Stay Secure with the Latest Linux Advisories

security advisorymoderatefedora

Fedora 30: FEDORA-2019-a678bc19fc Moderate: Package-Manager Upgrade

This is a primarily maintenance update. Please see the attached bugs for more specific details on what has improved as far as stability is concerned. There is also a larger new feature which is being released in concert with work being done in Katello / Foreman. Subscription-manager has a concept of a package- profile. This contains information on all installed rpm packages for the system. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-a675aa39fc 2018-11-15 02:28:04.681292 --------------------------------------------------------------------------------Name : subscription-manager Product : Fedora 28 Version : 1.24.2 Release : 1.fc28 URL : https://www.candlepinproject.org/ Summary : Tools and libraries for subscription and repository management Description : The Subscription Manager package provides programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. --------------------------------------------------------------------------------Update Information: This is a primarily maintenance update. Please see the attached bugs for more specific details on what has improved as far as stability is concerned. There is also a larger new feature which is being released in concert with work being done in Katello / Foreman. Subscription-manager has a concept of a package-profile. This contains information on all installed rpm packages for the system on which it is running. We have expanded this reporting capability to include information on enabled and installed modules from modulemd as well as to report on which repositories this system has enabled presently. This information is combined into a group of reports and submitted to the same endpoint on Katello / Foreman. The new request is a PUT to /consumers/{consumer_uuid}/profiles. This is done only when the string "combined_reporting" in the managerCapabilities key of theresponse to a GET /status. The old just rpm profile reporting is still done as a PUT to /consumers/{consumer_uuid}/packages. This is at this point only done if the server side does not support the new capability. More will likely be added in the future to further expand on this capability of reporting. --------------------------------------------------------------------------------ChangeLog: * Mon Nov 5 2018 Christopher Snyder 1.24.2-1 - 1645205: Do not update ent certs inside containers (csnyder@redhat.com) - 1633304: Disable zypper product-id plugin. (awood@redhat.com) - Fedora documentation guidelines favor global over define. (awood@redhat.com) - Show installed profiles only for enabled modules (paji@redhat.com) - 1631339: Fix os.errno issue (rob@sandersmail.eu) - Add a missing comma in test_cache (nmoumoul@redhat.com) - Add module enabled and disabled information (paji@redhat.com) - 1636381: Fix up our detection of missing org for service-level list (csnyder@redhat.com) - 1616403: Better handling of missing locale use (wpoteat@redhat.com) - 1636381: Handle case of nonexistant org (nmoumoul@redhat.com) - Add scripts to setup local development environment (khowell@redhat.com) - 1633380: Add syspurpose compliance status cache - Altered the syspurpose compliance status connection call to use the /consumers/{uuid}/purpose_compliance API instead of fetching the consumer object and reading the syspurpose compliance field off of it. - Added new syspurpose compliance status cache saved in /var/lib/rhsm/cache/syspurpose_compliance_status.json similar to the entitlement status cache. - When the server is unreachable, we don't traceback, but rather use the new cache value instead. (nmoumoul@redhat.com) - 1639625: Tolerate server missing syspurpose fields (khowell@redhat.com) - 1639086: Fix vendor comparison (hyu@redhat.com) - Includes the installed module profiles (paji@redhat.com) - 1623390: Fix unregistered messaging in syspurpose (khowell@redhat.com) - 1637183:Replace redhat-uep.pem properly (khowell@redhat.com) - 1632797: Only save SLA set during register or attach if specified (csnyder@redhat.com) - Updated how syspurpose handles unsetting values (crog@redhat.com) - Update man page for report_package_profile option (nmoumoul@redhat.com) - Automatic commit of package [subscription-manager] release [1.24.1-1]. (csnyder@redhat.com) - 1616366: Use LANG from environment (csnyder@redhat.com) - syspurpose no longer supresses JSON malformation errors (crog@redhat.com) - Rename zypper plugin to rhsm (khowell@redhat.com) - 1632384: Sync SLA regardless of capability: (nmoumoul@redhat.com) - 1621783: Updated syspurpose fields to match expected values (crog@redhat.com) - 1632248: User should be able to set/unset while not registered (csnyder@redhat.com) - 1633575: Update error message when syspurpose is not supported by server (csnyder@redhat.com) - 1614925: Fix grammar (csnyder@redhat.com) * Mon Oct 15 2018 Christopher Snyder 1.24.1-1 - Rename zypper plugin to rhsm (khowell@redhat.com) - 1632384: Sync SLA regardless of capability: (nmoumoul@redhat.com) - 1621783: Updated syspurpose fields to match expected values (crog@redhat.com) - 1633575: Update error message when syspurpose is not supported by server (csnyder@redhat.com) - 1614925: Fix grammar (csnyder@redhat.com) - Added support of modulemd to combined profile; ENT-834 (jhnidek@redhat.com) - 1620136: dnf plugin deletes prod cert as expected; ENT-773 (jhnidek@redhat.com) - 1615944: Show help when no args are provided (csnyder@redhat.com) - 1614943: Fix bytes/unicode handling of dmi data (khowell@redhat.com) - 1618825: Rename de_DE.po and es_ES.po (awood@redhat.com) - Combined profile: WIP enabled repos (jhnidek@redhat.com) - Added list of enabled repos to combined profile; ENT-833 (jhnidek@redhat.com) - 1607955: WIP: polishing PR with bug fix of release --list (jhnidek@redhat.com) - Fixed name of capability and added two unit tests. (jhnidek@redhat.com) - Explict requiresadded for package we use directly (wpoteat@redhat.com) - 1581410: Eliminate potential for circular dependency (awood@redhat.com) - 1631076: subscription-manager rpm now requires python3-syspurpose (nmoumoul@redhat.com) - For tito build, clean the yarn cache (khowell@redhat.com) - Fix ubuntu compat for virt-who travis runs (khowell@redhat.com) - Fix RPMDiff issue with multilib (jhnidek@redhat.com) - Use Combined Profile reporting (jhnidek@redhat.com) - 1629073: No python3-dmidecode on aarch64, ppc64le (khowell@redhat.com) - Simplify and fix subpackages logic (khowell@redhat.com) - 1614653: Update intermediate CA (khowell@redhat.com) - Fix spelling to capitalize Workstation properly (bcourt@redhat.com) - 1607955: Try to use all entitlement certs for connection with CDN (jhnidek@redhat.com) - Use pre-provisioned centos7 box (khowell@redhat.com) - Vagrant: use ansible-role-subman-devel via galaxy (khowell@redhat.com) - Vagrant: skip provisioning if var needs_provision is false (khowell@redhat.com) * Mon Sep 10 2018 Christopher Snyder 1.24.0-1 - Use the "service_level_agreement" attribute for the SlaCommand (csnyder@redhat.com) - 1623262: Make automatic enablement of yum plugins working again; ENT-820 (jhnidek@redhat.com) - Start releasing to f29 (csnyder@redhat.com) * Thu Aug 30 2018 Christopher Snyder 1.23.4-1 - 1600694: Log dbus exception tracebacks at the debug level (csnyder@redhat.com) - 1623368: Register a system without a syspurpose.json file (jhnidek@redhat.com) - Revert "Add sles version to dist" (cnsnyder@users.noreply.github.com) - 1596699: Handle non-existant rhsm-debug destination (ENT-780) (nmoumoul@redhat.com) - Sync system purpose for sub-man subcommands (jhnidek@redhat.com) - Add man page for syspurpose. (awood@redhat.com) - 1613968: DNF product-id plugin can install product cert; ENT-789 (jhnidek@redhat.com) - Add sles version to dist (jsherril@redhat.com) - Remove extraneous include in setup() (khowell@redhat.com) - Updated translations(csnyder@redhat.com) - 1596001: Change syspurpose import error log level to debug level (csnyder@redhat.com) - 1602702: rhsmcertd did not close lock file; ENT-736 (jhnidek@redhat.com) - Adds the addons set of commands to syspurpose (csnyder@redhat.com) - 1581445: ENT-564: rhsm configuration manage_repos is not working on RHEL8 (jhnidek@redhat.com) - Fix time stamps of pyc files (csnyder@redhat.com) * Mon Aug 13 2018 Christopher Snyder 1.23.3-1 - 1606435: Rename the async module for compatibility with python 3.7; ENT-737 (csnyder@redhat.com) - Cockpit/Syspurpose service integration fix (aparadka@redhat.com) - Display both new and old value in syspurpose diff message (csnyder@redhat.com) - Fix sending single value of addons. (jhnidek@redhat.com) - Fix synchronization of usage with candlepin (jhnidek@redhat.com) - 1596294: Fix displayin RHSM Spoke in Initial Setup (jhnidek@redhat.com) - Syspurpose field value lists [ENT-766] (wpoteat@redhat.com) - ENT-717: Syncing of syspurpose store with candlepin (jhnidek@redhat.com) - 1609048: Replacement of imp module with importlib; ENT-758 (jhnidek@redhat.com) * Fri Aug 3 2018 Christopher Snyder 1.23.2-1 - Move "nose" to test requirements for syspurpose (csnyder@redhat.com) * Fri Aug 3 2018 Christopher Snyder 1.23.1-1 - Integrate Syspurpose DBus Signal with Cockpit (aparadka@redhat.com) - Change usage_type to usage (csnyder@redhat.com) - ENT-715 Sync syspurpose with server (csnyder@redhat.com) - 1609052: DNF Plugin needs config initiated earlier (wpoteat@redhat.com) - 1608963: Minimize packaging for python 3 (wpoteat@redhat.com) - Improve test setup for syspurpose tests. (awood@redhat.com) - Two simple fixes for syspurpose (jhnidek@redhat.com) - Raise ioerr when necessary during sp read (csnyder@redhat.com) - ENT-720 Adds the addons subcommand (csnyder@redhat.com) - 1602056: Added role subcommand ENT-719 (jhnidek@redhat.com) - Replace lsb-release in spec and Makefile (khowell@redhat.com) - Mock out syspurpose code frombeing executed in subman tests (csnyder@redhat.com) - ENT-584 syspurpose UTF-8 support & better formatting - All syspurpose operations now support UTF-8 - syspurpose.json now has user-friendly indentation (nmoumoul@redhat.com) - ENT-446 Report systempurpose on registration (csnyder@redhat.com) - 1512944: Fix up remaining python2 deps ENT-724 (csnyder@redhat.com) - ENT-721: Usage command (wpoteat@redhat.com) - ENT-590 Enhanced SyspurposeStore add/remove operations - 'add' will now not override an existing value that was added by the 'set' command, but it will be maintained and added in a list along with the newly added value. - 'add' will now not add an element to a list if the list already contains it (no duplicates). - 'remove' will now unset the current value, if that turns out to be scalar instead of being contained in a list. (nmoumoul@redhat.com) - Move syspurpose out of packages directory. (awood@redhat.com) - Correct small problems in syspurpose. (awood@redhat.com) - ansible vagrant QOL fixes (khowell@redhat.com) - ENT-723: Add System Purpose Status to System Status output (wpoteat@redhat.com) - Improve debug logging for release listing (khowell@redhat.com) - Remove other references to python-kitchen. (awood@redhat.com) - Make build_ext a proper dependency. (awood@redhat.com) - Add zanata.xml configuration file and gettext keys.pot (awood@redhat.com) - Move clean command to common build_ext module. (awood@redhat.com) - Only gather optparse strings in subscription-manager. (awood@redhat.com) - Move syspurpose source files to be under package directory. (awood@redhat.com) - Look for source files based on package directory locations. (awood@redhat.com) - Add gettext calls to syspurpose. (awood@redhat.com) - Load build_ext i18n commands in setup.py (awood@redhat.com) - Integrate Dbus signals with Cockpit GUI (aparadka@redhat.com) - Do not install subman-gui from setup.py by default (khowell@redhat.com) - ENT-591 Handle when syspurpose.json is missing &create it. (nmoumoul@redhat.com) - Fix indeterminate unit test failure. (awood@redhat.com) - Removal of python-kitchen (wpoteat@redhat.com) - ENT-731 Replaced syspurpose 'offerings' commands with 'role': - Removed commands 'add-offerings', 'remove-offerings', 'unset-offerings' - Added commands 'set-role' and 'unset-role' (nmoumoul@redhat.com) - ENT-589 Intentctl -> syspurpose (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ENT-710: Add three_way_merge utility function (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ENT-477: Add signal EntitlementsChanged (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ENT-476: Add signal InstalledProductsChanged (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1594733: Fix GetStatus in com.redhat.RHSM1.Entitlement ENT-641 (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Make vagrant setup more flexible (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ENT-475: Add signal ConfigChanged (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1581777: Reraise exception properly. ENT-566 (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Replace curly quote with straight quote (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Add implementation of filesystem watcher (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1581410: ENT-572: subman should require dnf-plugin-subscription-manager (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ENT-478 com.redhat.RHSM1.Consumer D-Bus service object (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1576423: Polished changes provided in #1816 and added unit test. (This email address is being protected from spambots. You need JavaScript enabled to view it.) * Fri Jun 22 2018 Christopher Snyder 1.22.1-1 - 1571998: Ignore HTB repos (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1589296: subman list option --after now named --afterdate (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1558411: Begin building dnf-plugin-subscription-manager for RHEL 7 (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Use constant defined in cerdirectory.py. (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1553266: When d-bus methods are unavailable, show appropriate message. * Added a "safe call" mechanism that makes the initial dbus calls (entitlementService, configService, productsService) only if the service is available, tries to restart the rhsm service if possible, and otherwise failing gracefully. * Added new UI curtain that provides a meaningful message and advice to the enduser. * Re-added utility method statusUpdateFailed that was accidentally deleted. (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1580996: Fix comparision of objects in Python 3 (ENT-578) (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Make xauth Idempotent again (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Fixes missing locale issues while running nosetests (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Remove freezegun (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1576582: Make rhsm.full_fresh_on_yum=1 working again (ENT-534) (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ansible-fix: fixed ansible failing during vagrant up (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Update the license of the subman-cockpit-plugin to GPLv2 (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1510920: Allow access to job cancellation API (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ENT-447 Add icons to RPM package for subman cockpit plugin (This email address is being protected from spambots. You need JavaScript enabled to view it.) * Fri Jun 8 2018 Christopher Snyder 1.22.0-1 - Remove F26 from releasers (Fedora 26 EOL) (This email address is being protected from spambots. You need JavaScript enabled to view it.) * Thu Jun 7 2018 Christopher Snyder 1.21.5-1 - Fix python-rhsm Provides and Obsoletes (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1568609: Updated man page for --after list option (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Get Initial Setup Addon to run during installation in Vagrant (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ENT-447 Create .desktop file that opens web page with our cockpit plugin (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ENT-481 service-level command & options now update syspurpose metadata (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1560727: Search for proxy auth message in whole error string (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1555384: get_libexecdir now returns a string instead of bytes (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Added generic set/unset and add/remove commands to syspurpose (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ENT-488 syspurpose now warns if running in container (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1574706: Create python2-subscription-manager-rhsm properly (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Automatic rebuilding of updates.img on PXE Server (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1574529: Fix rhsmcertd integer overflow on i386 & i686 (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Respecting proxy port configured in rhsm.conf (This email address is being protected from spambots. You need JavaScript enabled to view it.) * Tue May 1 2018 ChristopherSnyder 1.21.4-3 - Add dist back to release (This email address is being protected from spambots. You need JavaScript enabled to view it.) * Tue May 1 2018 Christopher Snyder 1.21.4-2 - Add missing buildrequires to fix upstream fedora python2 builds (This email address is being protected from spambots. You need JavaScript enabled to view it.) * Tue May 1 2018 Christopher Snyder 1.21.4-1 - Stop building subscription-manager-gui, when Python 3 is used (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Remove kitchen from install_requires (This email address is being protected from spambots. You need JavaScript enabled to view it.) * Wed Apr 25 2018 Christopher Snyder 1.21.3-1 - 1439645: Perform a full entitlement refresh in the yum/dnf/zypper plugins (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1527727: Add proc_stat.btime fact (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1568214: rhsmcertd no longer uses reload on py3 (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1559227: Do not use str format for python 2.6 (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1425766: Additional message in status to indicate content access (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Adds a new cli utility 'syspurpose' (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1559227: Do not log Error messages for missing identity cert/key (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1458159: python-dmidecode bug fix requires specific RPM release. (This email address is being protected from spambots. You need JavaScript enabled to view it.) - fix for proxy-server provisioning - resolving of 'candlepin.' (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1458159: Require latest version of python-dmidecode (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1551044: Add the option to build both python{3,2}-subscription-manager-rhsm (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1559743: Reduce log level of network address fact collection to debug (This email address is being protected from spambots. You need JavaScript enabled to view it.) - added a vagrant section for a VM for proxy-server (This email address is being protected from spambots. You need JavaScript enabled to view it.) - ansible role rhsm-services and TESTING.md document (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Fix updates.img to include required Python packages (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Do not remove existing zypper repos when disconnected (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Apply updates.img druing PXE boot (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Do not use private network addresses for vagrant hostmanager (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Adds tool to make updates.img file for use with anaconda (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1554482: Reenable RHUI support (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Fixbuilding on SLES 11 (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Added PXE BOOT client to the Vagrant setup (This email address is being protected from spambots. You need JavaScript enabled to view it.) - New Vagrant file for creating PXEBOOT server (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1551386: Cannot put unicode into gtk for button label (This email address is being protected from spambots. You need JavaScript enabled to view it.) - 1551465: Fix unicode decode issue on py 2.6 (This email address is being protected from spambots. You need JavaScript enabled to view it.) - Remove unneeded spec file directives (This email address is being protected from spambots. You need JavaScript enabled to view it.) --------------------------------------------------------------------------------References: [ 1 ] Bug #1553266 - Oops! in subscription-manager-cockpit TypeError: f.GetStatus is not a function https://bugzilla.redhat.com/show_bug.cgi?id=1553266 [ 2 ] Bug #1434493 - CVE-2017-2663 subscription-manager: unsafe dbus interface [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1434493 [ 3 ] Bug #1612282 - Man page scan results for subscription-manager https://bugzilla.redhat.com/show_bug.cgi?id=1612282 [ 4 ] Bug #1564735 - subscription-manager-rhsm subpackage has been dropped on Fedora 27 https://bugzilla.redhat.com/show_bug.cgi?id=1564735 [ 5 ] Bug #1505955 - claims "subscription required" which is false on Fedora https://bugzilla.redhat.com/show_bug.cgi?id=1505955 [ 6 ] Bug #1156510 - [rfe] use dnf instead of yum (if dnf is installed) https://bugzilla.redhat.com/show_bug.cgi?id=1156510 [ 7 ] Bug #1598514 - [RFE] Set owner/group/umask for /etc/pki/entitlement/ certs https://bugzilla.redhat.com/show_bug.cgi?id=1598514 [ 8 ] Bug #1446256 - [RFE] Too large dependency chain https://bugzilla.redhat.com/show_bug.cgi?id=1446256 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-a675aa39fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details onthe GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Elevate your Fedora experience by applying this subscription-manager update, which enhances reliability and bolsters reporting capabilities.. Subscription Management, Fedora Update, RPM Package Management. . LinuxSecurity.com Team

Nov 15, 2018 Fedora