Recommended update for cfengine, cfengine-masterfiles
| Announcement ID: | SUSE-RU-2016:1972-1 |
|---|---|
| Rating: | low |
| References: | |
| Affected Products: |
|
An update that has one fix can now be installed.
Description:
This update for cfengine, cfengine-masterfiles fixes the following issues: CFEngine was updated from version 3.7.1 to 3.7.3, which brings fixes and enhancements:
Behavior changes:
- classesmatching(): order of classes changed.
- Suppress standard services noise on SUSE.
Fixes:
- Reduce verbosity of yum and apt_get package modules.
- Parse def.json vars, classes in C.
- Namespaced classes can now be specified on the command line.
- getvalues() will now return a list also for data containers, and will descend recursively into the containers.
- @if minimum_version now correctly ignores lines starting with '@'.
- Fix definition of classes from augments file.
- Don't follow symbolic links when copying extended attributes.
- Fix cf-serverd error messages with classic protocol clients.
- The isvariable() function call now correctly accepts all array variables when specified inline. Previously it would not accept certain special characters, even though they could be specified indirectly by using a variable to hold it.
- Show errors regarding failure to copy extended attributes when doing a local file copy. Errors could happen when copying across two different mount points where the support for extended attributes is different between the mount points.
- Fix file descriptor leak when there are network errors.
- Fix a regression which would sometimes cause "Permission denied" errors on files inside directories with very restricted permissions.
- Check for empty server response in RemoteDirList after decryption.
- Allow def.json up to 5MB instead of 4K.
- Add guard for binary upgrade during bootstrap.
- Fix a bug which sometimes caused package promises to be skipped with "XX Another cf-agent seems to have done this since I started" messages in the log, most notably in long running cf-agent runs (longer than one minute).
- Define (bootstrap|failsafe)_mode during update.cf when triggerd from failsafe.cf.
- Fix two cases where action_policy warn still produces errors.
- Fix classes being set because of hash collision in the implementation.
- Installing packages containing version numbers using yum now works correctly.
- readfile() and read*list() should print an error if they fail to read file.
- If there is an error saving a mustache template file it is now logged with log-level error (was inform).
- Fixed several bugs which prevented CFEngine from loading libraries from the correct location.
- If file_select.file_types is set to symlink and there are regular files in the scanned directory, CFEngine no longer produces an unnecessary error message.
- cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor multiple -D, -N and -s arguments.
- Fix "@endif" keyword sometimes being improperly processed by policy parser.
- It is possible to edit the same value in multiple regions of one file.
- Fix select_class not setting class when used in common bundle with slist.
- Fix broken HA policy for 3rd disaster-recovery node.
- Directories should no more be changed randomly into files.
- Include latest security updates for 3.7.
- Reduce malloc() thread contention on heavily loaded cf-serverd, by not exiting early in the logging function, if no message is to be printed.
- Improve cf-serverd's lock contention because of getpwnam() call.
- action_policy "warn" now correctly produces warnings instead of various other verbosity levels.
- Improve efficiency and debug reports.
- Change package modules permissions on hub package so that hub can execute package promises.
- No longer hang when changing permissions/ownership on fifos.
- Fix exporting CSV reports through HTTPS.
- failsafe.cf will be created when needed.
- Mustache templates: Fix {{@}} key when value is not a primitive. The old behavior, when iterating across a map or array of maps, was to abort if the key was requested with {{@}}. The new behavior is to always replace {{@}} with either the key name or the iteration position in the array. An error is printed if {{@}} is used outside of a Mustache iteration section.
- Legacy package promise: Result classes are now defined if the package being promised is already up to date.
- TTY detection should be more reliable.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Advanced Systems Management Module 12
zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2016-1161=1 -
SUSE Linux Enterprise Software Development Kit 12 SP1
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1161=1
Package List:
-
Advanced Systems Management Module 12 (ppc64le s390x x86_64)
- libpromises3-3.7.3-13.1
- cfengine-3.7.3-13.1
- libpromises3-debuginfo-3.7.3-13.1
- cfengine-debuginfo-3.7.3-13.1
- cfengine-debugsource-3.7.3-13.1
- cfengine-doc-3.7.3-13.1
-
Advanced Systems Management Module 12 (noarch)
- cfengine-masterfiles-3.7.3-6.1
-
SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
- cfengine-debugsource-3.7.3-13.1
- cfengine-debuginfo-3.7.3-13.1
- libpromises-devel-3.7.3-13.1