An update that solves 6 vulnerabilities and has 58 fixes is
now available.
Description:
This update for cobbler fixes the following issues:
Add cobbler-tests subpackage for unit testing for openSUSE/SLE
Adds LoadModule definitions for openSUSE/SLE
Switch to new refactored auth module.
use systemctl to restart cobblerd on logfile rotation (boo#1169207)
Mainline logrotate conf file uses already /sbin/service instead of
outdated: /etc/init.d/cobblerd
Fix cobbler sync for DHCP or DNS (boo#1169553) Fixed mainline by commit
2d6cfe42da
Signatures file now uses “default_autoinstall” which fixes import
problem happening with some distributions (boo#1159010)
Fix for kernel and initrd detection (boo#1159010)
New:
Changes:
Bugfixes:
Other:
Breaking Changes:
Updated to version 3.1.1.
New:
Changes:
Bugfixes:
Other:
Update to latest git HEAD code base This version (from mainline so for
quite a while already) also includes fixes for “boo#1149075” and
boo#1151875
Fix for cobbler import and buildiso (boo#1156574)
Adjusted manpage creation (needs sphinx as BuildRequires)
Fix cobbler sync for dhcp and dns enabled due to latest module renaming
patches
Update to latest git HEAD
Now track Github master branch WARNING: This release contains breaking
changes for your settings file!
Removed fix_shebang.patch: now in upstream.
added -s parameter to fdupes call to prevent hardlink across partititons
Update to latest v3.0.0 cobbler release
Add previouly added patch: exclude_get-loaders_command.patch to the list
of patches to apply.
Fix log file world readable (as suggested by Matthias Gerstner) and
change file attributes via attr in spec file
Do not allow get-loaders command (download of third party provided
network boot loaders we do not trust)
Mainline fixes: 3172d1df9b9cc8 Add missing help text in
redhat_management_key field c8f5490e507a72 Set default interface if
cobbler system add has no
–interface= param 31a1aa31d26c4a Remove apache IfVersion
tags from apache configs
Integrated fixes that came in from mainline from other products (to calm
down obs regression checker): CVE-2011-4953, fate#312397, boo#660126,
boo#671212, boo#672471, boo#682665 boo#687891, boo#695955, boo#722443,
boo#722445, boo#757062, boo#763610 boo#783671, boo#790545, boo#796773,
boo#811025, boo#812948, boo#842699 boo#846580, boo#869371, boo#884051,
boo#976826, boo#984998 Some older bugs need boo# references as well:
boo#660126, boo#671212, boo#672471, boo#682665 boo#687891, boo#695955,
boo#722443, boo#722445, boo#757062, boo#763610 boo#783671, boo#790545,
boo#796773, boo#811025, boo#812948, boo#842699 boo#846580, boo#869371,
boo#884051
Fix for redhat_management_key not being listed as a choice during
profile rename (boo#1134588)
Added:
Fixes distribution detection in setup.py for SLESo
Added:
Moving to pytest and adding Docker test integration
Added:
Additional compatability changes for old Koan versions.
Modified:
Old Koan versions not only need method aliases, but also need compatible
responses
Added:
Add the redhat_managment_* fields again to enable templating in SUMA.
Added:
Changes return of last_modified_time RPC to float
Added:
provide old name aliases for all renamed methods:
Renamed: get_system_for_koan.patch => renamed-methods-alias.patch
provide renamed method “get_system_for_koan” under old name for old
clients.
Added:
Bring back power_system method in the XML-RPC API
Changed lanplus option to lanplus=true in fence_ipmitool.template
Added:
Changed:
Disables nsupdate_enabled by default
Added:
Fixes issue in distribution detection with “lower” function call.
Modified:
Adds imporoved distribution detection. Since now all base products get
detected correctly, we no longer need the SUSE Manager patch.
Added:
fix grub directory layout
Added:
fix HTTP status code of XMLRPC service
Added:
touch /etc/genders when it not exists (boo#1128926)
Add patches to fix logging
Added:
Switching version schema from 3.0 to 3.0.0
Fixes case where distribution detection returns None (boo#1130658)
Added:
Removes newline from token, which caused authentication error
(boo#1128754)
Added:
Added a patch which fixes an exception when login in with a non-root
user.
Added:
Added a patch which fixes an exception when login in with a non-root
user.
Added:
Remove patch merged at upstream:
change grub2-x86_64-efi dependency to Recommends
grub2-i386pc is not really required. Changed to recommended to allow
building for architectures other than x86_64
Use cdrtools starting with SLE-15 and Leap-15 again. (boo#1081739)
Update cobbler loaders server hostname (boo#980577)
Update outdated apache config (boo#956264)
Replace builddate with changelog date to fix build-compare (boo#969538)
LOCKFILE usage removed on openSUSE (boo#714618)
Power management subsystem completely re-worked to prevent
command-injection (CVE-2012-2395)
Removed patch merged at upstream:
Checking bug fixes of released products are in latest develop pkg:
These still have to be looked at: SUSE system as systemd only
(boo#952844) handle list value for kernel options correctly (boo#973413)
entry in pxe menu (boo#988889)
This still has to be switched off (at least in internal cobbler
versions): Disabling ‘get-loaders’ command and ‘check’ fixed. boo#973418
Add explicity require to tftp, so it is used for both SLE and openSUSE
(originally from jgonzalez(a)suse.com)
Moved Recommends according to spec_cleaner
Require latest apache2-mod_wsgi-python3 package This fixes interface to
http://localhost/cblr/svc/…
Use latest github cobbler/cobbler master branch in _service file
cobblerd_needs_apache2_service_started.patch reverted, that is mainline
now:
Only recommend grub2-arm and grub2-ppc packages or we might not be able
to build on factory where arm/ppc might not be built
Remove genders package requires. A genders file is generated, but we do
not need/use the genders package.
Update to latest cobbler version 3.0 mainline git HEAD version and
remove already integrated or not needed anymore patches.
Serial console support added, did some testing already Things should
start to work as expected
Add general grub2 support
Put mkgrub.* into mkgrub.sh
Add git date and commit to version string for now
Add grub2 mkimage scripts: mkgrub.i386-pc mkgrub.powerpc-ieee1275
mkgrub.x86_64-efi mkgrub.arm64-efi and generate grub executables with
them in the %post section
build server wants explicite package in BuildRequires; use tftp
require tftp(server) instead of atftp
cleanup: cobbler is noarch, so arch specific requires do not make sense
SLES15 is using /etc/os-release instead of /etc/SuSE-release, use this
one for checking also
add sles15 distro profile (boo#1090205)
fix signature for SLES15 (boo#1075014)
fix signature for SLES15 (boo#1075014)
fix koan wait parameter initialization
Fix koan shebang
Escape shell parameters provided by the user for the reposync action
(CVE-2017-1000469) (boo#1074594)
detect if there is already another instance of “cobbler sync” running
and exit with failure if so (boo#1081714)
do not try to hardlink to a symlink. The result will be a dangling
symlink in the general case (boo#1097733)
fix service restart after logrotate for cobblerd (boo#1113747)
rotate cobbler logs at higher frequency to prevent disk fillup
(boo#1113747)
Forbid exposure of private methods in the API (CVE-2018-10931)
(CVE-2018-1000225) (boo#1104287) (boo#1104189) (boo#1105442)
Check access token when calling ‘modify_setting’ API endpoint
(boo#1104190) (boo#1105440) (CVE-2018-1000226)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-46=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.2 | noarch | < - openSUSE Leap 15.2 (noarch): | - openSUSE Leap 15.2 (noarch):.noarch.rpm |