Updated Grid component packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.


This update makes membership on "sudoer" style lists for hosts and users configurable via standard operating system user-group and netgroup concepts. This occurs in a way that does not require reconfiguration of HTCondor daemons to update, and also facilitates security auditing.

It introduces support for netgroups on HTCondor ALLOW_* and DENY_* access lists, as a method of defining groups of users and/or machines that are members of those lists. It also supports user-groups on the HTCondor scheduler QUEUE_SUPER_USERS list as a method of defining groups of users which are members of that list.
This release introduces support for configurable consumption policies on partitionable slots, such that the quantity of each resource asset (e.g. cpus, memory, disk) that is consumed by a match is determined by evaluating a configurable expression on the slot. Usually some function of the amount requested by the matching job. 

These consumption policies allow a partitionable slot to emulate different resource allocation behaviors depending on the use cases of the customer. They also enable the negotiator to make multiple matches against each partitionable slot per negotiation cycle, providing improved performance and the better use of resources.

This results in possible behaviors such as the emulation of static slots, the support for sub-core job loads, or memory-centric allocation policies rather than legacy cpu-centric ones. Each execute node on an HTCondor pool can be configured with one or more consumption policies, allowing heterogeneous resource allocation strategies on a single pool.
Previously, an increase in symbols and code linked against the HTCondor shadow subsequently increased the memory requirements per shadow. This could limit the number of running jobs on very large HTCondor pools. With this fix, memory requirements for shadows were reduced due to changes to the shadow linking, as well as the pruning of unused symbols and data structures.
Previously, a change in the return value of system hostname lookup functions affected HTCondor's logic for expanding short hostnames. With this fix, HTCondor can now properly expand short into fully qualified hostnames.
This release introduces support for JobPrio scope across multiple schedulers. JobPrio was previously used to sort jobs only within an individual scheduler, preventing it from being used to support a job priority queue in pools where a single submitter may have jobs residing in multiple schedulers. With this feature, a job priority queue using JobPrio can be maintained even when a single submitter has jobs residing in multiple schedulers.
Previously, multiple attempts to retrieve information on child process subtrees would either succeed on the first try or fail repeatedly. This resulted in additional time wasted on unsuccessful attempts to retrieve information. With this fix, a configuration parameter allows the administrator to limit the number of retrieval attempts if it is determined that multiple attempts are not helping.
Previously, floating point precision errors caused dynamic quota values to sum to a value that is strictly greater than one, when the true mathematical sum would be exactly equal to 1. As a result, warning logic designed to inform the administrator of misconfiguration was generating spurious warnings. With this fix, the warning logic has been altered to only generate warnings for dynamic quota sums that exceed 1 by a significant amount, and where that amount is not triggered by numeric precision errors.
This release introduces the ability to output additional information on internal maxdelta and round robin iterations from the negotiator log. Making this information available, and particularly without having to enable debug-level logging, improves the ability of administrators to tune the behavior of the negotiator.


Previously, pointers returned from wsdl2cpp functions, which were missing tests for handling NULL values. As a result, XML inputs causing NULL values to be returned would crash the HTCondor aviary server. With this fix, checks for NULL return values were inserted to prevent crashes from XML inputs.


Previously, Cumin did not limit the length of URLs that it processed. This caused Cumin to use extra resources when processing malformed and long URLs. With this fix, Cumin limits the length of URLs to a maximum of 2048 characters.
Previously, Cumin did not check for duplicate widget IDs in update requests. This resulted in malformed update requests listing the same widget multiple times, causing Cumin to use extra resources. With this fix, Cumin now ignores duplicate widget IDs in update requests.
A previous internal API change resulted in errors when moving messages between queues, failing with an exception trace. The corresponding Cumin code has been updated to match the modified API and restore message movement between queues.
This fix removes an unused graphical radio button element from the 'Slots' display.
Previously, tag creation in Cumin allowed blank tag names, causing Create Tag: Failed errors. With this update, tag names are required for all new tag creation in Cumin.
The Negotiator tab has been renamed from "Negotiators" to "Negotiator" to better reflect the design of Cumin to work with a single pool that contains a single Negotiator.