Foreman 1.15.2 bug fix release

dLobatog · July 13, 2017, 11:09am

Foreman 1.15.2 is now available with bug fixes for fifteen issues,
notably problems when the fix_db_cache setting was set, Foreman has
been unable to boot in some cases.

Please see the release notes for the full list of changes:
https://theforeman.org/manuals/1.15/#Releasenotesfor1.15.2

It is likely that a 1.15.3 will follow suit in two weeks or less, to
harden the release. Please report any bugs using our tracker (see the
Bug reporting section of this email).

Information

···

=========== For installation or upgrade instructions, see:

Installation quick start:
https://theforeman.org/manuals/1.15/quickstart_guide.html

Upgrade instructions:
https://theforeman.org/manuals/1.15/index.html#3.6Upgrade

Release notes:
https://theforeman.org/manuals/1.15/index.html#Releasenotesfor1.15

Do take note of the upgrade warnings and deprecations in this release:
https://theforeman.org/manuals/1.15/index.html#Upgradewarnings

Downloads

Packages may be found in the 1.15 directories on both deb.foreman.org
and yum.theforeman.org, and tarballs are on downloads.theforeman.org.

The GPG key used for RPMs and tarballs has the following fingerprint:
6610 7FC8 658F F702 E849 9AC4 17A3 FD24 9A8D AAD5
(Foreman :: Security)

Bug reporting

If you come across a bug, please file it and note the version of
Foreman
that you’re using in the report.

Foreman: Foreman
Proxy:
Foreman
Installer:
Foreman

Best,

–
Daniel Lobato Garcia

@dLobatog
blog.daniellobato.me
daniellobato.me

GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
Keybase: https://keybase.io/elobato

dLobatog · July 13, 2017, 3:06pm

tl;dr: if you installed tfm-rubygem-safemode 1.3.2, either update your
templates to not use "&:" in Ruby blocks, or downgrade to 1.3.1.

In case you've recently upgraded, the 1.3.2 version of Safemode
(rubygem-safemode) was put on the 1.15 repos a few days ago. This
version includes a security patch to make the jail more secure.

(https://github.com/svenfuchs/safemode/pull/23/files)

However - our templates supplied by default, contain some code
incompatible with this change, namely line 53 here:

github.com

theforeman/community-templates/blob/d2b82a88fdf8ccdf2dc278161df1e80f406de6ee/provisioning_templates/provision/kickstart_default.erb#L53


selinux --<%= @host.params['selinux-mode'] || @host.params['selinux'] || 'enforcing' %>
keyboard <%= @host.params['keyboard'] || 'us' %>
skipx


<% subnet = @host.subnet -%>
<% if subnet.respond_to?(:dhcp_boot_mode?) -%>
<% dhcp = subnet.dhcp_boot_mode? && !@static -%>
<% else -%>
<% dhcp = !@static -%>
<% end -%>
network --bootproto <%= dhcp ? 'dhcp' : "static --ip=#{@host.ip} --netmask=#{subnet.mask} --gateway=#{subnet.gateway} --nameserver=#{[subnet.dns_primary, subnet.dns_secondary].select(&:present?).join(',')}" %> --hostname <%= @host %><%= os_major >= 6 ? " --device=#{@host.mac}" : '' -%>


rootpw --iscrypted <%= root_pass %>
<% if @host.param_true?('disable-firewall') -%>
firewall --disable
<% else -%>
firewall --<%= os_major >= 6 ? 'service=' : '' %>ssh
<% end -%>
authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash || 'sha256' %> --kickstart
timezone --utc <%= @host.params['time-zone'] || 'UTC' %>
<% if rhel_compatible -%>

If you are using "&:", please start using other options such as .each,
.map, etc… to ensure compatibility with 1.15.3, which will ship with
1.3.2 safemode and the security patch.

I have removed safemode 1.3.2 from our 1.15 repos, so new installs
or upgrades will not be affected.

Shoutouts to afisher for warning about this on #theforeman IRC today.

···

On 07/13, Daniel Lobato Garcia wrote: > Foreman 1.15.2 is now available with bug fixes for fifteen issues, > notably problems when the fix_db_cache setting was set, Foreman has > been unable to boot in some cases. > > Please see the release notes for the full list of changes: > https://theforeman.org/manuals/1.15/#Releasenotesfor1.15.2 > > It is likely that a 1.15.3 will follow suit in two weeks or less, to > harden the release. Please report any bugs using our tracker (see the > Bug reporting section of this email). > > Information > =========== > For installation or upgrade instructions, see: > > Installation quick start: > https://theforeman.org/manuals/1.15/quickstart_guide.html > > Upgrade instructions: > https://theforeman.org/manuals/1.15/index.html#3.6Upgrade > > Release notes: > https://theforeman.org/manuals/1.15/index.html#Releasenotesfor1.15 > > Do take note of the upgrade warnings and deprecations in this release: > https://theforeman.org/manuals/1.15/index.html#Upgradewarnings > > > Downloads > ========= > Packages may be found in the 1.15 directories on both deb.foreman.org > and yum.theforeman.org, and tarballs are on downloads.theforeman.org. > > The GPG key used for RPMs and tarballs has the following fingerprint: > 6610 7FC8 658F F702 E849 9AC4 17A3 FD24 9A8D AAD5 > (https://theforeman.org/security.html#GPGkeys) > > > Bug reporting > ============= > If you come across a bug, please file it and note the version of > Foreman > that you're using in the report. > > Foreman: http://projects.theforeman.org/projects/foreman/issues/new > Proxy: > http://projects.theforeman.org/projects/smart-proxy/issues/new > Installer: > http://projects.theforeman.org/projects/puppet-foreman/issues/new > > > Best, > > -- > Daniel Lobato Garcia > > @dLobatog > blog.daniellobato.me > daniellobato.me > > GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30 > Keybase: https://keybase.io/elobato

–
Daniel Lobato Garcia

@dLobatog
blog.daniellobato.me
daniellobato.me

GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
Keybase: https://keybase.io/elobato