Recommended update for pacemaker, sbd

SUSE Recommended Update: Recommended update for pacemaker, sbd
Announcement ID: SUSE-RU-2016:1268-1
Rating: moderate
References: #905641 #929960 #934609 #936149 #938545 #940711 #940992 #942382 #942491 #946224 #946332 #947180 #947197 #949267 #949441 #950375 #950415 #950450 #950551 #951171 #953192 #956459 #961392 #962309 #964183 #967254 #967383 #967388 #967775 #967904 #971129
Affected Products:
  • SUSE Linux Enterprise High Availability Extension 11-SP4
  • SUSE Linux Enterprise Debuginfo 11-SP4
    		•

    An update that has 31 recommended fixes can now be installed.

    Description:


    This update for the High Availability Extension 11 SP4 provides many fixes
    and enhancements.

    sbd:
    - spec: Install sbd.sh (bsc#967904)
    - pacemaker: Prevent potential segfault caused by use-of-NULL on checking
    node state (bsc#950415)

    pacemaker:
    - pengine: Suppress assert if a stateful clone is not being
    demoted/stopped (bsc#971129)
    - PE: Correctly handle the ordering of demote actions for failed and
    moving containers
    - crmd,tools: Set attributes for remote nodes directly into cib if it's
    legacy attrd (bsc#967775)
    - libcib: Correctly determine the node type (bsc#967775)
    - resources: match agents' default for globally_unique to pacemaker's
    - crm_resource: Prevent segfault when --resource is not correctly supplied
    for --restart command
    - pacemaker_remote: Start and stop sbd in pacemaker_remote initscript
    (bsc#967904)
    - pacemaker_remote: Auto-export the init script variables read from the
    config file
    - remote: Simplify calls to accept() and inet_ntop() by using "struct
    sockaddr_storage" (bsc#964183)
    - remote: cl#5269 - Notify other clients of a new connection only if the
    handshake has completed (bsc#967388)
    - remote: Correctly display the IP address of the remote client
    (bsc#964183)
    - libservices: Add error handling for pipe() failed.
    - libservices: Check resource agent is executable or not before pipe open.
    - crmd: Prevent use-after-free when an unexpected remote client takes over
    (bsc#964183)
    - cib: Do not send notifications when the dryrun flag is present
    - crm_shadow: fix broken --display command
    - libcluster: crm_peer_uname() should return NULL if uuid is invalid
    - crmd: Disconnect the relevant remote proxies as well when disconnecting
    a remote node (bsc#964183)
    - crmd: Prevent potential use-after-free (bsc#964183)
    - liblrmd: Prevent potential use-after-free issues (bsc#964183)
    - PE: Fix conditions for internal sanity check
    - fencing: Correctly track active stonith actions (bsc#938545)
    - fencing: Functionize adding and removing active pids of device
    (bsc#938545)
    - crm_shadow: Do not invoke shells with --noprofile option other than bash
    (bsc#961392)
    - lib/common: check return value of dlsym() and not dlerror()
    - header == NULL when parsing compressed message
    - fencing: Support concurrent fencing actions on each device (bsc#938545)
    - pengine: Support concurrent fencing (bsc#938545)
    - crmd: 0 is a valid fd makes coverity happy
    - tools: crm_resource compile issue
    - crm_resource --list-agents: don't print uninitialized memory
    - fencing, libfencing: remap fence agent error codes before async callback
    (bsc#962309)
    - libcrmcommon: when caching attrd connection, cache connection flags as
    well
    - cts: Plugin-based cluster has its own PacemakerUp pattern
    - stonithd: Trigger cib_devices_update in case of deletion of just an
    attribute
    - stonithd: Do not intermingle stdout & stderr coming from stonith-RAs
    (bsc#962309)
    - resources: allow for top output with or without percent sign in HealthCPU
    - ping: Clarify the description of host_list parameter in ping metadata
    (bsc#956459)
    - cib: Do not terminate due to badly behaving clients
    - pengine: Support of multiple-active=block for resource groups
    (bsc#942491)
    - fencing: crm_resource --show-metadata drops documentation strings for
    fencing agents (bsc#950375)
    - CTS: add "try except" to deal with errors that raw_input gets EOFError
    and add "--yes" to skip interaction (bsc#953192)
    - lrmd: Finalize all pending and recurring operations when cleaning up a
    resource (bsc#950450)
    - cib: Increased paranoia when peer updates fail to apply in compatability
    mode (bsc#951171)
    - libcommon: Ignore CDATA of metadata of the resource.
    - cib: Downgrade the log message on forwarding CRM_OP_NOOP requests from
    INFO to DEBUG (bsc#949267)
    - fencing: Return a provider for the internal fencing agent "#watchdog"
    instead of logging an error (bsc#949441)
    - spec: Move the normal resource agents into pacemaker-cli package
    (bsc#947197)
    - spec: Move logrotate configuration file into pacemaker-cli package
    (bsc#947197)
    - spec: Move attrd_updater, crm_attribute and crm_master into
    pacemaker-cli package (bsc#947197)
    - spec: Move xml schema files and PCMK-MIB.txt into pacemaker-cli package
    (bsc#947197)
    - crmd: properly detect CIB update failures for remote nodes
    - cibadmin: Prevent potential use-of-NULL in print_xml_output()
    (bsc#947180)
    - cibadmin: Default once again to LOG_CRIT
    - Tools: Repair the logging of 'interesting' command-lines
    - tools: improve error handling when modifying configuration
    - tools: use floating-point division when converting ms to seconds
    - crmd,libcrmcommon,libservices,tools: potential memory leaks
    - crmd,fencing: avoid potential null dereference in string searches
    - cib: Check if the configuration changes with cib_config_changed() only
    for v1 diffs (bsc#946224)
    - libcib: properly handle temporary file
    - libcrmcommon: better validation of environment variable value
    - crmd: avoid potential null dereference
    - libcib: potential user input overflow
    - remote: Revise a misleading message in the ocf:pacemaker:remote resource
    agent (bsc#946332, bsc#967383)
    - remote: Correctly display the usage of the ocf:pacemaker:remote resource
    agent (bsc#946332, bsc#967383)
    - libcib: find_nvpair_attr_delegate: check alloc failure
    - pacemaker_remote: memory leak in ipc_proxy_dispatch()
    - crmd: don't add node ID to proxied remote node requests for attrd
    - Date: Correctly set time from seconds-since-epoch
    - PE: Bug cl#5247 - Imply resources running on a container are stopped
    when the container is stopped
    - xml: Mark xml nodes as dirty if any children move (bsc#942382)
    - pengine: The failed action of the resource that occurred in shutdown is
    not displayed.
    - crmd: Initialize an integer
    - crmd: Resolve memory leak in remote_proxy_cb()
    - ipc: Do not constantly increase suggested size for PCMK_ipc_buffer every
    time we find it's insufficient (bsc#940992)
    - log: Change the log of the noise to the trace log.
    - tools: Update regression tests
    - pengine: Ensure fencing of the DC precedes the STONITH_DONE operation
    (bsc#938545)
    - ipc: Fix output formats (bsc#940992)
    - fencing: Remove unnecessary casts (bsc#940711)
    - ipc: Correctly compare values for the size of ipc buffer and prevent
    suggesting a negative value when it's insufficient (bsc#940992)
    - xml: Reduce severity of noisy log message (bsc#950551)
    - crm_resource: Correctly clean up failcounts for inactive anonymous clones
    - crm: Set the attribute from remote node.
    - stonithd: potential device list corruption
    - xml: Prevent use-of-NULL in crm_xml_dump()
    - crm_mon: Memory leaks
    - pengine: properly handle blocked clone actions
    - pengine: Correctly bypass fencing for resources that do not require it
    - crmd: memory leaks in recurring operation history
    - libcib,libfencing,tools: memory leaks from xmlGetNodePath()
    - lrmd: memory leak when freeing command structure
    - cts: change the stack from openais (white-tank) to corosync (plugin v0)
    in set_stack of environment.py (bsc#936149)
    - PE: Ignore comment blocks when unpacking the cib
    - lrmd: prevent double free after unregistering stonith device for
    monitoring
    - pengine: allow guest remote nodes using containers/vms to be nested in a
    group resource
    - cib: Prevent use-after-free and return -EINVAL when attempting to delete
    the whole "/cib" (bsc#934609)
    - cib: Prevent use-after-free when invoking "cibadmin --delete-all
    --xpath" (bsc#934609)
    - fencing: properly decide whether a topology fencing device has been found
    - fencing: properly sort peers by number of fencing devices found
    - pengine: do not stop notify a fenced node that the rscs on the fenced
    node stopped
    - pengine: fixes segfault in pengine when fencing remote node
    - remote: do not fail operations because of a migration
    - pengine: cl#5235 - Prevent graph loops that can be introduced by
    "load_stopped -> migrate_to" ordering
    - PE: Exclude nodes which don't match any exclusive discovery rules
    - lrmd: cancel currently pending STONITH op if stonithd connection is lost
    - fencing: Correct the all_topology_devices_found() implementation
    - lrmd: set recv timeout upper bound for tls connections
    - crmd: handle resources named the same as cluster nodes
    - PE: Skip unrunnable actions when one-or-more is in effect
    - PE: Ensure recurring monitor operations are cancelled when clone
    instances are de-allocated
    - fencing: Allow semi-colon delimiter for pcmk_host_list
    - Fencing: Gracefully handle invalid metadata from agents (bsc#950375)
    - cts: Add back INITDIR variable
    - pengine: cl#5130 - Only check the capacities of the nodes that are
    allowed to run the resource (fate#313105)
    - Tools: Repair expected output for ACLs
    - Build: Prevent rpm packaging conflicts
    - pengine: cl#5130 - Choose nodes capable of running all the colocated
    utilization resources (fate#313105)
    - crmd: don't update fail count twice for same failure (bsc#950450)
    - crmd: report operation rc as advertised instead of status
    - xml: Do not dump deleted attributes (bsc#929960)
    - xml: cl#5231 - Unset the deleted attributes in the resulting diffs
    (bsc#905641, bsc#967254)

    Patch Instructions:

    To install this SUSE Recommended Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise High Availability Extension 11-SP4:
      zypper in -t patch slehasp4-pacemaker-12543=1
    • SUSE Linux Enterprise Debuginfo 11-SP4:
      zypper in -t patch dbgsp4-pacemaker-12543=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):
      • libpacemaker-devel-1.1.12-13.1
      • libpacemaker3-1.1.12-13.1
      • pacemaker-1.1.12-13.1
      • pacemaker-cli-1.1.12-13.1
      • pacemaker-remote-1.1.12-13.1
      • sbd-1.2.1-15.1
    • SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
      • pacemaker-debuginfo-1.1.12-13.1
      • pacemaker-debugsource-1.1.12-13.1
      • sbd-debuginfo-1.2.1-15.1
      • sbd-debugsource-1.2.1-15.1

    References: