============FRANÇAIS============

Bonjour à tous,

L'équipe de Tranquil IT Systems a le plaisir de vous proposer la release WAPT 1.3.8. C'est une version mineure qui intègre un grand nombre d'améliorations techniques, sécuritaires et ergonomiques à Wapt, ainsi que deux correctifs de sécurité (cf. changelog ci-dessous). Désormais les distributions Redhat7 et CentOS7 sont également supportées par Wapt, avec SELinux activé.

La procédure de mise à jour est décrite ici: https://dev.tranquil.it/scenari/guide_update/co/MAJ_infra_Wapt.html

Si vous avez des questions lors de la mise à jour, vous pouvez trouver de l'aide sur le forum https://forum.tranquil.it/ ou sur la mailing liste https://lists.tranquil.it/listinfo/wapt

Nous en profitons pour vous annoncer que Simon FONTENEAU du blog wapt.lesfourmisduweb.org a rejoint Tranquil IT Systems, notamment pour travailler sur WAPT et les prestations que nous pouvons vous proposer (formations, support, déploiement, etc.).

Cordialement,

L'équipe TIS

============ENGLISH============

Hello friends of WAPT

The Tranquil IT Systems team is pleased to announce WAPT 1.3.8. It is a minor update that includes several technical improvements is security and ergonomy, as well as 2 security fixes (see changelog below). Now, Wapt works with RedHat7 and CentOS7 with SELinux enabled.

Upgrade procedure can be found here (French only for the moment) https://dev.tranquil.it/scenari/guide_update/co/MAJ_infra_Wapt.html

If you have questions during upgrade, you are welcome to use the forum https://forum.tranquil.it/ or the mailing list https://lists.tranquil.it/listinfo/wapt. It is mostly French but English speaker are welcome too.

We take this opportunity to announce that Simon FONTENEAU from the wapt.lesfourmisduweb.org blog has joined the TIS team, to work on WAPT and the services the company can offer (training, support, deployment).

Cheers.

The Tranquil IT Systems team

=Changelog=

Security :

[SECURITY] Fix inheritance of rights on wapt root folder for Windows 10 during setup when installed in c:\wapt

On Windows 10, cacls.exe does not work and does not remove "Authenticated Users" from c:\wapt. cacls.exe has been replaced by icacls.exe.

On pre-wapt 1.3.7 systems, you can fix this by running the following command, or upgrade to wapt 1.3.8 (you may check http://dev.tranquil.it/wiki/WAPT_-_probl%C3%A8me_fr%C3%A9quent#Corriger_les_probl.C3.A8me_de_droits_sous_Windows_10) :
icacls.exe c:\wapt /inheritance:r
This can be achieved with a GPO, or a wapt package
Note : in next versions of Wapt, the default install path of wapt will be changed from root folder c:\wapt to a more standard c:\ Program FIles\wapt.
By default, waptsetup.exe / waptsetup-tis.exe don't distribute certificates to avoid to deploy directly packages from Tranquil IT Systems. waptagent.exe by default distributes the certificates that are installed on the mangement desktop creating the waptagent.

Core changes

The database structure has changed between 1.3.8 and 1.3.8.2 to includes additional attributes from packages : signer, signer_fingerprint, locale, and maturity. Signer and signer_fingerprint are populated when signing the package to identify the origin.
This means local wapt database is upgraded when first starting wapt 1.3.8.2 and this is not backward compatible.
Installers have a limited set of options, the most common use of Wapt is priviledged.
[ADD] 3 new parameters for the waptexit policy behaviour : 'hiberboot_enabled','max_gpo_script_wait','pre_shutdown_timeout'
recommended settings for waptexit / shutdown policy
            #       hiberboot_enabled = 0
            #       max_gpo_script_wait = 180
            #       pre_shutdown_timeout = 180
These parameters are not set by default and should be added to wapt-get.inin [global] section if needed
[UPD] Use user's waptconsole.ini configuration file instead of wapt-get.ini for the commands targeted to package development ('sources','make-template', 'make-host-template','make-group-template','build-package','sign-package','build-upload','duplicate','edit','edit-host','upload-package','update-packages'. This avoids the need to write these parameters in wapt-get.ini on the development workstation. These parameters are not shared across multiple users on same machine. One use case is to allow multiple profiles (key, upload location) depending on the maturity of package (development, test, production...)

Setuphelpers

[ADD] helper functions dir_is_empty, file_is_locked, service_restart and WindowsVersions class
[UPD] Added referer and user_agent in "wget" and "wgets"
[UPD] run function : define stdin as PIPE to avoid lockup process waiting for input or error like unable to duplicate handle when using for example powershell
[UPD] Version class : try to compare version using at least Version.members_count
[FIX] encoding fixes for registry functions, fix encoding for registry_setstring key name
[FIX] install_exe_if_needed : don't check uninstall_key or min_version if not provided
[FIX] install_exe_if_needed and install_msi_if_needed version check if --force
[UPD] Check version and uninstall key after install with install_msi_if_needed and install_exe_if_needed
[UPD] inventory includes informations from WMI.Win32_OperatingSystem
[ADD] get_disk_free_space helper function
[UPD] check free disk space when downloading with wget. check http status before.
[UPD] Version class : Version('7')<Version('7.1') should return True

wapt-get

[ADD] 2 commands to get server SSL certificate and activate the certificate checking when using https with waptserver
{FIX] get_sources to allow svn checkout of a new ppackage project
[FIX] wapt-get register problems with some BIOS with bitmaps
[UPD] Check uninstall key after package install if uninstallkey is provided
[FIX] added compatibility OS in manifest file for wapt-get and waptconsole version windows
[FIX] erroneous error messages for wapt-get session-setup console
[UPD] add "pattern" parameter to all_files function
[FIX] Install Date incorrectly registered by setuphelpers.register_uninstall
[ADD] user_local_appdata function
[ADD] add the signer CN and signer_fingerprint to control file when building package
[ADD]add control attributes min_wapt_version to trigger an exception if Package requires a minimum level of libraries. The version is checked againts setuphelpers.py 's __version__ attribute.
[ADD] authorized_certificates attribute is sent to wapt server. It contains the list of host's signer certificates distributed on the host
[FIX] When signing, check if wapt zip file has already a signature file. (python zipfile can not replace the file inline)

waptservice

{ADD] Show all versions checkbox in Available packages page
[UPD] Skin updated
{ADD] filter searchbox for avalable packages

waptconsole

[ADD]Add NOT checkbox for keywords search in waptconsole to search for hosts NOT having a specific package or software...
[FIX] fix integer limit for grid display of package size, use int64 for size of packages in waptconsole.
[UPD] don't list packages of section "restricted" in local webservice available packages list
[UPD] CommonName attribute should be populated now, so that signer identity is not None in package control file.
[ADD] signer's identity column in packages grid
[FIX] escape quotes in package's description
[ADD] Check waptagent.exe version against waptsetup-tis version at waptconsole startup.
[UPD] try to display a progress dialog at waptconsole startup
[FIX] company not set when building customized waptagent.exe
[ADD] initialize organization in waptagent.exe build with CN from certificate.

waptexit

[UPD] some text introduction changes

waptray :

[NEW] Limit trayicon balloon popup when Windows version is above Windows 7 or if notify_user=0 in wapt-get.ini

waptserver

[UPD] Use broadcast address on interface for wakeonlan call
[FIX] remove the check of wapt server password which prevent the proper registration of waptserver on Windows.
[UPD] when upgrading, reuse existing waptserver ini file if already exists, don't overwrite server_uuid and ask for password reset if it already exists

waptdeploy/waptupgrade

[FIX] waptdeploy not working on WinXP removed DisableWow64FileSystemRedir on runtask.
[FIX] waptupgrade : Missing quotes for system account on Windows XP

Libraries

[ADD] BeautifulSoup for wapt packages auto updates tasks
[UPD] winsys library update to '1.0b1'

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr