/[smeserver]/cdrom.image/sme8/README.txt
ViewVC logotype

Diff of /cdrom.image/sme8/README.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.31 by wellsi, Fri Feb 28 03:31:29 2014 UTC Revision 1.33 by vip-ire, Fri Mar 27 08:26:14 2015 UTC
# Line 1  Line 1 
1  SME Server 8.1 Release Notes  Koozali SME Server 8.2 Release Notes
2  ============================  ====================================
3    
4  28 February 2014  18 March 2015
5    
6  The SME Server development team is pleased to announce the release of  The Koozali SME Server (SME Server) development team is pleased to announce
7  SME Server 8.1 which is based on CentOS 5.10  the release of SME Server 8.2 beta2 which is based on CentOS 5.11
8    
9  Bug reports and reports of potential bugs should be raised in the bug  Bug reports and reports of potential bugs should be raised in the bug
10  tracker (and only there, please);  tracker (and only there, please);
11    
12      http://bugs.contribs.org/      http://bugs.contribs.org/
13    
14    Download
15    ========
16    
17    You can download SME Server 8.2 beta2 from
18    http://mirror.contribs.org/smeserver/releases/testing/8.2.beta2/
19    or for other methods see http://wiki.contribs.org/SME_Server:Download
20    
21    Please note it may take up to 48 hours for mirrors to finish syncing,
22    during this time you may experience problems.
23    
24    
25  About SME Server  About SME Server
26  ================  ================
27    
# Line 19  enterprises. SME Server is brought to yo Line 30  enterprises. SME Server is brought to yo
30  a non-profit corporation that exists to provide marketing and legal support  a non-profit corporation that exists to provide marketing and legal support
31  for SME Server.  for SME Server.
32    
33    
34  SME Server is freely available under the GNU General Public License and  SME Server is freely available under the GNU General Public License and
35  is only possible through the efforts of the SME Server community.  is only possible through the efforts of the SME Server community.
36  However, the availability and quality of SME Server is dependent on  However, the availability and quality of SME Server is dependent on
37  meeting our expenses, such as hosting costs, server hardware, etc.  meeting our expenses, such as hosting costs, server hardware, etc.
38    
39  As such, we ask for a donation to offset costs and fund further development.  As such, we ask for a donation to offset costs and fund further development.
40    
41  a) If you are a school, a church, a non-profit organisation or an individual  a) If you are a school, a church, a non-profit organisation or an individual
42  using SME Server for private purposes, we would appreciate you to contribute  using SME Server for private purposes, we would appreciate you to contribute
43  within your means toward the costs associated with hosting, maintenance and  within your means toward the costs associated with hosting, maintenance and
44  development.  development.
45    
46  b) If you are a company or an integrator and you are deploying SME Server in  b) If you are a company or an integrator and you are deploying SME Server in
47  the course of your work to generate revenue, we expect you to make a donation  the course of your work to generate revenue, we expect you to make a donation
48  commensurate with the level of revenue you generate and the number of servers  commensurate with the level of revenue you generate and the number of servers
# Line 39  Please visit http://wiki.contribs.org/Do Line 53  Please visit http://wiki.contribs.org/Do
53  Koozali Inc is happy to supply an invoice for any donations received,  Koozali Inc is happy to supply an invoice for any donations received,
54  simply email treasurer@koozali.org  simply email treasurer@koozali.org
55    
56    
57  Thanks  Thanks
58  ======  ======
59    
60  The development team would like to thank all of those who have involved  The development team would like to thank all of those who have involved
61  themselves with this release.  themselves with this release.
62    
63    
64  Notes  Notes
65  =====  =====
66    
67  1. CentOS 5 has dropped support for i586 and therefore SME Server 8.1  1. CentOS 5 has dropped support for i586 and therefore SME Server 8.2
68     will not work on i586 hardware. [See bugzilla:2845]. i586 hardware     will not work on i586 hardware. [See bugzilla:2845]. i586 hardware
69     means processors before and including Intel Pentium, Pentium MMX;     means processors before and including Intel Pentium, Pentium MMX;
70     AMD K5, K6, K6-II, K6-III and Via C3. i686 architecture processors     AMD K5, K6, K6-II, K6-III and Via C3. i686 architecture processors
71     are Intel Pentium Pro, Pentium II, Pentium III; AMD Athlon,     are Intel Pentium Pro, Pentium II, Pentium III; AMD Athlon,
72     Athlon XP and later.     Athlon XP and later.
73    
74  2. Some notes on SME Server 8.1 including help on upgrades can be found at  
75    2. Some notes on SME Server 8.2 including help on upgrades can be found at
76     http://wiki.contribs.org/SME_Server_8     http://wiki.contribs.org/SME_Server_8
77    
 3. Please note it may take up to 48 hours for mirrors to finish syncing,  
    during this time you may experience problems.  
    You can download SME Server 8.1 from  
    http://mirror.contribs.org/smeserver/releases/8.1/iso/i386/  
    or for other methods see http://wiki.contribs.org/SME_Server_8  
78    
79  Changes from RC 1  3. Please note Upstream policy on Production Phase 3 for EL5. Only those
80  ===================     security updates deemed crucial are now being released upstream for EL5
81       (so also for SME8) The Koozali team recommends that you start moving
82       workloads from SME Server 8 to SME Server 9.
83       Planned EOL for CentOS 5 is Mar 31 2017
84    
 There are no major changes.  
85    
86  Changes from Beta 4  4. Please note it may take up to 48 hours for mirrors to finish syncing,
87  ===================     during this time you may experience problems.
88       You can download SME Server 8.2 from
89       http://mirror.contribs.org/smeserver/releases/8.2/iso/i386/
90       or for other methods see http://wiki.contribs.org/SME_Server_8
91    
 There are no major changes.  
 Update with ca-bundle.crt from SME 9.  
   
 Changes from Beta 3  
 ===================  
   
 Set sme-server as the default workgroup and domain name for  
 new installations.  
 Remove insecure SSL ciphers.  
 Due to SMTP servers not handling SMTP Auth well only present  
 one auth method at a time, in order, to NET::SMTP.  
 Allow webmail access to be selected for only the local network.  
 Provide the ability to force https per ibay.  
   
 Changes from Beta 2  
 ===================  
   
 Update to CentOS 5.10  
 Update footer copyright and renew full copyright text.  
 Latest version of Dar, 2.4.11, for workstation backup.  
 Workstation Backup, fix selective restore by requesting array of results  
 from CGI.pm  
 Workstation Backup, new method to show files being restored is needed  
 when using dar 2.4  
   
 Changes from Beta 1  
 ===================  
   
 nodmraid is now the default install option as many issues have been seen with  
 dmraid.  
 Installer warning updated to clarify all attached disks will be reformatted.  
 SME Server changes to initscripts included.  
 Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.  
 Updated to latest Antivirus, ClamAV, 0.98.  
 Added donation text and graphic to login page and server-manager.  
 Modules necessary to implement .htaccess have now been loaded by default.  
92    
93  Changes in this release  Changes in this release
94  =======================  =======================
# Line 115  Changes in this release Line 96  Changes in this release
96  Packages altered by Centos, Redhat, and Fedora-associated developers are  Packages altered by Centos, Redhat, and Fedora-associated developers are
97  not included.  not included.
98    
   
99  Backups  Backups
100  -------  -------
101  - Latest version of Dar, 2.4.11, for workstation backup.   - Add pkgconfig dar
102  - Workstation Backup allows the day of the week to be specified on which a   - New Upstream Version dar
103    full backup occurs. This now works correctly for all days of the week.   - Add requires nfs-utils
104  - To increase reliability of backups to a Microsoft Vista drive, a one second   - The nfs service is neither started or allowed to start
105    delay was added to the backup. This issue is not seen on the newer Microsoft   - Workstation Backup, do not create folder in /
   OS.  
 - Allow user setting of compression level for Desktop and Console Backups.  
   For example: config setprop backupconsole CompressionLevel -6  
   The default is -6, where -1 is fastest and -9 is optimal compression.  
 - In the console, under item 8, refer to removable media instead of USB  
   device.  
 - After a restore from the console the post-upgrade event was not being  
   performed.  
 - Add an option to use Wake on LAN before starting Workstation Backup.  
 - Workstation Backup, report cifs mount errors.  
 - Workstation Backup, remove temporary directory on success .  
 - Workstation Backup, add a choice to delete old backup before or after  
   backup.  
 - Workstation Backup, ensure that the pathname passed to dar_manager is quoted  
   to allow backup destinations with spaces, eg some USB drives.  
 - Workstation Backup, count backup sets from 1 and delete the obsolete set0  
   when it goes out of scope.  
 - Workstation Backup, do not fail backup for mtime/ctime mismatch  
 - Workstation Backup, fix selective restore by requesting array  
   of results from CGI.pm  
 - Workstation Backup, new method to show files being restored is needed  
   when using dar 2.4  
 - Don't remove the apache group during restore.  
 - Workstation Backup, suppress ctime error message on incremental backups.  
 - Workstation Backup, selective restore of deleted files.  
106    
107    
108  File Server  LDAP
 -----------  
 - Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.  
 - Add support for Windows 8 domain joining & user login with a new registry  
   file.  
   /server-resources/regedit/win8samba.reg  
 - New optional samba property smb{WideLinks}, valid values are 'no' or 'yes'.  
   The current samba default is 'no'.  
   see http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WIDELINKS  
   For example to enable samba Wide Links  
   # config setprop smb WideLinks yes  
 - Add windows network performance enhancements registry file that can help  
   Windows slow logons.  
   /server-resources/regedit/windows_samba_performance.reg  
 - Two new optional samba properties smb{ServerMaxProtocol} &  
   smb{ClientMaxProtocol}.  
   For example: # config setprop smb ServerMaxProtocol NT1  
 - Remove the samba_audit specific logrotate configuration which was causing an  
   email to be sent to the admin every night.  
 - Enable smb auditing per ibay, it is disabled by default.  
   Auditing is enabled via  
   # db accounts setprop ibayname Audit enabled  
   # signal-event ibay-modify ibayname  
 - Prevent emailing about the normal, weekly, checks of RAID arrays  
 - Update ServerName (Samba netbios name) when SystemName is updated  
 - Workaround a deficiency in the proftpd package where it does not handle long  
   lines correctly in its configuration file. This caused FTP to fail when  
   large numbers of local networks were configured.  
 - Ensure Deny from all is on its own line in 15LimitLOGIN  
 - Update default ServerName in 30smbServerName, and change default  
   Workgroup and Domain to sme-server  
   
   
 LDAP (Optional in SME 8.1, and considered experimental)  
109  ----  ----
110  - Fix init-account script when LDAP auth is enabled.   - Make pdbedit output independent from locale and timezone so it can be
111  - Fix group creation/modification when LDAP auth is enabled.     parsed
 - The ldap.init script which starts just after the ldap service waits for  
   slapd to be to available. The logic to check if slapd is ready was  
   corrected.  
 - Add missing dependency on openldap-servers.  
 - The ldap log files can take significant space on servers with a lot of  
   users. This update will ensure old BDB log files are removed.  
112    
113    
114  Localisation  Localisation
115  ------------  ------------
116  - Latest translations included.   - apply locale 2015-03-14 patch from pootle
117     - apply locale 2014-12-25 patch from pootle
118     - apply locale 2014-03-08 patch from pootle
119    
120    
121  Mail Server  Mail Server
122  -----------  -----------
123  - Updated to latest Antivirus, ClamAV, 0.98.1   - Updated to ClamAV release 0.98.6
124  - Fetchmail multidrop mode follows TCPPort setting.   - Add BuildRequires for openssl-devel and libxml2-devel
125  - Avoid use of unitialised variables in smtp migrate fragments.   - Remove Packager and Vendor from ClamAV spec file.
126  - Allow smtp_auth_proxy to use port 587 with STARTTLS.   - Add new zip file signatures to default mailpatterns database : ZIPVOSX &
127  - Due to SMTP servers not handling SMTP Auth well only present     ZIPV3
128    one auth method at a time, in order, to NET::SMTP and enable   - Fix stunnel path
129    the use of a blacklist to remove the troublesome methods.   - Use stunnel instead of sslio to support TLS
130    For example to remove CRAM-MD5:   - Modify whitelist_soft transaction to interact with dnsbl filter
131    # db configuration setprop smtp-auth-proxy Blacklist CRAM-MD5     by John Crisp <jcrisp@safeandsoundit.co.uk>
132    # sv t /service/smtp-auth-proxy   - Remove DENYSOFT on SPF softfail qpsmtpd
133    More than one method can be removed:   - Increase MemLimit to 700M for clamav-0.98
134    # db configuration setprop smtp-auth-proxy Blacklist "CRAM-MD5 DIGEST-MD5"   - Remove dnsbl.ahbl.org RBL List
   # sv t /service/smtp-auth-proxy  
 - Handle exceptions during attempted SASL auth. Add more debug tracing.  
 - imap-relocate-maildirs action was removed.It was no longer necessary and was  
   sometimes very slow.  
 - The soft memory limits for pop3 and pop3s were increased. Two new optional  
   database properties pop3{MemLimit} and pop3s{MemLimit}  
   For example to increase the memory limit  
   # config setprop pop3s MemLimit 50000000  
   # expand-template /var/service/pop3s/env/MEMLIMIT  
   # config setprop pop3 MemLimit 50000000  
   # expand-template /var/service/pop3/env/MEMLIMIT  
 - New optional qmail property qmail{ConcurrencyLocal} and default for  
   /var/qmail/control/concurrencylocal changed to 20.  
   For example to decrease the local concurrecny limit  
   # config setprop qmail ConcurrencyLocal 6  
 - Modify domain style pseudonym pointing to user with dot in name.  
 - Accept messages with no body and no trailing \n after headers.  
 - Prevent email delivery failure with required updates for perl-Net-DNS and  
   qpsmtpd.  
 - New optional spamassassin property spamassassin{MaxMessageSize} to allow for  
   spamassassin qpsmtpd's plugin size limit to be changed.  
   For example to also scan larger files  
   # config setprop spamassassin MaxMessageSize 1500000  
 - Make CipherSuite secure by default and tls ciphers defaults to disallow  
   SSLv2.  
 - Fix how qpsmtpd tags spam email.  
 - Add template to extend the functionality of SSL verified certificate to IMAP  
   and SSMTP transactions  
 - Update ClamAV to release 0.97.8.  
 - Load TextCat plugin if ok_languages is enabled.  
 - Removed the databytes file from qpsmtpd config to honor the maximum message  
   size settings. See http://wiki.contribs.org/Email#Set_max_email_size  
 - Include /usr/bin/refreshclam  
 - Remove workarounds for how qpsmtpd tags spam email.  
 - Remove insecure SSL ciphers.  
 - Add keepalive option for tcpsvd for imap and imaps services.  
 - Use stunnel-tls instead of sslio to wrap imaps service.  
135    
136  Server manager  
137    PHP
138  --------------  --------------
139  - Added donation text and graphic to login page and server-manager.   - Resync with upstream php53, which include
140  - Update footer copyright and renew full copyright text.      fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
141  - Do not load mod_ssl for httpd-admin as it is not needed and creates log      xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
142    noise.      core: fix integer overflow in unserialize() CVE-2014-3669
143  - If the browser used to access the server-manager used lower case for      exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
144    %escapes a blank screen would be shown. The server manager URL processing is   - Resync with upstream php53, which include
145    now case-insensitive for %escapes.      spl: fix use-after-free in ArrayIterator due to object
146  - Fix more uninitialized warnings in log (httpd/admin_error_log) from HTML.pm.      change during sorting. CVE-2014-4698
147  - Remove log noise (httpd/admin-error-log) when accessing the Create Starter      spl: fix use-after-free in SPL Iterators. CVE-2014-4670
148    Web panel in server-manager.      gd: fix NULL pointer dereference in gdImageCreateFromXpm.
149        CVE-2014-2497
150        fileinfo: fix incomplete fix for CVE-2012-1571 in
151  Webmail and Groupware      cdf_read_property_info. CVE-2014-3587
152  ---------------------      core: fix incomplete fix for CVE-2014-4049 DNS TXT
153  - If IMAP is disabled in the server manager email panel, IMAP will now listen      record parsing. CVE-2014-3597
154    to the loopback interface to allow webmail to function.   - Resync with upstream php53, which include
155  - Webmail no longer uses SSL over loopback interface.      core: type confusion issue in phpinfo(). CVE-2014-4721
156  - Allow webmail access to be selected for only the local network.      date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712
157        core: fix heap-based buffer overflow in DNS TXT record parsing.
158        CVE-2014-4049
159        core: unserialize() SPL ArrayObject / SPLObjectStorage type
160        confusion flaw. CVE-2014-3515
161        fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270
162        fileinfo: unrestricted recursion in handling of indirect type
163        rules. CVE-2014-1943
164        fileinfo: out of bounds read in CDF parser. CVE-2012-1571
165        fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479
166        fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480
167        fileinfo: cdf_unpack_summary_info() excessive looping
168        DoS. CVE-2014-0237
169        fileinfo: CDF property info parsing nelements infinite
170        loop. CVE-2014-0238
171    
172    
173  Web Server  Web Server
174  ----------  ----------
175  - Modules necessary to implement .htaccess have now been loaded by default.   - Disable SSLv3
 - Disable index listing of Apache icons folder.  
 - PHP's magic_quotes are deprecated so should no longer be used. The php.ini  
   will now have "magic_quotes Off" instead of fully removing it as the default  
   is ON.  
 - Change wording of Software Update button.  
 - Remove insecure SSL ciphers.  
176    
177    
178  Other fixes and updates  Other fixes and updates
179  -----------------------  -----------------------
180  - Remove old System Name from the Hosts DB   - When quiting the console app with unsaved changes set the default selected
181  - Fix warning in /var/log/messages by correctly initialising the relevant     answer to NO
182    variable. The warning related to the HW Address of a NIC.   - Add a verification in the console of number of pptp clients against ip
183  - user-modify-unix script could take many minutes, it has now been optimised     allowed in dhcpd
184    to take only seconds   - Add a verification in remoteaccess panel of number of pptp clients against
185  - The memory limit for pppoe was increased to 100Mb.     ip allowed in dhcpd
186  - On upgrading from SME Server 7 to SME Server 8 an email could be sent to the   - Reset primary ibay default type
187    admin everyday due to a modified /etc/updatedb.conf file. This update   - Add a migrate fragment to sanitize the host comment for illegal characters
188    ensures the correct /etc/updatedb.conf file.     in the server-manager.
189  - Updated SME root server template as D-root changed its IPv4 address on the     Sanitize existing hostname records, Add a validator for the comment in the
190    3rd of January 2013.     hostname field
191  - The console would crash when no value is entered as static gateway in     Code done by Charlie Brady <charlieb-contribs-bugzilla@budge.apana.org.au>
192    servergateway(-private) mode. Improved error-checking in isValidIP()     and Huib <sme@artixdesign.com>
193    prevents this.   - Force SSL following ibays settings to the relevant domain
194  - Use file locking to make sure that only one copy of the masq script is   - Move mysql logging to multilog
195    running at any particular time.   - Allow ntp status queries from localhost.
196  - Add python-hashlib so we can read newer repodata signatures.   - Avoid uninitialized variable warning from last update.
197  - Point mirrorlist to mirrorlist.contribs.org   - Add ssh-autoblock for external interface - patch by Chris Maltby
198  - Increase memory limit for ntpd.   - Update to upstream version 2.3.4, which fixes CVE-2012-3478 and
199  - Add an audit for groups.     CVE-2012-2252
200  - Set sme-server as the default workgroup and domain name for   - Updated rsync-protocol.patch to fix CVE-2012-2251, and to apply on top of
201    new installations.     the
202  - Provide the ability to force https per ibay.     CVE-2012-3478 and CVE-2012-2252 fixes.
203  - Prevent server being used in NTP amplification attacks.   - Updated makefile.patch to preserve RPM CFLAGS.
204  - Modify template to allow Squid proxy https access to ports   - Added command-line-error.patch (from Debian), correcting error message
205    other than 443,563     generated when insecure command line option is used (CVE-2012-3478 fix
206  - Add logcheck to help analyse errors in the log files.     regression).
207  - Refer to removable media not CDROM in console restore.   - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
208  - Remove old images.   - Add patch for rsync3 compat (#485946)
209  - Update with ca-bundle.crt from SME 9   - Update smeserver-release for beta1 of SME Server 8.2
210     - Set the check update frequency of smecontribs through the server-manager
211     - Add a default Yum db property for check4contribsupdates
212     - Added a check-update for the smecontribs repository
213    
214    
215  General features  General features
216  ================  ================
217    
218  - Based on CentOS 5.10 and all available updates  - Based on CentOS 5.11 and all available updates
219    
220    
221  $Id: README.txt,v 1.30 2014/02/23 19:43:20 wellsi Exp $  Terry Fage
222    On behalf of the SME Server development team


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed