diff --git a/_service b/_service
index b9f83c9..71f396f 100644
--- a/_service
+++ b/_service
@@ -11,7 +11,7 @@
1.1.15
-->
1.1.15+git%cd.%h
- 58fef06198fef17873d0d2e2d0cc5c7db73c5724
+ b6f251a13fadca0cb74702b0c007a55275c8ea09
diff --git a/pacemaker-1.1.15+git20160708.58fef06.tar.bz2 b/pacemaker-1.1.15+git20160708.58fef06.tar.bz2
deleted file mode 100644
index f18a618..0000000
--- a/pacemaker-1.1.15+git20160708.58fef06.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0c853cd797b8ebac28da639b84d3d1ce89bb201d86e299a95690f8eb4584a982
-size 3844575
diff --git a/pacemaker-1.1.15+git20161104.b6f251a.tar.bz2 b/pacemaker-1.1.15+git20161104.b6f251a.tar.bz2
new file mode 100644
index 0000000..2bb826d
--- /dev/null
+++ b/pacemaker-1.1.15+git20161104.b6f251a.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f3476a30b0e6b832497b383e32182ecb0a16e66cd7689e1c1f7f98a5ec9d2f26
+size 3584199
diff --git a/pacemaker-NodeUtilization-RA.patch b/pacemaker-NodeUtilization-RA.patch
index dcb9b95..c7eebd6 100644
--- a/pacemaker-NodeUtilization-RA.patch
+++ b/pacemaker-NodeUtilization-RA.patch
@@ -4,24 +4,24 @@ Date: Fri Nov 25 13:11:15 2011 +0100
Medium: RA: add NodeUtilization RA
-Index: pacemaker/extra/resources/Makefile.am
+Index: pacemaker-1.1.15+git20161018.722276c/extra/resources/Makefile.am
===================================================================
---- pacemaker.orig/extra/resources/Makefile.am
-+++ pacemaker/extra/resources/Makefile.am
-@@ -37,7 +37,8 @@ ocf_SCRIPTS = ClusterMon \
- Stateful \
+--- pacemaker-1.1.15+git20161018.722276c.orig/extra/resources/Makefile.am
++++ pacemaker-1.1.15+git20161018.722276c/extra/resources/Makefile.am
+@@ -38,7 +38,8 @@ ocf_SCRIPTS = ClusterMon \
SysInfo \
SystemHealth \
+ attribute \
- remote
-+ remote \
++ remote \
+ NodeUtilization
isolationtech_SCRIPTS = docker-wrapper
-Index: pacemaker/extra/resources/NodeUtilization
+Index: pacemaker-1.1.15+git20161018.722276c/extra/resources/NodeUtilization
===================================================================
--- /dev/null
-+++ pacemaker/extra/resources/NodeUtilization
++++ pacemaker-1.1.15+git20161018.722276c/extra/resources/NodeUtilization
@@ -0,0 +1,230 @@
+#!/bin/sh
+#
diff --git a/pacemaker-configure-systemd-detection.patch b/pacemaker-configure-systemd-detection.patch
new file mode 100644
index 0000000..15e3973
--- /dev/null
+++ b/pacemaker-configure-systemd-detection.patch
@@ -0,0 +1,106 @@
+Index: pacemaker-1.1.15+git20161104.b6f251a/configure.ac
+===================================================================
+--- pacemaker-1.1.15+git20161104.b6f251a.orig/configure.ac
++++ pacemaker-1.1.15+git20161104.b6f251a/configure.ac
+@@ -1214,58 +1214,6 @@ AC_SUBST(DBUS_LIBS)
+
+ AC_CHECK_TYPES([DBusBasicValue],,,[[#include ]])
+
+-if test "x${enable_systemd}" != xno; then
+- if test $HAVE_dbus = 0; then
+- if test "x${enable_systemd}" = xyes; then
+- AC_MSG_FAILURE([cannot enable systemd without DBus])
+- else
+- enable_systemd=no
+- fi
+- fi
+- if test "x${enable_systemd}" = xtry; then
+- AC_MSG_CHECKING([for systemd version query result via dbus-send])
+- ret=$({ dbus-send --system --print-reply \
+- --dest=org.freedesktop.systemd1 \
+- /org/freedesktop/systemd1 \
+- org.freedesktop.DBus.Properties.Get \
+- string:org.freedesktop.systemd1.Manager \
+- string:Version 2>/dev/null \
+- || echo "this borked"; } | tail -n1)
+- # sanitize output a bit (interested just in value, not type),
+- # ret is intentionally unenquoted so as to normalize whitespace
+- ret=$(echo ${ret} | cut -d' ' -f2-)
+- AC_MSG_RESULT([${ret}])
+- if test "x${ret}" != xborked \
+- || systemctl --version 2>/dev/null | grep -q systemd; then
+- enable_systemd=yes
+- else
+- enable_systemd=no
+- fi
+- fi
+-fi
+-
+-AC_MSG_CHECKING([whether to enable support for managing resources via systemd])
+-AC_MSG_RESULT([${enable_systemd}])
+-if test "x${enable_systemd}" = xyes; then
+- HAVE_systemd=1
+- PCMK_FEATURES="$PCMK_FEATURES systemd"
+-
+- AC_MSG_CHECKING([for systemd path for system unit files])
+- systemdunitdir="${systemdunitdir:}"
+- PKG_CHECK_VAR([systemdunitdir], [systemd],
+- [systemdsystemunitdir], [],[
+- systemdunitdir=no
+- ])
+- AC_MSG_RESULT([${systemdunitdir}])
+- if test "x${systemdunitdir}" = xno; then
+- AC_MSG_FAILURE([cannot enable systemd when systemdunitdir unresolved])
+- fi
+-fi
+-
+-AC_DEFINE_UNQUOTED(SUPPORT_SYSTEMD, $HAVE_systemd, Support systemd based system services)
+-AM_CONDITIONAL(BUILD_SYSTEMD, test $HAVE_systemd = 1)
+-AC_SUBST(SUPPORT_SYSTEMD)
+-
+ if test "x${enable_upstart}" != xno; then
+ if test $HAVE_dbus = 0; then
+ if test "x${enable_upstart}" = xyes; then
+@@ -1303,6 +1251,42 @@ AC_DEFINE_UNQUOTED(SUPPORT_UPSTART, $HAV
+ AM_CONDITIONAL(BUILD_UPSTART, test $HAVE_upstart = 1)
+ AC_SUBST(SUPPORT_UPSTART)
+
++if test "x${enable_systemd}" != xno; then
++ if test $HAVE_dbus = 0; then
++ if test "x${enable_systemd}" = xyes; then
++ AC_MSG_FAILURE([cannot enable systemd without DBus])
++ else
++ enable_systemd=no
++ fi
++ else
++ AC_MSG_CHECKING([for systemd path for system unit files])
++ PKG_CHECK_VAR([systemdunitdir], [systemd], [systemdsystemunitdir], [
++ AC_MSG_RESULT([${systemdunitdir}])
++ ],[
++ AC_MSG_RESULT([not found])
++ systemdunitdir=no
++ ])
++ if test "x${systemdunitdir}" = xno; then
++ if test "x${enable_systemd}" = xyes; then
++ AC_MSG_FAILURE([cannot enable systemd when systemdunitdir unresolved])
++ fi
++ enable_systemd=no
++ else
++ enable_systemd=yes
++ fi
++ fi
++fi
++
++AC_MSG_CHECKING([whether to enable support for managing resources via systemd])
++AC_MSG_RESULT([${enable_systemd}])
++if test "x${enable_systemd}" = xyes; then
++ HAVE_systemd=1
++ PCMK_FEATURES="$PCMK_FEATURES systemd"
++fi
++
++AC_DEFINE_UNQUOTED(SUPPORT_SYSTEMD, $HAVE_systemd, Support systemd based system services)
++AM_CONDITIONAL(BUILD_SYSTEMD, test $HAVE_systemd = 1)
++AC_SUBST(SUPPORT_SYSTEMD)
+
+ case $SUPPORT_NAGIOS in
+ 1|yes|true|try)
diff --git a/pacemaker.changes b/pacemaker.changes
index 5fbf184..27c4a8d 100644
--- a/pacemaker.changes
+++ b/pacemaker.changes
@@ -1,3 +1,76 @@
+-------------------------------------------------------------------
+Tue Nov 8 10:21:00 UTC 2016 - ygao@suse.com
+
+- Revert "Build: configure: make systemd detection akin to + before Upstart one"
+ * pacemaker-configure-systemd-detection.patch
+
+- libcrmcommon: fix CVE-2016-7035 (improper IPC guarding) (bsc#1007433)
+- sysconfig: minor tweaks (typo, wording)
+- various: issues discovered via valgrind and coverity
+- attrd_updater: fix usage of HAVE_ATOMIC_ATTRD
+- Upstream version cs: b6f251a13fadca0cb74702b0c007a55275c8ea09
+
+-------------------------------------------------------------------
+Fri Oct 21 09:35:01 UTC 2016 - ygao@suse.com
+
+- Rebase:
+ * pacemaker-NodeUtilization-RA.patch
+
+- extra: add resource agent for managing a node attribute
+- crmd: cl#5185 - Record pending operations in the CIB before they are performed (bsc#1003565)
+- ClusterMon: fix to avoid matching other process with the same PID
+- mcp: improve comments for sysconfig options
+- spec: require libqb >= 0.13.0
+- tools: crm_standby --version/--help should work without cluster
+- spec: reorganize so %pre etc. blocks are self-contained
+- spec: require python >= 2.6
+- spec: comment better
+- libpengine: ensure child is not null before looking up value
+- libpengine: only log startup-fencing warning once
+- Upstream version cs: 722276c442bf023931842313bfe0dfb7d90a7c15
+
+-------------------------------------------------------------------
+Mon Sep 26 10:51:34 UTC 2016 - ygao@suse.com
+
+- pacemaker.service: do not mistakenly suggest killing fenced
+- pacemaker.spec: consume "systemdunitdir" via %_unitdir
+- libcrmcommon: report errors consistently when waiting for data on connection (bsc#986644)
+- libservices: use DBusError API properly
+- remote: Correctly calculate the remaining timeouts when receiving messages (bsc#986644)
+- libfencing: report added node ID correctly
+- crm_mon: Do not call setenv with null value
+- pacemaker_remote: allow remote clients to timeout/reconnect
+- pengine: Do not fence a maintenance node if it shuts down cleanly (bsc#1000743)
+- install README in doc instead of now-removed AUTHORS file
+- ping: Avoid temporary files for fping check (bsc#987348)
+- all: clarify licensing and copyrights
+- schemas.c: treat CIB with unrecognized validate-with better
+- schemas.c: avoid downgrade validate-with in a corner case
+- xml.c: better info in cli_config_update on no validation success
+- fix infloop when no schema validates on update_validation
+- xml.c: internal self-or-less reference inflicted infloop guard
+- crmd: Resend the shutdown request if the DC forgets
+- ping: Avoid temp files in fping_check (bsc#987348)
+- crmd: Ensure the R_SHUTDOWN is set whenever we ask the DC to shut us down
+- crmd: clear remote node operation history only when it comes up
+- libcib,libfencing,libtransition: handle memory allocation errors without CRM_CHECK()
+- tools: make crm_mon XML schema handle resources with multiple active
+- tools: make crm_mon resources section more consistent
+- crmd: bump feature set
+- pengine: set OCF_RESKEY_CRM_meta_notify_active_* for multistate resources
+- LSB init: try to be a little more compliant
+- pengine: avoid null dereference in new same-node ordering option
+- lrmd,libcluster: ensure g_hash_table_foreach() is never passed a null table
+- crmd: don't log warning if abort_unless_down() can't find down event
+- lib: Correction of the deletion of the notice registration.
+- stonithd: Correction of the wrong connection process name.
+- crmd: Keep a state of LRMD in the DC node latest.
+- pengine: avoid transition loop for start-then-stop + unfencing
+- libpengine: allow pe_order_same_node option for constraints
+- pengine: avoid sisyphean score-attribute-mangled parsing
+- xml: score-attribute{,-mangle} has no meaning for rsc_colocation
+- Upstream version cs: 4cce2b26f6f468c342adb24bf74234a12a0070c2
+
-------------------------------------------------------------------
Fri Aug 26 16:20:25 UTC 2016 - ygao@suse.com
@@ -224,7 +297,7 @@ Mon Feb 29 11:53:36 UTC 2016 - ygao@suse.com
- cpg: Ensure group name is never unset
- remote: Simplify calls to accept() and inet_ntop() by using "struct sockaddr_storage" (bsc#964183)
-- remote: cl#5269 - Notify other clients of a new connection only if the handshake has completed (bsc#967388)
+- remote: cl#5269 - Notify other clients of a new connection only if the handshake has completed (bsc#967388, bsc#1002767, CVE-2016-7797)
- remote: Correctly display the IP address of the remote client (bsc#964183)
- spec: declare also BSD license as suitable
- libservices: Add error handling for pipe() failed.
diff --git a/pacemaker.spec b/pacemaker.spec
index b19fdd0..15c322e 100644
--- a/pacemaker.spec
+++ b/pacemaker.spec
@@ -16,10 +16,18 @@
#
-%global gname haclient
+# Globals and defines to control package behavior (configure these as desired)
+
+## User and group to use for nonprivileged services
%global uname hacluster
+%global gname haclient
+
+## Where to install Pacemaker documentation
%global pcmk_docdir %{_docdir}/%{name}
+
+## Corosync version
%global cs_version 2
+
%define with_nagios 1
%define with_snmp 1
%define with_esmtp 1
@@ -27,15 +35,19 @@
%define enable_lib_cluster_pkg 0
%define enable_fatal_warnings 0
%define with_regression_tests 0
-# Conditionals
-# Invoke "rpmbuild --without " or "rpmbuild --with "
-# to disable or enable specific features
-# Legacy stonithd fencing agents
+
+# Define conditionals so that "rpmbuild --with " and
+# "rpmbuild --without " can enable and disable specific features
+
+## Add option to enable support for stonith/external fencing agents
%bcond_without stonithd
-# We generate docs using Publican, Asciidoc and Inkscape, but they're not available everywhere
+
+## Add option to skip generating documentation
+## (the build tools aren't available everywhere)
%bcond_with doc
+
Name: pacemaker
-Version: 1.1.15+git20160708.58fef06
+Version: 1.1.15+git20161104.b6f251a
Release: 0
Summary: Scalable High-Availability cluster resource manager
License: GPL-2.0 and GPL-2.0+ and LGPL-2.1+
@@ -56,39 +68,44 @@ Patch7: pacemaker-Wno-format-signedness.patch
Patch8: bug-943295_pacemaker-lrmd-log-notice.patch
Patch9: bug-977201_pacemaker-controld-self-fencing.patch
Patch10: bug-995365_pacemaker-cts-restart-systemd-journald.patch
-# Required for core functionality (python-devel depends on python)
+Patch11: pacemaker-configure-systemd-detection.patch
+# Required for core functionality
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bison
+BuildRequires: coreutils
BuildRequires: fdupes
+BuildRequires: findutils
BuildRequires: flex
+BuildRequires: grep
BuildRequires: help2man
BuildRequires: libtool
BuildRequires: ncurses-devel
BuildRequires: pam-devel
BuildRequires: pkgconfig
-BuildRequires: python
# Required for agent_config.h which specifies the correct scratch directory
BuildRequires: resource-agents
+BuildRequires: sed
BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(corosync)
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(gnutls)
BuildRequires: pkgconfig(libexslt)
-# We need reasonably recent versions of libqb
-BuildRequires: pkgconfig(libqb) > 0.11.0
+# Pacemaker requires a minimum libqb functionality
+BuildRequires: pkgconfig(libqb) > 0.13.0
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libxslt)
-BuildRequires: pkgconfig(python)
+# Pacemaker targets compatibility with python 2.6+ and 3.2+
+BuildRequires: pkgconfig(python) >= 2.6
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(uuid)
Requires: %{name}-cli = %{version}-%{release}
Requires: corosync
Requires: libpacemaker3 = %{version}-%{release}
-Requires: libqb > 0.11.0
+Requires: libqb > 0.13.0
Requires: psmisc
-Requires: python
+Requires: python >= 2.6
Requires: resource-agents
Recommends: crmsh
Recommends: fence-agents
@@ -235,7 +252,7 @@ for developing tools for Pacemaker.
Summary: Test framework for cluster-related technologies
Group: Productivity/Clustering/HA
Requires: libpacemaker3 = %{version}-%{release}
-Requires: python
+Requires: python >= 2.6
%description cts
Test framework for cluster-related technologies like Pacemaker
@@ -264,8 +281,12 @@ manager for Corosync, CMAN and/or Linux-HA.
%patch8 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
%build
+
+export systemdunitdir=%{?_unitdir}%{?!_unitdir:no}
+
autoreconf -fvi
%configure \
@@ -336,38 +357,38 @@ install -m 755 %{SOURCE1} %{buildroot}%{_sbindir}/crm_report
# Prevent false positives in rpmlint
./BasicSanity.sh -V pengine cli 2>&1
-%post
-%service_add_post pacemaker.service
-
%pre
%service_add_pre pacemaker.service
+%post
+%service_add_post pacemaker.service
+
%preun
%service_del_preun pacemaker.service
%postun
%service_del_postun pacemaker.service
-%post remote
-%service_add_post pacemaker_remote.service
-
%pre remote
%service_add_pre pacemaker_remote.service
+%post remote
+%service_add_post pacemaker_remote.service
+
%preun remote
%service_del_preun pacemaker_remote.service
%postun remote
%service_del_postun pacemaker_remote.service
+%pre cli
+%service_add_pre crm_mon.service
+
%post cli
%fillup_only pacemaker
%service_add_post crm_mon.service
%fillup_only crm_mon
-%pre cli
-%service_add_pre crm_mon.service
-
%preun cli
%service_del_preun crm_mon.service
@@ -433,7 +454,8 @@ fi
%doc %{_datadir}/pacemaker/alerts
-%doc COPYING AUTHORS ChangeLog
+#%license licenses/GPLv2
+%doc COPYING ChangeLog
%dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker/cib
%dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker/pengine
@@ -501,7 +523,8 @@ fi
%exclude %{_mandir}/man8/pacemaker_remoted.*
%exclude %{_mandir}/man8/stonith_admin.*
-%doc COPYING AUTHORS ChangeLog
+#%license licenses/GPLv2
+%doc COPYING ChangeLog
%dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker
%dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker/blackbox
@@ -519,14 +542,16 @@ fi
%{_libdir}/libpengine.so.*
%{_libdir}/libstonithd.so.*
%{_libdir}/libtransitioner.so.*
-%doc COPYING.LIB AUTHORS
+#%license licenses/LGPLv2.1
+%doc COPYING ChangeLog
%{_libdir}/libcrmcluster.so.*
%if %{enable_lib_cluster_pkg}
%files -n libpacemaker3-cluster
%defattr(-,root,root)
%{_libdir}/libcrmcluster.so.*
-%doc COPYING.LIB AUTHORS
+#%license licenses/LGPLv2.1
+%doc COPYING ChangeLog
%endif
%files remote
@@ -535,12 +560,14 @@ fi
%{_sbindir}/rcpacemaker_remote
%{_sbindir}/pacemaker_remoted
%{_mandir}/man8/pacemaker_remoted.8%{ext_man}
-%doc COPYING AUTHORS
+#%license licenses/GPLv2
+%doc COPYING ChangeLog
%if %{with doc}
%files doc
%defattr(-,root,root)
%doc %{pcmk_docdir}
+#%license licenses/CC-BY-SA-4.0
%endif
%files cts
@@ -548,7 +575,8 @@ fi
%{py_sitedir}/cts
%{_datadir}/pacemaker/tests/cts
%{_libexecdir}/pacemaker/lrmd_test
-%doc COPYING AUTHORS
+#%license licenses/GPLv2
+%doc COPYING ChangeLog
%files -n libpacemaker-devel
%defattr(-,root,root)
@@ -557,6 +585,7 @@ fi
%{_includedir}/pacemaker
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
-%doc COPYING.LIB AUTHORS
+#%license licenses/LGPLv2.1
+%doc COPYING ChangeLog
%changelog