Difference between revisions of "SME Server:10.0Alpha5"

From SME Server
Jump to navigationJump to search
Line 1: Line 1:
 
{{Languages}}
 
{{Languages}}
  
==Koozali SME Server 10 Alpha 3 Release Notes==
+
==Koozali SME Server 10 Alpha 4 Release Notes==
 
These are draft only and are in a constant state of update.  
 
These are draft only and are in a constant state of update.  
  
31 May 2017
+
08 Jan 2019
  
 
The Koozali SME Server development team is pleased to announce the release of
 
The Koozali SME Server development team is pleased to announce the release of
SME Server 10 Alpha 3 which will be the next major release of SME Server.
+
SME Server 10 Alpha 4 which will be the next major release of SME Server.
  
 
This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.
 
This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.
Line 74: Line 74:
 
see above
 
see above
  
===General features===
+
General features
- Based on CentOS 7.2.1511 and all available updates
+
================
 +
- Based on CentOS 7.6.1810 and all available updates
  
===Detailed changes in this release===
+
Detailed changes in this release
Only the changes since SME Server 10 Alpha2 are listed, mainly
+
=======================
 +
Only the changes since SME Server 10 Alpha3 are listed, mainly
 
autogenerated from the changelogs.
 
autogenerated from the changelogs.
  
Line 86: Line 88:
 
Backups
 
Backups
  
e-smith-backup
+
# e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme
* fixed bug on the dar catalog when backups are not added in it [SME: 9563]
+
- added patch for workstation backup lock [SME: 9127]
Added e-smith-backup-2.6.0.bz9563.UpdateDarCatalogFollowingBackups.patch
+
- code from Stefano Zamboni <zamboni at mind-at-work.it>
Remove the dar exclusion message in the email if there is no exclusion.
 
* Modified e-smith-backup-2.6.0.Do_Dar_Exclusion.patch [SME: 9633]
 
Added two commented files backup.{include,exclude} in /etc/backup-data.d
 
* Modified e-smith-backup-2.6.0.Add_Or_Remove_Path_In_Backup.patch [SME: 9607]
 
Add or remove path in your backup by a file *.include and *.exclude
 
* Added e-smith-backup-2.6.0.Add_Or_Remove_Path_In_Backup.patch [SME: 9607]
 
Test if the remote host (cifs/nfs) is up, else save and display a warning.
 
* Added e-smith-backup-2.6.0.bz9090.Testing_the_remote_host_parameters.patch [SME: 9090]
 
* The 'tar backup to desktop' of the backup panel takes consideration of exclusion
 
* Added e-smith-backup-2.6.0.Do_Tar_Exclusion_In_Panel.patch [SME: 9635]
 
The 'dar workstation backup' of the backup panel takes consideration of exclusion
 
* Added e-smith-backup-2.6.0.Do_Dar_Exclusion.patch [SME: 9633]
 
* The 'tar backup' of the console takes consideration of exclusion and display a page with the exclusion content
 
e-smith-backup-2.6.0.Do_Tar_Exclusion_In_the_console.patch [SME: 9635]
 
  
 
File Server
 
File Server
  
e-smith-proftpd
+
# e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
* fix typos [SME: 6804]
+
- fix typo in  /server-resources/regedit/win10samba.reg  [SME: 10515]
set default as required
 
NB: client must be set as active connection, not passive
 
updated patch for certificate chain
 
Thanks to Daniel Berteaud
 
- Adding TLS support to proftp configuration [SME: 6804]
 
default is enabled but not required, only TLSv1.1 and v1.2
 
  
e-smith-samba
+
# samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
* add systemd skip redirect [SME: 9688]
+
# samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
* Fix deprecated syntax '~' in rsyslog [SME: 9398]
+
# samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
added e-smith-samba-2.6.0.bz9398.DeprecatedRsyslogSyntaxSamba.patch
+
# samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
 +
# samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
 +
# samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
 +
# samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to
 +
4.6.2-12.4.el7.sme
 +
# samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
 +
# samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
 +
# samba-winbind-modules updated from 4.4.4-14.6.el7.sme to
 +
4.6.2-12.4.el7.sme
 +
# samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
 +
# samba-winbind-clients updated from 4.4.4-14.6.el7.sme to
 +
4.6.2-12.4.el7.sme
 +
# libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
 +
# samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
 +
# libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
 +
# samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
 +
- import 4.6.2-12 [SME: 10429]
 +
- change gnutls-devel >= 3.4.7 to gnutls-devel to allow build
 +
- import to SME the two last upstream releases [SME: 10326]
 +
- resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275
 +
- resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163
 +
- resolves: #1484423 - Require at least krb5 version 1.15.1
 +
- resolves: #1484713 - Fix password changes for users via smbpasswd
 +
- resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO
 +
                        returned errors
 +
- resolves: #1481188 - Fix 'net ads changetrustpw'
 +
- resolves: #1459936 - Fix regression with "follow symlinks = no"
 +
- resolves: #1461336 - Fix smbclient username parsing
 +
- resolves: #1460937 - Fix username normalization with winbind
 +
- resolves: #1459179 - Fix smbclient session setup printing
 +
- related: #1277999 - Add missing patchset
 +
- resolves: #1431986 - Fix expand_msdfs VFS module
  
proftpd
+
LDAP
* Properly allocate (and clear) the UMAC contexts, to fix segfault in mod_sftp
+
 
(#1420365, upstream bug 4287)
+
Localisation
* Update to 1.3.5d
+
 
Support OpenSSL 1.1.x API (upstream bug 4275)
+
# smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme
 +
- apply locale 2018-12-14 patch
 +
- apply locale 2017-12-02 patch
 +
 
 +
Mail Server
  
Bug fixes:
+
# clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme
* SSH rekey during authentication can cause issues with clients
+
- Update to 0.100.2 [SME: 10578]
(upstream bug 4254)
 
* Recursive SCP uploads of multiple directories not handled properly
 
(upstream bug 4257)
 
* LIST returns different results for file, depending on path syntax
 
(upstream bug 4259)
 
* "AuthAliasOnly on" in server config breaks anonymous logins
 
(upstream bug 4255)
 
- CapabilitiesEngine directive not honored for <IfUser>/<IfGroup> sections
 
(upstream bug 4272)
 
* Memory leak when mod_facl is used (upstream bug 4278)
 
* All FTP logins treated as anonymous logins again (upstream bug 4283,
 
regression in 1.3.5c of upstream bug 3307)
 
* Handle client/server version skew in mod_sql_mysql
 
(https://forums.proftpd.org/smf/index.php?topic=11887.0)
 
* Fix a possible cause of segfaults in mod_sftp (#1337880, upstream bug 4203)
 
* See if we can fix crash in mod_lang
 
http://bugs.proftpd.org/show_bug.cgi?id=4206
 
https://retrace.fedoraproject.org/faf/reports/10744/
 
* BR: perl-generators for correct dependencies in utils sub-package
 
* Prefer %global over %define
 
  
LDAP
+
# e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme
 +
- fix undefined fqdn for pop3 [SME: 10257]
  
e-smith-ldap
+
# qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme
* systemd skip redirect [SME: 9688]
+
- add support to force spamcheck on specific IP for fetchmail [SME: 10290]
Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
 
by assuming the date is correct and changing the weekday.
 
  
Localisation
+
# smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme
 +
- add forcespamcheck support for fetchmail [SME: 10290]
 +
- Log DMARC reporting in syslog instead of sending email to the admin.
 +
  Also suppress SSL connection failed warnings [SME: 10298]
  
smeserver-locale
+
# djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme
* updated donate patch to correct location https://wiki.koozali.org/Donate [SME: 9595]
+
- improve short ttl cname resolution and glueless answer from akadns
applied smeserver-locale-2.6.0-locale-2017-03-03
+
[SME: 8362]
Added translations smeserver-locale-2.6.0-locale-2016-07-17.patch
+
- 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set
fix wrongly converted http to https in
+
QUERY_MAXLOOP 160
URL starting with http:// or ftp://
+
--import patches from openwrt and rename already applied patches
* fix path to documentations (wiki) [SME: 9595]
+
--fix security issues [SME: 10374]
convert all koozali url to https
+
- 020-dnsroots-update.patch: update list of root DNS servers
* change http://www.smeserver.org\donate to https://wiki.koozali.org/donate [SME: 9595]
+
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch
Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
+
dns_transmit-bug.patch
by assuming the date is correct and changing the weekday.
+
- 080-dnscache-cache-negatives.patch: rfc2308 ?
* change contribs.org to koozali.org [SME: 9595]
+
- 210-dnscache-strict-forwardonly.patch: rename previous patch
 +
dnscache-strict-forwardonly.patch
 +
- 240-tinydns-alias-chain-truncation.patch: rename previous patch
 +
tinydns-alias-chain-truncation.patch
 +
- 270-dnscache-sigpipe-fix.patch: SIGPIPE
 +
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
 +
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
 +
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
 +
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191
 +
http://marc.info/?l=djbdns&m=134190748729079&w=2
 +
--bug fixes [SME: 10374]
 +
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512
 +
bytes UDP packets
 +
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid
 +
publishing false dns records
 +
--fix issue with short ttl cname like akamaid [SME: 8362]
 +
- 200-dnscache-cname-handling.patch: rename previous patch
 +
dnscache-cname-handling.patch
 +
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
 +
- 500-cutom-dnscache-maxloop.patch: set max loop to 200
 +
--needed for previous patches to apply cleanly
 +
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get
 +
decompose SRC and PTR records (for 230-*.patch)
 +
- 050-tinydns-mmap-leak.patch: report cdb leak
 +
- 080-dnscache-cache-negatives.patch: rfc2308 ?
 +
- 090-tinydns-one-second.patch: improve tinydns with 8 or more
 +
concurent connections (for 240-*.patch)
 +
- 120-compiler-temporary-filename.patch: change tmp filename to avoid
 +
conflicts (for 230-*.patch)
  
Mail Server
+
# smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme
 +
- disable auto_learn by default when enabling Bayes [SME: 8160]
 +
- added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and
 +
BayesAutoLearnThresholdNonSpam
  
e-smith-email
+
# e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
* fix webmail status not displaying correctly in manager [SME: 9594]
+
- Update aliases files for every groups passed as argument [SME: 10386]
* More change from smtpd to qpsmtpd in masq templates [SME: 9561]
 
* Replace smtpd with qpsmtpd in smtp-auth-proxy [SME: 9554]
 
e-smith-qmail
 
* Add possibility to exclude users or members of other groups from group
 
email address [SME: 9523]
 
qmail
 
* Consider literla <> as null sender [SME: 9884]
 
qpsmtpd
 
* Removed Message-Id validation, as it rejects MS account validation email [SME: 10139]
 
* fix whitelist plugin to support helo with naughty rejecting at mail stage [SME: 10112]
 
* Validate domains found in uribl with Data::Validate::Domain [SME: 9467]
 
* Use eval to fetch dkim policies, prevent fatal errors in case of DNS
 
timeout [SME: 9480]
 
* Remove karma rcpt handling (buggy and doesn't make a lot of sense)
 
[SME: 9462]
 
qpsmtpd-plugins
 
* remove whitelit_soft [SME: 10126]
 
smeserver-qpsmtpd
 
* Turn SPF and DMARC rejects off by default [SME: 9664]
 
* Fix disabling DMARC reporting [SME: 9206]
 
* Add missing tnef2mime and MaximumDateOffset to qpsmtpd [SME: 9560]
 
  
 
Server manager
 
Server manager
  
e-smith-manager
 
* fix bad redirection parameter that might reveal session information to remote site [SME: 9924]
 
* added missing template-begin for tkt.css [SME: 9676]
 
* Update server-manager to Koozali branding [SME: 9676]
 
We thanks John Crisp for his wonderful work.
 
* change link for donation to koozali.org [SME: 9599]
 
* Fix syntax for removing Indexes options [SME: 9587]
 
* Remove index option for manager's resources [SME: 9587]
 
* fix 307 redirection to http when https is used [SME: 8825] [SME: 9583]
 
update syntaxe for TKT Auth
 
bump 8 for typo
 
* Fix a syntax error in server-manager's logout script [SME: 9527]
 
 
php
 
php
* bz2: fix improper error handling in bzread() CVE-2016-5399- gd: fix integer overflow in _gd2GetHeader() resulting in heap overflow CVE-2016-5766
+
- load openssl configuration file on startup #1408301
* gd: fix integer overflow in gdImagePaletteToTrueColor()
+
- gd: fix buffer over-read into uninitialized memory CVE-2017-7890
resulting in heap overflow CVE-2016-5767
+
- fix php should provide php(httpd) #1215429
* mbstring: fix double free in _php_mb_regex_ereg_replace_exec
+
- fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010
CVE-2016-5768
+
default value is "yes", preserving previous behaviour
don't set environmental variable based on user supplied Proxy
+
- openssl: fix default_socket_timeout does not work with SSL #1378196
request header CVE-2016-5385
+
- gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167
* fix segmentation fault in header_register_callback #1344578
+
- gd: Signed Integer Overflow gd_io.c CVE-2016-10168
* curl: add options to enable TLS #1291667
+
 
* mysqli: fix segfault in mysqli_stmt::bind_result() when
+
Webmail and Groupware
link is closed #1096800
 
* fpm: fix incorrectly defined SCRIPT_NAME variable when
 
using Apache #1138563
 
* core: fix segfault when a zend_extension is loaded twice #1289457
 
* openssl: change default_md algo from MD5 to SHA1 #1073388
 
* wddx: fix segfault in php_wddx_serialize_var #1131979
 
* session: fix segfault in session with rfc1867 #1297179
 
  
 
Web Server
 
Web Server
  
e-smith-php
+
Other fixes and updates
* clean daily session and tmp folders [SME: 9626]
+
 
updated path for ibays' session and tmp folders to /var/cache
+
# e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme
* add tmp folder to ibays [SME: 7011]
+
- icleaning xinetd.conf fragment out of the package [SME: 10219]
* add session folder to ibays [SME: 9620]
+
- revert previous change - wrong package
* change global session folder from /tmp to /var/lib/php/session/ [SME: 139]
+
- added post transaction rule for ntp [SME: 10190]
 +
- thank you to Stefano Zamboni for this work
  
Other fixes and updates
+
# smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme
 +
- add yum-plugin-post-transaction-actions as requirement [SME: 1100]
 +
 
 +
# e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
 +
- ease update of e-smith-devtools on non SME builders [SME: 10536]
 +
 
 +
# smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme
 +
- exclude libtevent,python-tevent from base and updates to avoid
 +
conflict with localy build version of samba [SME: 10573]
 +
- add back perl(LWP::Protocol::https) support  [SME: 10516]
 +
- upstream samba packages were not all excluded [SME: 10428]
  
e-smith-base
+
# e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
* Use ip route syntax to define routes to local network [SME: 10083]
+
- added post transaction rule for ntp [SME: 10190]
* Allow /32 masks on the external interface, in which case we don't
+
- thank you to Stefano Zamboni for this work
check if the gateway is on the correct network) [SME: 9610]
 
* fix config db locale property [SME: 9724]
 
* adapt e-smith service command to systemd [SME: 9672]
 
* add systemd skip redirect to e-smith-service [SME: 9688]
 
* fix broken link /etc/init.d/supervise/local link [SME: 9687]
 
* fix mysqld to mariadb [SME: 9438]
 
* fix missing path to chkconfig [SME: 9641]
 
* Fix deprecated syntax '*' in rsyslog [SME: 9398]
 
Added e-smith-base-5.8.0.bz9398.DeprecatedRsyslogSyntax.patch
 
* Set the hostname by hostnamectl [SME: 9631]
 
Stefano Zamboni <zamboni@mind-at-work.it>
 
* fix Lang and keyboard layout configured are not used [SME: 9539]
 
* Fix display of email forward fields since smtpd entry has been merged
 
qpsmtpd [SME: 9552]
 
e-smith-devtools
 
* Quote filenames in genfilelist so filenames containing spaces are correctly
 
handled [SME: 9750]
 
e-smith-grub
 
* Koozali grub splash screen
 
Write the full path for the grub Action [SME: 9668]
 
* Added e-smith-grub-2.6.1.bz9668.AddFullPath2GrubAction.patch
 
New source [SME: 9321]
 
* Adaptation to grub2 [SME: 9321]
 
-smith-hosts
 
* fix servicename syslog to rsylog [SME: 9691]
 
* Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
 
by assuming the date is correct and changing the weekday.
 
* fix mysqld to mariadb [SME: 9438]
 
e-smith-ibays
 
* fix typo thanks to Stephane de Labrusse [SME: 7011]
 
ibay to ibays
 
* as per comment 2 of bug 0600 instead of 0700 for perms [SME: 9621]
 
* as discussed, moving cache and tmp out of ibay folder [SME: 9105] [SME: 9621]
 
creating basedir /var/cache/e-smith/files/ibays for tmp and cache
 
* create tmp folder in ibays when needed [SME: 9105]
 
* create session folder in ibays when needed [SME: 9621]
 
* Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
 
by assuming the date is correct and changing the weekday.
 
e-smith-lib
 
* fix console startup display [SME: 9352]
 
* fix service name syslog to rsyslog [SME: 9691]
 
* fix mysqld to mariadb [SME: 9438]
 
* Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
 
by assuming the date is correct and changing the weekday.
 
* fix esmith::util::serviceControl to manage systemd service [SME: 9660]
 
Added e-smith-lib-2.6.0.bz9660.serviceControlSystemd.patch
 
e-smith-mysql
 
* systemd skip redirect [SME: 9688]
 
* Corrected a typo in e-smith-mysql-2.6.0.bz9671.RemoveDummyMysqlDatabase.patch
 
[SME: 9671]
 
* fix broken link /etc/init.d/supervise/mariadb [SME: 9686]
 
* Remove Dummy database from backup and restoration [SME: 9671]
 
* Added e-smith-mysql-2.6.0.bz9671.RemoveDummyMysqlDatabase.patch
 
fix forgotten mysqld variables in various scripts [SME: 9438]
 
* e-smith-mysql-2.6.0-mariadb_forgotten_var.patch
 
e-smith-ntp
 
-*fix wrong link to restart rsyslog [SME: 9690]
 
e-smith-proxy
 
* Allow custom file descriptor limit, and set default to 4096 [SME: 9912]
 
e-smith-runit
 
* add systemd skip redirect [SME: 9688]
 
e-smith-test
 
* fix servicename syslog to rsyslog [SME: 9691]
 
* fix mysqld to mariadb [SME: 9438]
 
initscripts
 
* rhel-import-state: fix broken order of parameters
 
* import-state: copy just some attributes
 
* functions: systemctl show now returns an error when unit does not exist
 
* import-state: restore also sensitivity part of SELinux context
 
* network: run after network-pre.target
 
* ifup-eth: fix setting preferred_lft and valid_lft
 
* ipv6: wait for all global IPv6 addresses to leave the "tentative" state
 
* source_config: tell NetworkManger to load ifcfg file even for NM_CONTROLLED=no
 
* ifup-aliases: inherit ARPCHECK from parent device
 
* rhel-dmesg: don't start in containers
 
* ifup-eth: fix typo in error message (#1038776)
 
* sysctl.conf: steal comments about /usr,/etc,... from fedora's sysctl.conf
 
* rwtab: /var/lib/nfs needs to copy the files
 
* functions: improve killing loops
 
* ipcalc: detect invalid mask
 
* ifup: set valid_lft and preferred_lft to forever for static ip
 
* service: use systemd mangle for given service
 
* ifup-post: check resolve.conf also with DNS2
 
* ifdown-post: remove resolv.conf only in specific cases
 
* spec: ghost /var/log/dmesg
 
* network-functions: is_available_wait should wait even in the case that is_available returns 2
 
* autorelabel: turn quota off before relabeling
 
* autorelabel: call dracut-initramfs-restore before forced reboot
 
mod_auth_tkt
 
* fix redirection when proxy ssl [SME: 8825] [SME: 9583]
 
smeserver-release
 
* Bump new rpm for sme10 alpha2
 
* Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
 
by assuming the date is correct and changing the weekday.
 
smeserver-support
 
* fix hover color [SME: 9676]
 
* Koozali branding of manager [SME: 9676]
 
new images in archive; removed old images from cvs
 
updated some css smeserver-support-2.8.0-koozali_manager.patch
 
* reverting partly the changes in last patch [SME: 9598]
 
wrong catch of proxy related url with the http to https changes
 
thank to Charlie Brady for reporting
 
* Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
 
by assuming the date is correct and changing the weekday.
 
* update links to koozali.org [SME: 9598]
 
* Template of os-release [SME: 9580]
 
smeserver-yum
 
* add Remi Collet RPM GPG KEY [SME: 9903]
 
* Rpm updates can be downloaded during the night [SME: 1502]
 
Added smeserver-yum-2.6.0.bz1502.DownloadOnly.patch
 
Deltarpm is now a setting in the yum panel (disabled by default)
 
* Added smeserver-yum-2.6.0.bz8834.DeltaRpm.patch [SME: 8834]
 
jun 14 2016 stephane de Labrusse <stephdl@de-labrusse.fr> 2.8.0-6.sme
 
* Template of os-release [SME: 9580]
 
  
===General features===
+
# e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
----------------
+
- Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang)
- Based on CentOS 7.# and all available updates
+
  [SME: 10445]
  
- On behalf of the Koozali SME Server development team
+
On behalf of the Koozali SME Server development team
- Compilation of release data is thanks to Ian Wells
+
- Compilation of release data is thanks to Ian Wells and Jean Phillipe Pialasse
  
 
[[Category:SME Server Releases]]
 
[[Category:SME Server Releases]]
 
[[Category:Release Note]]
 
[[Category:Release Note]]

Revision as of 20:01, 19 February 2019


Koozali SME Server 10 Alpha 4 Release Notes

These are draft only and are in a constant state of update.

08 Jan 2019

The Koozali SME Server development team is pleased to announce the release of SME Server 10 Alpha 4 which will be the next major release of SME Server.

This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.

Koozali SME Server users should not upgrade production servers to this release but those who can are encouraged to load the alpha to a dedicated test machine and take part in the testing phase.

Some notes on Koozali SME Server 10 can be found at https://wiki.contribs.org/SME_Server_10.0_Development

Bug reports and reports of potential bugs should be raised in the bug tracker (and only there, please);

   https://bugs.koozali.org/


The Koozali SME Server project

The Koozali Foundation Inc. is a nonprofit corporation that governs the open source Koozali SME Server project. Koozali SME Server is a stable, secure and easy to use/manage linux server that provides common server functionalities out of the box. Many open source contributions are available that can extend the default server functionality making Koozali SME Server an even more powerful and flexible business server solution. Thousands of Koozali SME Severs have been deployed as real or virtual servers and in the cloud to serve many small to medium enterprises, and this number is growing day by day. The Koozali SME Server is free to use but it takes a lot of effort and money to develop, make, and maintain. We therefore ask you for your considerations.

Volunteering

Koozali Foundation Inc. together with its community hosted at https://contribs.org is a collaborative effort of volunteers. You too can contribute to the development and continuity of the Koozali SME Server project as described on our volunteering page. Everybody is welcome to join the already 4000+ member contribs.org community and can contribute with any skill set.

Financial donations

You can also show your support by making financial donations. The preferred way to make financial donations is using the donate option in the forums. You are free to choose any amount and frequency, being monthly, yearly or only once. The benefit of donating through your forums account is that your forum user name will receive a badge, showing your donation status. If you do not have a forum account, you can create one, or select the below PayPal option to make your donations.

Commercial usage

Organizations that use Koozali SME Server for their business, provide professional services related to SME Server or in any other way benefit commercially from the Koozali SME Server project, are kindly requested to consider regular financial donations that reflect their business benefits.

Koozali Foundation Inc. is happy to supply an invoice for any donations received. For more information on invoicing please send a mail to treasurer@koozali.org.

Thank you for your considerations and support!

Download

You can download SME Server 10 from https://mirror.koozali.org/smeserver/releases/testing/10/ or for other methods see https://wiki.koozali.org/SME_Server:Download

Please note it may take up to 48 hours for mirrors to finish syncing, during this time you may experience problems.

About SME Server

SME Server is the leading Linux distribution for small and medium enterprises. SME Server is brought to you by Koozali Foundation, Inc., a non-profit corporation that exists to provide marketing and legal support for SME Server.

SME Server is freely available under the GNU General Public License and is only possible through the efforts of the SME Server community.

However, the availability and quality of SME Server is dependent on meeting our expenses, such as hosting costs, server hardware, etc.

As such, we ask for a donation to offset costs and fund further development.

a) If you are a school, a church, a non-profit organisation or an individual using SME Server for private purposes, we would appreciate you to contribute within your means toward the costs associated with hosting, maintenance and development.

b) If you are a company or an integrator and you are deploying SME Server in the course of your work to generate revenue, we expect you to make a donation commensurate with the level of revenue you generate and the number of servers your have in the field. Please, help the project

Please visit https://wiki.koozali.org/Donate to donate.

Koozali Inc is happy to supply an invoice for any donations received, simply email treasurer@koozali.org

Notes

In-place upgrades are not supported. It is necessary to backup and then restore. (Remember, testing purpose only)

The spare handling for RAID arrays is not implemented as yet.

USB installs are not supported in this release, see Bug 10632

Current installer is still branded CentOS. A kickstart script allows you to go through the graphical installation process. If your disk is not empty, you will need to use the Anaconda interface to format it and partition it. If it is empty all is automatic. You will have to set your root password during the Koozali SME server configuration process.

Major changes in this release

This release is based on CentOS 7

Changes in this release

see above

General features

====

- Based on CentOS 7.6.1810 and all available updates

Detailed changes in this release

===========

Only the changes since SME Server 10 Alpha3 are listed, mainly autogenerated from the changelogs.

Packages altered by Centos, Redhat, and Fedora-associated developers are not included.

Backups

  1. e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme

- added patch for workstation backup lock [SME: 9127] - code from Stefano Zamboni <zamboni at mind-at-work.it>

File Server

  1. e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme

- fix typo in /server-resources/regedit/win10samba.reg [SME: 10515]

  1. samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  2. samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  3. samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  4. samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  5. samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  6. samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  7. samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to

4.6.2-12.4.el7.sme

  1. samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  2. samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  3. samba-winbind-modules updated from 4.4.4-14.6.el7.sme to

4.6.2-12.4.el7.sme

  1. samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  2. samba-winbind-clients updated from 4.4.4-14.6.el7.sme to

4.6.2-12.4.el7.sme

  1. libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  2. samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  3. libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
  4. samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme

- import 4.6.2-12 [SME: 10429] - change gnutls-devel >= 3.4.7 to gnutls-devel to allow build - import to SME the two last upstream releases [SME: 10326] - resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275 - resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 - resolves: #1484423 - Require at least krb5 version 1.15.1 - resolves: #1484713 - Fix password changes for users via smbpasswd - resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO

                       returned errors

- resolves: #1481188 - Fix 'net ads changetrustpw' - resolves: #1459936 - Fix regression with "follow symlinks = no" - resolves: #1461336 - Fix smbclient username parsing - resolves: #1460937 - Fix username normalization with winbind - resolves: #1459179 - Fix smbclient session setup printing - related: #1277999 - Add missing patchset - resolves: #1431986 - Fix expand_msdfs VFS module

LDAP

Localisation

  1. smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme

- apply locale 2018-12-14 patch - apply locale 2017-12-02 patch

Mail Server

  1. clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme

- Update to 0.100.2 [SME: 10578]

  1. e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme

- fix undefined fqdn for pop3 [SME: 10257]

  1. qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme

- add support to force spamcheck on specific IP for fetchmail [SME: 10290]

  1. smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme

- add forcespamcheck support for fetchmail [SME: 10290] - Log DMARC reporting in syslog instead of sending email to the admin.

  Also suppress SSL connection failed warnings [SME: 10298]
  1. djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme

- improve short ttl cname resolution and glueless answer from akadns [SME: 8362] - 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set QUERY_MAXLOOP 160 --import patches from openwrt and rename already applied patches --fix security issues [SME: 10374] - 020-dnsroots-update.patch: update list of root DNS servers - 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch - 080-dnscache-cache-negatives.patch: rfc2308 ? - 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch - 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch - 270-dnscache-sigpipe-fix.patch: SIGPIPE - 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858 - 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392 - 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392 - 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2 --bug fixes [SME: 10374] - 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets - 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records --fix issue with short ttl cname like akamaid [SME: 8362] - 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch - 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl - 500-cutom-dnscache-maxloop.patch: set max loop to 200 --needed for previous patches to apply cleanly - 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch) - 050-tinydns-mmap-leak.patch: report cdb leak - 080-dnscache-cache-negatives.patch: rfc2308 ? - 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch) - 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)

  1. smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme

- disable auto_learn by default when enabling Bayes [SME: 8160] - added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and BayesAutoLearnThresholdNonSpam

  1. e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme

- Update aliases files for every groups passed as argument [SME: 10386]

Server manager

php - load openssl configuration file on startup #1408301 - gd: fix buffer over-read into uninitialized memory CVE-2017-7890 - fix php should provide php(httpd) #1215429 - fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010 default value is "yes", preserving previous behaviour - openssl: fix default_socket_timeout does not work with SSL #1378196 - gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167 - gd: Signed Integer Overflow gd_io.c CVE-2016-10168

Webmail and Groupware

Web Server

Other fixes and updates

  1. e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme

- icleaning xinetd.conf fragment out of the package [SME: 10219] - revert previous change - wrong package - added post transaction rule for ntp [SME: 10190] - thank you to Stefano Zamboni for this work

  1. smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme

- add yum-plugin-post-transaction-actions as requirement [SME: 1100]

  1. e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme

- ease update of e-smith-devtools on non SME builders [SME: 10536]

  1. smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme

- exclude libtevent,python-tevent from base and updates to avoid conflict with localy build version of samba [SME: 10573] - add back perl(LWP::Protocol::https) support [SME: 10516] - upstream samba packages were not all excluded [SME: 10428]

  1. e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme

- added post transaction rule for ntp [SME: 10190] - thank you to Stefano Zamboni for this work

  1. e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme

- Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang)

  [SME: 10445]

On behalf of the Koozali SME Server development team - Compilation of release data is thanks to Ian Wells and Jean Phillipe Pialasse