The following security issue in spacewalk-backend has been fixed:
- Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel.
(bsc#1026633, CVE-2017-7470)
Additionally, the following non-security issues have been fixed:
rhnlib:
- Support all TLS versions in rpclib. (bsc#1025312)
spacewalk-backend:
- Do not fail with traceback when media.1 does not exist. (bsc#1032256)
- Create scap files dir beforehand. (bsc#1029755)
- Fix error if SPACEWALK_DEBUG_NO_REPORTS env variable is not present.
- Don't skip 'rhnErrataPackage' cleanup during an errata update. (bsc#1023233)
- Add support for running spacewalk-debug without creating reports. (bsc#1024714)
- Set scap store dir mod to 775 and group owner to susemanager.
- Incomplete_package_import: do import rhnPackageFile as it breaks some package installations.
- Added traceback printing to the exception block.
- Change postgresql starting commands.
spacewalk-certs-tools:
- Always restart the minion regardless of its current state. (bsc#1034956)
- Correctly honor disabling of SSL in bootstrap script. (bsc#1033383)
- Add curl dependency and move mgr-proxy-ssh* to spacewalk-proxy package.
- Exit for non-traditional bootstrap scripts. (bsc#1020904)
- Rename mgr-ssh-proxy-force-cmd -> mgr-proxy-ssh-force-cmd.
- Add mgr-proxy-ssh-force-cmd, mgr-proxy-ssh-push-init to rpm.
- Add option to configure only sshd.
- Restrictive ssh options for user mgrsshtunnel.
spacewalk-client-tools:
- Fix reboot message to use correct product name. (bsc#1031667)
spacewalk-proxy:
- Add curl dependency and move mgr-proxy-ssh* to spacewalk-proxy package.
- Lower the use-file-instead-of-memory treshold. (bsc#1030342)
spacewalk-proxy-installer:
- Do not start firewall on proxy during configuration if not already active. (bsc#1031338)
- Salt minions get repodata via a different URL; reflect by additional squid rule. (bsc#1027873)
- Only warn if parent ssh-push pub key could not be retrieved.
- Generate and...