diff --git a/RPM-GPG-KEY-SMEServer b/RPM-GPG-KEY-SMEServer new file mode 100644 index 0000000..8e4fe72 --- /dev/null +++ b/RPM-GPG-KEY-SMEServer @@ -0,0 +1,19 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.2.6 (GNU/Linux) + +mQGiBEM84T4RBACMPEsM0PcEqt0hFSOWI4BLLUfBbXZVDekRD24vEq9wGQWWvNxf +tABh53/eLemGxLF28dqipU5TK+6B0FFDkRyaBppmhmtgBD4jDfw9hPoIIw8ufHO6 +F929yBdRuKLPMn+uQ74Bva1JEhUChxMafE+yyrXORXvZWjR5sc2THJWTywCgnfpQ +ENzljYR1TcM451xgYxIQKBkD/jHPXM7jfCUYobUQ2P80GqaPCnNtA5nhR9/jyUmP +KPEgiQCVYQmfXWL6/LnnHEi0IFmZ7bDZc7hLO4JhWQINDgg5WDFNflawCeqZ2KIp +j+SnwbudnXmE4QdGJ66DrS7eNqJkFvLAT/S2Y2A9QIZCWKrg3HfvbrmiR4abRcy0 +kzBVA/sE/6OTLSO5o/kWBIuPQ616800vhXhLdITEPETkkaA3Oj0POKP6AJi7aLKO +KqpZzyLZi80vhCauztiQmY6fJiHQym6b/HsRSKf+DjExxoq4zp3TEojUK8ReSY6P +Mx9nsK5l+T70BX4iJsFdcjJHipnXBcuHOMlQtRlszU0b3NMLE7QvU01FIFNlcnZl +ciA3IHNpZ25pbmcga2V5IDxidWd0ZWFtQGNvbnRyaWJzLm9yZz6IXgQTEQIAHgUC +QzzhPgIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRA9cgUIHpyTCJWFAJ4xgIUK +VQysThX/neAbxWvl2YeqpQCeOOUivZbOSScohei7r8jCa+xUiVWIRgQTEQIABgUC +QzzjFwAKCRC8R3SEoTuRTTJbAJ9auKPxDeQ1hLN43hO5/bmd+TUKggCeIKAFeaR7 +9Pfl09sv0czvNTFSLRM= +=z7FN +-----END PGP PUBLIC KEY BLOCK----- diff --git a/RPM-GPG-KEY-koozali b/RPM-GPG-KEY-koozali new file mode 100644 index 0000000..6d9c555 --- /dev/null +++ b/RPM-GPG-KEY-koozali @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.5 (GNU/Linux) + +mQINBFbb5JYBEAC9I+N9hcehQ60cessrpEfyuJhoG4G5hUtF2ri53YzvsW/+in6Y +va5r4OM9/iiX01ie5bO7uj7JIbWkoAmrIFoQ3aKSFPHa8X6QFZ9T1Ho1vKfVnXYW +GzeX2VXavEGC4zRjD74AoKj4Pm0Gsa7Yi8iKOCWuxOU2kwc3+RfEiMi18kdtX6UR +X8KrXZfeG3n8gLrLeK7lqphpk8SUr9BTXnWVGlPUt15qFS5wkcPlhSlnutknFEFI +i7hLSUqYSL+8L3hNcoNMuKvMAL+TS40s4Ei5G4SrAGxXH1z9NVE98msUfAdK3ROi +7xigNZFjCFiaL0D27ropBG0oJQURLtbAdCis5vlgVpz3YKQTadmNYy8iU0j9V5uv +kLlwfXgKOVGrYwrW3c04u64iIRDa638dD0JObAyGQn/H7lCtifH0QNmOr4g20dEl +Yfhd4jyWFOwg8/qYlCDvfvKMy+CHsib8+5p6uUIuDd7Xrm2/lgnsFJSFrazXh9Ly +ieWmY5wpX0Eq26MiSNSDm0AKYEu+yMa7Kifgh5dpjqe1/x0B0SR0mcRN+I2GSunE +xIx/PoZf8wUAKsPq5a9lcTR9PwSu7si7wgfHI187GbuLbIoxobk138TcKiZVcGmJ +9aDNWS68EbfjKP+ftJB8pHRW0ViFi/KOydkA3NQ+zRNGIle/6+nLQ3G/8wARAQAB +tDlLb296YWxpIFNNRSBTZXJ2ZXIgc2lnbmluZyBrZXkgKDEwKSA8YnVndGVhbUBr +b296YWxpLm9yZz6JAjYEEwECACAFAlbb5JYCGwMGCwkIBwMCBBUCCAMEFgIDAQIe +AQIXgAAKCRAaDbzAVocxUWyeEACC+CXtPCeSC8TS+kDzpSJ7+7Q+oJAydQjknmeO +kYOP/8aw0OGLysMQtdErOlJh+Am5oJyLquKH2Fs3NpwjbCy/jvFuFuwxZ0ahM3dd +6nf7Evd0rOoZUO+xeoUzl/ykHgXaEGY2750Tib7/R9lOSHglgrF/QOIelHKOZqOU +y0nT3w+FTyqf3ZNA9IMS/YvfMZGJ0KgxoOx8nV/GMVmt0gKHqz2DL3muHGiXub6D +EXb8aZOH9q6dAGrpixEExBRgtAs3JTYl2M47w4xDb91/yRWoqUHmlv8aV7ZQr20c +sLuxijbqpfR//Vp9OEXFmK6jCd1s0qBKwJu+e8wiRD8UvDLzic0Hki5imBggos1g +TWAec9yjBMUUVKse1opmU14k1b8N+iv2d2MaspHrswVRU3Um/0vDlny0OMtYBnvz +nBPaKSk8FcqDbItFBJCK7Y3Rrx5dsTadAr+Dmli54EM9aYOrhPG7GBLDjML8HI2x +RjxQ4aAOAl0ETZmgC9Ib2YBt2Xza1ogtTHOjie+Am0j5il0FeGohV28UcJluy5Zt +bctEEPeeZq7kzYDvv0lSiXy0S11TsvSXbmhs0Z/Lh7CorMaHUiRjt+Hg17CGe0V9 +jzFRUokUykrDqTDai0R7UYRcEUpKfiA+32yqf11J2kpyqzueJ3z59xPr2n4SkZ6Y +bu7tgg== +=aVLF +-----END PGP PUBLIC KEY BLOCK----- diff --git a/ReleaseNotes b/ReleaseNotes new file mode 100644 index 0000000..630508a --- /dev/null +++ b/ReleaseNotes @@ -0,0 +1,677 @@ +Koozali SME Server 10.1 Release Notes +============================================ +12 Sep 2022 + +The Koozali SME Server development team is pleased to announce the +release of SME Server 10.1 which will be an update release of SME Server. + +This release is based on CentOS 7. CentOS 7.# has an EOL of +30 June 2024. + +********************************************************** +Koozali SME Server users are encouraged to update production servers +to this release. +********************************************************** + +Additional notes on Koozali SME Server 10 can be found at +https://wiki.contribs.org/SME_Server_10.0_Development + +SME10 Roadmap - +https://wiki.contribs.org/SME10_Roadmap#SME_10_Final + +Bug reports and reports of potential bugs should be raised in the bug +tracker (and only there, please); + + https://bugs.koozali.org/ + +Copy of releaase notes may be found here: +https://lists.contribs.org/pipermail/updatesannounce/ + +Download +======== +You can download SME Server 10.1 from +https://mirror.koozali.org/smeserver/releases/10.1/ +or for other methods see: +https://wiki.koozali.org/SME_Server:Download + +After release, please note it may take up to 48 hours for mirrors to +finish syncing, during this time you may experience availability issues. + +About SME Server +================ +SME Server is a popular Linux distribution for small and medium +enterprises. SME Server is brought to you by Koozali Foundation, Inc., +a non-profit corporation that exists to provide marketing and legal support +for SME Server. + +SME Server is freely available under the GNU General Public License and +is only possible through the efforts of the SME Server community. + +However, the availability and quality of SME Server is dependent on +meeting our expenses, such as hosting costs, server hardware, etc. + +As such, we encourage a donation to offset costs and fund further development. + +a) If you are a school, a church, a non-profit organisation or an +individual using SME Server for private purposes, we would appreciate +you to contribute within your means toward the costs associated with +hosting, maintenance and development. + +b) If you are a company or an integrator and you are deploying SME +Server in the course of your work to generate revenue, we expect you to +make a donation commensurate with the level of revenue you generate and +the number of servers your have in the field. Please, help the project + +Please visit https://wiki.koozali.org/Donate to donate. + +Koozali Inc is happy to supply an invoice for any donations received, +simply email treasurer at koozali.org + +Notes +===== +In-place upgrades from previous major releases are not supported. +It is necessary to backup and then restore. + +In-place point updates within a major release are supported. + +Restore of a sme9 console or workstation backup is now fully supported +there are cautions to be aware of and followed, see wiki and forum notes. + +From the many, small and large, fixes and updates the highlights are: + +The integration of httpd access using the to 2.4 syntax +#Note there will be a need to update your contribs and any custom templates + +The improvement of syslog management with dedicated log file for all the core +services (some were in systemd and some in the message log) + +Along with changes to the management of logfiles an improved logrotate has +been implemented, this is also now configurable via db config settings ie +frequency and number to retain + +Improvement and update to user and system security via update of cvm-unix +module + +Support for @.service has now been integrated and implemented + +Updates and fixes to radius services have also been implemented and improved + +The task of implementing backup of the contribs data by the the core console +backup and workstation backup has begun see: +https://bugs.koozali.org/show_bug.cgi?id=11997 + +A large number other minor under the hood changes and upstream updates and +fixes. +===== + +The time and effort that has gone into getting SME 10.1 to release has been +extensive, an attempt to list and detail the work that has been done in recent +months would not do justice to the effort made, thank you one and all for your +time and help. + +In particular thank you for the consistent efforts of: +Jean Phillipe Pialasse +John Crisp +Brian Read +Michel Begue +Zsolt Vasarhelyi + +The changes that have been implemented to ensure the Koozali Sme Server way +is fully implemented have been considered and extensive. + +Major changes in this release +============================= +This release is based on CentOS 7.# + +Changes in this release +======================= +see above and below + +General features +================ +Based on CentOS 7.9.2009 and all available updates + +Detailed changes in this release +======================= +Only the changes since SME Server 10 final are listed, autogenerated +from the changelogs. + +Packages altered by Centos, Redhat, and Fedora-associated developers are +not included. + +The changelogs are written per package + +SME built or modified packages - ChangeLogs + +18 Aug 2022 + +Backups + +e-smith-backup +- negative date (mtime, data modification time) zerodate fix [SME: 11907] +- allow mounting smbv1 backup share [SME: 11557] +- remove lock noise to cron stdout for workstation backup [SME: 11530] +- fix dar restore replacing rootdir symlinks by folders [SME: 11424] +- Remove duplicate gunzip call in perform_restore [SME: 11266] +- Remove debug output of device names +- Revert BlockDevices.pm and backup call to not filter to removable drives +- Replace hal-* calls with BlockDevices [SME: 11319] +- add update event [SME: 11124] +- Added /etc/backup-data.d to backup paths [SME: 10245] +- Added error handling to restore using pipe pattern from perform_backup [SME: 3139] +- Made reboot optional after console restore +- Fixed bootstrap restore not activating config changes [SME: 10921] +- Manually added ext2 and ext3 to Block Device file system check where ext4 present +- updated Block Device discovery to fix recovery from console [SME: 8244] +- Credit to Catton Durbrow + + +File Server + +e-smith-samba +- samba fix typo in delete v6 profile dir win10 [SME: 11725] +- samba delete v6 profile dir win10 [SME: 11725] +- samba create v6 profile dir win10 [SME: 11725] +- netlogon.bat +x [SME: 11566] +- add possibility to reenable allow execute always on ibays homes or everywhere [SME: 11555] +- fix double entries for min protocol [SME: 11558] +- clean rsyslog syntax for smbd and nmbd [SME: 11422] +- fix noise in message log from nmbd and smbd redirected to dedicated logs [SME: 11349] +- allow using user-create-profiledir action with temp or package-update events [SME: 11348] +- fix log noise for smb.service [SME: 11157] +- add Restart=always [SME: 11118] +- add Restart=always [SME: 11117] +- migrate nmbd to systemd [SME: 11118] +- migrate smbd to systemd [SME: 11117] + create generik smb.service service +- create e-smith-samba-update event [SME: 11157] +- Fix mutex locking [SME: 11199] +- Fix pid directory [SME: 11198] +- Add /etc/krb5.conf as template using templates from smeserver-samba +- [SME: 11093] +- remove win98pwdcache.reg from server-resources [SME: 9060] +- set min server and client protocol SMB2 [SME: 10576] + add check so max always greater than min +- add port 445 if min server protocol is SMB2 or SMB3 [SME: 10963] + +LDAP + +e-smith-ldap +- add support or rsshusers system group [SME: 11753] +- redirect syslog for ldapt to /var/log/ldap/ldap.log [SME: 11745] +- fix ssl-update reload instead of restart ldap [SME: 11598] +- fix wrong path for templates.metadata [SME: 11595] +- use template for ssl pem [SME: 11595] +- fix ldap failing to start on initial boot [SME: 11480] +- fix wrong alias to ldap.init [SME: 11301] +- add -update event [SME: 11140] +- move ldap to systemd [SME: 11099] +- move ldap.init to systemd [SME: 11096] +- New protocol default as TLSv1.2 [SME: 10936] + New property TLSProtocolMin + Ciphers are now ordered with stronger first + +Localisation + +smeserver-locale +- apply local 2022-07-21.patch [SME: 12117] +- apply local 2021-06-06.patch [SME: 11593] +- apply local 2021-05-12.patch [SME: 11593] +- apply local 2021-01-09.patch [SME: 11310] +- apply local 2019-12-07.patch + +Mail Server + +e-smith-email +- add quote around filename to .fetchids moving script [SME: 12131] +- move fetchids from /run and avoid its loss on reboot [SME: 12131] + similar changes in contrib smesevrer-fetchmail +- fix typo in regex [SME: 11799] +- fix missing dot in regex for untainting [SME: 11799] + would delete any account named with the string before the dot +- untainting string correctly [SME: 11716] +- fix typo for mailpattern for rar files [SME: 11690] +- fix perms for /var/lock/fetchmail [SME: 11634] +- make /var/lock/fetchmail dir permanent [SME: 11634] +- add new RAR file signatures to default mailpatterns database [SME: 11265] +- webmail is only SSL [SME: 11443] +- create -update event [SME: 11133] +- move smtp-auth-proxy to systemd [SME: 11102] +- allow creation of pseudonyms with setting of local only [SME: 3802] + +e-smith-qmail +- fix multiple errors with pseudonyms in template [SME: 8591] + orphaned pseudonyms are associated to admin +- repopulate qmail assign db and sighup qmail on group event [SME: 11934] +- can set to 0 ConcurrencyLocal or ConcurrencyRemote [SME: 11645] + this allows to disable of type of delivery +- add Requires=runit.service [SME: 11245] +- fix missing actions for systemd on upgrade event [SME: 11105] + cleanup preset file +- remove qmail link in init.d and whole rc.d [SME: 11105] + take 3 +- remove qmail link in init.d [SME: 11105] +- execute systemd-reload before service adjust in events [SME: 11228] +- remove S95reset-unsavedflag [SME: 11229] +- remove rc7.d link [SME: 11105] +- fix actions in e-smith-qmail-update [SME: 11152] +- Move qmail service to systemd [SME: 11105] +- Create e-smith-qmail-update event [SME: 11152] + +qpsmtpd +- fix fetchmail patch to check local_ip [SME: 11763] +- fix configuration not honoured on initial start [SME: 10387] + commented out load_plugins see https://github.com/smtpd/qpsmtpd/issues/288. + +smeserver-clamav +- logrotate clamd keeps logging to old log [SME: 11963] +- remove default property ArchiveBlockEncrypted [SME: 11695] +- fix property name error 2.7.0-12.sme [SME: 11695] +- fix spec file error 2.7.0-11.sme [SME: 11474] +- rename property ArchiveBlockEncrypted to AlertEncrypted as per upstream [SME: 11695] + added properties AlertBrokenExecutables AlertExceedsMax AlertOLE2Macros + AlertPartitionIntersection AlertPhishingCloak and AlertPhishingSSLMismatch + with default no + added property HeuristicAlerts with default yes +- fix noise on centos2sme [SME: 11474] +- identify from which server is freshclam error [SME: 11755] + fix from Graeme Fleming +- fix typo in logrotate [SME: 11608] +- fix typo and missing +x [SME: 11520] +- fix issues with non epel standard scan.conf [SME: 11520] + move clamd.conf to scan.conf + remove alias for clamtop + add a wrapper for clamdscan to force --fdpass +- ease use of clamdtop [SME: 11313] +- fix Transaction check error [SME: 11311] +- add pid folder /run/clamd/ [SME: 11103] + few improvements +- create update event [SME: 11162] +- Updated to use 0.103+ from EPEL [SME: 11194] +- Updated to use systemd for clamd [SME: 11103] +- Updated to use systemd for freshclam [SME: 11104] +- increase lower memory limit to 1GB [SME: 10833] +- fix for AllowSupplementaryGroups warning [SME: 10813] + +smeserver-qpsmtpd +- Print both 255 char and full length DKIM keys [SME: 11974] +- fix unable to set internal only pseudonym as full email [SME: 11933] +- add softlimit template for qpsmtpd [SME: 11858] + increase softlimit to 50000000. +- fix regression Set the default helo policy to lenient [SME: 11864] +- mail sent on 127.0.0.200:25 should be spam checked [SME: 10289] + filtering again fetchmail originating mails +- sighup on reload [SME: 11759] +- fix tnef2mime FATAL PLUGIN ERROR [SME: 11648] + this will be a temp fix by redefining MIME::Parser::Filer::output_path + until it has been fixed upstream +- update depreacted reject_threshold to reject [SME: 11492] +- remove /usr/lib/systemd/system-preset/80-koozali-qpsmtpd.preset [SME: 10958] +- modify for clamav 0.103.0 [SME: 11210] +- roll up patches +- add Requires=runit.service (qpsmtpd & sqpsmtpd) [SME: 11245] +- fix service not enabled [SME: 11107] + remove reset-unsavedflag +- Move qpsmtpd & sqpsmtpd services to systemd [SME: 11107] +- Create smeserver-qpsmtpd-update event [SME: 11164] +- expand badrcptto_ext when needed [SME: 10638] + this avoid user, group or pseudonyms for internal purpose to be reachable + from outside +- minimum Protocol TLSv1.0 [SME: 10460] + better ciphers order. + +Server manager + +e-smith-manager +- update to httpd 2.4 access syntax for httpd-admin [SME: 12129] +- update to httpd 2.4 access syntax [SME: 12129] +- removing reference to old log rotation action [SME: 11872] +- take 2 wrong system mode reported in bugreport [SME: 10448] +- fix wrong system mode reported in bugreport [SME: 10448] +- create -update event [SME: 11144] +- migrate httpd-admin to systemd [SME: 11110] +- removing hardcoded ports [SME: 10967] +- Add a FollowSymlinks for user-password in password/cgi-bin (perl-suid) [SME: 9677] +- update apache icon path [SME: 9591] +- add message to indicate EOL after Jun 30 2024 fix [SME: 10170] + e-smith-viewlogfiles + perl-CGI-FormMagick + +Webmail and Groupware + +smeserver-horde +- fix invalid domain if ForcePrimaryDomain is enabled [SME: 11980] +- fix $ldapServer is commented out if Horde ForcePrimaryDomain is disabled [SME: 11981] +- use httpd 2.4 access control syntax [SME: 11945] +- fix previous patch error extra line [SME: 11694] +- fix alarm noise when disabled [SME: 11694] +- Syntax error, unexpected '(T_STRING), expecting ')' [SME: 11738] +- thanks to zsolt vasarhelyi for patch test +- Ingo filters TLS error if sieve is enabled [SME: 11628] +- fix missing call to perl module emsith::php [SME: 11489] +- clean rsyslog syntax for horde [SME: 11422] +- improved php basedir, with filtering of noise for gpg [SME: 10945] +- force SSL for horde [SME: 11443] +- fix horde not honoring switch to php-fpm 5.4 [SME: 11433] +- update mail settings for the php-pool [SME: 11431] +- spamd SpamLearning property migrated to spamassassin SpamLearning [SME: 11376] +- Configuration is not up to date, hash to update [SME: 11308] +- fix wrong template path for php55, php56 and php [SME: 11255] +- fix webmail not accessible after enabling from manager [SME: 11233] +- update rsyslog syntax [SME: 11016] + move fragment so syntax is similar to message +- remove harcoded ports [SME: 10969] +- add gpg to php base dir [SME: 10945] +- workaround logging noise caused by libsasl [SME: 10943] +- log as admin and not admin@domain for cli tasks [SME: 10910] +- fix ingo imap preferences [SME: 10912] +- allow httpd-auth for calendar, tasks access using rpc.php ... [SME: 10908] +- add smeserver-horde-update event [SME: 10909] +- avoid loss of user parameter on Primary Domain change [SME: 1005] + this will also avoid the loss of parameter if we log with a different virtualhost + horde preference is now stored with the SME username without @domain +- fix bad regex to strip domain [SME: 10224] + also we can now force Primary domain to use as default email + we can strip heading string from virtualhost domain to create email + default identity email will update as long as no other identity is created for the user +- fix typo in php-fpm patch [SME: 10872] +- remove php3 references [SME: 10866] +- remove strict and warning alert from error log [SME: 10823] +- dedicated php-fpm pool for horde [SME: 10872] +- apply patches from John H. Bennett III [SME: 10717] +- cvs admin -ko on patch1 + +Web Server + +e-smith-apache +- reverting last change [SME: 9375] +- add conflict on older ibays, php, horde, proxy, manager rpms +- removing mod_access_compat [SME: 9375] +- convert httpd 2.2 allow,deny to Require for 2.4 [SME: 9375] +- use maxsize, not size [SME: 11867] +- use logrotate.d instead of event action [SME: 11867] + use size to force log rotate before normal delay +- add modules ldap authnz_ldap and proxy_wstunnel [SME: 11760] + previously provided by webapps-common +- fix httpd-e-smith failing to start on reboot in private server-gateway mode [SME: 11596] +- add possibility to force https on LAN only [SME: 11511] + usefull for VPN over port 443 +- prevent httpd to fail if modSSL defined certs does not exist [SME: 10826] + default on self generated cert +- create-update event [SME: 11123] +- move httpd-e-smith to systemd [SME: 11111] + changed sigusr1 used in events to reload as defined in the unit file +- give a logger to httpd-e-smith : journald [SME: 1416] +- set default SSLStrictSNIVHostCheck to off [SME: 8693] +- add SNI support for individual certificates per VirtualHosts [SME: 8693] +- port 80 and 443 should not be hardcoded [SME: 9192] +- e-smith-apache removing hardcoded ports [SME: 10966] +- remove php3 and php4 refs [SME: 10867] +- disable TLSv1 TLSv1.1 by default [SME: 10459] + +Other fixes and updates + +bglibs +- initial build for SME10 [SME: 11883] + patched selftests.sh to avoid net/resolve_ipv4addr.c test which fails under mock + added BuildRequires glibc glibc-static glibc-devel mtools autoconf + commented out files for devel /usr/local/bglibs/lib/*.lib and /usr/local/bglibs/lib/*/*.a + as they fails. + +cvm +- build cvm 0.97 for SME10 [SME: 11315] + +e-smith-LPRng +- untainting port cleanly [SME: 12106] +- remove /usr/lib/systemd/system-preset/80-koozali-LPRng.preset [SME: 10958] +- Add 'Requires:runit.service' [SME: 11245] +- Add a fragment for lpd in 49-koozali.preset [SME: 11006] +- Remove init.d/supervise/lpd link [SME: 11006] +- keep runit service for systemd [SME: 11006] +- fix update event name [SME: 11007] +- from service to systemd [SME: 11006] +- add lpd-update event [SME: 11007] + +e-smith-base +- no new self signed cert when adding/removing non self hosts [SME: 12130] +- fix /dev/log not being recreated [SME: 12073] +- add rsshusers group to ldap and update it [SME: 11956] +- fix symlinks preventing log rotation [SME: 11950] +- remove immark module to reduce messages log activity [SME: 11813] +- fix logs not rotated before 100M (size maxsize) [SME: 10484] +- reduce systemd noise in messages [SME: 11813] +- fix dhcp address not propagated [SME: 11930] +- make rsyslog listen journald which listen /dev/log [SME: 11813] + template for /etc/systemd/journald.conf +- properly configure /etc/logrotate.conf [SME: 10484] + template for /etc/logrotate.conf + use of size to limit max size of file and rotate earlier +- drop e-smith logrotate actions creating dangling links [SME: 946] +- make journald log permanent by creating /var/log/journal [SME: 11795] +- allow group-modify-unix on update event [SME: 11766] +- fix typo in last patch [SME: 11722] +- add support for systemd service with instance service@instance.service [SME: 11722] +- add local domains in self signed cert alt subjects [SME: 11624] + add local hosts in self signed cert alt subjects + modSSL property to disable hosts domains addition : AddDomains AddHosts + default is enabled when empty +- fix missing export [SME: 11620] +- fix issue with adding new user to the ldap db [SME: 11607] +- always renew self signed certificate [SME: 11552] + update key / crt if not signed with the right key size + default to self signed if custom cert and key are not files or not rigth type + add perl module to help handle certificates and keys + TODO: check if both key and cert are related, if not default to self signed +- fix openssl.conf not generated when openldap field are empty [SME: 11569] +- fix missing path to systemctl for add-wants [SME: 11537] +- merge dhcpdmanager custom template fragments with core [SME: 10657] +- remove templates-custom previously owned by a contrib [SME: 11508] + they got migrated as part as normal backup restore +- fix masq failing on initial boot [SME: 11479] +- removing weekly cron for ddns update, targeted script has been removed [SME: 11470] +- revert e-smith-service file [SME: 9692] +- add systemctl wrapper [SME: 11345] +- clean rsyslog syntax for dhcpd [SME: 11422] +- cleanup /etc/rc.d and /var/service [SME: 9692] +- remove klogd references [SME: 11363] +- restore part of pptp code and move to generik vpn entry [SME: 11374] +- drop dyndns core support [SME: 11415] +- fix enabled service not started on reboot [SME: 11355] + unless a power outage, as long as you reboot, halt or shutdown systemd will + be in sync +- fix console::startup run twice [SME: 11358 ] +- improve run order in systemd-default [SME: 11356] +- fix uninitialized value during post-install [SME: 11350] +- fix user with rssh shell need to be member of rsshusers group [SME: 9155] +- add missing /sbin/e-smith/bootstrap-runlevel7 [SME: 11318] +- fix typo for isolate [SME: 11246] +- separate bootstrap-console from run level service launch [SME: 11318] +- only run isolate if sme-server.target is not active [SME: 11246] +- update system-preset usr/lib file [SME: 10958] +- fix loss of httpd basic auth [SME: 11309] +- fix services starting when they are in Wants= for sme-server.target and preset disabled [SME: 11247] +- rewrite of manageRAID.pl and add_drive_to_raid for SME10 [SME: 10918] +- added gdisk as a dependency to support GPT systems +- fix modSSL key crt and keychain files really exist [SME: 11252] +- add ldap.init as exception for preset +- fix init-accounts [SME: 9642] +- validate modSSL key crt and keychain files really exist [SME: 11252] + if not we use self generated +- drop pptpd support [SME: 11250] +- add bash-completion [SME: 11244] +- improve local service to systemd [SME: 11119] + now run rc.local file as part of the event + +e-smith-cvm-unix-local +- fix error compressing log still in use by delaying it [SME: 11968] +- reverting to release 7 state [SME: 11885] +- Add yum action to restart post install [SME: 11885] +- bump requirement for cvm [SME: 11885] + removing daemontools requirement +- expand rsyslog.conf [SME: 11807] +- redirect and rotate log for cvm-unix [SME: 11807] + fix cvm-pre script permission +- fix service stopping restarting on crash [SME: 11792] +- fix typo [SME: 11314] +- migrate to systemd [SME: 11314] +- add update event [SME: 11125] + +e-smith-devtools +- remove duplication with Dar backup [SME: 11993] +- ease backup include and exclude of contribs [SME: 11993] +- netlogon.bat +x [SME: 11566] +- add update event [SME: 11126] + +e-smith-ibays +- add missing elements to e-smith-ibays-update event to activate changes [SME: 11774] +- fix AH01797: client denied by server conf [SME: 11774] + use new require syntax for httpd 2.4 +- fix patch for SSLRequireSSL [SME: 8150] +- force https if auth or dav are enabled [SME: 11407] +- merge SSL and SSLRequireSSL properties [SME: 8150] + now SSLRequireSSL will force SSL to the html ibay directory and redirect to https +- update php properties and folders [SME: 11412] +- remove last bit of atalk [SME: 668] +- add update event [SME: 11139] +- remove hardcoded ports [SME: 10968] +- remove php3 reference [SME: 10869] +- fix apache failing if ibay has dynamic content enabled and phpmodule is disabled [SME: 10871] +- revert patch, wrong rpm [SME: 10871] +- add support for php-fpm [SME: 10871] + +e-smith-lib-compspec +- fix last dot erased on completion [SME: 11368] +- error on incorect cmd input [SME: 4661] +- allow easy access to templates.metadata to expand desired files [SME: 11312] +- add update event [SME: 11142] + +e-smith-ntp +- dedicated log and logrotate [SME: 12115] + thanks to bunkobugsy for this patch +- untainting fields [SME: 12107] +- fix ntpd crashing with panic_stop [SME: 11298] +- update override.conf to 50koozali.conf [SME: 11008] +- adding missing folder /usr/lib/systemd/system/ntpd.service.d [SME: 11008] +- fix typo in path for new driftfile [SME: 8881] +- fix systemd-preset fragment [SME: 11008] + add +x to ExecStartPRe script +- improve systemd integration [SME: 11008] +- change driftfile path [SME: 8881] +- from service to systemd [SME: 11008] +- add ntpd-update event [SME: 11009] +- revert last change [SME: 10190] + on sme10 systemd has ntpd disabled by default +- revert last change [SME: 10190] + on sme10 systemd has ntpd disabled by default + +e-smith-nutUPS +- Misspelling in /usr/lib/systemd/system/nut.service file [SME: 11633] +- fix start ordering nut.service [SME: 11488] +- fix ExecStartPre path for /usr/lib/tmpfiles.d/nut-run.conf [SME: 11488] +- fix ExecStartPre path for nut.service [SME: 11488] +- fix template path for monitor [SME: 9423] +- Fix preset line endings in 49-koozali.preset [SME: 11215] +- add update event to avoid reboot [SME: 11146] +- adapt nut UPS for systemd [SME: 9423] + +e-smith-packetfilter +- restrict VPN networks to their interface [SME: 11640] + remove remoteVPNSubnet property added VPNif property +- fix dropin file not expanded on initial installation [SME: 11528] +- fix noise on logrotate, doing a restart instead of reload [SME: 11451] +- move ulogd to systemd [SME: 11426] +- require ulogd 2 [SME: 11426] +- remove pptpd last references [SME: 11420] +- remove /usr/lib/systemd/system-preset/80-koozali-packetfilter.preset [SME: 10958] +- drop pptpd support [SME: 11251] +- launch masq using systemd unit [SME: 11089] +- create event to avoid reboot on update [SME: 11122] + +e-smith-proxy +- use httpd 2.4 access control syntax [SME: 11944] +- fix squid starting before network [SME: 11713] + also dropin file not expanded on install fixed +- cleanup in /etc/rc.d and /var/service/squid [SME: 9692] + +e-smith-radiusd +- redirect daemon log to its own file [SME: 11947] +- workaround upstream missing definition of /var/run/radiusd/tmp [SME: 11859] +- fix startup informational message Duplicate Auth-Type 'REJECT' [SME: 11736] +- patch was blank, populate and apply [SME: 11736] +- fix startup informational message Duplicate Auth-Type 'REJECT' [SME: 11736] +- add db property PAP-auth [SME: 11735] +- add/fix PAP-auth patch [SME: 11735] +- fix WAP-auth patch [SME: 11718] +- fix LDAP-auth patch [SME: 11719] +- fix ssl template metadata patch [SME: 11680] +- remove services2adjust in bootstrap-console-save event, this put systemd in a loop [SME: 11602] +- ssl pem using template in place of copy [SME: 11602] +- radiusd needs ldap started before [SME: 11302] +- add Restart=always [SME: 11113] + change group of pem file to radiusd +- create -update event [SME: 11155] +- move radiusd to systemd {SME: 11113] + remove noise from spec file +- fix server restartting with virtual_server error [SME: 10853] + +smeserver-audittools +- display yum repo as seen by yum and db [SME: 10880] +- add remi-safe in list of newrpms [SME: 11932] +- fix temp event displayed by events audittool [SME: 11674] +- fix links to different rpm rported as modified [SME: 11673] +- add update event [SME: 11161] + +smeserver-yum +- bump version number +- no reboot for dbus-glib [SME: 12091] +- rephrase contrib update message [SME: 11543] +- move mysqld to mariadb in smeserver plugin [SME: 11921] +- remove force AutoInstallUpdates to disabled [SME: 11961] +- fix rotate yum.log as not standard location [SME: 11951] +- remove yum_update_dbs from messages log [SME: 11952] +- restart cvm-unix on cvm or bglibs update [SME: 11886] +- remove pop3 and pop3s services from plugin [SME: 11808] +- fix restarting spamd instead of spamassassin [SME: 11803] +- Re-word-reboot-required-message.patch [SME: 11790] +- fix wrong qpsmtpd handling [SME: 11768] +- add elrepo GPG key [SME: 11625] +- no reboot needed for systemd-python [SME: 11609] +- fix services stop on removal [SME: 11510] +- run navigation-conf when a panel is installed [SME: 11507] +- migrate back to normal CentOS mirrors after el6 EOL [SME: 11477] +- version 2 with + deleting yum{eolversion} if for previous release or not yet eol + better handling of conditions +- avoid reboot on removal of smeserver-* rpms [SME: 11458] +- navigation-conf when a panel is installed +- fix wrong path for rsyslog.conf [SME: 11364] +- remove noise in yum process "overriding all signals, forcing restart" [SME: 11372] +- packages installed logged both in yum.log and message [SME: 11364] +- set priority to 10 for remi-safe [SME: 11360] +- fix poor handling of service adjusting and action order [SME: 11300] + now a temp event is created + also better logging, better handling of update vs removal +- make yum dbs service fork [SME: 11243] + now smeserver.py plugin call the service + yum-modify can use the service restart + yum.service is its own service, not called by local.service +- move yum upate db service to systemd [SME: 11180] +- fix -update events not runt on package upgrade [SME: 11184] + lower noise on forced restart +- fix switch to vault BaseURL for CentOS [SME: 11227] +- add remi-safe as base repo [SME: 11179] +- smeserver-yum-update event created [SME: 11168] +- fix separate action before template, and after service [SME: 11175] + run all actions with post-upgrade as default event +- fix some templates not expanded [SME: 11121] +- fix smeserver.py not executing action because of wrong path [SME: 11047] +- fix error when key absent of a dict of smeserver plugin at clean stage [SME: 10931] +- avoid missing template error after removal of a rpm [SME: 10846] +- restart php-fpm services when needed [SME: 10873] +- applying patch [SME: 10690] +- fix NameError: global name 'yum_update_dbs' is not defined [SME: 6940] +- use yum-cron with autoupdate feature [SME: 10690] + +The changelogs are written per package On behalf of the Koozali SME Server development team +- Compilation of release data is thanks to scripts developed by + Ian Wells and substantially improved by Jean Phillipe Pialasse