/[smeserver]/cdrom.image/sme10/README.txt
ViewVC logotype

Diff of /cdrom.image/sme10/README.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.4 by jpp, Fri Dec 28 03:33:50 2018 UTC Revision 1.5 by jpp, Wed Jun 17 02:43:09 2020 UTC
# Line 1  Line 1 
1  Koozali SME Server 10 Alpha 4 Release Notes  Koozali SME Server 10 Alpha 5 Release Notes
2  =====================================  =====================================
3    
4  These are draft only and are in a constat state of update.  These are draft only and are in a constant state of update.
5    
6  27 Dec 2018  17 Jun 2020
7    
8  The Koozali SME Server development team is pleased to announce the  The Koozali SME Server development team is pleased to announce the
9  release of SME Server 10 Alpha 4 which will be the next major release of  release of SME Server 10 Alpha 5 which will be the next major release of
10  SME Server.  SME Server.
11    
12  This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.  This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.
# Line 20  dedicated test machine and take part in Line 20  dedicated test machine and take part in
20  Some notes on Koozali SME Server 10 can be found at  Some notes on Koozali SME Server 10 can be found at
21  https://wiki.contribs.org/SME_Server_10.0_Development  https://wiki.contribs.org/SME_Server_10.0_Development
22    
23  SME10 Roadmap - Alpha 4  SME10 Roadmap - Alpha 5
24  https://wiki.contribs.org/SME10_Roadmap#SME_10_Alpha_4  https://wiki.contribs.org/SME10_Roadmap#SME_10_Alpha_5
25    
26  Bug reports and reports of potential bugs should be raised in the bug  Bug reports and reports of potential bugs should be raised in the bug
27  tracker (and only there, please);  tracker (and only there, please);
# Line 70  simply email treasurer at koozali.org Line 70  simply email treasurer at koozali.org
70  Notes  Notes
71  =====  =====
72  In-place upgrades are not supported. It is necessary to backup and then  In-place upgrades are not supported. It is necessary to backup and then
73  restore.  restore. (Remember, testing purpose only)
 (Remember, testing purpose only)  
74    
75  The spare handling for RAID arrays is not implemented.  The spare handling for RAID arrays is not implemented as yet.
76    
77  USB installs are now supported, see:  New Server-Manager Framework, Mojolicious, is now well on the way to full implementation
78  https://wiki.koozali.org/Install_From_USB  
79    USB installs are once again fully supported
80    Note: it is important to use proposed apps to create the boot media
81    See: https://wiki.koozali.org/Install_From_USB
82    
83    Netinstall is once again fully supported
84    
85    Install to a system supporting a UEFI BIOS is also now fully supported
86    
87    The work that has gone into getting SME 10 to this stage has been enormous, an attempt to list and detail the work that has been done in recent months would not do justice to the effort contributed by the following,
88    
89    thank you one and all:
90    
91    Jean Phillipe Pialasse
92    Michel Begue
93    Brian Read
94    Catton Durbrow
95    Chris Sansom-Ninnes
96    John Crisp
97    
98    there have also been many others who have done what they can, thank you:
99    
 Current installer is still branded CentOS. A kickstart script allows you  
 to go through the graphical installation process. If your disk is not  
 empty, you will need to use the Anaconda interface to format it and  
 partition it. If it is empty all is automatic. You will have to set your  
 root password twice: once during Anaconda installation (you could use a  
 lame password), a second time in the Koozali SME server configuration  
 process.  
100    
101  Major changes in this release  Major changes in this release
102  =============================  =============================
# Line 92  This release is based on CentOS 7.# Line 104  This release is based on CentOS 7.#
104    
105  Changes in this release  Changes in this release
106  =======================  =======================
107  see above and below  see above and below, to much to list
108    
109  General features  General features
110  ================  ================
# Line 106  autogenerated from the changelogs. Line 118  autogenerated from the changelogs.
118  Packages altered by Centos, Redhat, and Fedora-associated developers are  Packages altered by Centos, Redhat, and Fedora-associated developers are
119  not included.  not included.
120    
121    The changelogs are written per package, and each package is assigned a group.
122    
123  Backups  Backups
124    
125  # e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme  e-smith-backup
126  - added patch for workstation backup lock [SME: 9127]  - Added /etc/backup-data.d to backup paths
127  - code from Stefano Zamboni <zamboni@mind-at-work.it>  - Added error handling to restore using pipe pattern from perform_backup
128    - Made reboot optional after console restore
129    - Fixed bootstrap restore not activating config changes
130    - Manually added ext2 and ext3 to Block Device file system check where ext4 present
131    - updated Block Device discovery to fix recovery from console
132    - Credit to Catton Durbrow
133    
134  File Server  File Server
135    
 # e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme  
 - fix typo in  /server-resources/regedit/win10samba.reg  [SME: 10515]  
   
 # samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-winbind-modules updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-winbind-clients updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 # samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme  
 - import 4.6.2-12 [SME: 10429]  
 - change gnutls-devel >= 3.4.7 to gnutls-devel to allow build  
 - import to SME the two last upstream releases [SME: 10326]  
 - resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275  
 - resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163  
 - resolves: #1484423 - Require at least krb5 version 1.15.1  
 - resolves: #1484713 - Fix password changes for users via smbpasswd  
 - resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO  
                        returned errors  
 - resolves: #1481188 - Fix 'net ads changetrustpw'  
 - resolves: #1459936 - Fix regression with "follow symlinks = no"  
 - resolves: #1461336 - Fix smbclient username parsing  
 - resolves: #1460937 - Fix username normalization with winbind  
 - resolves: #1459179 - Fix smbclient session setup printing  
 - related: #1277999 - Add missing patchset  
 - resolves: #1431986 - Fix expand_msdfs VFS module  
136    
137  LDAP  LDAP
138    
139    e-smith-ldap
140    - New protocol default as TLSv1.2
141    New property TLSProtocolMin
142    Ciphers are now ordered with stronger first
143    
144  Localisation  Localisation
145    
 # smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme  
 - apply locale 2018-12-14 patch  
 - apply locale 2017-12-02 patch  
146    
147  Mail Server  Mail Server
148    
149  # clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme  clamav
150  - Update to 0.100.2 [SME: 10578]  - Update clamav-db as per epel last spec file
151    to add clamav-update as provides
152  # e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme  -
153  - fix undefined fqdn for pop3 [SME: 10257]  smeserver-clamav
154    - increase lower memory limit to 1GB
155  # qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme  - fix for AllowSupplementaryGroups warning
156  - add support to force spamcheck on specific IP for fetchmail [SME: 10290]  thanks to bunkobugsy
157    smeserver-dovecot
158  # smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme  - fix typo in enabling TLSv1.2 as default
159  - add forcespamcheck support for fetchmail [SME: 10290]  - fix typo in 35ssl template
160  - Log DMARC reporting in syslog instead of sending email to the admin.  - fix typo in createlinks
161    Also suppress SSL connection failed warnings [SME: 10298]  - revert property names with period in it
162    - add property AcceptFullEmail with enabled as default
163  # djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme  smeserver-qpsmtpd
164  - improve short ttl cname resolution and glueless answer from akadns [SME: 8362]  - minimum Protocol TLSv1.0
165  - 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set  QUERY_MAXLOOP 160  better ciphers order.
 --import patches from openwrt and rename already applied patches  
 --fix security issues [SME: 10374]  
 - 020-dnsroots-update.patch: update list of root DNS servers  
 - 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch  
 - 080-dnscache-cache-negatives.patch: rfc2308 ?  
 - 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch  
 - 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch  
 - 270-dnscache-sigpipe-fix.patch: SIGPIPE  
 - 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858  
 - 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392  
 - 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392  
 - 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2  
 --bug fixes [SME: 10374]  
 - 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets  
 - 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records  
 --fix issue with short ttl cname like akamaid [SME: 8362]  
 - 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch  
 - 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl  
 - 500-cutom-dnscache-maxloop.patch: set max loop to 200  
 --needed for previous patches to apply cleanly  
 - 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)  
 - 050-tinydns-mmap-leak.patch: report cdb leak  
 - 080-dnscache-cache-negatives.patch: rfc2308 ?  
 - 090-tinydns-one-second.patch: improve tinydns with 8 or more  concurent connections (for 240-*.patch)  
 - 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)  
   
 # smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme  
 - disable auto_learn by default when enabling Bayes [SME: 8160]  
 - added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and BayesAutoLearnThresholdNonSpam  
   
 # e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme  
 - Update aliases files for every groups passed as argument [SME: 10386]  
166    
167  Server manager  Server manager
168    
169  php  e-smith-formmagick
170  - load openssl configuration file on startup #1408301  - add locale for CSRF
171  - gd: fix buffer over-read into uninitialized memory CVE-2017-7890  - add CSRF patch - thank you to Daniel Berteaud
172  - fix php should provide php(httpd) #1215429  e-smith-manager
173  - fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010  perl-CGI-FormMagick
174  default value is "yes", preserving previous behaviour  - add timeout
175  - openssl: fix default_socket_timeout does not work with SSL #1378196  - update CSRF patch
176  - gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167  - add requires perl(Session::Token)
177  - gd: Signed Integer Overflow gd_io.c CVE-2016-10168  - fix add CSRF patch - thank you to Daniel Berteaud
178    
179  Webmail and Groupware  Webmail and Groupware
180    
181    smeserver-horde
182    - workaround logging noise caused by libsasl
183    - log as admin and not admin@domain for cli tasks
184    - fix ingo imap preferences
185    - allow httpd-auth for calendar, tasks access using rpc.php ...
186    - add smeserver-horde-update event
187    - avoid loss of user parameter on Primary Domain change
188    this will also avoid the loss of parameter if we log with a different virtualhost
189    horde preference is now stored with the SME username without @domain
190    - fix bad regex to strip domain
191    also we can now force Primary domain to use as default email
192    we can strip heading string from virtualhost domain to create email
193    default identity email will update as long as no other identity is created for the user
194    - fix typo in php-fpm patch
195    - remove php3 references
196    - remove strict and warning alert from error log
197    - dedicated php-fpm pool for horde
198    - apply patches from John H. Bennett III
199    - cvs admin -ko on patch1
200    
201  Web Server  Web Server
202    
203    e-smith-apache
204    - disable TLSv1 TLSv1.1 by default
205    
206  Other fixes and updates  Other fixes and updates
207    
208  # e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme  e-smith-base
209  - icleaning xinetd.conf fragment out of the package [SME: 10219]  - wildcard self-signed certificate
210  - revert previous change - wrong package  e-smith-ibays
211  - added post transaction rule for ntp [SME: 10190]  - revert patch, wrong rpm
212  - thank you to Stefano Zamboni for this work  - add support for php-fpm
213    e-smith-lib
214  # smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme  - add support for systemctl reload-or-restart, try-restart, enable -now
215  - add yum-plugin-post-transaction-actions as requirement [SME: 1100]  e-smith-ntp
216    - revert last change
217  # e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme  on sme10 systemd has ntpd disabled by default
218  - ease update of e-smith-devtools on non SME builders [SME: 10536]  e-smith-openssh
219    - add Whitelist to AutoBlock using property sshd ValidFrom
220  # smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme  - update client ciphers to use
221  - exclude libtevent,python-tevent from base and updates to avoid conflict with localy build version of samba [SME: 10573]  - add ciphers, macs and KexAlgorithms for server
222  - add back perl(LWP::Protocol::https) support  [SME: 10516]  rssh
223  - upstream samba packages were not all excluded [SME: 10428]  smeserver-release
224    - Bump new rpm for sme10 alpha5
225  # e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme  smeserver-support
226  - added post transaction rule for ntp [SME: 10190]  - obsoletes e-smith-starterwebsite
227  - thank you to Stefano Zamboni for this work  smeserver-yum
228    - avoid missing template error after removal of a rpm
229  # e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme  - restart php-fpm services when needed
230  - Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang)  - applying patch
231    [SME: 10445]  - fix NameError: global name 'yum_update_dbs' is not defined
232    - use yum-cron with autoupdate feature
233    
234    
235  On behalf of the Koozali SME Server development team  On behalf of the Koozali SME Server development team
236    - Compilation of release data is thanks to scripts developed by Ian Wells and
237       substantially improved by Jean Phillipe Pialasse


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed