Updated packages in stable and testing

Antworten
Benutzeravatar
n.wenselowski
Ex-uib-Team
Beiträge: 3194
Registriert: 04 Apr 2013, 12:15

Updated packages in stable and testing

Beitrag von n.wenselowski »

Dear opsi-users,

we released updates for opsi in stable and testing.

These updates address problems that came to our attention after the service release 4.0.7.

In some environments the SSL communication between opsi-configed and an opsi-server may fail. Loading data from the server yet starts successful, but later stops and the configed hangs. We suppose the communication issue is the same when already fetching the configed.jar for a webstart call fails.

The problem seems only to be triggered if Java 8 is used on client-side and either Ubuntu 16.04 or UCS 4.1 on server side. Both sides accept and try to use the SSL version TLS v1.2, but the communication fails after some time. The older publicly available versions of Java 7 and pre-releases of Java 9 are unaffected from this problem. Consequently, using one of these versions is a possible solution. Therefore wie included java version 1.7_079 into the configed package. By setting the new property 'java_static' to true this java binary will be installed into the configed folder, and the configed will be started with the javaw.exe from it. Regarding the communication issue in the Java webstart call we as well propose to switch to an older or newer Java version.

Besides switching Java versions it is possible to downgrade communication with Java 1.8 to TLSv1 as this older protocol version is not affected. This can be achieved by setting the Java system property value 'https.protocols' to "TLSv1". Therefore the localboot product opsi-configed got a new property 'fallback_tlsv1' that applies this change to the start menu entry created by the setup script.

Please bear in mind that after changing one of the properties the opsi-configed has to be re-deployed to a client to apply the changed settings. Obviously, if you have problems to open the opsi-configed it will not be possible to change settings and trigger a redeploy in the normal way.

Instead you can
* either manually edit the start menu entry properties so that it reads
javaw.exe -Dhttps.protocols="TLSv1" -jar configed.jar ...

* or set the property fallback_tlsv1 via an opsi-admin call and set the product to setup, e.g.
opsi-admin -d method setProductProperty "opsi-configed" "fallback_tlsv1" true "FQDN-OF-CLIENT"
opsi-admin -d method setProductActionRequest "opsi-configed" "FQDN-OF-CLIENT" "setup"


The new versions of swaudit and opsi-winst (aka. opsi-script) fix problems with sending software audit data to the opsi-server.
This version of swaudit features a major rewrite using the new JSON-functions introduced in recent versions of opsi-script.


For the service release 4.0.7 the foundation on which opsi-client-agent (for Windows) is build had to be changed because that foundation made it impossible to update the SSL components used.
Unfortunately it appears that the update broke verification of server certificates (verify_server_cert) and may lead to crashing the opsi-client-agent.
We are working on a permament fix.

As a temporary workaround to be able to update to 4.0.7 without problems we suggest disabling verify_server_cert before updating.
To make sure that all clients have received the updated setting we offer the product opsi-disable-verifyservercert that can be found in the contribute section at http://download.uib.de/opsi4.0/products ... l-package/.
This package disables the setting locally and removes the cached certificate. We recommend disabling the setting on the server-side and then set the product to once or setup on clients using that setting. After all affected clients display the status 'installed' for this package you can update.


To stable we released the following versions:

Server-side packages:
* opsi-linux-bootimage 20160921-1
* opsi-utils 4.0.7.7-1
* python-opsi 4.0.7.26-1


Client-side packages:

* opsi-configed 4.0.7.3.5-1
* opsi-client-agent 4.0.7.9-2
* opsi-winst 4.11.6.5-1
* opsi-winst-test 4.11.6.4-1
* swaudit 4.0.7.2-1
* jedit 5.3.0-2


To testing we released the following versions:

Client-side packages:
* opsi-client-agent 4.0.7.10-1
* opsi-winst 4.11.6.8-1
* opsi-wim-capture 4.0.7.1-2


With kind regards

Niko Wenselowski


PS: Changelogs

The changelog for python-opsi can be found at: https://github.com/opsi-org/python-opsi ... /changelog
The changelog for opsi-utils can be found at: https://github.com/opsi-org/opsi-utils/ ... /changelog


opsi-linux-bootimage (20160921-1) testing; urgency=medium

* added support for enx<MACADDRESS> named network devices
* updated internal python-opsi-version
* /etc/init.d/opsi doesn't fail when network device is not connected
* dhclient timeout is now set to 30 seconds

-- Mathias Radtke <m.radtke@uib.de> Tue, 20 Sep 2016 15:59:41 +0200

----------------------------------------------------------

opsi-client-agent (4.0.7.10-1) stable; urgency=low

* setup.opsicript: [sub_restore_productOnClient]:
if found first rename productOnClients.json
then start process content (this way is more failsafe against errors)
* opsi-script 4.11.6.6

-- Detlef Oertel <d.oertel@uib.de> Tue, 20 Oct 2016:15:00:00 +0200

opsi-client-agent (4.0.7.9-2) stable; urgency=low

* opsiclientd 4.0.90

-- Erol Ueluekmen <e.ueluekmen@uib.de> Tue, 05 Oct 2016:22:06:00 +0200

opsi-client-agent (4.0.7.9-1) stable; urgency=low

* update to openSSL 1.0.2j
* replacing opsiclientd_shutdown_starter by opsiclientd_event_starter
* opsiclientd_event_starter 4.0.7.0
* changes for installation

-- Detlef Oertel <d.oertel@uib.de> Tue, 04 Oct 2016:15:00:00 +0200

opsi-client-agent (4.0.7.8-2) stable; urgency=low

* Fallback for non-supported Win Vista and Win2008 to opsiclientd 4.0.83

-- Bardo Wolf <b.wolf@uib.de> Fri, 23 Sep 2016 12:08:01 +0200

opsi-client-agent (4.0.7.8-1) stable; urgency=low

* opsiclientd 4.0.89

-- Erol Ueluekmen <e.ueluekmen@uib.de> Wed, 21 Sep 2016 15:01:01 +0200

----------------------------------------------------------

opsi-winst/opsi-script (4.11.6.8) stable; urgency=low

* osconf: global bool variable readconfig_done which is set by readconfig to true
* osparser: CreateAndProcessScript: do not call readconfig if readconfig_done
* should fix: uib#2016101810000104

-- Detlef Oertel <d.oertel@uib.de> Fri, 28 Oct 2016:15:00:00 +0200

opsi-winst/opsi-script (4.11.6.7) stable; urgency=low

* new unit oskeyboard
* linkfolder knows now parameter shortcut for key like Shift-Alt-O

-- Detlef Oertel <d.oertel@uib.de> Fri, 21 Oct 2016:15:00:00 +0200

opsi-winst/opsi-script (4.11.6.6) stable; urgency=low

* osmain: GetParameter: log error if readconfig failed
* osparser: CreateAndProcessScript: log error if readconfig failed
* osparser: CreateAndProcessScript: backup depot path and restor if rad config failed
* osparser: CreateAndProcessScript: backup depot path and restor if rad config failed
* osparser: evaluateBoolean: Fileexists* calling execShellCall architecture dependent
* osparser: produceStinglist: getFileInfoMap32, getFileInfoMap64, getFileInfoMapSysnative

-- Detlef Oertel <d.oertel@uib.de> Thu, 20 Oct 2016:15:00:00 +0200

opsi-winst/opsi-script (4.11.6.5) stable; urgency=low

* osjson: fix at jsonAsObjectGetKeyList
* osparser: fix at jsonAsObjectDeleteByKey
* osencoding: new overloaded version of reencode with destEncoding
* osfunc: fix TXStringlist.savetofile (use new reencode verion)
* osparser: fix reencodestr (use new reencode verion)

-- Detlef Oertel <d.oertel@uib.de> Mon, 10 Oct 2016:15:00:00 +0200

opsi-winst/opsi-script (4.11.6.4) stable; urgency=low

* osjson: jsonAsObjectGetKeyList: also true on empty keylist
* osjson: new functions: jsonAsObjectDeleteByKey, jsonAsArrayDeleteObjectByIndex
* osparser: new functions: jsonAsObjectDeleteByKey, jsonAsArrayDeleteObjectByIndex
* osencoding: : trim of found encoding ; fixes #2411 ; viewtopic.php?p=38236#p38236
* oswebservice: sendlog: no more reencoding to uft8 ; Perhaps Fehler #2408
* osparser: getMSVersionMap: Do not try to read ReleaseID if below win10; fixes #2316
* osparser / osmain: use LLCritical in fatal situations; fixes #2263
* osparser: CompareDotSeparatedNumbers (str/bool): better wrong parameter handling fixes #2045 #2369
* osparser: new boolean command savetextfilewithencoding(<list>,<filename>,<endoding>)
* osregistry: readentry: trdString, trdExpandString: expicit use empty value if 0 bytes

-- Detlef Oertel <d.oertel@uib.de> Wed, 05 Oct 2016:15:00:00 +0200

opsi-winst/opsi-script (4.11.6.3-2) stable; urgency=low

* update to openSSL 1.0.2j

-- Detlef Oertel <d.oertel@uib.de> Tue, 04 Oct 2016:15:00:00 +0200

opsi-winst/opsi-script (4.11.6.3) stable; urgency=low

* osfunc: new functions: isValidUtf8String(str:string) : boolean;
getFixedUtf8String(str:string) : string;
* osparser : new opsiscript functions:
isValidUtf8String(str:string) : boolean;
getFixedUtf8String(str:string) : string;

-- Detlef Oertel <d.oertel@uib.de> Thu, 08 Sep 2016:15:00:00 +0200

----------------------------------------------------------

opsi-winst-test (4.11.6.4-1) stable; urgency=low

* json: new test for jsonAsObjectDeleteByKey, jsonAsArrayDeleteObjectByIndex
* new test savetextfilewithencoding(<list>,<filename>,<endoding>)

-- detlef oertel <d.oertel@uib.de> Fri, 07 Oct 2016 15:00:00 +0200

----------------------------------------------------------

jedit_5.3.0-2 stable; urgency=low

* opsi-script.xml for opsi-script 4.11.6.4

-- d.oertel <d.oertel@uib.de> Tue, 11 Oct 2016 15:00:00 + 0100

----------------------------------------------------------

opsi-wim-capture (4.0.7.1-2) stable; urgency=low

* new property: verify_clonezilla_images :
* set in clonezilla runcommand --skip-check-restorable to avoid verify or not

-- detlef oertel <d.oertel@uib.de> Thu, 27 Oct 2016 15:00:00 +0000

----------------------------------------------------------

swaudit (4.0.7.2-1) stable; urgency=low

* fix for readfromfile
* mask single quotes by double single quotes before sending

-- detlef oertel <d.oertel@uib.de> Wed, 12 Oct 2016 15:00:00 +0100

swaudit (4.0.7.1-1) stable; urgency=low

* code cleanup
* complete redesign of webservice connection
* requires opsi-scrip 4.11.6
* removed opsi3 support
* cleanup removed property extended_search
* removed win2k support
* usekeyfinder now has default off
* new property debug_send: Send data using one serviceall per object

-- detlef oertel <d.oertel@uib.de> Wed, 05 Oct 2016 15:00:00 +0100

----------------------------------------------------------

opsi-configed (4.0.7.3.5-1) STABLE; urgency=medium

* for Java 1.7 use TLSv1 by default

-- roeder <roeder@uib.de> Fri, 28 Oct 2016 13:46:02 +0100

opsi-configed (4.0.7.3.4-1)

* additional request property "connection close"
* logging of SSL protocol
* in package additional property fallback_tlsv1

opsi-configed (4.0.7.3.3-1) STABLE; urgency=medium

* fixed missing call for WoL in scheduler
* fixed missing identification of configserver connection if its hostname differs from its opsi id
* fixed line endings of logfiles when exported as archive
* host_read method reimplemented for mysql present

opsi-configed (4.0.7.3.2-2) STABLE; urgency=medium

* new property: java1.7 static in product folder

opsi-configed (4.0.7.3.1-1) stable; urgency=low

* Bugfix: WakeOnLan is again working

-- Rupert Roeder <r.roeder@uib.de> Tue, 11 Oct 2016 16:30:00 + 0100

Code: Alles auswählen

import OPSI
Antworten