Fedora 29: Security Advisory for Subscription-Manager Update Released

The Subscription Manager package provides programs and libraries to allow users

to manage subscriptions and yum repositories from the Red Hat entitlement

platform.

This is a primarily maintenance update. Please see the attached bugs for more

specific details on what has improved as far as stability is concerned. There

is also a larger new feature which is being released in concert with work being

done in Katello / Foreman. Subscription-manager has a concept of a package-profile. This contains information on all installed rpm packages for the system

on which it is running. We have expanded this reporting capability to include

information on enabled and installed modules from modulemd as well as to report

on which repositories this system has enabled presently. This information is

combined into a group of reports and submitted to the same endpoint on Katello /

Foreman. The new request is a PUT to /consumers/{consumer_uuid}/profiles. This

is done only when the string "combined_reporting" in the managerCapabilities key

of the response to a GET /status. The old just rpm profile reporting is still

done as a PUT to /consumers/{consumer_uuid}/packages. This is at this point only

done if the server side does not support the new capability. More will likely

be added in the future to further expand on this capability of reporting.

* Mon Nov 5 2018 Christopher Snyder 1.24.2-1

- 1645205: Do not update ent certs inside containers (csnyder@redhat.com)

- 1633304: Disable zypper product-id plugin. (awood@redhat.com)

- Fedora documentation guidelines favor global over define. (awood@redhat.com)

- Show installed profiles only for enabled modules (paji@redhat.com)

- 1631339: Fix os.errno issue (rob@sandersmail.eu)

- Add a missing comma in test_cache (nmoumoul@redhat.com)

- Add module enabled and disabled information (paji@redhat.com)

- 1636381: Fix up our detection of missing org for service-level list

(csnyder@redhat.com)

- 1616403: Better handling of missing locale use (wpoteat@redhat.com)

- 1636381: Handle case of nonexistant org (nmoumoul@redhat.com)

- Add scripts to setup local development environment (khowell@redhat.com)

- 1633380: Add syspurpose compliance status cache - Altered the syspurpose

compliance status connection call to use the

/consumers/{uuid}/purpose_compliance API instead of fetching the consumer

object and reading the syspurpose compliance field off of it. - Added new

syspurpose compliance status cache saved in

/var/lib/rhsm/cache/syspurpose_compliance_status.json similar to the

entitlement status cache. - When the server is unreachable, we don't

traceback, but rather use the new cache value instead. (nmoumoul@redhat.com)

- 1639625: Tolerate server missing syspurpose fields (khowell@redhat.com)

- 1639086: Fix vendor comparison (hyu@redhat.com)

- Includes the installed module profiles (paji@redhat.com)

- 1623390: Fix unregistered messaging in syspurpose (khowell@redhat.com)

- 1637183: Replace redhat-uep.pem properly (khowell@redhat.com)

- 1632797: Only save SLA set during register or attach if specified

(csnyder@redhat.com)

- Updated how syspurpose handles unsetting values (crog@redhat.com)

- Update man page for report_package_profile option (nmoumoul@redhat.com)

- Automatic commit of package [subscription-manager] release [1.24.1-1].

(csnyder@redhat.com)

- 1616366: Use LANG from environment (csnyder@redhat.com)

- syspurpose no longer supresses JSON malformation errors (crog@redhat.com)

- Rename zypper plugin to rhsm (khowell@redhat.com)

- 1632384: Sync SLA regardless of capability: (nmoumoul@redhat.com)

- 1621783: Updated syspurpose fields to match expected values (crog@redhat.com)

- 1632248: User should be able to set/unset while not registered

(csnyder@redhat.com)

- 1633575: Update error message when syspurpose is not supported by server

(csnyder@redhat.com)

- 1614925: Fix grammar (csnyder@redhat.com)

* Mon Oct 15 2018 Christopher Snyder 1.24.1-1

- Rename zypper plugin to rhsm (khowell@redhat.com)

- 1632384: Sync SLA regardless of capability: (nmoumoul@redhat.com)

- 1621783: Updated syspurpose fields to match expected values (crog@redhat.com)

- 1633575: Update error message when syspurpose is not supported by server

(csnyder@redhat.com)

- 1614925: Fix grammar (csnyder@redhat.com)

- Added support of modulemd to combined profile; ENT-834 (jhnidek@redhat.com)

- 1620136: dnf plugin deletes prod cert as expected; ENT-773

(jhnidek@redhat.com)

- 1615944: Show help when no args are provided (csnyder@redhat.com)

- 1614943: Fix bytes/unicode handling of dmi data (khowell@redhat.com)

- 1618825: Rename de_DE.po and es_ES.po (awood@redhat.com)

- Combined profile: WIP enabled repos (jhnidek@redhat.com)

- Added list of enabled repos to combined profile; ENT-833 (jhnidek@redhat.com)

- 1607955: WIP: polishing PR with bug fix of release --list

(jhnidek@redhat.com)

- Fixed name of capability and added two unit tests. (jhnidek@redhat.com)

- Explict requires added for package we use directly (wpoteat@redhat.com)

- 1581410: Eliminate potential for circular dependency (awood@redhat.com)

- 1631076: subscription-manager rpm now requires python3-syspurpose

(nmoumoul@redhat.com)

- For tito build, clean the yarn cache (khowell@redhat.com)

- Fix ubuntu compat for virt-who travis runs (khowell@redhat.com)

- Fix RPMDiff issue with multilib (jhnidek@redhat.com)

- Use Combined Profile reporting (jhnidek@redhat.com)

- 1629073: No python3-dmidecode on aarch64, ppc64le (khowell@redhat.com)

- Simplify and fix subpackages logic (khowell@redhat.com)

- 1614653: Update intermediate CA (khowell@redhat.com)

- Fix spelling to capitalize Workstation properly (bcourt@redhat.com)

- 1607955: Try to use all entitlement certs for connection with CDN

(jhnidek@redhat.com)

- Use pre-provisioned centos7 box (khowell@redhat.com)

- Vagrant: use ansible-role-subman-devel via galaxy (khowell@redhat.com)

- Vagrant: skip provisioning if var needs_provision is false

(khowell@redhat.com)

* Mon Sep 10 2018 Christopher Snyder 1.24.0-1

- Use the "service_level_agreement" attribute for the SlaCommand

(csnyder@redhat.com)

- 1623262: Make automatic enablement of yum plugins working again; ENT-820

(jhnidek@redhat.com)

- Start releasing to f29 (csnyder@redhat.com)

* Thu Aug 30 2018 Christopher Snyder 1.23.4-1

- 1600694: Log dbus exception tracebacks at the debug level

(csnyder@redhat.com)

- 1623368: Register a system without a syspurpose.json file

(jhnidek@redhat.com)

- Revert "Add sles version to dist" (cnsnyder@users.noreply.github.com)

- 1596699: Handle non-existant rhsm-debug destination (ENT-780)

(nmoumoul@redhat.com)

- Sync system purpose for sub-man subcommands (jhnidek@redhat.com)

- Add man page for syspurpose. (awood@redhat.com)

- 1613968: DNF product-id plugin can install product cert; ENT-789

(jhnidek@redhat.com)

- Add sles version to dist (jsherril@redhat.com)

- Remove extraneous include in setup() (khowell@redhat.com)

- Updated translations (csnyder@redhat.com)

- 1596001: Change syspurpose import error log level to debug level

(csnyder@redhat.com)

- 1602702: rhsmcertd did not close lock file; ENT-736 (jhnidek@redhat.com)

- Adds the addons set of commands to syspurpose (csnyder@redhat.com)

- 1581445: ENT-564: rhsm configuration manage_repos is not working on RHEL8

(jhnidek@redhat.com)

- Fix time stamps of pyc files (csnyder@redhat.com)

[ 1 ] Bug #1553266 - Oops! in subscription-manager-cockpit TypeError: f.GetStatus is not a function

https://bugzilla.redhat.com/show_bug.cgi?id=1553266

[ 2 ] Bug #1434493 - CVE-2017-2663 subscription-manager: unsafe dbus interface [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1434493

[ 3 ] Bug #1612282 - Man page scan results for subscription-manager

https://bugzilla.redhat.com/show_bug.cgi?id=1612282

[ 4 ] Bug #1564735 - subscription-manager-rhsm subpackage has been dropped on Fedora 27

https://bugzilla.redhat.com/show_bug.cgi?id=1564735

[ 5 ] Bug #1505955 - claims "subscription required" which is false on Fedora

https://bugzilla.redhat.com/show_bug.cgi?id=1505955

[ 6 ] Bug #1156510 - [rfe] use dnf instead of yum (if dnf is installed)

https://bugzilla.redhat.com/show_bug.cgi?id=1156510

[ 7 ] Bug #1446256 - [RFE] Too large dependency chain

https://bugzilla.redhat.com/show_bug.cgi?id=1446256

su -c 'dnf upgrade --advisory FEDORA-2018-075821dc8f' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/