--- cdrom.image/sme8/README.txt 2012/05/22 07:46:08 1.15 +++ cdrom.image/sme8/README.txt 2013/07/03 02:58:39 1.16 @@ -1,10 +1,10 @@ -SME Server 8.0 Release Notes +SME Server 8.1 Release Notes ============================ -21 May 2012 +04 July 2013 The SME Server development team is pleased to announce the release of -SME Server 8.0 which is based on CentOS 5.8 +SME Server 8.1 which is based on CentOS 5.9 Bug reports and reports of potential bugs should be raised in the bug tracker (and only there, please); @@ -48,396 +48,122 @@ Notes 3. Please note it may take up to 48 hours for mirrors to finish syncing, during this time you may experience problems. - You can download SME8.0 from + You can download SME8.1 from http://mirror.contribs.org/smeserver/releases/8/iso/i386/ or for other methods see http://wiki.contribs.org/SME_Server_8 -Major changes since beta 7 -========================== -* No major changes were introduced since beta 7 - -Major changes in beta 7 -======================= -* Require authentication for all emails, including local. -* Optional - to use ext4 instead of ext3 for file systems - (except for /boot). At the boot prompt use "ext4" or "sme ext4". - *** ext4 is considered experimental, so use with caution *** -* Optional - LDAP authentication can be enabled. Once enabled it cannot - be disabled, so experiment with care. - To enable: db configuration setprop ldap Authentication enabled - -Major changes in beta 5 +Major changes since 8.0 ======================= -The policy is to stick with upstream updates unless there are compelling -reasons not to. The number of customers unable to run the software they -want because of the PHP version constituted a compelling reason. - -PHP 5.2.10: is provided by the Red Hat Application Stack v2. -5.2 is needed by recent web applications such as OScommerce. +* TBD Changes in this release ======================= -This section of this README file lists all package changes carried out -by SME-associated developers since 2009 where the most recent changes -to the package are dated after February 2010. The package changelogs -often included earlier changes and changes carried out by non-SME- -associated developers; these were removed to shorten the list. Packages -recently altered by Centos, Redhat, and Fedora-associated developers are +Packages altered by Centos, Redhat, and Fedora-associated developers are not included. Backups ------- -- Provide support for Selective Restore with modern browsers -- Remove default index.htm from Primary ibay before restore -- Allow backup reports to go to an alternate user instead of admin - for Workstation Backups -- Improve how Backup to Workstation handles full remote disks. -- Do not make backup fail when due to a modified file. -- Localise the choices for 'Select the type of share for backup - destination' in the Configure Workstation Backup panel. -- Improve the wording of the 'Backup or restore' server-manager panel. - Replace term "USB disk" with "removable disk" as this is not - restricted to only USB disks. -- Improve wording of workstation backup email regarding the set number. -- Do not modify the workstation backup location 'SmbShare' during - software update. -- Include disk usage in Workstation Backup email. -- A new database property, OpenFilesLimit, allows customisation of - open_files_limit option in my.cnf. This can allow backups to succeed - if a MySQL database has a very large number of tables. -- Restoring from a Workstation Backup showed a false failure. -- Workstation Backup emails include a To: header. -- Workstation Backup includes the system name and also indicates failure - if applicable in the subject line of the email. -- Update backup instructions in server-manager. -- The Workstation Backup panel now removes leading and trailing spaces - from the hostname. -- Fix removal of leading slash in storage location. -- The Workstation backup to USB panel no longer presents mounted disks. -- Only define Workstation Backup temporary directory once. -- Remove relocate_samba_file and all references to /etc/smbpasswd. -- Improved upgrade compatibility, remove .orig -- create mount point for verify -- remove comment re smbpasswd being last -- Fix mounting usb disks -- Don't backup more than once per day -- Fix full backup on Sunday diplayed as Everyday -- Add more excludes for compressed filetypes -- Porting Jean-Paul Leclere changes in the SME Server 7 tree to SME - Server 8: -- using credentials file for cifs mount -- workstation backup: add cifs credentials expand to - bootstrap-console-save -- workstation backup: allow many backups in the same day -- workstation restore: all needed backups must be available before - restore -- workstation verify: add option to check integrity of backups needed in - a full restore -- Fix DAR e-mail message with regards to incremental backups -- Fix discrepancy in maximum compression level -- Fix console backup from removable media -- Fix console restore from removable media (Federico Simoncelli) -- Auto-mount USB REV70-drive as usbdisk +- Add second sleep to fix MS Vista issues, patch by Terry Fage +- Allow full backup to occur on Sunday +- Console USB Backup, allow user setting of compression level File Server ----------- -- Gracefully handle upgrades from SerNet Samba (SME7 TO SME8 VITH YUM) -- Change separator character in general Samba configuration file. -- Changes in Samba's "Recycle VFS exclude" syntax (for ibays). -- Use samba3x package for windows 7 compatibility. -- Remove require strong key part of regedit file. -- Backup all the samba tdb files. -- Add dependency /usr/bin/tdbbackup. -- Create/remove V2 profile directories -- Enable bindinterfaces by default -- Set recyle bin permissions -- Add registry file to server-resources to allow windows 7 to join Samba - 3.x domains -- Fix warnings in template expansion -- Fix migrate fragments for samba +- Revert previous change. +- Add ability to configure waiting for network Win7 registry option +- Remove samba_audit specific loglotate configuration +- Enable smb auditing per ibay +- Update dependency to /usr/bin/tdbbackup12 LDAP (Optional in SME 8, and considered experimental) ---- -- Create samba account during event for machine -- Keep uid/gid for computer accounts in synch for Unix/Samba/LDAP -- Fixed syntax error in create-machine-account -- Fix samba-group-mapping for users without group membership -- Fix cpu critical patch missing ' -- LDAP admin password needs to be loaded in secrets.tdb -- Change authentication from passwd/shadow files to the pam database -- Turba searches on LDAP address book fixed -- Properly handle account with accents in first- or lastname with - regards to LDAP -- Fix create user gid parameter -- Path for gpasswd command fixed in "init-accounts" script -- All ibay account commands as system accounts in LDAP -- Create ibay accounts as system accounts in LDAP -- Use cpu commands to manage Ibays accounts if ldap is master -- Make cpu calls critical only with ldap{Auth} is enabled -- Check slapd.conf syntax before trying to dump the database -- Simplify ldap-update call by calling ldif-fix -- Change script order: ldap-update should be called after - domain-group-maps -- LDAP ou field is taken from Dept not Department -- LDAP changes: Add rfc2739.schema back in and include in config -- Use ldapmodify to load ldif, add -a if no changetype -- Remove bogus junk attribute from ldif templates -- Change startup order for ldap -- ldap should store locked passwords for expired passwords -- Add ldap as an auth type to radius -- Radius should use LDAP backend (if LDAP auth is enabled) -- Fix ldap-create errors when adding empty groups. -- The LDAP information for admin was not being updated. -- Don't try to save ibay password to LDAP. -- Fix admin user password change (Daniel B.) -- Init database if the ldif dump is empty (ie from sme8b) -- revert re-init database -- re-init readonly database on post-upgrade -- Force SSL/TLS for remote authentication -- reuse users_groups_ous.patch2 -- Separate groups and users with mailboxRelatedObject -- Set readonly access -- Fix ldap-update action script to user-lock event -- Add Groups entries -- Add admin user as a standard user -- Add ldap-update action script to user-lock event -- Add ldap authentication and tls support -- Update schema for newer openldap and remove calFBurl -- Convert ldif dump -- Create bdb log directory -- Change ldap backend to bdb, and fix initialisation problem Localisation ------------ -- Other fixes include updated translations for the existing languages. -- Add Chinese (Taiwan) language (zh_TW). -- Add Hebrew language (he). -- Fix translation of local nic string in console. -- Add Thai language -- Add Polish language -- Add Romanian language -- Add Estonian language +*** NONE *** Mail Server ----------- -- Provide option to force the smtp proxy not to use CRAM-MD5 - config setprop smtp-auth-proxy PeerPort - config setprop smtp-auth-proxy MD5Patch enabled -- Fix mail to domain pseudonyms pointing to group with dot in name -- Fix Mail Log File Analysis reports -- Set SO_KEEPALIVE option on client socket to detect dead connections -- Add template fragment for pyzor timeout -- Remove spamd restart from bootstrap-console-save event -- Require SMTP authentication by default when sending to an external - address. -- Fix TLS security defaults, TLS Ciphers for qpsmtpd can be configured. -- Change enabled to transparent for mail proxy. -- Enable authentication for smtp traffic and migrate if necessary. -- Fix pseudonym modification for "local network only" accounts. -- Add smtp auth into web interface, not just when enabled. -- Fix require_resolvable_fromhost doesn't work -- Fix qpsmtpd plugin fatal errors when incoming mail message has no - headers. -- Serialize configure_peers to prevent errors. -- Fix SMTP proxy wording in server-manager. -- Fix SMTP auth wording in server-manager. -- New feature: Allow for individual configuration for the number of - mail logfiles. -- Disable by default the SMTP transparent proxy, however upgrades from - sme7 will retain old default behavior where SMTP connections will be - transparently proxied. -- Implement a database key (TlsBeforeAuth) to allow SMTP - Authentication without TLS. The default remains to require TLS before - Auth (introduced in SME 8Beta5). -- Update qpsmtpd to 0.84 -- Config setting to enable SMTP to ISP Authentication Debug now uses - enabled/disabled for clarity. -- Fix HeloHost patch. -- Remove cron.daily jobs that are no longer needed. -- Update email addresses on domain change. -- Work around how qpsmtpd tags spam email. -- Use HeloHost (if present) in smtp-auth-proxy.pl -- Allow for changing SPAM subject tag through server-manager -- Move creation of chrooted dev/urandom to spec-file -- Create chroot dev/urandom for stunnel to use -- Updated spec file to require php-pear(HTTP_Request) -- SMTPSmartHost template incorrectly uses brackets to avoid MX lookups -- smtproutes template incorrectly uses brackets to avoid MX lookups -- Remove qmail-workaround and obsolete it after patch to treat 0.0.0.0 - as a local ip -- Remove spool and log dir from package (in smeserver-qpsmtpd) -- Don't create smtpd user (unused in sme) -- Apply qpsmtpd git changesets to implement custom SPAM subject prefix -- Update pre requires so scripts don't fail on install -- Rebase bad_rcptto patch to remove orig file -- Change logging in tls init to prevent warnings -- Only run/initialize plugins once -- Change spool dir permissions and owner to qpsmtpd:clamav -- Change log dir permissions and owner to smelog:smelog -- don't add qpsmtpd to start-up by default -- add apache config file to qpsmtpd-apache package -- use rpm macros for dirs -- use a filelist for main package instead of a long list of files -- Setup logrotate for /var/log/clamd/clamscan.log -- Remove create option from logrotate configuration -- Setup logrotate for /var/log/clamd/smeserver-clamscan.log -- Fix permissions on freshclam.conf file -- Add HeuristicScanPrecedence option, default to yes -- Obsolete e-smith-antivirus -- Enable qpsmtpd RequireResolvableFromHost plugin by default, remove - database entry and the database default value -- Tie template fragment into event system to have it expanded -- Add qpsmtpd template fragment for custom SPAM subject prefix -- Remove FuzzyOcr -- Run sa-update every two hours and check restart every hour -- Redirect cron job output to logfile to avoid mail noise -- Fix invalid service name in sa-update +- Always enable imap, listen on the loopback if disabled +- Avoid use of unitialised variables in smtp migrate fragments +- Allow smtp_auth_proxy to use port 587 with STARTTLS, by Charlie Brady +- Allow blacklist of SMTP AUTH methods, replaces previous patch +- Remove imap-relocate-maildirs action as obsolete and slow +- Don't use SSL over loopback +- Easier to read version of softlimit patch +- More robust version of softlimit patch +- Softlimit is now a database variable for pop3 and pop3s +- Reverse change in Template Qmail MaxMessageSize +- modify domain style pseudonyms to point to the correct user, by Filippo Carletti +- Template Qmail MaxMessageSize +- smeserver-qpsmtpd reads MaxMessageSize prop of spamassassin and adds it +to the arguments of the plugin if defined, patch by Daniel +- Revert the 2.2.0-14 change and fix properly in e-smith-base +- tls ciphers defaults to disallow SSLv2 +- Reverse changes in 2.2.0-6 and fix how qpsmtpd tags spam email, codes by Charlie Brady Server manager -------------- -- Enhance IP address syntax checking in remote access panel. -- Improve the HTML formatting of the modify quota panel. -- Remove empty

tag from footer template. -- Only display error messages intended for admin in server-manager -- Fix css validation errors. -- display reconfigure warning once if UnsavedChanges=yes -- Fix unitialized value errors in HTML.pm +- Do not load mod_ssl +- Correct processing of server-manager URL +- Fix more uninitialized warnings from HTML.pm, from Charlie Brady +- Remove log noise from Create starter web site panel Webmail and Groupware --------------------- -- Update to Horde 3.3.11, imp 4.3.9, Ingo 1.2.5 & Turba 2.3.5 -- Add option to verify from address in webmail if setting up additional - identities. -- Add the ability to have a local LDAP Group Address book. -- Templated attributes.php to add ability to have multiple email - values for a contact. Separate entries with a comma and a space. -- Update to freebusy info in sources.php -- Update to remove turbaContact info that SME is not using. -- Change horde's templated mime_drivers.php file so some additional - settings can be customized -- Make sure username is always saved in lowercase to horde db's -- Updated spec file to remove requires and obsoletes of - php-pear-HTTP-Request information moved to e-smith-imp for both sme7 - and sme8 -- Update to Spec file to obsolete smeserver-trean < 0.1-8 -- Patch to conf.php template to set a blank cookie domain so that FQDN - and non-FQDN access to webmail will work. -- Remove klutz template from registry.php -- Template imp's mime_drivers.php file so some settings can be - customized + Web Server ---------- -- Enable automatic redirection for /server-resources -- Disable SSLv2 by default. -- make user 'apache' an alias for user 'www'. -- Default expose_php in php.ini to Off. -- Add option to disable SSLv2 -- Add OpenOffice2 MIME Types -- Add OpenOffice MIME Types -- Add XML MIME Type -- Add Microsoft Office 2007 MIME types +- Disable index listing of Apache icons folder Other fixes and updates ----------------------- -- Add MAC address into console network selection -- Fix non-translated locale in ibays panel -- Improve error message for quota -- Obsolete smeserver-php5-cgi & php-mcrypt -- Initialize ExternalInterface db structure so hwaddr in console works. -- Option to select ext4 instead of ext3 for filesystems at boot prompt. -- Enable quotas on ext4 filesystems as well. -- Only allow backup to (removable) storage media that are not read only. -- Improve error handling when trying to install without NIC. -- Only remove dangling symlinks in weak-updates directories. -- Fix template-expansion for dhclient.conf. -- Improve validation (error) message for remote access setup. -- Change text in hostname and addresses panel for remote host (add - FQDN). -- Fix hostname editing for comments with double speechmarks -- Trap croak inside Net::IPv4Addr::ipv4_in_network to allow a FQDN to be - inserted in hostnames and addresses panel in lieu of an IP address. -- Add validator back for ip or cname entry. -- Correctly strip numbers from sql scripts -- Enable speedier time synchronisation for suspended VMs, this can be - configured by a new db key for ntpd, SupportLargeDrift. -- Set the TimeZone property earlier, so templates can rely on it. -- Obsolete KeepAlive and replace by ClientAliveInterval and - ClientAliveCountMax to prevent SSH sessions from being timed out by - network inactivity. -- New feature: Default Cipher to blowfish for ssh configuration. -- Add directive "PersistentPasswd off" to proftpd configuration. -- Quota panel should allow non-integers but only accept uppercase units. -- Obsolete magic_quotes_gpc settings. -- Set default timezone for php version 5.3.3. -- Handle no network interface scenario in console. -- Do not allow pool.ntp.org as NTP server. -- Prepare for obsoletion of magic_quotes* when we supply PHP 5.3.0+ -- Fix missing space causing errors parsing the iptables rules. -- Migrate MirrorList properties to sme8 repos. -- Remove BaseURL properties if migrating to sme8 repos. -- Remove yum databases and repodata if migrating to sme8 repos. -- Enable cpuspeed by default. -- Fix scriplet error in e-smith-service script when service is disabled. -- Allow use of CNAME in remote hosts. -- Add Obsoletes for php5-cgi-{imap,ldap,mysql,pear,xmlrpc}. -- Restate smartd dependency. -- Fix gettext errors in WAN/LAN subnet error message -- Improve security by using SHA1 algorithm for certificate signing -- Fix eth? swapping -- Bump certificate encryption from 1024 bits to 2048 bits -- Add a dummy call so xgettext can pull translated $ifName in console - configuration pages. -- Translate $ifName in console configuration pages -- Prevent IP conflicts between local and external interface in server - gateway mode -- Clean up: remove unused nonetworkdrivers -- Clean up stray symlinks in /lib/modules before depmod -- Allow for different mdadm output formats for DeviceSize -- Add compiled python files to the packaged files list -- Update path for 64-bit compatibility -- Remove hiddenmenu entry from grub.conf -- adds the hwaddr parameter to probeAdapters() -- Update path for 64-bit compatibility -- Add patch (Federico Simoncelli) to prevent re-use of uids -- Fix log-error detection algorithm -- Fix another instance of ups model for new version of nut -- Template sshd login grace time, kept default at 600s -- Enable port forwards to localhost if mode is serveronly -- Adjust xml entry in locale -- Add option to limit port forwards from source ip -- Remove unnecessary Mount Proc line -- Fix owner/perms for radius files -- Fix typo in /sbin/service patch (Federico Simoncelli) -- Exit with zero exit status for services not listed in configuration - database to avoid failures in post scriptlets -- Merge in SME Server /sbin/e-smith/service wrapper so that only - initscripts which exist in run-level 7 can be run. This ensures that - the supervised service is run, if one exists, and protects against - running "service httpd restart" -- Add requires on e-smith-lib so www user is created first -- Fix regular expression to actually replace the colon with a dot -- Remove the leading path for yum in newrpms -- only unlink file if we created it -- Import only keys not already imported -- set unsaved changes in yum event -- move yum warming to sme yum plugin -- ensure file exists before unlinking -- remove semicolons from yum plugin -- Add frequency of updates toggle -- Add /etc/yum.smerepos.d to package -- Change SME mirrorlists to point to ibiblio -- Require mailx -- Add yum-protect-packages support to prevent removal of needed pacakges +- Use UTF-8 in the console, by Daniel Berteaud +- Update ServerName (Samba netbios name) when SystemName is updated +- Remove old System Name from the Hosts DB, by Charlie Brady +- Prevent emailing about the normal, weekly, checks of RAID arrays, +by Mark Casey +- Fix init-account script when LDAP auth is enabled +- Fix group creation/modification when LDAP auth is enabled +- Add_template_to_ssl.pem +- Ensure existing_hwaddr is always initialized +- In the console refer to removable media instead of USB disk +- Optimize user-modify-unix script and link it in bootstrap-ldap-save +- Post-upgrades not fired after restore from console +- Correction for when DB value is lower than MIN_MEMORY_LIMIT +- Simplified patch after review comments +- Updated previous patch to avoid migrate fragment +- Increase memory limit for pppoe to 100Mb +- Template /etc/updatedb.conf +- Make CipherSuite secure by default +- D-root is changing its IPv4 address +- Wait for slapd to be ready before running bootstrap-ldap-save +- Add missing dependency on openldap-servers +- Fix removing old BDB log files +- Remove unused BDB log files +- Improve error checking in isValidIP +- Prevent multiple instances of the masq script running, +patch by Charlie Brady +- Force magic_quotes Off +- Ensure Deny from all is on its own line in 15LimitLOGIN +- Workaround a deficiency in the proftpd package where it doesn't +handle long lines correctly in its configuration file. +Fix submitted by Charlie Brady +- Remove previous change +- Add VRoot engine to avoid pam log error +- Add php53-* provides to provide compatibility +- Obsolete php-domxml and php-dom +- Update Obsoletes and Conflicts General features ================ -- Based on CentOS 5.8 and all available updates +- Based on CentOS 5.9 and all available updates -$Id: README.txt,v 1.14 2012/03/19 15:13:47 wellsi Exp $ +$Id: README.txt,v 1.15 2012/05/22 07:46:08 wellsi Exp $