Hello community, here is the log from the commit of package pacemaker for openSUSE:Factory checked in at 2019-08-19 20:57:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pacemaker (Old) and /work/SRC/openSUSE:Factory/.pacemaker.new.22127 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pacemaker" Mon Aug 19 20:57:31 2019 rev:130 rq:723794 version:2.0.2+20190801.122c32115 Changes: -------- --- /work/SRC/openSUSE:Factory/pacemaker/pacemaker.changes 2019-04-15 11:51:32.902521480 +0200 +++ /work/SRC/openSUSE:Factory/.pacemaker.new.22127/pacemaker.changes 2019-08-19 20:57:42.460966455 +0200 @@ -1,0 +2,197 @@ +Thu Aug 08 11:10:39 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.2+20190801.122c32115: +- libcib: install cib_types.h +- tools: Use glib for cmdline handling in crm_mon. +- libcrmcommon: Handle no digits in crm_int_helper. +- libcrmcommon: Allow glib cmdline parsing without formatted output. +- extra: calculate #health_disk correctly in SysInfo +- extra: handle run-as-user properly in ClusterMon +- extra: advertise promote and demote in Stateful meta-data +- extra: formally deprecate the ocf:pacemaker:pingd agent +- extra: quote shell variables in agent code where appropriate +- extra: use ":=" where appropriate in agent code + +------------------------------------------------------------------- +Tue Jul 30 16:00:17 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.2+20190725.4b4fea3eb: + +- Rebase: + * bug-977201_pacemaker-controld-self-fencing.patch + +- libcrmcommon: Restore getopt behavior in stonith_admin. +- controller: document the cluster-name cluster property +- controller: allow configurable reaction to local node fencing +- pacemakerd: make daemon exit detection messages more consistent +- executor: stonith probes should fail only if previously registered +- libstonithd: handle API creation errors better +- spec: avoid long-broken (in a pristine tree state) "make all" +- controller: panic local host if notified of own fencing +- controller: clear "required" bit when disconnecting scheduler +- libcrmcommon: Remove -q from global cmdline options. +- tools: Allow HTML output in stonith_admin. +- libstonithd: Add HTML support to fencing messages. +- st_client: Reword stonith_event_text. +- controld: Use XML output to check for pending status. +- pengine: formatted output for html +- executor: don't pass /dev/null to resource agents as log +- executor: improve resource registration/unregistration messages +- controller: don't print "successfully started" if not true +- controller: monitor change can arrive in transition it was scheduled in +- controller: improve action result messages +- controller: confirm cancel actions by task key and node UUID +- controller: allow graph update when confirming action +- controller: improve remote RA connection messages + +------------------------------------------------------------------- +Mon Jul 15 09:35:42 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.2+20190712.662793aac: +- scheduler: wait for probe actions to complete to prevent unnecessary restart/re-promote of dependent resources (bsc#1130122, bsc#1032511) + +------------------------------------------------------------------- +Fri Jul 12 13:54:03 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.2+20190711.8a638d418: +- st_client: cleanup token whenever setting api to disconnected +- libcrmcommon: Add a "none" output formatter. +- libcrmcommon: Add a formatted outputter for HTML. +- remote: allow run-time configurable TLS priorities +- pengine: formatted output for text +- scheduler: properly detect dangling migrations +- scheduler: only successful ops count for migration comparisons +- libpe_status: add sanity check when unpacking migration history +- libpe_status: check for stops correctly when unpacking migration +- controller: reset expected reply when disconnecting from scheduler +- cts-scheduler: convert to python +- tools: Use a copy of argv in stonith_admin. +- libcrmcommon: Add a new version message. +- libcrmcommon: Add an error message. +- tools: Convert command line handling in stonith_admin. +- controller: set timeout on scheduler responses +- libcrmcommon: tweak ACL log messages +- libcrmcommon: pengine: formatted output for xml +- libstonithd: improve error checking when sending command +- fencer: don't require API registration for list and status commands +- fencer: improve error checking and log messages for API action requests +- executor: don't cancel stonith monitors when device is not registered +- executor: return error for stonith probes if stonith connection was lost +- libcrmcommon: assert on ACL memory allocation errors +- libcrmcommon: improve ACL messages +- libcrmcommon: avoid use-after-free when enforcing creation ACLs +- controld-fencing: add notice-log for successful fencer-connect +- st_client: make safe to remove notifications from notifications +- attrd: ensure node ID is initialized properly +- tools: avoid unlikely small memory leaks in attrd_updater +- fence-history: resync fence-history after fenced crash +- based: check for writeability of cib.xml.sig alongside cib.xml +- based: make "preventive rename" on CIB access fault path-specific +- fence-history: add notification upon history-synced +- controld-fencing: remove-notifications upon connection-destroy +- fence-history: fail leftover pending-actions after fenced-restart + +------------------------------------------------------------------- +Fri Jul 05 10:14:13 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.2+20190614.9f18a420a: + +- Rebase: + * bug-728579_pacemaker-stonith-dev-id.patch + +- libpe_status: don't add /var/log mount to bundles if user did +- libpe_status: don't order implied stops relative to a remote connection +- scheduler: remote state is failed if node is shutting down with connection failure +- libpe_status: fail connection resource if remote action gets "not connected" +- libcrmcommon: bump CRM feature set +- controller: use op status, not rc, for execution in invalid state +- controller: use op status, not rc, for executor disconnection +- libpe_status: calculate secure digests for unfencing ops +- Increase STONITH execution start log level to notice +- Fix the log level to notice when the node attribute changes +- libcrmcommon: add stderr source correctly when outputting XML +- tools: stonith_admin --list-targets should show what fencer would use +- Fix monitor's log to match other operation's log level +- controller: don't check join status after remote node appears +- pacemaker-remoted: use different default log if pid 1 + +------------------------------------------------------------------- +Fri Jun 07 10:39:45 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.2+20190606.73beea82f: +- stonith-ng's function cannot be blocked with CIB updates forever +- libpe_status: offer compile-time option to change concurrent-fencing default +- libstonithd: return proper error code for async stonith action +- various: improve fencer connection messages +- stonith_admin --help: specify the usage of --cleanup (bsc#1135317) +- pacemaker.service: Add option that does not restart Pacemaker if Corosync stops +- controller: confirm cancel of failed monitors (bsc#1133866) +- libcrmcommon: return error when applying XML diffs containing unknown operations (bsc#1127716) +- libcrmcommon: avoid possible use-of-NULL when applying XML diffs (bsc#1127716) +- libcrmcommon: correctly apply XML diffs with multiple move/create changes (bsc#1127716) + +------------------------------------------------------------------- +Fri Jun 07 10:36:55 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.2+20190606.744a30d65 (Pacemaker-2.0.2): +- libcrmcommon: export logfile environment variable if using default +- libstonithd: Change stonith-event XML output. + +------------------------------------------------------------------- +Mon May 27 12:07:02 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.1+20190522.660ef6b13: +- fence-lib: regression introduced with fork callback + +------------------------------------------------------------------- +Tue May 21 13:00:58 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.1+20190520.dc4103b37: + +- Drop obsolete: + * 0001-Revert-Fix-service-lib-avoid-call-pattern-leading-to.patch + * 0002-Revert-use-common-service-interface-for-fence-agents.patch + +- Rebase: + * bug-728579_pacemaker-stonith-dev-id.patch + +- fence-lib: avoid use-after-free on early failure return +- libcrmcommon: Don't segfault in text_begin_list. + +------------------------------------------------------------------- +Wed May 01 07:22:56 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.1+20190430.8e851b084: +- controller: avoid memory leak when duplicate monitor is scheduled +- libcrmcommon: return proper code if testing pid is denied (bsc#1131353, bsc#1131356) + +------------------------------------------------------------------- +Tue Apr 30 13:17:22 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.1+20190424.a365fc58d: +- libcrmcommon: avoid use-of-NULL when checking whether process is active (bsc#1131353, bsc#1131356) +- daemons: make start-up log messages consistent across all daemons +- executor: downgrade disappeared remote client message to notice +- remote: include channel name in IPC proxy failure message +- fencing: clarify device search messages +- libcrmcluster: improve CPG membership messages +- tools: Use formatted output in stonith_admin. +- libstonithd: Add custom formatting to fencing types. +- libcrmcommon: Add formatted output. +- xml: Add a schema for API results. + +------------------------------------------------------------------- +Thu Apr 18 12:07:35 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.1+20190417.13d370ca9: +- controld: fix possible NULL pointer dereference (bsc#1131353, bsc#1131356) +- pacemakerd vs. IPC/procfs confused deputy authenticity issue (CVE-2018-16877, bsc#1131356) (CVE-2018-16878, bsc#1131353) +- libservices: fix use-after-free wrt. alert handling (CVE-2019-3885, bsc#1131357) +- executor: systemd starts should return UNKNOWN_ERROR instead of NOT_RUNNING +- pacemaker-remoted: improve proxy accept failure message +- executor: consider stonith resource stopped only if stop succeeded +- executor: improve stonith operation rc and status mapping +- executor: reschedule recurring stonith monitor if not connected +- executor: put recurring stonith failsafe stop in correct place + +------------------------------------------------------------------- ++++ 11 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/pacemaker/pacemaker.changes ++++ and /work/SRC/openSUSE:Factory/.pacemaker.new.22127/pacemaker.changes Old: ---- 0001-Revert-Fix-service-lib-avoid-call-pattern-leading-to.patch 0002-Revert-use-common-service-interface-for-fence-agents.patch pacemaker-2.0.1+20190408.1b68da8e8.tar.xz New: ---- pacemaker-2.0.2+20190801.122c32115.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pacemaker.spec ++++++ --- /var/tmp/diff_new_pack.YvVz1h/_old 2019-08-19 20:57:44.284966160 +0200 +++ /var/tmp/diff_new_pack.YvVz1h/_new 2019-08-19 20:57:44.288966159 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -74,7 +74,7 @@ %endif Name: pacemaker -Version: 2.0.1+20190408.1b68da8e8 +Version: 2.0.2+20190801.122c32115 Release: 0 Summary: Scalable High-Availability cluster resource manager # AGPL-3.0 licensed extra/clustermon.sh is not present in the binary @@ -87,6 +87,7 @@ Source1: crm_report.in Source100: pacemaker.rpmlintrc Patch1: bug-806256_pacemaker-log-level-notice.patch +Patch2: bug-728579_pacemaker-stonith-dev-id.patch Patch3: pacemaker-nagios-plugin-dir.patch Patch4: bug-812269_pacemaker-fencing-device-register-messages.patch Patch5: pacemaker-Wno-format-signedness.patch @@ -94,9 +95,6 @@ Patch7: bug-977201_pacemaker-controld-self-fencing.patch Patch8: bug-995365_pacemaker-cts-restart-systemd-journald.patch Patch9: pacemaker-cts-StartCmd.patch -Patch10: 0001-Revert-Fix-service-lib-avoid-call-pattern-leading-to.patch -Patch11: 0002-Revert-use-common-service-interface-for-fence-agents.patch -Patch12: bug-728579_pacemaker-stonith-dev-id.patch # Required for core functionality BuildRequires: autoconf BuildRequires: automake @@ -304,6 +302,7 @@ %prep %setup -q -n %{name}-%{version} %patch1 -p1 +%patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 @@ -311,9 +310,6 @@ %patch7 -p1 %patch8 -p1 %patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 %build @@ -357,7 +353,7 @@ --localstatedir=%{_var} \ --with-version=%{version}-%{release} -make %{?_smp_mflags} all +make %{?_smp_mflags} %install %make_install ++++++ _service ++++++ --- /var/tmp/diff_new_pack.YvVz1h/_old 2019-08-19 20:57:44.312966156 +0200 +++ /var/tmp/diff_new_pack.YvVz1h/_new 2019-08-19 20:57:44.312966156 +0200 @@ -8,9 +8,9 @@ To update to a new release, change "revision" to the desired git commit hash and bump "version" if necessary - <param name="version">2.0.1</param> + <param name="version">2.0.2</param> --> - <param name="versionformat">2.0.1+%cd.%h</param> + <param name="versionformat">2.0.2+%cd.%h</param> <param name="revision">master</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.YvVz1h/_old 2019-08-19 20:57:44.328966153 +0200 +++ /var/tmp/diff_new_pack.YvVz1h/_new 2019-08-19 20:57:44.332966152 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">git://github.com/ClusterLabs/pacemaker.git</param> - <param name="changesrevision">1b68da8e8994330a9034280221357abdb02084f4</param> + <param name="changesrevision">b49c0d87ced772b60b3c44b810ba1da59f11fa7d</param> </service> </servicedata> \ No newline at end of file ++++++ bug-728579_pacemaker-stonith-dev-id.patch ++++++ --- /var/tmp/diff_new_pack.YvVz1h/_old 2019-08-19 20:57:44.336966151 +0200 +++ /var/tmp/diff_new_pack.YvVz1h/_new 2019-08-19 20:57:44.336966151 +0200 @@ -4,11 +4,11 @@ Medium: stonith: Expose IDs of stonith resources to stonith agents through "$CRM_meta_st_device_id" environment variable -Index: pacemaker-2.0.0+20180726.3d81c89b8/daemons/fenced/fenced_commands.c +Index: pacemaker-2.0.2+20190614.9f18a420a/daemons/fenced/fenced_commands.c =================================================================== ---- pacemaker-2.0.0+20180726.3d81c89b8.orig/daemons/fenced/fenced_commands.c -+++ pacemaker-2.0.0+20180726.3d81c89b8/daemons/fenced/fenced_commands.c -@@ -940,6 +940,7 @@ build_device_from_xml(xmlNode * msg) +--- pacemaker-2.0.2+20190614.9f18a420a.orig/daemons/fenced/fenced_commands.c ++++ pacemaker-2.0.2+20190614.9f18a420a/daemons/fenced/fenced_commands.c +@@ -878,6 +878,7 @@ build_device_from_xml(xmlNode * msg) device->id, device->on_target_actions); } @@ -16,27 +16,27 @@ device->work = mainloop_add_trigger(G_PRIORITY_HIGH, stonith_device_dispatch, device); /* TODO: Hook up priority */ -Index: pacemaker-2.0.0+20180726.3d81c89b8/lib/fencing/st_client.c +Index: pacemaker-2.0.2+20190614.9f18a420a/lib/fencing/st_client.c =================================================================== ---- pacemaker-2.0.0+20180726.3d81c89b8.orig/lib/fencing/st_client.c -+++ pacemaker-2.0.0+20180726.3d81c89b8/lib/fencing/st_client.c -@@ -38,6 +38,7 @@ struct stonith_action_s { +--- pacemaker-2.0.2+20190614.9f18a420a.orig/lib/fencing/st_client.c ++++ pacemaker-2.0.2+20190614.9f18a420a/lib/fencing/st_client.c +@@ -40,6 +40,7 @@ struct stonith_action_s { char *action; char *victim; - char *args; + GHashTable *args; + char *dev_id; int timeout; int async; void *userdata; -@@ -621,6 +622,7 @@ stonith__destroy_action(stonith_action_t - free(action->args); - free(action->action); - free(action->victim); +@@ -561,6 +562,7 @@ stonith__destroy_action(stonith_action_t + } + free(action->output); + free(action->error); + free(action->dev_id); free(action); } } -@@ -690,6 +692,8 @@ stonith_action_create(const char *agent, +@@ -630,6 +632,8 @@ stonith_action_create(const char *agent, if (device_args) { char buffer[512]; const char *value = NULL; @@ -45,7 +45,7 @@ snprintf(buffer, sizeof(buffer), "pcmk_%s_retries", _action); value = g_hash_table_lookup(device_args, buffer); -@@ -697,6 +701,11 @@ stonith_action_create(const char *agent, +@@ -637,6 +641,11 @@ stonith_action_create(const char *agent, if (value) { action->max_retries = atoi(value); } @@ -57,23 +57,44 @@ } return action; -@@ -878,6 +887,8 @@ internal_stonith_action_execute(stonith_ - - if (!pid) { - /* child */ -+ const char *st_dev_id_key = CRM_META "_" F_STONITH_DEVICE; +@@ -773,6 +782,10 @@ internal_stonith_action_execute(stonith_ + svc_action->params = action->args; + svc_action->cb_data = (void *) action; + ++ if (action->dev_id) { ++ svc_action->rsc = strdup(action->dev_id); ++ } + - setpgid(0, 0); + /* keep retries from executing out of control and free previous results */ + if (is_retry) { + free(action->output); +Index: pacemaker-2.0.2+20190614.9f18a420a/lib/services/services_linux.c +=================================================================== +--- pacemaker-2.0.2+20190614.9f18a420a.orig/lib/services/services_linux.c ++++ pacemaker-2.0.2+20190614.9f18a420a/lib/services/services_linux.c +@@ -30,6 +30,9 @@ + #include "crm/common/mainloop.h" + #include "crm/services.h" - close(1); -@@ -900,6 +911,10 @@ internal_stonith_action_execute(stonith_ - close(p_write_fd); - close(p_stderr_fd); ++#include "crm/stonith-ng.h" ++#include "crm/fencing/internal.h" ++ + #include "services_private.h" -+ if (action->dev_id) { -+ setenv(st_dev_id_key, action->dev_id, 1); -+ } + #if SUPPORT_CIBSECRETS +@@ -189,6 +192,15 @@ static void + add_action_env_vars(const svc_action_t *op) + { + void (*env_setter)(gpointer, gpointer, gpointer) = NULL; ++ ++ if (safe_str_eq(op->standard, PCMK_RESOURCE_CLASS_STONITH) ++ && safe_str_eq(op->agent, "fence_legacy") ++ && op->rsc != NULL) { ++ const char *st_dev_id_key = CRM_META "_" F_STONITH_DEVICE; + - /* keep retries from executing out of control */ - if (is_retry) { - sleep(1); ++ setenv(st_dev_id_key, op->rsc, 1); ++ } ++ + if (op->agent == NULL) { + env_setter = set_alert_env; /* we deal with alert handler */ + ++++++ bug-977201_pacemaker-controld-self-fencing.patch ++++++ --- /var/tmp/diff_new_pack.YvVz1h/_old 2019-08-19 20:57:44.344966150 +0200 +++ /var/tmp/diff_new_pack.YvVz1h/_new 2019-08-19 20:57:44.344966150 +0200 @@ -4,16 +4,16 @@ Fix: controld: Prevent unwanted self-fencing if "stateful_merge_wait" state of dlm is not available -Index: pacemaker-2.0.0+20180726.3d81c89b8/extra/resources/controld +Index: pacemaker-2.0.2+20190725.4b4fea3eb/extra/resources/controld =================================================================== ---- pacemaker-2.0.0+20180726.3d81c89b8.orig/extra/resources/controld -+++ pacemaker-2.0.0+20180726.3d81c89b8/extra/resources/controld -@@ -224,10 +224,6 @@ controld_monitor() { +--- pacemaker-2.0.2+20190725.4b4fea3eb.orig/extra/resources/controld ++++ pacemaker-2.0.2+20190725.4b4fea3eb/extra/resources/controld +@@ -226,10 +226,6 @@ controld_monitor() { if [ -n "$smw" ] && [ $smw -eq 1 ]; then ocf_log err "DLM status is: stateful_merge_wait" CM_RC=$OCF_ERR_GENERIC - elif [ -z "$smw" ] && dlm_tool ls | grep -q "wait fencing" && \ -- ! stonith_admin -H '*' -V | grep -q "wishes to"; then +- ! stonith_admin -H '*' --output-as xml | grep -q "extended-status=\"pending\""; then - ocf_log err "DLM status is: wait fencing" - CM_RC=$OCF_ERR_GENERIC else ++++++ pacemaker-2.0.1+20190408.1b68da8e8.tar.xz -> pacemaker-2.0.2+20190801.122c32115.tar.xz ++++++ ++++ 50082 lines of diff (skipped)
