SUSE-RU-2016:1972-1: Recommended update for cfengine, cfengine-masterfiles

sle-updates at sle-updates at
Fri Aug 5 08:10:01 MDT 2016

   SUSE Recommended Update: Recommended update for cfengine, cfengine-masterfiles

Announcement ID:    SUSE-RU-2016:1972-1
Rating:             low
References:         #990638 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP1
                    SUSE Linux Enterprise Module for Advanced Systems Management 12

   An update that has one recommended fix can now be installed.


   This update for cfengine, cfengine-masterfiles fixes the following issues:
   CFEngine was updated from version 3.7.1 to 3.7.3, which brings fixes and

   Behavior changes:

   - classesmatching(): order of classes changed.
   - Suppress standard services noise on SUSE.


   - Reduce verbosity of yum and apt_get package modules.
   - Parse def.json vars, classes in C.
   - Namespaced classes can now be specified on the command line.
   - getvalues() will now return a list also for data containers, and will
     descend recursively into the containers.
   - @if minimum_version now correctly ignores lines starting with '@'.
   - Fix definition of classes from augments file.
   - Don't follow symbolic links when copying extended attributes.
   - Fix cf-serverd error messages with classic protocol clients.
   - The isvariable() function call now correctly accepts all array variables
     when specified inline. Previously it would not accept certain special
     characters, even though they could be specified indirectly by using a
     variable to hold it.
   - Show errors regarding failure to copy extended attributes when doing a
     local file copy. Errors could happen when copying across two different
     mount points where the support for extended attributes is different
     between the mount points.
   - Fix file descriptor leak when there are network errors.
   - Fix a regression which would sometimes cause "Permission denied" errors
     on files inside directories with very restricted permissions.
   - Check for empty server response in RemoteDirList after decryption.
   - Allow def.json up to 5MB instead of 4K.
   - Add guard for binary upgrade during bootstrap.
   - Fix a bug which sometimes caused package promises to be skipped with "XX
     Another cf-agent seems to have done this since I started" messages in
     the log, most notably in long running cf-agent runs (longer than one
   - Define (bootstrap|failsafe)_mode during when triggerd from
   - Fix two cases where action_policy warn still produces errors.
   - Fix classes being set because of hash collision in the implementation.
   - Installing packages containing version numbers using yum now works
   - readfile() and read*list() should print an error if they fail to read
   - If there is an error saving a mustache template file it is now logged
     with log-level error (was inform).
   - Fixed several bugs which prevented CFEngine from loading libraries from
     the correct location.
   - If file_select.file_types is set to symlink and there are regular files
     in the scanned directory, CFEngine no longer produces an unnecessary
     error message.
   - cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor
     multiple -D,
     -N and -s arguments.
   - Fix "@endif" keyword sometimes being improperly processed by policy
   - It is possible to edit the same value in multiple regions of one file.
   - Fix select_class not setting class when used in common bundle with slist.
   - Fix broken HA policy for 3rd disaster-recovery node.
   - Directories should no more be changed randomly into files.
   - Include latest security updates for 3.7.
   - Reduce malloc() thread contention on heavily loaded cf-serverd, by not
     exiting early in the logging function, if no message is to be printed.
   - Improve cf-serverd's lock contention because of getpwnam() call.
   - action_policy "warn" now correctly produces warnings instead of various
     other verbosity levels.
   - Improve efficiency and debug reports.
   - Change package modules permissions on hub package so that hub can
     execute package promises.
   - No longer hang when changing permissions/ownership on fifos.
   - Fix exporting CSV reports through HTTPS.
   - will be created when needed.
   - Mustache templates: Fix {{@}} key when value is not a primitive. The old
     behavior, when iterating across a map or array of maps, was to abort if
     the key was requested with {{@}}. The new behavior is to always replace
     {{@}} with either the key name or the iteration position in the array.
     An error is printed if {{@}} is used outside of a Mustache iteration
   - Legacy package promise: Result classes are now defined if the package
     being promised is already up to date.
   - TTY detection should be more reliable.

Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP1:

      zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1161=1

   - SUSE Linux Enterprise Module for Advanced Systems Management 12:

      zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2016-1161=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch):



More information about the sle-updates mailing list