtual_server error [SME: 10853] |
501 |
|
|
502 |
|
smeserver-release |
503 |
|
- Bump new rpm for sme 10.0 final |
504 |
|
- Bump new rpm for sme10 release candidate 1 |
505 |
|
- updating release number everywhere [SME: 11366] |
506 |
|
- Bump release to 1 as buildsys believe 1.alpha5 is newer than 0.beta1 [SME: 11317] |
507 |
|
- Bump new rpm for sme10 beta1 [SME: 11317] |
508 |
|
- add update event [SME: 11165] |
509 |
|
- Bump new rpm for sme10 alpha5 |
510 |
|
|
511 |
|
smeserver-support |
512 |
|
- fix copyright date and make it easier to update from spec file [SME: 11568] |
513 |
|
- fix typo and wording [SME: 11535] |
514 |
|
- add update event [SME: 11167] |
515 |
|
- revert update of samba using upstream CentOS repo [SME: 11196] |
516 |
|
- obsoletes e-smith-starterwebsite [SME: 8903] |
517 |
|
|
518 |
|
smeserver-yum |
519 |
|
- no reboot needed for systemd-python [SME: 11609] |
520 |
|
- fix services stop on removal [SME: 11510] |
521 |
|
- run navigation-conf when a panel is installed [SME: 11507] |
522 |
|
- migrate back to normal CentOS mirrors after el6 EOL [SME: 11477] |
523 |
|
- version 2 with |
524 |
|
deleting yum{eolversion} if for previous release or not yet eol |
525 |
|
better handling of conditions |
526 |
|
- avoid reboot on removal of smeserver-* rpms [SME: 11458] |
527 |
|
- navigation-conf when a panel is installed |
528 |
|
- fix wrong path for rsyslog.conf [SME: 11364] |
529 |
|
- remove noise in yum process "overriding all signals, forcing restart" [SME: 11372] |
530 |
|
- packages installed logged both in yum.log and message [SME: 11364] |
531 |
|
- set priority to 10 for remi-safe [SME: 11360] |
532 |
|
- fix poor handling of service adjusting and action order [SME: 11300] |
533 |
|
now a temp event is created |
534 |
|
also better logging, better handling of update vs removal |
535 |
|
- make yum dbs service fork [SME: 11243] |
536 |
|
now smeserver.py plugin call the service |
537 |
|
yum-modify can use the service restart |
538 |
|
yum.service is its own service, not called by local.service |
539 |
|
- move yum upate db service to systemd [SME: 11180] |
540 |
|
- fix -update events not runt on package upgrade [SME: 11184] |
541 |
|
lower noise on forced restart |
542 |
|
- fix switch to vault BaseURL for CentOS [SME: 11227] |
543 |
|
- add remi-safe as base repo [SME: 11179] |
544 |
|
- smeserver-yum-update event created [SME: 11168] |
545 |
|
- fix separate action before template, and after service [SME: 11175] |
546 |
|
run all actions with post-upgrade as default event |
547 |
|
- fix some templates not expanded [SME: 11121] |
548 |
|
- fix smeserver.py not executing action because of wrong path [SME: 11047] |
549 |
|
- fix error when key absent of a dict of smeserver plugin at clean stage [SME: 10931] |
550 |
|
- avoid missing template error after removal of a rpm [SME: 10846] |
551 |
|
- restart php-fpm services when needed [SME: 10873] |
552 |
|
- applying patch [SME: 10690] |
553 |
|
- fix NameError: global name 'yum_update_dbs' is not defined [SME: 6940] |
554 |
|
- use yum-cron with autoupdate feature [SME: 10690] |
555 |
|
|
556 |
|
These are either not SME modified Packages, or are kernel mods. |
557 |
|
clamav |
558 |
|
libprelude |
559 |
|
sendmail |
560 |
|
|
561 |
# e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme |
The changelogs are written per package On behalf of the Koozali SME Server development team |
562 |
- icleaning xinetd.conf fragment out of the package [SME: 10219] |
- Compilation of release data is thanks to scripts developed by Ian Wells and substantially improved by Jean Phillipe Pialasse |
|
- revert previous change - wrong package |
|
|
- added post transaction rule for ntp [SME: 10190] |
|
|
- thank you to Stefano Zamboni for this work |
|
|
|
|
|
# smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme |
|
|
- add yum-plugin-post-transaction-actions as requirement [SME: 1100] |
|
|
|
|
|
# e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
|
|
- ease update of e-smith-devtools on non SME builders [SME: 10536] |
|
|
|
|
|
# smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme |
|
|
- exclude libtevent,python-tevent from base and updates to avoid conflict with localy build version of samba [SME: 10573] |
|
|
- add back perl(LWP::Protocol::https) support [SME: 10516] |
|
|
- upstream samba packages were not all excluded [SME: 10428] |
|
|
|
|
|
# e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme |
|
|
- added post transaction rule for ntp [SME: 10190] |
|
|
- thank you to Stefano Zamboni for this work |
|
|
|
|
|
# e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
|
|
- Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang) |
|
|
[SME: 10445] |
|
|
|
|
563 |
|
|
564 |
On behalf of the Koozali SME Server development team |
Terry Fage |