--- cdrom.image/sme8/README.txt 2012/05/22 07:46:08 1.15 +++ cdrom.image/sme8/README.txt 2013/09/11 04:35:48 1.18 @@ -1,10 +1,10 @@ -SME Server 8.0 Release Notes +SME Server 8.1Beta1 Release Notes ============================ -21 May 2012 +16 September 2013 The SME Server development team is pleased to announce the release of -SME Server 8.0 which is based on CentOS 5.8 +SME Server 8.1 Beta 1 which is based on CentOS 5.9 Bug reports and reports of potential bugs should be raised in the bug tracker (and only there, please); @@ -27,417 +27,169 @@ development. Please visit http://wiki.contribs.org/Donate to donate. -Thanks -====== +Thanks and a plea for help +========================== The development team would like to thank all of those who have involved -themselves with this release. +themselves with this release. Notes ===== -1. CentOS 5 has dropped support for i586 and therefore SME Server 8 +1. CentOS 5 has dropped support for i586 and therefore SME Server 8.1 will not work on i586 hardware. [See bugzilla:2845]. i586 hardware means processors before and including Intel Pentium, Pentium MMX; AMD K5, K6, K6-II, K6-III and Via C3. i686 architecture processors are Intel Pentium Pro, Pentium II, Pentium III; AMD Athlon, Athlon XP and later. -2. Some notes on SME 8 including help on upgrades can be found at +2. Some notes on SME 8.1 including help on upgrades can be found at http://wiki.contribs.org/SME_Server_8 3. Please note it may take up to 48 hours for mirrors to finish syncing, during this time you may experience problems. - You can download SME8.0 from + You can download SME8.1 from http://mirror.contribs.org/smeserver/releases/8/iso/i386/ or for other methods see http://wiki.contribs.org/SME_Server_8 -Major changes since beta 7 -========================== -* No major changes were introduced since beta 7 - -Major changes in beta 7 -======================= -* Require authentication for all emails, including local. -* Optional - to use ext4 instead of ext3 for file systems - (except for /boot). At the boot prompt use "ext4" or "sme ext4". - *** ext4 is considered experimental, so use with caution *** -* Optional - LDAP authentication can be enabled. Once enabled it cannot - be disabled, so experiment with care. - To enable: db configuration setprop ldap Authentication enabled - -Major changes in beta 5 -======================= -The policy is to stick with upstream updates unless there are compelling -reasons not to. The number of customers unable to run the software they -want because of the PHP version constituted a compelling reason. - -PHP 5.2.10: is provided by the Red Hat Application Stack v2. -5.2 is needed by recent web applications such as OScommerce. - Changes in this release ======================= -This section of this README file lists all package changes carried out -by SME-associated developers since 2009 where the most recent changes -to the package are dated after February 2010. The package changelogs -often included earlier changes and changes carried out by non-SME- -associated developers; these were removed to shorten the list. Packages -recently altered by Centos, Redhat, and Fedora-associated developers are +Packages altered by Centos, Redhat, and Fedora-associated developers are not included. + Backups ------- -- Provide support for Selective Restore with modern browsers -- Remove default index.htm from Primary ibay before restore -- Allow backup reports to go to an alternate user instead of admin - for Workstation Backups -- Improve how Backup to Workstation handles full remote disks. -- Do not make backup fail when due to a modified file. -- Localise the choices for 'Select the type of share for backup - destination' in the Configure Workstation Backup panel. -- Improve the wording of the 'Backup or restore' server-manager panel. - Replace term "USB disk" with "removable disk" as this is not - restricted to only USB disks. -- Improve wording of workstation backup email regarding the set number. -- Do not modify the workstation backup location 'SmbShare' during - software update. -- Include disk usage in Workstation Backup email. -- A new database property, OpenFilesLimit, allows customisation of - open_files_limit option in my.cnf. This can allow backups to succeed - if a MySQL database has a very large number of tables. -- Restoring from a Workstation Backup showed a false failure. -- Workstation Backup emails include a To: header. -- Workstation Backup includes the system name and also indicates failure - if applicable in the subject line of the email. -- Update backup instructions in server-manager. -- The Workstation Backup panel now removes leading and trailing spaces - from the hostname. -- Fix removal of leading slash in storage location. -- The Workstation backup to USB panel no longer presents mounted disks. -- Only define Workstation Backup temporary directory once. -- Remove relocate_samba_file and all references to /etc/smbpasswd. -- Improved upgrade compatibility, remove .orig -- create mount point for verify -- remove comment re smbpasswd being last -- Fix mounting usb disks -- Don't backup more than once per day -- Fix full backup on Sunday diplayed as Everyday -- Add more excludes for compressed filetypes -- Porting Jean-Paul Leclere changes in the SME Server 7 tree to SME - Server 8: -- using credentials file for cifs mount -- workstation backup: add cifs credentials expand to - bootstrap-console-save -- workstation backup: allow many backups in the same day -- workstation restore: all needed backups must be available before - restore -- workstation verify: add option to check integrity of backups needed in - a full restore -- Fix DAR e-mail message with regards to incremental backups -- Fix discrepancy in maximum compression level -- Fix console backup from removable media -- Fix console restore from removable media (Federico Simoncelli) -- Auto-mount USB REV70-drive as usbdisk +- Workstation Backup allows the day of the week to be specified on which a full backup occurs. This now works correctly for all days of the week. +- To increase reliability of backups to a Microsoft Vista drive, a one second delay was added to the backup. +- Allow user setting of compression level for Desktop and Console Backups. + For example: config setprop backupconsole CompressionLevel -6 + The default is -6, where -1 is fastest and -9 is optimal compression. +- In the console, under item 8, refer to removable media instead of USB device. +- After a restore from the console the post-upgrade event was not being performed. +- Add an option to use Wake on LAN before starting Workstation Backup. +- Workstation Backup, report cifs mount errors. +- Workstation Backup, be compatible with destinations that include spaces. +- Workstation Backup, remove temporary directory on success . +- Workstation Backup, add a choice to delete old backup before or after backup. File Server ----------- -- Gracefully handle upgrades from SerNet Samba (SME7 TO SME8 VITH YUM) -- Change separator character in general Samba configuration file. -- Changes in Samba's "Recycle VFS exclude" syntax (for ibays). -- Use samba3x package for windows 7 compatibility. -- Remove require strong key part of regedit file. -- Backup all the samba tdb files. -- Add dependency /usr/bin/tdbbackup. -- Create/remove V2 profile directories -- Enable bindinterfaces by default -- Set recyle bin permissions -- Add registry file to server-resources to allow windows 7 to join Samba - 3.x domains -- Fix warnings in template expansion -- Fix migrate fragments for samba +- Add support for Windows 8 domain joining & user login with a new registry file. + /server-resources/regedit/win8samba.reg +- New optional samba property smb{WideLinks}, valid values are 'no' or 'yes'. The current samba default is 'no'. + see http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WIDELINKS + For example to enable samba Wide Links + # config setprop smb WideLinks yes +- Add windows network performance enhancements registry file that can help Windows slow logons. + /server-resources/regedit/windows_samba_performance.reg +- Two new optional samba properties smb{ServerMaxProtocol} & smb{ClientMaxProtocol}. + For example: # config setprop smb ServerMaxProtocol NT1 +- Remove the samba_audit specific logrotate configuration which was causing an email to be sent to the admin every night. +- Enable smb auditing per ibay, it is disabled by default. + Auditing is enabled via + # db accounts setprop ibayname Audit enabled + # signal-event ibay-modify ibayname +- Prevent emailing about the normal, weekly, checks of RAID arrays +- Update ServerName (Samba netbios name) when SystemName is updated +- Workaround a deficiency in the proftpd package where it does not handle long lines correctly in its configuration file. This caused FTP to fail when large numbers of local networks were configured. +- Ensure Deny from all is on its own line in 15LimitLOGIN -LDAP (Optional in SME 8, and considered experimental) + +LDAP (Optional in SME 8.1, and considered experimental) ---- -- Create samba account during event for machine -- Keep uid/gid for computer accounts in synch for Unix/Samba/LDAP -- Fixed syntax error in create-machine-account -- Fix samba-group-mapping for users without group membership -- Fix cpu critical patch missing ' -- LDAP admin password needs to be loaded in secrets.tdb -- Change authentication from passwd/shadow files to the pam database -- Turba searches on LDAP address book fixed -- Properly handle account with accents in first- or lastname with - regards to LDAP -- Fix create user gid parameter -- Path for gpasswd command fixed in "init-accounts" script -- All ibay account commands as system accounts in LDAP -- Create ibay accounts as system accounts in LDAP -- Use cpu commands to manage Ibays accounts if ldap is master -- Make cpu calls critical only with ldap{Auth} is enabled -- Check slapd.conf syntax before trying to dump the database -- Simplify ldap-update call by calling ldif-fix -- Change script order: ldap-update should be called after - domain-group-maps -- LDAP ou field is taken from Dept not Department -- LDAP changes: Add rfc2739.schema back in and include in config -- Use ldapmodify to load ldif, add -a if no changetype -- Remove bogus junk attribute from ldif templates -- Change startup order for ldap -- ldap should store locked passwords for expired passwords -- Add ldap as an auth type to radius -- Radius should use LDAP backend (if LDAP auth is enabled) -- Fix ldap-create errors when adding empty groups. -- The LDAP information for admin was not being updated. -- Don't try to save ibay password to LDAP. -- Fix admin user password change (Daniel B.) -- Init database if the ldif dump is empty (ie from sme8b) -- revert re-init database -- re-init readonly database on post-upgrade -- Force SSL/TLS for remote authentication -- reuse users_groups_ous.patch2 -- Separate groups and users with mailboxRelatedObject -- Set readonly access -- Fix ldap-update action script to user-lock event -- Add Groups entries -- Add admin user as a standard user -- Add ldap-update action script to user-lock event -- Add ldap authentication and tls support -- Update schema for newer openldap and remove calFBurl -- Convert ldif dump -- Create bdb log directory -- Change ldap backend to bdb, and fix initialisation problem +- Fix init-account script when LDAP auth is enabled. +- Fix group creation/modification when LDAP auth is enabled. +- The ldap.init script which starts just after the ldap service waits for slapd to be to available. The logic to check if slapd is ready was corrected. +- Add missing dependency on openldap-servers. +- The ldap log files can take significant space on servers with a lot of users. This update will ensure old BDB log files are removed. + Localisation ------------ -- Other fixes include updated translations for the existing languages. -- Add Chinese (Taiwan) language (zh_TW). -- Add Hebrew language (he). -- Fix translation of local nic string in console. -- Add Thai language -- Add Polish language -- Add Romanian language -- Add Estonian language +- Latest translations included. + Mail Server ----------- -- Provide option to force the smtp proxy not to use CRAM-MD5 - config setprop smtp-auth-proxy PeerPort - config setprop smtp-auth-proxy MD5Patch enabled -- Fix mail to domain pseudonyms pointing to group with dot in name -- Fix Mail Log File Analysis reports -- Set SO_KEEPALIVE option on client socket to detect dead connections -- Add template fragment for pyzor timeout -- Remove spamd restart from bootstrap-console-save event -- Require SMTP authentication by default when sending to an external - address. -- Fix TLS security defaults, TLS Ciphers for qpsmtpd can be configured. -- Change enabled to transparent for mail proxy. -- Enable authentication for smtp traffic and migrate if necessary. -- Fix pseudonym modification for "local network only" accounts. -- Add smtp auth into web interface, not just when enabled. -- Fix require_resolvable_fromhost doesn't work -- Fix qpsmtpd plugin fatal errors when incoming mail message has no - headers. -- Serialize configure_peers to prevent errors. -- Fix SMTP proxy wording in server-manager. -- Fix SMTP auth wording in server-manager. -- New feature: Allow for individual configuration for the number of - mail logfiles. -- Disable by default the SMTP transparent proxy, however upgrades from - sme7 will retain old default behavior where SMTP connections will be - transparently proxied. -- Implement a database key (TlsBeforeAuth) to allow SMTP - Authentication without TLS. The default remains to require TLS before - Auth (introduced in SME 8Beta5). -- Update qpsmtpd to 0.84 -- Config setting to enable SMTP to ISP Authentication Debug now uses - enabled/disabled for clarity. -- Fix HeloHost patch. -- Remove cron.daily jobs that are no longer needed. -- Update email addresses on domain change. -- Work around how qpsmtpd tags spam email. -- Use HeloHost (if present) in smtp-auth-proxy.pl -- Allow for changing SPAM subject tag through server-manager -- Move creation of chrooted dev/urandom to spec-file -- Create chroot dev/urandom for stunnel to use -- Updated spec file to require php-pear(HTTP_Request) -- SMTPSmartHost template incorrectly uses brackets to avoid MX lookups -- smtproutes template incorrectly uses brackets to avoid MX lookups -- Remove qmail-workaround and obsolete it after patch to treat 0.0.0.0 - as a local ip -- Remove spool and log dir from package (in smeserver-qpsmtpd) -- Don't create smtpd user (unused in sme) -- Apply qpsmtpd git changesets to implement custom SPAM subject prefix -- Update pre requires so scripts don't fail on install -- Rebase bad_rcptto patch to remove orig file -- Change logging in tls init to prevent warnings -- Only run/initialize plugins once -- Change spool dir permissions and owner to qpsmtpd:clamav -- Change log dir permissions and owner to smelog:smelog -- don't add qpsmtpd to start-up by default -- add apache config file to qpsmtpd-apache package -- use rpm macros for dirs -- use a filelist for main package instead of a long list of files -- Setup logrotate for /var/log/clamd/clamscan.log -- Remove create option from logrotate configuration -- Setup logrotate for /var/log/clamd/smeserver-clamscan.log -- Fix permissions on freshclam.conf file -- Add HeuristicScanPrecedence option, default to yes -- Obsolete e-smith-antivirus -- Enable qpsmtpd RequireResolvableFromHost plugin by default, remove - database entry and the database default value -- Tie template fragment into event system to have it expanded -- Add qpsmtpd template fragment for custom SPAM subject prefix -- Remove FuzzyOcr -- Run sa-update every two hours and check restart every hour -- Redirect cron job output to logfile to avoid mail noise -- Fix invalid service name in sa-update +- Fetchmail multidrop mode follows TCPPort setting. +- Avoid use of unitialised variables in smtp migrate fragments. +- Allow smtp_auth_proxy to use port 587 with STARTTLS. +- Due to SMTP servers not handling SMTP Auth well enable the use of a blacklist to remove the troublesome methods. + For example to remove CRAM-MD5: + # db configuration setprop smtp-auth-proxy Blacklist CRAM-MD5 + # sv t /service/smtp-auth-proxy + More than one method can be removed: + # db configuration setprop smtp-auth-proxy Blacklist "CRAM-MD5 DIGEST-MD5" + # sv t /service/smtp-auth-proxy +- imap-relocate-maildirs action was removed.It was no longer necessary and was sometimes very slow. +- The soft memory limits for pop3 and pop3s were increased. Two new optional database properties pop3{MemLimit} and pop3s{MemLimit} + For example to increase the memory limit + # config setprop pop3s MemLimit 50000000 + # expand-template /var/service/pop3s/env/MEMLIMIT + # config setprop pop3 MemLimit 50000000 + # expand-template /var/service/pop3/env/MEMLIMIT +- New optional qmail property qmail{ConcurrencyLocal} and default for /var/qmail/control/concurrencylocal changed to 20. + For example to decrease the local concurrecny limit + # config setprop qmail ConcurrencyLocal 6 +- Modify domain style pseudonym pointing to user with dot in name. +- Accept messages with no body and no trailing \n after headers. +- Prevent email delivery failure with required updates for perl-Net-DNS and qpsmtpd. +- New optional spamassassin property spamassassin{MaxMessageSize} to allow for spamassassin qpsmtpd's plugin size limit to be changed. + For example to also scan larger files + # config setprop spamassassin MaxMessageSize 1500000 +- Make CipherSuite secure by default and tls ciphers defaults to disallow SSLv2. +- Fix how qpsmtpd tags spam email. +- Add template to extend the functionality of SSL verified certificate to IMAP and SSMTP transactions +- Update ClamAV to release 0.97.8. +- Load TextCat plugin if ok_languages is enabled. + Server manager -------------- -- Enhance IP address syntax checking in remote access panel. -- Improve the HTML formatting of the modify quota panel. -- Remove empty

tag from footer template. -- Only display error messages intended for admin in server-manager -- Fix css validation errors. -- display reconfigure warning once if UnsavedChanges=yes -- Fix unitialized value errors in HTML.pm +- Do not load mod_ssl for httpd-admin as it is not needed and creates log noise. +- If the browser used to access the server-manager used lower case for %escapes a blank screen would be shown. The server manager URL processing is now case-insensitive for %escapes. +- Fix more uninitialized warnings in log (httpd/admin_error_log) from HTML.pm. +- Remove log noise (httpd/admin-error-log) when accessing the Create Starter Web panel in server-manager + Webmail and Groupware --------------------- -- Update to Horde 3.3.11, imp 4.3.9, Ingo 1.2.5 & Turba 2.3.5 -- Add option to verify from address in webmail if setting up additional - identities. -- Add the ability to have a local LDAP Group Address book. -- Templated attributes.php to add ability to have multiple email - values for a contact. Separate entries with a comma and a space. -- Update to freebusy info in sources.php -- Update to remove turbaContact info that SME is not using. -- Change horde's templated mime_drivers.php file so some additional - settings can be customized -- Make sure username is always saved in lowercase to horde db's -- Updated spec file to remove requires and obsoletes of - php-pear-HTTP-Request information moved to e-smith-imp for both sme7 - and sme8 -- Update to Spec file to obsolete smeserver-trean < 0.1-8 -- Patch to conf.php template to set a blank cookie domain so that FQDN - and non-FQDN access to webmail will work. -- Remove klutz template from registry.php -- Template imp's mime_drivers.php file so some settings can be - customized + +- If IMAP is disabled in the server manager email panel, IMAP will now listen to the loopback interface to allow webmail to function. +- Webmail no longer uses SSL over loopback interface. + Web Server ---------- -- Enable automatic redirection for /server-resources -- Disable SSLv2 by default. -- make user 'apache' an alias for user 'www'. -- Default expose_php in php.ini to Off. -- Add option to disable SSLv2 -- Add OpenOffice2 MIME Types -- Add OpenOffice MIME Types -- Add XML MIME Type -- Add Microsoft Office 2007 MIME types +- Disable index listing of Apache icons folder. +- PHP's magic_quotes are deprecated so should no longer be used. The php.ini will now have "magic_quotes Off" instead of fully removing it as the default is ON. +- Change wording of Software Update button. + Other fixes and updates ----------------------- -- Add MAC address into console network selection -- Fix non-translated locale in ibays panel -- Improve error message for quota -- Obsolete smeserver-php5-cgi & php-mcrypt -- Initialize ExternalInterface db structure so hwaddr in console works. -- Option to select ext4 instead of ext3 for filesystems at boot prompt. -- Enable quotas on ext4 filesystems as well. -- Only allow backup to (removable) storage media that are not read only. -- Improve error handling when trying to install without NIC. -- Only remove dangling symlinks in weak-updates directories. -- Fix template-expansion for dhclient.conf. -- Improve validation (error) message for remote access setup. -- Change text in hostname and addresses panel for remote host (add - FQDN). -- Fix hostname editing for comments with double speechmarks -- Trap croak inside Net::IPv4Addr::ipv4_in_network to allow a FQDN to be - inserted in hostnames and addresses panel in lieu of an IP address. -- Add validator back for ip or cname entry. -- Correctly strip numbers from sql scripts -- Enable speedier time synchronisation for suspended VMs, this can be - configured by a new db key for ntpd, SupportLargeDrift. -- Set the TimeZone property earlier, so templates can rely on it. -- Obsolete KeepAlive and replace by ClientAliveInterval and - ClientAliveCountMax to prevent SSH sessions from being timed out by - network inactivity. -- New feature: Default Cipher to blowfish for ssh configuration. -- Add directive "PersistentPasswd off" to proftpd configuration. -- Quota panel should allow non-integers but only accept uppercase units. -- Obsolete magic_quotes_gpc settings. -- Set default timezone for php version 5.3.3. -- Handle no network interface scenario in console. -- Do not allow pool.ntp.org as NTP server. -- Prepare for obsoletion of magic_quotes* when we supply PHP 5.3.0+ -- Fix missing space causing errors parsing the iptables rules. -- Migrate MirrorList properties to sme8 repos. -- Remove BaseURL properties if migrating to sme8 repos. -- Remove yum databases and repodata if migrating to sme8 repos. -- Enable cpuspeed by default. -- Fix scriplet error in e-smith-service script when service is disabled. -- Allow use of CNAME in remote hosts. -- Add Obsoletes for php5-cgi-{imap,ldap,mysql,pear,xmlrpc}. -- Restate smartd dependency. -- Fix gettext errors in WAN/LAN subnet error message -- Improve security by using SHA1 algorithm for certificate signing -- Fix eth? swapping -- Bump certificate encryption from 1024 bits to 2048 bits -- Add a dummy call so xgettext can pull translated $ifName in console - configuration pages. -- Translate $ifName in console configuration pages -- Prevent IP conflicts between local and external interface in server - gateway mode -- Clean up: remove unused nonetworkdrivers -- Clean up stray symlinks in /lib/modules before depmod -- Allow for different mdadm output formats for DeviceSize -- Add compiled python files to the packaged files list -- Update path for 64-bit compatibility -- Remove hiddenmenu entry from grub.conf -- adds the hwaddr parameter to probeAdapters() -- Update path for 64-bit compatibility -- Add patch (Federico Simoncelli) to prevent re-use of uids -- Fix log-error detection algorithm -- Fix another instance of ups model for new version of nut -- Template sshd login grace time, kept default at 600s -- Enable port forwards to localhost if mode is serveronly -- Adjust xml entry in locale -- Add option to limit port forwards from source ip -- Remove unnecessary Mount Proc line -- Fix owner/perms for radius files -- Fix typo in /sbin/service patch (Federico Simoncelli) -- Exit with zero exit status for services not listed in configuration - database to avoid failures in post scriptlets -- Merge in SME Server /sbin/e-smith/service wrapper so that only - initscripts which exist in run-level 7 can be run. This ensures that - the supervised service is run, if one exists, and protects against - running "service httpd restart" -- Add requires on e-smith-lib so www user is created first -- Fix regular expression to actually replace the colon with a dot -- Remove the leading path for yum in newrpms -- only unlink file if we created it -- Import only keys not already imported -- set unsaved changes in yum event -- move yum warming to sme yum plugin -- ensure file exists before unlinking -- remove semicolons from yum plugin -- Add frequency of updates toggle -- Add /etc/yum.smerepos.d to package -- Change SME mirrorlists to point to ibiblio -- Require mailx -- Add yum-protect-packages support to prevent removal of needed pacakges +- Use UTF-8 in the console. +- Remove old System Name from the Hosts DB +- Fix warning in /var/log/messages by correctly initialising the relevant variable. The warning related to the HW Address of a NIC. +- user-modify-unix script could take many minutes, it has now been optimised to take only seconds +- The memory limit for pppoe was increased to 100Mb. +- On upgrading from SME Server 7 to SME Server 8 an email could be sent to the admin everyday due to a modified /etc/updatedb.conf file. This update ensures the correct /etc/updatedb.conf file. +- Updated SME root server template as D-root changed its IPv4 address on the 3rd of January. +- The console would crash when no value is entered as static gateway in servergateway(-private) mode. Improved error-checking in isValidIP() prevents this. +- Use file locking to make sure that only one copy of the masq script is running at any particular time. +- Add python-hashlib so we can read newer repodata signatures. +- Point mirrorlist to mirrorlist.contribs.org +- Increase memory limit for ntpd . General features ================ -- Based on CentOS 5.8 and all available updates +- Based on CentOS 5.9 and all available updates -$Id: README.txt,v 1.14 2012/03/19 15:13:47 wellsi Exp $ +$Id: README.txt,v 1.17 2013/07/04 01:05:42 wellsi Exp $