Hi!
I've just uploaded the last bits of Kolab Server 2.1 Beta 3,
which
fixes more than 30 problems found in Beta 2 and includes the
security updates published until now.
Documentation and OpenPKG source packages will be available
in the
directory server/beta/kolab-server-2.1-beta-3/ of the
mirrors listed
on http://kolab.org/mirror
s.html soon. Included is a gpg signed
MD5SUMS file to verify if your download is correct:
$ gpg --verify MD5SUMS
$ md5sum -c MD5SUMS
The packages are available since Friday, so you already can
start
downloading from server/development-2.1/dated/20061110/, all
that
was changed since then are the files release-notes.txt,
1st.README
and UPGRADING.20-21, which I have attached to this mail for
your
convenience.
Please follow the instructions in 1st.README, because
otherwise some
things will not work as expected.
UPGRADING.20-21 contains instructions for upgrading from
Kolab
server 2.0 to 2.1, but they need testing on more live
systems.
Please report failed and successful upgrades to the mailing
list.
Regards,
Thomas Arendsen Hein
--
Email: thomas intevation.de
http://intevation.de/~t
homas/
Release notes Kolab2 Server
(Version 20061110, Kolab Server 2.1 beta 3)
This is a development snapshot of the kolab server leading
up to a 2.1
release. For upgrading and installation instructions,
please refer to
the 1st.README file in the source directory.
WARNING, these topics need testing in 2.1 beta 3:
- Instructions for upgrading from Kolab server 2.0 in
1st.README.
- Changed imapd database format for annotations.db and
mailboxes.db
- New free/busy code (see section "Known
problems")
Differences between Kolab 2.0.x and 2.1:
- Simple multi-domain support
The Kolab server can now accept mail for multiple
email domains.
There is also a new class of maintainers which are
only allowed to
manage settings for a subset of the mail domains of
the kolab
server.
- Hashed IMAP spool
The default imapd configuration has been changed to
enable the
hashimapspool option. This means that in 2.1 the
default directory
layout of the imapd spool (/kolab/var/imapd/spool/) is
different from
the one in 2.0. When you upgrade from 2.0 it's best to
keep using the
old structure, so remove or comment out the
corresponding line in
/kolab/etc/kolab/templates/imapd.conf.template
*before* running
kolabconf. For new installations the new default
setting is recommended
because it's more efficient especially when you have
many mailboxes.
For details see kolab/issue1089.
Known problems:
- Retrieving the free/busy information isn't working,
unless you use
the following workaround on the server:
cd /kolab && ln -s . kolab
See kolab/issue1490 (freebusy cache written to
/kolab/kolab/...)
for details. Be careful when creating backups of your
/kolab directory
to not follow symbolic links, because this is a
recursive one.
- Under some circumstance the Kolab server may not
update create
users or update the configuration after changes have
been made in
the web interface. This happens most often
immediately after the
bootstrap. In that case restart the kolabd:
/kolab/bin/openpkg rc kolabd restart
See kolab/issue1068 (Mailboxes are not created until
kolabd restart)
and kolab/ssue1098 (Changes in the service tab are not
accepted after
bootstrap) for details.
- If modifying or deleting of address book entries
doesn't work,
restarting openldap can help, see kolab/issue854 for
details.
- Setting Cyrus IMAP quota to 4096MB or more breaks
delivery to this user.
Setting to unlimited works though. See kolab/issue1262
for details.
Changes since 2.1 beta 2:
- openpkg-2.5.4-2.5.4
New upstream version.
- apache-1.3.33-2.5.6
denial of service and possibly arbitrary code execution via
crafted
URLs that are not properly handled using certain rewrite
rules.
http://www.openpkg.org/security/adviso
ries/OpenPKG-SA-2006.015-apache.html
- gzip-1.3.5-2.5.1
denial of service, arbitrary code execution
http://www.openpkg.org/security/advisori
es/OpenPKG-SA-2006.020-gzip.html
- curl-7.15.0-2.5.2
buffer overflow
http://www.openpkg.org/security/advisori
es/OpenPKG-SA-2006.012-curl.html
- openssl-0.9.8a-2.5.4
denial of service, may allow execution of arbitrary code
(
http://kolab.org/security/kolab-vendor-notice-12.txt)
- clamav-0.88.5-2.20061018
buffer overflow, remotely exploitable (CVE-2006-4018)
(
http://kolab.org/security/kolab-vendor-notice-10.txt)
heap overflow, remotely exploitable (CVE-2006-4182),
denial of service, remotely exploitable (CVE-2006-5295)
(
http://kolab.org/security/kolab-vendor-notice-13.txt)
- file-4.15-2.5.0_kolab
kolab/issue1458 (Password protected .sxw files can be
banned by
amavisd, as a result of the file command)
- openldap-2.3.27-2.20061018_kolab
New upstream version, fixes CVE-2006-4600 (Bugtraq ID
19832)
and other problems.
kolab/issue1229 (Master openldap's slurpd fails to start
after
adding slave)
kolab/issue1431 (Slave cannot access master ldap server via
SSL)
- imapd-2.2.12-2.5.0_kolab2
Fix folder structure for foldernames with non-alphanumeric
characters,
when using skiplist as the database backend for
mailboxes.db.
- perl-kolab-5.8.7-20061110
kolab/issue1194 (serious performance problem on high number
of users)
- kolabd-2.0.99-20061110
Added missing relay service for postfix.
Changed main.cf masquerading defaults so email to
usermachine.example.org is actually delivered.
Use mailbox_transport instead of local_transport for
kolabmailboxfilter to work around issue825.
Removed doubled attribute cyrus-autocreatequota.
Added indexes for delegate and delete.
Updated freebusy.conf template for freebusy IMAP caching.
Changed imapd.conf template to use berkeley db instead of
skiplist for annotations.db and mailboxes.db as a
workaround
for kolab/issue840 (Annotations needs to be more robust).
kolab/issue824 (kolabmailboxfilter run once for each
recipient)
kolab/issue1264 (Add support for sieve based notifications)
kolab/issue1273 (Sending as delegate broken in Kolab server
2.1)
kolab/issue1428 (Fixed locking issue)
kolab/issue1433 (Some files in /kolab/etc/postfix have
wrong ownership)
- kolab-webadmin-2.0.99-20061110
Fixes for setting folder type of shared folders.
Guard against large number of users.
kolab/issue1457 (updated French translation)
- kolab-resource-handlers-2.0.99-20061110
Improvements and fixes for freebusy IMAP caching.
kolab/issue815 (invitation replies vanish in resmgr)
kolab/issue957 (All-day events from Outlook don't show up
in freebusy)
kolab/issue974 (Localize the text for rewritten From:
headers)
kolab/issue1042 (empty lines at the end of mails delivered
via LMTP)
kolab/issue1352 (resmgr can create wrong range dates)
kolab/issue1387 (resmgr replies to replies creating mail
loop)
kolab/issue1422 (Dummy freebusy info)
Changes since 2.1 beta 1:
OpenPKG updates:
openpkg-2.5.2-2.5.2
openpkg-registry-0.2.7-20060223
libxslt-1.1.15-2.5.1
php-smarty-2.6.10-20051003
clamav-0.88.2-20060524
binutils-2.16.1-2.5.1
http://www.openpkg.org/security/advi
sories/OpenPKG-SA-2006.009-binutils.html
openldap-2.3.11-2.5.1
http://www.openpkg.org/security/advi
sories/OpenPKG-SA-2006.008-openldap.html
Kolab updates:
More distconf changes by Richard Bos and Markus Hüwe.
- perl-kolab-5.8.7-20060619
Resolved:
Issue1194 (kolabd quota performance)
Issue1220 (postfix permissions)
issue1237 (Handling of var in Conf.pm (Gunnar
Wrobel))
- kolabd-2.0.99-20060619
* The default imapd configuration has been changed to
enable the
hashimapspool option. This affects the upgrade
procedure.
See 1st.README for upgrade instructions.
* amavis now logs to /kolab/var/amavisd/amavisd.log. This
is
part of the fix for Issue1015
Resolved:
Issue1015 (fixing logging and logrotate for amavisd)
Issue1089 (enable hashimapspool for imapd to cope with
many users)
Issue1101 (allowapop: no; disable apop access to imapd
by default)
Issue1105 (fix compilation of kolabd on FreeBSD)
Issue1257 (wrong attribute name for imap quota)
- kolab-webadmin-2.0.99-20060619
* patch from Tobias König in order to support setting of
foldertype for public folders
Resolved:
Issue848 (Modifying address book entry may break
distribution list)
Issue1106 (email validation in webgui)
Issue1214 (number of days for vacation messages on
webinterface)
Issue1263 (Bug in the shared folders folder-type code)
[Wrobel]
- kolab-resource-handlers-2.0.99-20060619
* create empty pfbcache.db if missing
Resolved:
Issue973 (quoting and rewriting From header)
Issue966 (Wrong CN for resource accounts)
Issue1042 (server modifies email content)
Issue1195 (error message in bounce)
Issue1243 (rewriting fails when "From:"
contains quoted printable)
Issue1245 (rewriting problems on folded Header
"From:"-line)
$Id: release-notes.txt,v 1.55 2006/11/15 17:57:01 thomas Exp
$
Kolab2 Server Important Information
===================================
For more information on Kolab, see http://www.kolab.org
Quick install instructions
--------------------------
For a fresh install /kolab needs to be an empty directory
with enough space.
You can use a symlink, but do _not_ use an NFS mounted
drive.
Make sure that the following names are not in /etc/passwd or
/etc/groups,
as openpkg will want to create them: "kolab"
"kolab-r" "kolab-n"
Check the www.openpkg.org documentation for your platform.
E.g. some platforms need gettext installed
or the locale set to C during installation, like:
LC_ALL=C
LC_MESSAGES=C
LANG=C
SUPPORTED=C
export LC_ALL LC_MESSAGES LANG SUPPORTED
Make sure the locale you want to set is supported by your
c-library.
Otherwise the webadmin interface might only be in English.
To install the Kolab2 server, you need to download the files
from the
directory containing this file (1st.README) to some local
directory,
then as root, chdir into that local directory and run
# ./obmtool kolab 2>&1 | tee kolab-build.log
to build and install packages in /kolab.
By default, the Kolab Server will now be started at
boottime.
After the build/install is complete, please run
# /kolab/etc/kolab/kolab_bootstrap -b
and follow the instructions.
Workaround for problem in free/busy cache generation
----------------------------------------------------
Retrieving the free/busy information isn't working, unless
you use
the following workaround on the server:
cd /kolab && ln -s . kolab
See kolab/issue1490 (freebusy cache written to
/kolab/kolab/...)
for details. Be careful when creating backups of your /kolab
directory
to not follow symbolic links, because this is a recursive
one.
General update instructions
---------------------------
Usually an update of the Kolab 2 server works as described
here. In
some cases you will need to deviate from these instructions
a bit. All
such cases are documented below, so read the release
specific update
instructions for all releases newer than the one you already
have before
you start the update.
In any case you should completely read *all* relevant update
instruction *before* starting the upgrade procedure. All
ways make
sure you have a recent backup of your /kolab directory
before you
attempt to upgrade Kolab.
The installation of the new packages works just as for the
initial
installation. Download the files as described above and run
# ./obmtool kolab
obmtool will usually automatically determine which packages
need to be
built. If you have made changes to the configuration files
in
/kolab/etc/kolab/templates/ and the new release has a new
kolabd package
you may need to transfer your changes from the backups
created by rpm
(the *.rpmsave) files to the new template files. Then
regenerate the
configuration with
# /kolab/sbin/kolabconf
You may want to check the permissions of your files in
/kolab/etc/kolab/
after installing or upgrading, as there have been problems
with this in
the past. Especially kolab.conf and copies shall only be
readable to
the owner (usually "kolab"). The installation and
configuration scripts
should make sure that the permissions are correct but
there's a chance
that the permissions can still go wrong, especially if you
upgrade from
pre Beta1 releases.
Upgrading from earlier versions
-------------------------------
Direct upgrade from Kolab1 is not recommendable at this
point. We
suggest that you back up your IMAP store, install Kolab2 and
manually
recreate user accounts and then restore the IMAP data from
the backup.
After an upgrade, always run /kolab/sbin/kolabconf to make
sure the
configuration files are regenerated from your templates.
Upgrade from 2.0 releases to 2.1-versions
-----------------------------------------
Upgrading from Kolab 2.0.x to 2.1 is described in detail in
the file
UPGRADING.20-21 in this directory.
The latest version of the upgrading instruction can be found
in the
Kolab.org raw-howtos CVS:
ht
tp://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/doc/raw-
howtos/kolab_2.0_to_2.1_upgrade_instructions.txt
Please read carefully all the following update instructions
in this
file, while some of the information might be redundant there
are
additional notes which are essential for an successful
update.
Upgrade from pre-2.1-snapshot-20051130
--------------------------------------
This upgrade is somewhat tricky, because of a new db package
and a new
OpenLDAP version. To make sure that no data is lost, you
are strongly
advised to stop the server and make a backup before you
start the
update. Some files are removed during the upgrade described
below.
1. Before installing the new RPMs
Before installing the new packages, copy the contents of the
openldap
database (use a different output filename if you want):
/kolab/sbin/slapcat > ~/kolab-slapcat-data
The db update also affects the imap server.
cd /kolab/var/imapd/db
/kolab/bin/db_recover
rm /kolab/var/imapd/db/*
2. After installing the new RPMs
You need to make two small changes are required for the
openldap
configuration file /kolab/etc/openldap/slapd.conf:
- comment out the line
require none
- Move the line with the suffix setting to just after the
"database
bdb" line.
These changes have already been done in the new
slapd.conf.template, so
it can be used for guidance.
Then restore the openldap data:
rm /kolab/var/openldap/openldap-data/*
/kolab/sbin/slapadd -l ~/kolab-slapcat-data
The IMAP server should work without further changes.
Upgrade from pre-2.1-snapshot-20051215
--------------------------------------
Nothing special has to be done for this upgrade.
Upgrade from 2.1-beta-1
-----------------------
1. imapd hashimapspool setting
The default imapd configuration has been changed to enable
the
hashimapspool option. This means that in 2.1-beta-2 the
directory
layout of the imapd spool (/kolab/var/imapd/spool/) is
different from
the one in beta-1. When you upgrade from beta-1 it's best
to keep using
the old structure, so remove or comment out the
corresponding line in
/kolab/etc/kolab/templates/imapd.conf.template *before*
running
kolabconf.
For new installations the new default setting is recommended
because
it's more efficient especially when you have many mailboxes.
For some background information about this see the dicussion
at
https:/
/intevation.de/roundup/kolab/issue1089
2. distribution lists
There was a bug in earlier versions regarding the
distribution lists for
administrative emails aliases like postmaster<domain>. They were
created without the domain part. This has been fixed so
that they are
created with the correct domains in their names, but admin
distribution
lists created by an earlier Kolab server version will not be
updated
automatically. The easiest way to do this is by deleting
them all and
then to create them again with the services page of the
web-interface.
For more details about the bug, see
https:/
/intevation.de/roundup/kolab/issue1100
Upgrade from 2.1-beta-2
-----------------------
1. postfix: ownership of virtual and transport:
The owner of two config files has to be root, otherwise
postfix will
change to an unprivileged user for creating the
corresponding .db files,
isn't able to write them after the upgrade and fails to
create further
database files which don't get generated from kolab
templates.
To correct the file owner, execute the following commands as
root:
cd /kolab/etc/postfix
chown root transport virtual
make
See kolab/issue1433 for details about this topic.
2. imapd: database format for annotations.db and
mailboxes.db
The default database format for
/kolab/var/imapd/annotations.db and
/kolab/var/imapd/mailboxes.db has changed from skiplist to
berkeley db.
If you want to keep the old format, comment out or remove
the lines
"annotation_db: berkeley" and "mboxlist_db:
berkeley" in the file
"/kolab/etc/kolab/templates/imapd.conf.template"
and make sure the file
"/kolab/etc/imapd/imapd.conf" reflects this, too,
by either running
/kolab/sbin/kolabconf or changing it manually there, too.
To convert the databases to berkeley db format, execute as
root:
/kolab/bin/openpkg rc imapd stop
su - kolab-r
cd /kolab/var/imapd/
mv annotations.db annotations.db-skiplist
cvt_cyrusdb /kolab/var/imapd/annotations.db-skiplist
skiplist
/kolab/var/imapd/annotations.db berkeley
mv mailboxes.db mailboxes.db-skiplist
cvt_cyrusdb /kolab/var/imapd/mailboxes.db-skiplist
skiplist
/kolab/var/imapd/mailboxes.db berkeley
exit
/kolab/bin/openpkg rc imapd start
See http://wiki.kolab.org/index.php/Kolab2_IMAPD
_annotations.db_Problems
for details about this topic.
$Id: README.1st,v 1.40 2006/11/15 17:57:01 thomas Exp $
Upgrade Kolab Server from 2.0.x to 2.1
======================================
Preliminary instructions for the upgrade of a Kolab Server
from version
2.0.x to Kolab Server 2.1.
NOTE: This is an early version of the upgrade instructions.
It is not
very well tested and may not cover all problems that may
occur during
the upgrade. Before attempting the upgrade, make sure you
have a
current and working backup of your data.
Preparation for the Upgrade
---------------------------
1. Backup the old installation.
2. Stop the Kolab Server
/kolab/bin/openpkg rc all stop
3. Extract ldap data
Copy the contents of the openldap database (use a different
output
filename if you want):
/kolab/sbin/slapcat > ~/kolab-2.0.ldif
4. Prepare for berkeley db update
cd /kolab/var/imapd/db
/kolab/bin/db_recover
rm /kolab/var/imapd/db/*
Installation
------------
The installation of the new packages is done in the normal
way. See the
file 1st.README accompanying the 2.1 server for details. Do
not do
anything after the installation yet. In particular, do not
start any
part of the server again or run kolabconf.
Configuration
-------------
1. Check custom configuration
If you have custom configurations in your templates, the
installation
process renames your templates and leaves them in files with
the
extension .rpmsave. Copy any modifications from your
templates to the
new one if they are still needed.
After that the files with the extension .rpmsave must be
removed or
renamed. There might be more files with the .rpmsave ending
in
/kolab/etc, you can find them for example using the find
command:
find /kolab/etc -name '*.rpmsave'
Any files found must be checked and moved out of the way, in
most
cases they can just be deleted.
2. Cyrus IMAPd
The default imapd configuration has been changed to enable
the
hashimapspool option. This means that in 2.1 the default
directory
layout of the imapd spool (/kolab/var/imapd/spool/) is
different from
the one in 2.0. When you upgrade from 2.0 it's best to keep
using the
old structure, so remove or comment out the line
"hashimapspool: yes"
in /kolab/etc/kolab/templates/imapd.conf.template *before*
running
kolabconf.
For new installations the new default setting is recommended
because
it's more efficient especially when you have many mailboxes.
For some background information about this see the dicussion
at
https:/
/intevation.de/roundup/kolab/issue1089
3. LDAP
You need to make two small changes to the configuration file
/kolab/etc/openldap/slapd.conf:
- comment out the line
require none
- Move the line with the suffix setting to just after the
"database
bdb" line.
These changes have already been made in the new
slapd.conf.template, so
that could be used for guidance.
Convert the openldap data. The LDAP data-structures have
changed
between 2.0 and 2.1 as described in Kolab2 Architecture
Draft:
ht
tp://kolab.org/doc/concept-draft-cvs20060921.pdf
There's a Python script that can do the transformation. The
script is
utils/admin/convert-ldif-21.py in Kolab CVS and requires
python >= 2.1
and python-ldap >= 2.0, you can download the current
version from:
http://kolab.org/cgi-bin/vie
wcvs-kolab.cgi/*checkout*/utils/admin/convert-ldif-21.py
The script works on the ldif data that was exported with
slapcat earlier:
python convert-ldif-21.py ~/kolab-2.0.ldif
~/kolab-2.1.ldif
Then restore the openldap data using the output from
upgrade-ldap.py:
rm /kolab/var/openldap/openldap-data/*
/kolab/sbin/slapadd -l ~/kolab-2.1.ldif
This will issue some warnings which can be safely ignored.
4. kolabconf
Now start the openldap server and run kolabconf
/kolab/bin/openpkg rc openldap start
/kolab/sbin/kolabconf
Kolabconf will might complain about be some files ending
.rpmnew under
/kolab/etc. Check those files and move them out of the way.
It's
likely that you can simply remove them.
Start the Server
----------------
Now you should be able to start the server again:
/kolab/bin/openpkg rc all start
Final Steps
-----------
1. The internal format of the ldap records for the list of
privileged
networks has changed, to updated these recods go to the
kolab web
interface an log in as administrative user. Open the
"Services"
page and search for the "Privileged Networks"
section. Click the
update button for the networks list.
2. Kolab 2.1 doesn't need some of the OpenPKG packages which
were
installed for 2.0, these can be removed:
/kolab/bin/openpkg rpm -e dcron vim pth
Especially the dcron package should be removed in any
case,
otherwise deprecated cronjobs will be run and generate
mails with
error messages to the kolab administrator.
$Id: kolab_2.0_to_2.1_upgrade_instructions.txt,v 1.4
2006/11/15 17:37:40 thomas Exp $
_______________________________________________
Kolab-announce mailing list
Kolab-announcekolab.org
htt
ps://kolab.org/mailman/listinfo/kolab-announce |