| 1 |
Koozali SME Server 10.alpha1 Release Notes |
Koozali SME Server 10 Alpha 4 Release Notes |
| 2 |
=========================================== |
===================================== |
|
18 May 2016 |
|
| 3 |
|
|
| 4 |
The Koozali SME Server (SME Server) development team is pleased to announce |
These are draft only and are in a constat state of update. |
|
the release of SME Server 10.apha1 which is based on CentOS 7.2.1511 |
|
| 5 |
|
|
| 6 |
SME 10.alpha1 incorporates the very first packages for the 10 version |
27 Dec 2018 |
| 7 |
|
|
| 8 |
TEST PURPOSE ONLY. DO NOT USE ON PRODUCTION SERVER ! |
The Koozali SME Server development team is pleased to announce the |
| 9 |
|
release of SME Server 10 Alpha 4 which will be the next major release of |
| 10 |
|
SME Server. |
| 11 |
|
|
| 12 |
CentOS 7.# has an EOL of 30 June 2024. |
This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. |
| 13 |
|
|
| 14 |
|
*************************** |
| 15 |
|
Koozali SME Server users should not upgrade production servers to this |
| 16 |
|
release but those who can are encouraged to load the alpha to a |
| 17 |
|
dedicated test machine and take part in the testing phase. |
| 18 |
|
*************************** |
| 19 |
|
|
| 20 |
|
Some notes on Koozali SME Server 10 can be found at |
| 21 |
|
https://wiki.contribs.org/SME_Server_10.0_Development |
| 22 |
|
|
| 23 |
|
SME10 Roadmap - Alpha 4 |
| 24 |
|
https://wiki.contribs.org/SME10_Roadmap#SME_10_Alpha_4 |
| 25 |
|
|
| 26 |
Bug reports and reports of potential bugs should be raised in the bug |
Bug reports and reports of potential bugs should be raised in the bug |
| 27 |
tracker (and only there, please); |
tracker (and only there, please); |
| 28 |
|
|
| 29 |
http://bugs.contribs.org/ |
https://bugs.koozali.org/ |
| 30 |
|
|
| 31 |
Download |
Download |
| 32 |
======== |
======== |
| 33 |
You can download SME Server 10 from |
You can download SME Server 10 from |
| 34 |
http://mirror.contribs.org/smeserver/releases/testing/10/ |
https://mirror.koozali.org/smeserver/releases/testing/10/ |
| 35 |
or for other methods see http://wiki.contribs.org/SME_Server:Download |
or for other methods see https://wiki.koozali.org/SME_Server:Download |
| 36 |
|
|
| 37 |
Please note it may take up to 48 hours for mirrors to finish syncing, |
Please note it may take up to 48 hours for mirrors to finish syncing, |
| 38 |
during this time you may experience problems. |
during this time you may experience problems. |
| 52 |
|
|
| 53 |
As such, we ask for a donation to offset costs and fund further development. |
As such, we ask for a donation to offset costs and fund further development. |
| 54 |
|
|
| 55 |
a) If you are a school, a church, a non-profit organisation or an individual |
a) If you are a school, a church, a non-profit organisation or an |
| 56 |
using SME Server for private purposes, we would appreciate you to contribute |
individual using SME Server for private purposes, we would appreciate |
| 57 |
within your means toward the costs associated with hosting, maintenance and |
you to contribute within your means toward the costs associated with |
| 58 |
development. |
hosting, maintenance and development. |
| 59 |
|
|
| 60 |
b) If you are a company or an integrator and you are deploying SME Server in |
b) If you are a company or an integrator and you are deploying SME |
| 61 |
the course of your work to generate revenue, we expect you to make a donation |
Server in the course of your work to generate revenue, we expect you to |
| 62 |
commensurate with the level of revenue you generate and the number of servers |
make a donation commensurate with the level of revenue you generate and |
| 63 |
your have in the field. Please, help the project |
the number of servers your have in the field. Please, help the project |
| 64 |
|
|
| 65 |
Please visit http://wiki.contribs.org/Donate to donate. |
Please visit https://wiki.koozali.org/Donate to donate. |
| 66 |
|
|
| 67 |
Koozali Inc is happy to supply an invoice for any donations received, |
Koozali Inc is happy to supply an invoice for any donations received, |
| 68 |
simply email treasurer@koozali.org |
simply email treasurer at koozali.org |
| 69 |
|
|
| 70 |
Notes |
Notes |
| 71 |
===== |
===== |
| 72 |
In-place upgrades are not supported. It is necessary to backup and then restore. |
In-place upgrades are not supported. It is necessary to backup and then |
| 73 |
/boot partition is always RAID 1. |
restore. |
| 74 |
|
(Remember, testing purpose only) |
| 75 |
|
|
| 76 |
The spare handling for RAID arrays is not implemented. |
The spare handling for RAID arrays is not implemented. |
| 77 |
|
|
| 78 |
USB installs are now supported, see: |
USB installs are now supported, see: |
| 79 |
http://wiki.contribs.org/Install_From_USB#SME_Server_9 |
https://wiki.koozali.org/Install_From_USB |
| 80 |
|
|
| 81 |
Minimal changes have been made from SME9.1rc1 |
Current installer is still branded CentOS. A kickstart script allows you |
| 82 |
|
to go through the graphical installation process. If your disk is not |
| 83 |
|
empty, you will need to use the Anaconda interface to format it and |
| 84 |
|
partition it. If it is empty all is automatic. You will have to set your |
| 85 |
|
root password twice: once during Anaconda installation (you could use a |
| 86 |
|
lame password), a second time in the Koozali SME server configuration |
| 87 |
|
process. |
| 88 |
|
|
| 89 |
Major changes in this release |
Major changes in this release |
| 90 |
============================= |
============================= |
| 91 |
|
This release is based on CentOS 7.# |
| 92 |
|
|
| 93 |
Changes in this release |
Changes in this release |
| 94 |
======================= |
======================= |
| 95 |
|
see above and below |
| 96 |
|
|
| 97 |
General features |
General features |
| 98 |
================ |
================ |
| 99 |
- Based on CentOS 7.2.1511 and all available updates |
- Based on CentOS 7.6.1810 and all available updates |
| 100 |
|
|
| 101 |
|
Detailed changes in this release |
| 102 |
|
======================= |
| 103 |
|
Only the changes since SME Server 10 Alpha3 are listed, mainly |
| 104 |
|
autogenerated from the changelogs. |
| 105 |
|
|
| 106 |
|
Packages altered by Centos, Redhat, and Fedora-associated developers are |
| 107 |
|
not included. |
| 108 |
|
|
| 109 |
|
Backups |
| 110 |
|
|
| 111 |
|
# e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme |
| 112 |
|
- added patch for workstation backup lock [SME: 9127] |
| 113 |
|
- code from Stefano Zamboni <zamboni@mind-at-work.it> |
| 114 |
|
|
| 115 |
|
File Server |
| 116 |
|
|
| 117 |
|
# e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
| 118 |
|
- fix typo in /server-resources/regedit/win10samba.reg [SME: 10515] |
| 119 |
|
|
| 120 |
|
# samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 121 |
|
# samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 122 |
|
# samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 123 |
|
# samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 124 |
|
# samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 125 |
|
# samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 126 |
|
# samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 127 |
|
# samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 128 |
|
# samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 129 |
|
# samba-winbind-modules updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 130 |
|
# samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 131 |
|
# samba-winbind-clients updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 132 |
|
# libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 133 |
|
# samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 134 |
|
# libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 135 |
|
# samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme |
| 136 |
|
- import 4.6.2-12 [SME: 10429] |
| 137 |
|
- change gnutls-devel >= 3.4.7 to gnutls-devel to allow build |
| 138 |
|
- import to SME the two last upstream releases [SME: 10326] |
| 139 |
|
- resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275 |
| 140 |
|
- resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 |
| 141 |
|
- resolves: #1484423 - Require at least krb5 version 1.15.1 |
| 142 |
|
- resolves: #1484713 - Fix password changes for users via smbpasswd |
| 143 |
|
- resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO |
| 144 |
|
returned errors |
| 145 |
|
- resolves: #1481188 - Fix 'net ads changetrustpw' |
| 146 |
|
- resolves: #1459936 - Fix regression with "follow symlinks = no" |
| 147 |
|
- resolves: #1461336 - Fix smbclient username parsing |
| 148 |
|
- resolves: #1460937 - Fix username normalization with winbind |
| 149 |
|
- resolves: #1459179 - Fix smbclient session setup printing |
| 150 |
|
- related: #1277999 - Add missing patchset |
| 151 |
|
- resolves: #1431986 - Fix expand_msdfs VFS module |
| 152 |
|
|
| 153 |
|
LDAP |
| 154 |
|
|
| 155 |
|
Localisation |
| 156 |
|
|
| 157 |
|
# smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme |
| 158 |
|
- apply locale 2018-12-14 patch |
| 159 |
|
- apply locale 2017-12-02 patch |
| 160 |
|
|
| 161 |
|
Mail Server |
| 162 |
|
|
| 163 |
|
# clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme |
| 164 |
|
- Update to 0.100.2 [SME: 10578] |
| 165 |
|
|
| 166 |
|
# e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme |
| 167 |
|
- fix undefined fqdn for pop3 [SME: 10257] |
| 168 |
|
|
| 169 |
|
# qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme |
| 170 |
|
- add support to force spamcheck on specific IP for fetchmail [SME: 10290] |
| 171 |
|
|
| 172 |
|
# smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme |
| 173 |
|
- add forcespamcheck support for fetchmail [SME: 10290] |
| 174 |
|
- Log DMARC reporting in syslog instead of sending email to the admin. |
| 175 |
|
Also suppress SSL connection failed warnings [SME: 10298] |
| 176 |
|
|
| 177 |
|
# djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme |
| 178 |
|
- improve short ttl cname resolution and glueless answer from akadns [SME: 8362] |
| 179 |
|
- 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set QUERY_MAXLOOP 160 |
| 180 |
|
--import patches from openwrt and rename already applied patches |
| 181 |
|
--fix security issues [SME: 10374] |
| 182 |
|
- 020-dnsroots-update.patch: update list of root DNS servers |
| 183 |
|
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch |
| 184 |
|
- 080-dnscache-cache-negatives.patch: rfc2308 ? |
| 185 |
|
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch |
| 186 |
|
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch |
| 187 |
|
- 270-dnscache-sigpipe-fix.patch: SIGPIPE |
| 188 |
|
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858 |
| 189 |
|
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392 |
| 190 |
|
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392 |
| 191 |
|
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2 |
| 192 |
|
--bug fixes [SME: 10374] |
| 193 |
|
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets |
| 194 |
|
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records |
| 195 |
|
--fix issue with short ttl cname like akamaid [SME: 8362] |
| 196 |
|
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch |
| 197 |
|
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl |
| 198 |
|
- 500-cutom-dnscache-maxloop.patch: set max loop to 200 |
| 199 |
|
--needed for previous patches to apply cleanly |
| 200 |
|
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch) |
| 201 |
|
- 050-tinydns-mmap-leak.patch: report cdb leak |
| 202 |
|
- 080-dnscache-cache-negatives.patch: rfc2308 ? |
| 203 |
|
- 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch) |
| 204 |
|
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch) |
| 205 |
|
|
| 206 |
|
# smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme |
| 207 |
|
- disable auto_learn by default when enabling Bayes [SME: 8160] |
| 208 |
|
- added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and BayesAutoLearnThresholdNonSpam |
| 209 |
|
|
| 210 |
|
# e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme |
| 211 |
|
- Update aliases files for every groups passed as argument [SME: 10386] |
| 212 |
|
|
| 213 |
|
Server manager |
| 214 |
|
|
| 215 |
|
php |
| 216 |
|
- load openssl configuration file on startup #1408301 |
| 217 |
|
- gd: fix buffer over-read into uninitialized memory CVE-2017-7890 |
| 218 |
|
- fix php should provide php(httpd) #1215429 |
| 219 |
|
- fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010 |
| 220 |
|
default value is "yes", preserving previous behaviour |
| 221 |
|
- openssl: fix default_socket_timeout does not work with SSL #1378196 |
| 222 |
|
- gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 |
| 223 |
|
- gd: Signed Integer Overflow gd_io.c CVE-2016-10168 |
| 224 |
|
|
| 225 |
|
Webmail and Groupware |
| 226 |
|
|
| 227 |
|
Web Server |
| 228 |
|
|
| 229 |
|
Other fixes and updates |
| 230 |
|
|
| 231 |
|
# e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme |
| 232 |
|
- icleaning xinetd.conf fragment out of the package [SME: 10219] |
| 233 |
|
- revert previous change - wrong package |
| 234 |
|
- added post transaction rule for ntp [SME: 10190] |
| 235 |
|
- thank you to Stefano Zamboni for this work |
| 236 |
|
|
| 237 |
|
# smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme |
| 238 |
|
- add yum-plugin-post-transaction-actions as requirement [SME: 1100] |
| 239 |
|
|
| 240 |
|
# e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
| 241 |
|
- ease update of e-smith-devtools on non SME builders [SME: 10536] |
| 242 |
|
|
| 243 |
|
# smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme |
| 244 |
|
- exclude libtevent,python-tevent from base and updates to avoid conflict with localy build version of samba [SME: 10573] |
| 245 |
|
- add back perl(LWP::Protocol::https) support [SME: 10516] |
| 246 |
|
- upstream samba packages were not all excluded [SME: 10428] |
| 247 |
|
|
| 248 |
|
# e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme |
| 249 |
|
- added post transaction rule for ntp [SME: 10190] |
| 250 |
|
- thank you to Stefano Zamboni for this work |
| 251 |
|
|
| 252 |
|
# e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme |
| 253 |
|
- Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang) |
| 254 |
|
[SME: 10445] |
| 255 |
|
|
| 256 |
|
|
| 257 |
On behalf of the SME Server development team |
On behalf of the Koozali SME Server development team |
Parent Directory
| 
Revision Log
| 
Revision Graph
| 
Patch
