Security update for pacemaker (important)

An update that solves one vulnerability and has three fixes
is now available.

Description:

This update for pacemaker fixes the following issues:

• executor: restrict certain IPC requests to Pacemaker daemons
  (CVE-2020-25654, bsc#1177916)
• extra: add vim modelines to agents
• extra: quote shell variables in agent code where appropriate
  (bsc#1175557)
• extra: remove trailing whitespace from agent code
• extra: update agent boilerplate (copyright/license notices)
• extra: use 4-space indents in resource agent code
• extra: use “:=” where appropriate in agent code
• fencer: restrict certain IPC requests to privileged users
  (CVE-2020-25654, bsc#1177916)
• move bcond_with/without up front for e.g. pcmk_release
• pacemakerd: ignore shutdown requests from unprivileged users
  (CVE-2020-25654, bsc#1177916)
• rpm: add spec option for enabling CIB secrets
• rpm: put user-configurable items at top of spec
• rpm: use the user/group ID 90 for haclient/hacluster to be consistent
  with cluster-glue (bsc#1167171)

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.1:

  zypper in -t patch openSUSE-2020-1825=1