<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
Changelog<br>
=========<br>
<br>
WAPT-1.7.3.11 (2019-03-25)<br>
-------------------------<br>
<br>
(hash 2f2f40b24e)<br>
<br>
* [FIX] waptconsole / hosts for packages : F5 does a local refresh<br>
<br>
* [FIX] Improve update performance with repositories with a lot of
packages.<br>
<br>
* [FIX] improves wapttray reporting<br>
<br>
fix faulty inverted logic for notify_user parameter<br>
<br>
* [FIX] waptconsole : bad filtering of hosts for package
(Enterprise)<br>
<br>
* [FIX] waptexit : fix waptexit closes even if Running task if no
pending task / pending updates<br>
<br>
* [FIX] waptexit : fix potential case where waptexit remains running
with high cpu load<br>
<br>
* [FIX] waptconsole: Fix HostsForPackage grid not filtered properly
(was unproperly using Search expr from first page)<br>
<br>
* [FIX] waptservice : None has no check_install_is_running error at
waptservice startup<br>
<br>
* [FIX] core : set persistent_dir and persistent_source_dir
attribute on setup module for install_wapt<br>
<br>
* [FIX] core : fix bug in guessed persistent_dir for dev mode<br>
<br>
* [FIX] core : fix error resetting status of stucked processes in
local db (check_install_running)<br>
<br>
* [FIX] waptservice : Trap error setting runstatus in db in tasks
manager loop<br>
<br>
Don't send runstatus to server each time it is set<br>
<br>
* [UPD] core : define explicitely the private_dir of Wapt object<br>
<br>
* [UPD] server : Don't refuse to provide authtoken if fqdn has
changed (this does not introduce sepcific risk as request is signed
against UUID)<br>
<br>
* [UPD] core : if package_uuid attribute is not set in package's
control (old wapt), it is set to a reproductible hash when package
is appended to local waptdb so we can use it to lookup packages
faster (dict)<br>
<br>
* [NEW] waptconsole : Add audit scheduling setup in waptagent dialog
(Enterprise)<br>
<br>
add set_waptaudit_task_period in innosetup installers<br>
<br>
* [IMP] setuphelpers: add win32_displays to default wmi keys for
report<br>
<br>
* [IMP] server setup : create X509 certificate / RSA key for hosts
ssl certificate signing and authentication during setup of server<br>
<br>
* [IMP] waptexit: add sizeable border and icons<br>
<br>
show progress of long tasks<br>
<br>
* [IMP] waptservice : Process update of packages as a task instead
of waiting for its completion when upgrading (to avoid timeout when
running upgrade waptservice task)<br>
<br>
add `update_packages` optional (default True) parameter for
upgrade waptservice action<br>
<br>
* [NEW] Add audit scheduling setup in waptagent compilation dialog
(Enterprise)<br>
<br>
* [NEW] setuphelpers : Add get_local_profiles setuphelpers<br>
<br>
* [IMP] waptserver : Don't refuse to provide authtoken for
websockets auth if fqdn has changed<br>
<br>
* [IMP] flush stdout before sending status to waptserver<br>
<br>
* [IMP] waptcrypto handle alternative object names in csr build<br>
<br>
* [IMP] wapt-get : --force option on wapt-get.exe service mode<br>
<br>
* [NEW] use client side auth for waptwua too<br>
<br>
* [CHANGE] server setup : nginx windows config : relocate logs and
pid<br>
<br>
add conditional client side ssl auth in nginx config<br>
<br>
* [CHANGE] waptconsole : refactor wget, wgets WaptRemoteRepo
WaptServer to use requests.Session object to handle specific ssl
client auth and proxies<br>
<br>
Be sure to set privateKey password dialog callback to decrypt
client side ssl auth key<br>
<br>
* [IMP] waptcrypto : add waptcrypto.is_pem_key_encrypted<br>
<br>
* [IMP] waptconsole : Make sure waptagent window is fully visible.<br>
<br>
* [IMP] waptconsole : Make sure Right click select row on all grids<br>
<br>
<br>
WAPT-1.7.3.10 (2019-03-06)<br>
-------------------------<br>
<br>
(hash ec8aa25ef)<br>
<br>
Security<br>
++++++++<br>
<br>
* upgraded OpenSSL dlls to 1.0.2r for
<a class="moz-txt-link-freetext" href="https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-080/">https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-080/</a> (moderate
risk))<br>
<br>
New<br>
+++<br>
<br>
* Much reworked wizard pages embedded in waptserversetup.exe windows
server installer. Install of waptserver on Windows is easy again.<br>
<br>
register server as a client of waptserver<br>
<br>
create new key / cert pair<br>
<br>
build waptagent.exe and waptupgrade package<br>
<br>
configure package prefix<br>
<br>
* If client certificate signing is enabled on waptserver
(waptserver.ini config), the server sign a CSR for the client when
the client is registered. See
<a class="moz-txt-link-freetext" href="https://www.wapt.fr/fr/doc/waptserver-install/security/security-configuration-certificate-authentication.html">https://www.wapt.fr/fr/doc/waptserver-install/security/security-configuration-certificate-authentication.html</a><br>
<br>
* wapt-get: added new command `create-keycert` to create a pair of
RSA key / x509 certificate in batch mode. self signed or signed with
a CA key/cert<br>
<br>
(options are case sensitive...)<br>
<br>
/CommonName : CN to embed in certificate<br>
<br>
/Email /Country /Locality /Organization /OrgUnit : additional
attributes to embed in certificate<br>
<br>
/PrivateKeyPassword : specify the password for private key in
clear text form<br>
<br>
/PrivateKeyPassword64 : specify the password for private key in
base64 encoding form<br>
<br>
/NoPrivateKeyPassword : Ask to create or use an unencrypted RSA
private key<br>
<br>
/CA=1 (or 0)): create a certification authority certificate if 1
(default to 1)<br>
<br>
/CodeSigning=1 (or 0) ): create a code signing certificate if 1
(default to 1)<br>
<br>
/ClientAuth=1 (or 0) : create a certificate for authenticating a
client on a https server with ssl auth. (default to 1)<br>
<br>
/CAKeyFilename : path to CA private key to use for signing the
new certificate (default to
%LOCALAPPDATA%\waptconsole\waptconsole.ini [global]
default_ca_key_path setting)<br>
<br>
/CACertFilename : path to CA certificate to use for signing the
new certificate (default to
%LOCALAPPDATA%\waptconsole\waptconsole.ini [global]
default_ca_cert_path setting)<br>
<br>
/CAKeyPassword : specify the password for CA private key in
clear text form to use for signing the new certificate (no default)<br>
<br>
/CAKeyPassword64 : specify the password for CA private key in
base64 encoding form to use for signing the new certificate (no
default)<br>
<br>
/NoCAKeyPassword : specify that the CA private to use for
signing the new certificate is unencrypted<br>
<br>
/EnrollNewCert : copy the newly created certificate in
<wapt>\ssl to be taken in account as an authorized packages
signer certificate.<br>
<br>
/SetAsDefaultPersonalCert : set personal_certificate_path in
configuration inifile [global] section (default
%LOCALAPPDATA%\waptconsole\waptconsole.ini)<br>
<br>
* [NEW] wapt-get: added new commands `build-waptagent` to compile a
customized waptagent in batch mode.<br>
<br>
Copy waptagent.exe and pre-waptupgrade locally (if not
/DeployWaptAgentLocally, upload to server with https)<br>
<br>
/DeployWaptAgentLocally : Copy the newly built waptagent.exe and
prefix-waptupgrade_xxx.wapt to local server repository directory (
<wapt>\waptserver\repository\wapt\ )<br>
<br>
* [NEW] `wapt-get register` : Add options for easy configuration of
wapt when registering<br>
<br>
`--pin-server-cert` : When registering, pin the server
certificate. (check that CN of certificate matches hostname of
server and repo)<br>
<br>
`--wapt-server-url` : When registering, set wapt-get.ini
wapt_server setting.<br>
<br>
`--wapt-repo-url` : When registering, set wapt-get.ini repo_url
setting. (if not provided, and there is not repo_url set in
wapt-get.ini, extrapolate repo_url from wapt_server url)<br>
<br>
* [NEW] wapt-get Add check-valid-codesigning-cert /
CheckPersonalCertificateIsCodeSigning action<br>
<br>
Improvements and fixes<br>
++++++++++++++++++++++<br>
<br>
* python libraries updates<br>
<br>
upgrade cryptography from 2.3.1 to 2.5.0<br>
<br>
upgrade pyOpenSSL from 18.0.0 from 19.0.0<br>
<br>
* [FIX] don't reset host.server_uuid in server db when host
disconnect from websocket<br>
<br>
set host.server_uuid in server db when host get a token<br>
<br>
* [FIX] Modify isAdminLoggedIn to try to fix cases when we are admin
but function return false<br>
<br>
* [FIX]Ensure valid package name in package wizard (issue959)<br>
<br>
* [FIX] regression Use python cryptography 2.4.2 openssl bindings
for windows XP agent (openssl bindings of the python cryptopgraphy
default WHL >= 2.5 does not work on windows XP)<br>
<br>
* [FIX] trap exception when creating db tables from scratch fails,
allowing upgrade of structure.<br>
<br>
* [FIX] Reduce the risk of "database is locked" error<br>
<br>
* [FIX] fix deprecation warning for verifier and signer when
checking crl signature<br>
<br>
* [FIX] persistent_dir calculation in package's call_setup_hook when
package_uuid is None in local wapt DB (for clients migrated from pre
1.7 wapt, error None has no len() in audit log)<br>
<br>
* [FIX] regression Don't try to use host_certificate / key for
client side ssl auth if they are not accessible<br>
<br>
* [IMP] Define proxies for crl download in wapt-get scan-packages <br>
<br>
* [IMP] Fix bad normalization action icon<br>
<br>
* [IMP] paste from clipboard action available in most packages
editing grid<br>
<br>
* [IMP] Propose to define package root dev path, package prefix,
waptagent or new private key/ cert when launching waptconsole <br>
<br>
* [IMP] Remove the need to define waptdev directory when editing
groups / profiles / wua packages / self-service packages<br>
<br>
* [IMP] Grid Columns translations in french<br>
<br>
* [IMP] waptexit responsiveness improvements<br>
<br>
Separate events check thread and tasks check thread.<br>
<br>
* [NEW] Add ClientAuth checkbox when building certificate in
waptconsole<br>
<br>
* [NEW] Add --quiet -q option to postconf.py<br>
<br>
* [MISC] add an example of client side cert auth<br>
<br>
* Add clientAuth extended usage to x509 certificates (default True)
for https client auth using personal certificate<br>
<br>
* Makes use of ssl client cert and key in waptconsole for server
auth<br>
<br>
* fix ssl client certificate auth not taken in account for server
api and host repo<br>
<br>
* add is_client_auth property for certificates<br>
<br>
default None for is_client_auth cert / csr build<br>
<br>
don't fallback to host's client certificate auth if it is not
clientAuth capable (if so, http error 400)<br>
<br>
* [MISC] waptcrypto : Add SSLPKCS12 to encapsulate pcks#12 key/cert
store<br>
<br>
* [MISC] Add splitter for log memo in Packages for hosts panel<br>
<br>
* Store fixes<br>
<br>
* Be tolerant when no persistent_dir in wsus packages<br>
<br>
Min wapt version 1.7.3 for self service packages and waptwua
packages<br>
<br>
* fix WsusUpdates has no attribute 'downloaded'<br>
<br>
WAPT-1.7.3.7 (2019-02-19)<br>
-------------------------<br>
<br>
(hash 373f7d92)<br>
<br>
Bug fixes<br>
++++++++++<br>
<br>
* fix softs normalization dialog closed when typing F key
(Enterprise)<br>
<br>
* include waptwua in nginx wapt server windows locations
(Enterprise)<br>
<br>
* fix force option from service or websockets not being taken in
account in install_msi_if_needed or install_exe_if_needed<br>
<br>
* improved win updates reporting (uninstall behaviour) (Enterprise)<br>
<br>
* add uninstall action for winupdates in waptconsole (Enterprise)<br>
<br>
* fix reporting from dmi "size type" fields with non int content
(Enterprise)<br>
<br>
Improvements<br>
++++++++++++<br>
<br>
* waptexit: Allow minimize button<br>
<br>
* waptexit: Layout changes<br>
<br>
* AD Auth : less restrictive on user name sanitity check
(Enterprise)<br>
<br>
* handle updates of data for winupdates with additional download
urls (Enterprise)<br>
<br>
* Add some additional info fields to WsusUpdates table (Enterprise)<br>
<br>
* add filename to Packages table for reporting and store usage
(Enterprise)<br>
<br>
* Add uninstall win updates to waptconsole (Enterprise)<br>
<br>
* Add windows updates uninstall task capabilities (Enterprise)<br>
<br>
* add filename to Packages table<br>
<br>
* increased default clockskew tolerance for client socket io<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">Le 25/03/2019 à 15:23, Bastien HERMITTE
a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:bf58dc62-cc5e-479b-4695-5b4a692526b4@b2pweb.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Merci Simon, je vais tester ça.<br>
Aurais-tu le changelog de cette version ?<br>
Merci.<br>
<br>
Cordialement,<br>
Bastien<br>
<br>
<div class="moz-cite-prefix">Le 23/03/2019 à 12:31, Simon
Fonteneau a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:91033040-385c-beea-9fc8-c19fb96f5559@tranquil.it">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
On a fait pas mal de Modification dans la dernière version.
waptexit et également pour le problème du "Database is locked"<br>
<a class="moz-txt-link-freetext"
href="https://wapt.tranquil.it/wapt/nightly/wapt-1.7.3.11-5972-7ee22ace/"
moz-do-not-send="true">https://wapt.tranquil.it/wapt/nightly/wapt-1.7.3.11-5972-7ee22ace/</a><br>
<br>
La version n'est pas une release car elle n'a pas encore été
complément testé chez nous (manque de temps)<br>
Mais elle est en prod chez nous et chez quelques clients.<br>
Vous pouvez l'installer si voulez.<br>
<br>
Simon
<p><br>
</p>
<div class="moz-cite-prefix">Le 22/03/2019 à 13:39, Bastien
HERMITTE a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:3dfca871-4063-3796-0f0c-1665b4e31a4e@b2pweb.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
Bonjour,<br>
<br>
J'ai également ce problème depuis le passage en 1.7.<br>
Cela pose problème notamment pour le waptexit, qui n'effectue
pas les mises à jour, et du coup se relance à chaque fois.<br>
<br>
Cordialement,<br>
Bastien<br>
<br>
<div class="moz-signature"><br>
</div>
<div class="moz-cite-prefix">Le 18/03/2019 à 16:05, Floflobel
Bellencontre a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:VI1PR03MB4032A3D9CDA680750F17BF61D1470@VI1PR03MB4032.eurprd03.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<p>Bonjour,</p>
<p>Nous avons le même problème de notre côté et nous ne
pouvons plus effectuer de mise à jours ou il faut vraiment
essayer plusieurs fois. <br>
</p>
<p>Avez-vous une solution de contournement en attendant la
release de la version 1.7.3.10 ?</p>
<p>Savez-vous dans combien de temps cette version sera
release sur le dépôt debian ?<br>
</p>
<p>Cordialement,<br>
</p>
<div class="moz-signature"><!-- saved from url=(0060)http://public.cosium.com/sign/signature_FR_phone_mobile.html -->
<style>
body {
font-family: DejaVu Sans, Verdana, sans-serif;
margin: 0px;
padding: 0px;
border: 0px solid #ffffff;
}
.content {
font-family: DejaVu Sans, Verdana, sans-serif;
font-size: 13px;
background-color: #ffffff;
color: black;
margin: 0px;
padding: 10px;
width: 700px;
text-align: justify;
}
.identity {
font-family: DejaVu Sans, Verdana, sans-serif;
color: #999999;
font-size: 10px;
text-align: left;
}
.identity #name {
font-weight: bold;
color: black;
font-size: 12px;
}
a:hover {
color: #6666FF;
}
a {
color: #4444DD;
text-decoration: none;</style></div>
<div class="moz-cite-prefix">On 3/15/19 9:39 AM,
Jean-Charles GRANGER wrote:<br>
</div>
<blockquote type="cite"
cite="mid:eaf9d4c0-2c9f-5b19-ef59-974ccef89bdc@supagro.fr"
id="mid_eaf9d4c0_2c9f_5b19_ef59_974ccef89bdc_supagro_fr"
class=" cite"> Bonjour Hubert, <br>
<br>
Merci pour l'information et la confirmation, je suis
rassuré, ça n'est pas une erreur de conf de notre coté. <br>
<br>
Pour la mise à jour 1.7.3.10, elle sera publiée sur le
dépôt officiel ou bien il faut l'installer manuellement ?
<br>
<br>
Cordialement, <br>
<br>
JCG <br>
<br>
-- <br>
Jean-Charles GRANGER <br>
<br>
Unité Informatique du Campus <br>
Antenne du Coeur d'Ecole <br>
Montpellier SupAgro / INRA Montpellier <br>
<br>
Le 14/03/2019 à 17:48, Hubert TOUVET a écrit : <br>
<blockquote type="cite" id="Cite_1704449" class=" cite">Je
confirme que cette erreur est plus fréquent en 1.7.3.5.
<br>
Le problème est lié à la base locale qui ne peut être en
écriture que pour un process / thread à la fois. <br>
Il faut donc que les transactions en écriture soient les
plus brèves possibles. <br>
A priori, la version 1.7.3.10 corrige cela. (d'après les
tests faits par nous en charge) <br>
<br>
Hubert <br>
<br>
Le 14/03/2019 à 16:05, Jean-Charles GRANGER a écrit : <br>
<blockquote type="cite" id="Cite_5023501" class=" cite">Bonjour
à tous, <br>
<br>
Depuis le passage à la version 1.7 (je suis en
1.7.3.5), j'ai une erreur très fréquente sur de
nombreux postes lorsque je fais un update ou un
upgrade : <br>
<br>
FATAL ERROR : OperationalError: database is locked
<br>
<br>
Elle empêche la remontée d'informations vers le
serveur, et du coup, je ne sais plus quelles machines
sont à jour ou non. Et les machines elles-mêmes ne le
savent pas : comme elles n'ont pas acquitté la
réussite des installations au serveur, elles pensent
avoir échoué et relancent les installations à l'arrêt
suivant. <br>
<br>
Parfois en insistant un peu en ligne de commande, les
mises à jour finissent par remonter correctement (j'ai
pu vérifier qu'elles s'installent sans problème, c'est
juste la remontée d'info qui ne se fait pas bien). <br>
<br>
Je n'ai pas de tâches planifiées qui lancent Wapt en
tâche de fond pour faire certaines opérations. <br>
<br>
Quelqu'un a déjà eu ce problème ? <br>
<br>
Cordialement, <br>
<br>
JCG <br>
<br>
<br>
<br>
<br>
</blockquote>
<br>
_______________________________________________ <br>
WAPT mailing list <br>
<a class="moz-txt-link-abbreviated"
href="mailto:WAPT@lists.tranquil.it"
moz-do-not-send="true">WAPT@lists.tranquil.it</a> <br>
<a class="moz-txt-link-freetext"
href="http://lists.tranquil.it/listinfo/wapt"
moz-do-not-send="true">http://lists.tranquil.it/listinfo/wapt</a>
<br>
</blockquote>
<br>
_______________________________________________ <br>
WAPT mailing list <br>
<a class="moz-txt-link-abbreviated"
href="mailto:WAPT@lists.tranquil.it"
moz-do-not-send="true">WAPT@lists.tranquil.it</a> <br>
<a class="moz-txt-link-freetext"
href="http://lists.tranquil.it/listinfo/wapt"
moz-do-not-send="true">http://lists.tranquil.it/listinfo/wapt</a>
<br>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
WAPT mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WAPT@lists.tranquil.it" moz-do-not-send="true">WAPT@lists.tranquil.it</a>
<a class="moz-txt-link-freetext" href="http://lists.tranquil.it/listinfo/wapt" moz-do-not-send="true">http://lists.tranquil.it/listinfo/wapt</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
WAPT mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WAPT@lists.tranquil.it" moz-do-not-send="true">WAPT@lists.tranquil.it</a>
<a class="moz-txt-link-freetext" href="http://lists.tranquil.it/listinfo/wapt" moz-do-not-send="true">http://lists.tranquil.it/listinfo/wapt</a>
</pre>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
WAPT mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WAPT@lists.tranquil.it" moz-do-not-send="true">WAPT@lists.tranquil.it</a>
<a class="moz-txt-link-freetext" href="http://lists.tranquil.it/listinfo/wapt" moz-do-not-send="true">http://lists.tranquil.it/listinfo/wapt</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
WAPT mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WAPT@lists.tranquil.it">WAPT@lists.tranquil.it</a>
<a class="moz-txt-link-freetext" href="http://lists.tranquil.it/listinfo/wapt">http://lists.tranquil.it/listinfo/wapt</a>
</pre>
</blockquote>
<br>
</body>
</html>