--- cdrom.image/sme8/README.txt 2009/06/06 23:51:54 1.1 +++ cdrom.image/sme8/README.txt 2012/05/22 07:46:08 1.15 @@ -1,165 +1,443 @@ -SME Server 7.3 Release Notes -============================ - -January 1 2008 - -The SME Server development team is pleased to announce the release of -SME Server 7.3. This release is based on CentOS 4.6 and all packages -have been updated to the latest releases. - - -All SME Server users should upgrade to this release. - - -Bug reports and reports of potential bugs should be raised -in the bug tracker (and only there, please); - - http://bugs.contribs.org/ - - -About SME Server -================ - -SME Server is the leading Linux distribution for small and medium -enterprises. SME Server is brought to you by SME Server, Inc. -( http://www.smeserver.org/ ), a non-profit corporation that exists to -provide marketing and legal support for SME Server. - -SME Server is freely available under the GNU General Public License -and is only possible through the efforts of the SME Server community. -However, the availability and quality of SME Server is dependent on -meeting our expenses, such as hosting costs, server hardware, etc. - -As such, we ask for a small donation to offset costs and fund further -development. - -Please visit http://www.smeserver.org/donate/ to donate. - - -Thanks ------- -The development team would like to thank all of those involved in -this release. However, this distribution cannot continue with the -current level of support. More people are required to help with -bug triage and verification testing. - - -This release contains many new features, all released updates for -SME Server 7.2 and fixes for many reported problems. Upgrades -will be available by CD, the Software Installer and command line. - - -Upgrades -======== - -- Always perform a backup prior to major system upgrades - -- An upgrade will preserve the existing data - - -Changes in this release -======================= - - -Installer Options ------------------ -- Using "sme multipart" boot parameter now enables quotas on all LVM's - see bug 3651 on how to create your quota files - - -Other mail system changes -------------------------- -- Support for disconnect option in rhsbl plugin -- Support for disconnect immediately if dnsbl plugin rejects recipient - addresses -- Newer version of ipsvd to resolve a few Thunderbird issues -- Support for configurable timeouts which by default is set to two minutes - - -Console -------- -- Now able to remove Corporate DNS setting -- Raid reconstruction now finishes after using "sme nolvm" passed at install - time - - -Backups -------- -- Ability to use console restore with CD or DVD recordable media -- Remove smbpasswd file prior to restore - - -Localisation ------------- -- The fr-fr browser language is now supported -- Italian translation minor update - - -Software Installer ------------------- -- The voxteneo.com and fullnet.co.uk mirrors has been added as a mirror - location. Many thanks to all of our mirrors -- Removed planetmirror mirror due to being unstable for a number of months -- Added smecontribs repository to smeserver - - -Webmail -------- -- Horde, imp, turbo and ingo have been updated to the latest versions - - -Server manager --------------- -- Updated wording in Server manager > proxy to be correct when running in - serveronly mode -- Now able to remove settings in the Corporate DNS panel -- Make qpsmtpd/state visible in the view log files -- Convert squid timestamp in view log files -- Since we moved to session-based login changing admin password does no - longer invalidate access to server manager -- Added support if you use port-forwarding with an external dynamic ip - address - - -Other fixes and updates ------------------------ -- More changes have been made in preparation for migration to CentOS5 -- Various samba issues fixed with new samba 3.0.25b package -- Smartd is disabled by default but has built in templates to enable -- Import of spamassassin keys are now processed correctly -- Fixed various log noise issues -- Allow root to be key based login only -- Increased dnscache forwarder cache size -- Freshclam permissions now corrected -- Unwanted symlinks in httpd log directory no longer appear -- Added WPAD feature in DHCP -- Fixed various perl issues -- Using long email address now stops regeneration email every day - - -General features -================ - -- Based on CentOS 4.6 and all available updates - - -There are a few differnces from previous releases <=7.2 -====================================================================== - - -After installing for the very first time: ------------------------------------------ -- First night you should receive an email from cron about sa_updates. -- First night you should receive a large email saying a bunch of - groups/users were removed/added (rkhunter email notification). -- Any time you change users/groups you will receive an email the next day - about those changes (rkhunter email notification). - - -Taking the upgrade path from a 7.x to 7.3 ------------------------------------------ -- First night you may receive an email from cron about sa_updates -- First night you may receive a email saying missing passwd/group files - (rkhunter email notification). - -$Id: README.txt,v 1.20 2008/01/01 17:18:13 slords Exp $ +SME Server 8.0 Release Notes +============================ + +21 May 2012 + +The SME Server development team is pleased to announce the release of +SME Server 8.0 which is based on CentOS 5.8 + +Bug reports and reports of potential bugs should be raised in the bug +tracker (and only there, please); + + http://bugs.contribs.org/ + +About SME Server +================ + +SME Server is the leading Linux distribution for small and medium +enterprises. + +SME Server is freely available under the GNU General Public License and +is only possible through the efforts of the SME Server community. +However, the availability and quality of SME Server is dependent on +meeting our expenses, such as hosting costs, server hardware, etc. + +As such, we ask for a small donation to offset costs and fund further +development. + +Please visit http://wiki.contribs.org/Donate to donate. + +Thanks +====== + +The development team would like to thank all of those who have involved +themselves with this release. + +Notes +===== + +1. CentOS 5 has dropped support for i586 and therefore SME Server 8 + will not work on i586 hardware. [See bugzilla:2845]. i586 hardware + means processors before and including Intel Pentium, Pentium MMX; + AMD K5, K6, K6-II, K6-III and Via C3. i686 architecture processors + are Intel Pentium Pro, Pentium II, Pentium III; AMD Athlon, + Athlon XP and later. + +2. Some notes on SME 8 including help on upgrades can be found at + http://wiki.contribs.org/SME_Server_8 + +3. Please note it may take up to 48 hours for mirrors to finish syncing, + during this time you may experience problems. + You can download SME8.0 from + http://mirror.contribs.org/smeserver/releases/8/iso/i386/ + or for other methods see http://wiki.contribs.org/SME_Server_8 + +Major changes since beta 7 +========================== +* No major changes were introduced since beta 7 + +Major changes in beta 7 +======================= +* Require authentication for all emails, including local. +* Optional - to use ext4 instead of ext3 for file systems + (except for /boot). At the boot prompt use "ext4" or "sme ext4". + *** ext4 is considered experimental, so use with caution *** +* Optional - LDAP authentication can be enabled. Once enabled it cannot + be disabled, so experiment with care. + To enable: db configuration setprop ldap Authentication enabled + +Major changes in beta 5 +======================= +The policy is to stick with upstream updates unless there are compelling +reasons not to. The number of customers unable to run the software they +want because of the PHP version constituted a compelling reason. + +PHP 5.2.10: is provided by the Red Hat Application Stack v2. +5.2 is needed by recent web applications such as OScommerce. + + +Changes in this release +======================= + +This section of this README file lists all package changes carried out +by SME-associated developers since 2009 where the most recent changes +to the package are dated after February 2010. The package changelogs +often included earlier changes and changes carried out by non-SME- +associated developers; these were removed to shorten the list. Packages +recently altered by Centos, Redhat, and Fedora-associated developers are +not included. + +Backups +------- +- Provide support for Selective Restore with modern browsers +- Remove default index.htm from Primary ibay before restore +- Allow backup reports to go to an alternate user instead of admin + for Workstation Backups +- Improve how Backup to Workstation handles full remote disks. +- Do not make backup fail when due to a modified file. +- Localise the choices for 'Select the type of share for backup + destination' in the Configure Workstation Backup panel. +- Improve the wording of the 'Backup or restore' server-manager panel. + Replace term "USB disk" with "removable disk" as this is not + restricted to only USB disks. +- Improve wording of workstation backup email regarding the set number. +- Do not modify the workstation backup location 'SmbShare' during + software update. +- Include disk usage in Workstation Backup email. +- A new database property, OpenFilesLimit, allows customisation of + open_files_limit option in my.cnf. This can allow backups to succeed + if a MySQL database has a very large number of tables. +- Restoring from a Workstation Backup showed a false failure. +- Workstation Backup emails include a To: header. +- Workstation Backup includes the system name and also indicates failure + if applicable in the subject line of the email. +- Update backup instructions in server-manager. +- The Workstation Backup panel now removes leading and trailing spaces + from the hostname. +- Fix removal of leading slash in storage location. +- The Workstation backup to USB panel no longer presents mounted disks. +- Only define Workstation Backup temporary directory once. +- Remove relocate_samba_file and all references to /etc/smbpasswd. +- Improved upgrade compatibility, remove .orig +- create mount point for verify +- remove comment re smbpasswd being last +- Fix mounting usb disks +- Don't backup more than once per day +- Fix full backup on Sunday diplayed as Everyday +- Add more excludes for compressed filetypes +- Porting Jean-Paul Leclere changes in the SME Server 7 tree to SME + Server 8: +- using credentials file for cifs mount +- workstation backup: add cifs credentials expand to + bootstrap-console-save +- workstation backup: allow many backups in the same day +- workstation restore: all needed backups must be available before + restore +- workstation verify: add option to check integrity of backups needed in + a full restore +- Fix DAR e-mail message with regards to incremental backups +- Fix discrepancy in maximum compression level +- Fix console backup from removable media +- Fix console restore from removable media (Federico Simoncelli) +- Auto-mount USB REV70-drive as usbdisk + +File Server +----------- +- Gracefully handle upgrades from SerNet Samba (SME7 TO SME8 VITH YUM) +- Change separator character in general Samba configuration file. +- Changes in Samba's "Recycle VFS exclude" syntax (for ibays). +- Use samba3x package for windows 7 compatibility. +- Remove require strong key part of regedit file. +- Backup all the samba tdb files. +- Add dependency /usr/bin/tdbbackup. +- Create/remove V2 profile directories +- Enable bindinterfaces by default +- Set recyle bin permissions +- Add registry file to server-resources to allow windows 7 to join Samba + 3.x domains +- Fix warnings in template expansion +- Fix migrate fragments for samba + +LDAP (Optional in SME 8, and considered experimental) +---- +- Create samba account during event for machine +- Keep uid/gid for computer accounts in synch for Unix/Samba/LDAP +- Fixed syntax error in create-machine-account +- Fix samba-group-mapping for users without group membership +- Fix cpu critical patch missing ' +- LDAP admin password needs to be loaded in secrets.tdb +- Change authentication from passwd/shadow files to the pam database +- Turba searches on LDAP address book fixed +- Properly handle account with accents in first- or lastname with + regards to LDAP +- Fix create user gid parameter +- Path for gpasswd command fixed in "init-accounts" script +- All ibay account commands as system accounts in LDAP +- Create ibay accounts as system accounts in LDAP +- Use cpu commands to manage Ibays accounts if ldap is master +- Make cpu calls critical only with ldap{Auth} is enabled +- Check slapd.conf syntax before trying to dump the database +- Simplify ldap-update call by calling ldif-fix +- Change script order: ldap-update should be called after + domain-group-maps +- LDAP ou field is taken from Dept not Department +- LDAP changes: Add rfc2739.schema back in and include in config +- Use ldapmodify to load ldif, add -a if no changetype +- Remove bogus junk attribute from ldif templates +- Change startup order for ldap +- ldap should store locked passwords for expired passwords +- Add ldap as an auth type to radius +- Radius should use LDAP backend (if LDAP auth is enabled) +- Fix ldap-create errors when adding empty groups. +- The LDAP information for admin was not being updated. +- Don't try to save ibay password to LDAP. +- Fix admin user password change (Daniel B.) +- Init database if the ldif dump is empty (ie from sme8b) +- revert re-init database +- re-init readonly database on post-upgrade +- Force SSL/TLS for remote authentication +- reuse users_groups_ous.patch2 +- Separate groups and users with mailboxRelatedObject +- Set readonly access +- Fix ldap-update action script to user-lock event +- Add Groups entries +- Add admin user as a standard user +- Add ldap-update action script to user-lock event +- Add ldap authentication and tls support +- Update schema for newer openldap and remove calFBurl +- Convert ldif dump +- Create bdb log directory +- Change ldap backend to bdb, and fix initialisation problem + +Localisation +------------ +- Other fixes include updated translations for the existing languages. +- Add Chinese (Taiwan) language (zh_TW). +- Add Hebrew language (he). +- Fix translation of local nic string in console. +- Add Thai language +- Add Polish language +- Add Romanian language +- Add Estonian language + +Mail Server +----------- +- Provide option to force the smtp proxy not to use CRAM-MD5 + config setprop smtp-auth-proxy PeerPort + config setprop smtp-auth-proxy MD5Patch enabled +- Fix mail to domain pseudonyms pointing to group with dot in name +- Fix Mail Log File Analysis reports +- Set SO_KEEPALIVE option on client socket to detect dead connections +- Add template fragment for pyzor timeout +- Remove spamd restart from bootstrap-console-save event +- Require SMTP authentication by default when sending to an external + address. +- Fix TLS security defaults, TLS Ciphers for qpsmtpd can be configured. +- Change enabled to transparent for mail proxy. +- Enable authentication for smtp traffic and migrate if necessary. +- Fix pseudonym modification for "local network only" accounts. +- Add smtp auth into web interface, not just when enabled. +- Fix require_resolvable_fromhost doesn't work +- Fix qpsmtpd plugin fatal errors when incoming mail message has no + headers. +- Serialize configure_peers to prevent errors. +- Fix SMTP proxy wording in server-manager. +- Fix SMTP auth wording in server-manager. +- New feature: Allow for individual configuration for the number of + mail logfiles. +- Disable by default the SMTP transparent proxy, however upgrades from + sme7 will retain old default behavior where SMTP connections will be + transparently proxied. +- Implement a database key (TlsBeforeAuth) to allow SMTP + Authentication without TLS. The default remains to require TLS before + Auth (introduced in SME 8Beta5). +- Update qpsmtpd to 0.84 +- Config setting to enable SMTP to ISP Authentication Debug now uses + enabled/disabled for clarity. +- Fix HeloHost patch. +- Remove cron.daily jobs that are no longer needed. +- Update email addresses on domain change. +- Work around how qpsmtpd tags spam email. +- Use HeloHost (if present) in smtp-auth-proxy.pl +- Allow for changing SPAM subject tag through server-manager +- Move creation of chrooted dev/urandom to spec-file +- Create chroot dev/urandom for stunnel to use +- Updated spec file to require php-pear(HTTP_Request) +- SMTPSmartHost template incorrectly uses brackets to avoid MX lookups +- smtproutes template incorrectly uses brackets to avoid MX lookups +- Remove qmail-workaround and obsolete it after patch to treat 0.0.0.0 + as a local ip +- Remove spool and log dir from package (in smeserver-qpsmtpd) +- Don't create smtpd user (unused in sme) +- Apply qpsmtpd git changesets to implement custom SPAM subject prefix +- Update pre requires so scripts don't fail on install +- Rebase bad_rcptto patch to remove orig file +- Change logging in tls init to prevent warnings +- Only run/initialize plugins once +- Change spool dir permissions and owner to qpsmtpd:clamav +- Change log dir permissions and owner to smelog:smelog +- don't add qpsmtpd to start-up by default +- add apache config file to qpsmtpd-apache package +- use rpm macros for dirs +- use a filelist for main package instead of a long list of files +- Setup logrotate for /var/log/clamd/clamscan.log +- Remove create option from logrotate configuration +- Setup logrotate for /var/log/clamd/smeserver-clamscan.log +- Fix permissions on freshclam.conf file +- Add HeuristicScanPrecedence option, default to yes +- Obsolete e-smith-antivirus +- Enable qpsmtpd RequireResolvableFromHost plugin by default, remove + database entry and the database default value +- Tie template fragment into event system to have it expanded +- Add qpsmtpd template fragment for custom SPAM subject prefix +- Remove FuzzyOcr +- Run sa-update every two hours and check restart every hour +- Redirect cron job output to logfile to avoid mail noise +- Fix invalid service name in sa-update + +Server manager +-------------- +- Enhance IP address syntax checking in remote access panel. +- Improve the HTML formatting of the modify quota panel. +- Remove empty

tag from footer template. +- Only display error messages intended for admin in server-manager +- Fix css validation errors. +- display reconfigure warning once if UnsavedChanges=yes +- Fix unitialized value errors in HTML.pm + +Webmail and Groupware +--------------------- +- Update to Horde 3.3.11, imp 4.3.9, Ingo 1.2.5 & Turba 2.3.5 +- Add option to verify from address in webmail if setting up additional + identities. +- Add the ability to have a local LDAP Group Address book. +- Templated attributes.php to add ability to have multiple email + values for a contact. Separate entries with a comma and a space. +- Update to freebusy info in sources.php +- Update to remove turbaContact info that SME is not using. +- Change horde's templated mime_drivers.php file so some additional + settings can be customized +- Make sure username is always saved in lowercase to horde db's +- Updated spec file to remove requires and obsoletes of + php-pear-HTTP-Request information moved to e-smith-imp for both sme7 + and sme8 +- Update to Spec file to obsolete smeserver-trean < 0.1-8 +- Patch to conf.php template to set a blank cookie domain so that FQDN + and non-FQDN access to webmail will work. +- Remove klutz template from registry.php +- Template imp's mime_drivers.php file so some settings can be + customized + +Web Server +---------- +- Enable automatic redirection for /server-resources +- Disable SSLv2 by default. +- make user 'apache' an alias for user 'www'. +- Default expose_php in php.ini to Off. +- Add option to disable SSLv2 +- Add OpenOffice2 MIME Types +- Add OpenOffice MIME Types +- Add XML MIME Type +- Add Microsoft Office 2007 MIME types + +Other fixes and updates +----------------------- +- Add MAC address into console network selection +- Fix non-translated locale in ibays panel +- Improve error message for quota +- Obsolete smeserver-php5-cgi & php-mcrypt +- Initialize ExternalInterface db structure so hwaddr in console works. +- Option to select ext4 instead of ext3 for filesystems at boot prompt. +- Enable quotas on ext4 filesystems as well. +- Only allow backup to (removable) storage media that are not read only. +- Improve error handling when trying to install without NIC. +- Only remove dangling symlinks in weak-updates directories. +- Fix template-expansion for dhclient.conf. +- Improve validation (error) message for remote access setup. +- Change text in hostname and addresses panel for remote host (add + FQDN). +- Fix hostname editing for comments with double speechmarks +- Trap croak inside Net::IPv4Addr::ipv4_in_network to allow a FQDN to be + inserted in hostnames and addresses panel in lieu of an IP address. +- Add validator back for ip or cname entry. +- Correctly strip numbers from sql scripts +- Enable speedier time synchronisation for suspended VMs, this can be + configured by a new db key for ntpd, SupportLargeDrift. +- Set the TimeZone property earlier, so templates can rely on it. +- Obsolete KeepAlive and replace by ClientAliveInterval and + ClientAliveCountMax to prevent SSH sessions from being timed out by + network inactivity. +- New feature: Default Cipher to blowfish for ssh configuration. +- Add directive "PersistentPasswd off" to proftpd configuration. +- Quota panel should allow non-integers but only accept uppercase units. +- Obsolete magic_quotes_gpc settings. +- Set default timezone for php version 5.3.3. +- Handle no network interface scenario in console. +- Do not allow pool.ntp.org as NTP server. +- Prepare for obsoletion of magic_quotes* when we supply PHP 5.3.0+ +- Fix missing space causing errors parsing the iptables rules. +- Migrate MirrorList properties to sme8 repos. +- Remove BaseURL properties if migrating to sme8 repos. +- Remove yum databases and repodata if migrating to sme8 repos. +- Enable cpuspeed by default. +- Fix scriplet error in e-smith-service script when service is disabled. +- Allow use of CNAME in remote hosts. +- Add Obsoletes for php5-cgi-{imap,ldap,mysql,pear,xmlrpc}. +- Restate smartd dependency. +- Fix gettext errors in WAN/LAN subnet error message +- Improve security by using SHA1 algorithm for certificate signing +- Fix eth? swapping +- Bump certificate encryption from 1024 bits to 2048 bits +- Add a dummy call so xgettext can pull translated $ifName in console + configuration pages. +- Translate $ifName in console configuration pages +- Prevent IP conflicts between local and external interface in server + gateway mode +- Clean up: remove unused nonetworkdrivers +- Clean up stray symlinks in /lib/modules before depmod +- Allow for different mdadm output formats for DeviceSize +- Add compiled python files to the packaged files list +- Update path for 64-bit compatibility +- Remove hiddenmenu entry from grub.conf +- adds the hwaddr parameter to probeAdapters() +- Update path for 64-bit compatibility +- Add patch (Federico Simoncelli) to prevent re-use of uids +- Fix log-error detection algorithm +- Fix another instance of ups model for new version of nut +- Template sshd login grace time, kept default at 600s +- Enable port forwards to localhost if mode is serveronly +- Adjust xml entry in locale +- Add option to limit port forwards from source ip +- Remove unnecessary Mount Proc line +- Fix owner/perms for radius files +- Fix typo in /sbin/service patch (Federico Simoncelli) +- Exit with zero exit status for services not listed in configuration + database to avoid failures in post scriptlets +- Merge in SME Server /sbin/e-smith/service wrapper so that only + initscripts which exist in run-level 7 can be run. This ensures that + the supervised service is run, if one exists, and protects against + running "service httpd restart" +- Add requires on e-smith-lib so www user is created first +- Fix regular expression to actually replace the colon with a dot +- Remove the leading path for yum in newrpms +- only unlink file if we created it +- Import only keys not already imported +- set unsaved changes in yum event +- move yum warming to sme yum plugin +- ensure file exists before unlinking +- remove semicolons from yum plugin +- Add frequency of updates toggle +- Add /etc/yum.smerepos.d to package +- Change SME mirrorlists to point to ibiblio +- Require mailx +- Add yum-protect-packages support to prevent removal of needed pacakges + +General features +================ + +- Based on CentOS 5.8 and all available updates + +$Id: README.txt,v 1.14 2012/03/19 15:13:47 wellsi Exp $ + + +