| Line 1: |
Line 1: |
| | {{Languages}} | | {{Languages}} |
| | | | |
| − | ==Koozali SME Server 10 Alpha 4 Release Notes== | + | ==Koozali SME Server 10 Alpha 5 Release Notes== |
| | These are draft only and are in a constant state of update. | | These are draft only and are in a constant state of update. |
| | | | |
| − | 08 Jan 2019
| + | 18 June 2020 |
| | | | |
| | The Koozali SME Server development team is pleased to announce the release of | | The Koozali SME Server development team is pleased to announce the release of |
| − | SME Server 10 Alpha 4 which will be the next major release of SME Server. | + | SME Server 10 Alpha 5 which will be the next major release of SME Server. |
| | | | |
| | This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. | | This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024. |
| Line 18: |
Line 18: |
| | | | |
| | https://bugs.koozali.org/ | | https://bugs.koozali.org/ |
| | + | |
| | + | We run a Rocket Chat instance where we discuss development among other things. It is closed to general registration, but please ask for a login in the forums. Anyone can come and talk to us and find out to how to help test. |
| | | | |
| | {{Donate}} | | {{Donate}} |
| Line 64: |
Line 66: |
| | The spare handling for RAID arrays is not implemented as yet. | | The spare handling for RAID arrays is not implemented as yet. |
| | | | |
| − | USB installs are not supported in this release, see Bug 10632 | + | USB installs are now supported, see: |
| | + | https://wiki.koozali.org/Install_From_USB |
| | + | |
| | + | Netinstall is now fully supported |
| | + | |
| | + | Install to a UEFI system is now fully supported |
| | + | |
| | + | Handling of USB drives for back anbd restore from the console is now |
| | + | resolved. |
| | | | |
| | Current installer is still branded CentOS. A kickstart script allows you to go through the graphical installation process. If your disk is not empty, you will need to use the Anaconda interface to format it and partition it. If it is empty all is automatic. You will have to set your root password during the Koozali SME server configuration process. | | Current installer is still branded CentOS. A kickstart script allows you to go through the graphical installation process. If your disk is not empty, you will need to use the Anaconda interface to format it and partition it. If it is empty all is automatic. You will have to set your root password during the Koozali SME server configuration process. |
| Line 72: |
Line 82: |
| | | | |
| | ===Changes in this release=== | | ===Changes in this release=== |
| − | see above
| + | See full Release Notes - [https://lists.contribs.org/pipermail/updatesannounce/2020-June/000472.html Release Notes Koozali SME10 Alpha 5] |
| − | | |
| − | General features
| |
| − | ================
| |
| − | - Based on CentOS 7.6.1810 and all available updates | |
| − | | |
| − | Detailed changes in this release
| |
| − | =======================
| |
| − | Only the changes since SME Server 10 Alpha3 are listed, mainly
| |
| − | autogenerated from the changelogs.
| |
| − | | |
| − | Packages altered by Centos, Redhat, and Fedora-associated developers are
| |
| − | not included.
| |
| − | | |
| − | Backups
| |
| − | | |
| − | # e-smith-backup updated from 2.6.0-11.el7.sme to 2.6.0-12.el7.sme
| |
| − | - added patch for workstation backup lock [SME: 9127]
| |
| − | - code from Stefano Zamboni <zamboni at mind-at-work.it>
| |
| − | | |
| − | File Server
| |
| − | | |
| − | # e-smith-samba updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
| |
| − | - fix typo in /server-resources/regedit/win10samba.reg [SME: 10515]
| |
| − | # samba updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-common updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-common-tools updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-python updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-client-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-client updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-winbind-krb5-locator updated from 4.4.4-14.6.el7.sme to
| |
| − | 4.6.2-12.4.el7.sme
| |
| − | # samba-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-dc updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-winbind-modules updated from 4.4.4-14.6.el7.sme to
| |
| − | 4.6.2-12.4.el7.sme
| |
| − | # samba-dc-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-winbind-clients updated from 4.4.4-14.6.el7.sme to
| |
| − | 4.6.2-12.4.el7.sme
| |
| − | # libwbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-common-libs updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # libsmbclient updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | # samba-winbind updated from 4.4.4-14.6.el7.sme to 4.6.2-12.4.el7.sme
| |
| − | - import 4.6.2-12 [SME: 10429]
| |
| − | - change gnutls-devel >= 3.4.7 to gnutls-devel to allow build
| |
| − | - import to SME the two last upstream releases [SME: 10326]
| |
| − | - resolves: #1514314 - Fix CVE-2017-14746 and CVE-2017-15275
| |
| − | - resolves: #1491213 - CVE-2017-12150 CVE-2017-12151 CVE-2017-12163
| |
| − | - resolves: #1484423 - Require at least krb5 version 1.15.1
| |
| − | - resolves: #1484713 - Fix password changes for users via smbpasswd
| |
| − | - resolves: #1484723 - Be more graceful on FSCTL_VALIDATE_NEGOTIATE_INFO
| |
| − | - resolves: #1481188 - Fix 'net ads changetrustpw'
| |
| − | - resolves: #1459936 - Fix regression with "follow symlinks = no"
| |
| − | - resolves: #1461336 - Fix smbclient username parsing
| |
| − | - resolves: #1460937 - Fix username normalization with winbind
| |
| − | - resolves: #1459179 - Fix smbclient session setup printing
| |
| − | - related: #1277999 - Add missing patchset
| |
| − | - resolves: #1431986 - Fix expand_msdfs VFS module
| |
| − | | |
| − | LDAP
| |
| − | | |
| − | Localisation
| |
| − | | |
| − | # smeserver-locale updated from 2.6.0-9.el7.sme to 2.6.0-11.el7.sme
| |
| − | - apply locale 2018-12-14 patch
| |
| − | - apply locale 2017-12-02 patch
| |
| − | | |
| − | Mail Server
| |
| − | | |
| − | # clamav updated from 0.99.2-1.el7.sme to 0.100.2-1.el7.sme
| |
| − | - Update to 0.100.2 [SME: 10578]
| |
| − | | |
| − | # e-smith-pop3 updated from 2.6.0-2.el7.sme to 2.6.0-3.el7.sme
| |
| − | - fix undefined fqdn for pop3 [SME: 10257]
| |
| − | | |
| − | # qpsmtpd updated from 0.96-18.el7.sme to 0.96-19.el7.sme
| |
| − | - add support to force spamcheck on specific IP for fetchmail [SME: 10290]
| |
| − | | |
| − | # smeserver-qpsmtpd updated from 2.6.0-30.el7.sme to 2.6.0-32.el7.sme
| |
| − | - add forcespamcheck support for fetchmail [SME: 10290]
| |
| − | - Log DMARC reporting in syslog instead of sending email to the admin.
| |
| − | - Also suppress SSL connection failed warnings [SME: 10298]
| |
| − | | |
| − | # djbdns updated from 1.05-8.el7.sme to 1.05-10.el7.sme
| |
| − | - improve short ttl cname resolution and glueless answer from akadns
| |
| − | [SME: 8362]
| |
| − | - 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set
| |
| − | QUERY_MAXLOOP 160
| |
| − | --import patches from openwrt and rename already applied patches
| |
| − | --fix security issues [SME: 10374]
| |
| − | - 020-dnsroots-update.patch: update list of root DNS servers
| |
| − | - 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch
| |
| − | dns_transmit-bug.patch
| |
| − | - 080-dnscache-cache-negatives.patch: rfc2308 ?
| |
| − | - 210-dnscache-strict-forwardonly.patch: rename previous patch
| |
| − | dnscache-strict-forwardonly.patch
| |
| − | - 240-tinydns-alias-chain-truncation.patch: rename previous patch
| |
| − | tinydns-alias-chain-truncation.patch
| |
| − | - 270-dnscache-sigpipe-fix.patch: SIGPIPE
| |
| − | - 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
| |
| − | - 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
| |
| − | - 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
| |
| − | - 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191
| |
| − | http://marc.info/?l=djbdns&m=134190748729079&w=2
| |
| − | --bug fixes [SME: 10374] | |
| − | - 060-dnscache-big-udp-packets.patch: accept and handle longer than 512
| |
| − | bytes UDP packets
| |
| − | - 230-tinydns-data-semantic-error.patch: handle semantic error to avoid
| |
| − | publishing false dns records
| |
| − | --fix issue with short ttl cname like akamaid [SME: 8362]
| |
| − | - 200-dnscache-cname-handling.patch: rename previous patch
| |
| − | dnscache-cname-handling.patch
| |
| − | - 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
| |
| − | - 500-cutom-dnscache-maxloop.patch: set max loop to 200
| |
| − | --needed for previous patches to apply cleanly
| |
| − | - 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get
| |
| − | decompose SRC and PTR records (for 230-*.patch)
| |
| − | - 050-tinydns-mmap-leak.patch: report cdb leak
| |
| − | - 080-dnscache-cache-negatives.patch: rfc2308 ?
| |
| − | - 090-tinydns-one-second.patch: improve tinydns with 8 or more
| |
| − | concurent connections (for 240-*.patch)
| |
| − | - 120-compiler-temporary-filename.patch: change tmp filename to avoid
| |
| − | conflicts (for 230-*.patch)
| |
| − | | |
| − | # smeserver-spamassassin updated from 2.6.0-7.el7.sme to 2.6.0-8.el7.sme
| |
| − | - disable auto_learn by default when enabling Bayes [SME: 8160]
| |
| − | - added properties UseBayesAutoLearn, BayesAutoLearnThresholdSpam and
| |
| − | BayesAutoLearnThresholdNonSpam
| |
| − | | |
| − | # e-smith-qmail updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
| |
| − | - Update aliases files for every groups passed as argument [SME: 10386]
| |
| − | | |
| − | Server manager
| |
| − | | |
| − | php
| |
| − | - load openssl configuration file on startup #1408301
| |
| − | - gd: fix buffer over-read into uninitialized memory CVE-2017-7890
| |
| − | - fix php should provide php(httpd) #1215429
| |
| − | - fpm: backport PHP-FPM's clear_env option from 5.4.27 #1410010
| |
| − | default value is "yes", preserving previous behaviour
| |
| − | - openssl: fix default_socket_timeout does not work with SSL #1378196
| |
| − | - gd: fix DoS vulnerability in gdImageCreateFromGd2Ctx() CVE-2016-10167
| |
| − | - gd: Signed Integer Overflow gd_io.c CVE-2016-10168
| |
| − | | |
| − | Webmail and Groupware
| |
| − | | |
| − | Web Server
| |
| − | | |
| − | Other fixes and updates
| |
| − | | |
| − | # e-smith-base updated from 5.8.0-35.el7.sme to 5.8.0-38.el7.sme
| |
| − | - icleaning xinetd.conf fragment out of the package [SME: 10219]
| |
| − | - revert previous change - wrong package
| |
| − | - added post transaction rule for ntp [SME: 10190]
| |
| − | - thank you to Stefano Zamboni for this work
| |
| − | | |
| − | # smeserver-yum updated from 2.6.0-16.el7.sme to 2.6.0-17.el7.sme
| |
| − | - add yum-plugin-post-transaction-actions as requirement [SME: 1100]
| |
| − | | |
| − | # e-smith-devtools updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
| |
| − | - ease update of e-smith-devtools on non SME builders [SME: 10536]
| |
| − | | |
| − | # smeserver-support updated from 2.8.0-12.el7.sme to 2.8.0-15.el7.sme
| |
| − | - exclude libtevent,python-tevent from base and updates to avoid
| |
| − | conflict with localy build version of samba [SME: 10573]
| |
| − | - add back perl(LWP::Protocol::https) support [SME: 10516]
| |
| − | - upstream samba packages were not all excluded [SME: 10428]
| |
| − | | |
| − | # e-smith-ntp updated from 2.6.0-3.el7.sme to 2.6.0-4.el7.sme
| |
| − | - added post transaction rule for ntp [SME: 10190]
| |
| − | - thank you to Stefano Zamboni for this work
| |
| | | | |
| − | # e-smith-lib updated from 2.6.0-6.el7.sme to 2.6.0-7.el7.sme
| + | General features - Based on CentOS 7.8.# and all available updates |
| − | - Skip tap_soft interfaces (eg SoftEther, code from Hsing-Foo Wang)
| |
| − | [SME: 10445]
| |
| | | | |
| | On behalf of the Koozali SME Server development team | | On behalf of the Koozali SME Server development team |
