2.0.2-0.1.rc1 - Update for new upstream tarball

...for release candidate: Pacemaker-2.0.2-rc1,
  for full details, see included ChangeLog file or
  https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.2-rc1

Customize (as allowed now) exhibited downstream-specific bug reporting URL

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

High-libservices-fix-use-after-free-wrt.-alert-handl.patch

@@ -1,136 +0,0 @@
-From 6a77ebbb553cde4695839cd7ec47531a7f3eb9f3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
-Date: Tue, 2 Apr 2019 10:13:21 +0200
-Subject: [PATCH 1/6] High: libservices: fix use-after-free wrt. alert handling
-
-This could possibly lead to unsolicited information disclosure by the
-means of standard output of the immediately preceding agent/resource
-execution leaking into the log stream under some circumstances.
-It was hence assigned CVE-2019-3885.
-
-The provoked pathological state of pacemaker-execd daemon progresses
-towards crashing it for hitting segmentation fault.
----
- lib/services/services.c       | 40 +----------------------------------
- lib/services/services_linux.c | 35 ++++++++++++++++++++++++++----
- 2 files changed, 32 insertions(+), 43 deletions(-)
-
-diff --git a/lib/services/services.c b/lib/services/services.c
-index 20e824fb5..256890e1d 100644
---- a/lib/services/services.c
-+++ b/lib/services/services.c
-@@ -372,35 +372,6 @@ services_action_user(svc_action_t *op, const char *user)
-     return crm_user_lookup(user, &(op->opaque->uid), &(op->opaque->gid));
- }
- 
--static void
--set_alert_env(gpointer key, gpointer value, gpointer user_data)
--{
--    int rc;
--
--    if (value) {
--        rc = setenv(key, value, 1);
--    } else {
--        rc = unsetenv(key);
--    }
--
--    if (rc < 0) {
--        crm_perror(LOG_ERR, "setenv %s=%s",
--                  (char*)key, (value? (char*)value : ""));
--    } else {
--        crm_trace("setenv %s=%s", (char*)key, (value? (char*)value : ""));
--    }
--}
--
--static void
--unset_alert_env(gpointer key, gpointer value, gpointer user_data)
--{
--    if (unsetenv(key) < 0) {
--        crm_perror(LOG_ERR, "unset %s", (char*)key);
--    } else {
--        crm_trace("unset %s", (char*)key);
--    }
--}
--
- /*!
-  * \brief Execute an alert agent action
-  *
-@@ -415,18 +386,9 @@ unset_alert_env(gpointer key, gpointer value, gpointer user_data)
- gboolean
- services_alert_async(svc_action_t *action, void (*cb)(svc_action_t *op))
- {
--    gboolean responsible;
--
-     action->synchronous = false;
-     action->opaque->callback = cb;
--    if (action->params) {
--        g_hash_table_foreach(action->params, set_alert_env, NULL);
--    }
--    responsible = services_os_action_execute(action);
--    if (action->params) {
--        g_hash_table_foreach(action->params, unset_alert_env, NULL);
--    }
--    return responsible;
-+    return services_os_action_execute(action);
- }
- 
- #if SUPPORT_DBUS
-diff --git a/lib/services/services_linux.c b/lib/services/services_linux.c
-index 6e6789a22..076daa51a 100644
---- a/lib/services/services_linux.c
-+++ b/lib/services/services_linux.c
-@@ -160,6 +160,25 @@ set_ocf_env_with_prefix(gpointer key, gpointer value, gpointer user_data)
-     set_ocf_env(buffer, value, user_data);
- }
- 
-+static void
-+set_alert_env(gpointer key, gpointer value, gpointer user_data)
-+{
-+    int rc;
-+
-+    if (value != NULL) {
-+        rc = setenv(key, value, 1);
-+    } else {
-+        rc = unsetenv(key);
-+    }
-+
-+    if (rc < 0) {
-+        crm_perror(LOG_ERR, "setenv %s=%s",
-+                  (char*)key, (value? (char*)value : ""));
-+    } else {
-+        crm_trace("setenv %s=%s", (char*)key, (value? (char*)value : ""));
-+    }
-+}
-+
- /*!
-  * \internal
-  * \brief Add environment variables suitable for an action
-@@ -169,12 +188,20 @@ set_ocf_env_with_prefix(gpointer key, gpointer value, gpointer user_data)
- static void
- add_action_env_vars(const svc_action_t *op)
- {
--    if (safe_str_eq(op->standard, PCMK_RESOURCE_CLASS_OCF) == FALSE) {
--        return;
-+    void (*env_setter)(gpointer, gpointer, gpointer) = NULL;
-+    if (op->agent == NULL) {
-+        env_setter = set_alert_env;  /* we deal with alert handler */
-+
-+    } else if (safe_str_eq(op->standard, PCMK_RESOURCE_CLASS_OCF)) {
-+        env_setter = set_ocf_env_with_prefix;
-     }
- 
--    if (op->params) {
--        g_hash_table_foreach(op->params, set_ocf_env_with_prefix, NULL);
-+    if (env_setter != NULL && op->params != NULL) {
-+        g_hash_table_foreach(op->params, env_setter, NULL);
-+    }
-+
-+    if (env_setter == NULL || env_setter == set_alert_env) {
-+        return;
-     }
- 
-     set_ocf_env("OCF_RA_VERSION_MAJOR", "1", NULL);
--- 
-2.21.0
-
-

Med-controld-fix-possible-NULL-pointer-dereference.patch

@@ -1,40 +0,0 @@
-From 3ad7b2509d78f95b5dfc8fffc4d9a91be1da5113 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
-Date: Wed, 17 Apr 2019 15:04:21 +0200
-Subject: [PATCH] Med: controld: fix possible NULL pointer dereference
-
-This is now more likely triggerable once the problems related to
-CVE-2018-16878 are avoided.
----
- daemons/controld/controld_control.c | 15 +++++++++------
- 1 file changed, 9 insertions(+), 6 deletions(-)
-
-diff --git a/daemons/controld/controld_control.c b/daemons/controld/controld_control.c
-index ee956982b..0ac358cbe 100644
---- a/daemons/controld/controld_control.c
-+++ b/daemons/controld/controld_control.c
-@@ -77,12 +77,15 @@ do_ha_control(long long action,
-             registered = crm_connect_corosync(cluster);
- #endif
-         }
--        controld_election_init(cluster->uname);
--        fsa_our_uname = cluster->uname;
--        fsa_our_uuid = cluster->uuid;
--        if(cluster->uuid == NULL) {
--            crm_err("Could not obtain local uuid");
--            registered = FALSE;
-+
-+        if (registered == TRUE) {
-+            controld_election_init(cluster->uname);
-+            fsa_our_uname = cluster->uname;
-+            fsa_our_uuid = cluster->uuid;
-+            if(cluster->uuid == NULL) {
-+                crm_err("Could not obtain local uuid");
-+                registered = FALSE;
-+            }
-         }
- 
-         if (registered == FALSE) {
--- 
-2.21.0
-

pacemaker.spec

@@ -13,12 +13,12 @@
 ## Upstream pacemaker version, and its package version (specversion
 ## can be incremented to build packages reliably considered "newer"
 ## than previously built packages with the same pcmkversion)
-%global pcmkversion 2.0.1
+%global pcmkversion 2.0.2
-%global specversion 2
+%global specversion 1
 
 ## Upstream commit (or git tag, such as "Pacemaker-" plus the
 ## {pcmkversion} macro for an official release) to use for this package
-%global commit Pacemaker-2.0.1
+%global commit Pacemaker-2.0.2-rc1
 ## Since git v2.11, the extent of abbreviation is autoscaled by default
 ## (used to be constant of 7), so we need to convey it for non-tags, too.
 %global commit_abbrev 9
@@ -144,9 +144,6 @@ Source0:       https://github.com/%{github_owner}/%{name}/archive/%{commit}/%{na
 Source1:       https://github.com/%{github_owner}/%{nagios_name}/archive/%{nagios_hash}/%{nagios_name}-%{nagios_hash}.tar.gz
 # ---
 # patches go here
-Patch0:        High-libservices-fix-use-after-free-wrt.-alert-handl.patch
-Patch1:        High-pacemakerd-vs.-IPC-procfs-confused-deputy-authentic.patch
-Patch2:        Med-controld-fix-possible-NULL-pointer-dereference.patch
 
 Requires:      resource-agents
 Requires:      %{name}-libs%{?_isa} = %{version}-%{release}
@@ -191,7 +188,7 @@ BuildRequires: asciidoc inkscape publican
 %endif
 
 # git-style patch application
-BuildRequires: git
+#BuildRequires: git
 
 Provides:      pcmk-cluster-manager = %{version}-%{release}
 Provides:      pcmk-cluster-manager%{?_isa} = %{version}-%{release}
@@ -349,9 +346,9 @@ monitor resources.
 
 %prep
 %setup -q -a 1 -n %{name}-%{commit}
-%global __scm git_am
+#global __scm git_am
-%__scm_setup_git
+#__scm_setup_git
-%autopatch -p1
+#autopatch -p1
 
 %build
 
@@ -385,6 +382,7 @@ export LDFLAGS_HARDENED_LIB="%{?_hardening_ldflags}"
         --with-initdir=%{_initrddir}                                            \
         --localstatedir=%{_var}                                                 \
         --with-version=%{version}-%{release}                                    \
+        --with-bug-url=https://bugz.fedoraproject.org/%{name}                   \
         --with-nagios                                                           \
         --with-nagios-metadata-dir=%{_datadir}/pacemaker/nagios/plugins-metadata/  \
         --with-nagios-plugin-dir=%{_libdir}/nagios/plugins/
@@ -707,6 +705,12 @@ exit 0
 %license %{nagios_name}-%{nagios_hash}/COPYING
 
 %changelog
+* Thu Apr 25 2019 Jan Pokorný <jpokorny+rpm-pacemaker@redhat.com> - 2.0.2-0.1.rc1
+- Update for new upstream tarball for release candidate: Pacemaker-2.0.2-rc1,
+  for full details, see included ChangeLog file or
+  https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.2-rc1
+- Customize (as allowed now) exhibited downstream-specific bug reporting URL
+
 * Wed Apr 17 2019 Jan Pokorný <jpokorny+rpm-pacemaker@redhat.com> - 2.0.1-2
 - Apply fixes for security issues:
   . CVE-2019-3885 (use-after-free with potential information disclosure)