2.6.0.16972 -> 2.6.0.17084 ========================== [IMP] waptwua: hardened ToVariant in case of nil array [FIX] wads: increase efi partition size to 400 [REF] waptwua refactoring to use variant instead of TDocVariantData in function results. * removed unused scan checksums [IMP] wapt-get: allow cmd commandline set-data json with hack on ' -> " for tests [FIX] db cleanup for download_urls [FIX] peercache process hardening * avoid file sharing issue when one peer try to rename partial file while another is getting the file [FIX] waptconsole: wapt setup creation with SPN option #10285 [IMP] add wapt-get reset-config-from-base64 and set-config-from-base64 [FIX] wapt-get set-config-from-url and set-config-from-file reset all when no hash is provided on command line after the url [IMP] waptconsole: wapt packages search error message [FIX] waptconsole: reporting. fix canceling the edit of a new query [FIX] filering of url tlu.dl.delivery.mp.microsoft.com [FIX] unzip in mormot2 [IMP] peercache audit log: * start / end time in iso utc * speed in kb/s * wget_audit_count paraméter to set the number of downloads audit history records on client (default to 30) [IMP] wapt peercache: add firewall rules for windows in peercache audit log * log full peercache settings too (do't convert to snakecase) * fix install_json_config_file [FIX] waptconsole: graph dependencies color for black mode #10121 [FIX] waptconsole: os deploy for linux with hostname longer than 15 chars #10151 [FIX] pywaptwua: be sure gstate is initialzed [FIX] waptlicences.waptwget: disable thread handling for linux i386 target has it hangs on PyEval_RestoreThread after python callback in PrintHook * be sure gstate is initialzed [FIX] waptconsole show MS Help on host's windows updates [FIX] waptcrypto python: deprecation warning on certificates not_before / not_after and timezone [FIX] wapt-get re.findall regular expression [REF][FIX] waptwua cleanup * use variant for waptdb.SetParam value * send wsus packages version to server in waptwua_status.rules_packages (closes issue #10169) * send specific waptwua settings in waptwua_status.settings [FIX] waptwua : Disable IsRescanNeeded waptwua. Now we always scan even if input conditions have not changed [FIX] wapt-get get-public-param [IMP] add --waitevents= * if <=0, don't wait for tasks at all. [IMP] waptconsole: handle Windows updates records deletion from waptconsole * waptwua: ban .*\.?tlu\.dl\.delivery\.mp\.microsoft\.com downloading on server and agent * as safety measure * don't send download_urls to server if waptwua disabled or scan mode = 'WU' [FIX] wapt-get: don't ask interactively for local service password * waptwua: disable download_urls collection in 'WU' online mode or when waptwua is disabled * as these are often unique streaming urls. * grid cells formatting for wuadownloads form [FIX] wapt-get reset-config : don't remove json config file in conf.d * as removing them would mean that installed config packages have no matching install json anymore. * what to do with manually added dynamic configs with wappt-get add-config-from-url for example ... there is no explicit way to distinguish them from json from config packages * reset means only reset initial wapt-get.ini config [IMP] waptwua server: concat download_urls when updating wsusupdates table * in case different scans send different urls [FIX] waptconsole: saving reporting query in some case, like renaming #10187 [FIX] wapt core : publicdb migrate from privatedb * key error 'install_by' -> 'explicit_by' * fix compilation * [IMP] wapt-core json config * don't rewrite change "verify_cert" json key when installing json config file and in ApplyJsonConfigToIniFile * set 'name' key in install_json_config when loading json configs * RemoveJsonConfig returns now the list of removed files * re-extract packages certificates and server certificates from json config at each config reload * protect the wapt-get.ini build from json with a RLock in case 2 threads detects config changes ad try to merge json at the same time [IMP] force reinstall certificates from json dynamic configurations when loading Wapt configuration from ini file. * fix potential bug in InstallJsonCerticates if ConfigName was not Default * add install_json_config_certificates waptlicences helper [FIX] waptconsole: dark mode in secondary repos errors #10214 [FIX] waptconsole: pinning certificate warning #10217 [IMP] wapt-get peercache waptwget: add audit data when file are downloaded * section "host_metrics", key "peercache": * keep last 100 downloads report for 30 days * can be disabled with "enable_wget_audit=0" in wapt-get.ini (default true) [IMP] wapt-get : add download-upgrade action in service mode [NEW] waptconsole reporting: add action "Show selected hosts in inventory" * available if a column is designated to be the host_uuid * filter the host inventory tab based on the selected uuids [FIX] Handle all property names literally in SOGrid. Don't interpret property names as SOPath * Call OnGetText when not editing cell * should now handle properly property names with wpaces or SOPath special chars * update sogrid for Fix range check error in debug mode [SEC] switch to openssl 3.4.1 [SEC] upgrade python modules * libpq 14.12 -> 14.17 * libffi 3.4.6 -> 3.4.7 * readline 8.2 -> 8.2.13 * gdbm 1.23 -> gdbm-1.24 [IMP] add netbios_domain in info [FIX] don't use client.root_dn() for setuphelpers_unix [UPD] wapt-get.py: allow --peercache switch to start peercache server * for debug purpose mainly [UPD] nginx upgrade from 1.22.1 -> 1.27.4 [IMP] local direct peercache: use url encoded arguments for cert auth and proxy instead of OnPeerCacheDirectOptions callback * was not thread safe anyway [IMP] waptconsole acls form: add _has_cert and _has_password columns * disable some actions when more than one account is selected [FIX] waptserver: use UTC timestamp for socketio connect/disconnect timestamps [FIX] update pltis_uicomponents for toolbar customization fixes * should avoid buttons mismatch [UPD] improve default html json mustache template * add a basic tasks.html template for wapttasks * use local time [FIX] wapttray show tasks * small utf8 encoding fix [UPD] reporting display: display bytes in human bytes if column ends with '*_bytes' in reorting * wapt-get: fix some utf8 encoding [FIX] GetTemplateFilename for aapplication <> current application * AAplicationName was not taken in account [IMP] force mormot TAesGcm use in pywaptlicences * instead of openssl AES-GCM of OpenSSL to circumvent issue with python ssl _load_windows_store_certs and PeerCacheProcess.HttpDirectUri [IMP] waptconsole acls users: add a search box [IMP] wapt-get server-request --data rework * hack to replace single quote to double to workaround poor command line parsing * we try to see if we have an json object like {'key':'value'} or [{'key'... * waptservice local_login: add waptselfservice group for user == computer_name$ (windows) or user uid==0 (linux) [FIX] wapt-get server-request auth for url wapt-get server-request api/v3/login?get_token=1 * waptwua: set scan_service=OFFLINE if scan_service not defined explicitly [FIX] GetPasswordAndOtpFromPassword [NEW] waptwua: add proxy_cmd parameter to start a local proxy for wsus when Wapt().waptwua(True) context is used * and kill it when exiting from python context * add pywaptwua.waptwua_params() * use cheroot for wsgi server on proxylocal.py * ban /filestreamingservice/ URLS * update mormot2 for local peercache improvements * DirectFileNameHead method * allow HEAD on THttpPeerCache local http endpoint * proxy or HEAD responses * add try_local_peer_cache argument for waptwget for local peercache tests * renamed localwget to localpeercache_args with extra args (url:str, hash:str, ca_certificate_file, certificate_file, private_key_file, ignore_certificate_errors: bool=True, http_proxy:str=None, bearer_token:str=None)->Dict * must be called to get local url and beraer, and set access arguments for the remote get. * don't start peercache server when initilizing peercache paramters with waptlicences.peercache_init . One must call waptlicences.peercache_start * wads: fix wads import host from wapt inventory * [REF] small refactor of import_host_from_inventory * [IMP] waptconsole: import hosts to wads * [IMP] update waptservice french translations * update waptservice fr translations * waptdeploy: fallback to https:///wapt/waptagent.exe for wapt/waptagent.exe if not {{ip}} and the GetLocalIpAddress returns an empty address. 2.6.0.16937 -> 2.6.0.16972 ========================== [FIX] waptself (All) categories * closes #10141 [UPD] removed flask_babel and babel from agent and server installs * basic translations in waptservice * no translation in waptserver * removed pytz requirement * gettext _ is configured and imported from waptservice_common [FIX] handle user_is_member_of for macosx [IMP] enable windows update service access if scan_service is not WSUS or OFFLINE * allow to run wua online scan and install. * fix error $8024002e, 'Access to an unmanaged server isn't allowed. in WU scan_service mode. [FIX] missing groups from function setuphelpers.get_groups() on mac [FIX] waptwua direct_download with proxy only for waptwua * if a http_proxy is defined in the [waptwua] section, use it for the wget actions of waptwua (else use the http_proxy of [global] if defined and use_http_proxy_for_repo is true) * in the python callback, if returned value for url or proxy is None, keep input value * fix FileIsDifferentOnServer when a full url with a diffrent server than actual repo server, and not only the relative one is provided. * missing import in last commit * include pysciter in python modules (but not the dlls) [IMP] use a temporary location to store the stripped down CA pem file when verify_cert=1 * this is to prevent user from using this file for cert pinning. * add a waptlicences helper to get such a pem CA file from python * clear stripped ca cache on waptconsole startup [IMP] python waptlicences: reenable python threading during lengthy operations in waptserver_login, waptserver_request, wapt_local_json_get , wapt_local_login, sz_extract_all * enable python threading in waptwget too, and be sure to habe python lock in PrintHook callback [IMP] waptwua: re- add feedback to console when scanning and installing * don't set NEED-SCAN on wsusscn2cab changes if not in offline mode * use same policy settings (ie. disable dualscan and so) for wsusscn2.cab scan mode than upsync (WSUS) mode [FIX] waptconsole: regresseion. show developper (control, setup) tabs in edit package in deiscovery mode [FIX] waptdeploy: compare relative paths case insensitive [IMP] waptservice better naming for packages to upgrade in WaptUpgrade task launch [IMP] assume user is member of waptselfservice group for local auth if user is a direct member of local administrators group in filetoken mode. [FIX] waptservice: fix packages authroization rules is None in discovery mode * fix error 500 [FIX] waptwua: fix scan with updates without kbid * error invalid collection index * fix error code range check error * explicit error for 0x80240438 * add error description for Unable to get update_history [FIX] background edit color in package wizard * waptserver: fix wuserver config read [IMP] waptconsole: agent creation with SPN domain * fix compilation [IMP] waptconsole create waptsetup : use GetTempWaptFilename for temp json filename [FIX] waptlicences: fix peercache_init parameters * add bearer_token optional argument to waptwget * allow pcoHttpDirect for peercache * add localwget helper to get a local url and bearer for local peercache * update mormot2 [IMP] wapt-get local service cred imput: don't use WAPTSERVICE_TOKEN environment variable if WAPTSERVICE_USER does not match --waptservice-user option * improve login with password * when local auth method is filetoken, and we want to login with a different user as current one, we need to ask for a password. * --waptservice-password=- (minus) force wapt-get to ask interactively for password. * allow local-request to continue even if no auth (to test auth...) [IMP] add "chr" mustache helper * add --templatestring option to wapt-get [NEW] waptwua: add a local wua proxy (wufb) * add wuserver option in server for nginx