SME Server:10.0Alpha5

From SME Server
Revision as of 08:35, 4 April 2017 by Trex (talk | contribs) (Gemneral formatting)
Jump to navigation Jump to search

Koozali SME Server 10 Alpha 2 Release Notes - These are draft only and are in a constat state of update.

12 March 2017

The Koozali SME Server development team is pleased to announce the release of SME Server 10 Alpha 2 which will be the next major release of SME Server.

This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.

Koozali SME Server users should not upgrade production servers to this release but those who can are encouraged to load the alpha to a dedicated test machine and take part in the testing phase.

Some notes on Koozali SME Server 10 can be found at https://wiki.contribs.org/SME_Server_10.0_Development

Bug reports and reports of potential bugs should be raised in the bug tracker (and only there, please);

   https://bugs.koozali.org/

Download

You can download SME Server 10 from https://mirror.koozali.org/smeserver/releases/testing/10/ or for other methods see https://wiki.koozali.org/SME_Server:Download

Please note it may take up to 48 hours for mirrors to finish syncing, during this time you may experience problems.

About SME Server

SME Server is the leading Linux distribution for small and medium enterprises. SME Server is brought to you by Koozali Foundation, Inc., a non-profit corporation that exists to provide marketing and legal support for SME Server.

SME Server is freely available under the GNU General Public License and is only possible through the efforts of the SME Server community.

However, the availability and quality of SME Server is dependent on meeting our expenses, such as hosting costs, server hardware, etc.

As such, we ask for a donation to offset costs and fund further development.

a) If you are a school, a church, a non-profit organisation or an individual using SME Server for private purposes, we would appreciate you to contribute within your means toward the costs associated with hosting, maintenance and development.

b) If you are a company or an integrator and you are deploying SME Server in the course of your work to generate revenue, we expect you to make a donation commensurate with the level of revenue you generate and the number of servers your have in the field. Please, help the project

Please visit https://wiki.koozali.org/Donate to donate.

Koozali Inc is happy to supply an invoice for any donations received, simply email treasurer@koozali.org

Notes

In-place upgrades are not supported. It is necessary to backup and then restore. (Remember, testing purpose only)

The spare handling for RAID arrays is not implemented.

USB installs are now supported, see: https://wiki.koozali.org/Install_From_USB

Current installer is still branded CentOS. A kickstart script allow to go through the graphical installation process. If your disk is not empty, you will need to use the Anaconda interface to format it and partition it. If it is empty all is automatic. You will have to set twice your root password: one during Anaconda installation (you could use a lame password), a second time in the Koozali SME server configuration process.

Major changes in this release

This release is based on CentOS 7

Changes in this release

see above

General features

- Based on CentOS 7.2.1511 and all available updates

Detailed changes in this release

Only the changes since SME Server 10 Alpha1 are listed, mainly autogenerated from the changelogs.

Packages altered by Centos, Redhat, and Fedora-associated developers are not included.

Backups

e-smith-backup

  • fixed bug on the dar catalog when backups are not added in it [SME: 9563]

Added e-smith-backup-2.6.0.bz9563.UpdateDarCatalogFollowingBackups.patch Remove the dar exclusion message in the email if there is no exclusion.

  • Modified e-smith-backup-2.6.0.Do_Dar_Exclusion.patch [SME: 9633]

Added two commented files backup.{include,exclude} in /etc/backup-data.d

  • Modified e-smith-backup-2.6.0.Add_Or_Remove_Path_In_Backup.patch [SME: 9607]

Add or remove path in your backup by a file *.include and *.exclude

  • Added e-smith-backup-2.6.0.Add_Or_Remove_Path_In_Backup.patch [SME: 9607]

Test if the remote host (cifs/nfs) is up, else save and display a warning.

  • Added e-smith-backup-2.6.0.bz9090.Testing_the_remote_host_parameters.patch [SME: 9090]
  • The 'tar backup to desktop' of the backup panel takes consideration of exclusion
  • Added e-smith-backup-2.6.0.Do_Tar_Exclusion_In_Panel.patch [SME: 9635]

The 'dar workstation backup' of the backup panel takes consideration of exclusion

  • Added e-smith-backup-2.6.0.Do_Dar_Exclusion.patch [SME: 9633]
  • The 'tar backup' of the console takes consideration of exclusion and display a page with the exclusion content

e-smith-backup-2.6.0.Do_Tar_Exclusion_In_the_console.patch [SME: 9635]

File Server

e-smith-proftpd

  • fix typos [SME: 6804]

set default as required NB: client must be set as active connection, not passive updated patch for certificate chain Thanks to Daniel Berteaud - Adding TLS support to proftp configuration [SME: 6804] default is enabled but not required, only TLSv1.1 and v1.2

e-smith-samba

  • add systemd skip redirect [SME: 9688]
  • Fix deprecated syntax '~' in rsyslog [SME: 9398]

added e-smith-samba-2.6.0.bz9398.DeprecatedRsyslogSyntaxSamba.patch

proftpd

  • Properly allocate (and clear) the UMAC contexts, to fix segfault in mod_sftp

(#1420365, upstream bug 4287)

  • Update to 1.3.5d

Support OpenSSL 1.1.x API (upstream bug 4275)

Bug fixes:

  • SSH rekey during authentication can cause issues with clients

(upstream bug 4254)

  • Recursive SCP uploads of multiple directories not handled properly

(upstream bug 4257)

  • LIST returns different results for file, depending on path syntax

(upstream bug 4259)

  • "AuthAliasOnly on" in server config breaks anonymous logins

(upstream bug 4255) - CapabilitiesEngine directive not honored for <IfUser>/<IfGroup> sections (upstream bug 4272)

  • Memory leak when mod_facl is used (upstream bug 4278)
  • All FTP logins treated as anonymous logins again (upstream bug 4283,

regression in 1.3.5c of upstream bug 3307)

  • Handle client/server version skew in mod_sql_mysql

(https://forums.proftpd.org/smf/index.php?topic=11887.0)

  • Fix a possible cause of segfaults in mod_sftp (#1337880, upstream bug 4203)
  • See if we can fix crash in mod_lang

http://bugs.proftpd.org/show_bug.cgi?id=4206 https://retrace.fedoraproject.org/faf/reports/10744/

  • BR: perl-generators for correct dependencies in utils sub-package
  • Prefer %global over %define

LDAP

e-smith-ldap

  • systemd skip redirect [SME: 9688]

Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, by assuming the date is correct and changing the weekday. Fri Jun 01 2000 --> Fri May 26 2000 or Thu Jun 01 2000 or Fri Jun 02 2000 or .... Thu Aug 07 2001 --> Thu Aug 02 2001 or Tue Aug 07 2001 or Thu Aug 09 2001 or .... Tue Jun 10 2010 --> Tue Jun 08 2010 or Thu Jun 10 2010 or Tue Jun 15 2010 or ....

Localisation

smeserver-locale

applied smeserver-locale-2.6.0-locale-2017-03-03 Added translations smeserver-locale-2.6.0-locale-2016-07-17.patch fix wrongly converted http to https in URL starting with http:// or ftp://

  • fix path to documentations (wiki) [SME: 9595]

convert all koozali url to https

Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, by assuming the date is correct and changing the weekday. Mon Oct 15 2005 --> Mon Oct 10 2005 or Sat Oct 15 2005 or Mon Oct 17 2005 or .... Wed Oct 30 2005 --> Wed Oct 26 2005 or Sun Oct 30 2005 or Wed Nov 02 2005 or .... Wed Dec 15 2005 --> Wed Dec 14 2005 or Thu Dec 15 2005 or Wed Dec 21 2005 or .... Wed Mar 16 2006 --> Wed Mar 15 2006 or Thu Mar 16 2006 or Wed Mar 22 2006 or .... Thu Oct 17 2008 --> Thu Oct 16 2008 or Fri Oct 17 2008 or Thu Oct 23 2008 or .... Tue Nov 19 2008 --> Tue Nov 18 2008 or Wed Nov 19 2008 or Tue Nov 25 2008 or .... Wed Dec 25 2014 --> Wed Dec 24 2014 or Thu Dec 25 2014 or Wed Dec 31 2014 or ....

  • change contribs.org to koozali.org [SME: 9595]

Mail Server

e-smith-email

  • fix webmail status not displaying correctly in manager [SME: 9594]
  • More change from smtpd to qpsmtpd in masq templates [SME: 9561]
  • Replace smtpd with qpsmtpd in smtp-auth-proxy [SME: 9554]

e-smith-qmail

  • Add possibility to exclude users or members of other groups from group

email address [SME: 9523] qmail

  • Consider literla <> as null sender [SME: 9884]

qpsmtpd

  • Removed Message-Id validation, as it rejects MS account validation email [SME: 10139]
  • fix whitelist plugin to support helo with naughty rejecting at mail stage [SME: 10112]
  • Validate domains found in uribl with Data::Validate::Domain [SME: 9467]
  • Use eval to fetch dkim policies, prevent fatal errors in case of DNS

timeout [SME: 9480]

  • Remove karma rcpt handling (buggy and doesn't make a lot of sense)

[SME: 9462] qpsmtpd-plugins

  • remove whitelit_soft [SME: 10126]

smeserver-qpsmtpd

  • Turn SPF and DMARC rejects off by default [SME: 9664]
  • Fix disabling DMARC reporting [SME: 9206]
  • Add missing tnef2mime and MaximumDateOffset to qpsmtpd [SME: 9560]

Server manager

e-smith-manager

  • fix bad redirection parameter that might reveal session information to remote site [SME: 9924]
  • added missing template-begin for tkt.css [SME: 9676]
  • Update server-manager to Koozali branding [SME: 9676]

We thanks John Crisp for his wonderful work.

  • change link for donation to koozali.org [SME: 9599]
  • Fix syntax for removing Indexes options [SME: 9587]
  • Remove index option for manager's resources [SME: 9587]
  • fix 307 redirection to http when https is used [SME: 8825] [SME: 9583]

update syntaxe for TKT Auth bump 8 for typo

  • Fix a syntax error in server-manager's logout script [SME: 9527]

php

  • bz2: fix improper error handling in bzread() CVE-2016-5399- gd: fix integer overflow in _gd2GetHeader() resulting in heap overflow CVE-2016-5766
  • gd: fix integer overflow in gdImagePaletteToTrueColor()

resulting in heap overflow CVE-2016-5767

  • mbstring: fix double free in _php_mb_regex_ereg_replace_exec

CVE-2016-5768 don't set environmental variable based on user supplied Proxy request header CVE-2016-5385

  • fix segmentation fault in header_register_callback #1344578
  • curl: add options to enable TLS #1291667
  • mysqli: fix segfault in mysqli_stmt::bind_result() when

link is closed #1096800

  • fpm: fix incorrectly defined SCRIPT_NAME variable when

using Apache #1138563

  • core: fix segfault when a zend_extension is loaded twice #1289457
  • openssl: change default_md algo from MD5 to SHA1 #1073388
  • wddx: fix segfault in php_wddx_serialize_var #1131979
  • session: fix segfault in session with rfc1867 #1297179

Web Server

e-smith-php

  • clean daily session and tmp folders [SME: 9626]

updated path for ibays' session and tmp folders to /var/cache

  • add tmp folder to ibays [SME: 7011]
  • add session folder to ibays [SME: 9620]
  • change global session folder from /tmp to /var/lib/php/session/ [SME: 139]

Other fixes and updates

e-smith-base

  • Use ip route syntax to define routes to local network [SME: 10083]
  • Allow /32 masks on the external interface, in which case we don't

check if the gateway is on the correct network) [SME: 9610]

  • fix config db locale property [SME: 9724]
  • adapt e-smith service command to systemd [SME: 9672]
  • add systemd skip redirect to e-smith-service [SME: 9688]
  • fix broken link /etc/init.d/supervise/local link [SME: 9687]
  • fix mysqld to mariadb [SME: 9438]
  • fix missing path to chkconfig [SME: 9641]
  • Fix deprecated syntax '*' in rsyslog [SME: 9398]

Added e-smith-base-5.8.0.bz9398.DeprecatedRsyslogSyntax.patch

  • Set the hostname by hostnamectl [SME: 9631]

Stefano Zamboni <zamboni@mind-at-work.it>

  • fix Lang and keyboard layout configured are not used [SME: 9539]
  • Fix display of email forward fields since smtpd entry has been merged

qpsmtpd [SME: 9552] e-smith-devtools

  • Quote filenames in genfilelist so filenames containing spaces are correctly

handled [SME: 9750] e-smith-grub

  • Koozali grub splash screen

Write the full path for the grub Action [SME: 9668]

  • Added e-smith-grub-2.6.1.bz9668.AddFullPath2GrubAction.patch

New source [SME: 9321]

  • Adaptation to grub2 [SME: 9321]

-smith-hosts

  • fix servicename syslog to rsylog [SME: 9691]
  • Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,

by assuming the date is correct and changing the weekday. Sun Sep 25 2010 --> Sun Sep 19 2010 or Sat Sep 25 2010 or Sun Sep 26 2010 or .... Sun Jan 18 2014 --> Sun Jan 12 2014 or Sat Jan 18 2014 or Sun Jan 19 2014 or ....

  • fix mysqld to mariadb [SME: 9438]

e-smith-ibays

  • fix typo thanks to Stephane de Labrusse [SME: 7011]

ibay to ibays

  • as per comment 2 of bug 0600 instead of 0700 for perms [SME: 9621]
  • as discussed, moving cache and tmp out of ibay folder [SME: 9105] [SME: 9621]

creating basedir /var/cache/e-smith/files/ibays for tmp and cache

  • create tmp folder in ibays when needed [SME: 9105]
  • create session folder in ibays when needed [SME: 9621]
  • Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,

by assuming the date is correct and changing the weekday. Fri Apr 17 2008 --> Fri Apr 11 2008 or Thu Apr 17 2008 or Fri Apr 18 2008 or .... Sat Dec 08 2013 --> Sat Dec 07 2013 or Sun Dec 08 2013 or Sat Dec 14 2013 or .... Sat May 04 2014 --> Sat May 03 2014 or Sun May 04 2014 or Sat May 10 2014 or .... e-smith-lib

  • fix console startup display [SME: 9352]
  • fix service name syslog to rsyslog [SME: 9691]
  • fix mysqld to mariadb [SME: 9438]
  • Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,

by assuming the date is correct and changing the weekday. Sat Dec 25 2005 --> Sat Dec 24 2005 or Sun Dec 25 2005 or Sat Dec 31 2005 or .... Tue Dec 15 2006 --> Tue Dec 12 2006 or Fri Dec 15 2006 or Tue Dec 19 2006 or ....

  • fix esmith::util::serviceControl to manage systemd service [SME: 9660]

Added e-smith-lib-2.6.0.bz9660.serviceControlSystemd.patch e-smith-mysql

  • systemd skip redirect [SME: 9688]
  • Corrected a typo in e-smith-mysql-2.6.0.bz9671.RemoveDummyMysqlDatabase.patch

[SME: 9671]

  • fix broken link /etc/init.d/supervise/mariadb [SME: 9686]
  • Remove Dummy database from backup and restoration [SME: 9671]
  • Added e-smith-mysql-2.6.0.bz9671.RemoveDummyMysqlDatabase.patch

fix forgotten mysqld variables in various scripts [SME: 9438]

  • e-smith-mysql-2.6.0-mariadb_forgotten_var.patch

e-smith-ntp -*fix wrong link to restart rsyslog [SME: 9690] e-smith-proxy

  • Allow custom file descriptor limit, and set default to 4096 [SME: 9912]

e-smith-runit

  • add systemd skip redirect [SME: 9688]

e-smith-test

  • fix servicename syslog to rsyslog [SME: 9691]
  • fix mysqld to mariadb [SME: 9438]

initscripts

  • rhel-import-state: fix broken order of parameters
  • import-state: copy just some attributes
  • functions: systemctl show now returns an error when unit does not exist
  • import-state: restore also sensitivity part of SELinux context
  • network: run after network-pre.target
  • ifup-eth: fix setting preferred_lft and valid_lft
  • ipv6: wait for all global IPv6 addresses to leave the "tentative" state
  • source_config: tell NetworkManger to load ifcfg file even for NM_CONTROLLED=no
  • ifup-aliases: inherit ARPCHECK from parent device
  • rhel-dmesg: don't start in containers
  • ifup-eth: fix typo in error message (#1038776)
  • sysctl.conf: steal comments about /usr,/etc,... from fedora's sysctl.conf
  • rwtab: /var/lib/nfs needs to copy the files
  • functions: improve killing loops
  • ipcalc: detect invalid mask
  • ifup: set valid_lft and preferred_lft to forever for static ip
  • service: use systemd mangle for given service
  • ifup-post: check resolve.conf also with DNS2
  • ifdown-post: remove resolv.conf only in specific cases
  • spec: ghost /var/log/dmesg
  • network-functions: is_available_wait should wait even in the case that is_available returns 2
  • autorelabel: turn quota off before relabeling
  • autorelabel: call dracut-initramfs-restore before forced reboot

mod_auth_tkt

  • fix redirection when proxy ssl [SME: 8825] [SME: 9583]

smeserver-release

  • Bump new rpm for sme10 alpha2
  • Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,

by assuming the date is correct and changing the weekday. Thu Mar 11 2003 --> Thu Mar 06 2003 or Tue Mar 11 2003 or Thu Mar 13 2003 or .... Mon Jun 06 2006 --> Mon Jun 05 2006 or Tue Jun 06 2006 or Mon Jun 12 2006 or .... Tue Dec 02 2013 --> Tue Nov 26 2013 or Mon Dec 02 2013 or Tue Dec 03 2013 or .... smeserver-support

  • fix hover color [SME: 9676]
  • Koozali branding of manager [SME: 9676]

new images in archive; removed old images from cvs updated some css smeserver-support-2.8.0-koozali_manager.patch

  • reverting partly the changes in last patch [SME: 9598]

wrong catch of proxy related url with the http to https changes thank to Charlie Brady for reporting

  • Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,

by assuming the date is correct and changing the weekday. Fri Oct 24 2005 --> Fri Oct 21 2005 or Mon Oct 24 2005 or Fri Oct 28 2005 or .... Sat Oct 25 2005 --> Sat Oct 22 2005 or Tue Oct 25 2005 or Sat Oct 29 2005 or .... Sat Dec 25 2005 --> Sat Dec 24 2005 or Sun Dec 25 2005 or Sat Dec 31 2005 or .... Thu May 23 2006 --> Thu May 18 2006 or Tue May 23 2006 or Thu May 25 2006 or .... Sat Mar 07 2008 --> Sat Mar 01 2008 or Fri Mar 07 2008 or Sat Mar 08 2008 or .... Sat Feb 03 2013 --> Sat Feb 02 2013 or Sun Feb 03 2013 or Sat Feb 09 2013 or ....

  • update links to koozali.org [SME: 9598]
  • Template of os-release [SME: 9580]

smeserver-yum

  • add Remi Collet RPM GPG KEY [SME: 9903]
  • Rpm updates can be downloaded during the night [SME: 1502]

Added smeserver-yum-2.6.0.bz1502.DownloadOnly.patch Deltarpm is now a setting in the yum panel (disabled by default)

  • Added smeserver-yum-2.6.0.bz8834.DeltaRpm.patch [SME: 8834]

jun 14 2016 stephane de Labrusse <stephdl@de-labrusse.fr> 2.8.0-6.sme

  • Template of os-release [SME: 9580]

General features


- Based on CentOS 6.8 and all available updates

Terry Fage


- On behalf of the Koozali SME Server development team - Compilation of release data is thanks to Ian Wells

On behalf of the Koozali SME Server development team