HP Client Management Script Library 1.4.3 - and a security bulletin PSA

Today we release v1.4.3 of the HP Client Management Script Library. Although there are no new features in this version, we did fix three important bugs:

 

1. In some cases, the softpaq SHA256 checksum was corrupted or mishandled, causing the repository to repeatedly download the same softpaq.

2. For the HP Sure Recover support, we had a bug in nonce generation in regions were the decimal delimiter is a comma. 

3. Similarly for HP Sure Recover support, we fixed an issue with the endianness of handling x509 public keys.

 

Also, we want to take this opportunity to make a quick PSA:

Due to security bulletin c06541912, the team has been hard at work repackaging the entire softpaq collection. Unfortunately this means that the softpaqs will have a new checksum, which can cause issues if your repository contain CVA files for older versions of those softpaqs. Most commonly, you may observe softpaqs repeatedly downloading on every repository sync.
 
We recommend that you perform a one time deletion of all CVA files from your repository, and allow the sync to pull down the uploaded CVAs.
 

This, in conjunction with the library update should fix issues with repeated downloads of the same softpaq. 

 

Teaser image by Kateryna Babaieva, Ukraine, via Pexels.com

 

Author : txvalp