Hi Markus, thank you for the effort and the update. Unfortunately there are still some problems with the updated version.
I've just updated the pacemaker package from 1.1.16-1+deb9u2 to 1.1.24-0+deb9u1. Afterwards parts of the Cluster Resource Manager (crm) can't be executed due to a library error. TL;DR: libpe_status.so.10 != libpe_status.so.16 and libpengine.so.10 != libpengine.so.16 In Detail: $ /usr/sbin/crm_mon --version Pacemaker 1.1.16 Written by Andrew Beekhof $ apt policy pacemaker pacemaker: Installed: 1.1.16-1+deb9u2 Candidate: 1.1.24-0+deb9u1 [...] $ apt install pacemaker [...] The following packages will be upgraded: libcib4 libcrmcluster4 libcrmcommon3 libcrmservice3 liblrmd1 libpe-rules2 libpe-status10 libpengine10 libstonithd2 libtransitioner2 pacemaker [...] $ apt policy pacemaker pacemaker: Installed: 1.1.24-0+deb9u1 Candidate: 1.1.24-0+deb9u1 [...] $ crm_mon --version crm_mon: error while loading shared libraries: libpe_status.so.10: cannot open shared object file: No such file or directory $ crm status /usr/sbin/crm_mon: error while loading shared libraries: libpe_status.so.10: cannot open shared object file: No such file or directory /usr/sbin/crm_mon: error while loading shared libraries: libpe_status.so.10: cannot open shared object file: No such file or directory ERROR: status: crm_mon (rc=127): $ ldd /usr/sbin/crm_mon | grep "not found" libpe_status.so.10 => not found libpengine.so.10 => not found $ dpkg -L libpe-status10 | grep so /usr/lib/x86_64-linux-gnu/libpe_status.so.16.1.0 /usr/lib/x86_64-linux-gnu/libpe_status.so.16 $ dpkg -L libpengine10 | grep so /usr/lib/x86_64-linux-gnu/libpengine.so.16.1.0 /usr/lib/x86_64-linux-gnu/libpengine.so.16 Can you please investigate again? Thank you. Best regards, Thorsten Rehm On Mon, 28 Dec 2020 00:24:14 +0100 Markus Koschany <[email protected]> wrote: > Hello, > > I have prepared a new security update of pacemaker, the latest version in the > 1.1.x series. The update will fix CVE-2018-16877, CVE-2018-16878 and CVE-2020- > 25654. I would appreciate it if you could test this version before it is > uploaded to stretch-security again. You can find all Debian packages at > > https://people.debian.org/~apo/lts/pacemaker/ > > including the source package if you prefer to compile pacemaker from source. > > If I don't get any negative feedback I intend to upload pacemaker 1.1.24- > 0+deb9u1 on 06.01.2021. > > Regards, > > Markus
