This update for cobbler fixes the following issues :
Add cobbler-tests subpackage for unit testing for openSUSE/SLE
Adds LoadModule definitions for openSUSE/SLE
Switch to new refactored auth module.
use systemctl to restart cobblerd on logfile rotation (boo#1169207) Mainline logrotate conf file uses already /sbin/service instead of outdated: /etc/init.d/cobblerd
Fix cobbler sync for DHCP or DNS (boo#1169553) Fixed mainline by commit 2d6cfe42da
Signatures file now uses ‘default_autoinstall’ which fixes import problem happening with some distributions (boo#1159010)
Fix for kernel and initrd detection (boo#1159010)
New :
For the distro there is now a parameter remote_boot_initrd and remote_boot_kernel ()
For the profile there is now a parameter filename for DHCP. (#2280)
Signatures for ESXi 6 and 7 (#2308)
The hardlink command is now detected more dynamically and thus more error resistant (#2297)
HTTPBoot will now work in some cases out of the bug.
(#2295)
Additional DNS query for a case where the wrong record was queried in the nsupdate system case (#2285)
Changes :
Enabled a lot of tests, removed some and implemented new. (#2202)
Removed not used files from the codebase. (#2302)
Exchanged mkisofs to xorrisofs. (#2296)
Removed duplicate code. (#2224)
Removed unreachable code. (#2223)
Snippet creation and deletion now works again via xmlrpc. (#2244)
Replace createrepo with createrepo_c. (#2266)
Enable Kerberos through having a case sensitive users.conf. (#2272)
Bugfixes :
General various Bugfixes (#2331, )
Makefile usage and commands. (#2344, #2304)
Fix the dhcp template. (#2314)
Creation of the management classes and gPXE. (#2310)
Fix the scm_track module. (#2275, #2279)
Fix passing the netdevice parameter correctly to the linuxrc. (#2263)
powerstatus from cobbler now works thanks to a wrapper for ipmitool. (#2267)
In case the LDAP is used for auth, it now works with ADs. (#2274)
Fix passthru authentication. (#2271)
Other :
Add Codecov. (#2229)
Documentation updates. (#2333, #2326, #2305, #2249, #2268)
Buildprocess :
Recreation and cleanup of Grub2. (#2278)
Fix small errors for openSUSE Leap. (#2233)
Fix rpmlint errors. (#2237)
Maximum compatibility for debbuild package creation.
(#2255, #2292, #2242, #2300)
Fixes related to our CI Pipeline (#2254, #2269)
Internal Code cleanup (#2273, #2270)
Breaking Changes :
Hash handling in users.digest file. (#2299)
Updated to version 3.1.1.
Introduce new packaging from upstream
Changelog see below
New :
We are now having a cross-distro specfile which can be build in the OBS (#2220) - before rewritten it was improved by #2144 & #2174
Grub Submenu for net-booting machines (#2217)
Building the Cent-OS RPMs in Docker (#2190 #2189)
Reintroduced manpage build in setup.py (#2185)
mgmt_parameters are now passed to the dhcp template (#2182)
Using the standard Pyhton3 logger instead of a custom one (#2160 #2139 #2151)
Script for converting the settings file from 3.0.0 to 3.0.1 (#2154)
Docs now inside the repo instead of cobbler.github.io and improved with sphinx (#2117)
Changes :
The default tftpboot directory is now /var/lib/tftpboot instead of previously /srv/tftpboot (#2220)
Distro signatures were adjusted where necessary (#2219 #2134)
Removed requirements.txt and placed the requirements in setup.py (#2204)
Display only entries in grub which are from the same arch (#2191 #2216)
Change the name of the cobbler manpage form cobbler-cli to cobbler back and move it to section 8 (#2188 #2186)
Bugfixes :
Incremented Version to 3.1.1 from 3.0.1
S390 Support was cleaned up (#2207 #2178)
PowerPC Support was cleaned up (#2178)
Added a missing import while importing a distro with cobbler import (#2201)
Fixed a case where a stacktrace would be produced so pass none instead (#2203)
Rename of suse_kopts_textmode_overwrite to kops_overwrite to utils (#2143 #2200)
Fix rsync subprocess call (#2199 #2179)
Fixed an error where the template rendering did not work (#2176)
Fixed some cobbler import errors (#2172)
Wrong shebang in various scripts (#2148)
Fix some imports which fixes errors introduced by the remodularization (#2150 #2153)
Other :
Issue Templates for Github (#2187)
Update to latest git HEAD code base This version (from mainline so for quite a while already) also includes fixes for ‘boo#1149075’ and boo#1151875
Fix for cobbler import and buildiso (boo#1156574)
Adjusted manpage creation (needs sphinx as BuildRequires)
Fix cobbler sync for dhcp and dns enabled due to latest module renaming patches
Update to latest git HEAD
Fixes permission denied in apache2 context when trying to write cobbler log
Fixes a bad import in import_signature (item)
Fixes bad shebang bash path in mkgrub.sh (used in post section)
Now track Github master branch WARNING: This release contains breaking changes for your settings file!
Notable changes :
Now using standard python logger
Updated dhcpd.template
Removed fix_shebang.patch: now in upstream.
added -s parameter to fdupes call to prevent hardlink across partititons
Update to latest v3.0.0 cobbler release
Add previouly added patch:
exclude_get-loaders_command.patch to the list of patches to apply.
Fix log file world readable (as suggested by Matthias Gerstner) and change file attributes via attr in spec file
Do not allow get-loaders command (download of third-party provided network boot loaders we do not trust)
Mainline fixes: 3172d1df9b9cc8 Add missing help text in redhat_management_key field c8f5490e507a72 Set default interface if cobbler system add has no
–interface= param 31a1aa31d26c4a Remove apache IfVersion tags from apache configs
Integrated fixes that came in from mainline from other products (to calm down obs regression checker):
CVE-2011-4953, fate#312397, boo#660126, boo#671212, boo#672471, boo#682665 boo#687891, boo#695955, boo#722443, boo#722445, boo#757062, boo#763610 boo#783671, boo#790545, boo#796773, boo#811025, boo#812948, boo#842699 boo#846580, boo#869371, boo#884051, boo#976826, boo#984998 Some older bugs need boo# references as well: boo#660126, boo#671212, boo#672471, boo#682665 boo#687891, boo#695955, boo#722443, boo#722445, boo#757062, boo#763610 boo#783671, boo#790545, boo#796773, boo#811025, boo#812948, boo#842699 boo#846580, boo#869371, boo#884051
Fix for redhat_management_key not being listed as a choice during profile rename (boo#1134588)
Added :
rhn-mngmnt-key-field-fix.diff
Fixes distribution detection in setup.py for SLESo
Added :
changes-detection-to-distro-like-for-suse-distributions.
diff
Moving to pytest and adding Docker test integration
Added :
add-docker-integration-testing.diff
refactor-unittest-to-pytest.diff
Additional compatability changes for old Koan versions.
Modified :
renamed-methods-alias-part2.patch
Old Koan versions not only need method aliases, but also need compatible responses
Added :
renamed-methods-alias-part2.patch
Add the redhat_managment_* fields again to enable templating in SUMA.
Added :
revert-redhat-management-removal.patch
Changes return of last_modified_time RPC to float
Added :
changes-return-to-float.diff
provide old name aliases for all renamed methods :
get_distro_for_koan => get_distro_as_rendered
get_profile_for_koan => get_profile_as_rendered
get_system_for_koan => get_system_as_rendered
get_repo_for_koan => get_repo_as_rendered
get_image_for_koan => get_image_as_rendered
get_mgmtclass_for_koan => get_mgmtclass_as_rendered
get_package_for_koan => get_package_as_rendered
get_file_for_koan => get_file_as_rendered
Renamed: get_system_for_koan.patch => renamed-methods-alias.patch
provide renamed method ‘get_system_for_koan’ under old name for old clients.
Added :
get_system_for_koan.patch
Bring back power_system method in the XML-RPC API
Changed lanplus option to lanplus=true in fence_ipmitool.template
Added :
power_system_xmlrpc_api.patch
Changed :
fence_ipmitool.template
Disables nsupdate_enabled by default
Added :
disable_nsupdate_enabled_by_default.diff
Fixes issue in distribution detection with ‘lower’ function call.
Modified :
remodeled-distro-detection.diff
Adds imporoved distribution detection. Since now all base products get detected correctly, we no longer need the SUSE Manager patch.
Added :
remodeled-distro-detection.diff
fix grub directory layout
Added :
create-system-directory-at-the-correct-place.patch
fix HTTP status code of XMLRPC service
Added :
fix-http-status-code.patch
touch /etc/genders when it not exists (boo#1128926)
Add patches to fix logging
Added :
return-the-name-of-the-unknown-method.patch
call-with-logger-where-possible.patch
Switching version schema from 3.0 to 3.0.0
Fixes case where distribution detection returns None (boo#1130658)
Added :
fixes-distro-none-case.diff
Removes newline from token, which caused authentication error (boo#1128754)
Added :
remove-newline-from-token.diff
Added a patch which fixes an exception when login in with a non-root user.
Added :
fix-login-error.patch
Added a patch which fixes an exception when login in with a non-root user.
Added :
fix-login-error.patch
Remove patch merged at upstream :
0001-return-token-as-string.patch
change grub2-x86_64-efi dependency to Recommends
grub2-i386pc is not really required. Changed to recommended to allow building for architectures other than x86_64
Use cdrtools starting with SLE-15 and Leap-15 again.
(boo#1081739)
Update cobbler loaders server hostname (boo#980577)
Update outdated apache config (boo#956264)
Replace builddate with changelog date to fix build-compare (boo#969538)
LOCKFILE usage removed on openSUSE (boo#714618)
Power management subsystem completely re-worked to prevent command-injection (CVE-2012-2395)
Removed patch merged at upstream :
cobblerd_needs_apache2_service_started.patch
Checking bug fixes of released products are in latest develop pkg :
remove fix-nameserver-search.fix; bug is invalid (boo#1029276)
-> not needed anymore
fix cobbler yaboot handling (boo#968406, boo#966622)
-> no yaboot support anymore
support UEFI boot with cobbler generated tftp tree (boo#1020376)
-> upstream
Enabling PXE grub2 support for PowerPC (boo#986978)
-> We have grub2 support for ppc64le
(boo#1048183) fix missing args and location for xen
-> is in
no koan support anymore: boo#969541, boo#924118, boo#967523
not installed (boo#966841) works.
These still have to be looked at: SUSE system as systemd only (boo#952844) handle list value for kernel options correctly (boo#973413) entry in pxe menu (boo#988889)
This still has to be switched off (at least in internal cobbler versions): Disabling ‘get-loaders’ command and ‘check’ fixed. boo#973418
Add explicity require to tftp, so it is used for both SLE and openSUSE (originally from [email protected])
Moved Recommends according to spec_cleaner
Require latest apache2-mod_wsgi-python3 package This fixes interface to http://localhost/cblr/svc/…
Use latest github cobbler/cobbler master branch in
_service file
cobblerd_needs_apache2_service_started.patch reverted, that is mainline now :
Only recommend grub2-arm and grub2-ppc packages or we might not be able to build on factory where arm/ppc might not be built
Remove genders package requires. A genders file is generated, but we do not need/use the genders package.
Update to latest cobbler version 3.0 mainline git HEAD version and remove already integrated or not needed anymore patches.
Serial console support added, did some testing already Things should start to work as expected
Add general grub2 support
Put mkgrub.* into mkgrub.sh
Add git date and commit to version string for now
Add grub2 mkimage scripts: mkgrub.i386-pc mkgrub.powerpc-ieee1275 mkgrub.x86_64-efi mkgrub.arm64-efi and generate grub executables with them in the %post section
build server wants explicite package in BuildRequires;
use tftp
require tftp(server) instead of atftp
cleanup: cobbler is noarch, so arch specific requires do not make sense
SLES15 is using /etc/os-release instead of /etc/SuSE-release, use this one for checking also
add sles15 distro profile (boo#1090205)
fix signature for SLES15 (boo#1075014)
fix signature for SLES15 (boo#1075014)
fix koan wait parameter initialization
Fix koan shebang
Escape shell parameters provided by the user for the reposync action (CVE-2017-1000469) (boo#1074594)
detect if there is already another instance of ‘cobbler sync’ running and exit with failure if so (boo#1081714)
do not try to hardlink to a symlink. The result will be a dangling symlink in the general case (boo#1097733)
fix service restart after logrotate for cobblerd (boo#1113747)
rotate cobbler logs at higher frequency to prevent disk fillup (boo#1113747)
Forbid exposure of private methods in the API (CVE-2018-10931) (CVE-2018-1000225) (boo#1104287) (boo#1104189) (boo#1105442)
Check access token when calling ‘modify_setting’ API endpoint (boo#1104190) (boo#1105440) (CVE-2018-1000226)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2021-46.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('compat.inc');
if (description)
{
script_id(145357);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/26");
script_cve_id(
"CVE-2011-4953",
"CVE-2012-2395",
"CVE-2017-1000469",
"CVE-2018-1000225",
"CVE-2018-1000226",
"CVE-2018-10931"
);
script_name(english:"openSUSE Security Update : cobbler (openSUSE-2021-46)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for cobbler fixes the following issues :
- Add cobbler-tests subpackage for unit testing for
openSUSE/SLE
- Adds LoadModule definitions for openSUSE/SLE
- Switch to new refactored auth module.
- use systemctl to restart cobblerd on logfile rotation
(boo#1169207) Mainline logrotate conf file uses already
/sbin/service instead of outdated: /etc/init.d/cobblerd
- Fix cobbler sync for DHCP or DNS (boo#1169553) Fixed
mainline by commit 2d6cfe42da
- Signatures file now uses 'default_autoinstall' which
fixes import problem happening with some distributions
(boo#1159010)
- Fix for kernel and initrd detection (boo#1159010)
- New :
- For the distro there is now a parameter
remote_boot_initrd and remote_boot_kernel ()
- For the profile there is now a parameter filename for
DHCP. (#2280)
- Signatures for ESXi 6 and 7 (#2308)
- The hardlink command is now detected more dynamically
and thus more error resistant (#2297)
- HTTPBoot will now work in some cases out of the bug.
(#2295)
- Additional DNS query for a case where the wrong record
was queried in the nsupdate system case (#2285)
- Changes :
- Enabled a lot of tests, removed some and implemented
new. (#2202)
- Removed not used files from the codebase. (#2302)
- Exchanged mkisofs to xorrisofs. (#2296)
- Removed duplicate code. (#2224)
- Removed unreachable code. (#2223)
- Snippet creation and deletion now works again via
xmlrpc. (#2244)
- Replace createrepo with createrepo_c. (#2266)
- Enable Kerberos through having a case sensitive
users.conf. (#2272)
- Bugfixes :
- General various Bugfixes (#2331, )
- Makefile usage and commands. (#2344, #2304)
- Fix the dhcp template. (#2314)
- Creation of the management classes and gPXE. (#2310)
- Fix the scm_track module. (#2275, #2279)
- Fix passing the netdevice parameter correctly to the
linuxrc. (#2263)
- powerstatus from cobbler now works thanks to a wrapper
for ipmitool. (#2267)
- In case the LDAP is used for auth, it now works with
ADs. (#2274)
- Fix passthru authentication. (#2271)
- Other :
- Add Codecov. (#2229)
- Documentation updates. (#2333, #2326, #2305, #2249,
#2268)
- Buildprocess :
- Recreation and cleanup of Grub2. (#2278)
- Fix small errors for openSUSE Leap. (#2233)
- Fix rpmlint errors. (#2237)
- Maximum compatibility for debbuild package creation.
(#2255, #2292, #2242, #2300)
- Fixes related to our CI Pipeline (#2254, #2269)
- Internal Code cleanup (#2273, #2270)
- Breaking Changes :
- Hash handling in users.digest file. (#2299)
- Updated to version 3.1.1.
- Introduce new packaging from upstream
- Changelog see below
- New :
- We are now having a cross-distro specfile which can be
build in the OBS (#2220) - before rewritten it was
improved by #2144 & #2174
- Grub Submenu for net-booting machines (#2217)
- Building the Cent-OS RPMs in Docker (#2190 #2189)
- Reintroduced manpage build in setup.py (#2185)
- mgmt_parameters are now passed to the dhcp template
(#2182)
- Using the standard Pyhton3 logger instead of a custom
one (#2160 #2139 #2151)
- Script for converting the settings file from 3.0.0 to
3.0.1 (#2154)
- Docs now inside the repo instead of cobbler.github.io
and improved with sphinx (#2117)
- Changes :
- The default tftpboot directory is now /var/lib/tftpboot
instead of previously /srv/tftpboot (#2220)
- Distro signatures were adjusted where necessary (#2219
#2134)
- Removed requirements.txt and placed the requirements in
setup.py (#2204)
- Display only entries in grub which are from the same
arch (#2191 #2216)
- Change the name of the cobbler manpage form cobbler-cli
to cobbler back and move it to section 8 (#2188 #2186)
- Bugfixes :
- Incremented Version to 3.1.1 from 3.0.1
- S390 Support was cleaned up (#2207 #2178)
- PowerPC Support was cleaned up (#2178)
- Added a missing import while importing a distro with
cobbler import (#2201)
- Fixed a case where a stacktrace would be produced so
pass none instead (#2203)
- Rename of suse_kopts_textmode_overwrite to
kops_overwrite to utils (#2143 #2200)
- Fix rsync subprocess call (#2199 #2179)
- Fixed an error where the template rendering did not work
(#2176)
- Fixed some cobbler import errors (#2172)
- Wrong shebang in various scripts (#2148)
- Fix some imports which fixes errors introduced by the
remodularization (#2150 #2153)
- Other :
- Issue Templates for Github (#2187)
- Update to latest git HEAD code base This version (from
mainline so for quite a while already) also includes
fixes for 'boo#1149075' and boo#1151875
- Fix for cobbler import and buildiso (boo#1156574)
- Adjusted manpage creation (needs sphinx as
BuildRequires)
- Fix cobbler sync for dhcp and dns enabled due to latest
module renaming patches
- Update to latest git HEAD
- Fixes permission denied in apache2 context when trying
to write cobbler log
- Fixes a bad import in import_signature (item)
- Fixes bad shebang bash path in mkgrub.sh (used in post
section)
- Now track Github master branch WARNING: This release
contains breaking changes for your settings file!
- Notable changes :
- Now using standard python logger
- Updated dhcpd.template
- Removed fix_shebang.patch: now in upstream.
- added -s parameter to fdupes call to prevent hardlink
across partititons
- Update to latest v3.0.0 cobbler release
- Add previouly added patch:
exclude_get-loaders_command.patch to the list of patches
to apply.
- Fix log file world readable (as suggested by Matthias
Gerstner) and change file attributes via attr in spec
file
- Do not allow get-loaders command (download of
third-party provided network boot loaders we do not
trust)
- Mainline fixes: 3172d1df9b9cc8 Add missing help text in
redhat_management_key field c8f5490e507a72 Set default
interface if cobbler system add has no
--interface= param 31a1aa31d26c4a Remove apache
IfVersion tags from apache configs
- Integrated fixes that came in from mainline from other
products (to calm down obs regression checker):
CVE-2011-4953, fate#312397, boo#660126, boo#671212,
boo#672471, boo#682665 boo#687891, boo#695955,
boo#722443, boo#722445, boo#757062, boo#763610
boo#783671, boo#790545, boo#796773, boo#811025,
boo#812948, boo#842699 boo#846580, boo#869371,
boo#884051, boo#976826, boo#984998 Some older bugs need
boo# references as well: boo#660126, boo#671212,
boo#672471, boo#682665 boo#687891, boo#695955,
boo#722443, boo#722445, boo#757062, boo#763610
boo#783671, boo#790545, boo#796773, boo#811025,
boo#812948, boo#842699 boo#846580, boo#869371,
boo#884051
- Fix for redhat_management_key not being listed as a
choice during profile rename (boo#1134588)
- Added :
- rhn-mngmnt-key-field-fix.diff
- Fixes distribution detection in setup.py for SLESo
- Added :
-
changes-detection-to-distro-like-for-suse-distributions.
diff
- Moving to pytest and adding Docker test integration
- Added :
- add-docker-integration-testing.diff
- refactor-unittest-to-pytest.diff
- Additional compatability changes for old Koan versions.
- Modified :
- renamed-methods-alias-part2.patch
- Old Koan versions not only need method aliases, but also
need compatible responses
- Added :
- renamed-methods-alias-part2.patch
- Add the redhat_managment_* fields again to enable
templating in SUMA.
- Added :
- revert-redhat-management-removal.patch
- Changes return of last_modified_time RPC to float
- Added :
- changes-return-to-float.diff
- provide old name aliases for all renamed methods :
- get_distro_for_koan => get_distro_as_rendered
- get_profile_for_koan => get_profile_as_rendered
- get_system_for_koan => get_system_as_rendered
- get_repo_for_koan => get_repo_as_rendered
- get_image_for_koan => get_image_as_rendered
- get_mgmtclass_for_koan => get_mgmtclass_as_rendered
- get_package_for_koan => get_package_as_rendered
- get_file_for_koan => get_file_as_rendered
- Renamed: get_system_for_koan.patch =>
renamed-methods-alias.patch
- provide renamed method 'get_system_for_koan' under old
name for old clients.
- Added :
- get_system_for_koan.patch
- Bring back power_system method in the XML-RPC API
- Changed lanplus option to lanplus=true in
fence_ipmitool.template
- Added :
- power_system_xmlrpc_api.patch
- Changed :
- fence_ipmitool.template
- Disables nsupdate_enabled by default
- Added :
- disable_nsupdate_enabled_by_default.diff
- Fixes issue in distribution detection with 'lower'
function call.
- Modified :
- remodeled-distro-detection.diff
- Adds imporoved distribution detection. Since now all
base products get detected correctly, we no longer need
the SUSE Manager patch.
- Added :
- remodeled-distro-detection.diff
- fix grub directory layout
- Added :
- create-system-directory-at-the-correct-place.patch
- fix HTTP status code of XMLRPC service
- Added :
- fix-http-status-code.patch
- touch /etc/genders when it not exists (boo#1128926)
- Add patches to fix logging
- Added :
- return-the-name-of-the-unknown-method.patch
- call-with-logger-where-possible.patch
- Switching version schema from 3.0 to 3.0.0
- Fixes case where distribution detection returns None
(boo#1130658)
- Added :
- fixes-distro-none-case.diff
- Removes newline from token, which caused authentication
error (boo#1128754)
- Added :
- remove-newline-from-token.diff
- Added a patch which fixes an exception when login in
with a non-root user.
- Added :
- fix-login-error.patch
- Added a patch which fixes an exception when login in
with a non-root user.
- Added :
- fix-login-error.patch
- Remove patch merged at upstream :
- 0001-return-token-as-string.patch
- change grub2-x86_64-efi dependency to Recommends
- grub2-i386pc is not really required. Changed to
recommended to allow building for architectures other
than x86_64
- Use cdrtools starting with SLE-15 and Leap-15 again.
(boo#1081739)
- Update cobbler loaders server hostname (boo#980577)
- Update outdated apache config (boo#956264)
- Replace builddate with changelog date to fix
build-compare (boo#969538)
- LOCKFILE usage removed on openSUSE (boo#714618)
- Power management subsystem completely re-worked to
prevent command-injection (CVE-2012-2395)
- Removed patch merged at upstream :
- cobblerd_needs_apache2_service_started.patch
- Checking bug fixes of released products are in latest
develop pkg :
- remove fix-nameserver-search.fix; bug is invalid
(boo#1029276)
-> not needed anymore
- fix cobbler yaboot handling (boo#968406, boo#966622)
-> no yaboot support anymore
- support UEFI boot with cobbler generated tftp tree
(boo#1020376)
-> upstream
- Enabling PXE grub2 support for PowerPC (boo#986978)
-> We have grub2 support for ppc64le
- (boo#1048183) fix missing args and location for xen
-> is in
- no koan support anymore: boo#969541, boo#924118,
boo#967523
- not installed (boo#966841) works.
- These still have to be looked at: SUSE system as systemd
only (boo#952844) handle list value for kernel options
correctly (boo#973413) entry in pxe menu (boo#988889)
- This still has to be switched off (at least in internal
cobbler versions): Disabling 'get-loaders' command and
'check' fixed. boo#973418
- Add explicity require to tftp, so it is used for both
SLE and openSUSE (originally from [email protected])
- Moved Recommends according to spec_cleaner
- Require latest apache2-mod_wsgi-python3 package This
fixes interface to http://localhost/cblr/svc/...
- Use latest github cobbler/cobbler master branch in
_service file
- cobblerd_needs_apache2_service_started.patch reverted,
that is mainline now :
- Only recommend grub2-arm and grub2-ppc packages or we
might not be able to build on factory where arm/ppc
might not be built
- Remove genders package requires. A genders file is
generated, but we do not need/use the genders package.
- Update to latest cobbler version 3.0 mainline git HEAD
version and remove already integrated or not needed
anymore patches.
- Serial console support added, did some testing already
Things should start to work as expected
- Add general grub2 support
- Put mkgrub.* into mkgrub.sh
- Add git date and commit to version string for now
- Add grub2 mkimage scripts: mkgrub.i386-pc
mkgrub.powerpc-ieee1275 mkgrub.x86_64-efi
mkgrub.arm64-efi and generate grub executables with them
in the %post section
- build server wants explicite package in BuildRequires;
use tftp
- require tftp(server) instead of atftp
- cleanup: cobbler is noarch, so arch specific requires do
not make sense
- SLES15 is using /etc/os-release instead of
/etc/SuSE-release, use this one for checking also
- add sles15 distro profile (boo#1090205)
- fix signature for SLES15 (boo#1075014)
- fix signature for SLES15 (boo#1075014)
- fix koan wait parameter initialization
- Fix koan shebang
- Escape shell parameters provided by the user for the
reposync action (CVE-2017-1000469) (boo#1074594)
- detect if there is already another instance of 'cobbler
sync' running and exit with failure if so (boo#1081714)
- do not try to hardlink to a symlink. The result will be
a dangling symlink in the general case (boo#1097733)
- fix service restart after logrotate for cobblerd
(boo#1113747)
- rotate cobbler logs at higher frequency to prevent disk
fillup (boo#1113747)
- Forbid exposure of private methods in the API
(CVE-2018-10931) (CVE-2018-1000225) (boo#1104287)
(boo#1104189) (boo#1105442)
- Check access token when calling 'modify_setting' API
endpoint (boo#1104190) (boo#1105440) (CVE-2018-1000226)");
script_set_attribute(attribute:"see_also", value:"http://localhost/cblr/svc/...");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020376");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1029276");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048183");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1074594");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075014");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081714");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081739");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090205");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097733");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101670");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104189");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104190");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104287");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105440");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105442");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113747");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128754");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128926");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130658");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134588");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149075");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1151875");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156574");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1159010");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169207");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169553");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169779");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1170462");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=660126");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=671212");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=672471");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=682665");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=687891");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=695955");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=714618");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=722443");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=722445");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=757062");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=763610");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=783671");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=790545");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=796773");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=811025");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=812948");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=842699");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=846580");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=869371");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=884051");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=924118");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=952844");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=956264");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966622");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966841");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967523");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968406");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=969538");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=969541");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973413");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973418");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=976826");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=980577");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984998");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=986978");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=988889");
script_set_attribute(attribute:"see_also", value:"https://features.opensuse.org/312397");
script_set_attribute(attribute:"solution", value:
"Update the affected cobbler packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1000469");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-10931");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/16");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cobbler");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cobbler-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cobbler-web");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if ( rpm_check(release:"SUSE15.2", reference:"cobbler-3.1.2-lp152.6.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"cobbler-tests-3.1.2-lp152.6.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"cobbler-web-3.1.2-lp152.6.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cobbler / cobbler-tests / cobbler-web");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2395
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000226
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10931
localhost/cblr/svc/...
bugzilla.opensuse.org/show_bug.cgi?id=1020376
bugzilla.opensuse.org/show_bug.cgi?id=1029276
bugzilla.opensuse.org/show_bug.cgi?id=1048183
bugzilla.opensuse.org/show_bug.cgi?id=1074594
bugzilla.opensuse.org/show_bug.cgi?id=1075014
bugzilla.opensuse.org/show_bug.cgi?id=1081714
bugzilla.opensuse.org/show_bug.cgi?id=1081739
bugzilla.opensuse.org/show_bug.cgi?id=1090205
bugzilla.opensuse.org/show_bug.cgi?id=1097733
bugzilla.opensuse.org/show_bug.cgi?id=1101670
bugzilla.opensuse.org/show_bug.cgi?id=1104189
bugzilla.opensuse.org/show_bug.cgi?id=1104190
bugzilla.opensuse.org/show_bug.cgi?id=1104287
bugzilla.opensuse.org/show_bug.cgi?id=1105440
bugzilla.opensuse.org/show_bug.cgi?id=1105442
bugzilla.opensuse.org/show_bug.cgi?id=1113747
bugzilla.opensuse.org/show_bug.cgi?id=1128754
bugzilla.opensuse.org/show_bug.cgi?id=1128926
bugzilla.opensuse.org/show_bug.cgi?id=1130658
bugzilla.opensuse.org/show_bug.cgi?id=1134588
bugzilla.opensuse.org/show_bug.cgi?id=1149075
bugzilla.opensuse.org/show_bug.cgi?id=1151875
bugzilla.opensuse.org/show_bug.cgi?id=1156574
bugzilla.opensuse.org/show_bug.cgi?id=1159010
bugzilla.opensuse.org/show_bug.cgi?id=1169207
bugzilla.opensuse.org/show_bug.cgi?id=1169553
bugzilla.opensuse.org/show_bug.cgi?id=1169779
bugzilla.opensuse.org/show_bug.cgi?id=1170462
bugzilla.opensuse.org/show_bug.cgi?id=660126
bugzilla.opensuse.org/show_bug.cgi?id=671212
bugzilla.opensuse.org/show_bug.cgi?id=672471
bugzilla.opensuse.org/show_bug.cgi?id=682665
bugzilla.opensuse.org/show_bug.cgi?id=687891
bugzilla.opensuse.org/show_bug.cgi?id=695955
bugzilla.opensuse.org/show_bug.cgi?id=714618
bugzilla.opensuse.org/show_bug.cgi?id=722443
bugzilla.opensuse.org/show_bug.cgi?id=722445
bugzilla.opensuse.org/show_bug.cgi?id=757062
bugzilla.opensuse.org/show_bug.cgi?id=763610
bugzilla.opensuse.org/show_bug.cgi?id=783671
bugzilla.opensuse.org/show_bug.cgi?id=790545
bugzilla.opensuse.org/show_bug.cgi?id=796773
bugzilla.opensuse.org/show_bug.cgi?id=811025
bugzilla.opensuse.org/show_bug.cgi?id=812948
bugzilla.opensuse.org/show_bug.cgi?id=842699
bugzilla.opensuse.org/show_bug.cgi?id=846580
bugzilla.opensuse.org/show_bug.cgi?id=869371
bugzilla.opensuse.org/show_bug.cgi?id=884051
bugzilla.opensuse.org/show_bug.cgi?id=924118
bugzilla.opensuse.org/show_bug.cgi?id=952844
bugzilla.opensuse.org/show_bug.cgi?id=956264
bugzilla.opensuse.org/show_bug.cgi?id=966622
bugzilla.opensuse.org/show_bug.cgi?id=966841
bugzilla.opensuse.org/show_bug.cgi?id=967523
bugzilla.opensuse.org/show_bug.cgi?id=968406
bugzilla.opensuse.org/show_bug.cgi?id=969538
bugzilla.opensuse.org/show_bug.cgi?id=969541
bugzilla.opensuse.org/show_bug.cgi?id=973413
bugzilla.opensuse.org/show_bug.cgi?id=973418
bugzilla.opensuse.org/show_bug.cgi?id=976826
bugzilla.opensuse.org/show_bug.cgi?id=980577
bugzilla.opensuse.org/show_bug.cgi?id=984998
bugzilla.opensuse.org/show_bug.cgi?id=986978
bugzilla.opensuse.org/show_bug.cgi?id=988889
features.opensuse.org/312397