Hello community, here is the log from the commit of package pacemaker for openSUSE:Factory checked in at 2019-04-15 11:51:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pacemaker (Old) and /work/SRC/openSUSE:Factory/.pacemaker.new.17052 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pacemaker" Mon Apr 15 11:51:25 2019 rev:129 rq:693680 version:2.0.1+20190408.1b68da8e8 Changes: -------- --- /work/SRC/openSUSE:Factory/pacemaker/pacemaker.changes 2019-04-05 11:55:48.146299389 +0200 +++ /work/SRC/openSUSE:Factory/.pacemaker.new.17052/pacemaker.changes 2019-04-15 11:51:32.902521480 +0200 @@ -1,0 +2,21 @@ +Thu Apr 11 15:32:23 UTC 2019 - Yan Gao <y...@suse.com> + +- Rebase: + bug-728579_pacemaker-stonith-dev-id.patch + +- Revert "use common service interface for fence-agents and RAs" (bsc#1132123) + * 0002-Revert-use-common-service-interface-for-fence-agents.patch + +- Revert "service-lib: avoid call-pattern leading to use-after-free" + * 0001-Revert-Fix-service-lib-avoid-call-pattern-leading-to.patch + +------------------------------------------------------------------- +Tue Apr 9 10:00:32 UTC 2019 - Yan Gao <y...@suse.com> + +- Update to version 2.0.1+20190408.1b68da8e8: +- scheduler: avoid error log in harmless situation +- libcrmcommon: use INT_MIN/INT_MAX instead of -1 for out-of-range integers +- service-lib: avoid call-pattern leading to use-after-free +- libp-i: Renamed to libpacemaker. + +------------------------------------------------------------------- @@ -568 +589 @@ -- crmd: delete resource from lrmd when appropriate +- crmd: delete resource from lrmd when appropriate (bsc#1117381) Old: ---- pacemaker-2.0.1+20190402.e091f4f0c.tar.xz New: ---- 0001-Revert-Fix-service-lib-avoid-call-pattern-leading-to.patch 0002-Revert-use-common-service-interface-for-fence-agents.patch pacemaker-2.0.1+20190408.1b68da8e8.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pacemaker.spec ++++++ --- /var/tmp/diff_new_pack.u8gIxl/_old 2019-04-15 11:51:35.294522747 +0200 +++ /var/tmp/diff_new_pack.u8gIxl/_new 2019-04-15 11:51:35.294522747 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -74,7 +74,7 @@ %endif Name: pacemaker -Version: 2.0.1+20190402.e091f4f0c +Version: 2.0.1+20190408.1b68da8e8 Release: 0 Summary: Scalable High-Availability cluster resource manager # AGPL-3.0 licensed extra/clustermon.sh is not present in the binary @@ -87,7 +87,6 @@ Source1: crm_report.in Source100: pacemaker.rpmlintrc Patch1: bug-806256_pacemaker-log-level-notice.patch -Patch2: bug-728579_pacemaker-stonith-dev-id.patch Patch3: pacemaker-nagios-plugin-dir.patch Patch4: bug-812269_pacemaker-fencing-device-register-messages.patch Patch5: pacemaker-Wno-format-signedness.patch @@ -95,6 +94,9 @@ Patch7: bug-977201_pacemaker-controld-self-fencing.patch Patch8: bug-995365_pacemaker-cts-restart-systemd-journald.patch Patch9: pacemaker-cts-StartCmd.patch +Patch10: 0001-Revert-Fix-service-lib-avoid-call-pattern-leading-to.patch +Patch11: 0002-Revert-use-common-service-interface-for-fence-agents.patch +Patch12: bug-728579_pacemaker-stonith-dev-id.patch # Required for core functionality BuildRequires: autoconf BuildRequires: automake @@ -302,7 +304,6 @@ %prep %setup -q -n %{name}-%{version} %patch1 -p1 -%patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 @@ -310,6 +311,9 @@ %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 %build @@ -592,9 +596,8 @@ %{_libdir}/libcrmcommon.so.* %{_libdir}/libpe_status.so.* %{_libdir}/libpe_rules.so.* -%{_libdir}/libpacemaker-internal.so.* +%{_libdir}/libpacemaker.so.* %{_libdir}/libstonithd.so.* -%{_libdir}/libtransitioner.so.* #%license licenses/LGPLv2.1 %doc COPYING ChangeLog %{_libdir}/libcrmcluster.so.* ++++++ 0001-Revert-Fix-service-lib-avoid-call-pattern-leading-to.patch ++++++ >From 60c3bcbcebd8b619b2124dfed9585182b97eb385 Mon Sep 17 00:00:00 2001 From: "Gao,Yan" <y...@suse.com> Date: Thu, 11 Apr 2019 17:08:41 +0200 Subject: [PATCH 1/2] Revert "Fix: service-lib: avoid call-pattern leading to use-after-free" This reverts commit e5a1d5dd751effe674e57a2f834e75650ad210c1. --- include/crm/services.h | 8 +------- lib/fencing/st_client.c | 18 +++--------------- lib/services/services.c | 13 +------------ lib/services/services_linux.c | 5 ----- lib/services/services_private.h | 1 - 5 files changed, 5 insertions(+), 40 deletions(-) diff --git a/include/crm/services.h b/include/crm/services.h index 4bdd21a34..c13fc0f04 100644 --- a/include/crm/services.h +++ b/include/crm/services.h @@ -305,17 +305,11 @@ gboolean services_action_kick(const char *name, const char *action, * * \param[in] op services action data * \param[in] action_callback callback for when the action completes - * \param[in] action_fork_callback callback for when action forked successfully * * \retval TRUE succesfully started execution * \retval FALSE failed to start execution, no callback will be received */ - gboolean services_action_async_fork_notify(svc_action_t * op, - void (*action_callback) (svc_action_t *), - void (*action_fork_callback) (svc_action_t *)); - - gboolean services_action_async(svc_action_t * op, - void (*action_callback) (svc_action_t *)); + gboolean services_action_async(svc_action_t * op, void (*action_callback) (svc_action_t *)); gboolean services_action_cancel(const char *name, const char *action, guint interval_ms); diff --git a/lib/fencing/st_client.c b/lib/fencing/st_client.c index f4b7addc2..0f2c33012 100644 --- a/lib/fencing/st_client.c +++ b/lib/fencing/st_client.c @@ -720,18 +720,6 @@ stonith_action_async_done(svc_action_t *svc_action) stonith__destroy_action(action); } -static void -stonith_action_async_forked(svc_action_t *svc_action) -{ - stonith_action_t *action = (stonith_action_t *) svc_action->cb_data; - - action->pid = svc_action->pid; - action->svc_action = svc_action; - - crm_trace("Child process %d performing action '%s' successfully forked", - action->pid, action->action); -} - static int internal_stonith_action_execute(stonith_action_t * action) { @@ -778,12 +766,12 @@ internal_stonith_action_execute(stonith_action_t * action) if (action->async) { /* async */ - if(services_action_async_fork_notify(svc_action, - &stonith_action_async_done, - &stonith_action_async_forked) == FALSE) { + if(services_action_async(svc_action, &stonith_action_async_done) == FALSE) { services_action_free(svc_action); svc_action = NULL; } else { + action->pid = svc_action->pid; + action->svc_action = svc_action; rc = 0; } diff --git a/lib/services/services.c b/lib/services/services.c index 313567f58..fa1e0dbe8 100644 --- a/lib/services/services.c +++ b/lib/services/services.c @@ -766,17 +766,12 @@ services_untrack_op(svc_action_t *op) } gboolean -services_action_async_fork_notify(svc_action_t * op, - void (*action_callback) (svc_action_t *), - void (*action_fork_callback) (svc_action_t *)) +services_action_async(svc_action_t * op, void (*action_callback) (svc_action_t *)) { op->synchronous = false; if (action_callback) { op->opaque->callback = action_callback; } - if (action_fork_callback) { - op->opaque->fork_callback = action_fork_callback; - } if (op->interval_ms > 0) { init_recurring_actions(); @@ -796,12 +791,6 @@ services_action_async_fork_notify(svc_action_t * op, return action_exec_helper(op); } -gboolean -services_action_async(svc_action_t * op, - void (*action_callback) (svc_action_t *)) -{ - return services_action_async_fork_notify(op, action_callback, NULL); -} static gboolean processing_blocked_ops = FALSE; diff --git a/lib/services/services_linux.c b/lib/services/services_linux.c index 8686f2947..66f0fbfc7 100644 --- a/lib/services/services_linux.c +++ b/lib/services/services_linux.c @@ -888,11 +888,6 @@ services_os_action_execute(svc_action_t * op) op->opaque->stdin_fd = -1; } - // after fds are setup properly and before we plug anything into mainloop - if (op->opaque->fork_callback) { - op->opaque->fork_callback(op); - } - if (op->synchronous) { action_synced_wait(op, pmask); sigchld_cleanup(); diff --git a/lib/services/services_private.h b/lib/services/services_private.h index 660a35b67..bb4a7b6a3 100644 --- a/lib/services/services_private.h +++ b/lib/services/services_private.h @@ -25,7 +25,6 @@ struct svc_action_private_s { guint repeat_timer; void (*callback) (svc_action_t * op); - void (*fork_callback) (svc_action_t * op); int stderr_fd; mainloop_io_t *stderr_gsource; -- 2.16.4 ++++++ 0002-Revert-use-common-service-interface-for-fence-agents.patch ++++++ ++++ 817 lines (skipped) ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.u8gIxl/_old 2019-04-15 11:51:35.326522763 +0200 +++ /var/tmp/diff_new_pack.u8gIxl/_new 2019-04-15 11:51:35.326522763 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">git://github.com/ClusterLabs/pacemaker.git</param> - <param name="changesrevision">9bf0fcf37d50854b087a28003f2d9f7ca94601e0</param> + <param name="changesrevision">1b68da8e8994330a9034280221357abdb02084f4</param> </service> </servicedata> \ No newline at end of file ++++++ bug-728579_pacemaker-stonith-dev-id.patch ++++++ --- /var/tmp/diff_new_pack.u8gIxl/_old 2019-04-15 11:51:35.330522766 +0200 +++ /var/tmp/diff_new_pack.u8gIxl/_new 2019-04-15 11:51:35.334522767 +0200 @@ -4,11 +4,11 @@ Medium: stonith: Expose IDs of stonith resources to stonith agents through "$CRM_meta_st_device_id" environment variable -Index: pacemaker-2.0.1+20190402.e091f4f0c/daemons/fenced/fenced_commands.c +Index: pacemaker-2.0.0+20180726.3d81c89b8/daemons/fenced/fenced_commands.c =================================================================== ---- pacemaker-2.0.1+20190402.e091f4f0c.orig/daemons/fenced/fenced_commands.c -+++ pacemaker-2.0.1+20190402.e091f4f0c/daemons/fenced/fenced_commands.c -@@ -946,6 +946,7 @@ build_device_from_xml(xmlNode * msg) +--- pacemaker-2.0.0+20180726.3d81c89b8.orig/daemons/fenced/fenced_commands.c ++++ pacemaker-2.0.0+20180726.3d81c89b8/daemons/fenced/fenced_commands.c +@@ -940,6 +940,7 @@ build_device_from_xml(xmlNode * msg) device->id, device->on_target_actions); } @@ -16,27 +16,27 @@ device->work = mainloop_add_trigger(G_PRIORITY_HIGH, stonith_device_dispatch, device); /* TODO: Hook up priority */ -Index: pacemaker-2.0.1+20190402.e091f4f0c/lib/fencing/st_client.c +Index: pacemaker-2.0.0+20180726.3d81c89b8/lib/fencing/st_client.c =================================================================== ---- pacemaker-2.0.1+20190402.e091f4f0c.orig/lib/fencing/st_client.c -+++ pacemaker-2.0.1+20190402.e091f4f0c/lib/fencing/st_client.c -@@ -39,6 +39,7 @@ struct stonith_action_s { +--- pacemaker-2.0.0+20180726.3d81c89b8.orig/lib/fencing/st_client.c ++++ pacemaker-2.0.0+20180726.3d81c89b8/lib/fencing/st_client.c +@@ -38,6 +38,7 @@ struct stonith_action_s { char *action; char *victim; - GHashTable *args; + char *args; + char *dev_id; int timeout; int async; void *userdata; -@@ -559,6 +560,7 @@ stonith__destroy_action(stonith_action_t - } - free(action->output); - free(action->error); +@@ -621,6 +622,7 @@ stonith__destroy_action(stonith_action_t + free(action->args); + free(action->action); + free(action->victim); + free(action->dev_id); free(action); } } -@@ -628,6 +630,8 @@ stonith_action_create(const char *agent, +@@ -690,6 +692,8 @@ stonith_action_create(const char *agent, if (device_args) { char buffer[512]; const char *value = NULL; @@ -45,7 +45,7 @@ snprintf(buffer, sizeof(buffer), "pcmk_%s_retries", _action); value = g_hash_table_lookup(device_args, buffer); -@@ -635,6 +639,11 @@ stonith_action_create(const char *agent, +@@ -697,6 +701,11 @@ stonith_action_create(const char *agent, if (value) { action->max_retries = atoi(value); } @@ -57,43 +57,23 @@ } return action; -@@ -755,6 +764,10 @@ internal_stonith_action_execute(stonith_ - svc_action->params = action->args; - svc_action->cb_data = (void *) action; - -+ if (action->dev_id) { -+ svc_action->rsc = strdup(action->dev_id); -+ } -+ - /* keep retries from executing out of control and free previous results */ - if (is_retry) { - free(action->output); -Index: pacemaker-2.0.1+20190402.e091f4f0c/lib/services/services_linux.c -=================================================================== ---- pacemaker-2.0.1+20190402.e091f4f0c.orig/lib/services/services_linux.c -+++ pacemaker-2.0.1+20190402.e091f4f0c/lib/services/services_linux.c -@@ -30,6 +30,9 @@ - #include "crm/common/mainloop.h" - #include "crm/services.h" - -+#include "crm/stonith-ng.h" -+#include "crm/fencing/internal.h" -+ - #include "services_private.h" +@@ -878,6 +887,8 @@ internal_stonith_action_execute(stonith_ - #if SUPPORT_CIBSECRETS -@@ -169,6 +172,14 @@ set_ocf_env_with_prefix(gpointer key, gp - static void - add_action_env_vars(const svc_action_t *op) - { -+ if (safe_str_eq(op->standard, PCMK_RESOURCE_CLASS_STONITH) -+ && safe_str_eq(op->agent, "fence_legacy") -+ && op->rsc) { + if (!pid) { + /* child */ + const char *st_dev_id_key = CRM_META "_" F_STONITH_DEVICE; + -+ setenv(st_dev_id_key, op->rsc, 1); -+ } + setpgid(0, 0); + + close(1); +@@ -900,6 +911,10 @@ internal_stonith_action_execute(stonith_ + close(p_write_fd); + close(p_stderr_fd); + ++ if (action->dev_id) { ++ setenv(st_dev_id_key, action->dev_id, 1); ++ } + - if (safe_str_eq(op->standard, PCMK_RESOURCE_CLASS_OCF) == FALSE) { - return; - } + /* keep retries from executing out of control */ + if (is_retry) { + sleep(1); ++++++ pacemaker-2.0.1+20190402.e091f4f0c.tar.xz -> pacemaker-2.0.1+20190408.1b68da8e8.tar.xz ++++++ ++++ 54717 lines of diff (skipped)