1 |
Koozali SME Server 10 Alpha 4 Release Notes |
2 |
===================================== |
3 |
|
4 |
These are draft only and are in a constat state of update. |
5 |
|
6 |
27 Dec 2018 |
7 |
|
8 |
The Koozali SME Server development team is pleased to announce the |
9 |
release of SME Server 10 Alpha 4 which will be the next major release of |
10 |
SME Server. |
11 |
|
12 |
This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. |
13 |
|
14 |
*************************** |
15 |
Koozali SME Server users should not upgrade production servers to this |
16 |
release but those who can are encouraged to load the alpha to a |
17 |
dedicated test machine and take part in the testing phase. |
18 |
*************************** |
19 |
|
20 |
Some notes on Koozali SME Server 10 can be found at |
21 |
https://wiki.contribs.org/SME_Server_10.0_Development |
22 |
|
23 |
SME10 Roadmap - Alpha 4 |
24 |
https://wiki.contribs.org/SME10_Roadmap#SME_10_Alpha_4 |
25 |
|
26 |
Bug reports and reports of potential bugs should be raised in the bug |
27 |
tracker (and only there, please); |
28 |
|
29 |
https://bugs.koozali.org/ |
30 |
|
31 |
Download |
32 |
======== |
33 |
You can download SME Server 10 from |
34 |
https://mirror.koozali.org/smeserver/releases/testing/10/ |
35 |
or for other methods see https://wiki.koozali.org/SME_Server:Download |
36 |
|
37 |
Please note it may take up to 48 hours for mirrors to finish syncing, |
38 |
during this time you may experience problems. |
39 |
|
40 |
About SME Server |
41 |
================ |
42 |
SME Server is the leading Linux distribution for small and medium |
43 |
enterprises. SME Server is brought to you by Koozali Foundation, Inc., |
44 |
a non-profit corporation that exists to provide marketing and legal support |
45 |
for SME Server. |
46 |
|
47 |
SME Server is freely available under the GNU General Public License and |
48 |
is only possible through the efforts of the SME Server community. |
49 |
|
50 |
However, the availability and quality of SME Server is dependent on |
51 |
meeting our expenses, such as hosting costs, server hardware, etc. |
52 |
|
53 |
As such, we ask for a donation to offset costs and fund further development. |
54 |
|
55 |
a) If you are a school, a church, a non-profit organisation or an |
56 |
individual using SME Server for private purposes, we would appreciate |
57 |
you to contribute within your means toward the costs associated with |
58 |
hosting, maintenance and development. |
59 |
|
60 |
b) If you are a company or an integrator and you are deploying SME |
61 |
Server in the course of your work to generate revenue, we expect you to |
62 |
make a donation commensurate with the level of revenue you generate and |
63 |
the number of servers your have in the field. Please, help the project |
64 |
|
65 |
Please visit https://wiki.koozali.org/Donate to donate. |
66 |
|
67 |
Koozali Inc is happy to supply an invoice for any donations received, |
68 |
simply email treasurer at koozali.org |
69 |
|
70 |
Notes |
71 |
===== |
72 |
In-place upgrades are not supported. It is necessary to backup and then |
73 |
restore. |
74 |
(Remember, testing purpose only) |
75 |
|
76 |
The spare handling for RAID arrays is not implemented. |
77 |
|
78 |
USB installs are now supported, see: |
79 |
https://wiki.koozali.org/Install_From_USB |
80 |
|
81 |
Current installer is still branded CentOS. A kickstart script allows you |
82 |
to go through the graphical installation process. If your disk is not |
83 |
empty, you will need to use the Anaconda interface to format it and |
84 |
partition it. If it is empty all is automatic. You will have to set your |
85 |
root password twice: once during Anaconda installation (you could use a |
86 |
lame password), a second time in the Koozali SME server configuration |
87 |
process. |
88 |
|
89 |
Major changes in this release |
90 |
============================= |
91 |
This release is based on CentOS 7.# |
92 |
|
93 |
Changes in this release |
94 |
======================= |
95 |
see above and below |
96 |
|
97 |
General features |
98 |
================ |
99 |
- Based on CentOS 7.6.1810 and all available updates |
100 |
|
101 |
Detailed changes in this release |
102 |
======================= |
103 |
Only the changes since SME Server 10 Alpha3 are listed, mainly |
104 |
autogenerated from the changelogs. |
105 |
|
106 |
Packages altered by Centos, Redhat, and Fedora-associated developers are |
107 |
not included. |
108 |
|
109 |
Backups |
110 |
|
111 |
# e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme |
112 |
- added patch for workstation backup lock [SME: 9127] |
113 |
- code from Stefano Zamboni <zamboni@mind-at-work.it> |
114 |
|
115 |
File Server |
116 |
|
117 |
# e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
118 |
- fix typo in /server-resources/regedit/win10samba.reg [SME: 10515] |
119 |
|
120 |
# samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
121 |
# samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
122 |
# samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
123 |
# samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
124 |
# samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
125 |
# samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
126 |
# samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
127 |
# samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
128 |
# samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
129 |
# samba-winbind-modules updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
130 |
# samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
131 |
# samba-winbind-clients updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
132 |
# libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
133 |
# samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
134 |
# libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
135 |
# samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
136 |
- import 4.6.2-12 [SME: 10429] |
137 |
- change gnutls-devel >= 3.4.7 to gnutls-devel to allow build |
138 |
- import to SME the two last upstream releases [SME: 10326] |
139 |
- resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275 |
140 |
- resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 |
141 |
- resolves: #1484423 - Require at least krb5 version 1.15.1 |
142 |
- resolves: #1484713 - Fix password changes for users via smbpasswd |
143 |
- resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO |
144 |
returned errors |
145 |
- resolves: #1481188 - Fix 'net ads changetrustpw' |
146 |
- resolves: #1459936 - Fix regression with "follow symlinks = no" |
147 |
- resolves: #1461336 - Fix smbclient username parsing |
148 |
- resolves: #1460937 - Fix username normalization with winbind |
149 |
- resolves: #1459179 - Fix smbclient session setup printing |
150 |
- related: #1277999 - Add missing patchset |
151 |
- resolves: #1431986 - Fix expand_msdfs VFS module |
152 |
|
153 |
LDAP |
154 |
|
155 |
Localisation |
156 |
|
157 |
# smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme |
158 |
- apply locale 2018-12-14 patch |
159 |
- apply locale 2017-12-02 patch |
160 |
|
161 |
Mail Server |
162 |
|
163 |
# clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme |
164 |
- Update to 0.100.2 [SME: 10578] |
165 |
|
166 |
# e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme |
167 |
- fix undefined fqdn for pop3 [SME: 10257] |
168 |
|
169 |
# qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme |
170 |
- add support to force spamcheck on specific IP for fetchmail [SME: 10290] |
171 |
|
172 |
# smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme |
173 |
- add forcespamcheck support for fetchmail [SME: 10290] |
174 |
- Log DMARC reporting in syslog instead of sending email to the admin. |
175 |
Also suppress SSL connection failed warnings [SME: 10298] |
176 |
|
177 |
# djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme |
178 |
- improve short ttl cname resolution and glueless answer from akadns [SME: 8362] |
179 |
- 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set QUERY_MAXLOOP 160 |
180 |
--import patches from openwrt and rename already applied patches |
181 |
--fix security issues [SME: 10374] |
182 |
- 020-dnsroots-update.patch: update list of root DNS servers |
183 |
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch |
184 |
- 080-dnscache-cache-negatives.patch: rfc2308 ? |
185 |
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch |
186 |
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch |
187 |
- 270-dnscache-sigpipe-fix.patch: SIGPIPE |
188 |
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858 |
189 |
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392 |
190 |
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392 |
191 |
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2 |
192 |
--bug fixes [SME: 10374] |
193 |
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets |
194 |
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records |
195 |
--fix issue with short ttl cname like akamaid [SME: 8362] |
196 |
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch |
197 |
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl |
198 |
- 500-cutom-dnscache-maxloop.patch: set max loop to 200 |
199 |
--needed for previous patches to apply cleanly |
200 |
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch) |
201 |
- 050-tinydns-mmap-leak.patch: report cdb leak |
202 |
- 080-dnscache-cache-negatives.patch: rfc2308 ? |
203 |
- 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch) |
204 |
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch) |
205 |
|
206 |
# smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme |
207 |
- disable auto_learn by default when enabling Bayes [SME: 8160] |
208 |
- added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and BayesAutoLearnThresholdNonSpam |
209 |
|
210 |
# e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme |
211 |
- Update aliases files for every groups passed as argument [SME: 10386] |
212 |
|
213 |
Server manager |
214 |
|
215 |
php |
216 |
- load openssl configuration file on startup #1408301 |
217 |
- gd: fix buffer over-read into uninitialized memory CVE-2017-7890 |
218 |
- fix php should provide php(httpd) #1215429 |
219 |
- fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010 |
220 |
default value is "yes", preserving previous behaviour |
221 |
- openssl: fix default_socket_timeout does not work with SSL #1378196 |
222 |
- gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 |
223 |
- gd: Signed Integer Overflow gd_io.c CVE-2016-10168 |
224 |
|
225 |
Webmail and Groupware |
226 |
|
227 |
Web Server |
228 |
|
229 |
Other fixes and updates |
230 |
|
231 |
# e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme |
232 |
- icleaning xinetd.conf fragment out of the package [SME: 10219] |
233 |
- revert previous change - wrong package |
234 |
- added post transaction rule for ntp [SME: 10190] |
235 |
- thank you to Stefano Zamboni for this work |
236 |
|
237 |
# smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme |
238 |
- add yum-plugin-post-transaction-actions as requirement [SME: 1100] |
239 |
|
240 |
# e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
241 |
- ease update of e-smith-devtools on non SME builders [SME: 10536] |
242 |
|
243 |
# smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme |
244 |
- exclude libtevent,python-tevent from base and updates to avoid conflict with localy build version of samba [SME: 10573] |
245 |
- add back perl(LWP::Protocol::https) support [SME: 10516] |
246 |
- upstream samba packages were not all excluded [SME: 10428] |
247 |
|
248 |
# e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme |
249 |
- added post transaction rule for ntp [SME: 10190] |
250 |
- thank you to Stefano Zamboni for this work |
251 |
|
252 |
# e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
253 |
- Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang) |
254 |
[SME: 10445] |
255 |
|
256 |
|
257 |
On behalf of the Koozali SME Server development team |