• Version Revision History
• About SUSE Manager
  • Stay up-to-date
• Major changes since SUSE Manager Server 2.1 GA
  • Features and changes
    • Support for OES 2015 and OES 2015 SP1
    • Support for SLES 12 LTSS
    • Support for SUSE Enterprise Storage 3
    • Support for SLE Module Certifications
    • Improve robustness of osad/jabberd
    • ssh push with sudo
    • SLE-Toolchain-12 Module added
    • SLE Point of Service 11 SP2 added
    • FULLY_UPDATE_THIS_BOX defaults to '0' now
    • Reserved channel labels and names
    • SSH push contact method in API
    • Signed repository metadata
    • SLE 11 SP4
    • Bring your own certificate
    • SUSE Manager 2.1 Server for IBM z Systems
    • Icinga monitoring server availability
    • PostgreSQL 9.4 on SLES 11 SP3
    • Update of certificate
    • Expanded support for RHEL7
    • Service pack migration via API
    • spacecmd made available to clients
    • Patch filtering in system set manager
    • spacewalk-debug reduced output
    • Service pack migration with Inter-Server-Sync
    • Support of Inter-Server-Sync with SUSE Customer Center
    • SUSE Customer Center integration
      • Changed setup workflow
    • New mgr-sync tool
    • Support for SUSE Linux Enterprise Server and Desktop 12
  • Notes
  • Patches
    • Patch 12956: SUSE Manager Server 2.1
    • Patch 12822: SUSE Manager Server 2.1
    • Patch 12705: SUSE Manager Server 2.1
    • Patch 12630: susemanager-sync-data
    • Patch 12567: SUSE Manager Server 2.1
    • Availability of LTSS patches
    • Patch 12454: SUSE Manager Server 2.1
    • Patch 12409: postgresql94
    • Patch 12392: susemanager-sync-data
    • Patch 12391: postgresql91
    • Patch 12345: susemanager-sync-data
    • Patch 12342: supportutils-plugin-susemanager
    • Patch 12331: SUSE Manager Server 2.1
    • Patch 12257: SUSE Manager Server 2.1
    • Patch 12132: SUSE Manager Server 2.1
    • Patch 12017: oracle-update
    • Patch 12016: spacewalk-backend
    • Patch 12015: sleman21-suse-manager-21-201507-12015
    • Patch 10827: SUSE Manager Server 2.1
    • Patch 10760: postgresql91
    • Patch 10736: susemanager-sync-data
    • Patch 10670: spacewalk-java, spacewalk-setup
    • Patch 10626: oracle-update
    • Patch 10679: struts
    • Patch 10579: SUSE Manager Server 2.1
    • Patch 10389: postgresql91
    • Patch 10275: oracle-update
    • Patch 10309: SUSE Manager Server 2.1
    • Patch 10252: spacecmd
    • Patch 10076: libyaml-0-2
    • Patch 10083: SUSE Manager 2.1
    • Patch 10022: apache2-mod_wsgi
    • Patch 9952: SUSE Manager Server 2.1
    • Patch 9812: sm-ncc-sync-data
    • Patch 9910: spacewalk-java
    • Patch 9675: perl-Class-Singleton, perl-File-Slurp, perl-JSON, perl-Readonly
    • Patch 9719: spacewalk-java
    • Patch 9527: oracle-update
    • Patch 9519: apache2-mod_wsgi
    • Patch 9430: SUSE Manager Server 2.1
    • Patch 9423: struts
• New features since SUSE Manager Server 1.7
  • Improved User Interface
  • Unattended bare-metal system provisioning
  • First-time installation support in System Set Manager
  • Power Management
  • Action chaining
  • Service location protocol
  • Package locks
  • Setup wizard
• Major changes since SUSE Manager Server 1.7
  • Base system upgrade to SLES 11 SP3
  • Upgrade to upstream Spacewalk 2.1
  • Change in behavior in network setup
  • Non compliant systems
  • Channel synchronisation logging
  • Inter Server Sync between 1.7 (master) and 2.1 (slave)
  • Embedded Oracle DB needs extra permission
  • New package pgtcl
  • Reboot action status is reflected immediately in UI
  • Taskomatic memory limits lifted
  • spacewalk-utils
• SUSE Manager Server requirements
  • System requirements
  • Disk space requirements
  • Database sizing requirements
• SUSE Manager Server distribution
• Installation and Setup
  • Upgrading from SUSE Manager Server 1.2
  • Migrating from RHN Satellite
  • How to apply patches on first install
  • How to apply patches to a running SUSE Manager Server
• Upgrade from SUSE Manager Server 1.7
  • Upgrade of Inter Server Sync setups
• Activation of SUSE Manager Server
  • Entitlement counting in SUSE Manager
• Supportability of embedded software components
• About SLES 12
• About the Client Tools Channel
• Red Hat Channels
• Support for SLES 10 based systems
• SUSE Manager Proxy versions
• Known bugs
• Upstream changes since SUSE Manager 1.7
• Providing feedback to our products
• Documentation and other information
• Legal Notices
• Colophon

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download at http://www.suse.com/download-linux/source-code.html.

Also, for up to three years from SUSE's distribution of the SUSE product, upon request SUSE will mail a copy of the source code. Requests should be sent by e-mail to sle_source_request@suse.com or as otherwise instructed at http://www.suse.com/download-linux/source-code.html. SUSE may charge a fee to recover its reasonable costs of distribution.

Version Revision History

• June 02, 2014: Initial release
• June 17, 2014: Changes for first maintenance update
• Oct 14, 2014:
  • Tools channel rename
  • Internet Explorer 8 is not supported
  • Cheetah template escaping removed
  • SCC integration
• Nov 11, 2014
  • SLE12 support
• Jan 8, 2015
  • Inter-Server-Sync changes
  • Complete list of released patches with details
  • Add links to bnc, bsc, and CVE references
• Feb 24, 2015
  • Expanded support for RHEL7
  • Service pack migration via API
  • spacecmd made available to clients
  • Patch filtering in system set manager
  • spacewalk-debug reduced output
  • Service pack migration with Inter-Server-Sync
• Apr 23, 2015
  • Updated patch list
  • Document certificate update
• May 10, 2015
  • Updated patch list
  • New channels made available
• Jun 18, 2015
  • Updated patch list
  • 'Bring your own certificate'
  • Icinga monitoring for SLES 12
  • PostgreSQL 9.4 for SLES 11 SP3
  • z Systems release
• Jun 20, 2015
  • SLE 11 SP4
  • Public Cloud Module
• Jul 29, 2015
  • Updated patch list
• Aug 13, 2015
  • Updated patch list
  • NTLM proxy auth not supported
• Sep 7, 2015
  • Note about 'reserved channel labels'
• Sep 16, 2015
  • FULLY_UPDATE_THIS_BOX defaults to '0' now
• Oct 16, 2015
  • SLE Point of Service 11 SP2 added
  • SLE-Toolchain-12 Module added
  • Support ssh push with sudo
  • Improve robustness of osad/jabberd
• Jan 20, 2016
  • Container Module 12 for s390x and ppc64le added
• Feb 9, 2016
  • Add support for SUSE-Enterprise-Storage 2.1
  • Add support for SLE12-SP1-SAP
  • Add support for SLES11-SP3-LTSS-Updates
• Mar 15, 2016
  • Updated patch list
• May 19, 2016
  • LTSS patches available
  • Updated patch list
• Aug 23, 2016
  • Bug fixes
• Oct 31, 2016
  • Bug fixes

About SUSE Manager

You have more than just a few Linux servers to manage, maybe even a mixed environment of RHEL and SLES?

Then SUSE Manager is the answer.

SUSE Manager gives you best of breed Linux lifecycle management based on the most mature codebase for any Linux management tool, with both RHEL and SLES support from one unified console, maintained and improved by the guys who wrote the fastest and most advanced Linux update stack on the planet.

SUSE Manager gives you the lowest possible Total Cost of Ownership for your Linux environment, from bare metal provisioning to daily patch management. SUSE Manager is an open source (GPLv2) Linux systems management solution that allows you to:

• Inventory your systems (hardware and software information)
• Install and update software on your systems
• Collect and distribute your custom software packages into manageable groups
• Provision (AutoYaST / Kickstart) your systems
• Manage and deploy configuration files to your systems
• Monitor your systems
• Provision and start/stop/configure virtual guests
• Distribute content across multiple geographical sites in an efficient manner
• Track compliance of managed systems with OpenSCAP

Stay up-to-date

You can stay up-to-date regarding information about SUSE Manager and SUSE products:

• Check the SUSE Manager Wiki
• Read the SUSE Blog

Major changes since SUSE Manager Server 2.1 GA

Features and changes

Support for OES 2015 and OES 2015 SP1

OES 2015 and OES 2015 SP1 are now supported, as well as the SP migration to OES 2015 SP1.

Support for SLES 12 LTSS

The long term service pack support (LTSS) for SLES 12 is now supported.

Support for SUSE Enterprise Storage 3

SUSE Enterprise Storage 3 is now supported.

Support for SLE Module Certifications

The SLE 12 Module 'Certifications' is now supported.

Improve robustness of osad/jabberd

The XMPP protocol defines a state machine for the subscription of a client to a contact's state - this is basically a series of intermediate states clients have to go through before getting any notification of another client's availability. We use this to subscribe RHN clients to osa-dispatcher's messages, so clients are expected to go through all states up to Both at registration time or soon afterwards.

If for any reason presence stanzas are lost in the process (due to network failures, bugs in osad code, bugs in jabberd etc.) RHN clients might be stuck in one of two limbo states waiting for server to acknowledge a message that it has never received.

This patch adds retrying of subscription in case the state is one of the two limbo states and more than one minute elapsed.

ssh push with sudo

The ssh push contact method normally logs in to managed clients using root credentials. This might be in conflict with local security policies.

It is now possible to use non-root credentials for the ssh connection and execute commands using sudo on the managed client.

If you wish to use sudo and a user different than root, you can set the following in rhn.conf:

    ssh_push_sudo_user = <user>

The same non-root user is used for all managed clients.

SLE-Toolchain-12 Module added

The SLE-Toolchain module for SLE 12 is now available in SUSE Manager.

SLE Point of Service 11 SP2 added

Channels for SLE Point of Service SP2 were missing and are now available.

FULLY_UPDATE_THIS_BOX defaults to '0' now

The setting FULLY_UPDATE_THIS_BOX in pub/bootstrap/bootstrap.sh used to default to '1' (yes), updating a managed client as soon as it came under control of SUSE Manager.

However, this didn't resonate too well when used on production systems.

Therefore, FULLY_UPDATE_THIS_BOX now defaults to '0' (no) and not causing harm.

Reserved channel labels and names

SUSE Manager comes with a predefined list of vendor channels whose names and labels cannot be used for user channels.

SSH push contact method in API

The SSH push contact method is now available through the API and the spacecmd CLI tool. See the system.getDetails and system.setDetails API methods.

Signed repository metadata

Metadata for repositories generated by SUSE Manager is now signed. This adds another safety layer on top of the already signed packages.

SLE 11 SP4

SUSE Linux Enterprise Server 11 SP4 and SUSE Linux Enterprise Desktop 11 SP4 are now supported and available as service pack migration targets.

Bring your own certificate

It is now possible to import a custom SSL certificate into SUSE Manager 2.1 Server.

See the Wiki page for detailed instructions.

SUSE Manager 2.1 Server for IBM z Systems

SUSE Manager 2.1 Server is now officially available for IBM z Systems (s390x architecture). Please see the SUSE Manager on IBM System z pages of the Installation & Troubleshooting Guide for installation instructions.

Icinga monitoring server availability

The Icinga monitoring system has been added to the SUSE Manager Tools Channel for SLES12 as a Technology Preview for SUSE Linux Enterprise Server 12.

These packages are not recommended for production use yet. We are planning to fully support the Icinga packages at a later point.

As part of a valid SUSE Manager Server subscription, an unlimited number of Icinga servers can be installed within the same organization on SUSE Linux Enterprise Server 12 systems that have a valid Standard or Priority subscription.

As long as Icinga is used without integration into SUSE Manager, no SUSE Manager Monitoring subscription is needed for the managed systems.

PostgreSQL 9.4 on SLES 11 SP3

An updated version of the PostgreSQL database is available on SLES 11 SP3 as postgresql94. This version is not supported on SUSE Manager 2.1.

Update of certificate

If your SUSE Manager Server 2.1 was a fresh install, you can safely skip this section.

If your SUSE Manager Server 2.1 was upgraded from a previous SUSE Manager Server 1.7 installation, please read on.

The base ('spacewalk') certificate stored in the SUSE Manager database will expire on 2015-July-21st.

To ensure uninterrupted service beyond this date, you need to extend the certificate's expiration date.

To update your spacewalk entitlement certificate please complete the following procedure:

At the server command line run:

mgr-sync

and then

/usr/lib/susemanager/bin/susemanager-update-swcert.sh

which produces one of the following messages

• ##### Your spacewalk certificate is up-to-date.#####

• ##### Update successfully finished.#####

• ##### Update failed.#####

The update will fail if you have more than one organization setup and are sharing your entitlements across a second or third organization.

The number of entitlements per row on the organization entitlements page cannot exceed 19,999 within a secondary organization. This bug occurs due to an incompatibility with SUSE subscription counting and the old spacewalk certificate.

As a work around log-in to the SUSE Manager web administration page and complete the following procedure.

• Select the Admin tab.
• On the admin page under the organization column select your Secondary Organization.
• Click the Subscriptions tab.
• Under System Entitlements re-allocate the number of entitlements to a number low as possible for each entitlement in the Proposed Total column. Image of Organization 2 Entitlements Page
• Select Update Organization.
• Re-run the update tool with /usr/lib/susemanager/bin/susemanager-update-swcert.sh which should result in

##### Update successfully finished.#####

You may now re-allocate your original required entitlements on your web admin entitlements page

Expanded support for RHEL7

SUSE Linux Enterprise Server with Expanded Support for RHEL7 is now available in SUSE Manager

Service pack migration via API

Two new API calls now allow to schedule service pack migrations or distribution upgrades via the SUSE Manager API.

system.scheduleSPMigration system.scheduleDistUpgrade

Navigate to Help -> API -> system -> scheduleSPMigration (resp. Help -> API -> system -> scheduleDistUpgrade) for details about these calls.

spacecmd made available to clients

The spacecmd package is now available to managed clients (except for Expanded support for RHEL 5) via the SUSE Manager Tools channel.

Patch filtering in system set manager

When applying patches to an individual system there is a drop down box to show all Security (or Bug Fixes, or Enhancement) patches. This drop down box is now also available for systems in the system set manager.

spacewalk-debug reduced output

spacewalk-debug removes old backup files now before creating the output tar file. This significantly reduces the size of the output file.

Service pack migration with Inter-Server-Sync

Service pack migration for clients attached to Inter-Server-Sync (ISS) slaves is only possible if all parent channels are synced.

The ISS slave needs this information to verify the correctness of base and child channels.

An alternative is to use the `system.scheduleSPMigration`` which does not run these checks.

Support of Inter-Server-Sync with SUSE Customer Center

The switch from Novell Customer Center (NCC) to SUSE Customer Center (SCC) as described below, also effects Inter-Server-Sync (ISS) slaves as follows:

• ISS slaves do not need mirror credentials any more
• The ISS master must be switched to SCC first, then the ISS slaves can follow.
• ISS slaves need to run
      mgr-sync enable-scc
  after the master has been switched

SUSE Customer Center integration

With the release of SUSE Linux Enterprise (SLE) 12, a new online service is available to manage subscriptions, channels, and access to patches.

This is called SUSE Customer Center - SCC

In order to manage SUSE Linux Enterprise Server (SLES) 12 or Desktop (SLED) 12 systems with SUSE Manager, you need to connect SUSE Manager to the SUSE Customer Center.

If you haven't deployed SLE 12, there is no need to connect to SCC.

You will still be reminded in the setup wizard to switch to the SUSE Customer Center. The migration process can be started from the Web UI and will take a couple of minutes.

Please follow these detailed instructions to connect SUSE Manager Server to the SUSE Customer Center.

Be patient, synching the complete data set from SUSE Customer Center can take up to several minutes. This will be improved in later releases.

Changed setup workflow

The initial, text-based setup workflow has been adapted to connect to SCC instead of NCC for the product and subscription data.

New mgr-sync tool

After SUSE Manager Server has been migrated to the SUSE Customer Center, a new tool to manage the data synchronization between both systems will be available.

mgr-sync is a full replacement of mgr-ncc-sync

mgr-sync has a simpler syntax and is easier to use. Run mgr-sync -h for help.

Support for SUSE Linux Enterprise Server and Desktop 12

A SUSE Manager Server connected to the SUSE Customer Center is able to deploy and manage SUSE Linux Enterprise Server and Desktop 12 systems.

Management of PowerPC (ppc64le) systems running SUSE Linux Enterprise Server 12 hasn't seen much testing yet and might be a bit unstable.

Notes

• Manager Tools channel rename for SLES 11 SP3
  The SUSE Manager Tools channel for SLE 11 SP3 was named 'sles11-sp2-suse-manager-tools-<arch>-sp3' in SUSE Manager 1.7
  and renamed to 'sles11-sp3-suse-manager-tools-<arch>' for SUSE Manager 2.1

• Internet Explorer 8 is not supported
  Using SUSE Manager with Internet Explorer 8 is not supported, please upgrade to Internet Explorer 9 or later.

• No automatic escaping in Cobbler templates

• NTLM-style http proxy authentication is not supported
  Due to technical limitations, NTLM-style authentication against http-proxies is not supported. SUSE Manager will fall back to digest or basic authentication in this case.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Patch 12956: SUSE Manager Server 2.1

https://download.suse.com/Download?buildid=fE4MaM58SYM~

This update fixes the following issues:

cobbler

• Using "chain.c32" instead of "LOCALBOOT -1" for the local boot entry in pxe menu. (bsc#988889)
• Fix ZIPL boot loader on S390. (bsc#1003895)

spacewalk-backend

• Add symlink for manpage to SUSE name of program. (bsc#1009435)
• Fix selection of primary interface. (bsc#1009677)
• Assign orphaned vendor packages to the default org. (bsc#995764)

spacewalk-branding

• Differentiate writable/non-writable fields. (bsc#868132)
• Fix checkbox icon align. (bsc#966888)
• Remove markup in auto-installation warning messages. (bsc#1006170)
• Add a link to action details in single patch schedule notification. (bsc#971342)
• Add a link to system pending events in patch schedule notification for a single system. (bsc#971342)
• Align-top radio button with base product.
• Make SPMigration button text more consistent.

spacewalk-certs-tools

• Allow passing multiple GPG keys to mgr-bootstrap. (bsc#989905)

spacewalk-java

• SPMigration: Don't break API interface (bsc#1017351)
• Fix checkbox icon align. (bsc#966888)
• Hides 'Save/Clear' buttons when no changes are present in action chain lists.
• Fix plus/minus buttons in action chain list. (bsc#1011344)
• Fix misleading message on system reboot schedule in SSM. (bsc#1011817)
• Increment 'earliest' date by a millisecond between chain actions. (bsc#973226)
• Fix SSM reboot action success messages. (bsc#968935)
• Unittests: Support SUSE Manager Server on aarch64. (bsc#1002776)
• Update 'view/modify file' action buttons text. (bsc#1009102)
• Clarify button label. (bsc#1010664)
• Check and fix also the assigned repository while updating the channels. (bsc#1007490)
• Match url including query parameter separator to have a definitive end of the path component. (bsc#1007490)
• Add a link to action details in single patch schedule notification. (bsc#971342)
• Add a link to system pending events in patch schedule notification for a single system. (bsc#971342)
• CVE Audit: Tolerate null products. (bsc#1004717)
• Fix autoyast upgrade mode. (bsc#1006786)
• Add a Back button for SPMigration wizard.

spacewalk-web

• Hides 'Save/Clear' buttons when no changes are present in action chain lists.
• Fix plus/minus buttons in action chain list. (bsc#1011344)

susemanager

• Create bootstrap repository for SLES for SAP ppc64le.
• Support creating bootstrap repositories for SLE12 SP2 family. (bsc#1010020)

susemanager-sync-data

• Support SLES for SAP on ppc64le. (bsc#1015414)
• Add Raspberry Pi channels to SUSE Manager.
• Add support for SUSE Enterprise Storage 4, SUSE OpenStack Cloud 7 and SLE-RT 12 SP2. (bsc#1006556, bsc#984450, bsc#984447)
• Support SUSE Manager Server on aarch64. (bsc#1002776)

Patch 12822: SUSE Manager Server 2.1

https://download.suse.com/Download?buildid=dgs1sRAiuz4~

This update fixes the following issues:

cobbler

• Enabling PXE grub2 support for PowerPC. (bsc#986978)

smdba

• Fix recovery.conf permissions and ownership for latest PostgreSQL. (bsc#1002231)

spacecmd

• Alert if a non-unique package ID is detected.
• Prevent crashes when running old-style spacecmd cache.
• Avoid errors if multiple packages with same long name enter the cache. (bsc#990264)

spacewalk-branding

• More 'errata' > 'patches' string fixes. (bsc#981635)
• SPMigration: Add multi-target-selection step in front of the wizard.

spacewalk-certs-tools

• Check only if all required packages are installed. (bsc#992987)
• Fix paths to trust dir and update-ca-certificates tool.

spacewalk-java

• Arch_type of a SUSEProduct can be null. (bsc#1001738, bsc#1001784, bsc#1001923, bsc#1002678)
• XMLRPC API for new SP Migration.
• SPMigration: Add multi-target-selection step in front of the wizard.
• Fix cloning errata severity from an errata. (bsc#1000666)
• Support Open Enterprise Server 11 SP3. (bsc#988303)
• Redirect user to a meaningful page after requesting details of non-existing Action Chain. (bsc#973198)
• Fix race condition during auto errata update. (bsc#969790)

susemanager-manuals_en

• Removed SLE 10 SP3, 10 SP4, 11 SP3 as supported client systems. (bsc#1000448)

susemanager-schema

• Add table for storing product extensions.
• Add severity_id to rhnErrataTmp for consistency with rhnErrata.
• Avoid a deadlock when deleting a server. (bsc#969790)

susemanager-sync-data

• Support Open Enterprise Server 11 SP3. (bsc#988303)
• Add Support for SLE12 SP2 family. (bsc#969889)
• AMD repositories removed because of security reasons.
• Add SLES12-GA-LTSS-X86 and SLES12-GA-LTSS-Z channel families. (bsc#994305)

Patch 12705: SUSE Manager Server 2.1

https://download.suse.com/Download?buildid=1AF0maYDwwQ~

This update includes the following new features:

• Add dependency packages for JeOS (fate#320809)

This update fixes the following issues:

jabberd

• Revert config files to %config(noreplace) (bsc#988378)

pxe-default-image

• Rebuild with latest OS fixes

smdba

• Use backup directory temp space on restore (bsc#986955)
• Enable --silent option working
• Prevent access uninitialized variable (possible crash)
• Return values from the backup locator (possible crash)
• Do not proceed of backups weren't enabled (CLI)
• On postgres, compute space-overview with the size(available and used) of the partition disk
• Compute the db usage percentage on the amount of the partition instead of the remaining space (bsc#977888)

spacewalk-backend

• Fix for non-integer IDs for bugzilla bug (bsc#975161)
• Silently ignore non-existing errata severity label on errata import, remove non-used exception (bsc#984452)
• spacewalk-repo-sync: Use dateutil parser (bsc#975161)
• Only trigger virtualization notification on server save when the virtualization data is not falsy (bsc#975120)
• Fix GPG bad signature detection and improve error messages (bsc#979313)

spacewalk-branding

• Fix message about debuginfo packages (bsc#972156)

spacewalk-certs-tools

• Fix mgr-ssh-push-init with proxy and sudo (bsc#982562)

spacewalk-client-tools

• Fix syntax error prevent reading HW data correctly (bsc#984622)

spacewalk-java

• Call cobbler sync in profile edit only if requested (bsc#991440)
• Support SP Migration from OES 2015 to 2015 SP1
• Disable YaST self update for new autoinstallation trees for SLE
• Support OES 2015 (bsc#934560)
• Use the IP address when doing ssh push via proxy (bsc#940927)
• Don't allow URLs that only differ on the authorization token (bsc#976184)
• Redirect migration with no Org to the first step (bsc#969529)
• Enhance list of channel families for SUSE Manager Server

spacewalk-web

• Fix perl query for satellite detection

susemanager

• Add dependency packages for JeOS (fate#320809)
• Try to add /repo path to mirror at accessible check
• Show optional channels in mgr-sync add channel and add an option to hide optional channels (bsc#977579)

susemanager-schema

• Remove duplicates from rhnChannelContentSource (bsc#976184)

susemanager-sync-data

• Support SLES12 LTSS (bsc#979288)
• Support SP Migration from OES 2015 to 2015 SP1
• Add requires to spacewalk-java with OES support
• Add support for OES 2015 and OES 2015 SP1 (bsc#934560)

zypp-plugin-spacewalk

• Fix failover for multiple URLs per repo (bsc#964932)

Patch 12630: susemanager-sync-data

https://download.suse.com/Download?buildid=QM7PKH2xwIs~

This update for susemanager-sync-data adds support for SUSE Enterprise Storage 3 and SLE Module Certifications.

Patch 12567: SUSE Manager Server 2.1

https://download.suse.com/Download?buildid=wFfHxMMocvU~

This update for SUSE Manager Server 2.1 fixes the following issues:

cobbler

• Add logrotate file for cobbler (bsc#976826)
• Fix cobbler yaboot handling (bsc#968406, bsc#966622)

osad

• Fix file permissions (bsc#970550)

rhnlib

• Use TLSv1_METHOD in SSL Context (bsc#970989)

spacewalk-backend

• Mgr_ncc_sync: Adapt to bulk scheduling introduced in scheduleSingleSatRepoSync

spacewalk-branding

• Fix link to "Schedule patch updates" (bsc#973432)
• Fix link to scheduled action for SP migration (bsc#968257, bsc#974315)
• Fix: 'Advanced Search' title consistency

spacewalk-certs-tools

• Fix file permissions (bsc#970550)

spacewalk-java

• Recreate upgrade paths on every refresh (bsc#978166)
• Call cobbler sync after cobbler command is finished (bsc#966890)
• Under high load, the service wrapper may incorrectly interpret the inability to get a response in time from taskomatic and kill it (bsc#962253)
• Log permissions problems on channel access while SP migration (bsc#970223)
• Unittests: support SLE-POS 11 SP3 as addon for SLES 11 SP4 (bsc#976194)
• Mgr-sync: use bulk channel reposync (bsc#961002)
• Double the backslashes when reading the config files from java (bsc#958923)
• When generating repo metadata for a cloned channel, recursively fetch keywords from the original channel (bsc#970901)
• Better logging for SP Migration feature (bsc#970223)
• Fix: 'Advanced Search' title consistency
• CVE-2015-0284: XSS when altering user details and going somewhere where you are choosing user (bsc#922740)
• CVE-2016-3079, CVE-2016-2103, CVE-2016-2104, CVE-2016-3097: Fix multiple XSS vulnerabilities (bsc#973162, bsc#974011, bsc#974010, bsc#973550)
• BugFix: 'Systems > Advanced Search' title and description consistency (bsc#966737)
• Fix: correct behavior with visibility conditions of sub-tabs in Systems/Misc page
• BugFix: add missing url mapping (bsc#961565)
• Fix kernel and initrd pathes for creating autoinstallation tries (bsc#966622)
• Fix tests for HAE-GEO on SLES 4 SAP (bsc#970425)
• Add unit tests for SLE-Live-Patching12 (bsc#924298)

spacewalk-utils

• Bugfix: don't repeat channel labels
• Taskotop: a utility to monitor what Taskomatic is doing
• Fix file permissions (bsc#970550)

suseRegisterInfo

• Fix file permissions (bsc#970550)

susemanager

• Add packages to bootstrap repo (bsc#971237)
• Mgr-sync: use bulk channel reposync (bsc#961002)
• Mgr_ncc_sync: adapt to bulk scheduling introduced in scheduleSingleSatRepoSync
• Add SLES 4 SAP to mgr-create-bootstap-repo as an option (bsc#972341)
• Put packages only available in SLE12 SP1 in a seperate list (bsc#970672)
• Fix file permissions (bsc#970550)

susemanager-sync-data

• Support SLE-POS 11 SP3 as addon for SLES 11 SP4 (bsc#976194)
• HAE-GEO is an addon product for SLES 4 SAP (bsc#970425)
• Add support for SLE-Live-Patching12 (bsc#924298, bsc#968851)

susemanager-tftpsync

• Rename change_tftpd_proxies.py to sync_post_tftpd_proxies.py and change trigger type (bsc#966890)

Availability of LTSS patches

More LTSS patches for SLES 11 SP3 have been released for SUSE Manager 2.1 Server.

Patch 12454: SUSE Manager Server 2.1

https://download.suse.com/Download?buildid=b981JeIz04k~

This update for SUSE Manager Server 2.1 fixes the following issues:

cobbler

• Fix SELinux check in koan. (bsc#959875)

spacewalk-backend

• Honor no_proxy variable in InterServerSync. (bsc#965651)
• Cut string after full characters. (bsc#960801)

spacewalk-branding

• If the installer is zypp, add all patches into one errata action. (bsc#960997)
• Fix broken link in SSM page.

spacewalk-certs-tools

• Allow for a more restrictive sudo configuration. (bsc#961521)
• Fix script to work with sudo user. (bsc#961521)
• Improve sudo support for simple registrations.
• Disable relevant services via systemd as well.
• Remove client bootstrap repo after installing needed packages.

spacewalk-client-tools

• Fix rhnChannel instance has no attribute 'get'. (bsc#964006)

spacewalk-java

• Unit tests for SLE-RT 12-SP1 and SUSE-OpenStack-Cloud-6. (bsc#952381, bsc#964033)
• Test support for SUSE-Enterprise-Storage 2.1, SLES 12-SP1-SAP, and SLES 11-SP3-LTSS. (bsc#963784, bsc#959548, bsc#965652)
• Fix typo in SQL statement. (bsc#959987, bsc#960855)
• Add Chile to the list of timezones. (bsc#959055)
• Avoid hitting the database twice in case of HTTP errors. (bsc#952418)
• Fix ssh push via proxy using sudo. (bsc#961521)
• Add Container Module for s390x and ppc64le. (bsc#956724)
• If the installer is zypp, add all patches into one errata action. (bsc#960997)
• Fix kickstart with multiple packages having same NEVRA. (bsc#959987, bsc#960855)

spacewalk-utils

• Add openSUSE Leap 42.1. (bsc#961353)
• Remove outdated openSUSE releases 12.3 and 13.1.

susemanager

• Add dependencies of python-cryptography to bootstrap package list. (bsc#959987)
• Don't reference Red Hat Manager during migration. (bsc#962127)
• Do not display database credentials during migration setup. (bsc#962338)
  susemanager-jsp_en and susemanager-manuals_en:

• Update text and image files. (bsc#965584)
• SP migration and ISS and API calls. (bsc#920369)
• Clarification in SUSE Manager Server Migration. (bsc#933044)
• Multiple Mirror Credentials with SCC. (bsc#939383)
• Fix zypper patterns in SUSE Manager Reference. (bsc#945963)
• Add external addresses with SCC. (bsc#949712)
• Clarification about rhnsd and osad usage. (bsc#964025)

susemanager-schema

• Add Chile to the list of timezones. (bsc#959055)

susemanager-sync-data

• Add support for SLE-RT 12-SP1. (bsc#952381)
• Add support for SUSE-OpenStack-Cloud-6. (bsc#964033)

zypp-plugin-spacewalk

• Adapt for up2date client changes.

Patch 12409: postgresql94

https://download.suse.com/Download?buildid=szIUID2jKM0~

This update of postgresql94 to 9.4.5 fixes the following issues:

* CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670) * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669)

Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html

Patch 12392: susemanager-sync-data

https://download.suse.com/Download?buildid=ChGi3j_YhYI~

This update for susemanager-sync-data fixes the following issues:

• Add support for SUSE-Enterprise-Storage 2.1 (bsc#963784)
• Add support for SLE12-SP1-SAP (bsc#959548)
• Add support for SLES11-SP3-LTSS-Updates (bsc#965652)

Patch 12391: postgresql91

https://download.suse.com/Download?buildid=fwX6BGC_6vI~

This update of postgresql91 to 9.1.19 fixes the following issues:

* CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669)

Also contains all changes and bugfixes in the upstream 9.1.19 release: http://www.postgresql.org/docs/9.1/static/release-9-1-19.html

Patch 12345: susemanager-sync-data

https://download.suse.com/Download?buildid=8OdFpD5uoW4~

This update for susemanager-sync-data adds support for the Container Module 12 on s390x and ppc64le architectures.

Patch 12342: supportutils-plugin-susemanager

This update for supportutils-plugin-susemanager fixes the following issues:

• Check PostgreSQL instead of Oracle. (bsc#959848)

Patch 12331: SUSE Manager Server 2.1

This update for SUSE Manager Server 2.1 fixes the following issues:

smdba

• Memory calculation optimization bugfix. (bsc#932966)
• Added "max_locks_per_transaction" and "max_connections" tuning parameters .

spacecmd

• Mimetype detection to set the binary flag requires 'file' tool.
• Set binary mode on uploaded files based on content. (bsc#948245)

spacewalk-admin

• Config-defaults directory changed, read rhn_audit defaults from new location.

spacewalk-backend

• Fix undefined variable if --sync-kickstart is used. (bsc#958395)
• Avoid referencing unassigned variable. (bsc#956981)
• Fix patch syncing if no issued date is given. Use "now" as date. (bsc#953584)
• Fix SUSE patch style detection for RES4. (bsc#953825)
• Additional debug data: listing of /srv/www/htdocs/pub and activation keys.

spacewalk-branding

• Calculate and set correctly height of aside menu. (bsc#934865)
• Branding: fix image urls.

spacewalk-certs-tools

• Fixed issue with sudo being checked, even if not set.

spacewalk-client-tools

• Fix client registration for network interfaces with labels. (bsc#956981)

spacewalk-java

• Prevent returning null on merging path slices. (bsc#950975)
• Sort channel list by name. (bsc#955204)
• Consider old products only if no patch is available. (bsc#954983)
• Avoid updating channel family counts when changing cloned channels via API. (bsc#949158)
• Use non-immediate errata cache rebuilding on channel unsubscription. (bsc#949158)
• Add support for timing out on an ssh connection. (bsc#945719)
• Remove inconsistency and make more general the action description for package page title and tab-title in Schedule. (bsc#935375)
• Use the new algorithm based on package names to determine if patch is applicable or not. (bsc#948964)
• Remove url decoding since values are already decoded at this point. (bsc#951549)
• Fix broken link from blue 'not-checking-in' system status icon. (bsc#943517)
• Fix incomplete enabling of config actions via snippet. (bsc#949528)
• Deactivate all non spacewalk plugin services and repos via snippet. (bsc#949554)
• Add SUSE Enterprise Storage 2. (bsc#949285)
• Add snippet to wait for NetworkManager. (bsc#937802)
• Support for SLE12 SP1 product family. (bsc#949726)

spacewalk-web

• Add custom rule to scroll to the url hash for pages in 'rhn/systems/ssm/misc' path. (bsc#934865)
• Calculate and set correctly height of aside menu. (bsc#934865)
• Add default setting for task timeout.

susemanager-schema

• When deleting a server, delete all associated rhnSet entries, even if it was migrated to a different Org. (bsc#950748)
• Adding on delete cascade to sppf_pid_fk. (bsc#948238)

susemanager-sync-data

• Add IBM DLPAR channels to SLES 12 SP1 ppc64le. (bsc#949726)

zypp-plugin-spacewalk

• Convert zypper output to valid UTF-8. (bsc#954602)
  How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start

Patch 12257: SUSE Manager Server 2.1

This update includes the following new features:

susemanager-sync-data

• Support for SLE12 SP1 product family (bsc#949726)
• Add SUSE Enterprise Storage 2 (bsc#949285)

susemanager

• Add SLE-12-SP1 to mgr-create-bootstrap-repo (bsc#949726)

zypp-plugin-spacewalk

• Support distribution upgrade with --no-allow-vendor-change for sle12 (fate#319128)
  How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-service start

Patch 12132: SUSE Manager Server 2.1

This collective update for SUSE Manager Server 2.1 provides the following new features:

• Prevent creation of channels with reserved names. (bsc#939349, fate#319308)
• Add SLE-Toolchain-12 Module. (bsc#942918, fate#316684)
• Support sudo with ssh-push.
  Additionally, several issues have been fixed:

jabberd

• Change attribute of config files from %config(noreplace) to %config. (bsc#940923)
• Automatically clean stale locks on startup. (bsc#933738)

osad

• Re-send subscription stanzas after a while. (bsc#933738)

pxe-default-image

• Add missing dependency on haveged.

sm-client-tools

• Show progress bar while registering for better user interaction. (bsc#823813)
• Added support for openSUSE clients.

spacecmd

• Revert "1207606 - Do not return one package multiple times". (bsc#945380)
• Check for existence of device description in spacecmd system_listhardware. (bsc#932288)

spacewalk-backend

• Read repository checksum type after setting the certificate for a repository.
• Define db_password to be read as a string. (bsc#946381)

spacewalk-branding

• Display a warning if the update stack is not up-to-date.
• Remove Upgrade Path from jsp page and StringResources.

spacewalk-certs-tools

• FULLY_UPDATE_THIS_BOX defaults to 0 now. Add option '--up2date' to mgr-bootstrap to fully update the system after registration.
• Add sudo support to ssh-push.

spacewalk-client-tools

• Add info on how to increase verbosity. (bsc#944263)
• Disable dmidecode on s390 and s390x. (bsc#936545)
• Recognize '.site' as an official TLD. (bsc#923990)
• Check for multiple entries in /etc/hostname. (bsc#929979)

spacewalk-java

• Support ssh-push with sudo.
• Fix CVE Audit for LTSS channels by looking at individual packages. (bsc#944729)
• Use same regexp for channel name as in CreateChannelCommand. (bsc#946248)
• Prevent major version Service Pack updates from 11 to 12.
• Display a warning if the update stack is not up-to-date.
• Fix output of client events. (bsc#935377)
• Fix pagination buttons. (bsc#935387)
• Fix typo in Organization users page. (bsc#943283)
• Do not return a OES repository with null credentials. (bsc#937030)
• Fix link back to the associated channel. (bsc#931519)

spacewalk-web

• Added sudo user configuration option and comments.

suseRegisterInfo

• Enable zypp readonly switch for product information retrieval. (bsc#940361)

susemanager

• Added python-gobject2, libudev1 and udev to SLE12 bootstrap repository. (bsc#945275)
• Do some more checks for validity of email address during setup. (bsc#933304)
• Refer to mgr-sync instead of mgr-ncc-sync after successful setup. (bsc#940811)
• Timeout when user does not enter credentials for 60 seconds for mgr-sync.

susemanager-jsp_en, susemanager-manuals_en

• Update text and image files. (bsc#940511)
• Use "Organization Credentials" instead of "Mirror Credentials". (bsc#907825)
• "Setup without Internet Connection". (bsc#937046)
• Traceback email and web.default_mail_from explanation. (bsc#933298)
• Emphasis taskomatic.maxmemory in documentation. (bsc#931239)
• RPC Connection Timeout Settings. (bsc#929379)
• Setup hints. (bsc#919093)
• Deleting SUSE Channels. (bsc#917771)
• Proxy to Internet / Certs. (bsc#912339)
• Doc comments done. (bsc#910666)
• NCC to SCC switch with SUSE Manager 2.1 (YaST changes). (bsc#907525)
• CVE Audit clarifications. (bsc#900087)

susemanager-schema

• Set errata-cache job to run every minute if old schedule is still active. (bsc#918994)

susemanager-sync-data

• Add channels for SLE Point of Service 11-SP2. (bsc#944220)
• Changed SAP All-in-One names.

zypp-plugin-spacewalk

• Fix output of client events. (bsc#935377)

How to apply this update:

1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service: spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema: spacewalk-schema-upgrade
5. Start the Spacewalk service: spacewalk-service start

Patch 12017: oracle-update

oracle-update was updated to fix eight security issues. (bsc#938160).

• CVE-2015-2629: Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution
• CVE-2015-2599: Vulnerability in the RDBMS Scheduler component of Oracle Database Server. This vulnerability requires Alter Session privileges for a successful attack. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Scheduler accessible data.
• CVE-2015-4735: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: RAC Management). Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager for Oracle Database accessible data.
• CVE-2015-4740: Vulnerability in the RDBMS Partitioning component of Oracle Database Server. This vulnerability requires Create Session, Create Any Index, Index object privilege on a Table privileges for a successful attack. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of RDBMS Partitioning possibly including arbitrary code execution within the RDBMS Partitioning.
• CVE-2015-4753: Vulnerability in the RDBMS Support Tools component of Oracle Database Server. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Support Tools accessible data.
• CVE-2015-0468: Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Analyze Any or Create Materialized View privileges for a successful attack. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS.
• CVE-2015-2647: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Enterprise Manager for Oracle Database accessible data as well as read access to all Enterprise Manager for Oracle Database accessible data.
• CVE-2015-2646: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Oracle Database accessible data.
  For more details please see http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html

Patch 12016: spacewalk-backend

This update for spacewalk-backend provides the following fixes:

• Enhance date only in patches to full ISO datetime. (bsc#937029)
• Fix UnboundLocalError on rhnFault in dist upgrade. (bsc#936182)
• Detect new and old SUSE patch style. (bsc#936869)

Patch 12015: sleman21-suse-manager-21-201507-12015

This update for SUSE Manager Server 2.1 adds support for the following products:

• Containers Module for SUSE Linux Enterprise 12. (bsc#936071)
• SUSE Linux Enterprise Server for SAP 11 SP4. (bsc#939699)

Additionally, it fixes a problem in the Oracle to PostgreSQL conversion tool and introduces support for SLE 11-SP4 to mgr-create-bootstrap-repo. (bsc#937943) (bsc#939707)

Patch 10827: SUSE Manager Server 2.1

The following new features have been implemented

• Add support for the SSH push contact method to the API and spacecmd. (fate#314858)
• Sign repository metadata generated on SUSE Manager. (fate#314603)
• Provide channels and upgrade paths for SLE 11 SP4 products. (fate#318261)

The following issues have been fixed

osad

• Fix duplicate jabber ids. (bsc#869888, bsc#931685)

rhnpush

• Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869)

spacecmd

• Do not escape spacecmd command arguments.
• Do not return one package multiple times.
• Show contact method with activationkey_details and system_details.
• Clone configuration files without loosing trailing new lines. (bsc#926318)

spacewalk-postgresql

• Block upgrade to PostgreSQL 9.4 temporarily.

spacewalk-backend

• Require pyliblzma to enable sync of EPEL repositories. (bsc#934417)
• Detect SUSE Manager Tools channel. (bsc#935433)
• Import RPMs which vendor is an empty string. (bsc#934124)
• Set primary interface during registration. (bsc#929058)
• Do not reset primary network interface at hardware refresh. (bsc#895071)

spacewalk-branding

• Fix file input control alignment issue with form-control. (bsc#873203)

spacewalk-certs-tools

• Write logfile for mgr-ssh-push-init to correct location. (bsc#918082)
• Add arguments to import custom CA file and server key/certificate files with rhn-ssl-tool.

spacewalk-client-tools

• Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869)

spacewalk-java

• Avoid deadlock in CompareConfigFilesTask when rhn_channel.update_needed_cache is in progress. (bsc#932845)
• Drop all product/channel relations before populating. (bsc#932052)
• Replace keyword iterator to fix writing support information. (bsc#933675)
• Revert "Java Eula database classes moved to Hibernate, fixes BLOB issue". (bsc#930686)
• Do not remove tasks from the database during getCandidates(). (bsc#932052)
• Force taskomatic to use UTF-8. (bsc#932652)
• Fix file input control alignment issue with form-control. (bsc#873203)
• Add SLE11-Public-Cloud-Module. (bsc#914606)
• Change Activation Key Child Channels from select to checkboxes. (bsc#859645)
• Fix NPEx when updating distribution and missing cobbler entry. (bsc#919722)
• Fix broken icon in rhn/help/ForgotCredentials.do. (bsc#915122)
• Return PATCHED if at least one patch is installed. (bsc#926146)

spacewalk-reports

• Fix system-currency report. (bsc#934957)

spacewalk-setup

• Configure Tomcat with maxThreads=200 and timeout 20 sec. (bsc#922923)

supportutils-plugin-susemanager

• Check if configured connections are aligned. (bsc#922923)
• Store spacewalk-debug.tar.gz in the supportconfig directory.
• Write current service and repository configuration into supportconfig.

susemanager-schema

• Fix rpm version compare in DB. (bsc#927940)

susemanager

• Fix mgr-create-bootstrap-repo for SLES 11 SP3 ppc64. (bsc#933942)
• Add SLES 12 for SAP to mgr_bootstrap_data. (bsc#933587)
• Give taskomatic more time to start up. (bsc#933275)
• Check for sufficient disk space during setup. (bsc#926234)

zypp-plugin-spacewalk

• Check for package signatures when metadata is not signed. (fate#314603)

Patch 10760: postgresql91

The following vulnerabilities have been fixed

• CVE-2015-3165: Avoid possible crash when client disconnects. (bsc#931972)
• CVE-2015-3166: Consistently check for failure of the *printf(). (bsc#931973)
• CVE-2015-3167: In contrib/pgcrypto, uniformly report decryption failures. (bsc#931974)

Patch 10736: susemanager-sync-data

This update provides the channels and data for

• SUSE Linux Enterprise 11 SP4 products.
• Public Cloud Module for SLE 11.

Patch 10670: spacewalk-java, spacewalk-setup

The spacewalk-java and spacewalk-setup packages were updated to fix one security issue

• CVE-2014-8162: RPC API XML External Entities file disclosure. (bsc#922525)

Patch 10626: oracle-update

The embedded Oracle database was updated to fix four security issues

• CVE-2015-0455: The XDB - XML Database component of Oracle Database Server could allow remote authenticated users unauthorized read access to arbitrary operating system files.
• CVE-2015-0457: The Java VM component of Oracle Database Server could allow remote authenticated users with Create Session privileges to execute arbitrary code.
• CVE-2015-0479: The XDK and XDB - XML Database component of Oracle Database Server could allow remote authenticated users with Create Session privileges to cause a partial denial of service (partial DOS) of XDK and XDB - XML Database.
• CVE-2015-0483: Remote authenticated users with Create Session privileges could update, insert or delete Core RDBMS accessible data.

Patch 10679: struts

Apache Struts was updated to fix one security issue

• The input validation could be bypassed in MultiPageValidator. (bnc#924887, CVE-2015-0899)

Patch 10579: SUSE Manager Server 2.1

This collective update for SUSE Manager Server 2.1 provides the following fixes

osad

• Apply needed SElinux fix for RHEL7 and make use of systemd unit files.
• Introduce notify_threshold for osa-dispatcher. (bsc#915581)

spacewalk-backend

• Include package inventory and channel report into spacewalk-debug.
• Add functionality on spacewalk-data-fsck to remove RPMs which don't match checksum.
• Don't crash re-registrations if the original owner has been deleted.
• Initialize the second DB connection only when needed.

spacewalk-branding

• Fix path to action chain page. (bsc#921720)

spacewalk-config

• Disable Cache-Control headers for non-dynamic content. (bsc#916220)

spacewalk-java

• Fall-back to Basic auth from NTLM when both are supported. (bsc#926319)
• Add SLE12-SAP product. (bsc#922744)
• SCCRepository: only NOT NULL database columns can be mapped to primitive types in Hibernate. (bsc#922313)
• Create only one errata cache worker per server. (bsc#918994)
• In case multiple packages are available, pick the most recent. (bsc#924118)
• Missing refactored SQL query for system available packages. (bsc#913400)
• Fix path to action chain page. (bsc#921720)
• Fix subscription check in case of an unset start date. (bsc#918220)
• Avoid high CPU loads with SSH push. (bsc#920687)
• Fix malformed repository metadata. (bsc#920400)
• Fix typo in Web UI. (bsc#918151)
• Revert fixing of versions, those should be regarded as historically correct rather than inconsistent. (bsc#910509)
• Catch NumberFormatException and send error to the client. (bsc#916177)

spacewalksd

• Install new service and enable it. (bsc#919433)
• Add service spacewalk-update-status. (bsc#919433)

spacewalk-setup

• Add read permissions for tomcat to the NCCcredentials file.

spacewalk-utils

• Fix automatic assumption of first phase. (bsc#922294)

supportutils-plugin-susemanager-client

• Write current service and repository configuration into supportconfig.

susemanager-jsp_en and susemanager-manuals_en

• Update text and image files. (bsc#909292)
• Bootstrap activation keys missing separation mark. (bsc#898272)
• The example of connecting to AD is not correct. (bsc#895870)
• Adjust RAM Requirements. (bsc#889508)
• Resolve various DocComments. (bsc#889159)
• Info on Expanded Support. (bsc#887340)
• Fix smdba documentation. (bsc#883396)

susemanager-schema

• Fix ORA-01403: no data found in update_needed_cache during re-registrations.
• Avoid a deadlock when changing channel assignments. (bsc#918549)
• Update adding aarch64 support to fix 1.7 to 2.1 update. (bsc#922468)
• Delete cached metadata and regenerate them. (bsc#920400)

susemanager

• Do not keep using expired tokens during refresh in mgr-sync. (bsc#922312)
• Add tool to update the spacewalk public cert in the DB.
• Prevent setup from being run twice when substantial configuration has been done.
• Add hook at the end of the setup process.

susemanager-sync-data

• Add SAP-Updates and AMD and NVidia channels to WE-SAP.
• Add SLE12-SAP product. (bsc#922744)
• Add SUSE Enterprise Storage 1. (bsc#910332)
• Add SUSE Cloud 5. (bsc#915133)
• Add Advanced Systems Management Module for s390x and ppc64le.

Patch 10389: postgresql91

The PostgreSQL database server was updated to 9.1.15, fixing bugs and security issues

• Fix buffer overruns in to_char() (CVE-2015-0241).
• Fix buffer overrun in replacement *printf() functions (CVE-2015-0242).
• Fix buffer overruns in contrib/pgcrypto (CVE-2015-0243).
• Fix possible loss of frontend/backend protocol synchronization after an error (CVE-2015-0244).
• Fix information leak via constraint-violation error messages (CVE-2014-8161).

For a comprehensive list of fixes, please refer to the following release notes

• http://www.postgresql.org/docs/9.1/static/release-9-1-15.html
• http://www.postgresql.org/docs/9.1/static/release-9-1-14.html
• http://www.postgresql.org/docs/9.1/static/release-9-1-13.html

Security Issues

• CVE-2015-0241
• CVE-2015-0243
• CVE-2015-0244
• CVE-2014-8161

Patch 10275: oracle-update

oracle-update has been updated to fix one security issue

• CVE-2015-0370: Unspecified vulnerability in the Core RDBMS component of Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 could allow remote authenticated users to affect integrity via unknown vectors (bnc#914702).

Security Issues

• CVE-2015-0370

Patch 10309: SUSE Manager Server 2.1

This collective update for SUSE Manager Server 2.1 provides the following new features

• ISS: export/import information about cloned channels to support Service Pack migration on ISS slaves. (FATE#317789)
• New API calls: system.scheduleSPMigration(), system.scheduleDistUpgrade(). (FATE#314785, FATE#314340)

Additionally, several issues have been fixed

cobbler

• Fix re-installation on SLE with static network configuration. (bsc#883487)
• Add RHEL 7 as a valid operating system version.

smdba

• Archival of PosgreSQL transaction log does not recover in case of no space left on device. (bsc#915140)

sm-ncc-sync-data

• Add support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)

spacewalk-backend

• Convert mtime to localtime to prevent invalid times because of DST. (bsc#914437)
• Do not exit with error if a vendor channel has no URL associated. (bsc#914260)
• Copy all SUSE Manager logfiles into spacewalk-debug.
• Exclude old backup-logs from spacewalk-debug to reduce size.
• Fix ISS export with unset patch severity.
• Convert empty string to null for DMI values. (bsc#911272)
• Fixed double-counting of systems subscribed to more than one channel.

spacewalk-certs-tools

• Do not allow registering a SUSE Manager server against itself. (bsc#841731)

spacewalk-java

• Fix auditlog config yaml syntax. (bsc#913221)
• Show Proxy tab if system is a proxy even when assigned to cloned channels. (bsc#913939)
• Fixed uncaught error which prevent correct error handling. (bsc#858971)
• Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)
• Fix more cross-site-scripting (XSS) issues. (CVE-2014-7811, bsc#902915)
• Fix basic authentication for HTTP proxies. (bsc#912057)
• Accept repos with same SCC ID and different URLs. (bsc#911808)
• Avoid mgr-sync-refresh failure because clear_log_id was not called. (bsc#911166)
• Fix cross-site-scripting (XSS) issue in system-group (CVE-2014-7812, bsc#912886)
• Fix "Select All" buttons display on rhn:list and make it consistent with new rl:list. (bsc#909724)
• Fix List tag missing submit parameter for "Select All" and others. (bnc#909724)
• Sort filelist in configfile.compare event history alphabetically. (bsc#910243)
• Allow parenthesis in system group description. (bsc#903064)
• Provide new API documentation in PDF format. (bsc#896029)
• Update the example scripts section. (bsc#896029)
• Fixed wording issues on package lock page. (bsc#880022)
• Make text more clear for package profile sync. (bsc#884350)

spacewalk-web

• Show Proxy tab if system is a proxy even when assigned to cloned channels. (bsc#913939)

supportutils-plugin-susemanager

• Write current service and repository configuration into supportconfig.

susemanager-jsp_en, susemanager-manuals_en

• Update text and image files (bsc#910494).
• Firewall rules are incomplete - ssh-push and ssh-push-tunnel settings missing. (bsc#904703).
• Document SP migration and ISS. (bsc#913215, partially).
• Fix "beta packages" mentioned in documentation. (bsc#886421).
• User guide: Snapshots: clarify snaphot usage. (bsc#906851).
• Document maximal supported configuration file limit. (bsc#910482).

susemanager-schema

• Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)
• Fix old migration for future reference. (bsc#911180)
• Avoid NPE when migrating to SCC on Oracle migrated from 1.7. (bsc#911180)
• Fixed double-counting systems subscribed to more than one channel.

susemanager

• Ask for the authentication beforehand. (bsc#908317)
• Bring back the ability to save credentials to the configuration file.
• Bring back token verification availability.
• Never ask for user credentials when scheduling a refresh.

susemanager-sync-data

• Added support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)

tanukiwrapper

• Allow more than 4G as -Xmx option. (bsc#914900)

Patch 10252: spacecmd

This update for spacecmd includes the following fixes

• Fix configchannel export: do not create 'contents' key for directories. (bsc#908849)
• Added feature to get installed packageversion of a system or systems managed by ssm to spacecmd.
• Fix patch summary printing.

Patch 10076: libyaml-0-2

This libyaml update fixes the following security issue

• Assert failure when processing wrapped strings (bnc#907809, CVE-2014-9130)

Security Issues

• CVE-2014-9130

Patch 10083: SUSE Manager 2.1

This collective update for SUSE Manager Server 2.1 provides the following new features

• Connect SUSE Manager to the SUSE Customer Center.
• Manage SLE12 systems.

Additionally, several issues have been fixed

auditlog-keeper

• Fix init.d script restart. (bsc#872029)

cobbler

• Fix port guessing in koan. (bsc#855389)
• Add "copy-default" option to grubby-compat. (bsc#855389)
• Handle elilo in SUSE. (bsc#855389)
• Fix wrong option "text" in SUSE environment. (bsc#901058)

osad

• Removed PyXML dependency for RHEL systems.
• Fix osad through unauthenticated proxy case.

pxe-default-image

• Wait for gateway to become available before register. (bsc#895001)

smdba

• Space reclamation caused ORA-00942: table or view does not exist. (bsc#906850)
• Optimized space reclamation for Oracle.

sm-ncc-sync-data

• Add ATI and nVidia channels for SLED11-SP3. (bsc#901108)

spacecmd

• Call listAutoinstallableChannels() for listing distributions. (bsc#887879)
• Fix spacecmd schedule listing. (bsc#902494)
• Teach spacecmd report_errata to process all-errata in the absence of further args
• Fix call of setCustomOptions() during kickstart_importjson. (bsc#879904)

spacewalk-backend

• Insert update tag at the correct place for SLE12. (bsc#907677)
• Different registration paths should lock tables in the same order.
• Use configuration file variable instead of hardcoded path part in spacewalk-data-fsck.
• Drop unused column product_list in suseProducts table.
• Trigger generation of metadata if the repo contains no packages. (bsc#870159)

spacewalk-branding

• Fix link to macro documentation. (bsc#895961)
• Add User Guide to online help pages.
• Require online manual packages.
• Fix branding in error message. (bsc#902503)
• Change texts to print Inter-Server Synchronization additionally to ISS only.
• Disable credentials and products dialog on ISS slave.
• Improve the layout in case the exception message is large.
• SCC notification: change the link to the verb 'Migrate'.
• Make the SCC migration/refresh dialog show steps.
• Use the NCC/SCC acronyms together with the full name.
• Show alert message about disabling cron jobs.

spacewalk-certs-tools

• Modify output in case a file is not found.
• Remove duplicates from authorized_keys2 as well. (bsc#885889)

spacewalk-java

• Throw channel name exception if name is already used. (bnc#901675)
• Don't commit when XMLRPCExceptions are thrown. (bsc#908320)
• Remove "Select All" button from system currency report. (bsc#653265)
• Fix documentation search. (bsc#875452)
• Add API listAutoinstallableChannels(). (bsc#887879)
• Avoid ArrayIndexOutOfBoundsException with invalid URLs. (bsc#892711)
• Avoid NumberFormatException in case of invalid URL. (bsc#892711)
• Lookup kickstart tree only when org is found. (bsc#892711)
• Fix NPE on GET /rhn/common/DownloadFile.do. (bsc#892711)
• Port of the advanced provisioning option page to bootstrap. (bnc#862408)
• New installations should use SCC as default customer center.
• mgr-sync refresh sets wrong permissions on JSON files. (bnc#907337)
• Fix link to macro documentation. (bsc#895961)
• Forward to "raw mode" page in case this is an uploaded profile. (bsc#904841)
• Enlarge big text area to use more available screen space. (bnc#867836)
• Add User Guide to online help pages.
• Fix links to monitoring documentation. (bsc#906887)
• Check memory settings for virtual SUSE systems.
• Fix install type detection. (bsc#875231)
• Point "Register Clients" link to "Client Configuration Guide". (bsc#880026)
• Change order of installer type: prefer SUSE Linux. (bsc#860299)
• Fix ISE when clicking system currency. (bnc#905530)
• Set cobbler hostname variable when calling system.createSystemRecord. (bnc#904699)
• Fix wrong install=http://nullnull line when calling system.createSystemRecord. (bnc#904699)
• Fix JS injection on /rhn/systems/Search.do page.
• Configuration file URL should update when you create new revision.
• User does not need to be a channel admin to manage a channel.
• We should consider if text <> binary has changed for configuration files.
• All API methods should be able to find shared channels.
• Explain snapshot/rollback behavior better. (bsc#808947)
• Fix patch syncing: prevent hibernate.NonUniqueObjectException and rollback. (bsc#903880)
• Remove "Add Selected to SSM" from system overview page. (bsc#901776)
• Fix CVE audit in case of multi-version package installed and patch in multi channels. (bsc#903723)
• Update channel family membership when channel is updated. (bsc#901193)
• Log SCC data files as received to files in SCCWebClient.
• Add log warning if uploaded file size > 1MB. (bnc#901927)
• Fix channel package compare. (bsc#904690)
• Fix automatic configuration file deployment via snippet. (bsc#898426)
• Avoid NPE when using 'from-dir', regression introduced with SCC caching.
• Add support for SLE12 and refactor kernel and initrd default paths finders.
• Fix wizard mirror credentials side help to point to SCC.
• Make the SCC migration/refresh dialog show steps.
• Show alert message about disabling cron jobs.
• Schedule sync of all vendor channels in MgrSyncRefresh job.
• Add client hostname or IP to log messages. (bsc#904732)
• Hide email field for mirror credentials when on SCC.
• We do not want to use cascade for EVR and name attributes of PackageActionDetails.
• Fixed copying text from kickstart snippets. (bsc#880087)

spacewalk-utils

• Prevent empty directory creation by scbd.
• Updated spacewalk-common-channels.ini to include Oracle Linux 7.
• Fix error if blacklist / removelist is not in scbd configuration file.
• Improve error messaging in scbd.

spacewalk-web

• Add User Guide to online help pages.
• Fix links to monitoring documentation. (bsc#906887)
• Fix rhnChannelNewestPackage table by using refresh_newest_package function again.
• Improve the layout in case the exception message is large.
• Setup wizard: add tooltip to refresh button.
• Stop the spinner for the success task.
• Link the error message with the tomcat log viewer.
• Make the SCC migration/refresh dialog show steps.
• Add a refresh button to the SUSE products page.

susemanager-manuals_en, susemanager-jsp_en

• Update text and image files. (bnc#907527)
• Document NCC to SCC switch with SUSE Manager 2.1. (bnc#907106, bnc#907643, bnc#907645, bnc#907646)
• SUSE Manager server update description. (bnc#902373)
• Activation keys and packages. (bnc#767279)
• Cobbler (bnc#880027), Link fix (bnc#881225), Wagon (bnc#884366)
• Install and ship the built PDFs. (bnc#907086)

susemanager-schema

• Fix migration script names to fix bare-metal registration (bsc#896109)
• Add virt-host-plat entitlement mappings for new arches.
• Create regular index instead and have one migration per DB. (bsc#905072)
• Drop unique index on package ids. (bsc#905072)
• Drop unused column product_list in suseProducts table.
• Drop unused column channel_family_id in suseProducts.

susemanager

• Abort setup when invalid SSL country code given. (bnc#882468)
• Use noRepoSync parameter always.
• Enable and allow "mgr-sync refresh" in the case of ISS.
• Fixed error message on exception in mgr-sync. (bnc#905263)
• Fixed add product to not trigger redundant addition of base channel. (bnc#901928)
• Drop unused columns in suseProducts table.

susemanager-sync-data

• Add channels for Public Cloud Module. (bsc#907586)
• Add new channel families SLE-WE and SLE-LP.
• Add ATI and nVidia channels for SLED11-SP3. (bsc#901108)
• Add channels for IBM-DLPAR for SLE12 ppc64le.

Patch 10022: apache2-mod_wsgi

apache2-mod_wsgi was updated to fix one security issue

• Failure to handle errors when attempting to drop group privileges. (CVE-2014-8583)

Security Issues

• CVE-2014-8583

Patch 9952: SUSE Manager Server 2.1

This collective update for SUSE Manager Server 2.1 provides the following fixes and enhancements

cobbler

• Require syslinux-x86_64 on s390x. (bsc#884051)
• Fix fetching of profiles for auto-installation. (bsc#880936)

oracle-config

• No need to pre-require Apache as its user and group are available in the base system.

osad

• Enable and install osad during first installation. (bsc#901958)
• Fix traceback if http proxy is not configured.
• Support communication over proxy.

pxe-default-image

• Add bind-utils (dig) to packagelist. (bsc#889739)

smdba

• Fully hot operations for PostgreSQL.
• Fix "system check breaks backup and other configuration".
• Implement rotating PostgreSQL backup. (bsc#896244)

spacecmd

• Fix listupgrades. (bsc#892707)
• Make print_result a static method of SpacewalkShell. (bsc#889605)

spacewalk-backend

• Use the old style ISS method with NCC backend.
• Make spacewalk-debug SCC migration compatible.
• ISS: Export/import subscriptions and entitlements.
• ISS: Remove old import code for NCC products and subscriptions.
• ISS: Export/import suseProductChannels and suseUpgradePaths via ISS.
• ISS: Export/import SUSE Products via ISS.
• Fix cleanup when database init goes wrong.
• Update channel checksum type for vendor channels.
• Read mirror credentials from database depending on the Customer Center backend.
• Speed up satellite-sync by avoiding commonly-called dblink_exec.
• Backend should correctly checksum configuration files with macros.
• Fix spacewalk-debug to be fully PostgreSQL aware.
• Correct UTF8 configuration files from being marked as binary.
• Preserve the query parameters in the URL.
• Allow missing packages in patches if they are not part of this repository.
• Handle SLE 12 update tag correctly in reposync.
• Fix traceback when pushing RPMs with archive size greater than 4GB.
• Queue server for errata cache update when package list changes.
• Recognize oVirt node as virtual system.

spacewalk-branding

• Integrate the refresh dialog with the setup wizard products page.
• Implement new "mgr-sync-refresh" taskomatic job.
• End-user documentation clarification.

spacewalk-certs-tools

• bootstrap.sh: When installing certificate via rpm, support both curl and wget.
• bootstrap.sh: Fail if both curl and wget are missing.
• bootstrap.sh: Install certificate in the right location on SLE 12.
• Fix removal of existing host key entries. (bsc#886391)

spacewalk-client-tools

• Allow unicode characters in proxy username and password.
• Send correct hostname. (bsc#887538)

spacewalk-config

• Add recommended Apache settings from the Security Team.

spacewalk-java

• Sync correct repositories. (bnc#904959)
• No refresh if this server is an ISS slave.
• Refresh is needed only if we are migrated to use SCC yet.
• Integrate the refresh dialog with the setup wizard products page.
• Implement new "mgr-sync-refresh" taskomatic job.
• Introduce caching of repositories read from SCC.
• Fix pxt page link to point to the ported version of that page. (bsc#903720)
• Only show the SMT warning if we are using from-mirror or from-dir.
• Add progress and reload page after finish.
• Do not allow to cancel the kickstart once completed.
• Don't schedule a remote-cmd if the system can't execute it.
• Schedule configuration actions asynchronously.
• Correctly apply patches to multiple systems in SSM. (bsc#898242)
• Ping SCC for testing proxy status if SCC is enabled.
• Implement the API methods to work with mirror credentials.
• Fix CVE audit when some packages of a patch are already installed. (bsc#899266)
• Download CSV button does not export all columns ("Base Channel" missing). (bsc#896238)
• Support SCC API v4 and token authentication with updates.suse.com.
• Official repository host is now updates.suse.com (after channels.xml change).
• Support list/add channels and products with SCC.
• SCC client for managing products and channels.
• Implement SLE 12 style of update tag handling while generating updateinfo.
• Add Korea to the list of timezones.
• Read and display only a limited number of logfile lines. (bsc#883009)
• Fix package upgrade via SSM. (bsc#889721)
• Fix logrotate for /var/log/rhn/rhn_web_api.log. (bsc#884081)

spacewalk-reports

• Improve documentation.
• Do not sort multival values within one column to match other multival values (in another columns).

spacewalk-search

• Set newly constructed "db_name" even if db_ssl_enabled is disabled.
• Fix package searching in shared channels.

spacewalk-setup

• No activation if database population should be skipped. (bsc#900956)
• Give Tomcat read permissions on the NCCcredentials file.
• Do not enable spacewalk-service in runlevel 4. (bsc#879992)

spacewalk-utils

• Add openSUSE 13.2 repositories to spacewalk-common-channels.
• Improve clone-by-date dependency resolution.
• Make clone-by-date able to specify --parents from configuration file.
• Add CentOS 7 and EPEL 7 channels.

spacewalk-web

• Integrate the refresh dialog with the setup wizard products page.
• Add aarch64 and ppc64le to parent-child channel compatibility list.
• WebUI cloning should use the same SQL query as API.

susemanager-manuals_en, susemanager-jsp_en

• Clarification about supported Web browsers. (bsc#889905)

susemanager-schema

• Add SLE 12 distribution targets to database.
• Fix evr_t schema upgrade. (bsc#881111)
• Allow evr_t to be compared with NULL in Oracle. (bsc#881111)
• Speed up satellite-sync by avoiding commonly-called dblink_exec.
• Make configuration file deletion faster if there are lots of snapshots.
• Add Fedora 21 and CentOS 7 GPG keys.
• Add support to ppc64le architecture.
• Add Korea to the list of timezones.

susemanager

• Schedule refresh after setup with SCC.
• On an ISS slave, disallow the use of mgr-sync with the exception of enable-scc.
• Recommend to run refresh after credentials are changed.
• ISS setup for SCC do not need mirror credentials anymore.
• Rename "Mirror Credentials" to "Organization Credentials" for SCC.
• Complete initial setup with SCC.
• Added --from-options switch to mgr-sync.
• Replace /etc/motd after setup. (bsc#883379)
• Adapt YaST setup to check credentials against SCC.
• Added mirror credential manipulation functions to mgr-sync.
• Implement mgr-sync to manage products and channels from SCC.
• Make mgr-create-bootstrap-repo SCC and SLE 12 aware.

suseRegisterInfo

• Re-add legacy suse_register_info to successfully perform the update. (bsc#898428)

zypp-plugin-spacewalk

• Check for retrieveOnly option in up2date configuration and set download_only. (bsc#896254)
• Changed the spec file to force usage of the official python VM. (bsc#889363)

yum

• Preserve query parameters in URLs. (bsc#896844)

Patch 9812: sm-ncc-sync-data

This update for sm-ncc-sync-data contains the following changes

• Add SUSE Cloud 4 channels. (bnc#883057)
• Add channels for SUSE Manager Server 2.1 s390x.
• Fix parent label of the LTSS channel for SLMS.

Patch 9910: spacewalk-java

Security Issues

• CVE-2014-3654

Patch 9675: perl-Class-Singleton, perl-File-Slurp, perl-JSON, perl-Readonly

Patch 9719: spacewalk-java

Additionally, the following bug was fixed

• Fixed package upgrade via SSM when using the Oracle DB as backend. (bnc#889721)

Security Issues

• CVE-2014-3595

Patch 9527: oracle-update

Security Issues

• CVE-2013-3751
• CVE-2013-3774
• CVE-2014-4236
• CVE-2014-4237
• CVE-2014-4245

Patch 9519: apache2-mod_wsgi

The following issues have been fixed in mod_wsgi

• Information exposure (bnc#878553): CVE-2014-0242
• Local privilege escalation (bnc#878550): CVE-2014-0240

Security Issues

• CVE-2014-0240
• CVE-2014-0242

Patch 9430: SUSE Manager Server 2.1

This collective update for SUSE Manager Server 2.1 provides the following fixes and enhancements

auditlog-keeper

• Fix value too long for type character varying(2048). (bnc#872351)

osad

• Call python using the -s option.

rhnlib

• Ensure bytes strings are sent to pyOpenSSL. (bnc#880388)

rhnpush

• Add default path structure to proxy lookaside that avoids collisions.
• Make rhnpush backwards-compatible with old spacewalk-proxy.

spacecmd

• Added option to force deployment of a config channel to all subscribed systems.
• Added last boot message in system_details command.
• Updated kickstart_import documentation.
• Added kickstart_import_raw command.

spacewalk-backend

• Additional spacewalk backend methods and capability needed.
• Spacewalk changes needed to support collisionless proxy lookaside.

spacewalk-branding

• CVE patches adapted for colour blind users. (bnc#872298)
• Underline in icons is removed. (bnc#880001)

spacewalk-java

• New page added for viewing channels a repo is associated to.
• Allow pasting of keys into textarea.
• Provide a faster systemgroup.listSystemsMinimal API method.
• Disable caching of Locale between page loads.
• Add spacewalk-report for systems with extra packages.
• Improve performance of Systems with Extra Packages query.
• System Event History page: fix link to pending events on Oracle databases.
• Fix human dates now() staying unmodified. (bnc#880081)
• Escape package name to prevent from script injection.
• Allow for null evr and archs on event history detail. (bnc#880327)
• Disable form autocompletion in some places. (bnc#879998)
• Add errata type selection to SSM page.
• Fix datepicker time at xx:xx PM pre-filled with xx:xx AM. (bnc#881522)

spacewalk-reports

• Use base_channel_id and child_channel_id instead of channel_id in activation_key report.
• Added channel- and server-group-ids to activation-keys.
• Spacewalk-report fix allows all activation-key info to live in one report.
• Added spacewalk-report for systems with extra packages.

spacewalk-setup

• Setup /etc/sudoers in SUSE Manager upgrade scripts (bnc#881711)

spacewalk-utils

• Fixed spacewalk-hostname-rename to work with PostgreSQL backend.
• Added limitation of spacewalk-clone-by-date for RHEL4 and earlier.

spacewalk-web

• Add development_environment to rhn_web.conf.

susemanager-schema

• Index for user_id on wupi table speeds up errata mailer.
• Copy upstream schema migration to SUSE Manager schema upgrade.

susemanager

• Update the sudoers file after SUSE Manager upgrade. (bnc#881711)
• Fix oracle2postgres.sh (database configuration).

Patch 9423: struts

Apache Struts was updated to fix a security issue

• CVE-2014-0114: The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.

New features since SUSE Manager Server 1.7

Improved User Interface

The Web UI is now based on the Twitter Bootstrap framework, dramatically enhancing its usability on mobile devices and tablets.

Unattended bare-metal system provisioning

SUSE Manager can be configured so that unprovisioned ("bare-metal") systems capable of PXE booting are added to an organization. After that happens, those systems will appear in the Systems list, where regular provisioning via autoinstallation is possible in a completely unattended fashion.

First-time installation support in System Set Manager

In SUSE Manager 1.7, the System Set Manager Autoinstallation tab could be used to re-install a system using an Autoinstallation profile. With SUSE Manager 2.1, the same tab can be used to create Cobbler system records to install an OS to a machine even if it didn't have one.

This replicates functionality provided by the Create Cobbler System Record button in Manager 1.7 for multiple systems.

Power Management

SUSE Manager allows you to power on, off and reboot systems via the IPMI protocol.

Action chaining

SUSE Manager can group a number of operations in a sequence, called an Action Chain, so that they are all scheduled at once and performed in a particular order.

Using Action Chains can be useful when dealing with some administrative tasks, for example rebooting a systems after deploying a patch. Action chaining can also be controlled via the API. See ‘actionchain’ in the API documentation.

Service location protocol

A SUSE Manager server announces itself via the SLP (service location protocol) service now. This can be used by clients to find the nearest SUSE Manager server to connect to.

Package locks

Locking of packages on the client (via zypper) is now possible. Locking prevents a change in the state of a package. An installed package cannot be upgraded or removed. An uninstalled package cannot be installed.

Setup wizard

This feature moves the CLI-based initial setup of SUSE Manager Server to the web UI. This setup will be started automatically after initial login into SUSE Manager.

The setup workflow will provide proxy settings, mirror credentials, and product selection, including syncing of mandatory channels.

Major changes since SUSE Manager Server 1.7

Base system upgrade to SLES 11 SP3

The underlying SLES 11 base system has been upgraded to Service Pack 3 (including updates)

Upgrade to upstream Spacewalk 2.1

The SUSE Manager code has been updated to reflect the 2.1 release of the upstream Spacewalk project (including updates)

Change in behavior in network setup

The network setup does not default to ‘dhcp’, you need to choose dhcp or static manually.

Non compliant systems

The semantics of ‘non compliant systems’ have been changed. A system is considered ‘non compliant’ if it has packages installed which are not available in a channel. A non compliant system cannot be re-installed.

The old semantics looked for packages in all available channels.

The new semantics look for packages only in channels assigned to the system.

Channel synchronisation logging

Logging of channel synchronisation (triggered by mgr-ncc-sync) was done per channel and sync run. Every new sync created a new log file. A cron job was used to clean up older logs files.

SUSE Manager 2.1 changes this to one log file per channel. All synchronisation runs for a specific channel log to the same file. Older log files are rotated and compressed now using logrotate.

Inter Server Sync between 1.7 (master) and 2.1 (slave)

An inter server sync (ISS) between a SUSE Manager 1.7 Server as master and a SUSE Manager 2.1 Server as client will succeed but generate an error mail to the admin. The error mail is harmless and can be deleted.

Embedded Oracle DB needs extra permission

When upgrading a SUSE Manager Server with Database 1.7 (using embedded Oracle DB), an additional permission (create role) will be added.

New package pgtcl

Stored procedures in PostgreSQL can now be written in the TCL language. The package pgtcl will be added on upgrade.

Reboot action status is reflected immediately in UI

The status of a rebooted client is now updated immediately. There was a delay in the status update in the past.

Taskomatic memory limits lifted

Taskomatic, the scheduler component of SUSE Manager, has an increased memory limitation (raised from 1 GB to 2GB). This might require an increase of main memory.

spacewalk-utils

spacewalk-utils, a packaged set of command line tools, continues to be L1* supported only - with some exceptions. Any of these commands needs expertise and can break your system. However, we consider these tools valuable enough to be included, but not fully supported.

* L1 (Problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering and basic troubleshooting using available documentation.)

The following tools of spacewalk-utils are fully supported:

• spacewalk-clone-by-date
• spacewalk-sync-setup (New for 2.1; See Inter Server Synchronization, Automated Configuration in the installation manual)
• spacewalk-manage-channel-lifecycle (New for 2.1)

SUSE Manager Server requirements

System requirements

SUSE Manager Server is a 64bit Java application with an embedded database backend. This requires sufficient CPU power and main memory. A multi-core 64bit CPU (x86_64) is required, accompanied with a minimum of 4 GB of main memory. Adding more main memory will significantly improve performance.

Disk space requirements

The database will write a recovery log, taking a lot of disk space. You need to follow a strict backup strategy to copy this log to a safe place and reclaim the disk space. See the SUSE Manager manual for details.

Database sizing requirements

The SUSE Manager Server database contains all information required to manage clients. This includes all installable packages and updates as well as lists of installed packages for every client. This data requires a lot of storage space on the harddisk, typically 50 GB or more per package repository.

See the Installation guide for more details on the system requirements.

SUSE Manager Server distribution

SUSE Manager Server is distributed as an appliance which bundles an operating system (SLES 11 SP3 x86_64) with the SUSE Manager Server application and a database. The installable ISO of the SUSE Manager Server appliance can be deployed on physical hardware or fully virtualized (e.g. KVM, VMware) hosts.

Installation and Setup

Installation is done in two major steps. The first installs the appliance and configures the underlying SLES 11 operating system. The second configures SUSE Manager Server and populates the database with initial data. See the Installation guide for step-by-step instructions for installing and configuring SUSE Manager Server. Upgrading from SUSE Manager Server 1.7

An existing SUSE Manager Server 1.7 installation can be upgraded to SUSE Manager Server 2.1 with the help of YaST2 wagon. This is essentially the same workflow as a SLES service pack upgrade.

After the service pack migration has finished successfully, reboot the server and run

  /usr/lib/susemanager/bin/susemanager-upgrade.sh

to complete the SUSE Manager Server upgrade

Be aware that the required database schema migration can be a time-consuming process, esp. if monitoring is enabled and used.

Upgrading from SUSE Manager Server 1.2

An upgrade from SUSE Manager Server 1.2 to SUSE Manager Server 2.1 is not supported. If you still have SUSE Manager Server 1.2 running, please upgrade to SUSE Manager Server 1.7 first and then do the upgrade to SUSE Manager Server 2.1

Migrating from RHN Satellite

It is also possible to migrate data from an existing Red Hat Satellite Server.

Satellite migration requires SUSE Manager Server with an external Oracle database.

The migration itself is a time-consuming process and requires careful planning and expertise. Migration needs to sync the complete database as well as all cached RPM packages. Depending on the network bandwidth and the database setup, this can take up to a day or more.

Depending on the actual database structure and contents, a server migration might also fail. Please report problems via your support channel.

How to apply patches on first install

On first install (i.e. before running yast2 susemanager_setup) just follow the Quick Start guide and apply available patches using either zypper patch or YaST Online Update.

How to apply patches to a running SUSE Manager Server

In general, follow the patch description when installing updates. Only apply updates to a stopped SUSE Manager Server (spacewalk-service stop)

For changes to the database schema, running spacewalk-schema-upgrade is required. Proceed as follows:

1. Log in as root user to the SUSE Manager server console.
2. Stop the Spacewalk service: spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema with: spacewalk-schema-upgrade
5. Start the Spacewalk service: spacewalk-service start

Upgrade from SUSE Manager Server 1.7

SUSE Manager Server 1.7 can be upgraded to SUSE Manager Server 2.1 by the help of YaST wagon, similar to a SLES 11 SP2 to SP3 service pack migration.

Upgrade of Inter Server Sync setups

In ISS (Inter Server Sync) setups, upgrade all slaves to 2.1 before upgrading the master.

Activation of SUSE Manager Server

With the purchase of SUSE Manager Server you will get an activation code. This code needs to be entered at the registration step during installation.

This code enables your SUSE Manager Server to retrieve updates from the Novell Customer Center. Regularly installing updates is a mandatory step to keep your SUSE Manager Server stable and secure. Before applying some updates the SUSE Manager services needs to be stopped and only restarted after the update has been applied. See the SUSE Manager Installation Guide for details.

Entitlement counting in SUSE Manager

SUSE Manager currently doesn't technically limit the number of deployed servers in most cases, except for a theoretical limit of 200,000 entitlements/subscriptions. Please note that this is a technical limitation and does not indicate in any way that you can deploy more servers than you have valid subscriptions for! Later releases of SUSE Manager Server will keep track of allowed and used entitlements for managed systems.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage is not supported.

About SLES 12

SUSE Linux Enterprise Server 12 (SLES 12), scheduled for autumn 2014, has a new signing key for packages and repositories. If you upgraded from SUSE Manager 1.7, you need to manually accept this new key into SUSE Manager 2.1 when prompted to.

A fresh installation of SUSE Manager 2.1 will have this key included.

About the Client Tools Channel

The Client Tools Channel contains client-side packages to enable specific functionality. Please refer to the Client Configuration Guide about which packages relate to which function. Some packages have a very specific use case and installing them blindly is discouraged.

Red Hat Channels

Managing Red Hat clients requires availability of appropriate Red Hat packages. These are not available through the Novell Customer Center (NCC) but must be provided by other means, e.g. from a retired Red Hat Satellite installation.

Support for SLES 10 based systems

The SUSE Manager client stack for SLES10 based systems is identical to the one used on SLES11 based systems. SLES 10 systems managed by SUSE Manager will have the ZENworks Managemen Daemon (ZMD) and the rug command line tool removed.

SUSE Manager Proxy versions

SUSE Manager Server 2.1 can work with version 1.7 of SUSE Manager Proxy.

Upgrade of SUSE Manager Proxy from version 1.7 to 2.1 is possible.

Known bugs

• Audit log line too long
• Schedule autoinstallation in advanced configuration mask is not working
• RH client registration fails to install packages
• 500 Error on Rollback
• insserv errors during yast2 susemanager_setup run
• "Register Systems" link points to non-matching documentation
• Events > History (none) gives internal error

Upstream changes since SUSE Manager 1.7

• Auditing feature which enables tracking information like "Who created this user?" or "Who deleted this server?"
  • ​https://fedorahosted.org/spacewalk/wiki/AuditReporting
• SCAP improvements
  • The latest Spacewalk is able to aggregate full SCAP results, including the XCCDF Result file, OVAL Result Files and OpenSCAP HTML Report. These files are available for user download at the scan's details page.
  • This feature needs to be turned on in an organization's Configuration settings
• ISS Features
  • Custom-channel-permissions and org-trusts synchronized
  • New WebUI for managing ISS configuration (see Admin\ISS Configuration)
  • ​https://fedorahosted.org/spacewalk/wiki/ISSSyncPermissions
• WebUI is now smoother thanks to CSS3 (if you are using IE8 and lower you won't see this)
• Plenty of small enhancements like overview page for Physical systems only
• SCAP improvements
  • Support for XCCDF 1.2
  • XCCDF Diff, comparison of two XCCDF scans.
  • Allow --cpe command-line argument to oscap
• User Interface Enhancements
  • Display Activation key used to register, on system profile page
  • Highlightning of hovered row in tables
  • CSS rules for printing of WebUI pages
  • Link associated errata to package from package overview page
  • Added CVS download/report of Software Channel Entitlements
• Bug 877451 - yum-like per-repo configuration for spacewalk-repo-sync
• Bug 878216 - make rhncfg diff output configurable
• Updates to spacewalk-repo-sync:
  • Syncing over SSL and IPv6 works correctly
  • Sync Kickstart Trees (Distributions)
• New features related to Kickstarting systems:
  • Allow the selection of a primary network interface from hardware profile
  • Allow Kickstart Profile to automatically update to newest applicable Distribution
• OpenSCAP functionality extended
• Distribution-channel mapping can be customized per organization
• (RHEL only) spacewalk-repo-sync now downloads comps information, enabling yum group operations
• User Interface and usability improvements
• PostgreSQL improvements
• Cobbler 2.0 now packaged in Spacewalk repos
• Archived actions now can be deleted
• New reports added to spacewalk-reports:
  • custom-info
  • inactive-systems
  • inventory (modified)
  • packages-updates-all
  • packages-updates-newest
  • system-currency
  • system-groups
  • system-groups-keys
  • system-groups-systems
  • system-groups-users
  • system-packages-installed
• Modified API calls:
  • activationkey.addChildChannels
  • activationkey.setDetails
  • channel.software.clone
  • channel.software.getGetails - key “yumrepo_last_sync” is now optional
  • configchannel.createOrUpdatePath - now accepts also binary attribute and has fixed handling of binary files
  • configchannel.lookupFileInfo - now returns base64 encoded content for binary files
  • errata.findByCve
  • errata.setDetails
  • kickstart.createProfile
  • kickstart.profile.addScript
  • kickstart.profile.setAdvancedOptions
  • org.delete
  • proxy.listAvailableProxyChannels
  • system.crash.getCrashOverview
  • system.crash.listSystemCrashFiles
  • system.getScriptResults - now returns base64 encoded content for binary files
  • system.listSystemEvents
  • system.provisionVirtualGuest - accepts MAC address parameter
  • system.scap.scheduleXccdfScan - can be scheduled for multiple servers and with timestamp to fire the scan
  • system.scheduleApplyErrata
  • system.schedulePackageInstall
  • system.scheduleHardwareRefresh
  • system.scheduleReboot
  • system.scheduleScriptRun
  • system.scheduleSyncPackagesWithSystem
  • systemgroup.scheduleApplyErrataToActive
• New API calls:
  • actionchain.addConfigurationDeployment
  • actionchain.addPackageInstall
  • actionchain.addPackageRemoval
  • actionchain.addPackageUpgrade
  • actionchain.addPackageVerify
  • actionchain.addScriptRun
  • actionchain.addSystemReboot
  • actionchain.createChain
  • actionchain.deleteChain
  • actionchain.listChainActions
  • actionchain.listChains
  • actionchain.removeAction
  • actionchain.renameChain
  • actionchain.scheduleChain
  • channel.software.addRepoFilter
  • channel.software.setRepoFilters
  • channel.software.clearRepoFilters
  • channel.software.removeRepoFilter
  • channel.software.listRepoFilters
  • distchannel.listMapsForOrg
  • distchannel.setMapForOrg
  • errata.cloneAsOriginalAsync, errata.cloneAsync
  • kickstart.importFile (variant)
  • kickstart.createProfile (variant)
  • kickstart.createProfileWithCustomUrl (variant)
  • kickstart.importRawFile (variant)
  • kickstart.profile.getCfgPreservation
  • kickstart.profile.setCfgPreservation
  • kickstart.profile.getUpdateType
  • kickstart.profile.setUpdateType
  • org.getCrashFileSizeLimit
  • org.setCrashFileSizeLimit
  • schedule.deleteActions
  • sync.master.addToMaster
  • sync.master.create
  • sync.master.delete
  • sync.master.getDefaultMaster
  • sync.master.getMaster
  • sync.master.getMasterByLabel
  • sync.master.getMasterOrgs
  • sync.master.getMasters
  • sync.master.makeDefault
  • sync.master.mapToLocal
  • sync.master.setCaCert
  • sync.master.setMasterOrgs
  • sync.master.unsetDefaultMaster
  • sync.master.update
  • sync.slave.create
  • sync.slave.delete
  • sync.slave.getAllowedOrgs
  • sync.slave.getSlave
  • sync.slave.getSlaveByName
  • sync.slave.getSlaves
  • sync.slave.setAllowedOrgs
  • sync.slave.update
  • Everything under system.crash, including:
    • system.crash.createCrashNote
    • system.crash.deleteCrash
    • system.crash.deleteCrashNote
    • system.crash. getCrashCountInfo
    • system.crash.getCrashNotesForCrash
    • system.crash.getCrashOverview
    • system.crash.getCrashesByUuid
    • system.crash.getCrashFile
    • system.crash.getCrashFileUrl
    • system.crash.getLastReportDate
    • system.crash.getTotalCrashCount
    • system.crash.getUniqueCrashCount
    • system.crash.listSystemCrashFiles
    • system.crash.listSystemCrashes
  • system.deleteSystem (variant)
  • system.listAllInstallablePackages
  • system.listSystemsWithExtraPackages
  • system.listExtraPackages
  • system.listActiveSystemsDetails
  • system.setPrimaryInterface
  • system.scap.listXccdfScans
  • system.scap.getXccdfScanDetails
  • system.scap.getXccdfScanRuleResults

• We parted with API call:
  • distchannel.setDefaultMap

Providing feedback to our products

In case of encountering a bug please report it through your support contact.

Documentation and other information

http://www.suse.com/products/suse-manager/technical-information/contains additional or updated documentation for SUSE Manager Server 2.1.

These Release Notes are available online at http://www.suse.com/documentation/releasenotes. Further information about SUSE Manager is available at http://wiki.novell.com/index.php/SUSE_Manager

Visit http://www.suse.com for the latest Linux product news from SUSE and http://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

Legal Notices

  SUSE Linux GmbH 
  Maxfeldstr. 5 
  D-90409 Nürnberg 
  Tel: +49 (0)911 740 53 - 0 
  Email: feedback@suse.com 
  Registrierung/Registration Number: HRB 21284 AG Nürnberg 
  Geschäftsführer/Managing Director: Jeff Hawn, Jennifer Guild, Felix Imendörffer 
  Steuernummer/Sales Tax ID: DE 192 167 791 
  Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to http://www.novell.com/company/policies/trade_services/ for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012 SUSE. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (http://www.novell.com/company/legal/trademarks/tmlist.html). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.