ELBA-2022-10029

ELBA-2022-10029 - pacemaker bug fix update

Type:BUG
Severity:NA
Release Date:2022-11-29

Description


[2.1.4-5.0.1.2]
- Upstream reference in pacemaker crm_report binary [Orabug: 32825154]
- Replace bug url [Orabug: 34202300]

[2.1.4-5.2]
- Fix regression where crm_mon returns nonzero status at cluster shutdown
- Resolves: rhbz2133830

[2.1.4-5.1]
- Fix regression where reordered resources do not get moved
- Execute resource metadata actions asynchronously
- Resolves: rhbz2125588
- Resolves: rhbz2125589

[2.1.4-5]
- Fix regression in crm_resource -O
- Resolves: rhbz2118337

[2.1.4-4]
- Ensure all nodes are re-unfenced after device configuration change
- crm_resource --why now checks node health status
- Resolves: rhbz1872483
- Resolves: rhbz2065818

[2.1.4-3]
- Add support for ACL groups
- Resolves: rhbz1724310

[2.1.4-2]
- Restore crm_attribute query behavior when attribute does not exist
- Resolves: rhbz2072107

[2.1.4-1]
- Fencer should not ignore CIB updates when stonith is disabled
- Rebase pacemaker on upstream 2.1.4 final release
- Fix typo in ocf:pacemaker:HealthSMART meta-data
- Resolves: rhbz2055935
- Resolves: rhbz2072107
- Resolves: rhbz2094855

[2.1.3-2]
- crm_attribute works on remote node command line when hostname differs
- Rebase pacemaker on upstream 2.1.3 final release
- Resolves: rhbz1384172
- Resolves: rhbz2072107

[2.1.3-1]
- crm_resource --restart fails to restart clone instances except instance 0
- Add new multiple-active option for 'stop unexpected instances'
- Unable to show metadata for 'service' agents with '@' and '.' in the name
- Resource ocf:pacemaker:attribute does not comply with the OCF 1.1 standard
- Allow resource meta-attribute to exempt resource from node health restrictions
- Show node health states in crm_mon
- Rebase pacemaker on upstream 2.1.3-rc2 release
- crm_mon API result does not validate against schema if fence event has exit-reason
- Resolves: rhbz1930578
- Resolves: rhbz2036815
- Resolves: rhbz2045096
- Resolves: rhbz2049722
- Resolves: rhbz2059638
- Resolves: rhbz2065812
- Resolves: rhbz2072107
- Resolves: rhbz2086230

[2.1.2-4]
- Fix regression in down event detection that affects remote nodes
- Resolves: rhbz2046446

[2.1.2-3]
- Improve display of failed actions
- Handle certain probe failures as stopped instead of failed
- Update pcmk_delay_base description in option meta-data
- Avoid crash when using clone notifications
- Retry Corosync shutdown tracking if first attempt fails
- Resolves: rhbz1470834
- Resolves: rhbz1506372
- Resolves: rhbz2027370
- Resolves: rhbz2039675
- Resolves: rhbz2042550

[2.1.2-2]
- Correctly get metadata for systemd agent names that end in '@'
- Use correct OCF 1.1 syntax in ocf:pacemaker:Stateful meta-data
- Fix regression in displayed times in crm_mon's fence history
- Resolves: rhbz2003151
- Resolves: rhbz2027370
- Resolves: rhbz2032027

[2.1.2-1]
- Allow per-host fence delays for a single fence device
- Use OCF 1.1 enum type in cluster option metadata for better validation
- crm-resource --force-* now works with LSB resources
- Allow spaces in pcmk_host_map
- ACL group names are no longer restricted to a unique XML id
- Rebase on upstream 2.1.2
- Ensure upgrades get compatible Corosync libraries
- Resolves: rhbz1082146
- Resolves: rhbz1281463
- Resolves: rhbz1346014
- Resolves: rhbz1376538
- Resolves: rhbz1384420
- Resolves: rhbz2011973
- Resolves: rhbz2027006

[2.1.0-8]
- Fix XML issue in fence_watchdog meta-data
- Resolves: rhbz1443666

[2.1.0-7]
- Fix minor issue with crm_resource error message change
- Resolves: rhbz1447918

[2.1.0-6]
- Fix watchdog agent version information
- Ensure transient attributes are cleared when multiple nodes are lost
- Resolves: rhbz1443666
- Resolves: rhbz1986998

[2.1.0-5]
- Allow configuring specific nodes to use watchdog-only sbd for fencing
- Resolves: rhbz1443666

[2.1.0-4]
- Show better error messages in crm_resource with invalid resource types
- Avoid selecting wrong device when dynamic-list fencing is used with host map
- Do not schedule probes of unmanaged resources on pending nodes
- Fix argument handling regressions in crm_attribute and wrappers
- Resolves: rhbz1447918
- Resolves: rhbz1978010
- Resolves: rhbz1982453
- Resolves: rhbz1984120

[2.1.0-3]
- crm_resource now supports XML output from resource agent actions
- Correct output for crm_simulate --show-failcounts
- Avoid remote node unfencing loop
- Resolves: rhbz1644628
- Resolves: rhbz1686426
- Resolves: rhbz1961857

[2.1.0-2]
- Rebase on upstream 2.1.0 final release
- Correct schema for crm_resource XML output
- Resolves: rhbz1935464
- Resolves: rhbz1967087

[2.1.0-1]
- Add crm_simulate --show-attrs and --show-failcounts options
- Retry getting fence agent meta-data after initial failure
- Add debug option for more verbose ocf:pacemaker:ping logs
- Rebase on upstream 2.1.0-rc2 release
- Support OCF Resource Agent API 1.1 standard
- Fix crm_mon regression that could cause certain agents to fail at shutdown
- Allow setting OCF check level for crm_resource --validate and --force-check
- Resolves: rhbz1686426
- Resolves: rhbz1797579
- Resolves: rhbz1843177
- Resolves: rhbz1935464
- Resolves: rhbz1936696
- Resolves: rhbz1948620
- Resolves: rhbz1955792

[2.0.5-8]
- Route cancellations through correct node when remote connection is moving
- Resolves: rhbz1928762

[2.0.5-7]
- Do not introduce regression in crm_resource --locate
- Resolves: rhbz1925681

[2.0.5-6]
- crm_mon --daemonize should reconnect if cluster restarts
- crm_mon should show more informative messages when cluster is starting
- crm_mon should show rest of status if fencing history is unavailable
- cibsecret now works on remote nodes (as long as name can be reached via ssh)
- Stop remote nodes correctly when connection history is later than node history
- Resolves: rhbz1466875
- Resolves: rhbz1872490
- Resolves: rhbz1880426
- Resolves: rhbz1881537
- Resolves: rhbz1898457

[2.0.5-5]
- Allow non-critical resources that stop rather than make another resource move
- Support crm_resource --digests option for showing operation digests
- Clean-up of all resources should work from remote nodes
- Resolves: rhbz1371576
- Resolves: rhbz1872376
- Resolves: rhbz1907726

[2.0.5-4]
- Rebase on upstream 2.0.5 release
- Make waiting to be pinged by sbd via pacemakerd-api the default
- Resolves: rhbz1885645
- Resolves: rhbz1873138

[2.0.5-3]
- Rebase on upstream 2.0.5-rc3 release
- Resolves: rhbz1885645

[2.0.5-2]
- Rebase on upstream 2.0.5-rc2 release
- Prevent ACL bypass (CVE-2020-25654)
- Resolves: rhbz1885645
- Resolves: rhbz1889582

[2.0.5-1]
- crm_mon --resource option to filter output by resource
- Avoid filling /dev/shm after frequent corosync errors
- Allow configurable permissions for log files
- Ensure ACL write permission always supersedes read
- Use fence device monitor timeout for starts and probes
- Allow type='integer' in rule expressions
- Avoid error messages when running crm_node inside bundles
- Avoid situation where promotion is not scheduled until next transition
- crm_mon should show more clearly when an entire group is disabled
- Rebase on upstream 2.0.5-rc1 release
- Resolves: rhbz1300597
- Resolves: rhbz1614166
- Resolves: rhbz1647136
- Resolves: rhbz1833173
- Resolves: rhbz1856015
- Resolves: rhbz1866573
- Resolves: rhbz1874391
- Resolves: rhbz1835717
- Resolves: rhbz1748139
- Resolves: rhbz1885645

[2.0.4-6]
- Fix cibsecret bug when node name is different from hostname
- Resolves: rhbz1870873

[2.0.4-5]
- Synchronize start-up and shutdown with SBD
- Resolves: rhbz1718324

[2.0.4-4]
- Allow crm_node -l/-p options to work from Pacemaker Remote nodes
- Correct action timeout value listed in log message
- Fix regression in crm_mon --daemonize with HTML output
- Resolves: rhbz1796824
- Resolves: rhbz1856035
- Resolves: rhbz1857728

[2.0.4-3]
- Allow resource and operation defaults per resource or operation type
- Rebase on upstream 2.0.4 final release
- Support on-fail='demote' and no-quorum-policy='demote' options
- Remove incorrect comment from sysconfig file
- Resolves: rhbz1628701
- Resolves: rhbz1828488
- Resolves: rhbz1837747
- Resolves: rhbz1848789

[2.0.4-2]
- Improve cibsecret help and clean up code per static analysis
- Resolves: rhbz1793860

[2.0.4-1]
- Clear leaving node's attributes if there is no DC
- Add crm_mon --node option to limit display to particular node or tagged nodes
- Add crm_mon --include/--exclude options to select what sections are shown
- priority-fencing-delay option bases delay on where resources are active
- Pending DC fencing gets 'stuck' in status display
- crm_rule can now check rule expiration when 'years' is specified
- crm_mon now formats error messages better
- Support for CIB secrets is enabled
- Rebase on latest upstream Pacemaker release
- Fix regression introduced in 8.2 so crm_node -n works on remote nodes
- Avoid infinite loop when topology is removed while unfencing is in progress
- Resolves: rhbz1300604
- Resolves: rhbz1363907
- Resolves: rhbz1784601
- Resolves: rhbz1787751
- Resolves: rhbz1790591
- Resolves: rhbz1793653
- Resolves: rhbz1793860
- Resolves: rhbz1828488
- Resolves: rhbz1830535
- Resolves: rhbz1831775

[2.0.3-5]
- Clear leaving node's attributes if there is no DC
- Resolves: rhbz1791841

[2.0.3-4]
- Implement shutdown-lock feature
- Resolves: rhbz1712584

[2.0.3-3]
- Rebase on Pacemaker-2.0.3 final release
- Resolves: rhbz1752538

[2.0.3-2]
- Rebase on Pacemaker-2.0.3-rc3
- Resolves: rhbz1752538

[2.0.3-1]
- Rebase on Pacemaker-2.0.3-rc2
- Parse crm_mon --fence-history option correctly
- Put timeout on controller waiting for scheduler response
- Offer Pacemaker Remote option for bind address
- Calculate cluster recheck interval dynamically
- Clarify crm_resource help text
- Reduce system calls after forking a child process
- Resolves: rhbz1699978
- Resolves: rhbz1725236
- Resolves: rhbz1743377
- Resolves: rhbz1747553
- Resolves: rhbz1748805
- Resolves: rhbz1752538
- Resolves: rhbz1762025

[2.0.2-3]
- Make pacemaker-cli require tar and bzip2
- Resolves: rhbz#1741580

[2.0.2-2]
- Synchronize fence-history on fenced-restart
- Cleanup leftover pending-fence-actions when fenced is restarted
- Improve fencing of remote-nodes
- Resolves: rhbz#1708380
- Resolves: rhbz#1708378
- Resolves: rhbz#1721198
- Resolves: rhbz#1695737

[2.0.2-1]
- Add stonith_admin option to display XML output
- Add new crm_rule tool to check date/time rules
- List any constraints cleared by crm_resource --clear
- crm_resource --validate can now get resource parameters from command line
- Rebase on upstream version 2.0.2
- Default concurrent-fencing to true
- Resolves: rhbz#1555939
- Resolves: rhbz#1572116
- Resolves: rhbz#1631752
- Resolves: rhbz#1637020
- Resolves: rhbz#1695737
- Resolves: rhbz#1715426

[2.0.1-5]
- Add gating tests for CI
- Restore correct behavior when live migration is interrupted
- Improve clients' authentication of IPC servers (CVE-2018-16877)
- Fix use-after-free with potential information disclosure (CVE-2019-3885)
- Improve pacemakerd authentication of running subdaemons (CVE-2018-16878)
- Resolves: rhbz#1682116
- Resolves: rhbz#1684306
- Resolves: rhbz#1694558
- Resolves: rhbz#1694560
- Resolves: rhbz#1694908

[2.0.1-4]
- Remove duplicate fence history state listing in crm_mon XML output
- Resolves: rhbz#1667191

[2.0.1-3]
- Fix bundle recovery regression in 2.0.1-2
- Resolves: rhbz#1660592

[2.0.1-2]
- Move pacemaker-doc installed files to /usr/share/doc/pacemaker-doc
to avoid conflict with RHEL 8 location of pacemaker subpackage docs
- Resolves: rhbz#1543494

[2.0.1-1]
- Rebase on upstream commit 0eb799156489376e13fb79dca47ea9160e9d4595 (Pacemaker-2.0.1-rc1)
- Follow upstream change of splitting XML schemas into separate package
- Resolves: rhbz#1543494

[2.0.0-11]
- Rebase on upstream commit efbf81b65931423b34c91cde7204a2d0a71e77e6
- Resolves: rhbz#1543494

[2.0.0-10]
- Rebase on upstream commit b67d8d0de9794e59719608d9b156b4a3c6556344
- Update spec for Python macro changes
- Resolves: rhbz#1543494
- Resolves: rhbz#1633612

[2.0.0-9]
- Rebase on upstream commit c4330b46bf1c3dcd3e367b436efb3bbf82ef51cd
- Support podman as bundle container launcher
- Ignore fence history in crm_mon when using CIB_file
- Resolves: rhbz#1543494
- Resolves: rhbz#1607898
- Resolves: rhbz#1625231

[2.0.0-8]
- Rebase on upstream commit dd6fd26f77945b9bb100d5a3134f149b27601552
- Fixes (unreleased) API regression
- Resolves: rhbz#1543494
- Resolves: rhbz#1622969

[2.0.0-7]
- Include upstream main branch commits through 975347d4
- Resolves: rhbz#1543494
- Resolves: rhbz#1602650
- Resolves: rhbz#1608369

[2.0.0-6]
- Rebuild with fixed binutils

[2.0.0-5]
- Rebase to upstream version 2.0.0 final
- Resolves: rhbz#1543494

[2.0.0-4]
- Rebase to upstream version 2.0.0-rc5
- Resolves: rhbz#1543494

[2.0.0-2]
- Rebase to upstream version 2.0.0-rc3
- Resolves: rhbz#1543494

[2.0.0-1]
- Rebase to upstream version 2.0.0-rc2 with later fixes
- Resolves: rhbz#1543494

[1.1.17-3]
- Stop hard requiring nagios-plugins

[1.1.17-2]
- Rebuilt to fix libqb vs. ld.bfd/binutils-2.29 incompatibility making
some CLI executables unusable under some circumstances (rhbz#1503843)

[1.1.17-1.2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[1.1.17-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[1.1.17-1]
- Update for new upstream tarball: Pacemaker-1.1.17,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.17

[1.1.17-0.1.rc4]
- Update for new upstream tarball for release candidate: Pacemaker-1.1.17-rc4,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.17-rc4
- Add an imposed lower bound for glib2 BuildRequires

[1.1.17-0.1.rc3]
- Update for new upstream tarball for release candidate: Pacemaker-1.1.17-rc3,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.17-rc3

[1.1.17-0.1.rc2]
- Update for new upstream tarball for release candidate: Pacemaker-1.1.17-rc2,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.17-rc2

[1.1.17-0.1.rc1]
- Update for new upstream tarball for release candidate: Pacemaker-1.1.17-rc1,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.17-rc1

[1.1.16-2.a39ea6491.git]
- Update for (slightly stabilized) snapshot beyond Pacemaker-1.1.16
(commit a39ea6491), including:
. prevent FTBFS with new GCC 7 (a7476dd96)
- Adapt spec file more akin to upstream version including:
. better pre-release vs. tags logic (4581d4366)

[1.1.16-1]
- Update for new upstream tarball: Pacemaker-1.1.16,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.16
- Adapt spec file more akin to upstream version including:
. clarify licensing, especially for -doc (f01f734)
. fix pacemaker-remote upgrade (779e0e3)
. require python >= 2.6 (31ef7f0)
. older libqb is sufficient (based on 30fe1ce)
. remove openssl-devel and libselinux-devel as BRs (2e05c17)
. make systemd BR pkgconfig-driven (6285924)
. defines instead of some globals + error suppression (625d427)
- Rectify -nagios-plugins-metadata declared license and install
also respective license text

[1.1.15-3]
- Apply fix for CVE-2016-7035 (improper IPC guarding)

[1.1.15-2.1]
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages

[1.1.15-2]
- Stop building with -fstack-protector-all using the upstream patches
overhauling toolchain hardening (Fedora natively uses
-fstack-protector-strong so this effectively relaxed stack protection
is the only effect as hardened flags are already used by default:
https://fedoraproject.org/wiki/Changes/Harden_All_Packages)

[1.1.15-1]
- Update for new upstream tarball: Pacemaker-1.1.15,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.15
- Adapt spec file more akin to upstream version:
. move xml schema files + PCMK-MIB.txt (81ef956), logrotate configuration
file (ce576cf; drop it from -remote package as well), attrd_updater
(aff80ae), the normal resource agents (1fc7287), and common directories
under /var/lib/pacemaker (3492794) from main package under -cli
. simplify docdir build parameter passing and drop as of now
redundant chmod invocations (e91769e)

[1.1.15-0.1.rc3]
- Update for new upstream tarball for release candidate: Pacemaker-1.1.15-rc3,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.15-rc3
- Drop fence_pcmk (incl. man page) from the package (no use where no CMAN)
- Drop license macro emulation for cases when not supported natively
(several recent Fedora releases do not need that)

[1.1.15-0.1.rc2]
- Update for new upstream tarball for release candidate: Pacemaker-1.1.15-rc2,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.15-rc2

[1.1.15-0.1.rc1]
- Update for new upstream tarball for release candidate: Pacemaker-1.1.15-rc1,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.15-rc1
- Adapt spec file more akin to upstream version (also to reflect recent
changes like ability to built explicitly without Publican-based docs)

[1.1.14-2.5a6cdd1.git]
- Update for currently stabilized snapshot beyond Pacemaker-1.1.14
(commit 5a6cdd1), but restore old-style notifications to the state at
Pacemaker-1.1.14 point release (disabled)
- Definitely get rid of Corosync v1 (Flatiron) hypothetical support
- Remove some of the spec file cruft, not required for years
(BuildRoot, AutoReqProv, 'clean' scriptlet, etc.) and adapt the file
per https://github.com/ClusterLabs/pacemaker/pull/965

[1.1.14-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[1.1.14-1]
- Update for new upstream tarball: Pacemaker-1.1.14,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.14
- Disable Fedora crypto policies conformance patch for now (rhbz#1179335)
- Better align specfile with the upstream version (also fix issue with
crm_mon sysconfig file not being installed)
- Further specfile modifications:
- drop unused gcc-c++ and repeatedly mentioned pkgconfig packages
from BuildRequires
- refer to python_sitearch macro first, if defined
- tolerate license macro not being defined (e.g., for EPEL rebuilds)
- Prevent console mode not available in crm_mon due to curses library test
fragility of configure script in hardened build environment (rhbz#1297985)

[1.1.13-4]
- Adapt to follow Fedora crypto policies (rhbz#1179335)

[1.1.13-3]
- Update to Pacemaker-1.1.13 post-release + patches (sync)
- Add nagios-plugins-metadata subpackage enabling support of selected
Nagios plugins as resources recognized by Pacemaker
- Several specfile improvements: drop irrelevant stuff, rehash the
included/excluded files + dependencies, add check scriptlet,
reflect current packaging practice, do minor cleanups
(mostly adopted from another spec)

[1.1.13-2]
- Update for new upstream tarball: Pacemaker-1.1.13
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details

[1.1.12-2.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[1.1.12-2]
- Address incorrect use of the dbus API for interacting with systemd

[1.1.12-1]
- Update for new upstream tarball: Pacemaker-1.1.12+ (a9c8177)
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details

[1.1.11-1.2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[1.1.11-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

[1.1.11-1]
- Update for new upstream tarball: Pacemaker-1.1.11 (9d39a6b)
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details

[1.1.9-3]
- Update to upstream 7d8acec
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details

+ Feature: Turn off auto-respawning of systemd services when the cluster starts them
+ Fix: crmd: Ensure operations for cleaned up resources don't block recovery
+ Fix: logging: If SIGTRAP is sent before tracing is turned on, turn it on instead of crashing

[1.1.9-2]
- Update for new upstream tarball: 781a388
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details

[1.1.2-1]
- Update the tarball from the upstream 1.1.2 release
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details

[1.0.4-1]
- Initial checkin




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) pacemaker-2.1.4-5.0.1.el8_7.2.src.rpm0808fa2f8d2bdb69fbfaea5ad8c65452-
Oracle Linux 8 (x86_64) pacemaker-2.1.4-5.0.1.el8_7.2.src.rpm0808fa2f8d2bdb69fbfaea5ad8c65452-
pacemaker-2.1.4-5.0.1.el8_7.2.x86_64.rpm69418a09cca5233e1480b0ee3baf0614-
pacemaker-cli-2.1.4-5.0.1.el8_7.2.x86_64.rpm7318521f0e322797ebcd96720e2bb8a3-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete