stable
FEDORA-EPEL-MODULAR-2021-bec608183e created by orion a year ago for Fedora Epel 8 Modular
  • Migrate settings to settings.yaml
  • Migrate pre-cobbler 3 data if needed
  • Fix autoinstall_templates -> templates

Update to 3.2.2

New:

  • Signatures: Add ESXi 7.0 U1 #2525 #2526 #2442
  • AlmaLinux & RockyLinux are now supported
  • Signatures: Add generic openSUSE Leap 15 #2508
  • Settings: Use .yaml as a file extension #2531
  • Settings: Validate what settings we have in the YAML-File #2533 #2419 #2530
  • Modules: We now support automatic Windows installations #2466
  • Docs: Terraform provider now included #2166 #2528

Changes:

  • Web Frontend: Show VMware as a breed #2449
  • Logging check fails with SELinux #2440 #2441
  • Typing: Convert docstring types to typing types #2564
  • ESXi Support: Now partly supported #2541
  • ipmitool now is upstream supported by fence_agents via ipmilanplus #2542
  • cobbler version remove the b prefix #2543
  • We are now using inst.ks instead of ks #2534
  • Use the python-file bindings instead of a subprocess call #2482 #2480
  • Web Interface: Make new user management more obvious #2484

Bugfixes:

  • Remove redundant .json suffix: #2451 #2376 #2545 #2529
  • PAM Authentication failures are fixed now: #2400 #2444
  • Templating: Fix Cheetah macros #2570 #2509 #2403
  • Templating: Fix regex replacements #2513
  • Templating: Add http_port to all snippets we are aware of #2058
  • API: Have the legacy fields kickstart and ks_meta present at all times. #2311 #2568
  • Replicate: revert_strip_none prior adding an object on replicate #2548 #2505
  • Replicate: Fix paths during replication #2516
  • Web interface: Fix snippet path #2520
  • Web interface: Prevent duplicate pathing of snippets #2485
  • Fix script path from Cobbler #2479 #2478
  • Settings: Add missing rsync flags option #2467 #2468
  • Startup: Cobbler starts with sub-profiles now #2259 #2450
  • Web: Permissions for /var/lib/cobbler/web.ss #2439 #2452
  • Power management: Follow the fence_agent return codes #1491
  • cobbler check: Fix dnsmasq check #2155

Other:

  • Cleanup unused import #2551
  • Docs: Improvements at various places #2547 #2481 #2473 #1801 #2228
  • Removed unused multi-language support #2532
  • Un-categorized improvements #2524 #2464
  • Items: Streamline template_types type in all items #2262

Breaking Changes:

  • Possibly the settings file is not correctly migrated and needs to be manually adjusted.
  • Rename settings to settings.yaml
  • Add all keys which are missing. List will be available in /var/log/cobbler/cobbler.log.
  • We dropped support for CentOS 7 since no full Python 3 stack is available #2515

Fedora

  • bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection
  • bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function
  • bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings

This update has been submitted for testing by orion.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update has obsoleted cobbler-3-820210923041615.9edba152, and has inherited its bugs and notes.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

11 months ago

This update has been pushed to stable.

11 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
Module
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
11 months ago
BZ#2006840 CVE-2021-40323 cobbler: Arbitrary File Disclosure/Template Injection via generate_script RPC method
0
0
BZ#2006884 CVE-2021-40323 cobbler: Arbitrary File Disclosure/Template Injection via generate_script RPC method [fedora-all]
0
0
BZ#2006897 CVE-2021-40324 cobbler: Arbitrary file write via upload_log_data XMLRPC function
0
0
BZ#2006902 CVE-2021-40324 cobbler: Arbitrary file write via upload_log_data XMLRPC function [fedora-all]
0
0
BZ#2006904 CVE-2021-40325 cobbler: Authorization bypass allows modifying settings
0
0
BZ#2006906 CVE-2021-40325 cobbler: Authorization bypass allows modifying settings [fedora-all]
0
0

Automated Test Results