/[smeserver]/cdrom.image/sme10/README.txt
ViewVC logotype

Contents of /cdrom.image/sme10/README.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.4 - (show annotations) (download)
Fri Dec 28 03:33:50 2018 UTC (5 years, 10 months ago) by jpp
Branch: MAIN
Changes since 1.3: +163 -365 lines
Content type: text/plain
new release

1 Koozali SME Server 10 Alpha 4 Release Notes
2 =====================================
3
4 These are draft only and are in a constat state of update.
5
6 27 Dec 2018
7
8 The Koozali SME Server development team is pleased to announce the
9 release of SME Server 10 Alpha 4 which will be the next major release of
10 SME Server.
11
12 This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.
13
14 ***************************
15 Koozali SME Server users should not upgrade production servers to this
16 release but those who can are encouraged to load the alpha to a
17 dedicated test machine and take part in the testing phase.
18 ***************************
19
20 Some notes on Koozali SME Server 10 can be found at
21 https://wiki.contribs.org/SME_Server_10.0_Development
22
23 SME10 Roadmap - Alpha 4
24 https://wiki.contribs.org/SME10_Roadmap#SME_10_Alpha_4
25
26 Bug reports and reports of potential bugs should be raised in the bug
27 tracker (and only there, please);
28
29 https://bugs.koozali.org/
30
31 Download
32 ========
33 You can download SME Server 10 from
34 https://mirror.koozali.org/smeserver/releases/testing/10/
35 or for other methods see https://wiki.koozali.org/SME_Server:Download
36
37 Please note it may take up to 48 hours for mirrors to finish syncing,
38 during this time you may experience problems.
39
40 About SME Server
41 ================
42 SME Server is the leading Linux distribution for small and medium
43 enterprises. SME Server is brought to you by Koozali Foundation, Inc.,
44 a non-profit corporation that exists to provide marketing and legal support
45 for SME Server.
46
47 SME Server is freely available under the GNU General Public License and
48 is only possible through the efforts of the SME Server community.
49
50 However, the availability and quality of SME Server is dependent on
51 meeting our expenses, such as hosting costs, server hardware, etc.
52
53 As such, we ask for a donation to offset costs and fund further development.
54
55 a) If you are a school, a church, a non-profit organisation or an
56 individual using SME Server for private purposes, we would appreciate
57 you to contribute within your means toward the costs associated with
58 hosting, maintenance and development.
59
60 b) If you are a company or an integrator and you are deploying SME
61 Server in the course of your work to generate revenue, we expect you to
62 make a donation commensurate with the level of revenue you generate and
63 the number of servers your have in the field. Please, help the project
64
65 Please visit https://wiki.koozali.org/Donate to donate.
66
67 Koozali Inc is happy to supply an invoice for any donations received,
68 simply email treasurer at koozali.org
69
70 Notes
71 =====
72 In-place upgrades are not supported. It is necessary to backup and then
73 restore.
74 (Remember, testing purpose only)
75
76 The spare handling for RAID arrays is not implemented.
77
78 USB installs are now supported, see:
79 https://wiki.koozali.org/Install_From_USB
80
81 Current installer is still branded CentOS. A kickstart script allows you
82 to go through the graphical installation process. If your disk is not
83 empty, you will need to use the Anaconda interface to format it and
84 partition it. If it is empty all is automatic. You will have to set your
85 root password twice: once during Anaconda installation (you could use a
86 lame password), a second time in the Koozali SME server configuration
87 process.
88
89 Major changes in this release
90 =============================
91 This release is based on CentOS 7.#
92
93 Changes in this release
94 =======================
95 see above and below
96
97 General features
98 ================
99 - Based on CentOS 7.6.1810 and all available updates
100
101 Detailed changes in this release
102 =======================
103 Only the changes since SME Server 10 Alpha3 are listed, mainly
104 autogenerated from the changelogs.
105
106 Packages altered by Centos, Redhat, and Fedora-associated developers are
107 not included.
108
109 Backups
110
111 # e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme
112 - added patch for workstation backup lock [SME: 9127]
113 - code from Stefano Zamboni <zamboni@mind-at-work.it>
114
115 File Server
116
117 # e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
118 - fix typo in /server-resources/regedit/win10samba.reg [SME: 10515]
119
120 # samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
121 # samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
122 # samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
123 # samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
124 # samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
125 # samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
126 # samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
127 # samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
128 # samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
129 # samba-winbind-modules updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
130 # samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
131 # samba-winbind-clients updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
132 # libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
133 # samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
134 # libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
135 # samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
136 - import 4.6.2-12 [SME: 10429]
137 - change gnutls-devel >= 3.4.7 to gnutls-devel to allow build
138 - import to SME the two last upstream releases [SME: 10326]
139 - resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275
140 - resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163
141 - resolves: #1484423 - Require at least krb5 version 1.15.1
142 - resolves: #1484713 - Fix password changes for users via smbpasswd
143 - resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO
144 returned errors
145 - resolves: #1481188 - Fix 'net ads changetrustpw'
146 - resolves: #1459936 - Fix regression with "follow symlinks = no"
147 - resolves: #1461336 - Fix smbclient username parsing
148 - resolves: #1460937 - Fix username normalization with winbind
149 - resolves: #1459179 - Fix smbclient session setup printing
150 - related: #1277999 - Add missing patchset
151 - resolves: #1431986 - Fix expand_msdfs VFS module
152
153 LDAP
154
155 Localisation
156
157 # smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme
158 - apply locale 2018-12-14 patch
159 - apply locale 2017-12-02 patch
160
161 Mail Server
162
163 # clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme
164 - Update to 0.100.2 [SME: 10578]
165
166 # e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme
167 - fix undefined fqdn for pop3 [SME: 10257]
168
169 # qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme
170 - add support to force spamcheck on specific IP for fetchmail [SME: 10290]
171
172 # smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme
173 - add forcespamcheck support for fetchmail [SME: 10290]
174 - Log DMARC reporting in syslog instead of sending email to the admin.
175 Also suppress SSL connection failed warnings [SME: 10298]
176
177 # djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme
178 - improve short ttl cname resolution and glueless answer from akadns [SME: 8362]
179 - 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set QUERY_MAXLOOP 160
180 --import patches from openwrt and rename already applied patches
181 --fix security issues [SME: 10374]
182 - 020-dnsroots-update.patch: update list of root DNS servers
183 - 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch
184 - 080-dnscache-cache-negatives.patch: rfc2308 ?
185 - 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch
186 - 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch
187 - 270-dnscache-sigpipe-fix.patch: SIGPIPE
188 - 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
189 - 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
190 - 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
191 - 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2
192 --bug fixes [SME: 10374]
193 - 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets
194 - 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records
195 --fix issue with short ttl cname like akamaid [SME: 8362]
196 - 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch
197 - 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
198 - 500-cutom-dnscache-maxloop.patch: set max loop to 200
199 --needed for previous patches to apply cleanly
200 - 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)
201 - 050-tinydns-mmap-leak.patch: report cdb leak
202 - 080-dnscache-cache-negatives.patch: rfc2308 ?
203 - 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch)
204 - 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)
205
206 # smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme
207 - disable auto_learn by default when enabling Bayes [SME: 8160]
208 - added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and BayesAutoLearnThresholdNonSpam
209
210 # e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
211 - Update aliases files for every groups passed as argument [SME: 10386]
212
213 Server manager
214
215 php
216 - load openssl configuration file on startup #1408301
217 - gd: fix buffer over-read into uninitialized memory CVE-2017-7890
218 - fix php should provide php(httpd) #1215429
219 - fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010
220 default value is "yes", preserving previous behaviour
221 - openssl: fix default_socket_timeout does not work with SSL #1378196
222 - gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167
223 - gd: Signed Integer Overflow gd_io.c CVE-2016-10168
224
225 Webmail and Groupware
226
227 Web Server
228
229 Other fixes and updates
230
231 # e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme
232 - icleaning xinetd.conf fragment out of the package [SME: 10219]
233 - revert previous change - wrong package
234 - added post transaction rule for ntp [SME: 10190]
235 - thank you to Stefano Zamboni for this work
236
237 # smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme
238 - add yum-plugin-post-transaction-actions as requirement [SME: 1100]
239
240 # e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
241 - ease update of e-smith-devtools on non SME builders [SME: 10536]
242
243 # smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme
244 - exclude libtevent,python-tevent from base and updates to avoid conflict with localy build version of samba [SME: 10573]
245 - add back perl(LWP::Protocol::https) support [SME: 10516]
246 - upstream samba packages were not all excluded [SME: 10428]
247
248 # e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
249 - added post transaction rule for ntp [SME: 10190]
250 - thank you to Stefano Zamboni for this work
251
252 # e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
253 - Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang)
254 [SME: 10445]
255
256
257 On behalf of the Koozali SME Server development team

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed