--- cdrom.image/sme8/README.txt 2011/10/04 19:45:56 1.11 +++ cdrom.image/sme8/README.txt 2012/05/22 07:46:08 1.15 @@ -1,49 +1,16 @@ -SME Server 8.0 Beta 7 Release Notes -=================================== +SME Server 8.0 Release Notes +============================ -8 October 2011 +21 May 2012 The SME Server development team is pleased to announce the release of -SME Server 8.0beta7 which is based on CentOS 5.7 and will be the next -major release of SME Server. This is the final planned Beta for SME 8. +SME Server 8.0 which is based on CentOS 5.8 Bug reports and reports of potential bugs should be raised in the bug tracker (and only there, please); http://bugs.contribs.org/ -*************************** -Testers Please Note the following... - -1. SME Server users should not upgrade production servers to this - release but those who can are encouraged to load the beta to a - dedicated test machine and take part in the testing phase. - -2. CentOS 5 has dropped support for i586 and therefore SME Server 8 - will not work on i586 hardware. [See bugzilla:2845]. i586 hardware - means processors before and including Intel Pentium, Pentium MMX; - AMD K5, K6, K6-II, K6-III and Via C3. i686 architecture processors - are Intel Pentium Pro, Pentium II, Pentium III; AMD Athlon, - Athlon XP and later. - -3. Some notes on SME 8 including help on upgrades can be found at - http://wiki.contribs.org/SME_Server_8 - -4. Upgrading from previous releases should only be done on clean - machines without contribs or other modifications. - -5. Testers are now encouraged to test upgrade paths and to start testing - contribs. They are not certain to work so only try on test servers. - Please raise all issues found in the bug tracker. - -6. Please note it may take up to 48 hours for mirrors to finish syncing, - during this time you may experience problems. - You can download SME8.0 Beta 7 from - http://mirror.contribs.org/smeserver/releases/testing/8/iso/i386/ - or for other methods see http://wiki.contribs.org/SME_Server_8 - -*************************** - About SME Server ================ @@ -60,24 +27,34 @@ development. Please visit http://wiki.contribs.org/Donate to donate. -Thanks and a plea for help -========================== +Thanks +====== The development team would like to thank all of those who have involved -themselves with this beta release. At this stage in development the role -of testers is vital; the final release date and the stability and -quality of the new version depend on full and thorough testing by all -levels of users, right from beginners who may be confused by, and draw -the developers attention to, insufficiently transparent system design, -up to seasoned and skilled users who can probe the system deeply. Bug -triage and verification testing needs lots of community involvement; -please try to spare some time to this vital aspect of our community's -future. - -This release, which is based on a major update of the Centos Core, -contains many new features. Please run Software Installer in Server -Manager regularly during testing to be sure your system reflects the -latest stage of development. +themselves with this release. + +Notes +===== + +1. CentOS 5 has dropped support for i586 and therefore SME Server 8 + will not work on i586 hardware. [See bugzilla:2845]. i586 hardware + means processors before and including Intel Pentium, Pentium MMX; + AMD K5, K6, K6-II, K6-III and Via C3. i686 architecture processors + are Intel Pentium Pro, Pentium II, Pentium III; AMD Athlon, + Athlon XP and later. + +2. Some notes on SME 8 including help on upgrades can be found at + http://wiki.contribs.org/SME_Server_8 + +3. Please note it may take up to 48 hours for mirrors to finish syncing, + during this time you may experience problems. + You can download SME8.0 from + http://mirror.contribs.org/smeserver/releases/8/iso/i386/ + or for other methods see http://wiki.contribs.org/SME_Server_8 + +Major changes since beta 7 +========================== +* No major changes were introduced since beta 7 Major changes in beta 7 ======================= @@ -86,22 +63,36 @@ Major changes in beta 7 (except for /boot). At the boot prompt use "ext4" or "sme ext4". *** ext4 is considered experimental, so use with caution *** * Optional - LDAP authentication can be enabled. Once enabled it cannot - be disabled, so experiment with care. + be disabled, so experiment with care. To enable: db configuration setprop ldap Authentication enabled +Major changes in beta 5 +======================= +The policy is to stick with upstream updates unless there are compelling +reasons not to. The number of customers unable to run the software they +want because of the PHP version constituted a compelling reason. + +PHP 5.2.10: is provided by the Red Hat Application Stack v2. +5.2 is needed by recent web applications such as OScommerce. + + Changes in this release ======================= This section of this README file lists all package changes carried out -by SME-associated developers since SME Server 8.0 Beta 6. - -The package changelogs often included earlier changes and changes -carried out by non-SME-associated developers; these were removed to -shorten the list. Packages recently altered by Centos, Redhat, and -Fedora-associated developers are not included. +by SME-associated developers since 2009 where the most recent changes +to the package are dated after February 2010. The package changelogs +often included earlier changes and changes carried out by non-SME- +associated developers; these were removed to shorten the list. Packages +recently altered by Centos, Redhat, and Fedora-associated developers are +not included. Backups ------- +- Provide support for Selective Restore with modern browsers +- Remove default index.htm from Primary ibay before restore +- Allow backup reports to go to an alternate user instead of admin + for Workstation Backups - Improve how Backup to Workstation handles full remote disks. - Do not make backup fail when due to a modified file. - Localise the choices for 'Select the type of share for backup @@ -116,49 +107,129 @@ Backups - A new database property, OpenFilesLimit, allows customisation of open_files_limit option in my.cnf. This can allow backups to succeed if a MySQL database has a very large number of tables. +- Restoring from a Workstation Backup showed a false failure. +- Workstation Backup emails include a To: header. +- Workstation Backup includes the system name and also indicates failure + if applicable in the subject line of the email. +- Update backup instructions in server-manager. +- The Workstation Backup panel now removes leading and trailing spaces + from the hostname. +- Fix removal of leading slash in storage location. +- The Workstation backup to USB panel no longer presents mounted disks. +- Only define Workstation Backup temporary directory once. +- Remove relocate_samba_file and all references to /etc/smbpasswd. +- Improved upgrade compatibility, remove .orig +- create mount point for verify +- remove comment re smbpasswd being last +- Fix mounting usb disks +- Don't backup more than once per day +- Fix full backup on Sunday diplayed as Everyday +- Add more excludes for compressed filetypes +- Porting Jean-Paul Leclere changes in the SME Server 7 tree to SME + Server 8: +- using credentials file for cifs mount +- workstation backup: add cifs credentials expand to + bootstrap-console-save +- workstation backup: allow many backups in the same day +- workstation restore: all needed backups must be available before + restore +- workstation verify: add option to check integrity of backups needed in + a full restore +- Fix DAR e-mail message with regards to incremental backups +- Fix discrepancy in maximum compression level +- Fix console backup from removable media +- Fix console restore from removable media (Federico Simoncelli) +- Auto-mount USB REV70-drive as usbdisk File Server ----------- +- Gracefully handle upgrades from SerNet Samba (SME7 TO SME8 VITH YUM) - Change separator character in general Samba configuration file. - Changes in Samba's "Recycle VFS exclude" syntax (for ibays). +- Use samba3x package for windows 7 compatibility. +- Remove require strong key part of regedit file. +- Backup all the samba tdb files. +- Add dependency /usr/bin/tdbbackup. +- Create/remove V2 profile directories +- Enable bindinterfaces by default +- Set recyle bin permissions +- Add registry file to server-resources to allow windows 7 to join Samba + 3.x domains +- Fix warnings in template expansion +- Fix migrate fragments for samba LDAP (Optional in SME 8, and considered experimental) ---- -- Create samba account during event for machine. -- Keep uid/gid for computer accounts in synch for Unix/Samba/LDAP. -- Fixed syntax error in create-machine-account. -- Fix samba-group-mapping for users without group membership. +- Create samba account during event for machine +- Keep uid/gid for computer accounts in synch for Unix/Samba/LDAP +- Fixed syntax error in create-machine-account +- Fix samba-group-mapping for users without group membership - Fix cpu critical patch missing ' - LDAP admin password needs to be loaded in secrets.tdb -- Change authentication from passwd/shadow files to the pam database. -- Turba searches on LDAP address book fixed. +- Change authentication from passwd/shadow files to the pam database +- Turba searches on LDAP address book fixed - Properly handle account with accents in first- or lastname with - regards to LDAP. -- Fix create user gid parameter. -- Path for gpasswd command fixed in "init-accounts" script. -- All ibay account commands as system accounts in LDAP. -- Create ibay accounts as system accounts in LDAP. -- Use cpu commands to manage Ibays accounts if ldap is master. -- Make cpu calls critical only with ldap{Auth} is enabled. -- Check slapd.conf syntax before trying to dump the database. + regards to LDAP +- Fix create user gid parameter +- Path for gpasswd command fixed in "init-accounts" script +- All ibay account commands as system accounts in LDAP +- Create ibay accounts as system accounts in LDAP +- Use cpu commands to manage Ibays accounts if ldap is master +- Make cpu calls critical only with ldap{Auth} is enabled +- Check slapd.conf syntax before trying to dump the database - Simplify ldap-update call by calling ldif-fix - Change script order: ldap-update should be called after - domain-group-maps. -- LDAP ou field is taken from Dept not Department. -- LDAP changes: Add rfc2739.schema back in and include in config. -- Use ldapmodify to load ldif, add -a if no changetype. -- Remove bogus junk attribute from ldif templates. -- Change startup order for ldap. -- ldap should store locked passwords for expired passwords. + domain-group-maps +- LDAP ou field is taken from Dept not Department +- LDAP changes: Add rfc2739.schema back in and include in config +- Use ldapmodify to load ldif, add -a if no changetype +- Remove bogus junk attribute from ldif templates +- Change startup order for ldap +- ldap should store locked passwords for expired passwords - Add ldap as an auth type to radius -- Radius should use LDAP backend (if LDAP auth is enabled). +- Radius should use LDAP backend (if LDAP auth is enabled) +- Fix ldap-create errors when adding empty groups. +- The LDAP information for admin was not being updated. +- Don't try to save ibay password to LDAP. +- Fix admin user password change (Daniel B.) +- Init database if the ldif dump is empty (ie from sme8b) +- revert re-init database +- re-init readonly database on post-upgrade +- Force SSL/TLS for remote authentication +- reuse users_groups_ous.patch2 +- Separate groups and users with mailboxRelatedObject +- Set readonly access +- Fix ldap-update action script to user-lock event +- Add Groups entries +- Add admin user as a standard user +- Add ldap-update action script to user-lock event +- Add ldap authentication and tls support +- Update schema for newer openldap and remove calFBurl +- Convert ldif dump +- Create bdb log directory +- Change ldap backend to bdb, and fix initialisation problem Localisation ------------ -- Latest localisation updates applied. +- Other fixes include updated translations for the existing languages. +- Add Chinese (Taiwan) language (zh_TW). +- Add Hebrew language (he). +- Fix translation of local nic string in console. +- Add Thai language +- Add Polish language +- Add Romanian language +- Add Estonian language Mail Server ----------- +- Provide option to force the smtp proxy not to use CRAM-MD5 + config setprop smtp-auth-proxy PeerPort + config setprop smtp-auth-proxy MD5Patch enabled +- Fix mail to domain pseudonyms pointing to group with dot in name +- Fix Mail Log File Analysis reports +- Set SO_KEEPALIVE option on client socket to detect dead connections +- Add template fragment for pyzor timeout +- Remove spamd restart from bootstrap-console-save event - Require SMTP authentication by default when sending to an external address. - Fix TLS security defaults, TLS Ciphers for qpsmtpd can be configured. @@ -174,25 +245,109 @@ Mail Server - Fix SMTP auth wording in server-manager. - New feature: Allow for individual configuration for the number of mail logfiles. +- Disable by default the SMTP transparent proxy, however upgrades from + sme7 will retain old default behavior where SMTP connections will be + transparently proxied. +- Implement a database key (TlsBeforeAuth) to allow SMTP + Authentication without TLS. The default remains to require TLS before + Auth (introduced in SME 8Beta5). +- Update qpsmtpd to 0.84 +- Config setting to enable SMTP to ISP Authentication Debug now uses + enabled/disabled for clarity. +- Fix HeloHost patch. +- Remove cron.daily jobs that are no longer needed. +- Update email addresses on domain change. +- Work around how qpsmtpd tags spam email. +- Use HeloHost (if present) in smtp-auth-proxy.pl +- Allow for changing SPAM subject tag through server-manager +- Move creation of chrooted dev/urandom to spec-file +- Create chroot dev/urandom for stunnel to use +- Updated spec file to require php-pear(HTTP_Request) +- SMTPSmartHost template incorrectly uses brackets to avoid MX lookups +- smtproutes template incorrectly uses brackets to avoid MX lookups +- Remove qmail-workaround and obsolete it after patch to treat 0.0.0.0 + as a local ip +- Remove spool and log dir from package (in smeserver-qpsmtpd) +- Don't create smtpd user (unused in sme) +- Apply qpsmtpd git changesets to implement custom SPAM subject prefix +- Update pre requires so scripts don't fail on install +- Rebase bad_rcptto patch to remove orig file +- Change logging in tls init to prevent warnings +- Only run/initialize plugins once +- Change spool dir permissions and owner to qpsmtpd:clamav +- Change log dir permissions and owner to smelog:smelog +- don't add qpsmtpd to start-up by default +- add apache config file to qpsmtpd-apache package +- use rpm macros for dirs +- use a filelist for main package instead of a long list of files +- Setup logrotate for /var/log/clamd/clamscan.log +- Remove create option from logrotate configuration +- Setup logrotate for /var/log/clamd/smeserver-clamscan.log +- Fix permissions on freshclam.conf file +- Add HeuristicScanPrecedence option, default to yes +- Obsolete e-smith-antivirus +- Enable qpsmtpd RequireResolvableFromHost plugin by default, remove + database entry and the database default value +- Tie template fragment into event system to have it expanded +- Add qpsmtpd template fragment for custom SPAM subject prefix +- Remove FuzzyOcr +- Run sa-update every two hours and check restart every hour +- Redirect cron job output to logfile to avoid mail noise +- Fix invalid service name in sa-update Server manager -------------- - Enhance IP address syntax checking in remote access panel. +- Improve the HTML formatting of the modify quota panel. +- Remove empty

tag from footer template. +- Only display error messages intended for admin in server-manager +- Fix css validation errors. +- display reconfigure warning once if UnsavedChanges=yes +- Fix unitialized value errors in HTML.pm Webmail and Groupware --------------------- - Update to Horde 3.3.11, imp 4.3.9, Ingo 1.2.5 & Turba 2.3.5 - Add option to verify from address in webmail if setting up additional identities. +- Add the ability to have a local LDAP Group Address book. +- Templated attributes.php to add ability to have multiple email + values for a contact. Separate entries with a comma and a space. +- Update to freebusy info in sources.php +- Update to remove turbaContact info that SME is not using. +- Change horde's templated mime_drivers.php file so some additional + settings can be customized +- Make sure username is always saved in lowercase to horde db's +- Updated spec file to remove requires and obsoletes of + php-pear-HTTP-Request information moved to e-smith-imp for both sme7 + and sme8 +- Update to Spec file to obsolete smeserver-trean < 0.1-8 +- Patch to conf.php template to set a blank cookie domain so that FQDN + and non-FQDN access to webmail will work. +- Remove klutz template from registry.php +- Template imp's mime_drivers.php file so some settings can be + customized Web Server ---------- +- Enable automatic redirection for /server-resources - Disable SSLv2 by default. - make user 'apache' an alias for user 'www'. +- Default expose_php in php.ini to Off. +- Add option to disable SSLv2 +- Add OpenOffice2 MIME Types +- Add OpenOffice MIME Types +- Add XML MIME Type +- Add Microsoft Office 2007 MIME types Other fixes and updates ----------------------- -- Option to select ext4 instead of ext3 for filesystems at boot prompt +- Add MAC address into console network selection +- Fix non-translated locale in ibays panel +- Improve error message for quota +- Obsolete smeserver-php5-cgi & php-mcrypt +- Initialize ExternalInterface db structure so hwaddr in console works. +- Option to select ext4 instead of ext3 for filesystems at boot prompt. - Enable quotas on ext4 filesystems as well. - Only allow backup to (removable) storage media that are not read only. - Improve error handling when trying to install without NIC. @@ -208,6 +363,7 @@ Other fixes and updates - Correctly strip numbers from sql scripts - Enable speedier time synchronisation for suspended VMs, this can be configured by a new db key for ntpd, SupportLargeDrift. +- Set the TimeZone property earlier, so templates can rely on it. - Obsolete KeepAlive and replace by ClientAliveInterval and ClientAliveCountMax to prevent SSH sessions from being timed out by network inactivity. @@ -216,12 +372,72 @@ Other fixes and updates - Quota panel should allow non-integers but only accept uppercase units. - Obsolete magic_quotes_gpc settings. - Set default timezone for php version 5.3.3. +- Handle no network interface scenario in console. +- Do not allow pool.ntp.org as NTP server. +- Prepare for obsoletion of magic_quotes* when we supply PHP 5.3.0+ +- Fix missing space causing errors parsing the iptables rules. +- Migrate MirrorList properties to sme8 repos. +- Remove BaseURL properties if migrating to sme8 repos. +- Remove yum databases and repodata if migrating to sme8 repos. +- Enable cpuspeed by default. +- Fix scriplet error in e-smith-service script when service is disabled. +- Allow use of CNAME in remote hosts. +- Add Obsoletes for php5-cgi-{imap,ldap,mysql,pear,xmlrpc}. +- Restate smartd dependency. +- Fix gettext errors in WAN/LAN subnet error message +- Improve security by using SHA1 algorithm for certificate signing +- Fix eth? swapping +- Bump certificate encryption from 1024 bits to 2048 bits +- Add a dummy call so xgettext can pull translated $ifName in console + configuration pages. +- Translate $ifName in console configuration pages +- Prevent IP conflicts between local and external interface in server + gateway mode +- Clean up: remove unused nonetworkdrivers +- Clean up stray symlinks in /lib/modules before depmod +- Allow for different mdadm output formats for DeviceSize +- Add compiled python files to the packaged files list +- Update path for 64-bit compatibility +- Remove hiddenmenu entry from grub.conf +- adds the hwaddr parameter to probeAdapters() +- Update path for 64-bit compatibility +- Add patch (Federico Simoncelli) to prevent re-use of uids +- Fix log-error detection algorithm +- Fix another instance of ups model for new version of nut +- Template sshd login grace time, kept default at 600s +- Enable port forwards to localhost if mode is serveronly +- Adjust xml entry in locale +- Add option to limit port forwards from source ip +- Remove unnecessary Mount Proc line +- Fix owner/perms for radius files +- Fix typo in /sbin/service patch (Federico Simoncelli) +- Exit with zero exit status for services not listed in configuration + database to avoid failures in post scriptlets +- Merge in SME Server /sbin/e-smith/service wrapper so that only + initscripts which exist in run-level 7 can be run. This ensures that + the supervised service is run, if one exists, and protects against + running "service httpd restart" +- Add requires on e-smith-lib so www user is created first +- Fix regular expression to actually replace the colon with a dot +- Remove the leading path for yum in newrpms +- only unlink file if we created it +- Import only keys not already imported +- set unsaved changes in yum event +- move yum warming to sme yum plugin +- ensure file exists before unlinking +- remove semicolons from yum plugin +- Add frequency of updates toggle +- Add /etc/yum.smerepos.d to package +- Change SME mirrorlists to point to ibiblio +- Require mailx +- Add yum-protect-packages support to prevent removal of needed pacakges General features ================ -- Based on CentOS 5.7 and all available updates +- Based on CentOS 5.8 and all available updates + +$Id: README.txt,v 1.14 2012/03/19 15:13:47 wellsi Exp $ -$Id: README.txt,v 1.10 2011/09/29 06:11:45 wellsi Exp $