| 1 |
Koozali SME Server 9.2 Final Release Notes |
Koozali SME Server 9.2 RC2 Release Notes |
| 2 |
=========================================== |
=========================================== |
| 3 |
|
|
| 4 |
31 March 2017 |
10 April 2017 |
| 5 |
|
|
| 6 |
The Koozali SME Server (SME Server) development team is pleased to announce |
The Koozali SME Server (SME Server) development team is pleased to announce |
| 7 |
the release of SME Server 9.2 Final which is based on CentOS 6.8 |
the release of SME Server 9.2 RC2 which is based on CentOS 6.9 |
| 8 |
|
|
| 9 |
Bug reports and reports of potential bugs should be raised in the bug |
Bug reports and reports of potential bugs should be raised in the bug |
| 10 |
tracker (and only there, please); |
tracker (and only there, please); |
| 14 |
Download |
Download |
| 15 |
======== |
======== |
| 16 |
|
|
| 17 |
You can download Koozali SME Server 9.2 Final from |
You can download Koozali SME Server 9.2 RC2 from |
| 18 |
http://mirror.contribs.org/smeserver/releases/9.2/ |
http://mirror.contribs.org/smeserver/releases/testing/9.2.RC2/ |
| 19 |
or for other methods see http://wiki.contribs.org/SME_Server:Download |
or for other methods see http://wiki.contribs.org/SME_Server:Download |
| 20 |
|
|
| 21 |
Please note it may take up to 48 hours for mirrors to finish syncing, |
Please note it may take up to 48 hours for mirrors to finish syncing, |
| 87 |
- Create V6 profile dir (for Win10 roaming profiles) [SME: 9772] |
- Create V6 profile dir (for Win10 roaming profiles) [SME: 9772] |
| 88 |
proftpd |
proftpd |
| 89 |
- Additional tweak (to avoid null pointer dereference) for upstream bug 3868 |
- Additional tweak (to avoid null pointer dereference) for upstream bug 3868 |
| 90 |
- Fix for CVE-2016-3125: usage of 1024 bit DH key even with manual parameters |
- Fix for CVE-2016-3125: usage of 1024 bit DH key even with manual parameters see (http://bugs.proftpd.org/show_bug.cgi?id=4230) |
| 91 |
see (http://bugs.proftpd.org/show_bug.cgi?id=4230) |
- Also fixed related issue where only first DH param in TLSDHParamFile is used, regardless of requested keylength (http://bugs.proftpd.org/show_bug.cgi?id=3868) |
| 92 |
- Also fixed related issue where only first DH param in TLSDHParamFile is used, |
- Fix SUID/SGID directory permission setting regression introduced with fix for CVE-2012-6095 (#1297264) |
|
regardless of requested keylength (http://bugs.proftpd.org/show_bug.cgi?id=3868) |
|
|
- Fix SUID/SGID directory permission setting regression introduced with fix |
|
|
for CVE-2012-6095 (#1297264) |
|
| 93 |
- Add support for specifying TLSv1.1 and TLSv1.2 (#1281493) |
- Add support for specifying TLSv1.1 and TLSv1.2 (#1281493) |
| 94 |
|
|
| 95 |
LDAP |
LDAP |
| 103 |
|
|
| 104 |
smeserver-locale |
smeserver-locale |
| 105 |
- apply locale 2017-03-03 patch from pootle [SME: 9592] |
- apply locale 2017-03-03 patch from pootle [SME: 9592] |
| 106 |
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, |
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, by assuming the date is correct and changing the weekday. |
|
by assuming the date is correct and changing the weekday. |
|
| 107 |
|
|
| 108 |
Mail Server |
Mail Server |
| 109 |
|
|
| 112 |
- Add pcre-devel to BuildRequires [SME: 9151] |
- Add pcre-devel to BuildRequires [SME: 9151] |
| 113 |
e-smith-pop3 |
e-smith-pop3 |
| 114 |
- Hook into a new ssl-update event [SME: 9152] |
- Hook into a new ssl-update event [SME: 9152] |
| 115 |
- Allow setting SSL protocols from DB (and set TLSv1 back to enabled |
- Allow setting SSL protocols from DB (and set TLSv1 back to enabled on a default install) [SME: 9175] |
|
on a default install) [SME: 9175] |
|
| 116 |
- Disable TLSv1 [SME: 9169] |
- Disable TLSv1 [SME: 9169] |
| 117 |
e-smith-qmail |
e-smith-qmail |
| 118 |
- Add possibility to exclude users or members of other groups from group |
- Add possibility to exclude users or members of other groups from group email address [SME: 9540] |
|
email address [SME: 9540] |
|
| 119 |
qmail |
qmail |
| 120 |
- Consider literal <> as null sender [SME: 9883] |
- Consider literal <> as null sender [SME: 9883] |
| 121 |
qpsmtpd |
qpsmtpd |
| 122 |
- Removed Message-Id validation, as it rejects MS account validation email [SME: 9773] |
- Removed Message-Id validation, as it rejects MS account validation email [SME: 9773] |
| 123 |
- fix whitelist plugin to support helo with naughty rejecting at mail stage [SME: 10111] |
- fix whitelist plugin to support helo with naughty rejecting at mail stage [SME: 10111] |
| 124 |
- Validate domains found in uribl with Data::Validate::Domain [SME: 9499] |
- Validate domains found in uribl with Data::Validate::Domain [SME: 9499] |
| 125 |
- Use eval to fetch dkim policies, prevent fatal errors in case of DNS |
- Use eval to fetch dkim policies, prevent fatal errors in case of DNS timeout [SME: 9504] |
|
timeout [SME: 9504] |
|
| 126 |
- Remove karma rcpt handling (buggy and doesn't make a lot of sense) [SME: 9502] |
- Remove karma rcpt handling (buggy and doesn't make a lot of sense) [SME: 9502] |
| 127 |
- Check rua is defined before trying to parse it to prevent an errorif a domain has a DMARC |
- Check rua is defined before trying to parse it to prevent an errorif a domain has a DMARC entry published with no rua [SME: 9507] |
|
entry published with no rua [SME: 9507] |
|
| 128 |
- Fix error when RCPT TO is not valid [SME: 8861] |
- Fix error when RCPT TO is not valid [SME: 8861] |
| 129 |
- Fix karma logic by checking negative strikes [SME: 9502] |
- Fix karma logic by checking negative strikes [SME: 9502] |
| 130 |
- Backport a fix for karma_tool so it can find its database [SME: 9502] |
- Backport a fix for karma_tool so it can find its database [SME: 9502] |
| 131 |
- Update to 0.96 (with some backports from GIT head) [SME: 8861] |
- Update to 0.96 (with some backports from GIT head) [SME: 8861] |
| 132 |
- Allow reading SSL_version from the tls_protocols config file (and turn TLSv1 back on by default) |
- Allow reading SSL_version from the tls_protocols config file (and turn TLSv1 back on by default) [SME: 9162] |
|
[SME: 9162] |
|
| 133 |
- Correctly log login attempts with nulls in login name [SME: 9167] |
- Correctly log login attempts with nulls in login name [SME: 9167] |
| 134 |
- Disable TLSv1 [SME: 9162] |
- Disable TLSv1 [SME: 9162] |
| 135 |
qpsmtpd-plugins |
qpsmtpd-plugins |
| 139 |
smeserver-dovecot |
smeserver-dovecot |
| 140 |
- Better default cipher suite, and honor global suite [SME: 10114] |
- Better default cipher suite, and honor global suite [SME: 10114] |
| 141 |
- Hook into the new ssl-update event [SME: 9152] |
- Hook into the new ssl-update event [SME: 9152] |
| 142 |
- Allow settings SSL protocols from DB (and set TLSv1 back to enabled on a default install) |
- Allow settings SSL protocols from DB (and set TLSv1 back to enabled on a default install) [SME: 9175] |
|
[SME: 9175] |
|
| 143 |
- Disable TLSv1 [SME: 9175] |
- Disable TLSv1 [SME: 9175] |
| 144 |
smeserver-qpsmtpd |
smeserver-qpsmtpd |
| 145 |
- updated regex for SBList in smeserver-qpsmtpd-2.4.0-change_rbl_sbl_list_separator.patch to take into |
- updated regex for SBList in smeserver-qpsmtpd-2.4.0-change_rbl_sbl_list_separator.patch to take into account list using a subdomain [SME: 10116] |
| 146 |
account list using a subdomain [SME: 10116] |
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, by assuming the date is correct and changing the weekday. |
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, by assuming the date is correct |
|
|
and changing the weekday. |
|
|
Thu May 11 2005 --> Thu May 05 2005 or Wed May 11 2005 or Thu May 12 2005 or .... |
|
|
Sun Sep 25 2010 --> Sun Sep 19 2010 or Sat Sep 25 2010 or Sun Sep 26 2010 or .... |
|
| 147 |
- Set the default helo policy to lenient [SME: 9767] |
- Set the default helo policy to lenient [SME: 9767] |
| 148 |
- Turn SPF and DMARC rejects off by default [SME: 9654] |
- Turn SPF and DMARC rejects off by default [SME: 9654] |
| 149 |
- Fix disabling DMARC reporting [SME: 9507] |
- Fix disabling DMARC reporting [SME: 9507] |
| 181 |
- reapply patch 4 |
- reapply patch 4 |
| 182 |
- Update server-manager to Koozali branding [SME: 9678] |
- Update server-manager to Koozali branding [SME: 9678] |
| 183 |
- move fix to the right line to be effective [SME: 9920] |
- move fix to the right line to be effective [SME: 9920] |
| 184 |
- fix bad redirection parameter that might reveal session information to remote site temporarily |
- fix bad redirection parameter that might reveal session information to remote site temporarily reverting patch 4 for fast release of security fix please put it back at next release [SME: 9920] |
|
reverting patch 4 for fast release of security fix please put it back at next release [SME: 9920] |
|
| 185 |
- Update server-manager to Koozali branding [SME: 9678] |
- Update server-manager to Koozali branding [SME: 9678] |
| 186 |
- e-smith-manager-2.6.0-Koozali_manager.patch better syntax for removing Indexes option for the manager [SME: 9589] |
- e-smith-manager-2.6.0-Koozali_manager.patch better syntax for removing Indexes option for the manager [SME: 9589] |
| 187 |
- Remove index option for manager's resources [SME: 9589] |
- Remove index option for manager's resources [SME: 9589] |
| 188 |
- fix 307 redirection to http when https is used [SME: 8825] |
- fix 307 redirection to http when https is used [SME: 8825] |
| 189 |
- update syntaxe for TKT Auth, bump 7 for typo, corrected typo in e-smith-manager-2.4.0- dont_rewrite_to_https_from_localhost.patch code from John H. Bennett III bennettj@johnbennettservices.com [SME: 9271] |
- update syntaxe for TKT Auth, bump 7 for typo, corrected typo in e-smith-manager-2.4.0_dont_rewrite_to_https_from_localhost.patch code from John H. Bennett III bennettj@johnbennettservices.com [SME: 9271] |
| 190 |
- Really don't redirect to http when login in/out of the server-manager [SME: 9163] |
- Really don't redirect to http when login in/out of the server-manager [SME: 9163] |
| 191 |
- Don't redirect to http when login in/out of the server-manager from localhost [SME: 9163] |
- Don't redirect to http when login in/out of the server-manager from localhost [SME: 9163] |
| 192 |
- Allow access to the server-manager without SSL from the loopback [SME: 9163] |
- Allow access to the server-manager without SSL from the loopback [SME: 9163] |
| 200 |
|
|
| 201 |
Webmail and Groupware |
Webmail and Groupware |
| 202 |
|
|
|
|
|
| 203 |
Web Server |
Web Server |
| 204 |
|
|
| 205 |
e-smith-apache |
e-smith-apache |
| 211 |
|
|
| 212 |
e-smith-base |
e-smith-base |
| 213 |
- Use ip route syntax to define routes to local network [SME: 9905] |
- Use ip route syntax to define routes to local network [SME: 9905] |
| 214 |
- Allow /32 masks on the external interface, in which case we don't |
- Allow /32 masks on the external interface, in which case we don't check if the gateway is on the correct network) [SME: 9765] |
|
check if the gateway is on the correct network) [SME: 9765] |
|
| 215 |
- Add a column to display forwarding address [SME: 9174] |
- Add a column to display forwarding address [SME: 9174] |
| 216 |
- Correctly display http URL to the server-manager in the console [SME: 9163] |
- Correctly display http URL to the server-manager in the console [SME: 9163] |
| 217 |
- Fire ssl-update event when default cert is renewed [SME: 2257] |
- Fire ssl-update event when default cert is renewed [SME: 2257] |
| 218 |
- Expand /home/e-smith/ssl.pem/pem during ssl-update [SME: 9152] |
- Expand /home/e-smith/ssl.pem/pem during ssl-update [SME: 9152] |
| 219 |
e-smith-devtools |
e-smith-devtools |
| 220 |
- Quote filenames in genfilelist so filenames containing spaces are correctly |
- Quote filenames in genfilelist so filenames containing spaces are correctly handled [SME: 9758] |
|
handled [SME: 9758] |
|
| 221 |
e-smith-grub |
e-smith-grub |
| 222 |
- Remove motd text from grub.cfg [SME: 9161] |
- Remove motd text from grub.cfg [SME: 9161] |
| 223 |
e-smith-hosts |
e-smith-hosts |
| 257 |
- init.d/halt: give init some time to reexecute |
- init.d/halt: give init some time to reexecute |
| 258 |
- network-scripts: DEVICE and HWADRR could be quoted by apostrophe |
- network-scripts: DEVICE and HWADRR could be quoted by apostrophe |
| 259 |
- ifup-wireless: fix calling of phy_wireless_device |
- ifup-wireless: fix calling of phy_wireless_device |
| 260 |
- rc.sysinit: apply quotas after system is relabeled |
- rc.sysinit: apply quotas after system is relabeled mod_auth_tkt |
|
mod_auth_tkt |
|
| 261 |
- backport to SME9 fix redirection when proxy ssl [SME: 8825] |
- backport to SME9 fix redirection when proxy ssl [SME: 8825] |
| 262 |
- update apxs path for SME9 (sbin) |
- update apxs path for SME9 (sbin) |
| 263 |
smeserver-release |
smeserver-release |
| 264 |
- Bump for beta1 release of 9.2 [SME: 9525] |
- Bump for beta1 release of 9.2 [SME: 9525] |
| 265 |
smeserver-support |
smeserver-support |
| 266 |
- updated sources with new pictures fix hover color [SME: 9678] |
- updated sources with new pictures fix hover color [SME: 9678] |
| 267 |
- Koozali branding of manager [SME: 9678] |
- Koozali branding of manager [SME: 9678] |
| 268 |
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,by assuming the date is correct and changing the weekday. |
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,by assuming the date is correct and changing the weekday. |
| 269 |
- Update copyright in server-manager footer [SME: 9266] |
- Update copyright in server-manager footer [SME: 9266] |
| 270 |
- Don't put motd content in /etc/redhat-release [SME: 9161] |
- Don't put motd content in /etc/redhat-release [SME: 9161] |
| 271 |
smeserver-yum |
smeserver-yum |
| 272 |
- added centos SCLo SIG gpg rpm signing key [SME: 10102] |
- added centos SCLo SIG gpg rpm signing key [SME: 10102] |
| 273 |
will allow to install SCL packages directly from smecontribs |
will allow to install SCL packages directly from smecontribs |
| 274 |
|
|
| 275 |
General features |
General features |
| 276 |
================ |
================ |
| 277 |
|
|
| 278 |
- Based on CentOS 6.8 and all available updates |
- Based on CentOS 6.9 and all available updates |
| 279 |
|
|
| 280 |
Terry Fage |
Terry Fage |
| 281 |
Compilation of release data is thanks to Ian Wells |
Compilation of release data is thanks to Ian Wells |
Parent Directory
| 
Revision Log
| 
Revision Graph
| 
Patch
