Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: wellsi on January 12, 2006, 12:29:52 AM
-
The maintenance team would like to announce that the following packages are available from the updates repositories for SME 6.0, 6.0.1 & 6.5RC1.
To update your server see http://no.longer.valid/phpwiki/index.php/How%20to%20update%20SME%20Server
To help this process see http://no.longer.valid/phpwiki/index.php/Maintenance%20Process
Follow the steps below to update using yum. These need to be entered from the command line.
yum update
/sbin/e-smith/signal-event post-upgrade
/sbin/e-smith/signal-event reboot
==============
Common Updates
==============
bzip2-1.0.2-2.2.73.legacy.i386.rpm
bzip2-libs-1.0.2-2.2.73.legacy.i386.rpm
For all 6.x
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158801
A bug was found in the way bzgrep processes file names. If a user can be
tricked into running bzgrep on a file with a carefully crafted file
name, arbitrary commands could be executed as the user running bzgrep.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0758 to this issue.
A bug was found in the way bzip2 modifies file permissions during
decompression. If an attacker has write access to the directory into
which bzip2 is decompressing files, it is possible for them to modify
permissions on files owned by the user running bzip2 (CVE-2005-0953).
A bug was found in the way bzip2 decompresses files. It is possible for
an attacker to create a specially crafted bzip2 file which will cause
bzip2 to cause a denial of service (by filling disk space) if
decompressed by a victim (CVE-2005-1260).
cvs-1.11.1p1-17.legacy.i386.rpm
For all 6.x
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-05-12-FLSA_2005_155508__Updated_cvs_package_fixes_security_issues.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155508
A buffer overflow bug was found in the way the CVS client processes version
and author information. If a user can be tricked into connecting to a
malicious CVS server, an attacker could execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0753 to this issue.
e-smith-apache-1.0.1-01sme2.noarch.rpm
For 6.0 & 6.0.1 (6.5 has a seperate package)
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=256
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=280
SME Bug 193:
A xml document is treated as text and not xml unless you send the correct header
SME Bug 129:
By entering http://www.example.com/~username, the error code returned by the webserver can be used to confirm the existance or not of username.
A 403 is returned if the username exists
A 404 is returned if the username does not exist
This information can then be used to target further attacks.
* Fri Nov 25 2005 Ian Wells <esmith@wellsi.com>
- [1.0.1-01sme2]
- support XSLT stylesheets [Bug 193]
- Patch provided by John Bennett
* Wed Sep 21 2005 Ian Wells <esmith@wellsi.com>
- [1.0.1-01sme1]
- Disable user directories
- backported from 1.1.0-18sme01 [Bug 129]
e-smith-backup-1.13.2-02sme01.noarch.rpm
For all 6.x
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=274
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=283
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=281
Upgrading to 6.0 prevents domain logins
Backup to desktop doesn't include all files needed to restore a fully functional samba domain.
Flashing "esmith::Backup=HASH(0x80fbb0c)" in /etc
* Sat Sep 24 2005 Ian Wells <esmith@wellsi.com>
- [1.13.2-02sme01]
- Merged some fixes from devel & 6.5 versions
- Restore passwd file entries for machine accounts. [SF: 1254663]
- Fix bug in relocate_samba_file function [relocate_patch]
e-smith-flexbackup-1.8.0-01sme1.noarch.rpm
For all 6.x
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=257
Issue with restore from tape via server-manager, when you try to restore from tape the prebackup fails.
* Thu Nov 19 2005 Ian Wells <esmith@wellsi.com>
- [1.8.0-01sme1]
- Workaround for mt tell error, use mt status [Bug 198]
- Patch provided by John Bennett
e-smith-imap-1.2.0-03sme001.noarch.rpm
For 6.0 & 6.0.1 (already fixed for 6.5)
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=279
IMAP server features do not get reported to clients through frontend
* Wed Sep 21 2005 Ian Wells <esmith@wellsi.com>
- [1.2.0-03sme001]
- Add imap capabilities to frontend daemon
- backported from 1.2.0-03sme03 [Bug 127]
e-smith-imp-1.10.0-02sme02.noarch.rpm
For 6.0 & 6.0.1 (6.5 has a seperate package)
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=254
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=325
SME Bug 254:
The user selection of 'None' for 'Choose the addressbook to use when adding addresses' doesn't seem to get saved
SME Bug 325: (and also Bug 61 in Mantis)
e-smith-imp blocks horde* access, and HTTP network installs do not work when webmail was enabled for HTTPS access only.
* Sat Dec 24 2005 John H. Bennett III <bennettj@thebennetthome.com>
- [1.10.0-02sme02]
- Backport port of SME6.5 patch e-smith-imp-1.11.0-03.mitel_patch
- Only catch ..../horde/... with slash after horde. This fixes
- an issue which stopped network installs of the server _from_
- the server when webmail was enabled for HTTPS access only. [325]
* Fri Dec 23 2005 John H. Bennett III <bennettj@thebennetthome.com>
- [1.10.0-02sme01]
- Change setting of 410Addressbook from locked to selectable which will
allow a user to choose to be able to save e-mail addresses to their
personal turba address book. Currently this is locked for all at none. [254]
e-smith-mailfront-1.4.0-01sme1.noarch.rpm
For 6.0 & 6.0.1 (already fixed for 6.5)
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=282
Whenever groups are created/modified/deleted the mailrules aren't being re-expanded. As a result email might be accepted or rejected incorrectly.
* Wed Sep 21 2005 Ian Wells <esmith@wellsi.com>
- [1.4.0-01sme1]
- Expand mailrules on group actions
- backported from 1.5.1-01sme12 [Bug 153]
e-smith-openssh-1.10.1-01sme2.noarch.rpm
For all 6.x
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=267
When changing access for ftp server a red error 'changes not saved' appears at top of page.
* Thu Nov 17 2005 Ian Wells <esmith@wellsi.com>
- [1.10.1-01sme2]
- In sshd_reload check if sshd is disabled [Bug 279]
- Trying again, replacing previous patch.
- Patch provided by Charlie Brady
* Wed Nov 8 2005 Ian Wells <esmith@wellsi.com>
- [1.10.1-01sme1]
- In sshd_reload check if sshd is disabled [Bug 279]
- Patch provided by John Bennett
flexbackup-1.1.7-1es.sme01.noarch.rpm
For all 6.x
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=259
SME Bug 259:
Tape restore gets ownership wrong for "Maildir" and ownership/group of all users
* Tue Dec 20 2005 John H. Bennett III <bennettj@thebennetthome.com> 1.1.7-2es
- Add support for --overwrite option in restore of tape
- so that on a restore, directory and file ownerships are retained
glibc-2.2.5-44.legacy.6.i386.rpm
glibc-2.2.5-44.legacy.6.i686.rpm
glibc-common-2.2.5-44.legacy.6.i386.rpm
For all 6.x
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-11-13-FLSA_2005_152848__Updated_glibc_packages_fix_security_issues.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152848
Flaws in the catchsegv and glibcbug scripts were discovered. A local
user could utilize these flaws to overwrite files via a symlink attack
on temporary files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0968 and CVE-2004-1382
to these issues.
It was discovered that the use of LD_DEBUG and LD_SHOW_AUXV were not
restricted for a setuid program. A local user could utilize this flaw to
gain information, such as the list of symbols used by the program. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-1453 to this issue.
horde-2.2.9-1sme00.noarch.rpm
For all 6.x
Security Updates, see:
http://secunia.com/advisories/14730/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0961
http://www.osvdb.org/displayvuln.php?osvdb_id=11164
http://secunia.com/advisories/12992/
http://lists.horde.org/archives/announce/2004/000107.html
http://secunia.com/advisories/17468/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3570
* Mon Dec 05 2005 Greg Swallow
- 2.2.9-1sme00
- Rebuilt with horde 2.2.9
imp-3.2.8-1sme01.noarch.rpm
For all 6.x
Security Updates, see:
http://secunia.com/advisories/15077/
http://lists.horde.org/archives/imp/Week-of-Mon-20040920/039246.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1443
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0584
http://marc.theaimsgroup.com/?l=imp&m=105940167329471&w=2
http://marc.theaimsgroup.com/?l=imp&m=105981180431599&w=2
http://marc.theaimsgroup.com/?l=imp&m=105990362513789&w=2
* Thu Dec 8 2005 Ian Wells <esmith@wellsi.com>
- [3.2.8-1sme01]
- Apply date(r) patch to compose.php
* Mon Dec 05 2005 Greg Swallow
- Rebuilt with imp 3.2.8
Note: research for date(r) patch - Stewart Evans email : stiff@picknowl.com.au
losetup-2.11n-12.7.3.2.legacy.i386.rpm
mount-2.11n-12.7.3.2.legacy.i386.rpm
util-linux-2.11n-12.7.3.2.legacy.i386.rpm
For all 6.x
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-12-18-FLSA_2005_168326__Updated_util_linux_and_mount_packages_fix_security_issue.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168326
A bug was found in the way the umount command is executed by normal
users. It may be possible for a user to gain elevated privileges if the
user is able to execute the "umount -r" command on a mounted file
system. The file system will be re-mounted only with the "readonly" flag
set, clearing flags such as "nosuid" and "noexec". The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-2876 to this issue.
lynx-2.8.4-18.3.legacy.i386.rpm
For all 6.x
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-12-17-FLSA_2005_152832__Updated_lynx_package_fixes_security_issues.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152832
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious
URL which could execute arbitrary code as the user running lynx. The
Common Vulnerabilities and Exposures project assigned the name
CVE-2005-2929 to this issue.
Ulf Harnhammar discovered a stack overflow bug in Lynx when handling
connections to NNTP (news) servers. An attacker could create a web page
redirecting to a malicious news server which could execute arbitrary
code as the user running lynx. The Common Vulnerabilities and Exposures
project assigned the name CVE-2005-3120 to this issue.
mod_ssl-2.8.12-8.legacy.i386.rpm
For all 6.x
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-11-09-FLSA_2005_166941__Updated_httpd_and_mod_ssl_packages_fix_two_security_issues.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166941
A flaw was discovered in mod_ssl's handling of the "SSLVerifyClient"
directive. This flaw occurs if a virtual host is configured
using "SSLVerifyClient optional" and a directive "SSLVerifyClient
required" is set for a specific location. For servers configured in this
fashion, an attacker may be able to access resources that should
otherwise be protected, by not supplying a client certificate when
connecting. The Common Vulnerabilities and Exposures project assigned
the name CVE-2005-2700 to this issue.
openssl-0.9.6b-39.10.legacy.i386.rpm
openssl-0.9.6b-39.10.legacy.i686.rpm
For all 6.x
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-12-17-FLSA_2005_166939__Updated_openssl_packages_fix_security_issues.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166939
OpenSSL contained a software work-around for a bug in SSL handling in
Microsoft Internet Explorer version 3.0.2. This work-around is enabled
in most servers that use OpenSSL to provide support for SSL and TLS.
Yutaka Oiwa discovered that this work-around could allow an attacker,
acting as a "man in the middle" to force an SSL connection to use SSL
2.0 rather than a stronger protocol such as SSL 3.0 or TLS 1.0. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-2969 to this issue.
A bug was fixed in the way OpenSSL creates DSA signatures. A cache
timing attack was fixed in a previous advisory which caused OpenSSL to
do private key calculations with a fixed time window. The DSA fix for
this was not complete and the calculations are not always performed within
a fixed-window. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0109 to this issue.
Testing performed by the OpenSSL group using the Codenomicon TLS Test
Tool uncovered a null-pointer assignment in the do_change_cipher_spec()
function. A remote attacker could perform a carefully crafted SSL/TLS
handshake against a server that uses the OpenSSL library in such a way
as to cause OpenSSL to crash. Depending on the server this could lead to
a denial of service. (CVE-2004-0079)
php-4.1.2-7.3.18.legacy.sme1.i386.rpm
php-imap-4.1.2-7.3.18.legacy.sme1.i386.rpm
php-ldap-4.1.2-7.3.18.legacy.sme1.i386.rpm
php-mysql-4.1.2-7.3.18.legacy.sme1.i386.rpm
For all 6.x
Information for .17 & .18
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166943
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-07-10-FLSA_2005_155505__Updated_php_packages_fix_security_issues.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155505
Note this has one patch applied from 6.0 (6.5RC1 did not take this patch)
Notes from php-4.1.2-7.3.18.legacy
A bug was discovered in the PEAR XML-RPC Server package included in PHP.
If a PHP script is used which implements an XML-RPC Server using the
PEAR XML-RPC package, then it is possible for a remote attacker to
construct an XML-RPC request which can cause PHP to execute arbitrary
PHP commands as the 'apache' user. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-2498 to
this issue.
A flaw was found in the way PHP registers global variables during a file
upload request. A remote attacker could submit a carefully crafted
multipart/form-data POST request that would overwrite the $GLOBALS
array, altering expected script behavior, and possibly leading to the
execution of arbitrary PHP commands. Please note that this vulnerability
only affects installations which have register_globals enabled in the
PHP configuration file, which is not a default or recommended option.
The Common Vulnerabilities and Exposures project assigned the name
CVE-2005-3390 to this issue.
A flaw was found in the PHP parse_str() function. If a PHP script passes
only one argument to the parse_str() function, and the script can be
forced to abort execution during operation (for example due to the
memory_limit setting), the register_globals may be enabled even if it is
disabled in the PHP configuration file. This vulnerability only affects
installations that have PHP scripts using the parse_str function in this
way. (CVE-2005-3389)
A Cross-Site Scripting flaw was found in the phpinfo() function. If a
victim can be tricked into following a malicious URL to a site with a
page displaying the phpinfo() output, it may be possible to inject
javascript or HTML content into the displayed page or steal data such as
cookies. This vulnerability only affects installations which allow users
to view the output of the phpinfo() function. As the phpinfo() function
outputs a large amount of information about the current state of PHP, it
should only be used during debugging or if protected by authentication.
(CVE-2005-3388)
A denial of service flaw was found in the way PHP processes EXIF image
data. It is possible for an attacker to cause PHP to crash by supplying
carefully crafted EXIF image data. (CVE-2005-3353)
Notes from php-4.1.2-7.3.17.legacy
A bug was found in the way PHP processes IFF and JPEG images. It is
possible to cause PHP to consume CPU resources for a short period of
time by supplying a carefully crafted IFF or JPEG image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2005-0524 and CAN-2005-0525 to these issues.
A buffer overflow bug was also found in the way PHP processes EXIF image
headers. It is possible for an attacker to construct an image file in
such a way that it could execute arbitrary instructions when processed
by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1042 to this issue.
A denial of service bug was found in the way PHP processes EXIF image
headers. It is possible for an attacker to cause PHP to enter an
infinite loop for a short period of time by supplying a carefully
crafted image file to PHP for processing. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to
this issue.
The security fixes to the "unserializer" code in the previous release
introduced some performance issues. A bug fix for that issue is also
included in this update.
* Sat Sep 24 2005 Ian Wells <esmith@wellsi.com> 4.1.2-7.3.17sme1
- Locale segfault fix http://bugs.php.net/bug.php?id=19482
proftpd-1.2.9-es3sme1.i386.rpm
For 6.0 & 6.0.1 (There is a 6.5 specific version available)
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=284
The recent proftpd update relied on features in 6.5 so broke in 6.0. This version restores ownership of /var/log/proftpd.
* Wed Sep 21 2004 Ian Wells <esmith@wellsi.com>
- [1.2.9-es3sme1]
- Added ownership of /var/log/proftpd for SME 6.0x
rp-pppoe-3.3-10.legacy.src.rpm
For all 6.x
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-11-14-FLSA_2005_152794__Updated_rp_pppoe_package_fixes_security_issue.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152794
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet
driver from Roaring Penguin. When the program is running setuid root
(which is not the case in a default Red Hat Linux or Fedora Core
installation), an attacker could overwrite any file on the file system.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0564 to this issue.
samba-2.2.12-0.73.7.legacy.sme1.i386.rpm
samba-client-2.2.12-0.73.7.legacy.sme1.i386.rpm
samba-common-2.2.12-0.73.7.legacy.sme1.i386.rpm
For 6.0 & 6.0.1 (6.5 has samba 3)
FL Note: http://www.fedoralegacy.org/updates/RH7.3/2005-07-15-FLSA_2005_152874__Updated_samba_packages_fix_security_issues.html
FL Bug : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152874
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=276
Samba 2.2.11 addresses the following bug:
* Crashes in smbd triggered by a Windows XP SP2 client sending a FindNextPrintChangeNotify() request without previously issuing FindFirstPrintChangeNotify().
Note this has one patch applied from 6.0
During a code audit, Stefan Esser discovered a buffer overflow in Samba
versions prior to 3.0.8 when handling unicode filenames. An
authenticated remote user could exploit this bug which may lead to
arbitrary code execution on the server. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0882 to
this issue.
A bug was found in the input validation routines in versions of Samba
prior to 3.0.8 that caused the smbd process to consume abnormal amounts
of system memory. An authenticated remote user could exploit this bug to
cause a denial of service. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0930 to this
issue.
Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in
Samba versions prior to 3.0.10. An authenticated remote user could
exploit this bug which may lead to arbitrary code execution on the Samba
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1154 to this issue.
* Sun Sep 20 2005 Ian Wells <esmith@wellsi.com> 2.2.12-0.73.7.legacy.sme1
- Added Mitel's daemontools to allow samba to be supervised
- Removed BuildRequires: cups-devel
turba-1.2.5-1sme00.noarch.rpm
For all 6.x
Security Update.
Close XSS when setting the parent frame's page title by javascript (cjh).
http://secunia.com/advisories/15074/
* Mon Dec 05 2005 Greg Swallow
- 1.2.5-1sme00
- Rebuilt with turba 1.2.5
- removed patch, as already done in 1.2.5
yum-1.0.3-7sme06.noarch.rpm
For all 6.x
Contains new yum.conf to support the new directory structure for SME6.x updates
* Mon Nov 28 2005 Ian Wells <esmith@wellsi.com>
- [1.0.3-7sme06]
- Change [common-updates] to [updates-common]
* Sat Oct 1 2005 Ian Wells <esmith@wellsi.com>
- Rebuilt to support new repo structure for 6.x
================
6.0 only Updates
================
e-smith-base-4.14.1-15sme1.noarch.rpm
For 6.0 only, seperate version for 6.0.1, and all fixes are already in 6.5
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=265
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=244
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=242
SME Bug 126:
Password containing non-'ASCII printable' characters are accepted leading to potential lockout.
SME Bug 132:
Incorrect French translation error in the localnetwork panel.
SME Bug 311:
LYNX Browser - Help Content Not Available
* Wed Nov 23 2005 Ian Wells <esmith@wellsi.com>
- [4.14.1-15sme1]
- Applying available patches to resolve three Bug Reports.
- Version number chosen as 4.14.1-15 is deprecated.
- userpassword_patch from 6.5 [Bug 126]
- French Translation, fixed by localnetworks-french.patch [Bug 132]
- lynx defaults, fixed by e-smith-base-4.14.1-12.mitel_patch [Bug 311]
- Research provided by John Bennett
e-smith-hosts-1.12.0-01sme1.noarch.rpm
For 6.0 only, seperate versions for 6.0.1 & 6.5
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=258
Improved graphical layout in panel "Hostnames and addresses".
* Mon Nov 21 2005 Ian Wells <esmith@wellsi.com>
- [1.12.0-01sme1]
- Graphical layout in panel "Hostnames and addresses" [Bug 189]
- Patch provided by John Bennett
==================
6.0.1 only Updates
==================
e-smith-base-4.14.1-16sme1.noarch.rpm
For 6.0.1 only, seperate version for 6.0, and all fixes are already in 6.5
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=265
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=244
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=242
SME Bug 126:
Password containing non-'ASCII printable' characters are accepted leading to potential lockout.
SME Bug 132:
Incorrect French translation error in the localnetwork panel.
SME Bug 311:
LYNX Browser - Help Content Not Available
* Mon Nov 28 2005 Ian Wells <esmith@wellsi.com>
- [4.14.1-16sme1]
- Applying available patches to resolve three Bug Reports.
- userpassword_patch from 6.5 [Bug 126]
- French Translation, fixed by localnetworks-french.patch [Bug 132]
- lynx defaults, fixed by e-smith-base-4.14.1-12.mitel_patch [Bug 311]
- Research provided by John Bennett
e-smith-hosts-1.12.0-02sme1.noarch.rpm
For 6.0.1 only, seperate versions for 6.0 & 6.5
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=258
Improved graphical layout in panel "Hostnames and addresses".
* Tue Nov 22 2005 Ian Wells <esmith@wellsi.com>
- [1.12.0-02sme1]
- Graphical layout in panel "Hostnames and addresses" [Bug 189]
- Patch provided by John Bennett
e-smith-lilo-1.12.0-04sme1.noarch.rpm
For 6.0.1 only, 6.0 & 6.5 are not affected
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=277
Kernel default is not being kept from reboot to reboot
* Thu Nov 19 2005 Ian Wells <esmith@wellsi.com>
- [1.12.0-04sme1]
- Make Default kernel sticky again [Bug 115]
- Patch provided by John Bennett
================
6.5 only Updates
================
e-smith-apache-1.1.0-18sme03.noarch.rpm
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=256
A xml document is treated as text and not xml unless you send the correct header
* Mon Nov 28 2005 Ian Wells <esmith@wellsi.com>
- [1.1.0-18sme03]
- support XSLT stylesheets [Bug 193]
- Patch provided by John Bennett
e-smith-hosts-1.13.0-02sme07.noarch.rpm
For 6.5 only, seperate versions for 6.0 & 6.0.1
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=258
Improved graphical layout in panel "Hostnames and addresses".
* Tue Nov 22 2005 Ian Wells <esmith@wellsi.com>
- [1.13.0-02sme07]
- Graphical layout in panel "Hostnames and addresses" [Bug 189]
- "Static Hostname not working" fix [Bug 164]
- Patches provided by John Bennett
e-smith-imp-1.11.0-03sme02.noarch.rpm
For 6.5 only
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=254
SME Bug 254:
The user selection of 'None' for 'Choose the addressbook to use when adding addresses' doesn't seem to get saved
* Sun Dec 11 2005 John H. Bennett III <bennettj@thebennetthome.com>
- [1.11.0-03sme02]
- Change setting of 410Addressbook from locked to selectable which will
allow a user to choose to be able to save e-mail addresses to their
personal turba address book. Currently this is locked for all at none.
e-smith-portforwarding-1.1.0-05sme02.noarch.rpm
For 6.5 only. Other versions not affected.
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=247
When forwarding UDP ports in the server-manager, ports are forwarded, but it's their TCP counterparts which are opened in the firewall.
* Thu Nov 17 2005 Ian Wells <esmith@wellsi.com>
- [1.1.0-05sme02]
- Forward UDP patch (Adjust the correct firewall protocol hole)
- Applied patch from Gordon Rowell
proftpd-1.2.9-es3sme2.i386.rpm
For 6.5 only
SME Bug: http://bugs.contribs.org/show_bug.cgi?id=284
This bug is not relevant for 6.5, but version bumped to avoid picking up 6.0x version
* Wed Sep 21 2004 Ian Wells <esmith@wellsi.com>
- [1.2.9-es3sme2]
- Identical to 1.2.9-es3, built for SME 6.5
* Wed Sep 21 2004 Ian Wells <esmith@wellsi.com>
- [1.2.9-es3sme1]
- Added ownership of /var/log/proftpd for SME 6.0x
* Mon May 3 2004 Mark Knox <m_knox@mitel.com>
- [1.2.9-es3]
- Backport of security patch for http://bugs.proftpd.org/show_bug.cgi?id=2267
[markk MN00025561]
* Mon Jan 19 2004 Michael Soulier <michael_soulier@mitel.com>
- [1.2.9-es2]
- Removing ownership of /var/log/proftpd, as we've put this under
supervise. [msoulier 9547]
-
Two issues have been raised with this update set:
1. php-pgsql
If your SME Server was originally SME 5.x, or you have since installed php-pgsql then the following message will occur.
>Package php-pgsql needs php = 4.1.2-2es3 (not provided)
Php-pgsql was not provided in the original SME 6.x releases, so the update
Does not provide a new version of this.
However the build system did generate this file which is currently available
At (not tested) :
http://wellsi.com/sme/patches/6.0/php-pgsql-4.1.2-7.3.18.legacy.sme1.i386
rpm
However - unless you know that you really need php-pgsql I recommend that you remove it. This simpler option was suggested by Charlie and solved the problem for others.
2. Horde 3
this is another unsupported configuration, but two solutions have been proposed
If you have installed Horde 3 then either modify /etc/yum.conf before the iupdate
exclude=horde imp turba e-smith-horde e-smith-imp e-smith-turba
or re-run the script after the update.
-
Was an 'update' panel ever on the cards ? I seem to remember something called 'blades' proposed a while back although my memory isnt as good as I remember!
Sure would be nice to have a clicky pick list of add-ons and upgrades :)