[Debian-ha-maintainers] pacemaker_2.0.1-3_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed May 8 09:34:29 BST 2019



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 May 2019 17:19:08 +0200
Source: pacemaker
Architecture: source
Version: 2.0.1-3
Distribution: unstable
Urgency: high
Maintainer: Debian HA Maintainers <debian-ha-maintainers at lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi at debian.org>
Closes: 927714
Changes:
 pacemaker (2.0.1-3) unstable; urgency=high
 .
   * [20ccd21] Shorten and explain the autopkgtest wait
   * [3c7b0b4] Ship /var/log/pacemaker, the new default directory of the detail
     logs.
     Without this directory the default configuration emits errors and the
     detail log is simply not written.
     The /var/log/pacemaker.log* detail log files from Pacemaker 1 are not
     moved automatically on upgrade, but this new /var/log/pacemaker
     directory and its contents are removed when purging pacemaker-common.
     The owner and mode of the log directory is set to let clients like
     crm_resource --force-start running as any user in the haclient group
     write their messages into the detail log.  The logrotate config relies
     on these settings as well.
   * [21a4325] Drop a build patch: libtransitioner does not use liblrmd since
     092281b
   * [920ca93] Apply upstream security pull request #1749.
     Cumulative patchset to fix CVE-2019-3885, CVE-2018-16877, CVE-2018-16878
     + additional unmasked null pointer deref
     1. CVE-2018-16877: Insufficient local IPC client-server authentication
        on the client's side can lead to local privesc.  A local attacker
        could use this flaw, and combine it with other IPC weaknesses, to
        achieve local privilege escalation.
     2. CVE-2018-16878: Insufficient verification inflicted preference of
        uncontrolled processes can lead to DoS.
     3. CVE-2019-3885: A use-after-free defect was discovered in pacemaker
        that can possibly lead to unsolicited information disclosure in the
        log outputs.
     The Travis CI fix also in the GitHub pull request was omitted here.
     (Closes: #927714)
   * [501e5bb] We've got exactly two daemons
   * [c0f7339] Move to debhelper compat level 12.
     To avoid #887904: dh_installsystemd will unmask services *after* an
     attempt to start them, leaving them stopped upon re-installation.
     Pacemaker is not affected by any other changes between compat level 11
     and 12, because we disable dh_dwz anyway (currently it isn't compatible
     with libqb).
Checksums-Sha1:
 7984d5bc46f2b1beea4241330b58b81025f6f2cc 3916 pacemaker_2.0.1-3.dsc
 8db10f5f2c62f21234e6601a86ffe9a9ad8d49a0 63956 pacemaker_2.0.1-3.debian.tar.xz
 eec6a4b6ba99b55cbba4b2844ce868b0888d2a67 29551 pacemaker_2.0.1-3_amd64.buildinfo
Checksums-Sha256:
 dff66fd6890abb35d53988362e776b4133bbea41789639050393f9e1c415afa8 3916 pacemaker_2.0.1-3.dsc
 10c48a44d681ed8bc430cedfe74689798f48064c09a53c6a3b6e6a3b5a41e26b 63956 pacemaker_2.0.1-3.debian.tar.xz
 7ec5b886c7436034b54815f2d94c3fb0898127891cbabe94cf75b37dc2743a5b 29551 pacemaker_2.0.1-3_amd64.buildinfo
Files:
 89c395968238318ac8c102e85a539976 3916 admin optional pacemaker_2.0.1-3.dsc
 8e717dfe1123395927279030f4b75a8f 63956 admin optional pacemaker_2.0.1-3.debian.tar.xz
 5665bea2c490d81301790feff4683dbd 29551 admin optional pacemaker_2.0.1-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAlzSiJoACgkQOsj3Fkd+
2yORlg/5AY9NLtWn97D9mtNr1Dld2P2p2KqVYVKvxcgdN9kwjo9S5c07R6y7xOdn
X0O5PtN9A5PkoLU5HcDZTKpmc9dzDLaQl6O5b9vwR5jqatMYwLX/CsSlS6PXJw0c
lkO6WK51/VpmjP5OdGLukHQOE3rup8+opeWGubNRwSbJW/pFwCsYio8oyqp8i96Y
JsQFzUd9YAh6gmFQEsE8Hf0uDFer4hBGJhdwT1YDr6gk6BfWUDvjaMZEO0dwC+sx
AoeJxIyI3M/ueIF52s8iKTOnwKOyFebznxSTvJ3LKqeljjOtji6rJNlRwY5gssGk
v3RscNpbevcdp6LYdXHL+J9IEBKC/fUmZl48lHKiDc9aXauXIYHp5+Elt2AcD5ds
PIMcIZgtvjlZU6CT9aUlErj+oxRb6wl4emdfN6l7z5gbfQ4Fegjy4hHXn1RYzEU0
4UwAEdX3ZvjOTqWs3br8LjDJiZ+dNBcfuI081vGIyyomIT9jwbqr1n8QMbfkpBka
qUNsL+f5cCuneLj3Qq76gQOhO3N0gkmcpZxvO4tmA40Z7uS/wMsVaSh/39Z9ym7h
9ekRESRKX278COLCTnQx8OJ93m8XxUS+RSSp5oaL4JBnQ4zSycBfH7x1vpbL9pye
HO0X9TlDV/zOZI35Hk2WmVxjzq3awGgRjpBc5QbGASbIFtU1Hl0=
=KSP+
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the Debian-ha-maintainers mailing list