--- cdrom.image/sme10/README.txt 2017/05/31 17:36:06 1.2 +++ cdrom.image/sme10/README.txt 2021/03/22 04:57:48 1.10 @@ -1,32 +1,41 @@ -Koozali SME Server 10 Alpha 2 Release -===================================== - -31 May 2017 - -The Koozali SME Server development team is pleased to announce the release of -SME Server 10 Alpha 3 which will be the next major release of SME Server. +Koozali SME Server 10 Release Candidate 1 Release Notes "Justine" +============================================ +These are draft only and are in a constant state of update. + +19 Mar 2021 + +The Koozali SME Server development team is pleased to announce the +release of SME Server 10 RC 1 which will be the next major release of +SME Server. Code named "Justine" This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. -*************************** -Koozali SME Server users should not upgrade production servers to this release -but those who can are encouraged to load the alpha to a dedicated test machine -and take part in the testing phase. -*************************** +********************************************************** +Koozali SME Server users should not upgrade production servers to this +release but those who can are encouraged to load the release to a +dedicated test machine and take part in the testing phase. +********************************************************** -Some notes on Koozali SME Server 10 can be found at +Some notes on Koozali SME Server 10 can be found at https://wiki.contribs.org/SME_Server_10.0_Development +SME10 Roadmap - RC 1 +https://wiki.contribs.org/SME10_Roadmap#SME_10_RC_1 + Bug reports and reports of potential bugs should be raised in the bug tracker (and only there, please); - https://bugs.koozali.org/ + https://bugs.koozali.org/ + +Copy of releaase notes may be found here: +https://lists.contribs.org/pipermail/updatesannounce/2021-March/ Download ======== You can download SME Server 10 from https://mirror.koozali.org/smeserver/releases/testing/10/ -or for other methods see https://wiki.koozali.org/SME_Server:Download +or for other methods see: +https://wiki.koozali.org/SME_Server:Download Please note it may take up to 48 hours for mirrors to finish syncing, during this time you may experience problems. @@ -46,414 +55,488 @@ meeting our expenses, such as hosting co As such, we ask for a donation to offset costs and fund further development. -a) If you are a school, a church, a non-profit organisation or an individual -using SME Server for private purposes, we would appreciate you to contribute -within your means toward the costs associated with hosting, maintenance and -development. - -b) If you are a company or an integrator and you are deploying SME Server in -the course of your work to generate revenue, we expect you to make a donation -commensurate with the level of revenue you generate and the number of servers -your have in the field. Please, help the project +a) If you are a school, a church, a non-profit organisation or an +individual using SME Server for private purposes, we would appreciate +you to contribute within your means toward the costs associated with +hosting, maintenance and development. + +b) If you are a company or an integrator and you are deploying SME +Server in the course of your work to generate revenue, we expect you to +make a donation commensurate with the level of revenue you generate and +the number of servers your have in the field. Please, help the project Please visit https://wiki.koozali.org/Donate to donate. Koozali Inc is happy to supply an invoice for any donations received, -simply email treasurer@koozali.org +simply email treasurer at koozali.org Notes ===== -In-place upgrades are not supported. It is necessary to backup and then restore. -(Remember, testing purpose only) +In-place upgrades are not supported. It is necessary to backup and then +restore. (Remember, testing purpose only), + +Restore of a sme9 console or workstation backup is now fully supported + +Single disk install no longer creates a degraded Raid1 array, Two or more disks +will be created as a Raid1-6 array, see wiki https://wiki.contribs.org/Raid + +The spare handling for RAID arrays is now implemented. + +Support for further Raid configuration on install is now implemented - see wiki + +New Server-Manager Framework, Mojolicious, is now well on the way to full implementation + +USB installs are once again fully supported, +Note: it is important to use proposed apps to create the boot media +See: https://wiki.koozali.org/Install_From_USB + +Netinstall is once again fully supported -The spare handling for RAID arrays is not implemented. +Install to a system supporting a UEFI BIOS is also now fully supported -USB installs are now supported, see: https://wiki.koozali.org/Install_From_USB +Console backup, and workstation backup to removable storages is now fully supported. -Current installer is still branded CentOS. A kickstart script allows you to go through the graphical installation process. If your disk is not empty, you will need to use the Anaconda interface to format it and partition it. If it is empty all is automatic. You will have to set your root password twice: once during Anaconda installation (you could use a lame password), a second time in the Koozali SME server configuration process. +A plethora of other under the hood changes, too numerous to list + +The work that has gone into getting SME 10 to this stage has been enormous, an attempt to list +and detail the work that has been done in recent months would not do justice to the effort +contributed by the following, + +thank you one and all: + +Jean Phillipe Pialasse +Michel Begue +Brian Read +Catton Durbrow +Chris Sansom-Ninnes +Jean-pierre Odion +Zsolt Vasarhelyi +John Crisp + +there have also been many others who have done what they can, thank you: + +The changes that have been implemented to ensure the Koozali Sme Server way is fully implemented +have been far reaching, far to many to try and list, suffice to say long live "Justine". Major changes in this release ============================= -This release is based on CentOS 7 +This release is based on CentOS 7.# Changes in this release ======================= -see above +see above and below, to much to list General features ================ -- Based on CentOS 7.2.1511 and all available updates +- Based on CentOS 7.9.2009 and all available updates Detailed changes in this release ======================= -Only the changes since SME Server 10 Alpha2 are listed, mainly +Only the changes since SME Server 10 Alpha5 are listed, mainly autogenerated from the changelogs. Packages altered by Centos, Redhat, and Fedora-associated developers are not included. -General features - Based on CentOS 7.2.1511 and all available updates +The changelogs are written per package -Backups +SME built or modified packages - ChangeLogs + +19 March 2021 +Backups e-smith-backup -- added lock during backup to avoid multiple instance running [SME: 9127] -- code from Stefano Zamboni -- added support back to ext2 and ext3 [SME: 9299] -- fix removable device detection [SME: 9299] -- console restoration can be launched again from console [SME: 9550] -- fixed bug on the dar catalog when backups are not added in it [SME: 9563] -- Added e-smith-backup-2.6.0.bz9563.UpdateDarCatalogFollowingBackups.patch -- Remove the dar exclusion message in the email if there is no exclusion. -- Modified e-smith-backup-2.6.0.Do_Dar_Exclusion.patch [SME: 9633] -- Added two commented files backup.{include,exclude} in /etc/backup-data.d -- Modified e-smith-backup-2.6.0.Add_Or_Remove_Path_In_Backup.patch [SME: 9607] -- Add or remove path in your backup by a file *.include and *.exclude -- Added e-smith-backup-2.6.0.Add_Or_Remove_Path_In_Backup.patch [SME: 9607] -- Test if the remote host (cifs/nfs) is up, else save and display a warning. -- Added e-smith-backup-2.6.0.bz9090.Testing_the_remote_host_parameters.patch [SME: 9090] -- The 'tar backup to desktop' of the backup panel takes consideration of exclusion -- Added e-smith-backup-2.6.0.Do_Tar_Exclusion_In_Panel.patch [SME: 9635] -- The 'dar workstation backup' of the backup panel takes consideration of exclusion -- Added e-smith-backup-2.6.0.Do_Dar_Exclusion.patch [SME: 9633] -- The 'tar backup' of the console takes consideration of exclusion and display a page with the exclusion content -- e-smith-backup-2.6.0.Do_Tar_Exclusion_In_the_console.patch [SME: 9635] +- fix dar restore replacing rootdir symlinks by folders [SME: 11424] +- Remove duplicate gunzip call in perform_restore [SME: 11266] +- Remove debug output of device names +- Revert BlockDevices.pm and backup call to not filter to removable drives +- Replace hal-* calls with BlockDevices [SME: 11319] +- add update event [SME: 11124] +- Added /etc/backup-data.d to backup paths [SME: 10245] +- Added error handling to restore using pipe pattern from perform_backup [SME: 3139] +- Made reboot optional after console restore +- Fixed bootstrap restore not activating config changes [SME: 10921] +- Manually added ext2 and ext3 to Block Device file system check where ext4 present +- updated Block Device discovery to fix recovery from console [SME: 8244] +- Credit to Catton Durbrow File Server - e-smith-proftpd -- fix typos [SME: 6804] -- set default as required -- NB: client must be set as active connection, not passive -- updated patch for certificate chain -- Thanks to Daniel Berteaud -- Adding TLS support to proftp configuration [SME: 6804] -- default is enabled but not required, only TLSv1.1 and v1.2 -e-smith-samba -- fix outlook error code 0x8004011c [SME: 10169] -- when setting up and email account on a win10 computer joined to a domain (with roaming profiles) -- add systemd skip redirect [SME: 9688] -- Fix deprecated syntax '~' in rsyslog [SME: 9398] -- added e-smith-samba-2.6.0.bz9398.DeprecatedRsyslogSyntaxSamba.patch -proftpd -- AllowChrootSymlinks off could cause login failures depending on filesystem -permissions: use the IDs of the logging-in user to perform the directory -walk, looking for symlinks, to be more consistent with similar checks done -during login (#1443507, upstream bug 4306) -- Crypt::CrackLib always available now -- Update to 1.3.5e -- SFTP clients using umac-64@openssh.com digest failed to connect -(upstream bug 4287) -- SFTP rekeying failure with ProFTPD 1.3.5d, caused by null pointer -dereference (upstream bug 4288) -- AllowChrootSymlinks off did not check entire DefaultRoot path for symlinks -(CVE-2017-7418, upstream bug 4295) -- Change shellbangs in shipped perl scripts to use system perl -- Drop EL-5 support -- Drop BuildRoot: and Group: tags -- Drop explicit buildroot cleaning in %install section -- Drop explicit %clean section -- /etc/pam.d/password-auth always available now -- pcre 7.0 or later always available now -- Properly allocate (and clear) the UMAC contexts, to fix segfault in mod_sftp -(#1420365, upstream bug 4287) -- Update to 1.3.5d -- Support OpenSSL 1.1.x API (upstream bug 4275) -Bug fixes: -- SSH rekey during authentication can cause issues with clients -(upstream bug 4254) -- Recursive SCP uploads of multiple directories not handled properly -(upstream bug 4257) -- LIST returns different results for file, depending on path syntax -(upstream bug 4259) -- "AuthAliasOnly on" in server config breaks anonymous logins -(upstream bug 4255) -- CapabilitiesEngine directive not honored for / sections -(upstream bug 4272) -- Memory leak when mod_facl is used (upstream bug 4278) -- All FTP logins treated as anonymous logins again (upstream bug 4283, -regression in 1.3.5c of upstream bug 3307) -- Handle client/server version skew in mod_sql_mysql -(https://forums.proftpd.org/smf/index.php?topic=11887.0) -- Fix a possible cause of segfaults in mod_sftp (#1337880, upstream bug 4203) -- See if we can fix crash in mod_lang -- BR: perl-generators for correct dependencies in utils sub-package -- Prefer %global over %define +- cleanup in /etc/rc.d [SME: 9692] +- redirect log away from message [SME: 11384] +- fix circular Conflict with proftpd [SME: 11357] +- improve protect from proftpd.service running [SME: 11106] +- protect from proftpd.service running in place of ftp.service [SME: 11106] +- remove system-preset file from usr [SME: 10958] +- SSL crt and key to self signed if path does not exist [SME: 11316] +- add Requires=runit.service [SME: 11245] +- execute systemd-reload before service adjust in events [SME: 11228] +- remove S95reset-unsavedflag [SME: 11229] +- Remove ftp from 'init.d/supervise' [SME: 11106] [SME: 11150] +- Move ftp service to systemd [SME: 11106] +- Create e-smith-proftpd-update event [SME: 11150] -LDAP +e-smith-samba +- clean rsyslog syntax for smbd and nmbd [SME: 11422] +- fix noise in message log from nmbd and smbd redirected to dedicated logs [SME: 11349] +- allow using user-create-profiledir action with temp or package-update events [SME: 11348] +- fix log noise for smb.service [SME: 11157] +- add Restart=always [SME: 11118] +- add Restart=always [SME: 11117] +- migrate nmbd to systemd [SME: 11118] +- migrate smbd to systemd [SME: 11117] +- create general smb.service service +- create e-smith-samba-update event [SME: 11157] +- Fix mutex locking [SME: 11199] +- Fix pid directory [SME: 11198] +- Add /etc/krb5.conf as template using templates from smeserver-samba[SME: 11093] +- remove win98pwdcache.reg from server-resources [SME: 9060] +- set min server and client protocol SMB2 [SME: 10576] +- add check so max always greater than min +- add port 445 if min server protocol is SMB2 or SMB3 [SME: 10963] -e-smith-ldap -- Disable SSLv3, but keep the possibility to enable it again [SME: 10108] -- Better default cipher suite, and honor global suite [SME: 10108] -- systemd skip redirect [SME: 9688] -- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, - -Localisation - -smeserver-locale -- apply 2017-04-26 translation patch [SME: 10252] -- updated donate patch to correct location https://wiki.koozali.org/Donate [SME: 9595] -- applied smeserver-locale-2.6.0-locale-2017-03-03 -- Added translations smeserver-locale-2.6.0-locale-2016-07-17.patch -- fix wrongly converted http to https in -- URL starting with http:// or ftp:// -- fix path to documentations (wiki) [SME: 9595] -- convert all koozali url to https -- change http://www.smeserver.org\donate to https://wiki.koozali.org/donate [SME: 9595] -- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, -- change contribs.org to koozali.org [SME: 9595] Mail Server - e-smith-email -- fix webmail status not displaying correctly in manager [SME: 9594] -- More change from smtpd to qpsmtpd in masq templates [SME: 9561] -- Replace smtpd with qpsmtpd in smtp-auth-proxy [SME: 9554] -e-smith-pop3 -- Honor ConcurrencyLimit and ConcurrencyLimitPerIP prop for pop3 and pop3s -[SME: 10271] -e-smith-qmail -- Add possibility to exclude users or members of other groups from group -email address [SME: 9523] -qmail -- added documentation [SME: 9705] -- added binaries ipmetest et ipmeprint to help configuration -- add moreip to avoid loop [SME: 9705] -- patch from Scott Gifford -- remove qmail-0.0.0.0.patch as it is included -- Consider literal <> as null sender [SME: 9884] -qpsmtpd -- Removed Message-Id validation, as it rejects MS account validation email [SME: 10139] -- fix whitelist plugin to support helo with naughty rejecting at mail stage [SME: 10112] -- Validate domains found in uribl with Data::Validate::Domain [SME: 9467] -- Use eval to fetch dkim policies, prevent fatal errors in case of DNS -timeout [SME: 9480] -- Remove karma rcpt handling (buggy and doesn't make a lot of sense) -[SME: 9462] -qpsmtpd-plugins -- remove whitelit_soft [SME: 10126] +- webmail is only SSL [SME: 11443] +- create -update event [SME: 11133] +- move smtp-auth-proxy to systemd [SME: 11102] +- allow creation of pseudonyms with setting of local only [SME: 3802] + smeserver-dovecot -- Better default cipher suite, and honor global suite [SME: 10110] +- clean rsyslog syntax for dovecot [SME: 11422] +- add Restart=always [SME: 11101] +- fix path for event -update [SME: 11101] +- cleanup /var/service/dovecot [SME: 11101] + -close logger and service from previous runit instance before starting systemd one +- add systemd drop-in expand in bootstrap-console-save, console-save, post-install, post-upgrade [SME: 11101] +- move service to systemd [SME: 11101] +- add imap idle notify interval setting [SME: 10947] +- fix typo in enabling TLSv1.2 as default [SME: 10934] +- fix typo in 35ssl template [SME: 10934] +- fix typo in createlinks [SME: 10932] +- revert property names with period in it [SME: 10934] +- add property AcceptFullEmail with enabled as default [SME: 9865] + smeserver-qpsmtpd -- Turn DMARC reporting off by default [SME: 10303] -- update patch smeserver-qpsmtpd-2.6.0-smtpd_to_qpsmtpd.patch [SME: 9478] -- Greeting property was still attached to smtpd in a template -- updated regex for RBL and SBL in smeserver-qpsmtpd-2.6.0-change_rbl_sbl_list_separator.patch -- to take into account list using a subdomain [SME: 10123] -- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, -- Turn SPF and DMARC rejects off by default [SME: 9664] -- Fix disabling DMARC reporting [SME: 9206] -- Add missing tnef2mime and MaximumDateOffset to qpsmtpd [SME: 9560] -smeserver-spamassassin -- Rewrite spamd run script to add support for --allow-tell [SME: 10137] +- remove /usr/lib/systemd/system-preset/80-koozali-qpsmtpd.preset [SME: 10958] +- modify for clamav 0.103.0 [SME: 11210] +- roll up patches +- add Requires=runit.service (qpsmtpd & sqpsmtpd) [SME: 11245] +- fix service not enabled [SME: 11107] +- remove reset-unsavedflag +- Move qpsmtpd & sqpsmtpd services to systemd [SME: 11107] +- Create smeserver-qpsmtpd-update event [SME: 11164] +- expand badrcptto_ext when needed [SME: 10638] +- this avoid user, group or pseudonyms for internal purpose to be reachable +- from outside +- minimum Protocol TLSv1.0 [SME: 10460] +- better ciphers order. Server manager +e-smith-formmagick +- increase CSRF timeout from 120s to 180s [SME: 10902] +- added property httpd-admin{csrfTimeout} in second to override +- added hability to ovarride the Timeout from panel to panel +- add update event [SME: 11136] +- add locale for CSRF [SME: 10626] +- add CSRF patch [SME: 10626] - thank you to Daniel Berteaud e-smith-manager -- add a panel to ease reporting bugs [SME: 8783] -- Original work from Mats Schuh m.schuh@neckargeo.net -- fix warning uninitialized value in lc [SME: 10209] -- fix typo in e-smith-manager-2.8.0-bz10167-emptyback.patch -- avoid internal server error if empty back parameter [SME: 10167] -- return user friendly message -- fix too short timeout in server-manager [SME: 9921] -- now 30 min as default instead of 5 -- possibility to change this and adapt the default 0.66 of timeout remaining to reset it -- by default only a session cookie, can activate persistent cookie -- sha256 as encryption. -- fix bad redirection parameter that might reveal session information to remote site [SME: 9924] -- added missing template-begin for tkt.css [SME: 9676] -- Update server-manager to Koozali branding [SME: 9676] -- We thanks John Crisp for his wonderful work. -- change link for donation to koozali.org [SME: 9599] -- Fix syntax for removing Indexes options [SME: 9587] -- Remove index option for manager's resources [SME: 9587] -- fix 307 redirection to http when https is used [SME: 8825] [SME: 9583] -- update syntaxe for TKT Auth -- bump 8 for typo -- Fix a syntax error in server-manager's logout script [SME: 9527] -e-smith-starterwebsite -- fix can't chownfile index file [SME: 9900] +- take 2 wrong system mode reported in bugreport [SME: 10448] +- fix wrong system mode reported in bugreport [SME: 10448] +- create -update event [SME: 11144] +- migrate httpd-admin to systemd [SME: 11110] +- removing hardcoded ports [SME: 10967] +- Add a FollowSymlinks for user-password in password/cgi-bin (perl-suid) [SME: 9677] +- update apache icon path [SME: 9591] +- add message to indicate EOL after Jun 30 2024 fix [SME: 10170] + perl-CGI-FormMagick -- fix uninitialized value $what_to_make in lc [SME: 10210] -php -- bz2: fix improper error handling in bzread() CVE-2016-5399 -- gd: fix integer overflow in _gd2GetHeader() resulting in -heap overflow CVE-2016-5766 -- gd: fix integer overflow in gdImagePaletteToTrueColor() -resulting in heap overflow CVE-2016-5767 -- mbstring: fix double free in _php_mb_regex_ereg_replace_exec -CVE-2016-5768 -- don't set environmental variable based on user supplied Proxy -request header CVE-2016-5385 -- fix segmentation fault in header_register_callback #1344578 -- curl: add options to enable TLS #1291667 -- mysqli: fix segfault in mysqli_stmt::bind_result() when -link is closed #1096800 -- fpm: fix incorrectly defined SCRIPT_NAME variable when -using Apache #1138563 -- core: fix segfault when a zend_extension is loaded twice #1289457 -- openssl: change default_md algo from MD5 to SHA1 #1073388 -- wddx: fix segfault in php_wddx_serialize_var #1131979 -- session: fix segfault in session with rfc1867 #1297179 +- increase default timeout, allow setting from outside [SME: 10902] +- add timeout [SME: 10626] +- update CSRF patch [SME: 10626] +- add requires perl(Session::Token) [SME: 10626] +- fix add CSRF patch [SME: 1723] - thank you to Daniel Berteaud Webmail and Groupware +smeserver-horde +- clean rsyslog syntax for horde [SME: 11422] +- improved php basedir, with filtering of noise for gpg [SME: 10945] +- force SSL for horde [SME: 11443] +- fix horde not honoring switch to php-fpm 5.4 [SME: 11433] +- update mail settings for the php-pool [SME: 11431] +- spamd SpamLearning property migrated to spamassassin SpamLearning [SME: 11376] +- Configuration is not up to date, hash to update [SME: 11308] +- fix wrong template path for php55, php56 and php [SME: 11255] +- fix webmail not accessible after enabling from manager [SME: 11233] +- update rsyslog syntax [SME: 11016] +- move fragment so syntax is similar to message +- remove harcoded ports [SME: 10969] +- add gpg to php base dir [SME: 10945] +- workaround logging noise caused by libsasl [SME: 10943] +- log as admin and not admin@domain for cli tasks [SME: 10910] +- fix ingo imap preferences [SME: 10912] +- allow httpd-auth for calendar, tasks access using rpc.php ... [SME: 10908] +- add smeserver-horde-update event [SME: 10909] +- avoid loss of user parameter on Primary Domain change [SME: 1005] +- this will also avoid the loss of parameter if we log with a different virtualhost +- horde preference is now stored with the SME username without @domain +- fix bad regex to strip domain [SME: 10224] +- also we can now force Primary domain to use as default email +- we can strip heading string from virtualhost domain to create email +- default identity email will update as long as no other identity is created for the user +- fix typo in php-fpm patch [SME: 10872] +- remove php3 references [SME: 10866] +- remove strict and warning alert from error log [SME: 10823] +- dedicated php-fpm pool for horde [SME: 10872] +- apply patches from John H. Bennett III [SME: 10717] +- cvs admin -ko on patch1 -Web Server - -e-smith-php -- clean daily session and tmp folders [SME: 9626] -- updated path for ibays' session and tmp folders to /var/cache -- add tmp folder to ibays [SME: 7011] -- add session folder to ibays [SME: 9620] -- change global session folder from /tmp to /var/lib/php/session/ [SME: 139] - Other fixes and updates - e-smith-base -- Expand route-bond0 when nic bonding is enabled [SME: 10272] -- improve regex to catch local [SME: 9724] -- change smtpd to qpsmtpd for default service access [SME: 9478] -- add translation links for manager to most language variations we support [SME: 11121] -- prevent restoration from being called on regular and post-upgrade reboot [SME: 9550] -- console restoration can be launched again from console -- Use ip route syntax to define routes to local network [SME: 10083] -- Allow /32 masks on the external interface, in which case we don't -check if the gateway is on the correct network) [SME: 9610] -- fix config db locale property [SME: 9724] -- adapt e-smith service command to systemd [SME: 9672] -- add systemd skip redirect to e-smith-service [SME: 9688] -- fix broken link /etc/init.d/supervise/local link [SME: 9687] -- fix mysqld to mariadb [SME: 9438] -- fix missing path to chkconfig [SME: 9641] -- Fix deprecated syntax '*' in rsyslog [SME: 9398] -- Added e-smith-base-5.8.0.bz9398.DeprecatedRsyslogSyntax.patch -- Set the hostname by hostnamectl [SME: 9631] -- Stefano Zamboni -- fix Lang and keyboard layout configured are not used [SME: 9539] -- Fix display of email forward fields since smtpd entry has been merged -qpsmtpd [SME: 9552] -e-smith-devtools -- added grub2 directories to ignore list [SME: 10325] -- Quote filenames in genfilelist so filenames containing spaces are correctly -handled [SME: 9750] +- fix masq failing on initial boot +- removing weekly cron for ddns update, targeted script has been removed [SME: 11470] +- revert e-smith-service file [SME: 9692] +- add systemctl wrapper [SME: 11345] +- clean rsyslog syntax for dhcpd [SME: 11422] +- cleanup /etc/rc.d and /var/service [SME: 9692] +- remove klogd references [SME: 11363] +- restore part of pptp code and move to generik vpn entry [SME: 11374] +- drop dyndns core support [SME: 11415] +- fix enabled service not started on reboot [SME: 11355] +- unless a power outage, as long as you reboot, halt or shutdown systemd will +- be in sync +- fix console::startup run twice [SME: 11358 ] +- improve run order in systemd-default [SME: 11356] +- fix uninitialized value during post-install [SME: 11350] +- fix user with rssh shell need to be member of rsshusers group [SME: 9155] +- add missing /sbin/e-smith/bootstrap-runlevel7 [SME: 11318] +- fix typo for isolate [SME: 11246] +- separate bootstrap-console from run level service launch [SME: 11318] +- only run isolate if sme-server.target is not active [SME: 11246] +- update system-preset usr/lib file [SME: 10958] +- fix loss of httpd basic auth [SME: 11309] +- fix services starting when they are in Wants= for sme-server.target and preset disabled [SME: 11247] +- rewrite of manageRAID.pl and add_drive_to_raid for SME10 [SME: 10918] +- added gdisk as a dependency to support GPT systems +- fix modSSL key crt and keychain files really exist [SME: 11252] +- add ldap.init as exception for preset +- fix init-accounts [SME: 9642] +- validate modSSL key crt and keychain files really exist [SME: 11252] +- if not we use self generated +- drop pptpd support [SME: 11250] +- add bash-completion [SME: 11244] +- improve local service to systemd [SME: 11119] +- now run rc.local file as part of the event +- move local service to systemd [SME: 11119] +- make it run /etc/rc.d/rc.local +- cleaning /var/service/syslog still there +- workaround drop-in install section ignored by systemctl preset [SME: 11231] +- some cleanup +- remove S95reset-unsavedflag [SME: 11229] +- add exclusion for lpd [SME: 11006] +- execute systemd-reload before service adjust in events [SME: 11228] +- fix ExecStart for raidmonitor [SME: 11094] +- fix permission for /sbin/e-smith/systemd/mdmonitor-pre [SME: 11094] +- Don't ask for confirmation to save changes on first install configuration [SME: 11193] +- Fix RAID detection regex for disk redundancy screen [SME: 10918] +- add Install part of systemd unit [SME: 11100] +- move dhcpd to systemd [SME: 11100] +- get dhcpd log out of message [SME: 2408] +- also configure logrotate for /var/log/dhcpd/dhcpd.log and /var/log/dhcpd/current +- reverte previous changes for service2adjust and util.pm [SME: 11177] +- files are owned by e-smith-lib +- allow more systemctl controls [SME: 11177] +- convert unrecognized signals from service2adjust in events for systemd +- handle unsupervised services the same way supervised were in adjust-services +- make service-status only log when service disabled and not fail it +- add template for /etc/systemd/system-preset/49koozali.preset [SME: 11174] +- this will help systemd integration in enabling and disabling services +- remove wan link +- move raidmonitor to systemd [SME: 11094] +- move network service to systemd [SME: 11090] +- move wan service to systemd [SME: 11091] +- create e-smith-base-update event [SME: 11012] +- create sme-server.target [SME: 10957] +- make sme-server.target default target +- change default target on signal-event post-upgrade, post-install, e-smith-base-update +- requires update or smeserver-php and e-smith-runit +- add an executable to check if service is enabled in e-smith db +- validate submask on remote access panel [SME: 6536] +- accept netmask bit and convert it +- validate subnet mask on local network panel [SME: 10974] +- accept netmask bit and convert it +- remove info.txt [SME: 9590] + +e-smith-dnscache +- cleanup in /etc/rc.d/ [SME: 9692] +- remove /usr/lib/systemd/system-preset/80-koozali-dnscache.preset [SME: 10958] +- add Requires=runit.service (dnscache & dnscache.forwarder) [SME: 11245] +- execute systemd-reload before service adjust in events [SME: 11228] +- remove S95reset-unsavedflag [SME: 11229] +- remove createlink safesymlink in /etc/rc.d/init.d [SME: 11097] +- remove rc7.d link [SME: 11097] +- fix actions in e-smith-tinydns-update [SME: 11127] +- Move dnscache, dnscache.forwarder services to systemd [SME: 11097] +- Create e-smith-dnscache-update event [SME: 11127] +- Modify run script to allow for loopback commmunications with other DNS +- servers on the local machine and DNS forwarding [SME: 9715] + +e-smith-domains +- avoid encoding of utf strings in domain table [SME: 11391] +- this will mess with some languages +- Create e-smith-domains-update event [SME: 11128] + e-smith-grub -- rebuild for file ownership conflict [SME: 10325] -- fix edition and consol grub terminal not visible because of koozali logo [SME: 9728] -- enable quota for groups and users with XFS [SME: 10211] -- Koozali grub splash screen -- Write the full path for the grub Action [SME: 9668] -- Added e-smith-grub-2.6.1.bz9668.AddFullPath2GrubAction.patch -- New source [SME: 9321] -- Adaptation to grub2 [SME: 9321] -e-smith-hosts -- remove reference to smtpd [SME: 9478] -- fix servicename syslog to rsylog [SME: 9691] -- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, -by assuming the date is correct and changing the weekday. -- fix mysqld to mariadb [SME: 9438] +- fix unable to boot on a non xfs root filesystem [SME: 11365] +- cleanup remove /boot/grub dir [SME: 11354] +- Add support for EFI systems [SME: 10998] +- add update event [SME: 11137] + e-smith-ibays -- fix typo thanks to Stephane de Labrusse [SME: 7011] -- ibay to ibays -- as per comment 2 of bug 0600 instead of 0700 for perms [SME: 9621] -- as discussed, moving cache and tmp out of ibay folder [SME: 9105] [SME: 9621] -- creating basedir /var/cache/e-smith/files/ibays for tmp and cache -- create tmp folder in ibays when needed [SME: 9105] -- create session folder in ibays when needed [SME: 9621] -- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, -e-smith-lib -- remove reference to smtpd in configuration.conf [SME: 9478] -- fix console startup display [SME: 9352] -- fix service name syslog to rsyslog [SME: 9691] -- fix mysqld to mariadb [SME: 9438] -- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, -- fix esmith::util::serviceControl to manage systemd service [SME: 9660] -- Added e-smith-lib-2.6.0.bz9660.serviceControlSystemd.patch +- fix patch for SSLRequireSSL [SME: 8150] +- force https if auth or dav are enabled [SME: 11407] +- merge SSL and SSLRequireSSL properties [SME: 8150] +- now SSLRequireSSL will force SSL to the html ibay directory and redirect to https +- update php properties and folders [SME: 11412] +- remove last bit of atalk [SME: 668] +- add update event [SME: 11139] +- remove hardcoded ports [SME: 10968] +- remove php3 reference [SME: 10869] +- fix apache failing if ibay has dynamic content enabled and phpmodule is disabled [SME: 10871] +- revert patch, wrong rpm [SME: 10871] +- add support for php-fpm [SME: 10871] + +e-smith-ldap +- fix ldap failing to start on initial boot + +e-smith-lib-compspec +- allow easy access to templates.metadata to expand desired files [SME: 11312] +- add update event [SME: 11142] + e-smith-mysql -- systemd skip redirect [SME: 9688] -- Corrected a typo in e-smith-mysql-2.6.0.bz9671.RemoveDummyMysqlDatabase.patch -- [SME: 9671] -- fix broken link /etc/init.d/supervise/mariadb [SME: 9686] -- Remove Dummy database from backup and restoration [SME: 9671] -- Added e-smith-mysql-2.6.0.bz9671.RemoveDummyMysqlDatabase.patch -- fix forgotten mysqld variables in various scripts [SME: 9438] -- e-smith-mysql-2.6.0-mariadb_forgotten_var.patch -e-smith-ntp -- fix wrong link to restart rsyslog [SME: 9690] +- fix wrong path for set password [SME: 11468] +- fix restore of sme9 backup fails to start mysql.init [SME: 11453] +- add property to enable mysqld slow queries log [SME: 455] +- simply use SlowQueries as the amount of second and it is enabled +- remove property to stop logging +- more mysqld/mariadb parameter available with properties /templates [SME: 4606] +- ease 4 databit characters with innodb [SME: 11404] +- redirect mariadb log from systemd to file [SME: 11425] +- fix backup fails in pre-backup in mysqldump [SME: 7827] +- expand 10mysql_upgrade and restart mysql.init on e-smith-mysql-update [SME: 11120] +- this to make sure mariadb upgrade fully and prevent residual 10mysql_upgrade stay in the way +- fix issue with 10mysql_upgrade crashing mariadb [SME: 11120] +- also removed noise from spec file +- e-smith-update event [SME: 11145] +- mariadb systemd integration [SME: 11021] +- move set.password and template +- create /usr/lib/systemd/system/mariadb.service.d/sme.conf +- create /sbin/e-smith/systemd/mariadb-initialize + chmod +- cleanup and remove old /var/service/mariadb +- mysql.init systemd integration [SME: 11120] +- create mysql_init.service + +e-smith-openssh +- clean rsyslog syntax for sshd [SME: 11422] +- increase default host key size [SME: 11359] +- redirect logging to /var/log/sshd/sshd.log and logrotate [SME: 11256] +- add support for denyhost [SME: 10939] +- move sshd to systemd [SME: 11109] +- create -update event [SME: 11147] +- add ed25519 and ecdsa hostkeys [SME: 10940] +- add Whitelist to AutoBlock using property sshd ValidFrom [SME: 9893] +- update client ciphers to use [SME: 10621] +- add ciphers, macs and KexAlgorithms for server [SME: 10937] + +e-smith-packetfilter +- move ulogd to systemd [SME: 11426] +- require ulogd 2 [SME: 11426] +- remove pptpd last references [SME: 11420] +- remove /usr/lib/systemd/system-preset/80-koozali-packetfilter.preset [SME: 10958] +- drop pptpd support [SME: 11251] +- launch masq using systemd unit [SME: 11089] +- create event to avoid reboot on update [SME: 11122] + e-smith-proxy -- fix disabling smtp proxy via SM doesn't work [SME: 9639] -- redirect squid syslog messages to /var/log/squid/squid.log [SME: 79] -- Allow custom file descriptor limit, and set default to 4096 [SME: 9912] -e-smith-quota -- enable quota for groups and users with XFS [SME: 10211] +- cleanup in /etc/rc.d and /var/service/squid [SME: 9692] + e-smith-runit -- add systemd skip redirect [SME: 9688] -e-smith-test -- remove reference to smtpd [SME: 9478] -- fix servicename syslog to rsyslog [SME: 9691] -- fix mysqld to mariadb [SME: 9438] -initscripts -- use DBUS calls directly instead of calling nmcli (bug #1422820) -- rhel-import-state: fix broken order of parameters -- import-state: copy just some attributes -- functions: systemctl show now returns an error when unit does not exist -- import-state: restore also sensitivity part of SELinux context -- network: run after network-pre.target -- ifup-eth: fix setting preferred_lft and valid_lft -- ipv6: wait for all global IPv6 addresses to leave the "tentative" state -- source_config: tell NetworkManger to load ifcfg file even for NM_CONTROLLED=no -- ifup-aliases: inherit ARPCHECK from parent device -- rhel-dmesg: don't start in containers -- ifup-eth: fix typo in error message (#1038776) -- sysctl.conf: steal comments about /usr,/etc,... from fedora's sysctl.conf -- rwtab: /var/lib/nfs needs to copy the files -- functions: improve killing loops -- ipcalc: detect invalid mask -- ifup: set valid_lft and preferred_lft to forever for static ip -- service: use systemd mangle for given service -- ifup-post: check resolve.conf also with DNS2 -- ifdown-post: remove resolv.conf only in specific cases -- spec: ghost /var/log/dmesg -- network-functions: is_available_wait should wait even in the case that is_available returns 2 -- autorelabel: turn quota off before relabeling -- autorelabel: call dracut-initramfs-restore before forced reboot -mod_auth_tkt -- fix redirection when proxy ssl [SME: 8825] [SME: 9583] +- reverting removal of deamontools [SME: 9692] +- could be needed for legacy support with rc7.d services +- cleanup of /etc/rc.d [SME: 9692] +- create e-smith-runit-update event [SME: 11156] +- also tidy target wantedby: should run from basic.target +- fix issue with Before rules in unit file [SME: 11013] +- run before network-pre.target [SME: 11088] +- enable for sme-server.target [SME: 11013] +- e-smith-test +- e-smith-tinydns +- cleanup in /etc/rc.d [SME: 9692] +- remove /usr/lib/systemd/system-preset/80-koozali-tinydns.preset [SME: 10958] +- Add 'Requires=runit.service' [SME: 11245] +- remove S95reset-unsavedflag [SME: 11229] +- execute systemd-reload before service adjust in events [SME: 11228] +- remove createlink safesymlink in /etc/rc.d/init.d [SME: 11098] +- remove rc7.d link [SME: 11098] +- fix date in changelog +- fix actions in e-smith-tinydns-update [SME: 11159] +- Move tinydns service to systemd [SME: 11098] +- Create e-smith-tinydns-update event [SME: 11159] + smeserver-release -- Bump new rpm for sme10 alpha2 -- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, -smeserver-support -- exclude samba from centos repo as we have our own with DC support [SME: 10155] -- improving link to donation [SME: 9598] -- fix hover color [SME: 9676] -- Koozali branding of manager [SME: 9676] -- new images in archive; removed old images from cvs -- updated some css smeserver-support-2.8.0-koozali_manager.patch -- reverting partly the changes in last patch [SME: 9598] -- wrong catch of proxy related url with the http to https changes -- thank to Charlie Brady for reporting -- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, -- update links to koozali.org [SME: 9598] -- Template of os-release [SME: 9580] +- Bump new rpm for sme10 release candidate 1 +- updating release number everywhere [SME: 11366] +- Bump release to 1 as buildsys believe 1.alpha5 is newer than 0.beta1 [SME: 11317] +- Bump new rpm for sme10 beta1 [SME: 11317] +- add update event [SME: 11165] +- Bump new rpm for sme10 alpha5 + smeserver-yum -- add rpmfusion free el7 RPM GPG KEY [SME: 10263] -- avoid reboot for smeserver-locale upgrade [SME: 8705] -- code by stefano zamboni -- correct service names with plugin to avoid reboot [SME: 8705] -- code by stefano zamboni -- fix KeyError with plugin to avoid reboot [SME: 8705] -- code by stefano zamboni -- remove centos contrib repo [SME: 10156] -- added centos SCLo SIG gpg rpm signing key [SME: 10119] -- will allow to install SCL packages directly from smecontribs -- Added smeserver-yum-2.6.0.bz8705.avoidReboot.patch [SME: 8705] -- code by stefano zamboni -- Avoid to reboot after the installation of a smeserver-* package -- add Remi Collet RPM GPG KEY [SME: 9903] -- Rpm updates can be downloaded during the night [SME: 1502] -- Added smeserver-yum-2.6.0.bz1502.DownloadOnly.patch -- Deltarpm is now a setting in the yum panel (disabled by default) -- Added smeserver-yum-2.6.0.bz8834.DeltaRpm.patch [SME: 8834] +- migrate back to normal CentOS mirrors after el6 EOL [SME: 11477] +- version 2 with + deleting yum{eolversion} if for previous release or not yet eol + better handling of conditions +- avoid reboot on removal of smeserver-* rpms [SME: 11458] +- navigation-conf when a panel is installed +- fix wrong path for rsyslog.conf [SME: 11364] +- remove noise in yum process "overriding all signals, forcing restart" [SME: 11372] +- packages installed logged both in yum.log and message [SME: 11364] +- set priority to 10 for remi-safe [SME: 11360] +- fix poor handling of service adjusting and action order [SME: 11300] +- now a temp event is created +- also better logging, better handling of update vs removal +- make yum dbs service fork [SME: 11243] +- now smeserver.py plugin call the service +- yum-modify can use the service restart +- yum.service is its own service, not called by local.service +- move yum upate db service to systemd [SME: 11180] +- fix -update events not runt on package upgrade [SME: 11184] +- lower noise on forced restart +- fix switch to vault BaseURL for CentOS [SME: 11227] +- add remi-safe as base repo [SME: 11179] +- smeserver-yum-update event created [SME: 11168] +- fix separate action before template, and after service [SME: 11175] +- run all actions with post-upgrade as default event +- fix some templates not expanded [SME: 11121] +- fix smeserver.py not executing action because of wrong path [SME: 11047] +- fix error when key absent of a dict of smeserver plugin at clean stage [SME: 10931] +- avoid missing template error after removal of a rpm [SME: 10846] +- restart php-fpm services when needed [SME: 10873] +- applying patch [SME: 10690] +- fix NameError: global name 'yum_update_dbs' is not defined [SME: 6940] +- use yum-cron with autoupdate feature [SME: 10690] + +These are either not SME modified Packages, or are kernel mods. + +clamav +libprelude +sendmail + +The changelogs are written per package On behalf of the Koozali SME Server development team +- Compilation of release data is thanks to scripts developed by Ian Wells and substantially improved by Jean Phillipe Pialasse + +Terry Fage -On behalf of the Koozali SME Server development team