--- cdrom.image/sme9/README.txt 2013/03/11 18:03:04 1.1 +++ cdrom.image/sme9/README.txt 2015/12/02 16:59:08 1.18 @@ -1,443 +1,324 @@ -SME Server 8.0 Release Notes -============================ +Koozali SME Server 9.1 Final Release Notes +=========================================== +04 Dec 2015 -21 May 2012 +The Koozali SME Server (SME Server) development team is pleased to announce +the release of SME Server 9.1 which is based on CentOS 6.7. -The SME Server development team is pleased to announce the release of -SME Server 8.0 which is based on CentOS 5.8 +SME9.1 incorporates only very minor changes from SME9.1rc1 + +CentOS 6.# has an EOL of 20 Nov 2020. Bug reports and reports of potential bugs should be raised in the bug tracker (and only there, please); http://bugs.contribs.org/ +Download +======== +You can download SME Server 9.1 from +http://mirror.contribs.org/smeserver/releases/9.1/ +or for other methods see http://wiki.contribs.org/SME_Server:Download + +Please note it may take up to 48 hours for mirrors to finish syncing, +during this time you may experience problems. + About SME Server ================ - SME Server is the leading Linux distribution for small and medium -enterprises. +enterprises. SME Server is brought to you by Koozali Foundation, Inc., +a non-profit corporation that exists to provide marketing and legal support +for SME Server. SME Server is freely available under the GNU General Public License and is only possible through the efforts of the SME Server community. + However, the availability and quality of SME Server is dependent on meeting our expenses, such as hosting costs, server hardware, etc. -As such, we ask for a small donation to offset costs and fund further +As such, we ask for a donation to offset costs and fund further development. + +a) If you are a school, a church, a non-profit organisation or an individual +using SME Server for private purposes, we would appreciate you to contribute +within your means toward the costs associated with hosting, maintenance and development. -Please visit http://wiki.contribs.org/Donate to donate. +b) If you are a company or an integrator and you are deploying SME Server in +the course of your work to generate revenue, we expect you to make a donation +commensurate with the level of revenue you generate and the number of servers +your have in the field. Please, help the project -Thanks -====== +Please visit http://wiki.contribs.org/Donate to donate. -The development team would like to thank all of those who have involved -themselves with this release. +Koozali Inc is happy to supply an invoice for any donations received, +simply email treasurer@koozali.org Notes ===== +In-place upgrades are not supported. It is necessary to backup and then restore. +/boot partition is always RAID 1. -1. CentOS 5 has dropped support for i586 and therefore SME Server 8 - will not work on i586 hardware. [See bugzilla:2845]. i586 hardware - means processors before and including Intel Pentium, Pentium MMX; - AMD K5, K6, K6-II, K6-III and Via C3. i686 architecture processors - are Intel Pentium Pro, Pentium II, Pentium III; AMD Athlon, - Athlon XP and later. - -2. Some notes on SME 8 including help on upgrades can be found at - http://wiki.contribs.org/SME_Server_8 - -3. Please note it may take up to 48 hours for mirrors to finish syncing, - during this time you may experience problems. - You can download SME8.0 from - http://mirror.contribs.org/smeserver/releases/8/iso/i386/ - or for other methods see http://wiki.contribs.org/SME_Server_8 - -Major changes since beta 7 -========================== -* No major changes were introduced since beta 7 +The spare handling for RAID arrays is not implemented. -Major changes in beta 7 -======================= -* Require authentication for all emails, including local. -* Optional - to use ext4 instead of ext3 for file systems - (except for /boot). At the boot prompt use "ext4" or "sme ext4". - *** ext4 is considered experimental, so use with caution *** -* Optional - LDAP authentication can be enabled. Once enabled it cannot - be disabled, so experiment with care. - To enable: db configuration setprop ldap Authentication enabled - -Major changes in beta 5 -======================= -The policy is to stick with upstream updates unless there are compelling -reasons not to. The number of customers unable to run the software they -want because of the PHP version constituted a compelling reason. - -PHP 5.2.10: is provided by the Red Hat Application Stack v2. -5.2 is needed by recent web applications such as OScommerce. +USB installs are now supported, see: +http://wiki.contribs.org/Install_From_USB#SME_Server_9 +Minimal changes have been made from SME9.1rc1 + +Major changes in this release +============================= +Added functionality to use a Dummy NIC for the internal interface. +Set the check update frequency of smecontribs through the server-manager. +Disable SSLv3. +Added Windows 10 support for SME Domain. Changes in this release ======================= +Only the changes since SME Server 9.0 are listed, mainly +autogenerated from the changelogs. -This section of this README file lists all package changes carried out -by SME-associated developers since 2009 where the most recent changes -to the package are dated after February 2010. The package changelogs -often included earlier changes and changes carried out by non-SME- -associated developers; these were removed to shorten the list. Packages -recently altered by Centos, Redhat, and Fedora-associated developers are +Packages altered by Centos, Redhat, and Fedora-associated developers are not included. Backups ------- -- Provide support for Selective Restore with modern browsers -- Remove default index.htm from Primary ibay before restore -- Allow backup reports to go to an alternate user instead of admin - for Workstation Backups -- Improve how Backup to Workstation handles full remote disks. -- Do not make backup fail when due to a modified file. -- Localise the choices for 'Select the type of share for backup - destination' in the Configure Workstation Backup panel. -- Improve the wording of the 'Backup or restore' server-manager panel. - Replace term "USB disk" with "removable disk" as this is not - restricted to only USB disks. -- Improve wording of workstation backup email regarding the set number. -- Do not modify the workstation backup location 'SmbShare' during - software update. -- Include disk usage in Workstation Backup email. -- A new database property, OpenFilesLimit, allows customisation of - open_files_limit option in my.cnf. This can allow backups to succeed - if a MySQL database has a very large number of tables. -- Restoring from a Workstation Backup showed a false failure. -- Workstation Backup emails include a To: header. -- Workstation Backup includes the system name and also indicates failure - if applicable in the subject line of the email. -- Update backup instructions in server-manager. -- The Workstation Backup panel now removes leading and trailing spaces - from the hostname. -- Fix removal of leading slash in storage location. -- The Workstation backup to USB panel no longer presents mounted disks. -- Only define Workstation Backup temporary directory once. -- Remove relocate_samba_file and all references to /etc/smbpasswd. -- Improved upgrade compatibility, remove .orig -- create mount point for verify -- remove comment re smbpasswd being last -- Fix mounting usb disks -- Don't backup more than once per day -- Fix full backup on Sunday diplayed as Everyday -- Add more excludes for compressed filetypes -- Porting Jean-Paul Leclere changes in the SME Server 7 tree to SME - Server 8: -- using credentials file for cifs mount -- workstation backup: add cifs credentials expand to - bootstrap-console-save -- workstation backup: allow many backups in the same day -- workstation restore: all needed backups must be available before - restore -- workstation verify: add option to check integrity of backups needed in - a full restore -- Fix DAR e-mail message with regards to incremental backups -- Fix discrepancy in maximum compression level -- Fix console backup from removable media -- Fix console restore from removable media (Federico Simoncelli) -- Auto-mount USB REV70-drive as usbdisk + - dar new upstream version + - dar add pkgconfig + - The mountpoint is tested before attempting the console backup + - Workstation Backup, do not fail backup for mtime/ctime mismatch + - Change the sub checkMount() to findmnt Ian Wells + - Add requires nfs-utils + - The nfs service is neither started or allowed to start + - Don't remove the apache group during restore File Server ----------- -- Gracefully handle upgrades from SerNet Samba (SME7 TO SME8 VITH YUM) -- Change separator character in general Samba configuration file. -- Changes in Samba's "Recycle VFS exclude" syntax (for ibays). -- Use samba3x package for windows 7 compatibility. -- Remove require strong key part of regedit file. -- Backup all the samba tdb files. -- Add dependency /usr/bin/tdbbackup. -- Create/remove V2 profile directories -- Enable bindinterfaces by default -- Set recyle bin permissions -- Add registry file to server-resources to allow windows 7 to join Samba - 3.x domains -- Fix warnings in template expansion -- Fix migrate fragments for samba + - The samba performance registry is now added in the win10samba.reg + - Fix samba audit parameters + Patch from Jorge Gonzalez + Replace syslog template to rsyslog so samba audits are logged in the correct + file +- The samba performance registry is now added in the win10samba.reg + Corrected typo in patch of bad character '“', relative to roaming profile + e-smith-samba-2.4.0.bz9038.W10_registry.patch + Roaming profiles follow Windows version (.V2,.V3,.V4,.V5) + added W10 support to SME Domain + e-smith-samba-2.4.0.bz9038.W10_registry.patch + - Added e-smith-samba-2.4.0.bz9048.RoamingProfileForW8.patch + Modified the registry file for roaming profile with W8 + Roaming profiles follow Windows version (.V2,.V3,.V4,.V5) + - Add dependency on perl(Crypt::Cracklib), needed for ftpasswd --use-cracklib + Add -utils subpackage for support tools (#1258440), using a sub-package to + ensure that the main package does not require perl + Update ftpasswd to version from proftpd 1.3.5a for additional functionality + (SHA passwords, locking and unlocking of accounts) + -LDAP (Optional in SME 8, and considered experimental) +LDAP ---- -- Create samba account during event for machine -- Keep uid/gid for computer accounts in synch for Unix/Samba/LDAP -- Fixed syntax error in create-machine-account -- Fix samba-group-mapping for users without group membership -- Fix cpu critical patch missing ' -- LDAP admin password needs to be loaded in secrets.tdb -- Change authentication from passwd/shadow files to the pam database -- Turba searches on LDAP address book fixed -- Properly handle account with accents in first- or lastname with - regards to LDAP -- Fix create user gid parameter -- Path for gpasswd command fixed in "init-accounts" script -- All ibay account commands as system accounts in LDAP -- Create ibay accounts as system accounts in LDAP -- Use cpu commands to manage Ibays accounts if ldap is master -- Make cpu calls critical only with ldap{Auth} is enabled -- Check slapd.conf syntax before trying to dump the database -- Simplify ldap-update call by calling ldif-fix -- Change script order: ldap-update should be called after - domain-group-maps -- LDAP ou field is taken from Dept not Department -- LDAP changes: Add rfc2739.schema back in and include in config -- Use ldapmodify to load ldif, add -a if no changetype -- Remove bogus junk attribute from ldif templates -- Change startup order for ldap -- ldap should store locked passwords for expired passwords -- Add ldap as an auth type to radius -- Radius should use LDAP backend (if LDAP auth is enabled) -- Fix ldap-create errors when adding empty groups. -- The LDAP information for admin was not being updated. -- Don't try to save ibay password to LDAP. -- Fix admin user password change (Daniel B.) -- Init database if the ldif dump is empty (ie from sme8b) -- revert re-init database -- re-init readonly database on post-upgrade -- Force SSL/TLS for remote authentication -- reuse users_groups_ous.patch2 -- Separate groups and users with mailboxRelatedObject -- Set readonly access -- Fix ldap-update action script to user-lock event -- Add Groups entries -- Add admin user as a standard user -- Add ldap-update action script to user-lock event -- Add ldap authentication and tls support -- Update schema for newer openldap and remove calFBurl -- Convert ldif dump -- Create bdb log directory -- Change ldap backend to bdb, and fix initialisation problem + - Remove size limit for search result + - Make pdbedit output independent from locale and timezone so it can be + parsed + - Symlink /etc/init.d/ldap to /usr/bin/sv + - Chown all DB files to ldap before staring slapd + - Set checkpoint in slapd.conf instead of DB_CONFIG + - Stop ldap on shutdown (rc0 and rc6) + - Don't overwrite the ldif dump if slapcat's output is empty + (code from Charlie Brady) + - Run db_recover on startup + - Don't wipe LDAP DB when the ldif dump is empty Localisation ------------ -- Other fixes include updated translations for the existing languages. -- Add Chinese (Taiwan) language (zh_TW). -- Add Hebrew language (he). -- Fix translation of local nic string in console. -- Add Thai language -- Add Polish language -- Add Romanian language -- Add Estonian language + - apply locale smeserver-locale-2.4.0-locale-2015-07-12.patch + - apply locale smeserver-locale-2.4.0-locale-2015-07-01.patch + - apply locale 2015-03-14 patch from pootle + - apply locale 2014-12-25 patch from pootle Mail Server ----------- -- Provide option to force the smtp proxy not to use CRAM-MD5 - config setprop smtp-auth-proxy PeerPort - config setprop smtp-auth-proxy MD5Patch enabled -- Fix mail to domain pseudonyms pointing to group with dot in name -- Fix Mail Log File Analysis reports -- Set SO_KEEPALIVE option on client socket to detect dead connections -- Add template fragment for pyzor timeout -- Remove spamd restart from bootstrap-console-save event -- Require SMTP authentication by default when sending to an external - address. -- Fix TLS security defaults, TLS Ciphers for qpsmtpd can be configured. -- Change enabled to transparent for mail proxy. -- Enable authentication for smtp traffic and migrate if necessary. -- Fix pseudonym modification for "local network only" accounts. -- Add smtp auth into web interface, not just when enabled. -- Fix require_resolvable_fromhost doesn't work -- Fix qpsmtpd plugin fatal errors when incoming mail message has no - headers. -- Serialize configure_peers to prevent errors. -- Fix SMTP proxy wording in server-manager. -- Fix SMTP auth wording in server-manager. -- New feature: Allow for individual configuration for the number of - mail logfiles. -- Disable by default the SMTP transparent proxy, however upgrades from - sme7 will retain old default behavior where SMTP connections will be - transparently proxied. -- Implement a database key (TlsBeforeAuth) to allow SMTP - Authentication without TLS. The default remains to require TLS before - Auth (introduced in SME 8Beta5). -- Update qpsmtpd to 0.84 -- Config setting to enable SMTP to ISP Authentication Debug now uses - enabled/disabled for clarity. -- Fix HeloHost patch. -- Remove cron.daily jobs that are no longer needed. -- Update email addresses on domain change. -- Work around how qpsmtpd tags spam email. -- Use HeloHost (if present) in smtp-auth-proxy.pl -- Allow for changing SPAM subject tag through server-manager -- Move creation of chrooted dev/urandom to spec-file -- Create chroot dev/urandom for stunnel to use -- Updated spec file to require php-pear(HTTP_Request) -- SMTPSmartHost template incorrectly uses brackets to avoid MX lookups -- smtproutes template incorrectly uses brackets to avoid MX lookups -- Remove qmail-workaround and obsolete it after patch to treat 0.0.0.0 - as a local ip -- Remove spool and log dir from package (in smeserver-qpsmtpd) -- Don't create smtpd user (unused in sme) -- Apply qpsmtpd git changesets to implement custom SPAM subject prefix -- Update pre requires so scripts don't fail on install -- Rebase bad_rcptto patch to remove orig file -- Change logging in tls init to prevent warnings -- Only run/initialize plugins once -- Change spool dir permissions and owner to qpsmtpd:clamav -- Change log dir permissions and owner to smelog:smelog -- don't add qpsmtpd to start-up by default -- add apache config file to qpsmtpd-apache package -- use rpm macros for dirs -- use a filelist for main package instead of a long list of files -- Setup logrotate for /var/log/clamd/clamscan.log -- Remove create option from logrotate configuration -- Setup logrotate for /var/log/clamd/smeserver-clamscan.log -- Fix permissions on freshclam.conf file -- Add HeuristicScanPrecedence option, default to yes -- Obsolete e-smith-antivirus -- Enable qpsmtpd RequireResolvableFromHost plugin by default, remove - database entry and the database default value -- Tie template fragment into event system to have it expanded -- Add qpsmtpd template fragment for custom SPAM subject prefix -- Remove FuzzyOcr -- Run sa-update every two hours and check restart every hour -- Redirect cron job output to logfile to avoid mail noise -- Fix invalid service name in sa-update + - ClamAV Updated to release 0.98.7 + - Remove the patch e-smith-email-5.4.0-UEsDBBQDAAAIA-new-signature.patch + - Add new zip file signatures to default mailpatterns database : UEsDBBQDAAAIA + - Add new zip file signatures to default mailpatterns database : ZIPVOSX & ZIPV3 + - Disable fips mode on stunnel + - Use stunnel instead of sslio to support TLS + - Revert forcing TLSv1 patch as it breaks some inbound delivery + - Revert whitelist_soft dnsbl as it hasn't been verified yet and we need to + push the fix for TLSv1 + - Modify whitelist_soft transaction to interact with dnsbl filter + by John Crisp + - Force usage of TLSv1 + - Increase MemLimit to 700M for clamav-0.98 + - Allow custom passdb args + - allow IP relayclient stored by DB + Code from Stefano ZAmboni + & Charlie Brady + - allow IP relayclient stored by DB + Code from Stefano ZAmboni Server manager -------------- -- Enhance IP address syntax checking in remote access panel. -- Improve the HTML formatting of the modify quota panel. -- Remove empty

tag from footer template. -- Only display error messages intended for admin in server-manager -- Fix css validation errors. -- display reconfigure warning once if UnsavedChanges=yes -- Fix unitialized value errors in HTML.pm - -Webmail and Groupware ---------------------- -- Update to Horde 3.3.11, imp 4.3.9, Ingo 1.2.5 & Turba 2.3.5 -- Add option to verify from address in webmail if setting up additional - identities. -- Add the ability to have a local LDAP Group Address book. -- Templated attributes.php to add ability to have multiple email - values for a contact. Separate entries with a comma and a space. -- Update to freebusy info in sources.php -- Update to remove turbaContact info that SME is not using. -- Change horde's templated mime_drivers.php file so some additional - settings can be customized -- Make sure username is always saved in lowercase to horde db's -- Updated spec file to remove requires and obsoletes of - php-pear-HTTP-Request information moved to e-smith-imp for both sme7 - and sme8 -- Update to Spec file to obsolete smeserver-trean < 0.1-8 -- Patch to conf.php template to set a blank cookie domain so that FQDN - and non-FQDN access to webmail will work. -- Remove klutz template from registry.php -- Template imp's mime_drivers.php file so some settings can be - customized + - fix gzfile accept paths with NUL character #1213407 + - fix patch for CVE-2015-4024 + - fix more functions accept paths with NUL character #1213407 + - soap: missing fix for #1222538 and #1204868 + - core: fix multipart/form-data request can use excessive + amount of CPU usage CVE-2015-4024 + - fix various functions accept paths with NUL character + CVE-2015-4026, #1213407 + - ftp: fix integer overflow leading to heap overflow when + reading FTP file listing CVE-2015-4022 + - phar: fix buffer over-read in metadata parsing CVE-2015-2783 + - phar: invalid pointer free() in phar_tar_process_metadata() + CVE-2015-3307 + - phar: fix buffer overflow in phar_set_inode() CVE-2015-3329 + - phar: fix memory corruption in phar_parse_tarfile caused by + empty entry file name CVE-2015-4021 + - soap: more fix type confusion through unserialize #1222538 + - soap: more fix type confusion through unserialize #1204868 + - core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425 + - core: fix use-after-free in unserialize CVE-2015-2787 + - exif: fix free on unitialized pointer CVE-2015-0232 + - gd: fix buffer read overflow in gd_gif.c CVE-2014-9709 + - date: fix use after free vulnerability in unserialize CVE-2015-0273 + - enchant: fix heap buffer overflow in enchant_broker_request_dict + CVE-2014-9705 + - phar: use after free in phar_object.c CVE-2015-2301 + - soap: fix type confusion through unserialize + - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 + - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 + - core: fix integer overflow in unserialize() CVE-2014-3669 + - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670 + - spl: fix use-after-free in ArrayIterator due to object + change during sorting. CVE-2014-4698 + - spl: fix use-after-free in SPL Iterators. CVE-2014-4670 + - gd: fix NULL pointer dereference in gdImageCreateFromXpm. + CVE-2014-2497 + - fileinfo: fix incomplete fix for CVE-2012-1571 in + cdf_read_property_info. CVE-2014-3587 + - core: fix incomplete fix for CVE-2014-4049 DNS TXT + record parsing. CVE-2014-3597 + - core: type confusion issue in phpinfo(). CVE-2014-4721 + - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 + - core: fix heap-based buffer overflow in DNS TXT record parsing. + CVE-2014-4049 + - core: unserialize() SPL ArrayObject / SPLObjectStorage type + confusion flaw. CVE-2014-3515 + - fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270 + - fileinfo: unrestricted recursion in handling of indirect type + rules. CVE-2014-1943 + - fileinfo: out of bounds read in CDF parser. CVE-2012-1571 + - fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479 + - fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480 + - fileinfo: cdf_unpack_summary_info() excessive looping + DoS. CVE-2014-0237 + - fileinfo: CDF property info parsing nelements infinite + loop. CVE-2014-0238 + - add php_get_module_initialized internal function (#1053301) + - soap: fixRFC2616 transgression (#1045019) + - fix static calling in non-static method (#953786) + - fix autoload called from closing session (#954027) + - drop unneeded part of CVE-2006-724.patch and fileinfo.patch + extension not provided or git binary patches (#1064027) + - odbc: fix incompatible pointer type (#1053982) + - mysqli: fix possible segfault in mysqli_stmt::bind_result + php bug 66762 (#1069167) + - mysql: fix php_mysql_fetch_hash writes long value into int + php bug 52636 (#1054953) Web Server ---------- -- Enable automatic redirection for /server-resources -- Disable SSLv2 by default. -- make user 'apache' an alias for user 'www'. -- Default expose_php in php.ini to Off. -- Add option to disable SSLv2 -- Add OpenOffice2 MIME Types -- Add OpenOffice MIME Types -- Add XML MIME Type -- Add Microsoft Office 2007 MIME types + - DIsable SSLv3 + - Revert CRIME mitigation patch, as it's not needed + - Mitigate CVE-2012-4929 + - Turn SSLEngine on in the SSL vhost (ProxyPassVirtualHosts) + - Remove obsolete gpc_order setting from php.ini. + - Add an upload_tmp_folder setting by db command + - Thanks to Michael McCarn and Jean-philippe Pialasse Other fixes and updates ----------------------- -- Add MAC address into console network selection -- Fix non-translated locale in ibays panel -- Improve error message for quota -- Obsolete smeserver-php5-cgi & php-mcrypt -- Initialize ExternalInterface db structure so hwaddr in console works. -- Option to select ext4 instead of ext3 for filesystems at boot prompt. -- Enable quotas on ext4 filesystems as well. -- Only allow backup to (removable) storage media that are not read only. -- Improve error handling when trying to install without NIC. -- Only remove dangling symlinks in weak-updates directories. -- Fix template-expansion for dhclient.conf. -- Improve validation (error) message for remote access setup. -- Change text in hostname and addresses panel for remote host (add - FQDN). -- Fix hostname editing for comments with double speechmarks -- Trap croak inside Net::IPv4Addr::ipv4_in_network to allow a FQDN to be - inserted in hostnames and addresses panel in lieu of an IP address. -- Add validator back for ip or cname entry. -- Correctly strip numbers from sql scripts -- Enable speedier time synchronisation for suspended VMs, this can be - configured by a new db key for ntpd, SupportLargeDrift. -- Set the TimeZone property earlier, so templates can rely on it. -- Obsolete KeepAlive and replace by ClientAliveInterval and - ClientAliveCountMax to prevent SSH sessions from being timed out by - network inactivity. -- New feature: Default Cipher to blowfish for ssh configuration. -- Add directive "PersistentPasswd off" to proftpd configuration. -- Quota panel should allow non-integers but only accept uppercase units. -- Obsolete magic_quotes_gpc settings. -- Set default timezone for php version 5.3.3. -- Handle no network interface scenario in console. -- Do not allow pool.ntp.org as NTP server. -- Prepare for obsoletion of magic_quotes* when we supply PHP 5.3.0+ -- Fix missing space causing errors parsing the iptables rules. -- Migrate MirrorList properties to sme8 repos. -- Remove BaseURL properties if migrating to sme8 repos. -- Remove yum databases and repodata if migrating to sme8 repos. -- Enable cpuspeed by default. -- Fix scriplet error in e-smith-service script when service is disabled. -- Allow use of CNAME in remote hosts. -- Add Obsoletes for php5-cgi-{imap,ldap,mysql,pear,xmlrpc}. -- Restate smartd dependency. -- Fix gettext errors in WAN/LAN subnet error message -- Improve security by using SHA1 algorithm for certificate signing -- Fix eth? swapping -- Bump certificate encryption from 1024 bits to 2048 bits -- Add a dummy call so xgettext can pull translated $ifName in console - configuration pages. -- Translate $ifName in console configuration pages -- Prevent IP conflicts between local and external interface in server - gateway mode -- Clean up: remove unused nonetworkdrivers -- Clean up stray symlinks in /lib/modules before depmod -- Allow for different mdadm output formats for DeviceSize -- Add compiled python files to the packaged files list -- Update path for 64-bit compatibility -- Remove hiddenmenu entry from grub.conf -- adds the hwaddr parameter to probeAdapters() -- Update path for 64-bit compatibility -- Add patch (Federico Simoncelli) to prevent re-use of uids -- Fix log-error detection algorithm -- Fix another instance of ups model for new version of nut -- Template sshd login grace time, kept default at 600s -- Enable port forwards to localhost if mode is serveronly -- Adjust xml entry in locale -- Add option to limit port forwards from source ip -- Remove unnecessary Mount Proc line -- Fix owner/perms for radius files -- Fix typo in /sbin/service patch (Federico Simoncelli) -- Exit with zero exit status for services not listed in configuration - database to avoid failures in post scriptlets -- Merge in SME Server /sbin/e-smith/service wrapper so that only - initscripts which exist in run-level 7 can be run. This ensures that - the supervised service is run, if one exists, and protects against - running "service httpd restart" -- Add requires on e-smith-lib so www user is created first -- Fix regular expression to actually replace the colon with a dot -- Remove the leading path for yum in newrpms -- only unlink file if we created it -- Import only keys not already imported -- set unsaved changes in yum event -- move yum warming to sme yum plugin -- ensure file exists before unlinking -- remove semicolons from yum plugin -- Add frequency of updates toggle -- Add /etc/yum.smerepos.d to package -- Change SME mirrorlists to point to ibiblio -- Require mailx -- Add yum-protect-packages support to prevent removal of needed pacakges + - Update /etc/mime.types templates + - Use sha256 algorithm for signature of SSL cert. + - Added new createlinks function event_templates event_actions event_services + - Don't claim to own /sbin and /sbin/e-smith + - display variable name in the server-manager $domainName, $domainDesc $domain + - Revert the upload_tmp_folder patch as it needs some more work + - Add dummy NIC support as InternalInterface + - Only fire the ip-change event when IP is assigned to WAN nic + (Code by Charlie Brady and John Crisp) + - Only reset service access when switching to or from private server mode + (Code by Charlie Brady) + - When quiting the console app with unsaved changes set the default selected + answer to NO + - Added a comment to specify the real configuration file of dhcpd + - Modified the patch of daniel e-smith-base-5.6.0-ensure_apache_alias_www.patch + - Ensure www group exists and that apache is an alias of www + - Check where running runlevel 4, not 7 in service wrapper + - Correctly update NIC configuration on single NIC systems + - Symlink udev-post service in rc7 + - Fix PPPoE after a post-upgrade + - Remove dependency on microcode_ctl + - Prevent emailing about the normal, weekly, checks of RAID arrays, by Mark Casey + - Don't claim to own /sbin and /sbin/e-smith + - Add an upload_tmp_folder setting by db command + Thanks to Michael McCarn and Jean-philippe Pialasse + - the folder /tmp is created by the event init-ibays + - the event ibay-modify create/chown/chmod the folder /tmp + - Add an upload_tmp_folder setting by db command + Thanks to Michael McCarn and Jean-philippe Pialasse + - Force SSL following ibays settings to the relevant domain + - Perl::critic syntax modifications + - Add more PHP options to ibays only by db commands + - Add SSLRequireSSL to ibays when SSL is set to enabled + - Allow the admin upsd in /etc/hosts.allow + - Creation Admin Privilege for use of upscmd & upsrw + - Remove obsolete directives {allowfrom} + - Access property created (default value is 'localhost') + - Remove obsolete directives {ACL,ACCEPT,REJECT} and switch to LISTEN + in /etc/ups/upsd.conf + - Allow NUT in /etc/hosts.allow and in /etc/services + Code change from Daniel B. + - Revert the patch e-smith-tinydns-2.4.0_add_hostname_following_dhcpdleases_hostname.patch + - Duplicate hostnames with different IP are not used, a warn in log is printed + - The server hostname can not be used by a dhcp client, a warning in log is printed + - Changed the name of /tmp/dhcpd.leases to /tmp/tmpdhcpd.leases + when the dhcpd lease is modified + - Do template-expand of /var/service/tinydns/root/data + - Do sigus1 of dhcp-dns & dnscache + - Forked DHCPparse for parsing the end of lease and remove old entry of dnscache + - Require perl-Text-DHCPparse removed + - Timestamp added in tinydns, the entry in dnscache is cleared when the lease is over + - Add new feature 'Parse dhcpd.leases and feed to tinydns' + - e-smith-tinydns-2.4.0_add_hostname_following_dhcpdleases_hostname.patch + made from the solution of Stefano Zamboni + - Make slapd service an alias for ldap + - Switched to sysvinit from systemd (it's rhel-6) + - Fixed license tag Related: rhbz#632853 + - pptpd New version + - Dropped pppd-unbundle patch (upstreamed) + - Various fixes according to Fedora review Related: rhbz#632853 + - Modified for Fedora Resolves: rhbz#632853 + - Update to upstream version 2.3.4, which fixes CVE-2012-3478 and CVE-2012-2252 + - Updated rsync-protocol.patch to fix CVE-2012-2251, and to apply on top of the + CVE-2012-3478 and CVE-2012-2252 fixes. + - Updated makefile.patch to preserve RPM CFLAGS. + - Added command-line-error.patch (from Debian), correcting error message + generated when insecure command line option is used (CVE-2012-3478 fix + regression). + - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + - Add patch for rsync3 compat (#485946) + - Update runit to 2.1.2 + - Remove now uneeded obsolete directives + - Remove openssl from the Exclude list of centos repo + - Add a default Yum db property for check4contribsupdates + - Added a check-update for the smecontribs repository + - Move protected package list to the correct location General features ================ +- Based on CentOS 6.7 and all available updates -- Based on CentOS 5.8 and all available updates - -$Id: README.txt,v 1.15 2012/05/22 07:46:08 wellsi Exp $ - - - +Terry Fage +On behalf of the SME Server development team