1 |
Koozali SME Server 9.1 Beta 1 Release Notes |
Koozali SME Server 9.1 RC1 Release Announcement |
|
==================================== |
|
2 |
|
|
3 |
27th March 2015 |
Koozali SME Server 9.1 RC1 Release Notes |
4 |
|
=========================================== |
5 |
|
10th Nov 2015 |
6 |
|
|
7 |
The Koozali SME Server (SME Server) development team is pleased to announce |
The Koozali SME Server (SME Server) development team is pleased to announce |
8 |
the release of SME Server 9.1 Beta 1 which is based on CentOS 6.6. |
the release of SME Server 9.1 RC1 which is based on CentOS 6.7. |
9 |
|
|
10 |
Bug reports and reports of potential bugs should be raised in the bug |
Bug reports and reports of potential bugs should be raised in the bug |
11 |
tracker (and only there, please); |
tracker (and only there, please); |
14 |
|
|
15 |
Download |
Download |
16 |
======== |
======== |
17 |
|
You can download SME Server 9.1 RC1 from |
18 |
You can download SME Server 9.1 Beta 1 from |
http://mirror.contribs.org/smeserver/releases/testing/9.1.rc1/ |
|
http://mirror.contribs.org/smeserver/releases/testing/9.1.beta1/ |
|
19 |
or for other methods see http://wiki.contribs.org/SME_Server:Download |
or for other methods see http://wiki.contribs.org/SME_Server:Download |
20 |
|
|
21 |
Please note it may take up to 48 hours for mirrors to finish syncing, |
Please note it may take up to 48 hours for mirrors to finish syncing, |
22 |
during this time you may experience problems. |
during this time you may experience problems. |
23 |
|
|
|
|
|
24 |
About SME Server |
About SME Server |
25 |
================ |
================ |
|
|
|
26 |
SME Server is the leading Linux distribution for small and medium |
SME Server is the leading Linux distribution for small and medium |
27 |
enterprises. SME Server is brought to you by Koozali Foundation, Inc., |
enterprises. SME Server is brought to you by Koozali Foundation, Inc., |
28 |
a non-profit corporation that exists to provide marketing and legal support |
a non-profit corporation that exists to provide marketing and legal support |
50 |
Koozali Inc is happy to supply an invoice for any donations received, |
Koozali Inc is happy to supply an invoice for any donations received, |
51 |
simply email treasurer@koozali.org |
simply email treasurer@koozali.org |
52 |
|
|
|
|
|
53 |
Notes |
Notes |
54 |
===== |
===== |
55 |
|
In-place upgrades are not supported. It is necessary to backup and then restore. |
|
In-place upgrades from SME 8.x are not supported. It is necessary to backup |
|
|
and then restore. |
|
56 |
/boot partition is always RAID 1. |
/boot partition is always RAID 1. |
57 |
The spare handling for RAID arrays is not implemented. |
The spare handling for RAID arrays is not implemented. |
58 |
|
|
59 |
USB installs are now supported, see: |
USB installs are now supported, see: |
60 |
http://wiki.contribs.org/Install_From_USB#SME_Server_9 |
http://wiki.contribs.org/Install_From_USB#SME_Server_9 |
61 |
|
|
62 |
|
Major changes in this release |
63 |
|
============================= |
64 |
|
Added functionality to use a Dummy NIC for the internal interface |
65 |
|
Set the check update frequency of smecontribs through the server-manager |
66 |
|
Disable SSLv3 |
67 |
|
Added Windows 10 support for SME Domain |
68 |
|
|
69 |
Changes in this release |
Changes in this release |
70 |
======================= |
======================= |
75 |
Packages altered by Centos, Redhat, and Fedora-associated developers are |
Packages altered by Centos, Redhat, and Fedora-associated developers are |
76 |
not included. |
not included. |
77 |
|
|
|
|
|
78 |
Backups |
Backups |
79 |
------- |
------- |
80 |
|
- dar new upstream version |
81 |
- dar add pkgconfig |
- dar add pkgconfig |
|
- dar new upstream version |
|
82 |
- Workstation Backup, do not fail backup for mtime/ctime mismatch |
- Workstation Backup, do not fail backup for mtime/ctime mismatch |
83 |
- Change the sub checkMount() to findmnt Ian Wells <esmith@wellsi.com> |
- Change the sub checkMount() to findmnt Ian Wells <esmith@wellsi.com> |
84 |
- Add requires nfs-utils |
- Add requires nfs-utils |
85 |
- The nfs service is neither started or allowed to start |
- The nfs service is neither started or allowed to start |
86 |
- Don't remove the apache group during restore |
- Don't remove the apache group during restore |
87 |
|
|
|
|
|
88 |
LDAP |
LDAP |
89 |
---- |
---- |
90 |
|
- Remove size limit for search result |
91 |
- Make pdbedit output independent from locale and timezone so it can be |
- Make pdbedit output independent from locale and timezone so it can be |
92 |
parsed |
parsed |
93 |
- Symlink /etc/init.d/ldap to /usr/bin/sv |
- Symlink /etc/init.d/ldap to /usr/bin/sv |
101 |
|
|
102 |
Localisation |
Localisation |
103 |
------------ |
------------ |
104 |
|
- apply locale smeserver-locale-2.4.0-locale-2015-07-12.patch |
105 |
|
- apply locale smeserver-locale-2.4.0-locale-2015-07-01.patch |
106 |
- apply locale 2015-03-14 patch from pootle |
- apply locale 2015-03-14 patch from pootle |
107 |
- apply locale 2014-12-25 patch from pootle |
- apply locale 2014-12-25 patch from pootle |
108 |
|
|
109 |
Mail Server |
Mail Server |
110 |
----------- |
----------- |
111 |
- ClamAV Updated to release 0.98.6 |
- ClamAV Updated to release 0.98.7 |
112 |
|
- Remove the patch e-smith-email-5.4.0-UEsDBBQDAAAIA-new-signature.patch |
113 |
|
- Add new zip file signatures to default mailpatterns database : UEsDBBQDAAAIA |
114 |
- Add new zip file signatures to default mailpatterns database : ZIPVOSX & ZIPV3 |
- Add new zip file signatures to default mailpatterns database : ZIPVOSX & ZIPV3 |
115 |
- Disable fips mode on stunnel |
- Disable fips mode on stunnel |
116 |
- Use stunnel instead of sslio to support TLS |
- Use stunnel instead of sslio to support TLS |
125 |
- allow IP relayclient stored by DB |
- allow IP relayclient stored by DB |
126 |
Code from Stefano ZAmboni <zamboni@mind-at-work.it> |
Code from Stefano ZAmboni <zamboni@mind-at-work.it> |
127 |
& Charlie Brady <charlieb-contribs-bugzilla@budge.apana.org.au> |
& Charlie Brady <charlieb-contribs-bugzilla@budge.apana.org.au> |
128 |
|
- allow IP relayclient stored by DB |
129 |
|
Code from Stefano ZAmboni <zamboni@mind-at-work.it> |
130 |
|
|
131 |
PHP |
Server manager |
132 |
-------------- |
-------------- |
133 |
|
- fix gzfile accept paths with NUL character #1213407 |
134 |
|
- fix patch for CVE-2015-4024 |
135 |
|
- fix more functions accept paths with NUL character #1213407 |
136 |
|
- soap: missing fix for #1222538 and #1204868 |
137 |
|
- core: fix multipart/form-data request can use excessive |
138 |
|
amount of CPU usage CVE-2015-4024 |
139 |
|
- fix various functions accept paths with NUL character |
140 |
|
CVE-2015-4026, #1213407 |
141 |
|
- ftp: fix integer overflow leading to heap overflow when |
142 |
|
reading FTP file listing CVE-2015-4022 |
143 |
|
- phar: fix buffer over-read in metadata parsing CVE-2015-2783 |
144 |
|
- phar: invalid pointer free() in phar_tar_process_metadata() |
145 |
|
CVE-2015-3307 |
146 |
|
- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329 |
147 |
|
- phar: fix memory corruption in phar_parse_tarfile caused by |
148 |
|
empty entry file name CVE-2015-4021 |
149 |
|
- soap: more fix type confusion through unserialize #1222538 |
150 |
|
- soap: more fix type confusion through unserialize #1204868 |
151 |
|
- core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425 |
152 |
|
- core: fix use-after-free in unserialize CVE-2015-2787 |
153 |
|
- exif: fix free on unitialized pointer CVE-2015-0232 |
154 |
|
- gd: fix buffer read overflow in gd_gif.c CVE-2014-9709 |
155 |
|
- date: fix use after free vulnerability in unserialize CVE-2015-0273 |
156 |
|
- enchant: fix heap buffer overflow in enchant_broker_request_dict |
157 |
|
CVE-2014-9705 |
158 |
|
- phar: use after free in phar_object.c CVE-2015-2301 |
159 |
|
- soap: fix type confusion through unserialize |
160 |
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 |
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 |
161 |
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 |
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 |
162 |
- core: fix integer overflow in unserialize() CVE-2014-3669 |
- core: fix integer overflow in unserialize() CVE-2014-3669 |
200 |
|
|
201 |
Web Server |
Web Server |
202 |
---------- |
---------- |
203 |
- Disable SSLv3 |
- DIsable SSLv3 |
204 |
|
- Revert CRIME mitigation patch, as it's not needed |
205 |
|
- Mitigate CVE-2012-4929 |
206 |
- Turn SSLEngine on in the SSL vhost (ProxyPassVirtualHosts) |
- Turn SSLEngine on in the SSL vhost (ProxyPassVirtualHosts) |
207 |
- Remove obsolete gpc_order setting from php.ini. |
- Remove obsolete gpc_order setting from php.ini. |
208 |
- Add an upload_tmp_folder setting by db command |
- Add an upload_tmp_folder setting by db command |
209 |
Thanks to Michael McCarn and Jean-philippe Pialasse |
- Thanks to Michael McCarn and Jean-philippe Pialasse |
210 |
|
|
211 |
Other fixes and updates |
Other fixes and updates |
212 |
----------------------- |
----------------------- |
213 |
|
- Added new createlinks function event_templates event_actions event_services |
214 |
|
- Don't claim to own /sbin and /sbin/e-smith |
215 |
|
- display variable name in the server-manager $domainName, $domainDesc $domain |
216 |
|
- Revert the upload_tmp_folder patch as it needs some more work |
217 |
|
- Add dummy NIC support as InternalInterface |
218 |
|
- Only fire the ip-change event when IP is assigned to WAN nic |
219 |
|
(Code by Charlie Brady and John Crisp) |
220 |
|
- Only reset service access when switching to or from private server mode |
221 |
|
(Code by Charlie Brady) |
222 |
- When quiting the console app with unsaved changes set the default selected |
- When quiting the console app with unsaved changes set the default selected |
223 |
answer to NO |
answer to NO |
224 |
- Added a comment to specify the real configuration file of dhcpd |
- Added a comment to specify the real configuration file of dhcpd |
285 |
- Added a check-update for the smecontribs repository |
- Added a check-update for the smecontribs repository |
286 |
- Move protected package list to the correct location |
- Move protected package list to the correct location |
287 |
|
|
|
|
|
288 |
General features |
General features |
289 |
================ |
================ |
290 |
|
- Based on CentOS 6.7 and all available updates |
|
- Based on CentOS 6.6 and all available updates |
|
|
|
|
291 |
|
|
292 |
Terry Fage |
Terry Fage |
293 |
On behalf of the SME Server development team |
On behalf of the SME Server development team |