--- cdrom.image/sme8/README.txt 2010/07/12 20:08:18 1.6 +++ cdrom.image/sme8/README.txt 2012/05/22 07:46:08 1.15 @@ -1,48 +1,16 @@ -SME Server 8.0 Beta 6 Release Notes -=================================== +SME Server 8.0 Release Notes +============================ -July 18 2010 +21 May 2012 The SME Server development team is pleased to announce the release of -SME Server 8.0beta6 which is based on CentOS 5.5 and will be the next -major release of SME Server. This is the final planned Beta for SME 8. +SME Server 8.0 which is based on CentOS 5.8 Bug reports and reports of potential bugs should be raised in the bug tracker (and only there, please); http://bugs.contribs.org/ -*************************** -Testers Please Note the following... - -1. SME Server users should not upgrade production servers to this - release but those who can are encouraged to load the beta to a - dedicated test machine and take part in the testing phase. - -2. CentOS 5 has dropped support for i586 and therefore SME Server 8 - will not work on i586 hardware. [See bugzilla:2845]. i586 hardware - means processors before and including Intel Pentium, Pentium MMX; - AMD K5, K6, K6-II, K6-III and Via C3. i686 architecture processors - are Intel Pentium Pro, Pentium II, Pentium III; AMD Athlon, - Athlon XP and later. - -3. Upgrading from previous releases should only be done on clean - machines without contribs or other modifications. Issues with - upgrading from clean SME machines can be reported in the bug - tracker, but detailed reviews of upgrading paths will not start - until Release Candidate versions are made available. - -4. Some notes on on SME 8 including help on upgrades can be found at - http://wiki.contribs.org/SME_Server_8 - -5. Please note it may take up to 48 hours for mirrors to finish syncing, - during this time you may experience problems. - You can download SME8.0 Beta 6 from - http://mirror.contribs.org/smeserver/releases/testing/8/iso/i386/ - or for other methods see http://wiki.contribs.org/SME_Server_8 - -*************************** - About SME Server ================ @@ -59,74 +27,224 @@ development. Please visit http://wiki.contribs.org/Donate to donate. -Thanks and a plea for help -========================== +Thanks +====== The development team would like to thank all of those who have involved -themselves with this beta release. At this stage in development the role -of testers is vital; the final release date and the stability and -quality of the new version depend on full and thorough testing by all -levels of users, right from beginners who may be confused by, and draw -the developers attention to, insufficiently transparent system design, -up to seasoned and skilled users who can probe the system deeply. Bug -triage and verification testing needs lots of community involvement; -please try to spare some time to this vital aspect of our community's -future. - -This release, which is based on a major update of the Centos Core, -contains many new features. Please run Software Installer in Server -Manager regularly during testing to be sure your system reflects the -latest stage of development. +themselves with this release. + +Notes +===== + +1. CentOS 5 has dropped support for i586 and therefore SME Server 8 + will not work on i586 hardware. [See bugzilla:2845]. i586 hardware + means processors before and including Intel Pentium, Pentium MMX; + AMD K5, K6, K6-II, K6-III and Via C3. i686 architecture processors + are Intel Pentium Pro, Pentium II, Pentium III; AMD Athlon, + Athlon XP and later. -Major changes in beta 6 +2. Some notes on SME 8 including help on upgrades can be found at + http://wiki.contribs.org/SME_Server_8 + +3. Please note it may take up to 48 hours for mirrors to finish syncing, + during this time you may experience problems. + You can download SME8.0 from + http://mirror.contribs.org/smeserver/releases/8/iso/i386/ + or for other methods see http://wiki.contribs.org/SME_Server_8 + +Major changes since beta 7 +========================== +* No major changes were introduced since beta 7 + +Major changes in beta 7 +======================= +* Require authentication for all emails, including local. +* Optional - to use ext4 instead of ext3 for file systems + (except for /boot). At the boot prompt use "ext4" or "sme ext4". + *** ext4 is considered experimental, so use with caution *** +* Optional - LDAP authentication can be enabled. Once enabled it cannot + be disabled, so experiment with care. + To enable: db configuration setprop ldap Authentication enabled + +Major changes in beta 5 ======================= The policy is to stick with upstream updates unless there are compelling reasons not to. The number of customers unable to run the software they -want because of the Samba and PHP versions constituted a compelling -reason. +want because of the PHP version constituted a compelling reason. + +PHP 5.2.10: is provided by the Red Hat Application Stack v2. +5.2 is needed by recent web applications such as OScommerce. -Samba 3x: -The Samba packages have reverted to those provided by CentOS to simplify -the support needed. This version of samba provides support for Windows 7 -domain logins. Changes in this release ======================= This section of this README file lists all package changes carried out -by SME-associated developers since SME Server 8.0 Beta 5. - -The package changelogs often included earlier changes and changes -carried out by non-SME-associated developers; these were removed to -shorten the list. Packages recently altered by Centos, Redhat, and -Fedora-associated developers are not included. +by SME-associated developers since 2009 where the most recent changes +to the package are dated after February 2010. The package changelogs +often included earlier changes and changes carried out by non-SME- +associated developers; these were removed to shorten the list. Packages +recently altered by Centos, Redhat, and Fedora-associated developers are +not included. Backups ------- +- Provide support for Selective Restore with modern browsers +- Remove default index.htm from Primary ibay before restore +- Allow backup reports to go to an alternate user instead of admin + for Workstation Backups +- Improve how Backup to Workstation handles full remote disks. +- Do not make backup fail when due to a modified file. +- Localise the choices for 'Select the type of share for backup + destination' in the Configure Workstation Backup panel. +- Improve the wording of the 'Backup or restore' server-manager panel. + Replace term "USB disk" with "removable disk" as this is not + restricted to only USB disks. +- Improve wording of workstation backup email regarding the set number. +- Do not modify the workstation backup location 'SmbShare' during + software update. +- Include disk usage in Workstation Backup email. +- A new database property, OpenFilesLimit, allows customisation of + open_files_limit option in my.cnf. This can allow backups to succeed + if a MySQL database has a very large number of tables. - Restoring from a Workstation Backup showed a false failure. -- Workstation Backup emails now include a To: header and includes the - system name in the subject line. +- Workstation Backup emails include a To: header. +- Workstation Backup includes the system name and also indicates failure + if applicable in the subject line of the email. - Update backup instructions in server-manager. - The Workstation Backup panel now removes leading and trailing spaces from the hostname. - Fix removal of leading slash in storage location. - The Workstation backup to USB panel no longer presents mounted disks. +- Only define Workstation Backup temporary directory once. +- Remove relocate_samba_file and all references to /etc/smbpasswd. +- Improved upgrade compatibility, remove .orig +- create mount point for verify +- remove comment re smbpasswd being last +- Fix mounting usb disks +- Don't backup more than once per day +- Fix full backup on Sunday diplayed as Everyday +- Add more excludes for compressed filetypes +- Porting Jean-Paul Leclere changes in the SME Server 7 tree to SME + Server 8: +- using credentials file for cifs mount +- workstation backup: add cifs credentials expand to + bootstrap-console-save +- workstation backup: allow many backups in the same day +- workstation restore: all needed backups must be available before + restore +- workstation verify: add option to check integrity of backups needed in + a full restore +- Fix DAR e-mail message with regards to incremental backups +- Fix discrepancy in maximum compression level +- Fix console backup from removable media +- Fix console restore from removable media (Federico Simoncelli) +- Auto-mount USB REV70-drive as usbdisk File Server ----------- +- Gracefully handle upgrades from SerNet Samba (SME7 TO SME8 VITH YUM) +- Change separator character in general Samba configuration file. +- Changes in Samba's "Recycle VFS exclude" syntax (for ibays). - Use samba3x package for windows 7 compatibility. - Remove require strong key part of regedit file. - Backup all the samba tdb files. - Add dependency /usr/bin/tdbbackup. +- Create/remove V2 profile directories +- Enable bindinterfaces by default +- Set recyle bin permissions +- Add registry file to server-resources to allow windows 7 to join Samba + 3.x domains +- Fix warnings in template expansion +- Fix migrate fragments for samba + +LDAP (Optional in SME 8, and considered experimental) +---- +- Create samba account during event for machine +- Keep uid/gid for computer accounts in synch for Unix/Samba/LDAP +- Fixed syntax error in create-machine-account +- Fix samba-group-mapping for users without group membership +- Fix cpu critical patch missing ' +- LDAP admin password needs to be loaded in secrets.tdb +- Change authentication from passwd/shadow files to the pam database +- Turba searches on LDAP address book fixed +- Properly handle account with accents in first- or lastname with + regards to LDAP +- Fix create user gid parameter +- Path for gpasswd command fixed in "init-accounts" script +- All ibay account commands as system accounts in LDAP +- Create ibay accounts as system accounts in LDAP +- Use cpu commands to manage Ibays accounts if ldap is master +- Make cpu calls critical only with ldap{Auth} is enabled +- Check slapd.conf syntax before trying to dump the database +- Simplify ldap-update call by calling ldif-fix +- Change script order: ldap-update should be called after + domain-group-maps +- LDAP ou field is taken from Dept not Department +- LDAP changes: Add rfc2739.schema back in and include in config +- Use ldapmodify to load ldif, add -a if no changetype +- Remove bogus junk attribute from ldif templates +- Change startup order for ldap +- ldap should store locked passwords for expired passwords +- Add ldap as an auth type to radius +- Radius should use LDAP backend (if LDAP auth is enabled) +- Fix ldap-create errors when adding empty groups. +- The LDAP information for admin was not being updated. +- Don't try to save ibay password to LDAP. +- Fix admin user password change (Daniel B.) +- Init database if the ldif dump is empty (ie from sme8b) +- revert re-init database +- re-init readonly database on post-upgrade +- Force SSL/TLS for remote authentication +- reuse users_groups_ous.patch2 +- Separate groups and users with mailboxRelatedObject +- Set readonly access +- Fix ldap-update action script to user-lock event +- Add Groups entries +- Add admin user as a standard user +- Add ldap-update action script to user-lock event +- Add ldap authentication and tls support +- Update schema for newer openldap and remove calFBurl +- Convert ldif dump +- Create bdb log directory +- Change ldap backend to bdb, and fix initialisation problem Localisation ------------ -- Add Hebrew language. -- Fix translation of local nic string in console. - Other fixes include updated translations for the existing languages. +- Add Chinese (Taiwan) language (zh_TW). +- Add Hebrew language (he). +- Fix translation of local nic string in console. +- Add Thai language +- Add Polish language +- Add Romanian language +- Add Estonian language Mail Server ----------- +- Provide option to force the smtp proxy not to use CRAM-MD5 + config setprop smtp-auth-proxy PeerPort + config setprop smtp-auth-proxy MD5Patch enabled +- Fix mail to domain pseudonyms pointing to group with dot in name +- Fix Mail Log File Analysis reports +- Set SO_KEEPALIVE option on client socket to detect dead connections +- Add template fragment for pyzor timeout +- Remove spamd restart from bootstrap-console-save event +- Require SMTP authentication by default when sending to an external + address. +- Fix TLS security defaults, TLS Ciphers for qpsmtpd can be configured. +- Change enabled to transparent for mail proxy. +- Enable authentication for smtp traffic and migrate if necessary. +- Fix pseudonym modification for "local network only" accounts. +- Add smtp auth into web interface, not just when enabled. +- Fix require_resolvable_fromhost doesn't work +- Fix qpsmtpd plugin fatal errors when incoming mail message has no + headers. +- Serialize configure_peers to prevent errors. +- Fix SMTP proxy wording in server-manager. +- Fix SMTP auth wording in server-manager. +- New feature: Allow for individual configuration for the number of + mail logfiles. - Disable by default the SMTP transparent proxy, however upgrades from sme7 will retain old default behavior where SMTP connections will be transparently proxied. @@ -139,42 +257,187 @@ Mail Server - Fix HeloHost patch. - Remove cron.daily jobs that are no longer needed. - Update email addresses on domain change. +- Work around how qpsmtpd tags spam email. +- Use HeloHost (if present) in smtp-auth-proxy.pl +- Allow for changing SPAM subject tag through server-manager +- Move creation of chrooted dev/urandom to spec-file +- Create chroot dev/urandom for stunnel to use +- Updated spec file to require php-pear(HTTP_Request) +- SMTPSmartHost template incorrectly uses brackets to avoid MX lookups +- smtproutes template incorrectly uses brackets to avoid MX lookups +- Remove qmail-workaround and obsolete it after patch to treat 0.0.0.0 + as a local ip +- Remove spool and log dir from package (in smeserver-qpsmtpd) +- Don't create smtpd user (unused in sme) +- Apply qpsmtpd git changesets to implement custom SPAM subject prefix +- Update pre requires so scripts don't fail on install +- Rebase bad_rcptto patch to remove orig file +- Change logging in tls init to prevent warnings +- Only run/initialize plugins once +- Change spool dir permissions and owner to qpsmtpd:clamav +- Change log dir permissions and owner to smelog:smelog +- don't add qpsmtpd to start-up by default +- add apache config file to qpsmtpd-apache package +- use rpm macros for dirs +- use a filelist for main package instead of a long list of files +- Setup logrotate for /var/log/clamd/clamscan.log +- Remove create option from logrotate configuration +- Setup logrotate for /var/log/clamd/smeserver-clamscan.log +- Fix permissions on freshclam.conf file +- Add HeuristicScanPrecedence option, default to yes +- Obsolete e-smith-antivirus +- Enable qpsmtpd RequireResolvableFromHost plugin by default, remove + database entry and the database default value +- Tie template fragment into event system to have it expanded +- Add qpsmtpd template fragment for custom SPAM subject prefix +- Remove FuzzyOcr +- Run sa-update every two hours and check restart every hour +- Redirect cron job output to logfile to avoid mail noise +- Fix invalid service name in sa-update Server manager -------------- +- Enhance IP address syntax checking in remote access panel. - Improve the HTML formatting of the modify quota panel. +- Remove empty

tag from footer template. +- Only display error messages intended for admin in server-manager +- Fix css validation errors. +- display reconfigure warning once if UnsavedChanges=yes +- Fix unitialized value errors in HTML.pm Webmail and Groupware --------------------- -- Updated to Horde 3.3.8 -- Updated to imp 4.3.7 -- Updated to Ingo 1.2.4 -- Updated to Turba 2.3.4 +- Update to Horde 3.3.11, imp 4.3.9, Ingo 1.2.5 & Turba 2.3.5 +- Add option to verify from address in webmail if setting up additional + identities. - Add the ability to have a local LDAP Group Address book. - Templated attributes.php to add ability to have multiple email values for a contact. Separate entries with a comma and a space. - Update to freebusy info in sources.php +- Update to remove turbaContact info that SME is not using. +- Change horde's templated mime_drivers.php file so some additional + settings can be customized +- Make sure username is always saved in lowercase to horde db's +- Updated spec file to remove requires and obsoletes of + php-pear-HTTP-Request information moved to e-smith-imp for both sme7 + and sme8 +- Update to Spec file to obsolete smeserver-trean < 0.1-8 +- Patch to conf.php template to set a blank cookie domain so that FQDN + and non-FQDN access to webmail will work. +- Remove klutz template from registry.php +- Template imp's mime_drivers.php file so some settings can be + customized Web Server ---------- -No updates +- Enable automatic redirection for /server-resources +- Disable SSLv2 by default. +- make user 'apache' an alias for user 'www'. +- Default expose_php in php.ini to Off. +- Add option to disable SSLv2 +- Add OpenOffice2 MIME Types +- Add OpenOffice MIME Types +- Add XML MIME Type +- Add Microsoft Office 2007 MIME types Other fixes and updates ----------------------- +- Add MAC address into console network selection +- Fix non-translated locale in ibays panel +- Improve error message for quota +- Obsolete smeserver-php5-cgi & php-mcrypt +- Initialize ExternalInterface db structure so hwaddr in console works. +- Option to select ext4 instead of ext3 for filesystems at boot prompt. +- Enable quotas on ext4 filesystems as well. +- Only allow backup to (removable) storage media that are not read only. +- Improve error handling when trying to install without NIC. +- Only remove dangling symlinks in weak-updates directories. +- Fix template-expansion for dhclient.conf. +- Improve validation (error) message for remote access setup. +- Change text in hostname and addresses panel for remote host (add + FQDN). +- Fix hostname editing for comments with double speechmarks +- Trap croak inside Net::IPv4Addr::ipv4_in_network to allow a FQDN to be + inserted in hostnames and addresses panel in lieu of an IP address. +- Add validator back for ip or cname entry. +- Correctly strip numbers from sql scripts +- Enable speedier time synchronisation for suspended VMs, this can be + configured by a new db key for ntpd, SupportLargeDrift. +- Set the TimeZone property earlier, so templates can rely on it. +- Obsolete KeepAlive and replace by ClientAliveInterval and + ClientAliveCountMax to prevent SSH sessions from being timed out by + network inactivity. +- New feature: Default Cipher to blowfish for ssh configuration. +- Add directive "PersistentPasswd off" to proftpd configuration. +- Quota panel should allow non-integers but only accept uppercase units. +- Obsolete magic_quotes_gpc settings. +- Set default timezone for php version 5.3.3. - Handle no network interface scenario in console. -- Fix ldap-create errors when adding empty groups. -- The LDAP information for admin was not being updated. -- Don't try to save ibay password to LDAP. - Do not allow pool.ntp.org as NTP server. - Prepare for obsoletion of magic_quotes* when we supply PHP 5.3.0+ - Fix missing space causing errors parsing the iptables rules. - Migrate MirrorList properties to sme8 repos. - Remove BaseURL properties if migrating to sme8 repos. - Remove yum databases and repodata if migrating to sme8 repos. +- Enable cpuspeed by default. +- Fix scriplet error in e-smith-service script when service is disabled. +- Allow use of CNAME in remote hosts. +- Add Obsoletes for php5-cgi-{imap,ldap,mysql,pear,xmlrpc}. +- Restate smartd dependency. +- Fix gettext errors in WAN/LAN subnet error message +- Improve security by using SHA1 algorithm for certificate signing +- Fix eth? swapping +- Bump certificate encryption from 1024 bits to 2048 bits +- Add a dummy call so xgettext can pull translated $ifName in console + configuration pages. +- Translate $ifName in console configuration pages +- Prevent IP conflicts between local and external interface in server + gateway mode +- Clean up: remove unused nonetworkdrivers +- Clean up stray symlinks in /lib/modules before depmod +- Allow for different mdadm output formats for DeviceSize +- Add compiled python files to the packaged files list +- Update path for 64-bit compatibility +- Remove hiddenmenu entry from grub.conf +- adds the hwaddr parameter to probeAdapters() +- Update path for 64-bit compatibility +- Add patch (Federico Simoncelli) to prevent re-use of uids +- Fix log-error detection algorithm +- Fix another instance of ups model for new version of nut +- Template sshd login grace time, kept default at 600s +- Enable port forwards to localhost if mode is serveronly +- Adjust xml entry in locale +- Add option to limit port forwards from source ip +- Remove unnecessary Mount Proc line +- Fix owner/perms for radius files +- Fix typo in /sbin/service patch (Federico Simoncelli) +- Exit with zero exit status for services not listed in configuration + database to avoid failures in post scriptlets +- Merge in SME Server /sbin/e-smith/service wrapper so that only + initscripts which exist in run-level 7 can be run. This ensures that + the supervised service is run, if one exists, and protects against + running "service httpd restart" +- Add requires on e-smith-lib so www user is created first +- Fix regular expression to actually replace the colon with a dot +- Remove the leading path for yum in newrpms +- only unlink file if we created it +- Import only keys not already imported +- set unsaved changes in yum event +- move yum warming to sme yum plugin +- ensure file exists before unlinking +- remove semicolons from yum plugin +- Add frequency of updates toggle +- Add /etc/yum.smerepos.d to package +- Change SME mirrorlists to point to ibiblio +- Require mailx +- Add yum-protect-packages support to prevent removal of needed pacakges General features ================ -- Based on CentOS 5.5 and all available updates +- Based on CentOS 5.8 and all available updates + +$Id: README.txt,v 1.14 2012/03/19 15:13:47 wellsi Exp $ + + -$Id: README.txt,v 1.5 2010/07/11 16:09:26 wellsi Exp $