SUSE-RU-2016:1268-1: moderate: Recommended update for pacemaker, sbd

sle-updates at sle-updates at
Mon May 9 07:08:05 MDT 2016

   SUSE Recommended Update: Recommended update for pacemaker, sbd

Announcement ID:    SUSE-RU-2016:1268-1
Rating:             moderate
References:         #905641 #929960 #934609 #936149 #938545 #940711 
                    #940992 #942382 #942491 #946224 #946332 #947180 
                    #947197 #949267 #949441 #950375 #950415 #950450 
                    #950551 #951171 #953192 #956459 #961392 #962309 
                    #964183 #967254 #967383 #967388 #967775 #967904 
Affected Products:
                    SUSE Linux Enterprise High Availability Extension 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4

   An update that has 31 recommended fixes can now be


   This update for the High Availability Extension 11 SP4 provides many fixes
   and enhancements.

   - spec: Install (bsc#967904)
   - pacemaker: Prevent potential segfault caused by use-of-NULL on checking
     node state (bsc#950415)

   - pengine: Suppress assert if a stateful clone is not being
     demoted/stopped (bsc#971129)
   - PE: Correctly handle the ordering of demote actions for failed and
     moving containers
   - crmd,tools: Set attributes for remote nodes directly into cib if it's
     legacy attrd (bsc#967775)
   - libcib: Correctly determine the node type (bsc#967775)
   - resources: match agents' default for globally_unique to pacemaker's
   - crm_resource: Prevent segfault when --resource is not correctly supplied
     for --restart command
   - pacemaker_remote: Start and stop sbd in pacemaker_remote initscript
   - pacemaker_remote: Auto-export the init script variables read from the
     config file
   - remote: Simplify calls to accept() and inet_ntop() by using "struct
     sockaddr_storage" (bsc#964183)
   - remote: cl#5269 - Notify other clients of a new connection only if the
     handshake has completed (bsc#967388)
   - remote: Correctly display the IP address of the remote client
   - libservices: Add error handling for pipe() failed.
   - libservices: Check resource agent is executable or not before pipe open.
   - crmd: Prevent use-after-free when an unexpected remote client takes over
   - cib: Do not send notifications when the dryrun flag is present
   - crm_shadow: fix broken --display command
   - libcluster: crm_peer_uname() should return NULL if uuid is invalid
   - crmd: Disconnect the relevant remote proxies as well when disconnecting
     a remote node (bsc#964183)
   - crmd: Prevent potential use-after-free (bsc#964183)
   - liblrmd: Prevent potential use-after-free issues (bsc#964183)
   - PE: Fix conditions for internal sanity check
   - fencing: Correctly track active stonith actions (bsc#938545)
   - fencing: Functionize adding and removing active pids of device
   - crm_shadow: Do not invoke shells with --noprofile option other than bash
   - lib/common: check return value of dlsym() and not dlerror()
   - header == NULL when parsing compressed message
   - fencing: Support concurrent fencing actions on each device (bsc#938545)
   - pengine: Support concurrent fencing (bsc#938545)
   - crmd: 0 is a valid fd   makes coverity happy
   - tools: crm_resource compile issue
   - crm_resource --list-agents: don't print uninitialized memory
   - fencing, libfencing: remap fence agent error codes before async callback
   - libcrmcommon: when caching attrd connection, cache connection flags as
   - cts: Plugin-based cluster has its own PacemakerUp pattern
   - stonithd: Trigger cib_devices_update in case of deletion of just an
   - stonithd: Do not intermingle stdout & stderr coming from stonith-RAs
   - resources: allow for top output with or without percent sign in HealthCPU
   - ping: Clarify the description of host_list parameter in ping metadata
   - cib: Do not terminate due to badly behaving clients
   - pengine: Support of multiple-active=block for resource groups
   - fencing: crm_resource --show-metadata drops documentation strings for
     fencing agents (bsc#950375)
   - CTS: add "try except" to deal with errors that raw_input gets EOFError
     and add "--yes" to skip interaction (bsc#953192)
   - lrmd: Finalize all pending and recurring operations when cleaning up a
     resource (bsc#950450)
   - cib: Increased paranoia when peer updates fail to apply in compatability
     mode (bsc#951171)
   - libcommon: Ignore CDATA of metadata of the resource.
   - cib: Downgrade the log message on forwarding CRM_OP_NOOP requests from
     INFO to DEBUG (bsc#949267)
   - fencing: Return a provider for the internal fencing agent "#watchdog"
     instead of logging an error (bsc#949441)
   - spec: Move the normal resource agents into pacemaker-cli package
   - spec: Move logrotate configuration file into pacemaker-cli package
   - spec: Move attrd_updater, crm_attribute and crm_master into
     pacemaker-cli package (bsc#947197)
   - spec: Move xml schema files and PCMK-MIB.txt into pacemaker-cli package
   - crmd: properly detect CIB update failures for remote nodes
   - cibadmin: Prevent potential use-of-NULL in print_xml_output()
   - cibadmin: Default once again to LOG_CRIT
   - Tools: Repair the logging of 'interesting' command-lines
   - tools: improve error handling when modifying configuration
   - tools: use floating-point division when converting ms to seconds
   - crmd,libcrmcommon,libservices,tools: potential memory leaks
   - crmd,fencing: avoid potential null dereference in string searches
   - cib: Check if the configuration changes with cib_config_changed() only
     for v1 diffs (bsc#946224)
   - libcib: properly handle temporary file
   - libcrmcommon: better validation of environment variable value
   - crmd: avoid potential null dereference
   - libcib: potential user input overflow
   - remote: Revise a misleading message in the ocf:pacemaker:remote resource
     agent (bsc#946332, bsc#967383)
   - remote: Correctly display the usage of the ocf:pacemaker:remote resource
     agent (bsc#946332, bsc#967383)
   - libcib: find_nvpair_attr_delegate: check alloc failure
   - pacemaker_remote: memory leak in ipc_proxy_dispatch()
   - crmd: don't add node ID to proxied remote node requests for attrd
   - Date: Correctly set time from seconds-since-epoch
   - PE: Bug cl#5247 - Imply resources running on a container are stopped
     when the container is stopped
   - xml: Mark xml nodes as dirty if any children move (bsc#942382)
   - pengine: The failed action of the resource that occurred in shutdown is
     not displayed.
   - crmd: Initialize an integer
   - crmd: Resolve memory leak in remote_proxy_cb()
   - ipc: Do not constantly increase suggested size for PCMK_ipc_buffer every
     time we find it's insufficient (bsc#940992)
   - log: Change the log of the noise to the trace log.
   - tools: Update regression tests
   - pengine: Ensure fencing of the DC precedes the STONITH_DONE operation
   - ipc: Fix output formats (bsc#940992)
   - fencing: Remove unnecessary casts (bsc#940711)
   - ipc: Correctly compare values for the size of ipc buffer and prevent
     suggesting a negative value when it's insufficient (bsc#940992)
   - xml: Reduce severity of noisy log message (bsc#950551)
   - crm_resource: Correctly clean up failcounts for inactive anonymous clones
   - crm: Set the attribute from remote node.
   - stonithd: potential device list corruption
   - xml: Prevent use-of-NULL in crm_xml_dump()
   - crm_mon: Memory leaks
   - pengine: properly handle blocked clone actions
   - pengine: Correctly bypass fencing for resources that do not require it
   - crmd: memory leaks in recurring operation history
   - libcib,libfencing,tools: memory leaks from xmlGetNodePath()
   - lrmd: memory leak when freeing command structure
   - cts: change the stack from openais (white-tank) to corosync (plugin v0)
     in set_stack of (bsc#936149)
   - PE: Ignore comment blocks when unpacking the cib
   - lrmd: prevent double free after unregistering stonith device for
   - pengine: allow guest remote nodes using containers/vms to be nested in a
     group resource
   - cib: Prevent use-after-free and return -EINVAL when attempting to delete
     the whole "/cib" (bsc#934609)
   - cib: Prevent use-after-free when invoking "cibadmin --delete-all
     --xpath" (bsc#934609)
   - fencing: properly decide whether a topology fencing device has been found
   - fencing: properly sort peers by number of fencing devices found
   - pengine: do not stop notify a fenced node that the rscs on the fenced
     node stopped
   - pengine: fixes segfault in pengine when fencing remote node
   - remote: do not fail operations because of a migration
   - pengine: cl#5235 - Prevent graph loops that can be introduced by
     "load_stopped -> migrate_to" ordering
   - PE: Exclude nodes which don't match any exclusive discovery rules
   - lrmd: cancel currently pending STONITH op if stonithd connection is lost
   - fencing: Correct the all_topology_devices_found() implementation
   - lrmd: set recv timeout upper bound for tls connections
   - crmd: handle resources named the same as cluster nodes
   - PE: Skip unrunnable actions when one-or-more is in effect
   - PE: Ensure recurring monitor operations are cancelled when clone
     instances are de-allocated
   - fencing: Allow semi-colon delimiter for pcmk_host_list
   - Fencing: Gracefully handle invalid metadata from agents (bsc#950375)
   - cts: Add back INITDIR variable
   - pengine: cl#5130 - Only check the capacities of the nodes that are
     allowed to run the resource (fate#313105)
   - Tools: Repair expected output for ACLs
   - Build: Prevent rpm packaging conflicts
   - pengine: cl#5130 - Choose nodes capable of running all the colocated
     utilization resources (fate#313105)
   - crmd: don't update fail count twice for same failure (bsc#950450)
   - crmd: report operation rc as advertised instead of status
   - xml: Do not dump deleted attributes (bsc#929960)
   - xml: cl#5231 - Unset the deleted attributes in the resulting diffs
     (bsc#905641, bsc#967254)

Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise High Availability Extension 11-SP4:

      zypper in -t patch slehasp4-pacemaker-12543=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-pacemaker-12543=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64):


   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):



More information about the sle-updates mailing list