Recommended update for cfengine, cfengine-masterfiles

SUSE Recommended Update: Recommended update for cfengine, cfengine-masterfiles
Announcement ID: SUSE-RU-2016:1972-1
Rating: low
References: #990638
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 12-SP1
  • SUSE Linux Enterprise Module for Advanced Systems Management 12

  • An update that has one recommended fix can now be installed.


    This update for cfengine, cfengine-masterfiles fixes the following issues:
    CFEngine was updated from version 3.7.1 to 3.7.3, which brings fixes and

    Behavior changes:

    - classesmatching(): order of classes changed.
    - Suppress standard services noise on SUSE.


    - Reduce verbosity of yum and apt_get package modules.
    - Parse def.json vars, classes in C.
    - Namespaced classes can now be specified on the command line.
    - getvalues() will now return a list also for data containers, and will
    descend recursively into the containers.
    - @if minimum_version now correctly ignores lines starting with '@'.
    - Fix definition of classes from augments file.
    - Don't follow symbolic links when copying extended attributes.
    - Fix cf-serverd error messages with classic protocol clients.
    - The isvariable() function call now correctly accepts all array variables
    when specified inline. Previously it would not accept certain special
    characters, even though they could be specified indirectly by using a
    variable to hold it.
    - Show errors regarding failure to copy extended attributes when doing a
    local file copy. Errors could happen when copying across two different
    mount points where the support for extended attributes is different
    between the mount points.
    - Fix file descriptor leak when there are network errors.
    - Fix a regression which would sometimes cause "Permission denied" errors
    on files inside directories with very restricted permissions.
    - Check for empty server response in RemoteDirList after decryption.
    - Allow def.json up to 5MB instead of 4K.
    - Add guard for binary upgrade during bootstrap.
    - Fix a bug which sometimes caused package promises to be skipped with "XX
    Another cf-agent seems to have done this since I started" messages in
    the log, most notably in long running cf-agent runs (longer than one
    - Define (bootstrap|failsafe)_mode during when triggerd from
    - Fix two cases where action_policy warn still produces errors.
    - Fix classes being set because of hash collision in the implementation.
    - Installing packages containing version numbers using yum now works
    - readfile() and read*list() should print an error if they fail to read
    - If there is an error saving a mustache template file it is now logged
    with log-level error (was inform).
    - Fixed several bugs which prevented CFEngine from loading libraries from
    the correct location.
    - If file_select.file_types is set to symlink and there are regular files
    in the scanned directory, CFEngine no longer produces an unnecessary
    error message.
    - cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor
    multiple -D,
    -N and -s arguments.
    - Fix "@endif" keyword sometimes being improperly processed by policy
    - It is possible to edit the same value in multiple regions of one file.
    - Fix select_class not setting class when used in common bundle with slist.
    - Fix broken HA policy for 3rd disaster-recovery node.
    - Directories should no more be changed randomly into files.
    - Include latest security updates for 3.7.
    - Reduce malloc() thread contention on heavily loaded cf-serverd, by not
    exiting early in the logging function, if no message is to be printed.
    - Improve cf-serverd's lock contention because of getpwnam() call.
    - action_policy "warn" now correctly produces warnings instead of various
    other verbosity levels.
    - Improve efficiency and debug reports.
    - Change package modules permissions on hub package so that hub can
    execute package promises.
    - No longer hang when changing permissions/ownership on fifos.
    - Fix exporting CSV reports through HTTPS.
    - will be created when needed.
    - Mustache templates: Fix {{@}} key when value is not a primitive. The old
    behavior, when iterating across a map or array of maps, was to abort if
    the key was requested with {{@}}. The new behavior is to always replace
    {{@}} with either the key name or the iteration position in the array.
    An error is printed if {{@}} is used outside of a Mustache iteration
    - Legacy package promise: Result classes are now defined if the package
    being promised is already up to date.
    - TTY detection should be more reliable.

    Patch Instructions:

    To install this SUSE Recommended Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 12-SP1:
      zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1161=1
    • SUSE Linux Enterprise Module for Advanced Systems Management 12:
      zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2016-1161=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
      • cfengine-debuginfo-3.7.3-13.1
      • cfengine-debugsource-3.7.3-13.1
      • libpromises-devel-3.7.3-13.1
    • SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64):
      • cfengine-3.7.3-13.1
      • cfengine-debuginfo-3.7.3-13.1
      • cfengine-debugsource-3.7.3-13.1
      • cfengine-doc-3.7.3-13.1
      • libpromises3-3.7.3-13.1
      • libpromises3-debuginfo-3.7.3-13.1
    • SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch):
      • cfengine-masterfiles-3.7.3-6.1