Line 72: |
Line 72: |
| | | |
| ===Changes in this release=== | | ===Changes in this release=== |
− | see above
| + | See full Release Notes - [https://lists.contribs.org/pipermail/updatesannounce/2019-January/000470.html Release Notes Koozali SME10 Alpha 4] |
| | | |
− | General features | + | General features - Based on CentOS 7.2.1511 and all available updates |
− | ================
| |
− | - Based on CentOS 7.6.1810 and all available updates | |
− | | |
− | Detailed changes in this release
| |
− | =======================
| |
− | Only the changes since SME Server 10 Alpha3 are listed, mainly
| |
− | autogenerated from the changelogs.
| |
− | | |
− | Packages altered by Centos, Redhat, and Fedora-associated developers are
| |
− | not included.
| |
− | | |
− | Backups
| |
− | | |
− | # e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme
| |
− | - added patch for workstation backup lock [SME: 9127]
| |
− | - code from Stefano Zamboni <zamboni at mind-at-work.it>
| |
− | | |
− | File Server
| |
− | | |
− | # e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
| |
− | - fix typo in /server-resources/regedit/win10samba.reg [SME: 10515]
| |
− | | |
− | # samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to
| |
− | 4.6.2-12.4.el7.sme
| |
− | # samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-winbind-modules updated from 4.4.4-14.6.el7.sme to
| |
− | 4.6.2-12.4.el7.sme
| |
− | # samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-winbind-clients updated from 4.4.4-14.6.el7.sme to
| |
− | 4.6.2-12.4.el7.sme
| |
− | # libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | # samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
− | - import 4.6.2-12 [SME: 10429]
| |
− | - change gnutls-devel >= 3.4.7 to gnutls-devel to allow build
| |
− | - import to SME the two last upstream releases [SME: 10326]
| |
− | - resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275
| |
− | - resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163
| |
− | - resolves: #1484423 - Require at least krb5 version 1.15.1
| |
− | - resolves: #1484713 - Fix password changes for users via smbpasswd
| |
− | - resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO
| |
− | returned errors
| |
− | - resolves: #1481188 - Fix 'net ads changetrustpw'
| |
− | - resolves: #1459936 - Fix regression with "follow symlinks = no"
| |
− | - resolves: #1461336 - Fix smbclient username parsing
| |
− | - resolves: #1460937 - Fix username normalization with winbind
| |
− | - resolves: #1459179 - Fix smbclient session setup printing
| |
− | - related: #1277999 - Add missing patchset
| |
− | - resolves: #1431986 - Fix expand_msdfs VFS module
| |
− | | |
− | LDAP
| |
− | | |
− | Localisation
| |
− | | |
− | # smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme
| |
− | - apply locale 2018-12-14 patch
| |
− | - apply locale 2017-12-02 patch
| |
− | | |
− | Mail Server
| |
− | | |
− | # clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme
| |
− | - Update to 0.100.2 [SME: 10578]
| |
− | | |
− | # e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme
| |
− | - fix undefined fqdn for pop3 [SME: 10257]
| |
− | | |
− | # qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme
| |
− | - add support to force spamcheck on specific IP for fetchmail [SME: 10290]
| |
− | | |
− | # smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme
| |
− | - add forcespamcheck support for fetchmail [SME: 10290]
| |
− | - Log DMARC reporting in syslog instead of sending email to the admin.
| |
− | Also suppress SSL connection failed warnings [SME: 10298]
| |
− | | |
− | # djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme
| |
− | - improve short ttl cname resolution and glueless answer from akadns
| |
− | [SME: 8362]
| |
− | - 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set
| |
− | QUERY_MAXLOOP 160
| |
− | --import patches from openwrt and rename already applied patches
| |
− | --fix security issues [SME: 10374]
| |
− | - 020-dnsroots-update.patch: update list of root DNS servers
| |
− | - 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch
| |
− | dns_transmit-bug.patch
| |
− | - 080-dnscache-cache-negatives.patch: rfc2308 ?
| |
− | - 210-dnscache-strict-forwardonly.patch: rename previous patch
| |
− | dnscache-strict-forwardonly.patch
| |
− | - 240-tinydns-alias-chain-truncation.patch: rename previous patch
| |
− | tinydns-alias-chain-truncation.patch
| |
− | - 270-dnscache-sigpipe-fix.patch: SIGPIPE
| |
− | - 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
| |
− | - 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
| |
− | - 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
| |
− | - 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191
| |
− | http://marc.info/?l=djbdns&m=134190748729079&w=2
| |
− | --bug fixes [SME: 10374]
| |
− | - 060-dnscache-big-udp-packets.patch: accept and handle longer than 512
| |
− | bytes UDP packets
| |
− | - 230-tinydns-data-semantic-error.patch: handle semantic error to avoid
| |
− | publishing false dns records
| |
− | --fix issue with short ttl cname like akamaid [SME: 8362]
| |
− | - 200-dnscache-cname-handling.patch: rename previous patch
| |
− | dnscache-cname-handling.patch
| |
− | - 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
| |
− | - 500-cutom-dnscache-maxloop.patch: set max loop to 200
| |
− | --needed for previous patches to apply cleanly
| |
− | - 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get
| |
− | decompose SRC and PTR records (for 230-*.patch)
| |
− | - 050-tinydns-mmap-leak.patch: report cdb leak
| |
− | - 080-dnscache-cache-negatives.patch: rfc2308 ?
| |
− | - 090-tinydns-one-second.patch: improve tinydns with 8 or more
| |
− | concurent connections (for 240-*.patch)
| |
− | - 120-compiler-temporary-filename.patch: change tmp filename to avoid
| |
− | conflicts (for 230-*.patch)
| |
− | | |
− | # smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme
| |
− | - disable auto_learn by default when enabling Bayes [SME: 8160]
| |
− | - added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and
| |
− | BayesAutoLearnThresholdNonSpam
| |
− | | |
− | # e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
| |
− | - Update aliases files for every groups passed as argument [SME: 10386]
| |
− | | |
− | Server manager
| |
− | | |
− | php
| |
− | - load openssl configuration file on startup #1408301
| |
− | - gd: fix buffer over-read into uninitialized memory CVE-2017-7890
| |
− | - fix php should provide php(httpd) #1215429
| |
− | - fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010
| |
− | default value is "yes", preserving previous behaviour
| |
− | - openssl: fix default_socket_timeout does not work with SSL #1378196
| |
− | - gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167
| |
− | - gd: Signed Integer Overflow gd_io.c CVE-2016-10168
| |
− | | |
− | Webmail and Groupware
| |
− | | |
− | Web Server
| |
− | | |
− | Other fixes and updates
| |
− | | |
− | # e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme
| |
− | - icleaning xinetd.conf fragment out of the package [SME: 10219]
| |
− | - revert previous change - wrong package
| |
− | - added post transaction rule for ntp [SME: 10190]
| |
− | - thank you to Stefano Zamboni for this work
| |
− | | |
− | # smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme
| |
− | - add yum-plugin-post-transaction-actions as requirement [SME: 1100]
| |
− | | |
− | # e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
| |
− | - ease update of e-smith-devtools on non SME builders [SME: 10536]
| |
− | | |
− | # smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme
| |
− | - exclude libtevent,python-tevent from base and updates to avoid
| |
− | conflict with localy build version of samba [SME: 10573]
| |
− | - add back perl(LWP::Protocol::https) support [SME: 10516]
| |
− | - upstream samba packages were not all excluded [SME: 10428]
| |
− | | |
− | # e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
| |
− | - added post transaction rule for ntp [SME: 10190]
| |
− | - thank you to Stefano Zamboni for this work
| |
− | | |
− | # e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
| |
− | - Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang)
| |
− | [SME: 10445]
| |
| | | |
| On behalf of the Koozali SME Server development team | | On behalf of the Koozali SME Server development team |