SUSE-SU-2016:3162-1

This update for pacemaker fixes one security issue and several non-security issues.

The following security issue has been fixed:

• libcrmcommon: Fix improper IPC guarding. (bsc#1007433, CVE-2016-7035)

The following non-security issues have been fixed:

• Add logrotate to reqs of pacemaker-cli.
• Add $remote_fs dependencies to the init scripts.
• all: Clarify licensing and copyrights.
• attrd,ipc: Prevent possible segfault on exit. (bsc#986056)
• attrd, libcrmcommon: Validate attrd requests better.
• attrdupdater: Fix usage of HAVEATOMIC_ATTRD.
• cib/fencing: Set status callback before connecting to cluster. (bsc#974108)
• ClusterMon: Fix to avoid matching other process with the same PID.
• crmd: Acknowledge cancellation operations for remote connection resources. (bsc#976865)
• crmd: Avoid timeout on older peers when cancelling a resource operation.
• crmd: Record pending operations in the CIB before they are performed. (bsc#1003565)
• crmd: Clear remote node operation history only when it comes up.
• crmd: Clear remote node transient attributes on disconnect. (bsc#981489)
• crmd: Don't abort transitions for CIB comment changes.
• crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us down.
• crmd: Get full action information earlier. (bsc#981731)
• crmd: Graceful proxy shutdown is now tested. (bsc#981489)
• crmd: Keep a state of LRMD in the DC node latest.
• crmd,lrmd,liblrmd: Use defined constants for lrmd IPC operations. (bsc#981489)
• crmd: Mention that graceful remote shutdowns may cause connection failures. (bsc#981489)
• crmd/pengine: Handle on-fail=ignore properly. (bsc#981731)
• crmd/pengine: Implement on-fail=ignore without allow-fail. (bsc#981731)
• crmd: Remove dead code. (bsc#981731)
• crmd: Rename action number variable in processgraphevent(). (bsc#981731)
• crmd: Resend the shutdown request if the DC forgets.
• crmd: Respect start-failure-is-fatal even for artificially injected events. (bsc#981731)
• crmd: Set remote flag when gracefully shutting down remote nodes. (bsc#981489)
• crmd: Set the shutdown transient attribute in response to LRMDIPCOPSHUTDOWNREQ from remote nodes. (bsc#981489)
• crmd: Support graceful pacemaker_remote stops. (bsc#981489)
• crmd: Take start-delay into account for the timeout of the action timer. (bsc#977258)
• crmd: Use defined constant for magic 'direct nack' RC. (bsc#981731)
• crmd: Use proper resource agent name when caching metadata.
• crmd: When node load was reduced, crmd carries out a feasible action.
• crm_mon: Avoid logging errors for any CIB changes that we don't care about. (bsc#986931)
• crm_mon: Consistently print ms resource state.
• crm_mon: Do not call setenv with null value.
• crm_mon: Do not log errors for the known CIB changes that should be ignored. (bsc#986931)
• crm_mon: Fix time formatting on x32.
• cts: Avoid kill usage error if DummySD stop called when already stopped.
• CTS: Get Reattach test working again and up-to-date. (bsc#953192)
• cts: Simulate pacemaker_remote failure with kill. (bsc#981489)
• fencing/fence_legacy: Search capable devices by querying them through 'list' action for cluster-glue stonith agents. (bsc#986265)
• fencing: Record the last known names of nodes to make sure fencing requested with nodeid works. (bsc#974108)
• libais,libcluster,libcrmcommon,liblrmd: Don't use %z specifier.
• libcib,libfencing,libtransition: Handle memory allocation errors without CRM_CHECK().
• lib: Correction of the deletion of the notice registration.
• libcrmcommon: Correct directory name in log message.
• libcrmcommon: Ensure crmtimet structure is fully initialized by API calls.
• libcrmcommon: Log XML comments correctly.
• libcrmcommon: Properly handle XML comments when comparing v2 patchset diffs.
• libcrmcommon: Really ensure crmtimet structure is fully initialized by API calls.
• libcrmcommon: Remove extraneous format specifier from log message.
• libcrmcommon: Report errors consistently when waiting for data on connection. (bsc#986644)
• libfencing: Report added node ID correctly.
• liblrmd: Avoid memory leak when closing or deleting lrmd connections.
• libpengine: Allow peordersame_node option for constraints.
• libpengine: Log message when stonith disabled, not enabled.
• libpengine: Only log startup-fencing warning once.
• libtransition: Potential memory leak if unpacking action fails.
• lrmd: Handle shutdown a little more cleanly. (bsc#981489)
• lrmd,libcluster: Ensure ghashtable_foreach() is never passed a null table.
• lrmd,liblrmd: Add lrmd IPC operations for requesting and acknowledging shutdown. (bsc#981489)
• lrmd: Make proxied IPC providers/clients opaque. (bsc#981489)
• mcp: Improve comments for sysconfig options.
• pacemaker_remote: Set LSB Provides header to the service name.
• pacemaker_remote: Support graceful stops. (bsc#981489)
• PE: Correctly update the dependent actions of un-runnable clones.
• PE: Honor the shutdown transient attributes for remote nodes. (bsc#981489)
• pengine: Avoid memory leak when invalid constraint involves set.
• pengine: Avoid null dereference in new same-node ordering option.
• pengine: Avoid transition loop for start-then-stop + unfencing.
• pengine: Avoid use-after-free with location constraint + sets + templates.
• pengine: Better error handling when unpacking sets in location constraints.
• pengine: Consider resource failed if any of the configured monitor operations failed. (bsc#972187)
• pengine: Correction of the record judgment of the failed information.
• pengine: Do not fence a maintenance node if it shuts down cleanly. (bsc#1000743)
• pengine: Correctly set the environment variable 'OCFRESKEYCRMmetatimeout' when 'start-delay' is configured. (bsc#977258)
• pengine: Only set unfencing constraints once.
• pengine: Organize order of actions for master resources in anti-colocations. (bsc#977800)
• pengine: Organize order of actions for slave resources in anti-colocations. (bsc#977800)
• pengine: Properly order stop actions relative to stonith.
• pengine: Respect asymmetrical ordering when trying to move resources. (bsc#977675)
• pengine: Set OCFRESKEYCRMmetanotifyactive* for multistate resources.
• pengine,tools: Display pending resource state by default when it's available. (bsc#986201)
• ping: Avoid temp files in fping_check. (bsc#987348)
• ping: Avoid temporary files for fping check. (bsc#987348)
• ping: Log sensible error when /tmp is full. (bsc#987348)
• ping resource: Use fping6 for IPv6 hosts. (bsc#976271)
• RA/SysInfo: Reset the node attribute '#health_disk' to 'green' when there's sufficient free disk. (bsc#975079)
• remote: Allow cluster and remote LRM API versions to diverge. (bsc#1009076)
• remote: Correctly calculate the remaining timeouts when receiving messages. (bsc#986644)
• resources: Use OCF version tagging correctly.
• services: Correctly clean up service actions for non-dbus case.
• spec: fence_pcmk only eligible for Pacemaker+CMAN.
• stonithd: Correction of the wrong connection process name.
• sysconfig: Minor tweaks (typo, wording).
• tools: Avoid memory leaks in crm_resource --restart.
• tools: Avoid memory leak when crm_mon unpacks constraints.
• tools: Correctly count starting resources when doing crm_resource --restart.
• tools: crm_resource -T option should not be hidden anymore.
• tools: crm_standby --version/--help should work without cluster.
• tools: Do not send command lines to syslog. (bsc#986676)
• tools: Do not assume all resources restart on same node with crm_resource --restart.
• tools: Don't require node to be known to crm_resource when deleting attribute.
• tools: Properly handle crm_resource --restart with a resource in a group.
• tools: Remember any existing target-role when doing crm_resource --restart.
• various: Issues discovered via valgrind and coverity.

Additionally, the following references have been added to the changelog:

bsc#970733, fate#318381, bsc#1002767, CVE-2016-7797, bsc#971129