cockpit rebased to version 173
The cockpit packages, which provide the Cockpit browser-based administration console, have been upgraded to version 173. This version provides a number of bug fixes and enhancements. Notable changes include:
The menu and navigation can now work with mobile browsers.
Cockpit now supports alternate Kerberos keytabs for Cockpit's web server, which enables configuration of Single Sign-On (SSO).
Automatic setup of Kerberos keytab for Cockpit web server.
Automatic configuration of SSO with FreeIPA for
Cockpit is possible.
Cockpit requests FreeIPA SSL certificate for Cockpit's web server.
Cockpit shows available package updates and missing registrations on system front page.
A Firewall interface has been added.
The flow control to avoid user interface hangs and unbounded memory usage for big file downloads has been added.
Terminal issues in Chrome have been fixed.
Cockpit now properly localizes numbers, times, and dates.
Subscriptions page hang when accessing as a non-administrator user has been fixed.
Log in is now localized properly.
The check for root privilege availability has been improved to work for FreeIPA administrators as well. (BZ#1568728
, BZ#1541454, BZ#1574630)
reposync now by default skips packages whose location falls outside the destination directory
reposync command did not sanitize paths to packages specified in a remote repository, which was insecure. A security fix for CVE-2018-10897 has changed the default behavior of
reposync to not store any packages outside the specified destination directory. To restore the original insecure behavior, use the new
--allow-path-traversal option. (BZ#1609302, BZ#1600618)
yum clean all command now prints a disk usage summary
When using the
yum clean all command, the following hint was always displayed:
Maybe you want: rm -rf /var/cache/yum
With this update, the hint has been removed, and
yum clean all
now prints a disk usage summary for remaining repositories that were not affected by
yum clean all
yum versionlock plug-in now displays which packages are blocked when running the
yum update command
plug-in, which is used to lock RPM packages, did not display any information about packages excluded from the update. Consequently, users were not warned that such packages will not be updated when running the
command. With this update,
has been changed. The plug-in now prints a message about how many package updates are being excluded. In addition, the new
subcommand has been added to the plug-in. The
yum versionlock status
command prints the list of available package updates blocked by the plug-in. (BZ#1497351
repotrack command now supports the
, which is already supported by the
commands, has been added to the
command. As a result, non-root users can now add custom repositories to track without escalating their privileges. (BZ#1506205
Subscription manager now respects
proxy_port settings from
Previously, subscription manager did not respect changes to the default
proxy_port configuration from the
/etc/rhsm/rhsm.conf file. Consequently, the default value of 3128 was used even after the user had changed the value of
With this update, the underlying source code has been fixed, and subscription manager now respects changes to the default
proxy_port configuration. However, making any change to the
proxy_port value in
/etc/rhsm/rhsm.conf requires an selinux policy change. To avoid selinux denials when changing the default
proxy_port, run this command for the benefit of the
rhsmcertd daemon process:
semanage port -a -t squid_port_t -p tcp <new_proxy_port>
New package: sos-collector
sos-collector is a utility that gathers
sosreports from multi-node environments.
sos-collector facilitates data collection for support cases and it can be run from either a node or from an administrator's local workstation that has network access to the environment. (BZ#1481861)