--- cdrom.image/sme8/README.txt 2010/08/18 09:20:11 1.8 +++ cdrom.image/sme8/README.txt 2011/09/29 06:11:45 1.10 @@ -1,10 +1,10 @@ -SME Server 8.0 Beta 6 Release Notes +SME Server 8.0 Beta 7 Release Notes =================================== -August 20 2010 +30 September 2011 The SME Server development team is pleased to announce the release of -SME Server 8.0beta6 which is based on CentOS 5.5 and will be the next +SME Server 8.0beta7 which is based on CentOS 5.7 and will be the next major release of SME Server. This is the final planned Beta for SME 8. Bug reports and reports of potential bugs should be raised in the bug @@ -15,34 +15,30 @@ tracker (and only there, please); *************************** Testers Please Note the following... -1. SME Server users currently on SME Server 8.0 Beta 5 have to perform - one manual step before upgrading due to the change of samba. - See http://wiki.contribs.org/SME_Server_8#Upgrading_samba - -2. SME Server users should not upgrade production servers to this +1. SME Server users should not upgrade production servers to this release but those who can are encouraged to load the beta to a dedicated test machine and take part in the testing phase. -3. CentOS 5 has dropped support for i586 and therefore SME Server 8 +2. CentOS 5 has dropped support for i586 and therefore SME Server 8 will not work on i586 hardware. [See bugzilla:2845]. i586 hardware means processors before and including Intel Pentium, Pentium MMX; AMD K5, K6, K6-II, K6-III and Via C3. i686 architecture processors are Intel Pentium Pro, Pentium II, Pentium III; AMD Athlon, Athlon XP and later. +3. Some notes on SME 8 including help on upgrades can be found at + http://wiki.contribs.org/SME_Server_8 + 4. Upgrading from previous releases should only be done on clean - machines without contribs or other modifications. + machines without contribs or other modifications. 5. Testers are now encouraged to test upgrade paths and to start testing contribs. They are not certain to work so only try on test servers. Please raise all issues found in the bug tracker. -6. Some notes on SME 8 including help on upgrades can be found at - http://wiki.contribs.org/SME_Server_8 - -7. Please note it may take up to 48 hours for mirrors to finish syncing, +6. Please note it may take up to 48 hours for mirrors to finish syncing, during this time you may experience problems. - You can download SME8.0 Beta 6 from + You can download SME8.0 Beta 7 from http://mirror.contribs.org/smeserver/releases/testing/8/iso/i386/ or for other methods see http://wiki.contribs.org/SME_Server_8 @@ -78,121 +74,154 @@ triage and verification testing needs lo please try to spare some time to this vital aspect of our community's future. -This release, which is based on a major update of the CentOS Core, +This release, which is based on a major update of the Centos Core, contains many new features. Please run Software Installer in Server Manager regularly during testing to be sure your system reflects the latest stage of development. -Major changes in beta 6 +Major changes in beta 7 ======================= -The policy is to stick with upstream updates unless there are compelling -reasons not to. The number of customers unable to run the software they -want because of the Samba and PHP versions constituted a compelling -reason. - -Samba 3x: -The Samba packages have reverted to those provided by CentOS to simplify -the support needed. This version of samba provides support for Windows 7 -domain logins. http://wiki.contribs.org/SME_Server_8#Upgrading_samba - +* Require authentication for all emails, including local. +* Optional - to use ext4 instead of ext3 for file systems + (except for /boot). At the boot prompt use "ext4" or "sme ext4". + *** ext4 is considered experimental, so use with caution *** +* Optional - LDAP authentication can be enabled. Once enabled it cannot + be disabled, so experiment with care. + To enable: db configuration setprop ldap Authentication enabled Changes in this release ======================= This section of this README file lists all package changes carried out -by SME-associated developers since SME Server 8.0 Beta 5. +by SME-associated developers since SME Server 8.0 Beta 6. The package changelogs often included earlier changes and changes carried out by non-SME-associated developers; these were removed to -shorten the list. Packages recently altered by CentOS, Redhat, and +shorten the list. Packages recently altered by Centos, Redhat, and Fedora-associated developers are not included. Backups ------- -- Restoring from a Workstation Backup showed a false failure. -- Workstation Backup emails include a To: header. -- Workstation Backup includes the system name and also indicates failure - if applicable in the subject line of the email. -- Update backup instructions in server-manager. -- The Workstation Backup panel now removes leading and trailing spaces - from the hostname. -- Fix removal of leading slash in storage location. -- The Workstation backup to USB panel no longer presents mounted disks. -- Only define Workstation Backup temporary directory once. -- Remove relocate_samba_file and all references to /etc/smbpasswd. +- Improve how Backup to Workstation handles full remote disks. +- Do not make backup fail when due to a modified file. +- Localise the choices for 'Select the type of share for backup + destination' in the Configure Workstation Backup panel. +- Improve the wording of the 'Backup or restore' server-manager panel. + Replace term "USB disk" with "removable disk" as this is not + restricted to only USB disks. +- Improve wording of workstation backup email regarding the set number. +- Do not modify the workstation backup location 'SmbShare' during + software update. +- Include disk usage in Workstation Backup email. +- A new database property, OpenFilesLimit, allows customisation of + open_files_limit option in my.cnf. This can allow backups to succeed + if a MySQL database has a very large number of tables. File Server ----------- -- Use samba3x package for windows 7 compatibility. -- Remove require strong key part of regedit file. -- Backup all the samba tdb files. -- Add dependency /usr/bin/tdbbackup. +- Change separator character in general Samba configuration file. +- Changes in Samba's "Recycle VFS exclude" syntax (for ibays). + +LDAP (Optional in SME 8, and considered experimental) +---- +- Create samba account during event for machine. +- Keep uid/gid for computer accounts in synch for Unix/Samba/LDAP. +- Fixed syntax error in create-machine-account. +- Fix samba-group-mapping for users without group membership. +- Fix cpu critical patch missing ' +- LDAP admin password needs to be loaded in secrets.tdb +- Change authentication from passwd/shadow files to the pam database. +- Turba searches on LDAP address book fixed. +- Properly handle account with accents in first- or lastname with + regards to LDAP. +- Fix create user gid parameter. +- Path for gpasswd command fixed in "init-accounts" script. +- All ibay account commands as system accounts in LDAP. +- Create ibay accounts as system accounts in LDAP. +- Use cpu commands to manage Ibays accounts if ldap is master. +- Make cpu calls critical only with ldap{Auth} is enabled. +- Check slapd.conf syntax before trying to dump the database. +- Simplify ldap-update call by calling ldif-fix +- Change script order: ldap-update should be called after + domain-group-maps. +- LDAP ou field is taken from Dept not Department. +- LDAP changes: Add rfc2739.schema back in and include in config. +- Use ldapmodify to load ldif, add -a if no changetype. +- Remove bogus junk attribute from ldif templates. +- Change startup order for ldap. +- ldap should store locked passwords for expired passwords. +- Add ldap as an auth type to radius +- Radius should use LDAP backend (if LDAP auth is enabled). Localisation ------------ -- Add Chinese (Taiwan) language (zh_TW). -- Add Hebrew language (he). -- Fix translation of local nic string in console. -- Other fixes include updated translations for the existing languages. +- Latest localisation updates applied. Mail Server ----------- -- Disable by default the SMTP transparent proxy, however upgrades from - sme7 will retain old default behavior where SMTP connections will be - transparently proxied. -- Implement a database key (TlsBeforeAuth) to allow SMTP - Authentication without TLS. The default remains to require TLS before - Auth (introduced in SME 8Beta5). -- Update qpsmtpd to 0.84 -- Config setting to enable SMTP to ISP Authentication Debug now uses - enabled/disabled for clarity. -- Fix HeloHost patch. -- Remove cron.daily jobs that are no longer needed. -- Update email addresses on domain change. -- Work around how qpsmtpd tags spam email. +- Require SMTP authentication by default when sending to an external + address. +- Fix TLS security defaults, TLS Ciphers for qpsmtpd can be configured. +- Change enabled to transparent for mail proxy. +- Enable authentication for smtp traffic and migrate if necessary. +- Fix pseudonym modification for "local network only" accounts. +- Add smtp auth into web interface, not just when enabled. +- Fix require_resolvable_fromhost doesn't work +- Fix qpsmtpd plugin fatal errors when incoming mail message has no + headers. +- Serialize configure_peers to prevent errors. +- Fix SMTP proxy wording in server-manager. +- Fix SMTP auth wording in server-manager. +- New feature: Allow for individual configuration for the number of + mail logfiles. Server manager -------------- -- Improve the HTML formatting of the modify quota panel. -- Remove empty

tag from footer template. +- Enhance IP address syntax checking in remote access panel. Webmail and Groupware --------------------- -- Updated to Horde 3.3.8 -- Updated to imp 4.3.7 -- Updated to Ingo 1.2.4 -- Updated to Turba 2.3.4 -- Add the ability to have a local LDAP Group Address book. -- Templated attributes.php to add ability to have multiple email - values for a contact. Separate entries with a comma and a space. -- Update to freebusy info in sources.php -- Update to remove turbaContact info that SME is not using. +- Update to Horde 3.3.11, imp 4.3.9, Ingo 1.2.5 & Turba 2.3.5 +- Add option to verify from address in webmail if setting up additional + identities. Web Server ---------- -- Default expose_php in php.ini to Off. +- Disable SSLv2 by default. +- make user 'apache' an alias for user 'www'. Other fixes and updates ----------------------- -- Handle no network interface scenario in console. -- Fix ldap-create errors when adding empty groups. -- The LDAP information for admin was not being updated. -- Don't try to save ibay password to LDAP. -- Do not allow pool.ntp.org as NTP server. -- Prepare for obsoletion of magic_quotes* when we supply PHP 5.3.0+ -- Fix missing space causing errors parsing the iptables rules. -- Migrate MirrorList properties to sme8 repos. -- Remove BaseURL properties if migrating to sme8 repos. -- Remove yum databases and repodata if migrating to sme8 repos. -- Enable cpuspeed by default. -- Fix scriplet error in e-smith-service script when service is disabled. -- Allow use of CNAME in remote hosts. -- Add Obsoletes for php5-cgi-{imap,ldap,mysql,pear,xmlrpc}. +- Option to select ext4 instead of ext3 for filesystems at boot prompt +- Enable quotas on ext4 filesystems as well. +- Only allow backup to (removable) storage media that are not read only. +- Improve error handling when trying to install without NIC. +- Only remove dangling symlinks in weak-updates directories. +- Fix template-expansion for dhclient.conf. +- Improve validation (error) message for remote access setup. +- Change text in hostname and addresses panel for remote host (add + FQDN). +- Fix hostname editing for comments with double speechmarks +- Trap croak inside Net::IPv4Addr::ipv4_in_network to allow a FQDN to be + inserted in hostnames and addresses panel in lieu of an IP address. +- Add validator back for ip or cname entry. +- Correctly strip numbers from sql scripts +- Enable speedier time synchronisation for suspended VMs, this can be + configured by a new db key for ntpd, SupportLargeDrift. +- Obsolete KeepAlive and replace by ClientAliveInterval and + ClientAliveCountMax to prevent SSH sessions from being timed out by + network inactivity. +- New feature: Default Cipher to blowfish for ssh configuration. +- Add directive "PersistentPasswd off" to proftpd configuration. +- Quota panel should allow non-integers but only accept uppercase units. +- Obsolete magic_quotes_gpc settings. +- Set default timezone for php version 5.3.3. General features ================ -- Based on CentOS 5.5 and all available updates +- Based on CentOS 5.7 and all available updates + +$Id: README.txt,v 1.9 2011/09/25 17:53:32 wellsi Exp $ -$Id: README.txt,v 1.7 2010/07/15 07:58:07 wellsi Exp $