Release notes Kolab2 Server (Version 20070420, Kolab Server 2.1 rc 2) This is a development snapshot of the kolab server leading up to a 2.1 release. For upgrading and installation instructions, please refer to the 1st.README file in the source directory. These topics need testing in 2.1 rc 2: - Upgrades from Kolab server 2.0, see 1st.README and UPGRADING.20-21. - New free/busy code - New database backend for the free/busy cache Differences between Kolab 2.0.x and 2.1: - Simple multi-domain support The Kolab server can now accept mail for multiple email domains. There is also a new class of maintainers which are only allowed to manage settings for a subset of the mail domains of the kolab server. - Hashed IMAP spool The default imapd configuration has been changed to enable the hashimapspool option. This means that in 2.1 the default directory layout of the imapd spool (/kolab/var/imapd/spool/) is different from the one in 2.0. When you upgrade from 2.0 it's best to keep using the old structure, so remove or comment out the corresponding line in /kolab/etc/kolab/templates/imapd.conf.template *before* running kolabconf. For new installations the new default setting is recommended because it's more efficient especially when you have many mailboxes. For details see kolab/issue1089. Changes since 2.1 rc 1: - apache-1.3.33-2.5.6_kolab2 kolab/issue1607 (need to replace gdbm for pfbcache, because of license clash gdbm vs php) - clamav-0.90.2-20070413_kolab New upstream version, fixes various security issues. - file-4.15-2.5.0_kolab2 Fix for security issue described in CVE-2007-1536: buffer overflow, remotely exploitable due to the usage of file in amavisd-new - fsl-1.7.0-20070303 New upstream version. kolab/issue1172 (Cyrus Imapd dies when logfile exceeds 2 GiB) - php-4.4.0-2.5.2_kolab2 kolab/issue1607 (need to replace gdbm for pfbcache, because of license clash gdbm vs php) - spamassassin-3.1.0-2.5.1_kolab Fix for security issue described in CVE-2007-0451: possible DoS due to incredibly long URIs found in the message content Disabled external DNS and URI blacklists, because some of these services require payment if used for many mailboxes. Ignore headers inserted on the receiving side for bayes filtering. - perl-kolab-5.8.7-20070420 Added debug option for verbose logging to stderr. - kolabd-2.1.0-20070420 Fix the path to the freebusy directory for non-OpenPKG installations. Fix usage of tar and modification of rc.conf during slave setup for non-OpenPKG installations. Don't pass notifications and quarantined mails through amavisd-new. Updated configuration templates for ClamAV 0.90 Updated openldap monitor configuration. Updated cyrus imapd configuration to use cyr_expire. kolab/issue954 (kolab server rejects mails that should be marked untrusted) kolab/issue1607 (need to replace gdbm for pfbcache, because of license clash gdbm vs php) kolab/issue1609 ("kolab --help" tries to execute *all* commands) kolab/issue1638 (kolabconf generates broken resmgr.conf) kolab/issue1680 (/kolab/bin/kolab fix) - kolab-horde-fbview-2.1.0-20070420 Updated version number, no other changes since 2.1rc1 - kolab-resource-handlers-2.1.0-20070420 Improved logging for opening pfbcache.db kolab/issue954 (kolab server rejects mails that should be marked untrusted) kolab/issue1607 (need to replace gdbm for pfbcache, because of license clash gdbm vs php) kolab/issue1659 (Freebusy assumes that all day events last exactly one day) - kolab-webadmin-2.1.0-20070420 Updated Dutch and German translations. kolab/issue1457 (updated French translation) kolab/issue1612 (modify user ignores account type) kolab/issue1614 (ldap_add() - Constraint violation on change user account type) kolab/issue1630 (Domain maintainer can see distribution lists from other domains) kolab/issue1652 (Import users from ldif and LDAP Constraint violation) kolab/issue1654 (New LDAP overlay prevents modification of distribution lists) kolab/issue1663 (It is possible to create domain maintainers without domains) kolab/issue1670 (Renaming a domain maintainer twice within the same form fails) Changes since 2.1 beta 4: - kolabd-2.0.99-20070205 kolab/issue1335 (pfbcache.db locking problems) kolab/issue1507 (Public viewable phpinfo() and more in Server default installation) kolab/issue1550 (Masquerade problem, corrected template) kolab/issue1563 (freebusy.conf template doesn't match freebusy.conf from package) kolab/issue1575 (Openldap enhanced data integrity) - kolab-webadmin-2.0.99-20070205 Disabled Spanish language selection from web admin interface, because of missing translation. kolab/issue1479 ("Type" of shared folder can only be modified in 2nd try) kolab/issue1486 ("About Kolab" in Webinterface needs work over) kolab/issue1539 (extension to the opening text, when the manager logs in for the 1st time) kolab/issue1559 (Domain Maintainer cannot delete "his" users) kolab/issue1586 ("Required field" not translated to German in web admin) kolab/issue1592 (LANGUAGE variable overrides web admin language selection) Changes since 2.1 beta 3: - clamav-0.88.7-20061211 bypass virus detection (CVE-2006-6406), denial of service, remotely exploitable (CVE-2006-6481) (http://kolab.org/security/kolab-vendor-notice-14.txt) - kolabd-2.0.99-20070117 Updated proftpd.conf template: LDAPHomedirOnDemand(Prefix) is now named LDAPGenerateHomedir(Prefix). Set imapidlepoll to 5 seconds in imapd.conf.template.in. kolab/issue1433 (Some files in /kolab/etc/postfix have wrong ownership) kolab/issue1484 (Warnings using openldap = 2.3.27-2.20061018_kolab) kolab/issue1487 (amavisd.conf mynetworks incomplete) kolab/issue1531 (amavisd.conf local_domains only contains primary domain) kolab/issue1532 (Set "duplicatesuppression: 0" in imapd.conf.template?) - kolab-horde-fbview-2.0.99-20070112 Improvements to the week view (part of kolab/issue666) Removed dangerous php scripts (part of kolab/issue1507) - kolab-resource-handlers-2.0.99-20070117 kolab/issue1490 (freebusy cache written to /kolab/kolab/...) kolab/issue1512 (No FB information for resource accounts) kolab/issue1558 (kolab-webadmin and php 5.2.0) - kolab-webadmin-2.0.99-20070117 kolab/issue1013 (user passwords sha1 encoded without salt) kolab/issue1262 (Setting quota to 4096+ MB breaks message delivery) kolab/issue1418 (fields visible even when attribute_access is "hidden" in session_vars.php) kolab/issue1540 (Typo on kolab/admin/service page) kolab/issue1555 (Login screen shows error msg for no good reason) - openldap-2.3.29-2.20061110_kolab New upstream version, fixes CVE-2006-5779 (Bugtraq ID 20939) - perl-kolab-5.8.7-20070117 Only print warning about missing configuration variable if relevant. kolab/issue1550 (Masquerade problem) Changes since 2.1 beta 2: - openpkg-2.5.4-2.5.4 New upstream version. - apache-1.3.33-2.5.6 denial of service and possibly arbitrary code execution via crafted URLs that are not properly handled using certain rewrite rules. http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html - gzip-1.3.5-2.5.1 denial of service, arbitrary code execution http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html - curl-7.15.0-2.5.2 buffer overflow http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.012-curl.html - openssl-0.9.8a-2.5.4 denial of service, may allow execution of arbitrary code (http://kolab.org/security/kolab-vendor-notice-12.txt) - clamav-0.88.5-2.20061018 buffer overflow, remotely exploitable (CVE-2006-4018) (http://kolab.org/security/kolab-vendor-notice-10.txt) heap overflow, remotely exploitable (CVE-2006-4182), denial of service, remotely exploitable (CVE-2006-5295) (http://kolab.org/security/kolab-vendor-notice-13.txt) - file-4.15-2.5.0_kolab kolab/issue1458 (Password protected .sxw files can be banned by amavisd, as a result of the file command) - openldap-2.3.27-2.20061018_kolab New upstream version, fixes CVE-2006-4600 (Bugtraq ID 19832) and other problems. kolab/issue1229 (Master openldap's slurpd fails to start after adding slave) kolab/issue1431 (Slave cannot access master ldap server via SSL) - imapd-2.2.12-2.5.0_kolab2 Fix folder structure for foldernames with non-alphanumeric characters, when using skiplist as the database backend for mailboxes.db. - perl-kolab-5.8.7-20061110 kolab/issue1194 (serious performance problem on high number of users) - kolabd-2.0.99-20061110 Added missing relay service for postfix. Changed main.cf masquerading defaults so email to user@machine.example.org is actually delivered. Use mailbox_transport instead of local_transport for kolabmailboxfilter to work around issue825. Removed doubled attribute cyrus-autocreatequota. Added indexes for delegate and delete. Updated freebusy.conf template for freebusy IMAP caching. Changed imapd.conf template to use berkeley db instead of skiplist for annotations.db and mailboxes.db as a workaround for kolab/issue840 (Annotations needs to be more robust). kolab/issue824 (kolabmailboxfilter run once for each recipient) kolab/issue1264 (Add support for sieve based notifications) kolab/issue1273 (Sending as delegate broken in Kolab server 2.1) kolab/issue1428 (Fixed locking issue) kolab/issue1433 (Some files in /kolab/etc/postfix have wrong ownership) - kolab-webadmin-2.0.99-20061110 Fixes for setting folder type of shared folders. Guard against large number of users. kolab/issue1457 (updated French translation) - kolab-resource-handlers-2.0.99-20061110 Improvements and fixes for freebusy IMAP caching. kolab/issue815 (invitation replies vanish in resmgr) kolab/issue957 (All-day events from Outlook don't show up in freebusy) kolab/issue974 (Localize the text for rewritten From: headers) kolab/issue1042 (empty lines at the end of mails delivered via LMTP) kolab/issue1352 (resmgr can create wrong range dates) kolab/issue1387 (resmgr replies to replies creating mail loop) kolab/issue1422 (Dummy freebusy info) Changes since 2.1 beta 1: OpenPKG updates: openpkg-2.5.2-2.5.2 openpkg-registry-0.2.7-20060223 libxslt-1.1.15-2.5.1 php-smarty-2.6.10-20051003 clamav-0.88.2-20060524 binutils-2.16.1-2.5.1 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.009-binutils.html openldap-2.3.11-2.5.1 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.008-openldap.html Kolab updates: More distconf changes by Richard Bos and Markus Hüwe. - perl-kolab-5.8.7-20060619 Resolved: Issue1194 (kolabd quota performance) Issue1220 (postfix permissions) issue1237 (Handling of @@@var@@@ in Conf.pm (Gunnar Wrobel)) - kolabd-2.0.99-20060619 * The default imapd configuration has been changed to enable the hashimapspool option. This affects the upgrade procedure. See 1st.README for upgrade instructions. * amavis now logs to /kolab/var/amavisd/amavisd.log. This is part of the fix for Issue1015 Resolved: Issue1015 (fixing logging and logrotate for amavisd) Issue1089 (enable hashimapspool for imapd to cope with many users) Issue1101 (allowapop: no; disable apop access to imapd by default) Issue1105 (fix compilation of kolabd on FreeBSD) Issue1257 (wrong attribute name for imap quota) - kolab-webadmin-2.0.99-20060619 * patch from Tobias König in order to support setting of foldertype for public folders Resolved: Issue848 (Modifying address book entry may break distribution list) Issue1106 (email validation in webgui) Issue1214 (number of days for vacation messages on webinterface) Issue1263 (Bug in the shared folders folder-type code) [Wrobel] - kolab-resource-handlers-2.0.99-20060619 * create empty pfbcache.db if missing Resolved: Issue973 (quoting and rewriting From header) Issue966 (Wrong CN for resource accounts) Issue1042 (server modifies email content) Issue1195 (error message in bounce) Issue1243 (rewriting fails when "From:" contains quoted printable) Issue1245 (rewriting problems on folded Header "From:"-line) $Id: release-notes.txt,v 1.102 2007/04/20 15:28:28 thomas Exp $