1 |
vip-ire |
1.18 |
Koozali SME Server 9.1 Final Release Notes |
2 |
vip-ire |
1.15 |
=========================================== |
3 |
vip-ire |
1.18 |
04 Dec 2015 |
4 |
slords |
1.1 |
|
5 |
vip-ire |
1.14 |
The Koozali SME Server (SME Server) development team is pleased to announce |
6 |
vip-ire |
1.18 |
the release of SME Server 9.1 which is based on CentOS 6.7. |
7 |
|
|
|
8 |
|
|
SME9.1 incorporates only very minor changes from SME9.1rc1 |
9 |
|
|
|
10 |
|
|
CentOS 6.# has an EOL of 20 Nov 2020. |
11 |
slords |
1.1 |
|
12 |
|
|
Bug reports and reports of potential bugs should be raised in the bug |
13 |
|
|
tracker (and only there, please); |
14 |
|
|
|
15 |
|
|
http://bugs.contribs.org/ |
16 |
|
|
|
17 |
wellsi |
1.10 |
Download |
18 |
|
|
======== |
19 |
vip-ire |
1.18 |
You can download SME Server 9.1 from |
20 |
|
|
http://mirror.contribs.org/smeserver/releases/9.1/ |
21 |
wellsi |
1.10 |
or for other methods see http://wiki.contribs.org/SME_Server:Download |
22 |
wellsi |
1.12 |
|
23 |
wellsi |
1.10 |
Please note it may take up to 48 hours for mirrors to finish syncing, |
24 |
|
|
during this time you may experience problems. |
25 |
|
|
|
26 |
slords |
1.1 |
About SME Server |
27 |
|
|
================ |
28 |
|
|
SME Server is the leading Linux distribution for small and medium |
29 |
wellsi |
1.10 |
enterprises. SME Server is brought to you by Koozali Foundation, Inc., |
30 |
|
|
a non-profit corporation that exists to provide marketing and legal support |
31 |
wellsi |
1.5 |
for SME Server. |
32 |
slords |
1.1 |
|
33 |
|
|
SME Server is freely available under the GNU General Public License and |
34 |
|
|
is only possible through the efforts of the SME Server community. |
35 |
vip-ire |
1.18 |
|
36 |
slords |
1.1 |
However, the availability and quality of SME Server is dependent on |
37 |
|
|
meeting our expenses, such as hosting costs, server hardware, etc. |
38 |
|
|
|
39 |
wellsi |
1.4 |
As such, we ask for a donation to offset costs and fund further development. |
40 |
vip-ire |
1.14 |
|
41 |
wellsi |
1.4 |
a) If you are a school, a church, a non-profit organisation or an individual |
42 |
|
|
using SME Server for private purposes, we would appreciate you to contribute |
43 |
|
|
within your means toward the costs associated with hosting, maintenance and |
44 |
slords |
1.1 |
development. |
45 |
vip-ire |
1.14 |
|
46 |
wellsi |
1.4 |
b) If you are a company or an integrator and you are deploying SME Server in |
47 |
|
|
the course of your work to generate revenue, we expect you to make a donation |
48 |
|
|
commensurate with the level of revenue you generate and the number of servers |
49 |
|
|
your have in the field. Please, help the project |
50 |
slords |
1.1 |
|
51 |
|
|
Please visit http://wiki.contribs.org/Donate to donate. |
52 |
|
|
|
53 |
wellsi |
1.10 |
Koozali Inc is happy to supply an invoice for any donations received, |
54 |
wellsi |
1.5 |
simply email treasurer@koozali.org |
55 |
|
|
|
56 |
slords |
1.1 |
Notes |
57 |
|
|
===== |
58 |
vip-ire |
1.15 |
In-place upgrades are not supported. It is necessary to backup and then restore. |
59 |
vip-ire |
1.18 |
/boot partition is always RAID 1. |
60 |
|
|
|
61 |
wellsi |
1.11 |
The spare handling for RAID arrays is not implemented. |
62 |
slords |
1.1 |
|
63 |
vip-ire |
1.14 |
USB installs are now supported, see: |
64 |
wellsi |
1.12 |
http://wiki.contribs.org/Install_From_USB#SME_Server_9 |
65 |
slords |
1.1 |
|
66 |
vip-ire |
1.18 |
Minimal changes have been made from SME9.1rc1 |
67 |
|
|
|
68 |
vip-ire |
1.16 |
Major changes in this release |
69 |
|
|
============================= |
70 |
vip-ire |
1.18 |
Added functionality to use a Dummy NIC for the internal interface. |
71 |
|
|
Set the check update frequency of smecontribs through the server-manager. |
72 |
|
|
Disable SSLv3. |
73 |
|
|
Added Windows 10 support for SME Domain. |
74 |
vip-ire |
1.14 |
|
75 |
slords |
1.1 |
Changes in this release |
76 |
|
|
======================= |
77 |
vip-ire |
1.14 |
Only the changes since SME Server 9.0 are listed, mainly |
78 |
wellsi |
1.12 |
autogenerated from the changelogs. |
79 |
wellsi |
1.4 |
|
80 |
|
|
Packages altered by Centos, Redhat, and Fedora-associated developers are |
81 |
|
|
not included. |
82 |
|
|
|
83 |
|
|
Backups |
84 |
|
|
------- |
85 |
vip-ire |
1.15 |
- dar new upstream version |
86 |
vip-ire |
1.14 |
- dar add pkgconfig |
87 |
vip-ire |
1.18 |
- The mountpoint is tested before attempting the console backup |
88 |
vip-ire |
1.14 |
- Workstation Backup, do not fail backup for mtime/ctime mismatch |
89 |
|
|
- Change the sub checkMount() to findmnt Ian Wells <esmith@wellsi.com> |
90 |
|
|
- Add requires nfs-utils |
91 |
|
|
- The nfs service is neither started or allowed to start |
92 |
|
|
- Don't remove the apache group during restore |
93 |
wellsi |
1.4 |
|
94 |
vip-ire |
1.18 |
File Server |
95 |
|
|
----------- |
96 |
|
|
- The samba performance registry is now added in the win10samba.reg |
97 |
|
|
- Fix samba audit parameters |
98 |
|
|
Patch from Jorge Gonzalez |
99 |
|
|
Replace syslog template to rsyslog so samba audits are logged in the correct |
100 |
|
|
file |
101 |
|
|
- The samba performance registry is now added in the win10samba.reg |
102 |
|
|
Corrected typo in patch of bad character '“', relative to roaming profile |
103 |
|
|
e-smith-samba-2.4.0.bz9038.W10_registry.patch |
104 |
|
|
Roaming profiles follow Windows version (.V2,.V3,.V4,.V5) |
105 |
|
|
added W10 support to SME Domain |
106 |
|
|
e-smith-samba-2.4.0.bz9038.W10_registry.patch |
107 |
|
|
- Added e-smith-samba-2.4.0.bz9048.RoamingProfileForW8.patch |
108 |
|
|
Modified the registry file for roaming profile with W8 |
109 |
|
|
Roaming profiles follow Windows version (.V2,.V3,.V4,.V5) |
110 |
|
|
- Add dependency on perl(Crypt::Cracklib), needed for ftpasswd --use-cracklib |
111 |
|
|
Add -utils subpackage for support tools (#1258440), using a sub-package to |
112 |
|
|
ensure that the main package does not require perl |
113 |
|
|
Update ftpasswd to version from proftpd 1.3.5a for additional functionality |
114 |
|
|
(SHA passwords, locking and unlocking of accounts) |
115 |
|
|
|
116 |
|
|
|
117 |
vip-ire |
1.14 |
LDAP |
118 |
wellsi |
1.4 |
---- |
119 |
vip-ire |
1.15 |
- Remove size limit for search result |
120 |
vip-ire |
1.14 |
- Make pdbedit output independent from locale and timezone so it can be |
121 |
|
|
parsed |
122 |
|
|
- Symlink /etc/init.d/ldap to /usr/bin/sv |
123 |
|
|
- Chown all DB files to ldap before staring slapd |
124 |
|
|
- Set checkpoint in slapd.conf instead of DB_CONFIG |
125 |
|
|
- Stop ldap on shutdown (rc0 and rc6) |
126 |
|
|
- Don't overwrite the ldif dump if slapcat's output is empty |
127 |
|
|
(code from Charlie Brady) |
128 |
|
|
- Run db_recover on startup |
129 |
|
|
- Don't wipe LDAP DB when the ldif dump is empty |
130 |
wellsi |
1.4 |
|
131 |
|
|
Localisation |
132 |
|
|
------------ |
133 |
vip-ire |
1.16 |
- apply locale smeserver-locale-2.4.0-locale-2015-07-12.patch |
134 |
|
|
- apply locale smeserver-locale-2.4.0-locale-2015-07-01.patch |
135 |
vip-ire |
1.14 |
- apply locale 2015-03-14 patch from pootle |
136 |
|
|
- apply locale 2014-12-25 patch from pootle |
137 |
wellsi |
1.4 |
|
138 |
|
|
Mail Server |
139 |
|
|
----------- |
140 |
vip-ire |
1.15 |
- ClamAV Updated to release 0.98.7 |
141 |
|
|
- Remove the patch e-smith-email-5.4.0-UEsDBBQDAAAIA-new-signature.patch |
142 |
|
|
- Add new zip file signatures to default mailpatterns database : UEsDBBQDAAAIA |
143 |
vip-ire |
1.14 |
- Add new zip file signatures to default mailpatterns database : ZIPVOSX & ZIPV3 |
144 |
|
|
- Disable fips mode on stunnel |
145 |
|
|
- Use stunnel instead of sslio to support TLS |
146 |
|
|
- Revert forcing TLSv1 patch as it breaks some inbound delivery |
147 |
|
|
- Revert whitelist_soft dnsbl as it hasn't been verified yet and we need to |
148 |
|
|
push the fix for TLSv1 |
149 |
|
|
- Modify whitelist_soft transaction to interact with dnsbl filter |
150 |
|
|
by John Crisp <jcrisp@safeandsoundit.co.uk> |
151 |
|
|
- Force usage of TLSv1 |
152 |
|
|
- Increase MemLimit to 700M for clamav-0.98 |
153 |
|
|
- Allow custom passdb args |
154 |
|
|
- allow IP relayclient stored by DB |
155 |
|
|
Code from Stefano ZAmboni <zamboni@mind-at-work.it> |
156 |
|
|
& Charlie Brady <charlieb-contribs-bugzilla@budge.apana.org.au> |
157 |
vip-ire |
1.15 |
- allow IP relayclient stored by DB |
158 |
|
|
Code from Stefano ZAmboni <zamboni@mind-at-work.it> |
159 |
wellsi |
1.4 |
|
160 |
vip-ire |
1.15 |
Server manager |
161 |
wellsi |
1.4 |
-------------- |
162 |
vip-ire |
1.16 |
- fix gzfile accept paths with NUL character #1213407 |
163 |
|
|
- fix patch for CVE-2015-4024 |
164 |
|
|
- fix more functions accept paths with NUL character #1213407 |
165 |
|
|
- soap: missing fix for #1222538 and #1204868 |
166 |
|
|
- core: fix multipart/form-data request can use excessive |
167 |
|
|
amount of CPU usage CVE-2015-4024 |
168 |
|
|
- fix various functions accept paths with NUL character |
169 |
|
|
CVE-2015-4026, #1213407 |
170 |
|
|
- ftp: fix integer overflow leading to heap overflow when |
171 |
|
|
reading FTP file listing CVE-2015-4022 |
172 |
|
|
- phar: fix buffer over-read in metadata parsing CVE-2015-2783 |
173 |
|
|
- phar: invalid pointer free() in phar_tar_process_metadata() |
174 |
|
|
CVE-2015-3307 |
175 |
|
|
- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329 |
176 |
|
|
- phar: fix memory corruption in phar_parse_tarfile caused by |
177 |
|
|
empty entry file name CVE-2015-4021 |
178 |
|
|
- soap: more fix type confusion through unserialize #1222538 |
179 |
|
|
- soap: more fix type confusion through unserialize #1204868 |
180 |
|
|
- core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425 |
181 |
|
|
- core: fix use-after-free in unserialize CVE-2015-2787 |
182 |
|
|
- exif: fix free on unitialized pointer CVE-2015-0232 |
183 |
|
|
- gd: fix buffer read overflow in gd_gif.c CVE-2014-9709 |
184 |
|
|
- date: fix use after free vulnerability in unserialize CVE-2015-0273 |
185 |
|
|
- enchant: fix heap buffer overflow in enchant_broker_request_dict |
186 |
|
|
CVE-2014-9705 |
187 |
|
|
- phar: use after free in phar_object.c CVE-2015-2301 |
188 |
|
|
- soap: fix type confusion through unserialize |
189 |
vip-ire |
1.14 |
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 |
190 |
|
|
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 |
191 |
|
|
- core: fix integer overflow in unserialize() CVE-2014-3669 |
192 |
|
|
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670 |
193 |
|
|
- spl: fix use-after-free in ArrayIterator due to object |
194 |
|
|
change during sorting. CVE-2014-4698 |
195 |
|
|
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670 |
196 |
|
|
- gd: fix NULL pointer dereference in gdImageCreateFromXpm. |
197 |
|
|
CVE-2014-2497 |
198 |
|
|
- fileinfo: fix incomplete fix for CVE-2012-1571 in |
199 |
|
|
cdf_read_property_info. CVE-2014-3587 |
200 |
|
|
- core: fix incomplete fix for CVE-2014-4049 DNS TXT |
201 |
|
|
record parsing. CVE-2014-3597 |
202 |
|
|
- core: type confusion issue in phpinfo(). CVE-2014-4721 |
203 |
|
|
- date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 |
204 |
|
|
- core: fix heap-based buffer overflow in DNS TXT record parsing. |
205 |
|
|
CVE-2014-4049 |
206 |
|
|
- core: unserialize() SPL ArrayObject / SPLObjectStorage type |
207 |
|
|
confusion flaw. CVE-2014-3515 |
208 |
|
|
- fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270 |
209 |
|
|
- fileinfo: unrestricted recursion in handling of indirect type |
210 |
|
|
rules. CVE-2014-1943 |
211 |
|
|
- fileinfo: out of bounds read in CDF parser. CVE-2012-1571 |
212 |
|
|
- fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479 |
213 |
|
|
- fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480 |
214 |
|
|
- fileinfo: cdf_unpack_summary_info() excessive looping |
215 |
|
|
DoS. CVE-2014-0237 |
216 |
|
|
- fileinfo: CDF property info parsing nelements infinite |
217 |
|
|
loop. CVE-2014-0238 |
218 |
|
|
- add php_get_module_initialized internal function (#1053301) |
219 |
|
|
- soap: fixRFC2616 transgression (#1045019) |
220 |
|
|
- fix static calling in non-static method (#953786) |
221 |
|
|
- fix autoload called from closing session (#954027) |
222 |
|
|
- drop unneeded part of CVE-2006-724.patch and fileinfo.patch |
223 |
|
|
extension not provided or git binary patches (#1064027) |
224 |
|
|
- odbc: fix incompatible pointer type (#1053982) |
225 |
|
|
- mysqli: fix possible segfault in mysqli_stmt::bind_result |
226 |
|
|
php bug 66762 (#1069167) |
227 |
|
|
- mysql: fix php_mysql_fetch_hash writes long value into int |
228 |
|
|
php bug 52636 (#1054953) |
229 |
wellsi |
1.4 |
|
230 |
|
|
Web Server |
231 |
|
|
---------- |
232 |
vip-ire |
1.15 |
- DIsable SSLv3 |
233 |
|
|
- Revert CRIME mitigation patch, as it's not needed |
234 |
|
|
- Mitigate CVE-2012-4929 |
235 |
vip-ire |
1.14 |
- Turn SSLEngine on in the SSL vhost (ProxyPassVirtualHosts) |
236 |
|
|
- Remove obsolete gpc_order setting from php.ini. |
237 |
|
|
- Add an upload_tmp_folder setting by db command |
238 |
vip-ire |
1.15 |
- Thanks to Michael McCarn and Jean-philippe Pialasse |
239 |
wellsi |
1.4 |
|
240 |
|
|
Other fixes and updates |
241 |
|
|
----------------------- |
242 |
vip-ire |
1.18 |
- Update /etc/mime.types templates |
243 |
|
|
- Use sha256 algorithm for signature of SSL cert. |
244 |
vip-ire |
1.16 |
- Added new createlinks function event_templates event_actions event_services |
245 |
|
|
- Don't claim to own /sbin and /sbin/e-smith |
246 |
|
|
- display variable name in the server-manager $domainName, $domainDesc $domain |
247 |
|
|
- Revert the upload_tmp_folder patch as it needs some more work |
248 |
vip-ire |
1.15 |
- Add dummy NIC support as InternalInterface |
249 |
|
|
- Only fire the ip-change event when IP is assigned to WAN nic |
250 |
vip-ire |
1.16 |
(Code by Charlie Brady and John Crisp) |
251 |
vip-ire |
1.15 |
- Only reset service access when switching to or from private server mode |
252 |
vip-ire |
1.16 |
(Code by Charlie Brady) |
253 |
vip-ire |
1.14 |
- When quiting the console app with unsaved changes set the default selected |
254 |
|
|
answer to NO |
255 |
|
|
- Added a comment to specify the real configuration file of dhcpd |
256 |
|
|
- Modified the patch of daniel e-smith-base-5.6.0-ensure_apache_alias_www.patch |
257 |
|
|
- Ensure www group exists and that apache is an alias of www |
258 |
|
|
- Check where running runlevel 4, not 7 in service wrapper |
259 |
|
|
- Correctly update NIC configuration on single NIC systems |
260 |
|
|
- Symlink udev-post service in rc7 |
261 |
|
|
- Fix PPPoE after a post-upgrade |
262 |
|
|
- Remove dependency on microcode_ctl |
263 |
|
|
- Prevent emailing about the normal, weekly, checks of RAID arrays, by Mark Casey |
264 |
|
|
- Don't claim to own /sbin and /sbin/e-smith |
265 |
|
|
- Add an upload_tmp_folder setting by db command |
266 |
|
|
Thanks to Michael McCarn and Jean-philippe Pialasse |
267 |
|
|
- the folder /tmp is created by the event init-ibays |
268 |
|
|
- the event ibay-modify create/chown/chmod the folder /tmp |
269 |
|
|
- Add an upload_tmp_folder setting by db command |
270 |
|
|
Thanks to Michael McCarn and Jean-philippe Pialasse |
271 |
|
|
- Force SSL following ibays settings to the relevant domain |
272 |
|
|
- Perl::critic syntax modifications |
273 |
|
|
- Add more PHP options to ibays only by db commands |
274 |
|
|
- Add SSLRequireSSL to ibays when SSL is set to enabled |
275 |
|
|
- Allow the admin upsd in /etc/hosts.allow |
276 |
|
|
- Creation Admin Privilege for use of upscmd & upsrw |
277 |
|
|
- Remove obsolete directives {allowfrom} |
278 |
|
|
- Access property created (default value is 'localhost') |
279 |
|
|
- Remove obsolete directives {ACL,ACCEPT,REJECT} and switch to LISTEN |
280 |
|
|
in /etc/ups/upsd.conf |
281 |
|
|
- Allow NUT in /etc/hosts.allow and in /etc/services |
282 |
|
|
Code change from Daniel B.<daniel@firewall-services.com> |
283 |
|
|
- Revert the patch e-smith-tinydns-2.4.0_add_hostname_following_dhcpdleases_hostname.patch |
284 |
|
|
- Duplicate hostnames with different IP are not used, a warn in log is printed |
285 |
|
|
- The server hostname can not be used by a dhcp client, a warning in log is printed |
286 |
|
|
- Changed the name of /tmp/dhcpd.leases to /tmp/tmpdhcpd.leases |
287 |
|
|
when the dhcpd lease is modified |
288 |
|
|
- Do template-expand of /var/service/tinydns/root/data |
289 |
|
|
- Do sigus1 of dhcp-dns & dnscache |
290 |
|
|
- Forked DHCPparse for parsing the end of lease and remove old entry of dnscache |
291 |
|
|
- Require perl-Text-DHCPparse removed |
292 |
|
|
- Timestamp added in tinydns, the entry in dnscache is cleared when the lease is over |
293 |
|
|
- Add new feature 'Parse dhcpd.leases and feed to tinydns' |
294 |
|
|
- e-smith-tinydns-2.4.0_add_hostname_following_dhcpdleases_hostname.patch |
295 |
|
|
made from the solution of Stefano Zamboni |
296 |
|
|
- Make slapd service an alias for ldap |
297 |
|
|
- Switched to sysvinit from systemd (it's rhel-6) |
298 |
|
|
- Fixed license tag Related: rhbz#632853 |
299 |
|
|
- pptpd New version |
300 |
|
|
- Dropped pppd-unbundle patch (upstreamed) |
301 |
|
|
- Various fixes according to Fedora review Related: rhbz#632853 |
302 |
|
|
- Modified for Fedora Resolves: rhbz#632853 |
303 |
|
|
- Update to upstream version 2.3.4, which fixes CVE-2012-3478 and CVE-2012-2252 |
304 |
|
|
- Updated rsync-protocol.patch to fix CVE-2012-2251, and to apply on top of the |
305 |
|
|
CVE-2012-3478 and CVE-2012-2252 fixes. |
306 |
|
|
- Updated makefile.patch to preserve RPM CFLAGS. |
307 |
|
|
- Added command-line-error.patch (from Debian), correcting error message |
308 |
|
|
generated when insecure command line option is used (CVE-2012-3478 fix |
309 |
|
|
regression). |
310 |
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
311 |
|
|
- Add patch for rsync3 compat (#485946) |
312 |
|
|
- Update runit to 2.1.2 |
313 |
|
|
- Remove now uneeded obsolete directives |
314 |
|
|
- Remove openssl from the Exclude list of centos repo |
315 |
|
|
- Add a default Yum db property for check4contribsupdates |
316 |
|
|
- Added a check-update for the smecontribs repository |
317 |
|
|
- Move protected package list to the correct location |
318 |
|
|
|
319 |
slords |
1.1 |
General features |
320 |
|
|
================ |
321 |
vip-ire |
1.16 |
- Based on CentOS 6.7 and all available updates |
322 |
wellsi |
1.10 |
|
323 |
vip-ire |
1.14 |
Terry Fage |
324 |
wellsi |
1.10 |
On behalf of the SME Server development team |