Koozali SME Server 10 Final Release Notes "Justine"
============================================

07 June 2021

The Koozali SME Server development team is pleased to announce the 
release of SME Server 10 Final which will be the next major release of 
SME Server. Code named "Justine"

This release is based on CentOS 7. CentOS 7.# has an EOL of 30 June 2024.

**********************************************************
Koozali SME Server users should not upgrade production servers to this.
Those with test servers are encouraged to load the release to a 
dedicated test machine and take part in the testing phase.
**********************************************************

Some notes on Koozali SME Server 10 can be found at
https://wiki.contribs.org/SME_Server_10.0_Development

SME10 Roadmap -
https://wiki.contribs.org/SME10_Roadmap#SME_10_Final

Bug reports and reports of potential bugs should be raised in the bug
tracker (and only there, please);

     https://bugs.koozali.org/

Copy of releaase notes may be found here: 
https://lists.contribs.org/pipermail/updatesannounce/

Download
========
You can download SME Server 10 from
https://mirror.koozali.org/smeserver/releases/testing/10/
or for other methods see:
https://wiki.koozali.org/SME_Server:Download

Please note it may take up to 48 hours for mirrors to finish syncing,
during this time you may experience problems.

About SME Server
================
SME Server is the leading Linux distribution for small and medium
enterprises. SME Server is brought to you by Koozali Foundation, Inc.,
a non-profit corporation that exists to provide marketing and legal support
for SME Server.

SME Server is freely available under the GNU General Public License and
is only possible through the efforts of the SME Server community.

However, the availability and quality of SME Server is dependent on
meeting our expenses, such as hosting costs, server hardware, etc.

As such, we ask for a donation to offset costs and fund further development.

a) If you are a school, a church, a non-profit organisation or an 
individual using SME Server for private purposes, we would appreciate 
you to contribute within your means toward the costs associated with 
hosting, maintenance and development.

b) If you are a company or an integrator and you are deploying SME 
Server in the course of your work to generate revenue, we expect you to 
make a donation commensurate with the level of revenue you generate and 
the number of servers your have in the field. Please, help the project

Please visit https://wiki.koozali.org/Donate to donate.

Koozali Inc is happy to supply an invoice for any donations received,
simply email treasurer at koozali.org

Notes
=====
In-place upgrades are not supported. It is necessary to backup and then 
restore.

Restore of a sme9 console or workstation backup is now fully supported, there
are cautions to be aware of and followed.

Single disk install no longer creates a degraded Raid1 array, Two or more disks
will be created as a Raid1-6 array, see wiki https://wiki.contribs.org/Raid

The spare handling for RAID arrays is now implemented. 

Support for further Raid configuration on install is now implemented - see wiki 

New Server-Manager Framework, Mojolicious, is now well on the way to full implementation

USB installs are once again fully supported, 
Note: it is important to use recommended apps to create the boot media
See: https://wiki.koozali.org/Install_From_USB 

Netinstall is once again fully supported, additional repos easily added

Install to a system supporting a UEFI BIOS is also now fully supported

Console backup, and workstation backup to removable storages is now fully supported.

Koozali templating is now fully inegrated with systemd

An enormouse number other under the hood changes, far to numerous to list here

The work that has gone into getting SME 10 to this stage has been enormous, an attempt to list
and detail the work that has been done in recent months would not do justice to the effort
contributed by the following,

thank you one and all:

Jean Phillipe Pialasse
Michel Begue
Brian Read
Catton Durbrow
Chris Sansom-Ninnes
Jean-pierre Odion
Zsolt Vasarhelyi
John Crisp
Terry Fage

there have also been many others who have done what they can, thank you:

The changes that have been implemented to ensure the Koozali Sme Server way is fully implemented
have been far reaching, far to many to try and list, suffice to say long live "Justine".

Major changes in this release
=============================
This release is based on CentOS 7.#

Changes in this release
=======================
see above and below, too much to list

General features
================
- Based on CentOS 7.9.2009 and all available updates

Detailed changes in this release
=======================
Only the changes since SME Server 10 RC1 are listed, mainly autogenerated from the changelogs.

Packages altered by Centos, Redhat, and Fedora-associated developers are not included.

The changelogs are written per package

SME built or modified packages - ChangeLogs

10 June 2021

Backups
flexbackup
- fix package version and release 1.2.1-6.4
- new source from debian packages repos 1.2.1-6.4
- convert initial release
- remove /usr/share/lintian directory
- add convert script to doc directory
- add debian changelog to doc directory

File Server
e-smith-proftpd
- restart proftpd on ssl-update [SME: 11603]
- cleanup in /etc/rc.d [SME: 9692]
- redirect log away from message [SME: 11384]
- fix circular Conflict with proftpd [SME: 11357]
- improve protect from proftpd.service running [SME: 11106]
- protect from proftpd.service running in place of ftp.service [SME: 11106]
- remove system-preset file from usr [SME: 10958]
- SSL crt and key to self signed if path does not exist [SME: 11316]
- add Requires=runit.service [SME: 11245]
- execute systemd-reload before service adjust in events [SME: 11228]
- remove S95reset-unsavedflag [SME: 11229]
- Remove ftp from 'init.d/supervise' [SME: 11106] [SME: 11150]
- Move ftp service to systemd [SME: 11106]
- Create e-smith-proftpd-update event [SME: 11150]

e-smith-samba
- netlogon.bat +x [SME: 11566]
- add possibility to reenable allow execute always on ibays homes or everywhere [SME: 11555]
- fix double entries for min protocol [SME: 11558]
- clean rsyslog syntax for smbd and nmbd [SME: 11422]
- fix noise in message log from nmbd and smbd redirected to dedicated logs [SME: 11349]
- allow using user-create-profiledir action with temp or package-update events [SME: 11348]
- fix log noise for smb.service [SME: 11157]
- add Restart=always [SME: 11118]
- add Restart=always [SME: 11117]
- migrate nmbd to systemd [SME: 11118]
- migrate smbd to systemd [SME: 11117]
  create generik smb.service service
- create e-smith-samba-update event [SME: 11157]
- Fix mutex locking [SME: 11199]
- Fix pid directory [SME: 11198]
- Add /etc/krb5.conf as template using templates from smeserver-samba [SME: 11093]
- remove win98pwdcache.reg from server-resources [SME: 9060]
- set min server and client protocol SMB2 [SME: 10576]
  add check so max always greater than min
- add port 445 if min server protocol is SMB2 or SMB3 [SME: 10963]

LDAP
e-smith-ldap
- fix wrong path for templates.metadata [SME: 11595]
- use template for ssl pem [SME: 11595]
- fix ldap failing to start on initial boot [SME: 11480]
- fix wrong alias to ldap.init [SME: 11301]
- add -update event [SME: 11140]
- move ldap to systemd [SME: 11099]
- move ldap.init to systemd [SME: 11096]
- New protocol default as TLSv1.2 [SME: 10936]
  New property TLSProtocolMin
  Ciphers are now ordered with stronger first

Localisation
smeserver-locale
- apply local 2021-05-12.patch [SME: 11593]
- apply local 2021-01-09.patch [SME: 11310]
- apply local 2019-12-07.patch

Mail Server
djbdns
- import modification from SME9 [SME: 11548]
- improve short ttl cname resolution and glueless answer from akadns [SME: 8362]
- 500-cutom-dnscache-maxloop.patch: set QUERY_MAXLEVEL 5 QUERY_MAXLOOP 500 QUERY_MAXNS 16 [SME: 10300]

e-smith-email
- add new RAR file signatures to default mailpatterns database [SME: 11265]
- webmail is only SSL [SME: 11443]
- create -update event [SME: 11133]
- move smtp-auth-proxy to systemd [SME: 11102]
- allow creation of pseudonyms with setting of local only [SME: 3802]

qmail
- add remote tls transport for qmail-remote [SME: 9349]
- updated release number higher than SME9
- now TLS and EHLO are defined to allow proper compilation
- add DEBUG flag for the moment to help configuring -DDEBUG=1

smeserver-clamav
- fix typo and missing +x [SME: 11520]
- fix issues with non epel standard scan.conf [SME: 11520]
  move clamd.conf to scan.conf
  remove alias for clamtop
  add a wrapper for clamdscan to force --fdpass
- ease use of clamdtop [SME: 11313]
- fix Transaction check error [SME: 11311]
- add pid folder /run/clamd/ [SME: 11103]
  few improvements
- create update event [SME: 11162]
- Updated to use 0.103+ from EPEL [SME: 11194]
- Updated to use systemd for clamd [SME: 11103]
- Updated to use systemd for freshclam [SME: 11104]
- increase lower memory limit to 1GB [SME: 10833]
- fix for AllowSupplementaryGroups warning [SME: 10813]
  thanks to bunkobugsy

smeserver-dovecot
- ssl pem update via template expand in place of copy [SME: 11601]
- clean rsyslog syntax for dovecot [SME: 11422]
- add Restart=always [SME: 11101]
- fix path for event -update [SME: 11101]
- cleanup /var/service/dovecot [SME: 11101]
  close logger and service from previous runit instance before starting systemd one
- add systemd drop-in expand in bootstrap-console-save, console-save, post-install, post-upgrade [SME: 11101]
- move service to systemd [SME: 11101]
- add imap idle notify interval setting [SME: 10947]
- fix typo in enabling TLSv1.2 as default [SME: 10934]
- fix typo in 35ssl template [SME: 10934]
- fix typo in createlinks [SME: 10932]
- revert property names with period in it [SME: 10934]
- add property AcceptFullEmail with enabled as default [SME: 9865]

smeserver-qpsmtpd
- update depreacted reject_threshold to reject [SME: 11492]
- remove /usr/lib/systemd/system-preset/80-koozali-qpsmtpd.preset [SME: 10958]
- modify for clamav 0.103.0 [SME: 11210]
- roll up patches
- add Requires=runit.service (qpsmtpd & sqpsmtpd) [SME: 11245]
- fix service not enabled [SME: 11107]
  remove reset-unsavedflag
- Move qpsmtpd & sqpsmtpd services to systemd [SME: 11107]
- Create smeserver-qpsmtpd-update event [SME: 11164]
- expand badrcptto_ext when needed [SME: 10638]
  this avoid user, group or pseudonyms for internal purpose to be reachable
  from outside
- minimum Protocol TLSv1.0 [SME: 10460]
  better ciphers order.

smeserver-spamassassin
- prevent noise in log at spamassassin call from qpsmtpd [SME: 11491]
- clean rsyslog syntax for spamd [SME: 11422]
- remove warning while trying to delete file when missing in post script [SME: 11375]
- remove spamd reference as service use spamassassin.service [SME: 11375]
  migrate spamd propertie SpamLearning to spamassassin
  template for /etc/sysconfig/spamassassin, revert --allow-tell option
  stop spamassassin spamd and delete /etc/systemd/system/spamassassin.service link if exists
- fix typo [SME: 11361]
- fix spamd unable to load [SME: 11361]
- redirect spamd loging to spamd.log instead of message [SME: 11362]
- add requires DCC as we have built it [SME: 11065]
- fix smeserver-spamassassin-update event fix [SME: 11166]
- Start systemd migration. Remove symlinks [SME: 11224]
- remove refresh clam as this will be provided by clamav
- require spamassassin 3.4.4 +

Server manager
e-smith-formmagick
- fix wrong PATH which makes fail grub reconfiguration [SME: 11556]
- increase CSRF timeout from 120s to 180s [SME: 10902]
  added property httpd-admin{csrfTimeout} in second to override
  added hability to ovarride the Timeout from panel to panel
- add update event [SME: 11136]
- add locale for CSRF [SME: 10626]
- add CSRF patch [SME: 10626] - thank you to Daniel Berteaud

Webmail and Groupware
smeserver-horde
- fix missing call to perl module emsith::php [SME: 11489]
- clean rsyslog syntax for horde [SME: 11422]
- improved php basedir, with filtering of noise for gpg [SME: 10945]
- force SSL for horde [SME: 11443]
- fix horde not honoring switch to php-fpm 5.4 [SME: 11433]
- update mail settings for the php-pool [SME: 11431]
- spamd SpamLearning property migrated to spamassassin SpamLearning [SME: 11376]
- Configuration is not up to date, hash to update [SME: 11308]
- fix wrong template path for php55, php56 and php [SME: 11255]
- fix webmail not accessible after enabling from manager [SME: 11233]
- update rsyslog syntax [SME: 11016]
  move fragment so syntax is similar to message
- remove harcoded ports [SME: 10969]
- add gpg to php base dir [SME: 10945]
- workaround logging noise caused by libsasl [SME: 10943]
- log as admin and not admin@domain for cli tasks [SME: 10910]
- fix ingo imap preferences [SME: 10912]
- allow httpd-auth for calendar, tasks access using rpc.php ... [SME: 10908]
- add smeserver-horde-update event [SME: 10909]
- avoid loss of user parameter on Primary Domain change [SME: 1005]
  this will also avoid the loss of parameter if we log with a different virtualhost
  horde preference is now stored with the SME username without @domain
- fix bad regex to strip domain [SME: 10224]
  also we can now force Primary domain to use as default email
  we can strip heading string from virtualhost domain to create email
  default identity email will update as long as no other identity is created for the user
- fix typo in php-fpm patch [SME: 10872]
- remove php3 references [SME: 10866]
- remove strict and warning alert from error log [SME: 10823]
- dedicated php-fpm pool for horde [SME: 10872]
- apply patches from John H. Bennett III [SME: 10717]
- cvs admin -ko on patch1

Web Server
e-smith-apache
- add possibility to force https on LAN only [SME: 11511]
  usefull for VPN over port 443
- prevent httpd to fail if modSSL defined certs does not exist [SME: 10826]
  default on self generated cert
- create-update event [SME: 11123]
- move httpd-e-smith to systemd [SME: 11111]
  changed sigusr1 used in events to reload as defined in the unit file
- give a logger to httpd-e-smith : journald [SME: 1416]
- set default SSLStrictSNIVHostCheck to off [SME: 8693]
- add SNI support for individual certificates per VirtualHosts [SME: 8693]
- port 80 and 443 should not be hardcoded [SME: 9192]
- e-smith-apache removing hardcoded ports [SME: 10966]
- remove php3 and php4 refs [SME: 10867]
- disable TLSv1 TLSv1.1 by default [SME: 10459]

Other fixes and updates
e-smith-base
- add local domains in self signed cert alt subjects [SME: 11624]
  add local hosts in self signed cert alt subjects 
  modSSL property to disable hosts domains addition : AddDomains AddHosts
  default is enabled when empty
- fix missing export [SME: 11620]
- fix issue with adding new user to the ldap db [SME: 11607]
- always renew self signed certificate [SME: 11552]
  update key / crt if not signed with the right key size
  default to self signed if custom cert and key are not files or not rigth type
  add perl module to help handle certificates and keys
  TODO: check if both key and cert are related, if not default to self signed
- fix openssl.conf not generated when openldap field are empty [SME: 11569]
- fix missing path to systemctl for add-wants [SME: 11537]
- merge dhcpdmanager custom template fragments with core [SME: 10657]
- remove templates-custom previously owned by a contrib [SME: 11508]
  they got migrated as part as normal backup restore
- fix masq failing on initial boot [SME: 11479]
- removing weekly cron for ddns update, targeted script has been removed [SME: 11470]
- revert e-smith-service file [SME: 9692]
- add systemctl wrapper [SME: 11345]
- clean rsyslog syntax for dhcpd [SME: 11422]
- cleanup /etc/rc.d and /var/service [SME: 9692]
- remove klogd references [SME: 11363]
- restore part of pptp code and move to generik vpn entry [SME: 11374]
- drop dyndns core support [SME: 11415]
- fix enabled service not started on reboot [SME: 11355]
  unless a power outage, as long as you reboot, halt or shutdown systemd will
  be in sync
- fix console::startup run twice [SME: 11358 ]
- improve run order in systemd-default [SME: 11356]
- fix uninitialized value during post-install [SME: 11350]
- fix user with rssh shell need to be member of rsshusers group [SME: 9155]
- add missing /sbin/e-smith/bootstrap-runlevel7 [SME: 11318]
- fix typo for isolate [SME: 11246]
- separate bootstrap-console from run level service launch [SME: 11318]
- only run isolate if sme-server.target is not active [SME: 11246]
- update system-preset usr/lib file [SME: 10958]
- fix loss of httpd basic auth [SME: 11309]
- fix services starting when they are in Wants= for sme-server.target and preset disabled [SME: 11247]
- rewrite of manageRAID.pl and add_drive_to_raid for SME10 [SME: 10918]
- added gdisk as a dependency to support GPT systems
- fix modSSL key crt and keychain files really exist [SME: 11252]
- add ldap.init as exception for preset
- fix init-accounts [SME: 9642]
- validate modSSL key crt and keychain files really exist [SME: 11252]
  if not we use self generated
- drop pptpd support [SME: 11250]
- add bash-completion [SME: 11244]
- improve local service to systemd [SME: 11119]
  now run rc.local file as part of the event
- move local service to systemd [SME: 11119]
  make it run /etc/rc.d/rc.local
  cleaning /var/service/syslog still there
- workaround drop-in install section ignored by systemctl preset [SME: 11231]
  some cleanup
- remove S95reset-unsavedflag [SME: 11229]
- add exclusion for lpd [SME: 11006]
- execute systemd-reload before service adjust in events [SME: 11228]
- fix ExecStart for raidmonitor [SME: 11094]
- fix permission for /sbin/e-smith/systemd/mdmonitor-pre [SME: 11094]
- Don't ask for confirmation to save changes on first install configuration [SME: 11193]
- Fix RAID detection regex for disk redundancy screen [SME: 10918]
- add Install part of systemd unit [SME: 11100]
- move dhcpd to systemd [SME: 11100]
- get dhcpd log out of message [SME: 2408]
  also configure logrotate for /var/log/dhcpd/dhcpd.log and /var/log/dhcpd/current
- reverte previous changes for service2adjust and util.pm [SME: 11177]
  files are owned by e-smith-lib
- allow more systemctl controls [SME: 11177]
  convert unrecognized signals from service2adjust in events for systemd
  handle unsupervised services the same way supervised were in adjust-services
  make service-status only log when service disabled and not fail it
- add template for /etc/systemd/system-preset/49koozali.preset [SME: 11174]

e-smith-devtools
- netlogon.bat +x [SME: 11566]
- add update event [SME: 11126]

e-smith-domains
- setup dns services on domain creation and other events [SME: 10115]
- avoid encoding of utf strings in domain table [SME: 11391]
  this will mess with some languages
- Create e-smith-domains-update event [SME: 11128]

e-smith-grub
- set missing locale if update-grub called by server-manager [SME: 11559]
- fix unable to boot on a non xfs root filesystem [SME: 11365]
- cleanup remove /boot/grub dir [SME: 11354]
- Add support for EFI systems [SME: 10998]
- add update event [SME: 11137]

e-smith-lib
- update copyright dates, and make it easier to change from spec file [SME: 11570]
- partial revert of signals [SME: 11177]
  signal s not passed to runit services (dnscache*, qmail, qpsmtpd...)
  services handled by systemd crash if they do not have Restart=always defined
- add support for signals SIG* with systemd [SME: 11177]
  fix typo for reload-or-try-restart
  unsupervised services: really stop when disabled and start stopped enabled ones
- remove error when sending sighup event [SME: 11177]
- allow more systemctl controls [SME: 11177]
  convert unrecognized signals from service2adjust in events for systemd
  handle unsupervised services the same way supervised were in adjust-services
- create e-smith-lib-event [SME: 11141]
- add support for systemctl reload-or-restart, try-restart, enable -now [SME: 10848]

e-smith-nutUPS
- fix start ordering nut.service [SME: 11488]
- fix ExecStartPre path for /usr/lib/tmpfiles.d/nut-run.conf [SME: 11488]
- fix ExecStartPre path for nut.service [SME: 11488]
- fix template path for monitor [SME: 9423]
- Fix preset line endings in 49-koozali.preset [SME: 11215]
- add update event to avoid reboot [SME: 11146]
- adapt nut UPS for systemd [SME: 9423]

e-smith-packetfilter
- fix dropin file not expanded on initial installation [SME: 11528]
- fix noise on logrotate, doing a restart instead of reload [SME: 11451]
- move ulogd to systemd [SME: 11426]
- require ulogd 2 [SME: 11426]
- remove pptpd last references [SME: 11420]
- remove /usr/lib/systemd/system-preset/80-koozali-packetfilter.preset [SME: 10958]
- drop pptpd support [SME: 11251]
- launch masq using systemd unit [SME: 11089]
- create event to avoid reboot on update [SME: 11122]

e-smith-radiusd
- remove services2adjust in bootstrap-console-save event, this put systemd in a loop [SME: 11602]
- ssl pem using template in place of copy [SME: 11602]
- radiusd needs ldap started before [SME: 11302]
- add Restart=always [SME: 11113]
  change group of pem file to radiusd
- create -update event [SME: 11155]
- move radiusd to systemd {SME: 11113]
  remove noise from spec file
- fix server restartting with virtual_server error [SME: 10853]

smeserver-release
- Bump new rpm for sme 10.0 final
- Bump new rpm for sme10 release candidate 1
- updating release number everywhere [SME: 11366]
- Bump release to 1 as buildsys believe 1.alpha5 is newer than 0.beta1 [SME: 11317]
- Bump new rpm for sme10 beta1 [SME: 11317]
- add update event [SME: 11165]
- Bump new rpm for sme10 alpha5

smeserver-support
- fix copyright date and make it easier to update from spec file [SME: 11568]
- fix typo and wording [SME: 11535]
- add update event [SME: 11167]
- revert update of samba using upstream CentOS repo [SME: 11196]
- obsoletes e-smith-starterwebsite [SME: 8903]

smeserver-yum
- no reboot needed for systemd-python [SME: 11609]
- fix services stop on removal [SME: 11510]
- run navigation-conf when a panel is installed [SME: 11507]
- migrate back to normal CentOS mirrors after el6 EOL [SME: 11477]
- version 2 with
  deleting yum{eolversion} if for previous release or not yet eol
  better handling of conditions
- avoid reboot on removal of smeserver-* rpms [SME: 11458]
- navigation-conf when a panel is installed
- fix wrong path for rsyslog.conf [SME: 11364]
- remove noise in yum process "overriding all signals, forcing restart" [SME: 11372]
- packages installed logged both in yum.log and message [SME: 11364]
- set priority to 10 for remi-safe [SME: 11360]
- fix poor handling of service adjusting and action order [SME: 11300]
  now a temp event is created
  also better logging, better handling of update vs removal
- make yum dbs service fork [SME: 11243]
  now smeserver.py plugin call the service
  yum-modify can use the service restart
  yum.service is its own service, not called by local.service
- move yum upate db service to systemd [SME: 11180]
- fix -update events not runt on package upgrade [SME: 11184]
  lower noise on forced restart
- fix switch to vault BaseURL for CentOS [SME: 11227]
- add remi-safe as base repo [SME: 11179]
- smeserver-yum-update event created [SME: 11168]
- fix separate action before template, and after service [SME: 11175]
  run all actions with post-upgrade as default event
- fix some templates not expanded [SME: 11121]
- fix smeserver.py not executing action because of wrong path [SME: 11047]
- fix error when key absent of a dict of smeserver plugin at clean stage [SME: 10931]
- avoid missing template error after removal of a rpm [SME: 10846]
- restart php-fpm services when needed [SME: 10873]
- applying patch [SME: 10690]
- fix NameError: global name 'yum_update_dbs' is not defined [SME: 6940]
- use yum-cron with autoupdate feature [SME: 10690]

These are either not SME modified Packages, or are kernel mods.
clamav
libprelude
sendmail

The changelogs are written per package On behalf of the Koozali SME Server development team
- Compilation of release data is thanks to scripts developed by Ian Wells and substantially improved by Jean Phillipe Pialasse

Terry Fage