Recommended Beta update for SUSE Manager Client Tools

Announcement ID:	SUSE-RU-2024:0198-1
Rating:	moderate
References:	bsc#1197507 bsc#1198903 bsc#1200122 bsc#1200149 bsc#1200163 bsc#1200591 bsc#1201003 bsc#1203283 bsc#1204126 bsc#1205207 bsc#1205759 bsc#1207352 bsc#1207830 bsc#1208612 bsc#1208719 bsc#1210458 bsc#1213691 bsc#1217832 jsc#ECO-3319 jsc#MSQA-718
Affected Products:	SUSE Manager Client Tools Beta for Ubuntu 20.04 2004

An update that contains two features and has 18 fixes can now be installed.

Description:

This update fixes the following issues:

scap-security-guide:

• Switch buggy journald plugindir remediation to write into journald.conf. (bsc#1217832)
• Updated to 0.1.70 (jsc#ECO-3319)
• Add openembedded distro support (#10793)
• Remove DRAFT wording for OpenShift STIG (#11100)
• Remove test-function-check_playbook_file_removed_and_added test (#10982)
• scap-security-guide: Add Poky support (#11046)
• Updated to 0.1.69 (jsc#ECO-3319)
• Introduce a JSON build manifest (#10761)
• Introduce a script to compare ComplianceAsCode versions (#10768)
• Introduce CCN profiles for RHEL9 (#10860)
• Map rules to components (#10609)
• products/anolis23: supports Anolis OS 23 (#10548)
• Render components to HTML (#10709)
• Store rendered control files (#10656)
• Test and use rules to components mapping (#10693)
• Use distributed product properties (#10554) revert patch that breaks the SLE hardening (bsc#1213691)
• Updated to 0.1.68 (jsc#ECO-3319)
• Bump OL8 STIG version to V1R6
• Introduce a Product class, make the project work with it
• Introduce Fedora and Firefox CaC profiles for common workstation users
• OL7 DISA STIG v2r11 update
• Publish rendered policy artifacts
• Update ANSSI BP-028 to version 2.0
• Updated to 0.1.67 (jsc#ECO-3319)
• Add utils/controlrefcheck.py
• RHEL 9 STIG Update Q1 2023
• Include warning for NetworkManager keyfiles in RHEL9
• OL7 stig v2r10 update
• Bump version of OL8 STIG to V1R5
• Various enhancements to SLE profiles
• Updated to 0.1.66 (jsc#ECO-3319)
• Ubuntu 22.04 CIS
• OL7 stig v2r9 update
• Bump OL8 STIG version to V1R4
• Update RHEL7 STIG to V3R10
• Update RHEL8 STIG to V1R9
• Introduce CIS RHEL9 profiles
• Also various SUSE profile fixes were done
• Updated to 0.1.65 (jsc#ECO-3319)
• Introduce cui profile for OL9
• Remove Support for OVAL 5.10
• Rename account_passwords_pam_faillock_audit
• CI ansible hardening and rename of existing Bash hardening
• Update contributors list for v0.1.65 release
• various SUSE profile specific fixes
• Require sudo, as remediations touch sudo config or use sudo.
• Enable ubuntu 2204 build
• Updated to 0.1.64 (jsc#ECO-3319)
• Introduce ol9 stig profile
• Introduce Ol9 anssi profiles
• Update RHEL8 STIG to V1R7
• Introduce e8 profile for OL9
• Update RHEL7 STIG to V3R8
• some SUSE profile fixes
• Added several RPM requires that are needed by the SUSE remediation scripts. (e.g. awk is not necessary installed)
• Updated to 0.1.63 (jsc#ECO-3319)
• multiple bugfixes in SUSE profiles
• Expand project guidelines
• Add Draft OCP4 STIG profile
• Add anssi_bp28_intermediary profile
• add products/uos20 to support UnionTech OS Server 20
• products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles
• Remove WRLinux Products
• Update CIS RHEL8 Benchmark for v2.0.0
• Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149)
• Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163)
• Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122)
• Fix the build for RHEL 7 and clones (python-setuptools is used)
• Fix the build for RHEL 9 and clones
• Convert one bash emitter to new jinja method. (bsc#1200163)
• Add python3-setuptools for all builds (so it is also used on debian and centos flavors)
• Updated to 0.1.62 (jsc#ECO-3319)
• Update rhel8 stig to v1r6
• OL7 STIG v2r7 update
• Initial definition of ANSSI BP28 minmal profile for SLE
• Updated to 0.1.61 (jsc#ECO-3319)
• Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7
• Introduce OL9 product
• Implement handling of logical expressions in platform definitions
• Bump disk size constraints to 7gb to avoid occasional disk fulls failures.

spacecmd:

• Version 5.0.1-1
• Use localhost without ssl when running on the server
• Version 4.4.10-1
• Update translation strings
• Version 4.4.9-1
• Version 4.4.8-1
• Add spacecmd function: cryptokey_update
• Bypass traditional systems check on older SUMA instances (bsc#1208612)
• fix argument parsing of distribution_update (bsc#1210458)
• Version 4.4.7-1
• remove pylint check at build time
• Display activation key details after executing the corresponding command (bsc#1208719)
• Show targetted packages before actually removing them (bsc#1207830)
• Version 4.4.6-1
• Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352)
• Version 4.4.5-1
• Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759)
• Add python-dateutil dependency, required to process date values in spacecmd api calls
• Remove python3-simplejson dependency
• Version 4.4.4-1
• Correctly understand 'ssm' keyword on scap scheduling
• Add vendor_advisory information to errata_details call (bsc#1205207)
• Change default port of "Containerized Proxy configuration" 8022
• Version 4.4.3-1
• Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126)
• Changed schedule product migration to use the correct API method
• Fix dict_keys not supporting indexing in systems_setconfigchannelorger
• Added a warning message for traditional stack deprecation
• Remove "Undefined return code" from debug messages (bsc#1203283)
• Version 4.4.2-1
• Stop always showing help for valid proxy_container_config calls
• Version 4.4.1-1
• Process date values in spacecmd api calls (bsc#1198903)
• Improve Proxy FQDN hint message
• Version 4.3.14-1
• Fix missing argument on system_listmigrationtargets (bsc#1201003)
• Show correct help on calling kickstart_importjson with no arguments
• Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
• Change proxy container config default filename to end with tar.gz
• Version 4.3.13-1
• Update translation strings
• Version 4.3.12-1
• Update translation strings
• Version 4.3.11-1
• on full system update call schedulePackageUpdate API (bsc#1197507)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Client Tools Beta for Ubuntu 20.04 2004
  zypper in -t patch SUSE-Ubuntu-20.04-CLIENT-TOOLS-BETA-2024-198=1

Package List:

• SUSE Manager Client Tools Beta for Ubuntu 20.04 2004 (all)
  • scap-security-guide-ubuntu-0.1.70-2.15.1
  • spacecmd-5.0.1-2.36.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1197507
• https://bugzilla.suse.com/show_bug.cgi?id=1198903
• https://bugzilla.suse.com/show_bug.cgi?id=1200122
• https://bugzilla.suse.com/show_bug.cgi?id=1200149
• https://bugzilla.suse.com/show_bug.cgi?id=1200163
• https://bugzilla.suse.com/show_bug.cgi?id=1200591
• https://bugzilla.suse.com/show_bug.cgi?id=1201003
• https://bugzilla.suse.com/show_bug.cgi?id=1203283
• https://bugzilla.suse.com/show_bug.cgi?id=1204126
• https://bugzilla.suse.com/show_bug.cgi?id=1205207
• https://bugzilla.suse.com/show_bug.cgi?id=1205759
• https://bugzilla.suse.com/show_bug.cgi?id=1207352
• https://bugzilla.suse.com/show_bug.cgi?id=1207830
• https://bugzilla.suse.com/show_bug.cgi?id=1208612
• https://bugzilla.suse.com/show_bug.cgi?id=1208719
• https://bugzilla.suse.com/show_bug.cgi?id=1210458
• https://bugzilla.suse.com/show_bug.cgi?id=1213691
• https://bugzilla.suse.com/show_bug.cgi?id=1217832
• https://jira.suse.com/browse/ECO-3319
• https://jira.suse.com/browse/MSQA-718