--- cdrom.image/sme10/README.txt 2021/03/22 04:57:48 1.10 +++ cdrom.image/sme10/README.txt 2021/06/06 09:21:29 1.11 @@ -1,542 +1,560 @@ -Koozali SME Server 10 Release Candidate 1 Release Notes "Justine" -============================================ -These are draft only and are in a constant state of update. - -19 Mar 2021 - -The Koozali SME Server development team is pleased to announce the -release of SME Server 10 RC 1 which will be the next major release of -SME Server. Code named "Justine" - -This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. - -********************************************************** -Koozali SME Server users should not upgrade production servers to this -release but those who can are encouraged to load the release to a -dedicated test machine and take part in the testing phase. -********************************************************** - -Some notes on Koozali SME Server 10 can be found at -https://wiki.contribs.org/SME_Server_10.0_Development - -SME10 Roadmap - RC 1 -https://wiki.contribs.org/SME10_Roadmap#SME_10_RC_1 - -Bug reports and reports of potential bugs should be raised in the bug -tracker (and only there, please); - - https://bugs.koozali.org/ - -Copy of releaase notes may be found here: -https://lists.contribs.org/pipermail/updatesannounce/2021-March/ - -Download -======== -You can download SME Server 10 from -https://mirror.koozali.org/smeserver/releases/testing/10/ -or for other methods see: -https://wiki.koozali.org/SME_Server:Download - -Please note it may take up to 48 hours for mirrors to finish syncing, -during this time you may experience problems. - -About SME Server -================ -SME Server is the leading Linux distribution for small and medium -enterprises. SME Server is brought to you by Koozali Foundation, Inc., -a non-profit corporation that exists to provide marketing and legal support -for SME Server. - -SME Server is freely available under the GNU General Public License and -is only possible through the efforts of the SME Server community. - -However, the availability and quality of SME Server is dependent on -meeting our expenses, such as hosting costs, server hardware, etc. - -As such, we ask for a donation to offset costs and fund further development. - -a) If you are a school, a church, a non-profit organisation or an -individual using SME Server for private purposes, we would appreciate -you to contribute within your means toward the costs associated with -hosting, maintenance and development. - -b) If you are a company or an integrator and you are deploying SME -Server in the course of your work to generate revenue, we expect you to -make a donation commensurate with the level of revenue you generate and -the number of servers your have in the field. Please, help the project - -Please visit https://wiki.koozali.org/Donate to donate. - -Koozali Inc is happy to supply an invoice for any donations received, -simply email treasurer at koozali.org - -Notes -===== -In-place upgrades are not supported. It is necessary to backup and then -restore. (Remember, testing purpose only), - -Restore of a sme9 console or workstation backup is now fully supported - -Single disk install no longer creates a degraded Raid1 array, Two or more disks -will be created as a Raid1-6 array, see wiki https://wiki.contribs.org/Raid - -The spare handling for RAID arrays is now implemented. - -Support for further Raid configuration on install is now implemented - see wiki - -New Server-Manager Framework, Mojolicious, is now well on the way to full implementation - -USB installs are once again fully supported, -Note: it is important to use proposed apps to create the boot media -See: https://wiki.koozali.org/Install_From_USB - -Netinstall is once again fully supported - -Install to a system supporting a UEFI BIOS is also now fully supported - -Console backup, and workstation backup to removable storages is now fully supported. - -A plethora of other under the hood changes, too numerous to list - -The work that has gone into getting SME 10 to this stage has been enormous, an attempt to list -and detail the work that has been done in recent months would not do justice to the effort -contributed by the following, - -thank you one and all: - -Jean Phillipe Pialasse -Michel Begue -Brian Read -Catton Durbrow -Chris Sansom-Ninnes -Jean-pierre Odion -Zsolt Vasarhelyi -John Crisp - -there have also been many others who have done what they can, thank you: - -The changes that have been implemented to ensure the Koozali Sme Server way is fully implemented -have been far reaching, far to many to try and list, suffice to say long live "Justine". - -Major changes in this release -============================= -This release is based on CentOS 7.# - -Changes in this release -======================= -see above and below, to much to list - -General features -================ -- Based on CentOS 7.9.2009 and all available updates - -Detailed changes in this release -======================= -Only the changes since SME Server 10 Alpha5 are listed, mainly -autogenerated from the changelogs. - -Packages altered by Centos, Redhat, and Fedora-associated developers are -not included. - -The changelogs are written per package - -SME built or modified packages - ChangeLogs - -19 March 2021 - -Backups -e-smith-backup -- fix dar restore replacing rootdir symlinks by folders [SME: 11424] -- Remove duplicate gunzip call in perform_restore [SME: 11266] -- Remove debug output of device names -- Revert BlockDevices.pm and backup call to not filter to removable drives -- Replace hal-* calls with BlockDevices [SME: 11319] -- add update event [SME: 11124] -- Added /etc/backup-data.d to backup paths [SME: 10245] -- Added error handling to restore using pipe pattern from perform_backup [SME: 3139] -- Made reboot optional after console restore -- Fixed bootstrap restore not activating config changes [SME: 10921] -- Manually added ext2 and ext3 to Block Device file system check where ext4 present -- updated Block Device discovery to fix recovery from console [SME: 8244] -- Credit to Catton Durbrow - -File Server -e-smith-proftpd -- cleanup in /etc/rc.d [SME: 9692] -- redirect log away from message [SME: 11384] -- fix circular Conflict with proftpd [SME: 11357] -- improve protect from proftpd.service running [SME: 11106] -- protect from proftpd.service running in place of ftp.service [SME: 11106] -- remove system-preset file from usr [SME: 10958] -- SSL crt and key to self signed if path does not exist [SME: 11316] -- add Requires=runit.service [SME: 11245] -- execute systemd-reload before service adjust in events [SME: 11228] -- remove S95reset-unsavedflag [SME: 11229] -- Remove ftp from 'init.d/supervise' [SME: 11106] [SME: 11150] -- Move ftp service to systemd [SME: 11106] -- Create e-smith-proftpd-update event [SME: 11150] - -e-smith-samba -- clean rsyslog syntax for smbd and nmbd [SME: 11422] -- fix noise in message log from nmbd and smbd redirected to dedicated logs [SME: 11349] -- allow using user-create-profiledir action with temp or package-update events [SME: 11348] -- fix log noise for smb.service [SME: 11157] -- add Restart=always [SME: 11118] -- add Restart=always [SME: 11117] -- migrate nmbd to systemd [SME: 11118] -- migrate smbd to systemd [SME: 11117] -- create general smb.service service -- create e-smith-samba-update event [SME: 11157] -- Fix mutex locking [SME: 11199] -- Fix pid directory [SME: 11198] -- Add /etc/krb5.conf as template using templates from smeserver-samba[SME: 11093] -- remove win98pwdcache.reg from server-resources [SME: 9060] -- set min server and client protocol SMB2 [SME: 10576] -- add check so max always greater than min -- add port 445 if min server protocol is SMB2 or SMB3 [SME: 10963] - - -Mail Server -e-smith-email -- webmail is only SSL [SME: 11443] -- create -update event [SME: 11133] -- move smtp-auth-proxy to systemd [SME: 11102] -- allow creation of pseudonyms with setting of local only [SME: 3802] - -smeserver-dovecot -- clean rsyslog syntax for dovecot [SME: 11422] -- add Restart=always [SME: 11101] -- fix path for event -update [SME: 11101] -- cleanup /var/service/dovecot [SME: 11101] - -close logger and service from previous runit instance before starting systemd one -- add systemd drop-in expand in bootstrap-console-save, console-save, post-install, post-upgrade [SME: 11101] -- move service to systemd [SME: 11101] -- add imap idle notify interval setting [SME: 10947] -- fix typo in enabling TLSv1.2 as default [SME: 10934] -- fix typo in 35ssl template [SME: 10934] -- fix typo in createlinks [SME: 10932] -- revert property names with period in it [SME: 10934] -- add property AcceptFullEmail with enabled as default [SME: 9865] - -smeserver-qpsmtpd -- remove /usr/lib/systemd/system-preset/80-koozali-qpsmtpd.preset [SME: 10958] -- modify for clamav 0.103.0 [SME: 11210] -- roll up patches -- add Requires=runit.service (qpsmtpd & sqpsmtpd) [SME: 11245] -- fix service not enabled [SME: 11107] -- remove reset-unsavedflag -- Move qpsmtpd & sqpsmtpd services to systemd [SME: 11107] -- Create smeserver-qpsmtpd-update event [SME: 11164] -- expand badrcptto_ext when needed [SME: 10638] -- this avoid user, group or pseudonyms for internal purpose to be reachable -- from outside -- minimum Protocol TLSv1.0 [SME: 10460] -- better ciphers order. - -Server manager -e-smith-formmagick -- increase CSRF timeout from 120s to 180s [SME: 10902] -- added property httpd-admin{csrfTimeout} in second to override -- added hability to ovarride the Timeout from panel to panel -- add update event [SME: 11136] -- add locale for CSRF [SME: 10626] -- add CSRF patch [SME: 10626] - thank you to Daniel Berteaud - -e-smith-manager -- take 2 wrong system mode reported in bugreport [SME: 10448] -- fix wrong system mode reported in bugreport [SME: 10448] -- create -update event [SME: 11144] -- migrate httpd-admin to systemd [SME: 11110] -- removing hardcoded ports [SME: 10967] -- Add a FollowSymlinks for user-password in password/cgi-bin (perl-suid) [SME: 9677] -- update apache icon path [SME: 9591] -- add message to indicate EOL after Jun 30 2024 fix [SME: 10170] - -perl-CGI-FormMagick -- increase default timeout, allow setting from outside [SME: 10902] -- add timeout [SME: 10626] -- update CSRF patch [SME: 10626] -- add requires perl(Session::Token) [SME: 10626] -- fix add CSRF patch [SME: 1723] - thank you to Daniel Berteaud - -Webmail and Groupware -smeserver-horde -- clean rsyslog syntax for horde [SME: 11422] -- improved php basedir, with filtering of noise for gpg [SME: 10945] -- force SSL for horde [SME: 11443] -- fix horde not honoring switch to php-fpm 5.4 [SME: 11433] -- update mail settings for the php-pool [SME: 11431] -- spamd SpamLearning property migrated to spamassassin SpamLearning [SME: 11376] -- Configuration is not up to date, hash to update [SME: 11308] -- fix wrong template path for php55, php56 and php [SME: 11255] -- fix webmail not accessible after enabling from manager [SME: 11233] -- update rsyslog syntax [SME: 11016] -- move fragment so syntax is similar to message -- remove harcoded ports [SME: 10969] -- add gpg to php base dir [SME: 10945] -- workaround logging noise caused by libsasl [SME: 10943] -- log as admin and not admin@domain for cli tasks [SME: 10910] -- fix ingo imap preferences [SME: 10912] -- allow httpd-auth for calendar, tasks access using rpc.php ... [SME: 10908] -- add smeserver-horde-update event [SME: 10909] -- avoid loss of user parameter on Primary Domain change [SME: 1005] -- this will also avoid the loss of parameter if we log with a different virtualhost -- horde preference is now stored with the SME username without @domain -- fix bad regex to strip domain [SME: 10224] -- also we can now force Primary domain to use as default email -- we can strip heading string from virtualhost domain to create email -- default identity email will update as long as no other identity is created for the user -- fix typo in php-fpm patch [SME: 10872] -- remove php3 references [SME: 10866] -- remove strict and warning alert from error log [SME: 10823] -- dedicated php-fpm pool for horde [SME: 10872] -- apply patches from John H. Bennett III [SME: 10717] -- cvs admin -ko on patch1 - - -Other fixes and updates -e-smith-base -- fix masq failing on initial boot -- removing weekly cron for ddns update, targeted script has been removed [SME: 11470] -- revert e-smith-service file [SME: 9692] -- add systemctl wrapper [SME: 11345] -- clean rsyslog syntax for dhcpd [SME: 11422] -- cleanup /etc/rc.d and /var/service [SME: 9692] -- remove klogd references [SME: 11363] -- restore part of pptp code and move to generik vpn entry [SME: 11374] -- drop dyndns core support [SME: 11415] -- fix enabled service not started on reboot [SME: 11355] -- unless a power outage, as long as you reboot, halt or shutdown systemd will -- be in sync -- fix console::startup run twice [SME: 11358 ] -- improve run order in systemd-default [SME: 11356] -- fix uninitialized value during post-install [SME: 11350] -- fix user with rssh shell need to be member of rsshusers group [SME: 9155] -- add missing /sbin/e-smith/bootstrap-runlevel7 [SME: 11318] -- fix typo for isolate [SME: 11246] -- separate bootstrap-console from run level service launch [SME: 11318] -- only run isolate if sme-server.target is not active [SME: 11246] -- update system-preset usr/lib file [SME: 10958] -- fix loss of httpd basic auth [SME: 11309] -- fix services starting when they are in Wants= for sme-server.target and preset disabled [SME: 11247] -- rewrite of manageRAID.pl and add_drive_to_raid for SME10 [SME: 10918] -- added gdisk as a dependency to support GPT systems -- fix modSSL key crt and keychain files really exist [SME: 11252] -- add ldap.init as exception for preset -- fix init-accounts [SME: 9642] -- validate modSSL key crt and keychain files really exist [SME: 11252] -- if not we use self generated -- drop pptpd support [SME: 11250] -- add bash-completion [SME: 11244] -- improve local service to systemd [SME: 11119] -- now run rc.local file as part of the event -- move local service to systemd [SME: 11119] -- make it run /etc/rc.d/rc.local -- cleaning /var/service/syslog still there -- workaround drop-in install section ignored by systemctl preset [SME: 11231] -- some cleanup -- remove S95reset-unsavedflag [SME: 11229] -- add exclusion for lpd [SME: 11006] -- execute systemd-reload before service adjust in events [SME: 11228] -- fix ExecStart for raidmonitor [SME: 11094] -- fix permission for /sbin/e-smith/systemd/mdmonitor-pre [SME: 11094] -- Don't ask for confirmation to save changes on first install configuration [SME: 11193] -- Fix RAID detection regex for disk redundancy screen [SME: 10918] -- add Install part of systemd unit [SME: 11100] -- move dhcpd to systemd [SME: 11100] -- get dhcpd log out of message [SME: 2408] -- also configure logrotate for /var/log/dhcpd/dhcpd.log and /var/log/dhcpd/current -- reverte previous changes for service2adjust and util.pm [SME: 11177] -- files are owned by e-smith-lib -- allow more systemctl controls [SME: 11177] -- convert unrecognized signals from service2adjust in events for systemd -- handle unsupervised services the same way supervised were in adjust-services -- make service-status only log when service disabled and not fail it -- add template for /etc/systemd/system-preset/49koozali.preset [SME: 11174] -- this will help systemd integration in enabling and disabling services -- remove wan link -- move raidmonitor to systemd [SME: 11094] -- move network service to systemd [SME: 11090] -- move wan service to systemd [SME: 11091] -- create e-smith-base-update event [SME: 11012] -- create sme-server.target [SME: 10957] -- make sme-server.target default target -- change default target on signal-event post-upgrade, post-install, e-smith-base-update -- requires update or smeserver-php and e-smith-runit -- add an executable to check if service is enabled in e-smith db -- validate submask on remote access panel [SME: 6536] -- accept netmask bit and convert it -- validate subnet mask on local network panel [SME: 10974] -- accept netmask bit and convert it -- remove info.txt [SME: 9590] - -e-smith-dnscache -- cleanup in /etc/rc.d/ [SME: 9692] -- remove /usr/lib/systemd/system-preset/80-koozali-dnscache.preset [SME: 10958] -- add Requires=runit.service (dnscache & dnscache.forwarder) [SME: 11245] -- execute systemd-reload before service adjust in events [SME: 11228] -- remove S95reset-unsavedflag [SME: 11229] -- remove createlink safesymlink in /etc/rc.d/init.d [SME: 11097] -- remove rc7.d link [SME: 11097] -- fix actions in e-smith-tinydns-update [SME: 11127] -- Move dnscache, dnscache.forwarder services to systemd [SME: 11097] -- Create e-smith-dnscache-update event [SME: 11127] -- Modify run script to allow for loopback commmunications with other DNS -- servers on the local machine and DNS forwarding [SME: 9715] - -e-smith-domains -- avoid encoding of utf strings in domain table [SME: 11391] -- this will mess with some languages -- Create e-smith-domains-update event [SME: 11128] - -e-smith-grub -- fix unable to boot on a non xfs root filesystem [SME: 11365] -- cleanup remove /boot/grub dir [SME: 11354] -- Add support for EFI systems [SME: 10998] -- add update event [SME: 11137] - -e-smith-ibays -- fix patch for SSLRequireSSL [SME: 8150] -- force https if auth or dav are enabled [SME: 11407] -- merge SSL and SSLRequireSSL properties [SME: 8150] -- now SSLRequireSSL will force SSL to the html ibay directory and redirect to https -- update php properties and folders [SME: 11412] -- remove last bit of atalk [SME: 668] -- add update event [SME: 11139] -- remove hardcoded ports [SME: 10968] -- remove php3 reference [SME: 10869] -- fix apache failing if ibay has dynamic content enabled and phpmodule is disabled [SME: 10871] -- revert patch, wrong rpm [SME: 10871] -- add support for php-fpm [SME: 10871] - -e-smith-ldap -- fix ldap failing to start on initial boot - -e-smith-lib-compspec -- allow easy access to templates.metadata to expand desired files [SME: 11312] -- add update event [SME: 11142] - -e-smith-mysql -- fix wrong path for set password [SME: 11468] -- fix restore of sme9 backup fails to start mysql.init [SME: 11453] -- add property to enable mysqld slow queries log [SME: 455] -- simply use SlowQueries as the amount of second and it is enabled -- remove property to stop logging -- more mysqld/mariadb parameter available with properties /templates [SME: 4606] -- ease 4 databit characters with innodb [SME: 11404] -- redirect mariadb log from systemd to file [SME: 11425] -- fix backup fails in pre-backup in mysqldump [SME: 7827] -- expand 10mysql_upgrade and restart mysql.init on e-smith-mysql-update [SME: 11120] -- this to make sure mariadb upgrade fully and prevent residual 10mysql_upgrade stay in the way -- fix issue with 10mysql_upgrade crashing mariadb [SME: 11120] -- also removed noise from spec file -- e-smith-update event [SME: 11145] -- mariadb systemd integration [SME: 11021] -- move set.password and template -- create /usr/lib/systemd/system/mariadb.service.d/sme.conf -- create /sbin/e-smith/systemd/mariadb-initialize + chmod -- cleanup and remove old /var/service/mariadb -- mysql.init systemd integration [SME: 11120] -- create mysql_init.service - -e-smith-openssh -- clean rsyslog syntax for sshd [SME: 11422] -- increase default host key size [SME: 11359] -- redirect logging to /var/log/sshd/sshd.log and logrotate [SME: 11256] -- add support for denyhost [SME: 10939] -- move sshd to systemd [SME: 11109] -- create -update event [SME: 11147] -- add ed25519 and ecdsa hostkeys [SME: 10940] -- add Whitelist to AutoBlock using property sshd ValidFrom [SME: 9893] -- update client ciphers to use [SME: 10621] -- add ciphers, macs and KexAlgorithms for server [SME: 10937] - -e-smith-packetfilter -- move ulogd to systemd [SME: 11426] -- require ulogd 2 [SME: 11426] -- remove pptpd last references [SME: 11420] -- remove /usr/lib/systemd/system-preset/80-koozali-packetfilter.preset [SME: 10958] -- drop pptpd support [SME: 11251] -- launch masq using systemd unit [SME: 11089] -- create event to avoid reboot on update [SME: 11122] - -e-smith-proxy -- cleanup in /etc/rc.d and /var/service/squid [SME: 9692] - -e-smith-runit -- reverting removal of deamontools [SME: 9692] -- could be needed for legacy support with rc7.d services -- cleanup of /etc/rc.d [SME: 9692] -- create e-smith-runit-update event [SME: 11156] -- also tidy target wantedby: should run from basic.target -- fix issue with Before rules in unit file [SME: 11013] -- run before network-pre.target [SME: 11088] -- enable for sme-server.target [SME: 11013] -- e-smith-test -- e-smith-tinydns -- cleanup in /etc/rc.d [SME: 9692] -- remove /usr/lib/systemd/system-preset/80-koozali-tinydns.preset [SME: 10958] -- Add 'Requires=runit.service' [SME: 11245] -- remove S95reset-unsavedflag [SME: 11229] -- execute systemd-reload before service adjust in events [SME: 11228] -- remove createlink safesymlink in /etc/rc.d/init.d [SME: 11098] -- remove rc7.d link [SME: 11098] -- fix date in changelog -- fix actions in e-smith-tinydns-update [SME: 11159] -- Move tinydns service to systemd [SME: 11098] -- Create e-smith-tinydns-update event [SME: 11159] - -smeserver-release -- Bump new rpm for sme10 release candidate 1 -- updating release number everywhere [SME: 11366] -- Bump release to 1 as buildsys believe 1.alpha5 is newer than 0.beta1 [SME: 11317] -- Bump new rpm for sme10 beta1 [SME: 11317] -- add update event [SME: 11165] -- Bump new rpm for sme10 alpha5 - -smeserver-yum -- migrate back to normal CentOS mirrors after el6 EOL [SME: 11477] -- version 2 with - deleting yum{eolversion} if for previous release or not yet eol - better handling of conditions -- avoid reboot on removal of smeserver-* rpms [SME: 11458] -- navigation-conf when a panel is installed -- fix wrong path for rsyslog.conf [SME: 11364] -- remove noise in yum process "overriding all signals, forcing restart" [SME: 11372] -- packages installed logged both in yum.log and message [SME: 11364] -- set priority to 10 for remi-safe [SME: 11360] -- fix poor handling of service adjusting and action order [SME: 11300] -- now a temp event is created -- also better logging, better handling of update vs removal -- make yum dbs service fork [SME: 11243] -- now smeserver.py plugin call the service -- yum-modify can use the service restart -- yum.service is its own service, not called by local.service -- move yum upate db service to systemd [SME: 11180] -- fix -update events not runt on package upgrade [SME: 11184] -- lower noise on forced restart -- fix switch to vault BaseURL for CentOS [SME: 11227] -- add remi-safe as base repo [SME: 11179] -- smeserver-yum-update event created [SME: 11168] -- fix separate action before template, and after service [SME: 11175] -- run all actions with post-upgrade as default event -- fix some templates not expanded [SME: 11121] -- fix smeserver.py not executing action because of wrong path [SME: 11047] -- fix error when key absent of a dict of smeserver plugin at clean stage [SME: 10931] -- avoid missing template error after removal of a rpm [SME: 10846] -- restart php-fpm services when needed [SME: 10873] -- applying patch [SME: 10690] -- fix NameError: global name 'yum_update_dbs' is not defined [SME: 6940] -- use yum-cron with autoupdate feature [SME: 10690] - -These are either not SME modified Packages, or are kernel mods. - -clamav -libprelude -sendmail - -The changelogs are written per package On behalf of the Koozali SME Server development team -- Compilation of release data is thanks to scripts developed by Ian Wells and substantially improved by Jean Phillipe Pialasse - -Terry Fage - +Koozali SME Server 10 Final Release Notes "Justine" +============================================ + +07 June 2021 + +The Koozali SME Server development team is pleased to announce the +release of SME Server 10 Final which will be the next major release of +SME Server. Code named "Justine" + +This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. + +********************************************************** +Koozali SME Server users should not upgrade production servers to this. +Those with test servers are encouraged to load the release to a +dedicated test machine and take part in the testing phase. +********************************************************** + +Some notes on Koozali SME Server 10 can be found at +https://wiki.contribs.org/SME_Server_10.0_Development + +SME10 Roadmap - +https://wiki.contribs.org/SME10_Roadmap#SME_10_Final + +Bug reports and reports of potential bugs should be raised in the bug +tracker (and only there, please); + + https://bugs.koozali.org/ + +Copy of releaase notes may be found here: +https://lists.contribs.org/pipermail/updatesannounce/ + +Download +======== +You can download SME Server 10 from +https://mirror.koozali.org/smeserver/releases/testing/10/ +or for other methods see: +https://wiki.koozali.org/SME_Server:Download + +Please note it may take up to 48 hours for mirrors to finish syncing, +during this time you may experience problems. + +About SME Server +================ +SME Server is the leading Linux distribution for small and medium +enterprises. SME Server is brought to you by Koozali Foundation, Inc., +a non-profit corporation that exists to provide marketing and legal support +for SME Server. + +SME Server is freely available under the GNU General Public License and +is only possible through the efforts of the SME Server community. + +However, the availability and quality of SME Server is dependent on +meeting our expenses, such as hosting costs, server hardware, etc. + +As such, we ask for a donation to offset costs and fund further development. + +a) If you are a school, a church, a non-profit organisation or an +individual using SME Server for private purposes, we would appreciate +you to contribute within your means toward the costs associated with +hosting, maintenance and development. + +b) If you are a company or an integrator and you are deploying SME +Server in the course of your work to generate revenue, we expect you to +make a donation commensurate with the level of revenue you generate and +the number of servers your have in the field. Please, help the project + +Please visit https://wiki.koozali.org/Donate to donate. + +Koozali Inc is happy to supply an invoice for any donations received, +simply email treasurer at koozali.org + +Notes +===== +In-place upgrades are not supported. It is necessary to backup and then +restore. + +Restore of a sme9 console or workstation backup is now fully supported, there +are cautions to be aware of and followed. + +Single disk install no longer creates a degraded Raid1 array, Two or more disks +will be created as a Raid1-6 array, see wiki https://wiki.contribs.org/Raid + +The spare handling for RAID arrays is now implemented. + +Support for further Raid configuration on install is now implemented - see wiki + +New Server-Manager Framework, Mojolicious, is now well on the way to full implementation + +USB installs are once again fully supported, +Note: it is important to use recommended apps to create the boot media +See: https://wiki.koozali.org/Install_From_USB + +Netinstall is once again fully supported, additional repos easily added + +Install to a system supporting a UEFI BIOS is also now fully supported + +Console backup, and workstation backup to removable storages is now fully supported. + +Koozali templating is now fully inegrated with systemd + +An enormouse number other under the hood changes, far to numerous to list here + +The work that has gone into getting SME 10 to this stage has been enormous, an attempt to list +and detail the work that has been done in recent months would not do justice to the effort +contributed by the following, + +thank you one and all: + +Jean Phillipe Pialasse +Michel Begue +Brian Read +Catton Durbrow +Chris Sansom-Ninnes +Jean-pierre Odion +Zsolt Vasarhelyi +John Crisp +Terry Fage + +there have also been many others who have done what they can, thank you: + +The changes that have been implemented to ensure the Koozali Sme Server way is fully implemented +have been far reaching, far to many to try and list, suffice to say long live "Justine". + +Major changes in this release +============================= +This release is based on CentOS 7.# + +Changes in this release +======================= +see above and below, too much to list + +General features +================ +- Based on CentOS 7.9.2009 and all available updates + +Detailed changes in this release +======================= +Only the changes since SME Server 10 RC1 are listed, mainly autogenerated from the changelogs. + +Packages altered by Centos, Redhat, and Fedora-associated developers are not included. + +The changelogs are written per package + +SME built or modified packages - ChangeLogs + +10 June 2021 + +Backups +flexbackup +- fix package version and release 1.2.1-6.4 +- new source from debian packages repos 1.2.1-6.4 +- convert initial release +- remove /usr/share/lintian directory +- add convert script to doc directory +- add debian changelog to doc directory + +File Server +e-smith-proftpd +- restart proftpd on ssl-update [SME: 11603] +- cleanup in /etc/rc.d [SME: 9692] +- redirect log away from message [SME: 11384] +- fix circular Conflict with proftpd [SME: 11357] +- improve protect from proftpd.service running [SME: 11106] +- protect from proftpd.service running in place of ftp.service [SME: 11106] +- remove system-preset file from usr [SME: 10958] +- SSL crt and key to self signed if path does not exist [SME: 11316] +- add Requires=runit.service [SME: 11245] +- execute systemd-reload before service adjust in events [SME: 11228] +- remove S95reset-unsavedflag [SME: 11229] +- Remove ftp from 'init.d/supervise' [SME: 11106] [SME: 11150] +- Move ftp service to systemd [SME: 11106] +- Create e-smith-proftpd-update event [SME: 11150] + +e-smith-samba +- netlogon.bat +x [SME: 11566] +- add possibility to reenable allow execute always on ibays homes or everywhere [SME: 11555] +- fix double entries for min protocol [SME: 11558] +- clean rsyslog syntax for smbd and nmbd [SME: 11422] +- fix noise in message log from nmbd and smbd redirected to dedicated logs [SME: 11349] +- allow using user-create-profiledir action with temp or package-update events [SME: 11348] +- fix log noise for smb.service [SME: 11157] +- add Restart=always [SME: 11118] +- add Restart=always [SME: 11117] +- migrate nmbd to systemd [SME: 11118] +- migrate smbd to systemd [SME: 11117] + create generik smb.service service +- create e-smith-samba-update event [SME: 11157] +- Fix mutex locking [SME: 11199] +- Fix pid directory [SME: 11198] +- Add /etc/krb5.conf as template using templates from smeserver-samba [SME: 11093] +- remove win98pwdcache.reg from server-resources [SME: 9060] +- set min server and client protocol SMB2 [SME: 10576] + add check so max always greater than min +- add port 445 if min server protocol is SMB2 or SMB3 [SME: 10963] + +LDAP +e-smith-ldap +- fix wrong path for templates.metadata [SME: 11595] +- use template for ssl pem [SME: 11595] +- fix ldap failing to start on initial boot [SME: 11480] +- fix wrong alias to ldap.init [SME: 11301] +- add -update event [SME: 11140] +- move ldap to systemd [SME: 11099] +- move ldap.init to systemd [SME: 11096] +- New protocol default as TLSv1.2 [SME: 10936] + New property TLSProtocolMin + Ciphers are now ordered with stronger first + +Localisation +smeserver-locale +- apply local 2021-05-12.patch [SME: 11593] +- apply local 2021-01-09.patch [SME: 11310] +- apply local 2019-12-07.patch + +Mail Server +djbdns +- import modification from SME9 [SME: 11548] +- improve short ttl cname resolution and glueless answer from akadns [SME: 8362] +- 500-cutom-dnscache-maxloop.patch: set QUERY_MAXLEVEL 5 QUERY_MAXLOOP 500 QUERY_MAXNS 16 [SME: 10300] + +e-smith-email +- add new RAR file signatures to default mailpatterns database [SME: 11265] +- webmail is only SSL [SME: 11443] +- create -update event [SME: 11133] +- move smtp-auth-proxy to systemd [SME: 11102] +- allow creation of pseudonyms with setting of local only [SME: 3802] + +qmail +- add remote tls transport for qmail-remote [SME: 9349] +- updated release number higher than SME9 +- now TLS and EHLO are defined to allow proper compilation +- add DEBUG flag for the moment to help configuring -DDEBUG=1 + +smeserver-clamav +- fix typo and missing +x [SME: 11520] +- fix issues with non epel standard scan.conf [SME: 11520] + move clamd.conf to scan.conf + remove alias for clamtop + add a wrapper for clamdscan to force --fdpass +- ease use of clamdtop [SME: 11313] +- fix Transaction check error [SME: 11311] +- add pid folder /run/clamd/ [SME: 11103] + few improvements +- create update event [SME: 11162] +- Updated to use 0.103+ from EPEL [SME: 11194] +- Updated to use systemd for clamd [SME: 11103] +- Updated to use systemd for freshclam [SME: 11104] +- increase lower memory limit to 1GB [SME: 10833] +- fix for AllowSupplementaryGroups warning [SME: 10813] + thanks to bunkobugsy + +smeserver-dovecot +- ssl pem update via template expand in place of copy [SME: 11601] +- clean rsyslog syntax for dovecot [SME: 11422] +- add Restart=always [SME: 11101] +- fix path for event -update [SME: 11101] +- cleanup /var/service/dovecot [SME: 11101] + close logger and service from previous runit instance before starting systemd one +- add systemd drop-in expand in bootstrap-console-save, console-save, post-install, post-upgrade [SME: 11101] +- move service to systemd [SME: 11101] +- add imap idle notify interval setting [SME: 10947] +- fix typo in enabling TLSv1.2 as default [SME: 10934] +- fix typo in 35ssl template [SME: 10934] +- fix typo in createlinks [SME: 10932] +- revert property names with period in it [SME: 10934] +- add property AcceptFullEmail with enabled as default [SME: 9865] + +smeserver-qpsmtpd +- update depreacted reject_threshold to reject [SME: 11492] +- remove /usr/lib/systemd/system-preset/80-koozali-qpsmtpd.preset [SME: 10958] +- modify for clamav 0.103.0 [SME: 11210] +- roll up patches +- add Requires=runit.service (qpsmtpd & sqpsmtpd) [SME: 11245] +- fix service not enabled [SME: 11107] + remove reset-unsavedflag +- Move qpsmtpd & sqpsmtpd services to systemd [SME: 11107] +- Create smeserver-qpsmtpd-update event [SME: 11164] +- expand badrcptto_ext when needed [SME: 10638] + this avoid user, group or pseudonyms for internal purpose to be reachable + from outside +- minimum Protocol TLSv1.0 [SME: 10460] + better ciphers order. + +smeserver-spamassassin +- prevent noise in log at spamassassin call from qpsmtpd [SME: 11491] +- clean rsyslog syntax for spamd [SME: 11422] +- remove warning while trying to delete file when missing in post script [SME: 11375] +- remove spamd reference as service use spamassassin.service [SME: 11375] + migrate spamd propertie SpamLearning to spamassassin + template for /etc/sysconfig/spamassassin, revert --allow-tell option + stop spamassassin spamd and delete /etc/systemd/system/spamassassin.service link if exists +- fix typo [SME: 11361] +- fix spamd unable to load [SME: 11361] +- redirect spamd loging to spamd.log instead of message [SME: 11362] +- add requires DCC as we have built it [SME: 11065] +- fix smeserver-spamassassin-update event fix [SME: 11166] +- Start systemd migration. Remove symlinks [SME: 11224] +- remove refresh clam as this will be provided by clamav +- require spamassassin 3.4.4 + + +Server manager +e-smith-formmagick +- fix wrong PATH which makes fail grub reconfiguration [SME: 11556] +- increase CSRF timeout from 120s to 180s [SME: 10902] + added property httpd-admin{csrfTimeout} in second to override + added hability to ovarride the Timeout from panel to panel +- add update event [SME: 11136] +- add locale for CSRF [SME: 10626] +- add CSRF patch [SME: 10626] - thank you to Daniel Berteaud + +Webmail and Groupware +smeserver-horde +- fix missing call to perl module emsith::php [SME: 11489] +- clean rsyslog syntax for horde [SME: 11422] +- improved php basedir, with filtering of noise for gpg [SME: 10945] +- force SSL for horde [SME: 11443] +- fix horde not honoring switch to php-fpm 5.4 [SME: 11433] +- update mail settings for the php-pool [SME: 11431] +- spamd SpamLearning property migrated to spamassassin SpamLearning [SME: 11376] +- Configuration is not up to date, hash to update [SME: 11308] +- fix wrong template path for php55, php56 and php [SME: 11255] +- fix webmail not accessible after enabling from manager [SME: 11233] +- update rsyslog syntax [SME: 11016] + move fragment so syntax is similar to message +- remove harcoded ports [SME: 10969] +- add gpg to php base dir [SME: 10945] +- workaround logging noise caused by libsasl [SME: 10943] +- log as admin and not admin@domain for cli tasks [SME: 10910] +- fix ingo imap preferences [SME: 10912] +- allow httpd-auth for calendar, tasks access using rpc.php ... [SME: 10908] +- add smeserver-horde-update event [SME: 10909] +- avoid loss of user parameter on Primary Domain change [SME: 1005] + this will also avoid the loss of parameter if we log with a different virtualhost + horde preference is now stored with the SME username without @domain +- fix bad regex to strip domain [SME: 10224] + also we can now force Primary domain to use as default email + we can strip heading string from virtualhost domain to create email + default identity email will update as long as no other identity is created for the user +- fix typo in php-fpm patch [SME: 10872] +- remove php3 references [SME: 10866] +- remove strict and warning alert from error log [SME: 10823] +- dedicated php-fpm pool for horde [SME: 10872] +- apply patches from John H. Bennett III [SME: 10717] +- cvs admin -ko on patch1 + +Web Server +e-smith-apache +- add possibility to force https on LAN only [SME: 11511] + usefull for VPN over port 443 +- prevent httpd to fail if modSSL defined certs does not exist [SME: 10826] + default on self generated cert +- create-update event [SME: 11123] +- move httpd-e-smith to systemd [SME: 11111] + changed sigusr1 used in events to reload as defined in the unit file +- give a logger to httpd-e-smith : journald [SME: 1416] +- set default SSLStrictSNIVHostCheck to off [SME: 8693] +- add SNI support for individual certificates per VirtualHosts [SME: 8693] +- port 80 and 443 should not be hardcoded [SME: 9192] +- e-smith-apache removing hardcoded ports [SME: 10966] +- remove php3 and php4 refs [SME: 10867] +- disable TLSv1 TLSv1.1 by default [SME: 10459] + +Other fixes and updates +e-smith-base +- fix missing export [SME: 11620] +- fix issue with adding new user to the ldap db [SME: 11607] +- always renew self signed certificate [SME: 11552] + update key / crt if not signed with the right key size + default to self signed if custom cert and key are not files or not rigth type + add perl module to help handle certificates and keys + TODO: check if both key and cert are related, if not default to self signed +- fix openssl.conf not generated when openldap field are empty [SME: 11569] +- fix missing path to systemctl for add-wants [SME: 11537] +- merge dhcpdmanager custom template fragments with core [SME: 10657] +- remove templates-custom previously owned by a contrib [SME: 11508] + they got migrated as part as normal backup restore +- fix masq failing on initial boot [SME: 11479] +- removing weekly cron for ddns update, targeted script has been removed [SME: 11470] +- revert e-smith-service file [SME: 9692] +- add systemctl wrapper [SME: 11345] +- clean rsyslog syntax for dhcpd [SME: 11422] +- cleanup /etc/rc.d and /var/service [SME: 9692] +- remove klogd references [SME: 11363] +- restore part of pptp code and move to generik vpn entry [SME: 11374] +- drop dyndns core support [SME: 11415] +- fix enabled service not started on reboot [SME: 11355] + unless a power outage, as long as you reboot, halt or shutdown systemd will + be in sync +- fix console::startup run twice [SME: 11358 ] +- improve run order in systemd-default [SME: 11356] +- fix uninitialized value during post-install [SME: 11350] +- fix user with rssh shell need to be member of rsshusers group [SME: 9155] +- add missing /sbin/e-smith/bootstrap-runlevel7 [SME: 11318] +- fix typo for isolate [SME: 11246] +- separate bootstrap-console from run level service launch [SME: 11318] +- only run isolate if sme-server.target is not active [SME: 11246] +- update system-preset usr/lib file [SME: 10958] +- fix loss of httpd basic auth [SME: 11309] +- fix services starting when they are in Wants= for sme-server.target and preset disabled [SME: 11247] +- rewrite of manageRAID.pl and add_drive_to_raid for SME10 [SME: 10918] +- added gdisk as a dependency to support GPT systems +- fix modSSL key crt and keychain files really exist [SME: 11252] +- add ldap.init as exception for preset +- fix init-accounts [SME: 9642] +- validate modSSL key crt and keychain files really exist [SME: 11252] + if not we use self generated +- drop pptpd support [SME: 11250] +- add bash-completion [SME: 11244] +- improve local service to systemd [SME: 11119] + now run rc.local file as part of the event +- move local service to systemd [SME: 11119] + make it run /etc/rc.d/rc.local + cleaning /var/service/syslog still there +- workaround drop-in install section ignored by systemctl preset [SME: 11231] + some cleanup +- remove S95reset-unsavedflag [SME: 11229] +- add exclusion for lpd [SME: 11006] +- execute systemd-reload before service adjust in events [SME: 11228] +- fix ExecStart for raidmonitor [SME: 11094] +- fix permission for /sbin/e-smith/systemd/mdmonitor-pre [SME: 11094] +- Don't ask for confirmation to save changes on first install configuration [SME: 11193] +- Fix RAID detection regex for disk redundancy screen [SME: 10918] +- add Install part of systemd unit [SME: 11100] +- move dhcpd to systemd [SME: 11100] +- get dhcpd log out of message [SME: 2408] + also configure logrotate for /var/log/dhcpd/dhcpd.log and /var/log/dhcpd/current +- reverte previous changes for service2adjust and util.pm [SME: 11177] + files are owned by e-smith-lib +- allow more systemctl controls [SME: 11177] + convert unrecognized signals from service2adjust in events for systemd + handle unsupervised services the same way supervised were in adjust-services + make service-status only log when service disabled and not fail it +- add template for /etc/systemd/system-preset/49koozali.preset [SME: 11174] + +e-smith-devtools +- netlogon.bat +x [SME: 11566] +- add update event [SME: 11126] + +e-smith-domains +- setup dns services on domain creation and other events [SME: 10115] +- avoid encoding of utf strings in domain table [SME: 11391] + this will mess with some languages +- Create e-smith-domains-update event [SME: 11128] + +e-smith-grub +- set missing locale if update-grub called by server-manager [SME: 11559] +- fix unable to boot on a non xfs root filesystem [SME: 11365] +- cleanup remove /boot/grub dir [SME: 11354] +- Add support for EFI systems [SME: 10998] +- add update event [SME: 11137] + +e-smith-lib +- update copyright dates, and make it easier to change from spec file [SME: 11570] +- partial revert of signals [SME: 11177] + signal s not passed to runit services (dnscache*, qmail, qpsmtpd...) + services handled by systemd crash if they do not have Restart=always defined +- add support for signals SIG* with systemd [SME: 11177] + fix typo for reload-or-try-restart + unsupervised services: really stop when disabled and start stopped enabled ones +- remove error when sending sighup event [SME: 11177] +- allow more systemctl controls [SME: 11177] + convert unrecognized signals from service2adjust in events for systemd + handle unsupervised services the same way supervised were in adjust-services +- create e-smith-lib-event [SME: 11141] +- add support for systemctl reload-or-restart, try-restart, enable -now [SME: 10848] + +e-smith-nutUPS +- fix start ordering nut.service [SME: 11488] +- fix ExecStartPre path for /usr/lib/tmpfiles.d/nut-run.conf [SME: 11488] +- fix ExecStartPre path for nut.service [SME: 11488] +- fix template path for monitor [SME: 9423] +- Fix preset line endings in 49-koozali.preset [SME: 11215] +- add update event to avoid reboot [SME: 11146] +- adapt nut UPS for systemd [SME: 9423] + +e-smith-packetfilter +- fix dropin file not expanded on initial installation [SME: 11528] +- fix noise on logrotate, doing a restart instead of reload [SME: 11451] +- move ulogd to systemd [SME: 11426] +- require ulogd 2 [SME: 11426] +- remove pptpd last references [SME: 11420] +- remove /usr/lib/systemd/system-preset/80-koozali-packetfilter.preset [SME: 10958] +- drop pptpd support [SME: 11251] +- launch masq using systemd unit [SME: 11089] +- create event to avoid reboot on update [SME: 11122] + +e-smith-radiusd +- remove services2adjust in bootstrap-console-save event, this put systemd in a loop [SME: 11602] +- ssl pem using template in place of copy [SME: 11602] +- radiusd needs ldap started before [SME: 11302] +- add Restart=always [SME: 11113] + change group of pem file to radiusd +- create -update event [SME: 11155] +- move radiusd to systemd {SME: 11113] + remove noise from spec file +- fix server restartting with virtual_server error [SME: 10853] + +smeserver-release +- Bump new rpm for sme 10.0 final +- Bump new rpm for sme10 release candidate 1 +- updating release number everywhere [SME: 11366] +- Bump release to 1 as buildsys believe 1.alpha5 is newer than 0.beta1 [SME: 11317] +- Bump new rpm for sme10 beta1 [SME: 11317] +- add update event [SME: 11165] +- Bump new rpm for sme10 alpha5 + +smeserver-support +- fix copyright date and make it easier to update from spec file [SME: 11568] +- fix typo and wording [SME: 11535] +- add update event [SME: 11167] +- revert update of samba using upstream CentOS repo [SME: 11196] +- obsoletes e-smith-starterwebsite [SME: 8903] + +smeserver-yum +- no reboot needed for systemd-python [SME: 11609] +- fix services stop on removal [SME: 11510] +- run navigation-conf when a panel is installed [SME: 11507] +- migrate back to normal CentOS mirrors after el6 EOL [SME: 11477] +- version 2 with + deleting yum{eolversion} if for previous release or not yet eol + better handling of conditions +- avoid reboot on removal of smeserver-* rpms [SME: 11458] +- navigation-conf when a panel is installed +- fix wrong path for rsyslog.conf [SME: 11364] +- remove noise in yum process "overriding all signals, forcing restart" [SME: 11372] +- packages installed logged both in yum.log and message [SME: 11364] +- set priority to 10 for remi-safe [SME: 11360] +- fix poor handling of service adjusting and action order [SME: 11300] + now a temp event is created + also better logging, better handling of update vs removal +- make yum dbs service fork [SME: 11243] + now smeserver.py plugin call the service + yum-modify can use the service restart + yum.service is its own service, not called by local.service +- move yum upate db service to systemd [SME: 11180] +- fix -update events not runt on package upgrade [SME: 11184] + lower noise on forced restart +- fix switch to vault BaseURL for CentOS [SME: 11227] +- add remi-safe as base repo [SME: 11179] +- smeserver-yum-update event created [SME: 11168] +- fix separate action before template, and after service [SME: 11175] + run all actions with post-upgrade as default event +- fix some templates not expanded [SME: 11121] +- fix smeserver.py not executing action because of wrong path [SME: 11047] +- fix error when key absent of a dict of smeserver plugin at clean stage [SME: 10931] +- avoid missing template error after removal of a rpm [SME: 10846] +- restart php-fpm services when needed [SME: 10873] +- applying patch [SME: 10690] +- fix NameError: global name 'yum_update_dbs' is not defined [SME: 6940] +- use yum-cron with autoupdate feature [SME: 10690] + +These are either not SME modified Packages, or are kernel mods. +clamav +libprelude +sendmail + +The changelogs are written per package On behalf of the Koozali SME Server development team +- Compilation of release data is thanks to scripts developed by Ian Wells and substantially improved by Jean Phillipe Pialasse + +Terry Fage