--- cdrom.image/sme9/README.txt 2015/06/25 14:30:43 1.15 +++ cdrom.image/sme9/README.txt 2015/12/02 16:59:08 1.18 @@ -1,12 +1,13 @@ -Koozali SME Server 9.1 Beta 2 Release Announcement - -Koozali SME Server 9.1 Beta 2 Release Notes +Koozali SME Server 9.1 Final Release Notes =========================================== - -25th June 2015 +04 Dec 2015 The Koozali SME Server (SME Server) development team is pleased to announce -the release of SME Server 9.1 Beta 2 which is based on CentOS 6.6. +the release of SME Server 9.1 which is based on CentOS 6.7. + +SME9.1 incorporates only very minor changes from SME9.1rc1 + +CentOS 6.# has an EOL of 20 Nov 2020. Bug reports and reports of potential bugs should be raised in the bug tracker (and only there, please); @@ -15,18 +16,15 @@ tracker (and only there, please); Download ======== - -You can download SME Server 9.1 Beta 2 from -http://mirror.contribs.org/smeserver/releases/testing/9.1.beta2/ +You can download SME Server 9.1 from +http://mirror.contribs.org/smeserver/releases/9.1/ or for other methods see http://wiki.contribs.org/SME_Server:Download Please note it may take up to 48 hours for mirrors to finish syncing, during this time you may experience problems. - About SME Server ================ - SME Server is the leading Linux distribution for small and medium enterprises. SME Server is brought to you by Koozali Foundation, Inc., a non-profit corporation that exists to provide marketing and legal support @@ -34,6 +32,7 @@ for SME Server. SME Server is freely available under the GNU General Public License and is only possible through the efforts of the SME Server community. + However, the availability and quality of SME Server is dependent on meeting our expenses, such as hosting costs, server hardware, etc. @@ -54,38 +53,66 @@ Please visit http://wiki.contribs.org/Do Koozali Inc is happy to supply an invoice for any donations received, simply email treasurer@koozali.org - Notes ===== - In-place upgrades are not supported. It is necessary to backup and then restore. -/boot partition is always RAID 1. +/boot partition is always RAID 1. + The spare handling for RAID arrays is not implemented. USB installs are now supported, see: http://wiki.contribs.org/Install_From_USB#SME_Server_9 +Minimal changes have been made from SME9.1rc1 + +Major changes in this release +============================= +Added functionality to use a Dummy NIC for the internal interface. +Set the check update frequency of smecontribs through the server-manager. +Disable SSLv3. +Added Windows 10 support for SME Domain. Changes in this release ======================= - Only the changes since SME Server 9.0 are listed, mainly autogenerated from the changelogs. Packages altered by Centos, Redhat, and Fedora-associated developers are not included. - Backups ------- - dar new upstream version - dar add pkgconfig + - The mountpoint is tested before attempting the console backup - Workstation Backup, do not fail backup for mtime/ctime mismatch - Change the sub checkMount() to findmnt Ian Wells - Add requires nfs-utils - The nfs service is neither started or allowed to start - Don't remove the apache group during restore +File Server +----------- + - The samba performance registry is now added in the win10samba.reg + - Fix samba audit parameters + Patch from Jorge Gonzalez + Replace syslog template to rsyslog so samba audits are logged in the correct + file +- The samba performance registry is now added in the win10samba.reg + Corrected typo in patch of bad character '“', relative to roaming profile + e-smith-samba-2.4.0.bz9038.W10_registry.patch + Roaming profiles follow Windows version (.V2,.V3,.V4,.V5) + added W10 support to SME Domain + e-smith-samba-2.4.0.bz9038.W10_registry.patch + - Added e-smith-samba-2.4.0.bz9048.RoamingProfileForW8.patch + Modified the registry file for roaming profile with W8 + Roaming profiles follow Windows version (.V2,.V3,.V4,.V5) + - Add dependency on perl(Crypt::Cracklib), needed for ftpasswd --use-cracklib + Add -utils subpackage for support tools (#1258440), using a sub-package to + ensure that the main package does not require perl + Update ftpasswd to version from proftpd 1.3.5a for additional functionality + (SHA passwords, locking and unlocking of accounts) + LDAP ---- @@ -103,6 +130,8 @@ LDAP Localisation ------------ + - apply locale smeserver-locale-2.4.0-locale-2015-07-12.patch + - apply locale smeserver-locale-2.4.0-locale-2015-07-01.patch - apply locale 2015-03-14 patch from pootle - apply locale 2014-12-25 patch from pootle @@ -130,6 +159,33 @@ Mail Server Server manager -------------- + - fix gzfile accept paths with NUL character #1213407 + - fix patch for CVE-2015-4024 + - fix more functions accept paths with NUL character #1213407 + - soap: missing fix for #1222538 and #1204868 + - core: fix multipart/form-data request can use excessive + amount of CPU usage CVE-2015-4024 + - fix various functions accept paths with NUL character + CVE-2015-4026, #1213407 + - ftp: fix integer overflow leading to heap overflow when + reading FTP file listing CVE-2015-4022 + - phar: fix buffer over-read in metadata parsing CVE-2015-2783 + - phar: invalid pointer free() in phar_tar_process_metadata() + CVE-2015-3307 + - phar: fix buffer overflow in phar_set_inode() CVE-2015-3329 + - phar: fix memory corruption in phar_parse_tarfile caused by + empty entry file name CVE-2015-4021 + - soap: more fix type confusion through unserialize #1222538 + - soap: more fix type confusion through unserialize #1204868 + - core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425 + - core: fix use-after-free in unserialize CVE-2015-2787 + - exif: fix free on unitialized pointer CVE-2015-0232 + - gd: fix buffer read overflow in gd_gif.c CVE-2014-9709 + - date: fix use after free vulnerability in unserialize CVE-2015-0273 + - enchant: fix heap buffer overflow in enchant_broker_request_dict + CVE-2014-9705 + - phar: use after free in phar_object.c CVE-2015-2301 + - soap: fix type confusion through unserialize - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 - core: fix integer overflow in unserialize() CVE-2014-3669 @@ -183,11 +239,17 @@ Web Server Other fixes and updates ----------------------- + - Update /etc/mime.types templates + - Use sha256 algorithm for signature of SSL cert. + - Added new createlinks function event_templates event_actions event_services + - Don't claim to own /sbin and /sbin/e-smith + - display variable name in the server-manager $domainName, $domainDesc $domain + - Revert the upload_tmp_folder patch as it needs some more work - Add dummy NIC support as InternalInterface - Only fire the ip-change event when IP is assigned to WAN nic - (Code by Charlie Brady and John Crisp) + (Code by Charlie Brady and John Crisp) - Only reset service access when switching to or from private server mode - (Code by Charlie Brady) + (Code by Charlie Brady) - When quiting the console app with unsaved changes set the default selected answer to NO - Added a comment to specify the real configuration file of dhcpd @@ -254,12 +316,9 @@ Other fixes and updates - Added a check-update for the smecontribs repository - Move protected package list to the correct location - General features ================ - -- Based on CentOS 6.6 and all available updates - +- Based on CentOS 6.7 and all available updates Terry Fage On behalf of the SME Server development team