Line 4: |
Line 4: |
| | | |
| The SME Server development team is pleased to announce the release of | | The SME Server development team is pleased to announce the release of |
− | SME Server 9.1 which is based on CentOS 6.7 | + | SME Server 9.1 which is based on CentOS 6.7 [http://lists.contribs.org/pipermail/updatesannounce/2015-December/000436.html Full Release Notes] |
| | | |
| Bug reports and reports of potential bugs should be raised in the bug | | Bug reports and reports of potential bugs should be raised in the bug |
Line 45: |
Line 45: |
| The development team would like to thank all of those who have involved | | The development team would like to thank all of those who have involved |
| themselves with this release. | | themselves with this release. |
| + | |
| + | ===Installing=== |
| + | [[SME_Server:Documentation:Administration_Manual:Chapter4|Hardware requirements]] |
| + | |
| + | [[SME_Server:Documentation:Administration_Manual:Chapter5|Installation procedure]] |
| | | |
| ===Upgrading=== | | ===Upgrading=== |
Line 59: |
Line 64: |
| Even if possible and tested the yum upgrade must be performed only with stable internet connections and, preferably, not remotely. Loosing connection may leave your system in an unknown state. | | Even if possible and tested the yum upgrade must be performed only with stable internet connections and, preferably, not remotely. Loosing connection may leave your system in an unknown state. |
| | | |
− | Check for known issues, here [[SME9.0 QA]] and at open bugs for SME 9 in bugzilla. | + | Check for known issues, here [[Dashboard#tab=SME_Server_9_1|Dashboard]] and at open bugs for SME 9 in bugzilla. |
| | | |
| ====Check for contrib packages that may need upgrading==== | | ====Check for contrib packages that may need upgrading==== |
Line 134: |
Line 139: |
| | | |
| ==== Changes from SME9rc1==== | | ==== Changes from SME9rc1==== |
− | SME Server 9.0 Release Candidate 1 released on 12th May 2014
| + | USB Install working once again |
| + | |
| + | Anaconda lang syntax error |
| | | |
| ====Changes from Beta 4==== | | ====Changes from Beta 4==== |
Line 176: |
Line 183: |
| The network interface code has been reworked to remove all hardcoding | | The network interface code has been reworked to remove all hardcoding |
| relating to eth0 and eth1. | | relating to eth0 and eth1. |
| + | |
| + | ===Major changes in this release=== |
| + | Added functionality to use a Dummy NIC for the internal interface. |
| + | Set the check update frequency of smecontribs through the server-manager. |
| + | Disable SSLv3. |
| + | Added Windows 10 support for SME Domain. |
| | | |
| ====Changes in this release==== | | ====Changes in this release==== |
− | This section will be further updated in a later release
| + | Only the changes since SME Server 9.0 are listed, mainly |
− | Currently this only shows changes since SME Server 9.0 Alpha 3 and it is
| + | autogenerated from the changelogs. |
− | autogenerated from the changelogs. A more human readable version will be | |
− | written.
| |
− | | |
| | | |
| Packages altered by Centos, Redhat, and Fedora-associated developers are | | Packages altered by Centos, Redhat, and Fedora-associated developers are |
| not included. | | not included. |
| | | |
| + | Backups |
| + | ------- |
| + | - dar new upstream version |
| + | - dar add pkgconfig |
| + | - The mountpoint is tested before attempting the console backup |
| + | - Workstation Backup, do not fail backup for mtime/ctime mismatch |
| + | - Change the sub checkMount() to findmnt Ian Wells <esmith@wellsi.com> |
| + | - Add requires nfs-utils |
| + | - The nfs service is neither started or allowed to start |
| + | - Don't remove the apache group during restore |
| | | |
− | =====Backups=====
| + | File Server |
− | - Workstation Backup, do not exclude dar files by default in line with console backup. | + | ----------- |
− | | + | - The samba performance registry is now added in the win10samba.reg |
− | - Workstation Backup, fix selective restore by requesting array of results from CGI.pm. | + | - Fix samba audit parameters |
− | | + | Patch from Jorge Gonzalez |
− | - Workstation Backup, new method to show files being restored is needed when using dar 2.4. | + | Replace syslog template to rsyslog so samba audits are logged in the correct |
− | | + | file |
− | - Simplify the workstation backup report.
| + | Corrected typo in patch of bad character '“', relative to roaming profile |
− | | + | e-smith-samba-2.4.0.bz9038.W10_registry.patch |
− | - Workstation Backup, count backup sets from 1. | + | Roaming profiles follow Windows version (.V2,.V3,.V4,.V5) |
− | | + | added W10 support to SME Domain |
− | - Update the text in the Backup panel.
| + | e-smith-samba-2.4.0.bz9038.W10_registry.patch |
| + | - Added e-smith-samba-2.4.0.bz9048.RoamingProfileForW8.patch |
| + | Modified the registry file for roaming profile with W8 |
| + | Roaming profiles follow Windows version (.V2,.V3,.V4,.V5) |
| + | - Add dependency on perl(Crypt::Cracklib), needed for ftpasswd --use-cracklib |
| + | Add -utils subpackage for support tools (#1258440), using a sub-package to |
| + | ensure that the main package does not require perl |
| + | Update ftpasswd to version from proftpd 1.3.5a for additional functionality |
| + | (SHA passwords, locking and unlocking of accounts) |
| | | |
− | - Allow more time for cifs mounts before reporting errors.
| |
| | | |
− | - Dar updated to 2.4.10. | + | LDAP |
| + | ---- |
| + | - Remove size limit for search result |
| + | - Make pdbedit output independent from locale and timezone so it can be |
| + | parsed |
| + | - Symlink /etc/init.d/ldap to /usr/bin/sv |
| + | - Chown all DB files to ldap before staring slapd |
| + | - Set checkpoint in slapd.conf instead of DB_CONFIG |
| + | - Stop ldap on shutdown (rc0 and rc6) |
| + | - Don't overwrite the ldif dump if slapcat's output is empty |
| + | (code from Charlie Brady) |
| + | - Run db_recover on startup |
| + | - Don't wipe LDAP DB when the ldif dump is empty |
| | | |
− | - Workstation Backup, add a choice to delete old backup before or after backup. | + | Localisation |
| + | ------------ |
| + | - apply locale smeserver-locale-2.4.0-locale-2015-07-12.patch |
| + | - apply locale smeserver-locale-2.4.0-locale-2015-07-01.patch |
| + | - apply locale 2015-03-14 patch from pootle |
| + | - apply locale 2014-12-25 patch from pootle |
| | | |
− | - Workstation Backup, remove temporary directory on success. | + | Mail Server |
| + | ----------- |
| + | - ClamAV Updated to release 0.98.7 |
| + | - Remove the patch e-smith-email-5.4.0-UEsDBBQDAAAIA-new-signature.patch |
| + | - Add new zip file signatures to default mailpatterns database : UEsDBBQDAAAIA |
| + | - Add new zip file signatures to default mailpatterns database : ZIPVOSX & ZIPV3 |
| + | - Disable fips mode on stunnel |
| + | - Use stunnel instead of sslio to support TLS |
| + | - Revert forcing TLSv1 patch as it breaks some inbound delivery |
| + | - Revert whitelist_soft dnsbl as it hasn't been verified yet and we need to |
| + | push the fix for TLSv1 |
| + | - Modify whitelist_soft transaction to interact with dnsbl filter |
| + | by John Crisp <jcrisp@safeandsoundit.co.uk> |
| + | - Force usage of TLSv1 |
| + | - Increase MemLimit to 700M for clamav-0.98 |
| + | - Allow custom passdb args |
| + | - allow IP relayclient stored by DB |
| + | Code from Stefano ZAmboni <zamboni@mind-at-work.it> |
| + | & Charlie Brady <charlieb-contribs-bugzilla@budge.apana.org.au> |
| + | - allow IP relayclient stored by DB |
| + | Code from Stefano ZAmboni <zamboni@mind-at-work.it> |
| | | |
− | - Refactor directory tree creation and removal. | + | Server manager |
| + | -------------- |
| + | - fix gzfile accept paths with NUL character #1213407 |
| + | - fix patch for CVE-2015-4024 |
| + | - fix more functions accept paths with NUL character #1213407 |
| + | - soap: missing fix for #1222538 and #1204868 |
| + | - core: fix multipart/form-data request can use excessive |
| + | amount of CPU usage CVE-2015-4024 |
| + | - fix various functions accept paths with NUL character |
| + | CVE-2015-4026, #1213407 |
| + | - ftp: fix integer overflow leading to heap overflow when |
| + | reading FTP file listing CVE-2015-4022 |
| + | - phar: fix buffer over-read in metadata parsing CVE-2015-2783 |
| + | - phar: invalid pointer free() in phar_tar_process_metadata() |
| + | CVE-2015-3307 |
| + | - phar: fix buffer overflow in phar_set_inode() CVE-2015-3329 |
| + | - phar: fix memory corruption in phar_parse_tarfile caused by |
| + | empty entry file name CVE-2015-4021 |
| + | - soap: more fix type confusion through unserialize #1222538 |
| + | - soap: more fix type confusion through unserialize #1204868 |
| + | - core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425 |
| + | - core: fix use-after-free in unserialize CVE-2015-2787 |
| + | - exif: fix free on unitialized pointer CVE-2015-0232 |
| + | - gd: fix buffer read overflow in gd_gif.c CVE-2014-9709 |
| + | - date: fix use after free vulnerability in unserialize CVE-2015-0273 |
| + | - enchant: fix heap buffer overflow in enchant_broker_request_dict |
| + | CVE-2014-9705 |
| + | - phar: use after free in phar_object.c CVE-2015-2301 |
| + | - soap: fix type confusion through unserialize |
| + | - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 |
| + | - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 |
| + | - core: fix integer overflow in unserialize() CVE-2014-3669 |
| + | - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670 |
| + | - spl: fix use-after-free in ArrayIterator due to object |
| + | change during sorting. CVE-2014-4698 |
| + | - spl: fix use-after-free in SPL Iterators. CVE-2014-4670 |
| + | - gd: fix NULL pointer dereference in gdImageCreateFromXpm. |
| + | CVE-2014-2497 |
| + | - fileinfo: fix incomplete fix for CVE-2012-1571 in |
| + | cdf_read_property_info. CVE-2014-3587 |
| + | - core: fix incomplete fix for CVE-2014-4049 DNS TXT |
| + | record parsing. CVE-2014-3597 |
| + | - core: type confusion issue in phpinfo(). CVE-2014-4721 |
| + | - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 |
| + | - core: fix heap-based buffer overflow in DNS TXT record parsing. |
| + | CVE-2014-4049 |
| + | - core: unserialize() SPL ArrayObject / SPLObjectStorage type |
| + | confusion flaw. CVE-2014-3515 |
| + | - fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270 |
| + | - fileinfo: unrestricted recursion in handling of indirect type |
| + | rules. CVE-2014-1943 |
| + | - fileinfo: out of bounds read in CDF parser. CVE-2012-1571 |
| + | - fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479 |
| + | - fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480 |
| + | - fileinfo: cdf_unpack_summary_info() excessive looping |
| + | DoS. CVE-2014-0237 |
| + | - fileinfo: CDF property info parsing nelements infinite |
| + | loop. CVE-2014-0238 |
| + | - add php_get_module_initialized internal function (#1053301) |
| + | - soap: fixRFC2616 transgression (#1045019) |
| + | - fix static calling in non-static method (#953786) |
| + | - fix autoload called from closing session (#954027) |
| + | - drop unneeded part of CVE-2006-724.patch and fileinfo.patch |
| + | extension not provided or git binary patches (#1064027) |
| + | - odbc: fix incompatible pointer type (#1053982) |
| + | - mysqli: fix possible segfault in mysqli_stmt::bind_result |
| + | php bug 66762 (#1069167) |
| + | - mysql: fix php_mysql_fetch_hash writes long value into int |
| + | php bug 52636 (#1054953) |
| | | |
− | - Workstation Backup, inconsistent formatting of host share name in messages. | + | Web Server |
| + | ---------- |
| + | - DIsable SSLv3 |
| + | - Revert CRIME mitigation patch, as it's not needed |
| + | - Mitigate CVE-2012-4929 |
| + | - Turn SSLEngine on in the SSL vhost (ProxyPassVirtualHosts) |
| + | - Remove obsolete gpc_order setting from php.ini. |
| + | - Add an upload_tmp_folder setting by db command |
| + | - Thanks to Michael McCarn and Jean-philippe Pialasse |
| | | |
− | - Workstation Backup, more reliable catalog creation. | + | Other fixes and updates |
| + | ----------------------- |
| + | - Update /etc/mime.types templates |
| + | - Use sha256 algorithm for signature of SSL cert. |
| + | - Added new createlinks function event_templates event_actions event_services |
| + | - Don't claim to own /sbin and /sbin/e-smith |
| + | - display variable name in the server-manager $domainName, $domainDesc $domain |
| + | - Revert the upload_tmp_folder patch as it needs some more work |
| + | - Add dummy NIC support as InternalInterface |
| + | - Only fire the ip-change event when IP is assigned to WAN nic |
| + | (Code by Charlie Brady and John Crisp) |
| + | - Only reset service access when switching to or from private server mode |
| + | (Code by Charlie Brady) |
| + | - When quiting the console app with unsaved changes set the default selected |
| + | answer to NO |
| + | - Added a comment to specify the real configuration file of dhcpd |
| + | - Modified the patch of daniel e-smith-base-5.6.0-ensure_apache_alias_www.patch |
| + | - Ensure www group exists and that apache is an alias of www |
| + | - Check where running runlevel 4, not 7 in service wrapper |
| + | - Correctly update NIC configuration on single NIC systems |
| + | - Symlink udev-post service in rc7 |
| + | - Fix PPPoE after a post-upgrade |
| + | - Remove dependency on microcode_ctl |
| + | - Prevent emailing about the normal, weekly, checks of RAID arrays, by Mark Casey |
| + | - Don't claim to own /sbin and /sbin/e-smith |
| + | - Add an upload_tmp_folder setting by db command |
| + | Thanks to Michael McCarn and Jean-philippe Pialasse |
| + | - the folder /tmp is created by the event init-ibays |
| + | - the event ibay-modify create/chown/chmod the folder /tmp |
| + | - Add an upload_tmp_folder setting by db command |
| + | Thanks to Michael McCarn and Jean-philippe Pialasse |
| + | - Force SSL following ibays settings to the relevant domain |
| + | - Perl::critic syntax modifications |
| + | - Add more PHP options to ibays only by db commands |
| + | - Add SSLRequireSSL to ibays when SSL is set to enabled |
| + | - Allow the admin upsd in /etc/hosts.allow |
| + | - Creation Admin Privilege for use of upscmd & upsrw |
| + | - Remove obsolete directives {allowfrom} |
| + | - Access property created (default value is 'localhost') |
| + | - Remove obsolete directives {ACL,ACCEPT,REJECT} and switch to LISTEN |
| + | in /etc/ups/upsd.conf |
| + | - Allow NUT in /etc/hosts.allow and in /etc/services |
| + | Code change from Daniel B.<daniel@firewall-services.com> |
| + | - Revert the patch e-smith-tinydns-2.4.0_add_hostname_following_dhcpdleases_hostname.patch |
| + | - Duplicate hostnames with different IP are not used, a warn in log is printed |
| + | - The server hostname can not be used by a dhcp client, a warning in log is printed |
| + | - Changed the name of /tmp/dhcpd.leases to /tmp/tmpdhcpd.leases |
| + | when the dhcpd lease is modified |
| + | - Do template-expand of /var/service/tinydns/root/data |
| + | - Do sigus1 of dhcp-dns & dnscache |
| + | - Forked DHCPparse for parsing the end of lease and remove old entry of dnscache |
| + | - Require perl-Text-DHCPparse removed |
| + | - Timestamp added in tinydns, the entry in dnscache is cleared when the lease is over |
| + | - Add new feature 'Parse dhcpd.leases and feed to tinydns' |
| + | - e-smith-tinydns-2.4.0_add_hostname_following_dhcpdleases_hostname.patch |
| + | made from the solution of Stefano Zamboni |
| + | - Make slapd service an alias for ldap |
| + | - Switched to sysvinit from systemd (it's rhel-6) |
| + | - Fixed license tag Related: rhbz#632853 |
| + | - pptpd New version |
| + | - Dropped pppd-unbundle patch (upstreamed) |
| + | - Various fixes according to Fedora review Related: rhbz#632853 |
| + | - Modified for Fedora Resolves: rhbz#632853 |
| + | - Update to upstream version 2.3.4, which fixes CVE-2012-3478 and CVE-2012-2252 |
| + | - Updated rsync-protocol.patch to fix CVE-2012-2251, and to apply on top of the |
| + | CVE-2012-3478 and CVE-2012-2252 fixes. |
| + | - Updated makefile.patch to preserve RPM CFLAGS. |
| + | - Added command-line-error.patch (from Debian), correcting error message |
| + | generated when insecure command line option is used (CVE-2012-3478 fix |
| + | regression). |
| + | - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
| + | - Add patch for rsync3 compat (#485946) |
| + | - Update runit to 2.1.2 |
| + | - Remove now uneeded obsolete directives |
| + | - Remove openssl from the Exclude list of centos repo |
| + | - Add a default Yum db property for check4contribsupdates |
| + | - Added a check-update for the smecontribs repository |
| + | - Move protected package list to the correct location |
| | | |
− | - Workstation Backup, report cifs mount errors. | + | ====General features==== |
| + | - Based on CentOS 6.7 and all available updates |
| | | |
− | - Workstation Backup, do not access /proc/mounts
| + | ====Known issues==== |
− | | |
− | - Incremental backup fix.
| |
− | | |
− | - Workstation Backup, allow spaces in the backup destination. Includes fix for disk usage broken with spaces.
| |
− | | |
− | - Desktop Backup, allow user setting of compression level.
| |
− | | |
− | - Use Wake on LAN before starting Backup with DAR.
| |
− | | |
− | - NFS syntax is deprecated for CIFS mount.
| |
− | | |
− | - Require cifs-utils and use UNC paths for cifs mount.
| |
− | | |
− | - Improve text in console backup for success and failure.
| |
− | | |
− | - Console USB Backup, allow user setting of compression level. Compression level of the console backup is now -6 by default.
| |
− | | |
− | - Patch to exclude trying to backup aquota.* files so that backups to tape will succeed.
| |
− | | |
− | - Update to the latest version of console restore.
| |
− | | |
− | - Boostrap console should only offer restore if no password set.
| |
− | | |
− | - Delete items from dar catalog in descending order
| |
− | | |
− | - Minor non-functional updates based on PerlCritic and review comments
| |
− | | |
− | - Move console backup to e-smith-backup
| |
− | | |
− | - Workstation Backup, selective restore of deleted files
| |
− | | |
− | - Remove migrate fragment 30vfstype
| |
− | | |
− | - Workstation Backup, Don't delete old sets, only empty them.
| |
− | | |
− | - Workstation Backup, Mail and WOL now subroutines
| |
− | | |
− | - Workstation Backup, remove the need for a temporary directory, updated.
| |
− | | |
− | - Workstation Backup, backupname includes seconds.
| |
− | | |
− | - Simplification of the time routines.
| |
− | | |
− | - Workstation Backup, remove the need for a temporary directory.
| |
− | | |
− | - Allow configuration of workstation backup if no removable disk present
| |
− | | |
− | - Create simplified function for updating the DarCatalog
| |
− | | |
− | - Workstation Backup, do not create folder in /
| |
− | | |
− | - Workstation Backup, suppress ctime error message on incremental backups.
| |
− | | |
− | =====File Server===== | |
− | - Also remove the empty template-begin file in pam.d/proftpd templates.
| |
− | | |
− | - Remove unused pam templates.
| |
− | | |
− | - Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
| |
− | | |
− | - Add template for wide links.
| |
− | | |
− | - Add templates for max protocol.
| |
− | | |
− | - Add support for Windows 8 domain joining & user login.
| |
− | | |
− | - Add windows network performance enhancements registry file.
| |
− | | |
− | - Update default ServerName in 30smbServerName
| |
− | | |
− | - Add ability to configure waiting for network Win7 registry option.
| |
− | | |
− | - Change default Workgroup and Domain to sme-server.
| |
− | | |
− | - Fix mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication.
| |
− | | |
− | - Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
| |
− | | |
− | - Remove 20smb as migrating from pre-SME7 is not supported
| |
− | | |
− | =====LDAP (Optional in SME 9.0, and considered experimental)=====
| |
− | - Adjust slapd ACL to change dn.subtree to dn.children.
| |
− | | |
− | =====Localisation=====
| |
− | - Latest translations included.
| |
− | | |
− | =====Mail Server=====
| |
− | - Only present one auth method at a time, in order, to NET::SMTP.
| |
− | | |
− | - Remove limit properties from the imaps DB entry.
| |
− | | |
− | - Apply process limits to dovecot.
| |
− | | |
− | - Include /usr/bin/refreshclam
| |
− | | |
− | - Allow webmail-only-local-network.
| |
− | | |
− | - Fix handling of messages with no body and no trailing \n after headers (eq was used in attempted assignment).
| |
− | | |
− | - Fetchmail multidrop mode follows TCPPort setting.
| |
− | | |
− | - Always enable imap, listen on loopback is disabled.
| |
− | | |
− | - Avoid use of unitialised variables in smtp migrate fragments.
| |
− | | |
− | - Simplify qmail concurrency templates.
| |
− | | |
− | - Modify domain style pseudonym pointing to user with dot in name.
| |
− | | |
− | - Accept messages with no body and no trailing \n after headers.
| |
− | | |
− | - Fix Net::DNS update breaks qpsmtpd.
| |
− | | |
− | - allows the spamassassin plugin to read the size limit from its arguments
| |
− | | |
− | - Move clamscan scheduling to complete before 99-raid-check.
| |
− | | |
− | - Listen on loopback if disabled.
| |
− | | |
− | - Fix permissions on imapd.pem as it's used by pop3s.
| |
− | | |
− | - Do not obsolete bglibs, it's required for cvm.
| |
− | | |
− | - Allow plaintext (unless explicitly disabled).
| |
− | | |
− | - Do not obsolete cvm, it's still needed for qpsmtpd.
| |
− | | |
− | - Fix size_limit initialization.
| |
− | | |
− | - reads MaxMessageSize prop of spamassassin and adds it to the arguments of the plugin if defined.
| |
− | | |
− | - Requires e-smith-cvm-unix-local.
| |
− | | |
− | - Load TextCat plugin if ok_languages is enabled.
| |
− | | |
− | - Fix how qpsmtpd tags spam email.
| |
− | | |
− | - Remove Packager and Vendor from spec file.
| |
− | | |
− | - Revert last change.
| |
− | | |
− | - Sources are local, do not download them.
| |
− | | |
− | - Updates to release 0.98.1
| |
− | | |
− | - Handle exceptions during attempted SASL auth. Add more debug tracing.
| |
− | | |
− | - Remove DENYSOFT on SPF softfail
| |
− | | |
− | - Remove insecure ciphers
| |
− | | |
− | - Remove workarounds for how qpsmtpd tags spam email
| |
− | | |
− | - Fix whitespace in 10required_score
| |
− | | |
− | - Update SBL and RBL Lists
| |
− | | |
− | =====Server manager=====
| |
− | - Renew donation text in server-manager.
| |
− | | |
− | - Do not load mod_ssl.
| |
− | | |
− | - Remove log noise from Create starter web site panel.
| |
− | | |
− | - Add security fix for CVE-2013-4113.
| |
− | | |
− | - Renew donation text and graphic in server-manager.
| |
− | | |
− | - Update footer copyright and renew full copyright text.
| |
− | | |
− | - Change wording of Software Update button.
| |
− | | |
− | - Roll new stream to remove obsolete images
| |
− | | |
− | - Remove references to obsolete images, by Stephane de Labrusse
| |
− | | |
− | - Fix new starter website.
| |
− | | |
− | - Update location of Primary index.html.
| |
− | | |
− | =====Webmail and Groupware=====
| |
− | - Allow webmail-only-local-network.
| |
− | | |
− | - Don't use SSL over loopback.
| |
− | | |
− | - Replace last change with a default value for horde access
| |
− | | |
− | - Ensure initialisation of variables in webmail-only-local-network.
| |
− | | |
− | =====Web Server=====
| |
− | - Force magic_quotes Off.
| |
− | | |
− | - Remove insecure ciphers
| |
− | | |
− | =====Other fixes and updates=====
| |
− | - Add ssh-autoblock for external interface.<br />
| |
− | See: http://wiki.contribs.org/AutoBlock
| |
− | | |
− | - Do not hardcode NIC names to eth0 and eth1.
| |
− | | |
− | - Return nic names in probeAdapters so we can drop HWAddress.
| |
− | | |
− | - Remove HWAddress prop from interfaces.
| |
− | | |
− | - Remove the "swap interface" feature.
| |
− | | |
− | - Remove obsolete VLAN code.
| |
− | | |
− | - Load the bonding module if NIC bonding is enabled.
| |
− | | |
− | - Define the udev-post service in the DB.
| |
− | | |
− | - Provide the ability to restrict ibay access to http.
| |
− | | |
− | - Restart rsyslog in logrotate event.
| |
− | | |
− | - Set smb ServerName if unset.
| |
− | | |
− | - Don't reload init in bootstrap-console-save and console-save.
| |
− | | |
− | - Fix add_new_disk_to_raid1.
| |
− | | |
− | - Provide the ability to force https per ibay.
| |
− | | |
− | - Add an audit for groups.<br />
| |
− | See: http://wiki.contribs.org/Audit_Tools#groups-users
| |
− | | |
− | - Update the full names of users added in %pre.
| |
− | | |
− | - Fix uid and gid to be the same for the users added in %pre.
| |
− | | |
− | - Changed Prereq to Requires(pre) as Prereq is deprecated.
| |
− | | |
− | - Patch to correct issue with not being able to access a password protected ibay.
| |
− | | |
− | - Update ServerName (Samba netbios name) when SystemName is updated.
| |
− | | |
− | - Remove old System Name from the Hosts DB.
| |
− | | |
− | - Fix group creation when LDAP auth is enabled.
| |
− | | |
− | - Disable IPv6 on a default install.
| |
− | | |
− | - Continue escaping control chars in rsyslog, just replace LF with space.
| |
− | | |
− | - Use UTF-8 in the console.
| |
− | | |
− | - Remove redundant parts of init-accounts.
| |
− | | |
− | - Add_template_to_ssl.pem, codes by JP Pialasse.
| |
− | | |
− | - Require diald.
| |
− | | |
− | - Removal of rc.e-smith now functionality is in e-smith-service.
| |
− | | |
− | - Replacement of rc.e-smith by moving code into e-smith-service.
| |
− | | |
− | - Fix the way '.' works in bash.
| |
− | | |
− | - rename /etc/ldap.conf to /etc/pam_ldap.conf (and same for .secret).
| |
− | | |
− | - Always define InternalInterface NICBonding.
| |
− | | |
− | - In the console refer to removable media instead of USB disk.
| |
− | | |
− | - Fix a few more syslog => rsyslog items.
| |
− | | |
− | - Remove modprobe stuff.
| |
− | | |
− | - Don't be as agressive on rate limiting.
| |
− | | |
− | - Change syslog templates to rsyslog.
| |
− | | |
− | - Ensure existing_hwaddr is always initialized.
| |
− | | |
− | - Change System Name from mitel-networks-server to sme-server.
| |
− | | |
− | - Patch to remove symlink to Primary ibay from /home/e-smith/files/primary.
| |
− | | |
− | - Patch to correct issue with not being able to access a password protected ibay.
| |
− | | |
− | - Correctly display accented letters in the console.
| |
− | | |
− | - Add e-smith as a Requires(pre) and remove adding users in %pre.
| |
− | | |
− | - Fix uid and gid to be the same in create-system-user.
| |
− | | |
− | - Ignore mysql.event table.
| |
− | | |
− | - Use --single-transaction in mysql-dump-tables.
| |
− | | |
− | - Use mysql_upgrade instead of fix_privilege_tables.
| |
− | | |
− | - Increase memory limit for ntp.
| |
− | | |
− | - Make rsyslog listen to our socket.
| |
− | | |
− | - Remove rc.quota_create.
| |
− | | |
− | - the config file is radiusclient.conf, not radiusclient-ng.conf.
| |
− | | |
− | - Add templates for radiusclient-ng.conf file to remove binaddr directive.
| |
− | | |
− | - Add directive to options.pptpd so that radius plugin can find the radiusclient configuration file..
| |
− | | |
− | - Fix permissions of /etc/radiusclient-ng/servers.
| |
− | | |
− | - Add hack for running rc7.d script during runlevel 4.
| |
− | | |
− | - Apply SME Server config file changes to pwauth.
| |
− | | |
− | - Fix libgomp obsoletes to not obsolete el6 version.
| |
− | | |
− | - Change order of mail options in check4updates.
| |
− | | |
− | - Fix parsing issues with "manage RAID" menu option in the console.
| |
− | | |
− | - Remove SSH v1 legacy support.
| |
− | | |
− | - Support nolvm boot option.
| |
− | | |
− | - Create degraded RAID1 array with single disk install.
| |
− | | |
− | - nodmraid is the default for SME 9.0 installs.
| |
− | | |
− | - Give more time to the grub menu.
| |
− | | |
− | - Update installer hard drive warning.
| |
− | | |
− | - Customize confirmation dialogs during fresh install.
| |
− | | |
− | - Run installer in 'text' mode.
| |
− | | |
− | - Roll new stream to really remove obsolete images
| |
− | | |
− | - Roll new stream to remove obsolete images
| |
− | | |
− | - Move console backup to e-smith-backup
| |
− | | |
− | - Remove support.pl from e-smith-base and move to smeserver-support
| |
− | | |
− | - Console restore should reboot
| |
− | | |
− | - Boostrap console should only offer restore if no password set
| |
− | | |
− | - Add restore backup as a console item for freshly installed servers
| |
− | | |
− | - Non-code changes to perform_restore.pm
| |
− | | |
− | - Refer to removable media not CDROM in console restore
| |
− | | |
− | - Remove insecure SSL ciphers
| |
− | | |
− | - Add more PHP options to ibays only by db commands<br />
| |
− | See: http://wiki.contribs.org/DB_Variables_Configuration#Apache_server_ibay_specific_.28httpd-e-smith.29
| |
− | | |
− | - Add SSLRequireSSL to ibays when SSL is set to enabled
| |
− | | |
− | - Force https per ibay should not be the default for existing ibays
| |
− | | |
− | - Add textbox() to console.pm, getLicenseFile to util.pm
| |
− | | |
− | - Update frame header and footer
| |
− | | |
− | - Use mysql_upgrade in 00_restore_dumped_dbs, by Terje Edseth
| |
− | | |
− | - Use mysql_upgrade --force due to upgrade to MySQL 5.1
| |
− | | |
− | - Prevent server being used in NTP amplification attacks.
| |
− | | |
− | - Modify template to allow Squid proxy https access to ports other than 443,563 using db command<br />
| |
− | See: http://wiki.contribs.org/DB_Variables_Configuration#Squid_Proxy_.28squid.29
| |
− | | |
− | - Add -n 1 to the dmesg line in rc.sysinit to prevent unwanted messages appearing on the console
| |
− | | |
− | - Correct offest in runlevel7 patch to avoid .orig file
| |
− | | |
− | - Remove CentOS Branding patch
| |
− | | |
− | - Add logcheck to help analyse errors in the log files
| |
− | | |
− | - Roll new stream to remove obsolete images
| |
− | | |
− | - Move support.pl from e-smith-base to smeserver-support
| |
− | | |
− | - The console license page now uses dialog's textbox.
| |
− | | |
− | - Ensure console is run with taint checking.
| |
− | | |
− | - Add a verification in the console of number of pptp clients against ip allowed in dhcpd
| |
− | | |
− | - Add a verification in remoteaccess panel of number of pptp clients against ip allowed in dhcpd
| |
− | | |
− | - Display a warning with the domain name before to remove it
| |
− | | |
− | - Move mysql logging to multilog
| |
− | | |
− | - Remove the information_schema
| |
− | | |
− | - Fix error with flush of xt_recent SSH connections.
| |
− | | |
− | - Add option to tcpsvd to set socket keepalive.
| |
− | | |
− | ===General features===
| |
− | - Based on CentOS 6.5 and all available updates
| |
− | | |
− | | |
− | ==Known issues==
| |
| * It can happen that during installation or after changing network interfaces, they appear in reverse order to the system, leaving the network (LAN/WAN) non functional. This has been fixed. | | * It can happen that during installation or after changing network interfaces, they appear in reverse order to the system, leaving the network (LAN/WAN) non functional. This has been fixed. |
| | | |
| Fixed in e-smith-base-5.6.0-10 | | Fixed in e-smith-base-5.6.0-10 |
| + | |
| + | [[Category:SME Server Releases]] |
| + | [[Category:Release Note]] |