1 |
Koozali SME Server 10 Alpha 4 Release Notes |
Koozali SME Server 10 Release Candidate 1 Release Notes "Justine" |
2 |
===================================== |
============================================ |
3 |
|
These are draft only and are in a constant state of update. |
4 |
These are draft only and are in a constat state of update. |
|
5 |
|
19 Mar 2021 |
6 |
27 Dec 2018 |
|
7 |
|
The Koozali SME Server development team is pleased to announce the |
8 |
The Koozali SME Server development team is pleased to announce the |
release of SME Server 10 RC 1 which will be the next major release of |
9 |
release of SME Server 10 Alpha 4 which will be the next major release of |
SME Server. Code named "Justine" |
10 |
SME Server. |
|
11 |
|
This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. |
12 |
This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. |
|
13 |
|
********************************************************** |
14 |
*************************** |
Koozali SME Server users should not upgrade production servers to this |
15 |
Koozali SME Server users should not upgrade production servers to this |
release but those who can are encouraged to load the release to a |
16 |
release but those who can are encouraged to load the alpha to a |
dedicated test machine and take part in the testing phase. |
17 |
dedicated test machine and take part in the testing phase. |
********************************************************** |
18 |
*************************** |
|
19 |
|
Some notes on Koozali SME Server 10 can be found at |
20 |
Some notes on Koozali SME Server 10 can be found at |
https://wiki.contribs.org/SME_Server_10.0_Development |
21 |
https://wiki.contribs.org/SME_Server_10.0_Development |
|
22 |
|
SME10 Roadmap - RC 1 |
23 |
SME10 Roadmap - Alpha 4 |
https://wiki.contribs.org/SME10_Roadmap#SME_10_RC_1 |
24 |
https://wiki.contribs.org/SME10_Roadmap#SME_10_Alpha_4 |
|
25 |
|
Bug reports and reports of potential bugs should be raised in the bug |
26 |
Bug reports and reports of potential bugs should be raised in the bug |
tracker (and only there, please); |
27 |
tracker (and only there, please); |
|
28 |
|
https://bugs.koozali.org/ |
29 |
https://bugs.koozali.org/ |
|
30 |
|
Copy of releaase notes may be found here: |
31 |
Download |
https://lists.contribs.org/pipermail/updatesannounce/2021-March/ |
32 |
======== |
|
33 |
You can download SME Server 10 from |
Download |
34 |
https://mirror.koozali.org/smeserver/releases/testing/10/ |
======== |
35 |
or for other methods see https://wiki.koozali.org/SME_Server:Download |
You can download SME Server 10 from |
36 |
|
https://mirror.koozali.org/smeserver/releases/testing/10/ |
37 |
Please note it may take up to 48 hours for mirrors to finish syncing, |
or for other methods see: |
38 |
during this time you may experience problems. |
https://wiki.koozali.org/SME_Server:Download |
39 |
|
|
40 |
About SME Server |
Please note it may take up to 48 hours for mirrors to finish syncing, |
41 |
================ |
during this time you may experience problems. |
42 |
SME Server is the leading Linux distribution for small and medium |
|
43 |
enterprises. SME Server is brought to you by Koozali Foundation, Inc., |
About SME Server |
44 |
a non-profit corporation that exists to provide marketing and legal support |
================ |
45 |
for SME Server. |
SME Server is the leading Linux distribution for small and medium |
46 |
|
enterprises. SME Server is brought to you by Koozali Foundation, Inc., |
47 |
SME Server is freely available under the GNU General Public License and |
a non-profit corporation that exists to provide marketing and legal support |
48 |
is only possible through the efforts of the SME Server community. |
for SME Server. |
49 |
|
|
50 |
However, the availability and quality of SME Server is dependent on |
SME Server is freely available under the GNU General Public License and |
51 |
meeting our expenses, such as hosting costs, server hardware, etc. |
is only possible through the efforts of the SME Server community. |
52 |
|
|
53 |
As such, we ask for a donation to offset costs and fund further development. |
However, the availability and quality of SME Server is dependent on |
54 |
|
meeting our expenses, such as hosting costs, server hardware, etc. |
55 |
a) If you are a school, a church, a non-profit organisation or an |
|
56 |
individual using SME Server for private purposes, we would appreciate |
As such, we ask for a donation to offset costs and fund further development. |
57 |
you to contribute within your means toward the costs associated with |
|
58 |
hosting, maintenance and development. |
a) If you are a school, a church, a non-profit organisation or an |
59 |
|
individual using SME Server for private purposes, we would appreciate |
60 |
b) If you are a company or an integrator and you are deploying SME |
you to contribute within your means toward the costs associated with |
61 |
Server in the course of your work to generate revenue, we expect you to |
hosting, maintenance and development. |
62 |
make a donation commensurate with the level of revenue you generate and |
|
63 |
the number of servers your have in the field. Please, help the project |
b) If you are a company or an integrator and you are deploying SME |
64 |
|
Server in the course of your work to generate revenue, we expect you to |
65 |
Please visit https://wiki.koozali.org/Donate to donate. |
make a donation commensurate with the level of revenue you generate and |
66 |
|
the number of servers your have in the field. Please, help the project |
67 |
Koozali Inc is happy to supply an invoice for any donations received, |
|
68 |
simply email treasurer at koozali.org |
Please visit https://wiki.koozali.org/Donate to donate. |
69 |
|
|
70 |
Notes |
Koozali Inc is happy to supply an invoice for any donations received, |
71 |
===== |
simply email treasurer at koozali.org |
72 |
In-place upgrades are not supported. It is necessary to backup and then |
|
73 |
restore. |
Notes |
74 |
(Remember, testing purpose only) |
===== |
75 |
|
In-place upgrades are not supported. It is necessary to backup and then |
76 |
The spare handling for RAID arrays is not implemented. |
restore. (Remember, testing purpose only), |
77 |
|
|
78 |
USB installs are now supported, see: |
Restore of a sme9 console or workstation backup is now fully supported |
79 |
https://wiki.koozali.org/Install_From_USB |
|
80 |
|
Single disk install no longer creates a degraded Raid1 array, Two or more disks |
81 |
Current installer is still branded CentOS. A kickstart script allows you |
will be created as a Raid1-6 array, see wiki https://wiki.contribs.org/Raid |
82 |
to go through the graphical installation process. If your disk is not |
|
83 |
empty, you will need to use the Anaconda interface to format it and |
The spare handling for RAID arrays is now implemented. |
84 |
partition it. If it is empty all is automatic. You will have to set your |
|
85 |
root password twice: once during Anaconda installation (you could use a |
Support for further Raid configuration on install is now implemented - see wiki |
86 |
lame password), a second time in the Koozali SME server configuration |
|
87 |
process. |
New Server-Manager Framework, Mojolicious, is now well on the way to full implementation |
88 |
|
|
89 |
Major changes in this release |
USB installs are once again fully supported, |
90 |
============================= |
Note: it is important to use proposed apps to create the boot media |
91 |
This release is based on CentOS 7.# |
See: https://wiki.koozali.org/Install_From_USB |
92 |
|
|
93 |
Changes in this release |
Netinstall is once again fully supported |
94 |
======================= |
|
95 |
see above and below |
Install to a system supporting a UEFI BIOS is also now fully supported |
96 |
|
|
97 |
General features |
Console backup, and workstation backup to removable storages is now fully supported. |
98 |
================ |
|
99 |
- Based on CentOS 7.6.1810 and all available updates |
A plethora of other under the hood changes, too numerous to list |
100 |
|
|
101 |
Detailed changes in this release |
The work that has gone into getting SME 10 to this stage has been enormous, an attempt to list |
102 |
======================= |
and detail the work that has been done in recent months would not do justice to the effort |
103 |
Only the changes since SME Server 10 Alpha3 are listed, mainly |
contributed by the following, |
104 |
autogenerated from the changelogs. |
|
105 |
|
thank you one and all: |
106 |
Packages altered by Centos, Redhat, and Fedora-associated developers are |
|
107 |
not included. |
Jean Phillipe Pialasse |
108 |
|
Michel Begue |
109 |
Backups |
Brian Read |
110 |
|
Catton Durbrow |
111 |
# e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme |
Chris Sansom-Ninnes |
112 |
- added patch for workstation backup lock [SME: 9127] |
Jean-pierre Odion |
113 |
- code from Stefano Zamboni <zamboni@mind-at-work.it> |
Zsolt Vasarhelyi |
114 |
|
John Crisp |
115 |
File Server |
|
116 |
|
there have also been many others who have done what they can, thank you: |
117 |
# e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
|
118 |
- fix typo in /server-resources/regedit/win10samba.reg [SME: 10515] |
The changes that have been implemented to ensure the Koozali Sme Server way is fully implemented |
119 |
|
have been far reaching, far to many to try and list, suffice to say long live "Justine". |
120 |
# samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
|
121 |
# samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
Major changes in this release |
122 |
# samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
============================= |
123 |
# samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
This release is based on CentOS 7.# |
124 |
# samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
|
125 |
# samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
Changes in this release |
126 |
# samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
======================= |
127 |
# samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
see above and below, to much to list |
128 |
# samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
|
129 |
# samba-winbind-modules updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
General features |
130 |
# samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
================ |
131 |
# samba-winbind-clients updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
- Based on CentOS 7.9.2009 and all available updates |
132 |
# libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
|
133 |
# samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
Detailed changes in this release |
134 |
# libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
======================= |
135 |
# samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
Only the changes since SME Server 10 Alpha5 are listed, mainly |
136 |
- import 4.6.2-12 [SME: 10429] |
autogenerated from the changelogs. |
137 |
- change gnutls-devel >= 3.4.7 to gnutls-devel to allow build |
|
138 |
- import to SME the two last upstream releases [SME: 10326] |
Packages altered by Centos, Redhat, and Fedora-associated developers are |
139 |
- resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275 |
not included. |
140 |
- resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 |
|
141 |
- resolves: #1484423 - Require at least krb5 version 1.15.1 |
The changelogs are written per package |
142 |
- resolves: #1484713 - Fix password changes for users via smbpasswd |
|
143 |
- resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO |
SME built or modified packages - ChangeLogs |
144 |
returned errors |
|
145 |
- resolves: #1481188 - Fix 'net ads changetrustpw' |
19 March 2021 |
146 |
- resolves: #1459936 - Fix regression with "follow symlinks = no" |
|
147 |
- resolves: #1461336 - Fix smbclient username parsing |
Backups |
148 |
- resolves: #1460937 - Fix username normalization with winbind |
e-smith-backup |
149 |
- resolves: #1459179 - Fix smbclient session setup printing |
- fix dar restore replacing rootdir symlinks by folders [SME: 11424] |
150 |
- related: #1277999 - Add missing patchset |
- Remove duplicate gunzip call in perform_restore [SME: 11266] |
151 |
- resolves: #1431986 - Fix expand_msdfs VFS module |
- Remove debug output of device names |
152 |
|
- Revert BlockDevices.pm and backup call to not filter to removable drives |
153 |
LDAP |
- Replace hal-* calls with BlockDevices [SME: 11319] |
154 |
|
- add update event [SME: 11124] |
155 |
Localisation |
- Added /etc/backup-data.d to backup paths [SME: 10245] |
156 |
|
- Added error handling to restore using pipe pattern from perform_backup [SME: 3139] |
157 |
# smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme |
- Made reboot optional after console restore |
158 |
- apply locale 2018-12-14 patch |
- Fixed bootstrap restore not activating config changes [SME: 10921] |
159 |
- apply locale 2017-12-02 patch |
- Manually added ext2 and ext3 to Block Device file system check where ext4 present |
160 |
|
- updated Block Device discovery to fix recovery from console [SME: 8244] |
161 |
Mail Server |
- Credit to Catton Durbrow |
162 |
|
|
163 |
# clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme |
File Server |
164 |
- Update to 0.100.2 [SME: 10578] |
e-smith-proftpd |
165 |
|
- cleanup in /etc/rc.d [SME: 9692] |
166 |
# e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme |
- redirect log away from message [SME: 11384] |
167 |
- fix undefined fqdn for pop3 [SME: 10257] |
- fix circular Conflict with proftpd [SME: 11357] |
168 |
|
- improve protect from proftpd.service running [SME: 11106] |
169 |
# qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme |
- protect from proftpd.service running in place of ftp.service [SME: 11106] |
170 |
- add support to force spamcheck on specific IP for fetchmail [SME: 10290] |
- remove system-preset file from usr [SME: 10958] |
171 |
|
- SSL crt and key to self signed if path does not exist [SME: 11316] |
172 |
# smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme |
- add Requires=runit.service [SME: 11245] |
173 |
- add forcespamcheck support for fetchmail [SME: 10290] |
- execute systemd-reload before service adjust in events [SME: 11228] |
174 |
- Log DMARC reporting in syslog instead of sending email to the admin. |
- remove S95reset-unsavedflag [SME: 11229] |
175 |
Also suppress SSL connection failed warnings [SME: 10298] |
- Remove ftp from 'init.d/supervise' [SME: 11106] [SME: 11150] |
176 |
|
- Move ftp service to systemd [SME: 11106] |
177 |
# djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme |
- Create e-smith-proftpd-update event [SME: 11150] |
178 |
- improve short ttl cname resolution and glueless answer from akadns [SME: 8362] |
|
179 |
- 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set QUERY_MAXLOOP 160 |
e-smith-samba |
180 |
--import patches from openwrt and rename already applied patches |
- clean rsyslog syntax for smbd and nmbd [SME: 11422] |
181 |
--fix security issues [SME: 10374] |
- fix noise in message log from nmbd and smbd redirected to dedicated logs [SME: 11349] |
182 |
- 020-dnsroots-update.patch: update list of root DNS servers |
- allow using user-create-profiledir action with temp or package-update events [SME: 11348] |
183 |
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch |
- fix log noise for smb.service [SME: 11157] |
184 |
- 080-dnscache-cache-negatives.patch: rfc2308 ? |
- add Restart=always [SME: 11118] |
185 |
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch |
- add Restart=always [SME: 11117] |
186 |
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch |
- migrate nmbd to systemd [SME: 11118] |
187 |
- 270-dnscache-sigpipe-fix.patch: SIGPIPE |
- migrate smbd to systemd [SME: 11117] |
188 |
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858 |
- create general smb.service service |
189 |
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392 |
- create e-smith-samba-update event [SME: 11157] |
190 |
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392 |
- Fix mutex locking [SME: 11199] |
191 |
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2 |
- Fix pid directory [SME: 11198] |
192 |
--bug fixes [SME: 10374] |
- Add /etc/krb5.conf as template using templates from smeserver-samba[SME: 11093] |
193 |
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets |
- remove win98pwdcache.reg from server-resources [SME: 9060] |
194 |
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records |
- set min server and client protocol SMB2 [SME: 10576] |
195 |
--fix issue with short ttl cname like akamaid [SME: 8362] |
- add check so max always greater than min |
196 |
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch |
- add port 445 if min server protocol is SMB2 or SMB3 [SME: 10963] |
197 |
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl |
|
198 |
- 500-cutom-dnscache-maxloop.patch: set max loop to 200 |
|
199 |
--needed for previous patches to apply cleanly |
Mail Server |
200 |
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch) |
e-smith-email |
201 |
- 050-tinydns-mmap-leak.patch: report cdb leak |
- webmail is only SSL [SME: 11443] |
202 |
- 080-dnscache-cache-negatives.patch: rfc2308 ? |
- create -update event [SME: 11133] |
203 |
- 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch) |
- move smtp-auth-proxy to systemd [SME: 11102] |
204 |
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch) |
- allow creation of pseudonyms with setting of local only [SME: 3802] |
205 |
|
|
206 |
# smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme |
smeserver-dovecot |
207 |
- disable auto_learn by default when enabling Bayes [SME: 8160] |
- clean rsyslog syntax for dovecot [SME: 11422] |
208 |
- added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and BayesAutoLearnThresholdNonSpam |
- add Restart=always [SME: 11101] |
209 |
|
- fix path for event -update [SME: 11101] |
210 |
# e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme |
- cleanup /var/service/dovecot [SME: 11101] |
211 |
- Update aliases files for every groups passed as argument [SME: 10386] |
-close logger and service from previous runit instance before starting systemd one |
212 |
|
- add systemd drop-in expand in bootstrap-console-save, console-save, post-install, post-upgrade [SME: 11101] |
213 |
Server manager |
- move service to systemd [SME: 11101] |
214 |
|
- add imap idle notify interval setting [SME: 10947] |
215 |
php |
- fix typo in enabling TLSv1.2 as default [SME: 10934] |
216 |
- load openssl configuration file on startup #1408301 |
- fix typo in 35ssl template [SME: 10934] |
217 |
- gd: fix buffer over-read into uninitialized memory CVE-2017-7890 |
- fix typo in createlinks [SME: 10932] |
218 |
- fix php should provide php(httpd) #1215429 |
- revert property names with period in it [SME: 10934] |
219 |
- fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010 |
- add property AcceptFullEmail with enabled as default [SME: 9865] |
220 |
default value is "yes", preserving previous behaviour |
|
221 |
- openssl: fix default_socket_timeout does not work with SSL #1378196 |
smeserver-qpsmtpd |
222 |
- gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 |
- remove /usr/lib/systemd/system-preset/80-koozali-qpsmtpd.preset [SME: 10958] |
223 |
- gd: Signed Integer Overflow gd_io.c CVE-2016-10168 |
- modify for clamav 0.103.0 [SME: 11210] |
224 |
|
- roll up patches |
225 |
Webmail and Groupware |
- add Requires=runit.service (qpsmtpd & sqpsmtpd) [SME: 11245] |
226 |
|
- fix service not enabled [SME: 11107] |
227 |
Web Server |
- remove reset-unsavedflag |
228 |
|
- Move qpsmtpd & sqpsmtpd services to systemd [SME: 11107] |
229 |
Other fixes and updates |
- Create smeserver-qpsmtpd-update event [SME: 11164] |
230 |
|
- expand badrcptto_ext when needed [SME: 10638] |
231 |
# e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme |
- this avoid user, group or pseudonyms for internal purpose to be reachable |
232 |
- icleaning xinetd.conf fragment out of the package [SME: 10219] |
- from outside |
233 |
- revert previous change - wrong package |
- minimum Protocol TLSv1.0 [SME: 10460] |
234 |
- added post transaction rule for ntp [SME: 10190] |
- better ciphers order. |
235 |
- thank you to Stefano Zamboni for this work |
|
236 |
|
Server manager |
237 |
# smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme |
e-smith-formmagick |
238 |
- add yum-plugin-post-transaction-actions as requirement [SME: 1100] |
- increase CSRF timeout from 120s to 180s [SME: 10902] |
239 |
|
- added property httpd-admin{csrfTimeout} in second to override |
240 |
# e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
- added hability to ovarride the Timeout from panel to panel |
241 |
- ease update of e-smith-devtools on non SME builders [SME: 10536] |
- add update event [SME: 11136] |
242 |
|
- add locale for CSRF [SME: 10626] |
243 |
# smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme |
- add CSRF patch [SME: 10626] - thank you to Daniel Berteaud |
244 |
- exclude libtevent,python-tevent from base and updates to avoid conflict with localy build version of samba [SME: 10573] |
|
245 |
- add back perl(LWP::Protocol::https) support [SME: 10516] |
e-smith-manager |
246 |
- upstream samba packages were not all excluded [SME: 10428] |
- take 2 wrong system mode reported in bugreport [SME: 10448] |
247 |
|
- fix wrong system mode reported in bugreport [SME: 10448] |
248 |
# e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme |
- create -update event [SME: 11144] |
249 |
- added post transaction rule for ntp [SME: 10190] |
- migrate httpd-admin to systemd [SME: 11110] |
250 |
- thank you to Stefano Zamboni for this work |
- removing hardcoded ports [SME: 10967] |
251 |
|
- Add a FollowSymlinks for user-password in password/cgi-bin (perl-suid) [SME: 9677] |
252 |
# e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
- update apache icon path [SME: 9591] |
253 |
- Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang) |
- add message to indicate EOL after Jun 30 2024 fix [SME: 10170] |
254 |
[SME: 10445] |
|
255 |
|
perl-CGI-FormMagick |
256 |
|
- increase default timeout, allow setting from outside [SME: 10902] |
257 |
On behalf of the Koozali SME Server development team |
- add timeout [SME: 10626] |
258 |
|
- update CSRF patch [SME: 10626] |
259 |
|
- add requires perl(Session::Token) [SME: 10626] |
260 |
|
- fix add CSRF patch [SME: 1723] - thank you to Daniel Berteaud |
261 |
|
|
262 |
|
Webmail and Groupware |
263 |
|
smeserver-horde |
264 |
|
- clean rsyslog syntax for horde [SME: 11422] |
265 |
|
- improved php basedir, with filtering of noise for gpg [SME: 10945] |
266 |
|
- force SSL for horde [SME: 11443] |
267 |
|
- fix horde not honoring switch to php-fpm 5.4 [SME: 11433] |
268 |
|
- update mail settings for the php-pool [SME: 11431] |
269 |
|
- spamd SpamLearning property migrated to spamassassin SpamLearning [SME: 11376] |
270 |
|
- Configuration is not up to date, hash to update [SME: 11308] |
271 |
|
- fix wrong template path for php55, php56 and php [SME: 11255] |
272 |
|
- fix webmail not accessible after enabling from manager [SME: 11233] |
273 |
|
- update rsyslog syntax [SME: 11016] |
274 |
|
- move fragment so syntax is similar to message |
275 |
|
- remove harcoded ports [SME: 10969] |
276 |
|
- add gpg to php base dir [SME: 10945] |
277 |
|
- workaround logging noise caused by libsasl [SME: 10943] |
278 |
|
- log as admin and not admin@domain for cli tasks [SME: 10910] |
279 |
|
- fix ingo imap preferences [SME: 10912] |
280 |
|
- allow httpd-auth for calendar, tasks access using rpc.php ... [SME: 10908] |
281 |
|
- add smeserver-horde-update event [SME: 10909] |
282 |
|
- avoid loss of user parameter on Primary Domain change [SME: 1005] |
283 |
|
- this will also avoid the loss of parameter if we log with a different virtualhost |
284 |
|
- horde preference is now stored with the SME username without @domain |
285 |
|
- fix bad regex to strip domain [SME: 10224] |
286 |
|
- also we can now force Primary domain to use as default email |
287 |
|
- we can strip heading string from virtualhost domain to create email |
288 |
|
- default identity email will update as long as no other identity is created for the user |
289 |
|
- fix typo in php-fpm patch [SME: 10872] |
290 |
|
- remove php3 references [SME: 10866] |
291 |
|
- remove strict and warning alert from error log [SME: 10823] |
292 |
|
- dedicated php-fpm pool for horde [SME: 10872] |
293 |
|
- apply patches from John H. Bennett III [SME: 10717] |
294 |
|
- cvs admin -ko on patch1 |
295 |
|
|
296 |
|
|
297 |
|
Other fixes and updates |
298 |
|
e-smith-base |
299 |
|
- removing weekly cron for ddns update, targeted script has been removed [SME: 11470] |
300 |
|
- revert e-smith-service file [SME: 9692] |
301 |
|
- add systemctl wrapper [SME: 11345] |
302 |
|
- clean rsyslog syntax for dhcpd [SME: 11422] |
303 |
|
- cleanup /etc/rc.d and /var/service [SME: 9692] |
304 |
|
- remove klogd references [SME: 11363] |
305 |
|
- restore part of pptp code and move to generik vpn entry [SME: 11374] |
306 |
|
- drop dyndns core support [SME: 11415] |
307 |
|
- fix enabled service not started on reboot [SME: 11355] |
308 |
|
- unless a power outage, as long as you reboot, halt or shutdown systemd will |
309 |
|
- be in sync |
310 |
|
- fix console::startup run twice [SME: 11358 ] |
311 |
|
- improve run order in systemd-default [SME: 11356] |
312 |
|
- fix uninitialized value during post-install [SME: 11350] |
313 |
|
- fix user with rssh shell need to be member of rsshusers group [SME: 9155] |
314 |
|
- add missing /sbin/e-smith/bootstrap-runlevel7 [SME: 11318] |
315 |
|
- fix typo for isolate [SME: 11246] |
316 |
|
- separate bootstrap-console from run level service launch [SME: 11318] |
317 |
|
- only run isolate if sme-server.target is not active [SME: 11246] |
318 |
|
- update system-preset usr/lib file [SME: 10958] |
319 |
|
- fix loss of httpd basic auth [SME: 11309] |
320 |
|
- fix services starting when they are in Wants= for sme-server.target and preset disabled [SME: 11247] |
321 |
|
- rewrite of manageRAID.pl and add_drive_to_raid for SME10 [SME: 10918] |
322 |
|
- added gdisk as a dependency to support GPT systems |
323 |
|
- fix modSSL key crt and keychain files really exist [SME: 11252] |
324 |
|
- add ldap.init as exception for preset |
325 |
|
- fix init-accounts [SME: 9642] |
326 |
|
- validate modSSL key crt and keychain files really exist [SME: 11252] |
327 |
|
- if not we use self generated |
328 |
|
- drop pptpd support [SME: 11250] |
329 |
|
- add bash-completion [SME: 11244] |
330 |
|
- improve local service to systemd [SME: 11119] |
331 |
|
- now run rc.local file as part of the event |
332 |
|
- move local service to systemd [SME: 11119] |
333 |
|
- make it run /etc/rc.d/rc.local |
334 |
|
- cleaning /var/service/syslog still there |
335 |
|
- workaround drop-in install section ignored by systemctl preset [SME: 11231] |
336 |
|
- some cleanup |
337 |
|
- remove S95reset-unsavedflag [SME: 11229] |
338 |
|
- add exclusion for lpd [SME: 11006] |
339 |
|
- execute systemd-reload before service adjust in events [SME: 11228] |
340 |
|
- fix ExecStart for raidmonitor [SME: 11094] |
341 |
|
- fix permission for /sbin/e-smith/systemd/mdmonitor-pre [SME: 11094] |
342 |
|
- Don't ask for confirmation to save changes on first install configuration [SME: 11193] |
343 |
|
- Fix RAID detection regex for disk redundancy screen [SME: 10918] |
344 |
|
- add Install part of systemd unit [SME: 11100] |
345 |
|
- move dhcpd to systemd [SME: 11100] |
346 |
|
- get dhcpd log out of message [SME: 2408] |
347 |
|
- also configure logrotate for /var/log/dhcpd/dhcpd.log and /var/log/dhcpd/current |
348 |
|
- reverte previous changes for service2adjust and util.pm [SME: 11177] |
349 |
|
- files are owned by e-smith-lib |
350 |
|
- allow more systemctl controls [SME: 11177] |
351 |
|
- convert unrecognized signals from service2adjust in events for systemd |
352 |
|
- handle unsupervised services the same way supervised were in adjust-services |
353 |
|
- make service-status only log when service disabled and not fail it |
354 |
|
- add template for /etc/systemd/system-preset/49koozali.preset [SME: 11174] |
355 |
|
- this will help systemd integration in enabling and disabling services |
356 |
|
- remove wan link |
357 |
|
- move raidmonitor to systemd [SME: 11094] |
358 |
|
- move network service to systemd [SME: 11090] |
359 |
|
- move wan service to systemd [SME: 11091] |
360 |
|
- create e-smith-base-update event [SME: 11012] |
361 |
|
- create sme-server.target [SME: 10957] |
362 |
|
- make sme-server.target default target |
363 |
|
- change default target on signal-event post-upgrade, post-install, e-smith-base-update |
364 |
|
- requires update or smeserver-php and e-smith-runit |
365 |
|
- add an executable to check if service is enabled in e-smith db |
366 |
|
- validate submask on remote access panel [SME: 6536] |
367 |
|
- accept netmask bit and convert it |
368 |
|
- validate subnet mask on local network panel [SME: 10974] |
369 |
|
- accept netmask bit and convert it |
370 |
|
- remove info.txt [SME: 9590] |
371 |
|
|
372 |
|
e-smith-dnscache |
373 |
|
- cleanup in /etc/rc.d/ [SME: 9692] |
374 |
|
- remove /usr/lib/systemd/system-preset/80-koozali-dnscache.preset [SME: 10958] |
375 |
|
- add Requires=runit.service (dnscache & dnscache.forwarder) [SME: 11245] |
376 |
|
- execute systemd-reload before service adjust in events [SME: 11228] |
377 |
|
- remove S95reset-unsavedflag [SME: 11229] |
378 |
|
- remove createlink safesymlink in /etc/rc.d/init.d [SME: 11097] |
379 |
|
- remove rc7.d link [SME: 11097] |
380 |
|
- fix actions in e-smith-tinydns-update [SME: 11127] |
381 |
|
- Move dnscache, dnscache.forwarder services to systemd [SME: 11097] |
382 |
|
- Create e-smith-dnscache-update event [SME: 11127] |
383 |
|
- Modify run script to allow for loopback commmunications with other DNS |
384 |
|
- servers on the local machine and DNS forwarding [SME: 9715] |
385 |
|
|
386 |
|
e-smith-domains |
387 |
|
- avoid encoding of utf strings in domain table [SME: 11391] |
388 |
|
- this will mess with some languages |
389 |
|
- Create e-smith-domains-update event [SME: 11128] |
390 |
|
|
391 |
|
e-smith-grub |
392 |
|
- fix unable to boot on a non xfs root filesystem [SME: 11365] |
393 |
|
- cleanup remove /boot/grub dir [SME: 11354] |
394 |
|
- Add support for EFI systems [SME: 10998] |
395 |
|
- add update event [SME: 11137] |
396 |
|
|
397 |
|
e-smith-ibays |
398 |
|
- fix patch for SSLRequireSSL [SME: 8150] |
399 |
|
- force https if auth or dav are enabled [SME: 11407] |
400 |
|
- merge SSL and SSLRequireSSL properties [SME: 8150] |
401 |
|
- now SSLRequireSSL will force SSL to the html ibay directory and redirect to https |
402 |
|
- update php properties and folders [SME: 11412] |
403 |
|
- remove last bit of atalk [SME: 668] |
404 |
|
- add update event [SME: 11139] |
405 |
|
- remove hardcoded ports [SME: 10968] |
406 |
|
- remove php3 reference [SME: 10869] |
407 |
|
- fix apache failing if ibay has dynamic content enabled and phpmodule is disabled [SME: 10871] |
408 |
|
- revert patch, wrong rpm [SME: 10871] |
409 |
|
- add support for php-fpm [SME: 10871] |
410 |
|
|
411 |
|
e-smith-lib-compspec |
412 |
|
- allow easy access to templates.metadata to expand desired files [SME: 11312] |
413 |
|
- add update event [SME: 11142] |
414 |
|
|
415 |
|
e-smith-mysql |
416 |
|
- fix wrong path for set password [SME: 11468] |
417 |
|
- fix restore of sme9 backup fails to start mysql.init [SME: 11453] |
418 |
|
- add property to enable mysqld slow queries log [SME: 455] |
419 |
|
- simply use SlowQueries as the amount of second and it is enabled |
420 |
|
- remove property to stop logging |
421 |
|
- more mysqld/mariadb parameter available with properties /templates [SME: 4606] |
422 |
|
- ease 4 databit characters with innodb [SME: 11404] |
423 |
|
- redirect mariadb log from systemd to file [SME: 11425] |
424 |
|
- fix backup fails in pre-backup in mysqldump [SME: 7827] |
425 |
|
- expand 10mysql_upgrade and restart mysql.init on e-smith-mysql-update [SME: 11120] |
426 |
|
- this to make sure mariadb upgrade fully and prevent residual 10mysql_upgrade stay in the way |
427 |
|
- fix issue with 10mysql_upgrade crashing mariadb [SME: 11120] |
428 |
|
- also removed noise from spec file |
429 |
|
- e-smith-update event [SME: 11145] |
430 |
|
- mariadb systemd integration [SME: 11021] |
431 |
|
- move set.password and template |
432 |
|
- create /usr/lib/systemd/system/mariadb.service.d/sme.conf |
433 |
|
- create /sbin/e-smith/systemd/mariadb-initialize + chmod |
434 |
|
- cleanup and remove old /var/service/mariadb |
435 |
|
- mysql.init systemd integration [SME: 11120] |
436 |
|
- create mysql_init.service |
437 |
|
|
438 |
|
e-smith-openssh |
439 |
|
- clean rsyslog syntax for sshd [SME: 11422] |
440 |
|
- increase default host key size [SME: 11359] |
441 |
|
- redirect logging to /var/log/sshd/sshd.log and logrotate [SME: 11256] |
442 |
|
- add support for denyhost [SME: 10939] |
443 |
|
- move sshd to systemd [SME: 11109] |
444 |
|
- create -update event [SME: 11147] |
445 |
|
- add ed25519 and ecdsa hostkeys [SME: 10940] |
446 |
|
- add Whitelist to AutoBlock using property sshd ValidFrom [SME: 9893] |
447 |
|
- update client ciphers to use [SME: 10621] |
448 |
|
- add ciphers, macs and KexAlgorithms for server [SME: 10937] |
449 |
|
|
450 |
|
e-smith-packetfilter |
451 |
|
- move ulogd to systemd [SME: 11426] |
452 |
|
- require ulogd 2 [SME: 11426] |
453 |
|
- remove pptpd last references [SME: 11420] |
454 |
|
- remove /usr/lib/systemd/system-preset/80-koozali-packetfilter.preset [SME: 10958] |
455 |
|
- drop pptpd support [SME: 11251] |
456 |
|
- launch masq using systemd unit [SME: 11089] |
457 |
|
- create event to avoid reboot on update [SME: 11122] |
458 |
|
|
459 |
|
e-smith-proxy |
460 |
|
- cleanup in /etc/rc.d and /var/service/squid [SME: 9692] |
461 |
|
|
462 |
|
e-smith-runit |
463 |
|
- reverting removal of deamontools [SME: 9692] |
464 |
|
- could be needed for legacy support with rc7.d services |
465 |
|
- cleanup of /etc/rc.d [SME: 9692] |
466 |
|
- create e-smith-runit-update event [SME: 11156] |
467 |
|
- also tidy target wantedby: should run from basic.target |
468 |
|
- fix issue with Before rules in unit file [SME: 11013] |
469 |
|
- run before network-pre.target [SME: 11088] |
470 |
|
- enable for sme-server.target [SME: 11013] |
471 |
|
- e-smith-test |
472 |
|
- e-smith-tinydns |
473 |
|
- cleanup in /etc/rc.d [SME: 9692] |
474 |
|
- remove /usr/lib/systemd/system-preset/80-koozali-tinydns.preset [SME: 10958] |
475 |
|
- Add 'Requires=runit.service' [SME: 11245] |
476 |
|
- remove S95reset-unsavedflag [SME: 11229] |
477 |
|
- execute systemd-reload before service adjust in events [SME: 11228] |
478 |
|
- remove createlink safesymlink in /etc/rc.d/init.d [SME: 11098] |
479 |
|
- remove rc7.d link [SME: 11098] |
480 |
|
- fix date in changelog |
481 |
|
- fix actions in e-smith-tinydns-update [SME: 11159] |
482 |
|
- Move tinydns service to systemd [SME: 11098] |
483 |
|
- Create e-smith-tinydns-update event [SME: 11159] |
484 |
|
|
485 |
|
smeserver-release |
486 |
|
- Bump new rpm for sme10 release candidate 1 |
487 |
|
- updating release number everywhere [SME: 11366] |
488 |
|
- Bump release to 1 as buildsys believe 1.alpha5 is newer than 0.beta1 [SME: 11317] |
489 |
|
- Bump new rpm for sme10 beta1 [SME: 11317] |
490 |
|
- add update event [SME: 11165] |
491 |
|
- Bump new rpm for sme10 alpha5 |
492 |
|
|
493 |
|
smeserver-yum |
494 |
|
- avoid reboot on removal of smeserver-* rpms [SME: 11458] |
495 |
|
- navigation-conf when a panel is installed |
496 |
|
- fix wrong path for rsyslog.conf [SME: 11364] |
497 |
|
- remove noise in yum process "overriding all signals, forcing restart" [SME: 11372] |
498 |
|
- packages installed logged both in yum.log and message [SME: 11364] |
499 |
|
- set priority to 10 for remi-safe [SME: 11360] |
500 |
|
- fix poor handling of service adjusting and action order [SME: 11300] |
501 |
|
- now a temp event is created |
502 |
|
- also better logging, better handling of update vs removal |
503 |
|
- make yum dbs service fork [SME: 11243] |
504 |
|
- now smeserver.py plugin call the service |
505 |
|
- yum-modify can use the service restart |
506 |
|
- yum.service is its own service, not called by local.service |
507 |
|
- move yum upate db service to systemd [SME: 11180] |
508 |
|
- fix -update events not runt on package upgrade [SME: 11184] |
509 |
|
- lower noise on forced restart |
510 |
|
- fix switch to vault BaseURL for CentOS [SME: 11227] |
511 |
|
- add remi-safe as base repo [SME: 11179] |
512 |
|
- smeserver-yum-update event created [SME: 11168] |
513 |
|
- fix separate action before template, and after service [SME: 11175] |
514 |
|
- run all actions with post-upgrade as default event |
515 |
|
- fix some templates not expanded [SME: 11121] |
516 |
|
- fix smeserver.py not executing action because of wrong path [SME: 11047] |
517 |
|
- fix error when key absent of a dict of smeserver plugin at clean stage [SME: 10931] |
518 |
|
- avoid missing template error after removal of a rpm [SME: 10846] |
519 |
|
- restart php-fpm services when needed [SME: 10873] |
520 |
|
- applying patch [SME: 10690] |
521 |
|
- fix NameError: global name 'yum_update_dbs' is not defined [SME: 6940] |
522 |
|
- use yum-cron with autoupdate feature [SME: 10690] |
523 |
|
|
524 |
|
These are either not SME modified Packages, or are kernel mods. |
525 |
|
|
526 |
|
clamav |
527 |
|
libprelude |
528 |
|
sendmail |
529 |
|
|
530 |
|
The changelogs are written per package On behalf of the Koozali SME Server development team |
531 |
|
- Compilation of release data is thanks to scripts developed by Ian Wells and substantially improved by Jean Phillipe Pialasse |
532 |
|
|
533 |
|
Terry Fage |
534 |
|
|