Release Notes for NorduGrid ARC 15.03 update 12
February 7, 2017
This is a bugfix release, addressing a vulnerability discovered in 15.03u11.
The vulnerability is related to the performance logging feature, specifically to the folder /var/log/arc/perfdata and its given permissions. The issue is not considered severe, but additional protective measures have anyway been introduced. From version 15.03u12 the folder in mention will only be created if the system administrator explicitly asks for it.
The performance logging feature is off by default, both in this and earlier versions of ARC. In this version, in addition the folder will only be created if the feature is turned on.
If you want to enable the performance logging for debugging purposes or other specific reasons, this is as before done in your configuration settings. The flag to turn on the performance logging has changed from "yes" to "expert-debug-on", see documentation.
NorduGrid ARC 15.03 has received an update to:
- core, clients, CE, Infosys and gridftp - from version 5.2.1 to 5.2.2
- documents - from 2.0.12 to 2.0.13
Nagios plugins, CAnL C++ and metapackages are unchanged.
ARC Server and core components
The following issues were fixed in the ARC core:
- Permission settings on directory created by the performance logging resulted in logrotate warnings, in addition to introducing possible vulnerability.
Common authentication library CaNL++
Since ARC 15.03 update 11, the following bug is partially fixed:
- 3633 Security problem in 5.2.1 (restricted)
- There is a memory leak when using Java API for multiple job submission with
files to BES interface.
- The CPU time is not measured correctly for jobs that kill the parent
process, such as some agent-based/pilot (e.g., ALICE)
- JURA will not publish records to the APEL on a standard Debian/Ubuntu
system, because the python-dirq package is not available for them. The
workaround is to build this package from source.
- When using ARC client tools to submit jobs to CREAM, only JSDL can be used
to describe jobs, and the broker type must be set to Null in the client.conf
- ARC GUI (arcjobtool) is not available yet, pending implementation of client
- Standalone client tar-balls for Linux are not yet available.
- Bug 2905 is solved using workaround. Source of problem is not yet
- A-REX can under some circumstances lose connection with CEinfo.pl and go into an infinite loop. The only current workaround is to restart the a-rex service.
- twistd, the underlying engine for ACIX, sometimes logs into rotated ACIX log files.
While all log messages are correctly logged in the main log file, some rotated log
files may receive new log messages.
- submit-*-job do not have permission to write performance metrics to log.
- authorizedvo=<voname> will no longer create a list of VOs under each Share. As a consequence,
EMIES WS clients can no longer find a queue by VO name the same way as in previous versions
of ARC due to changes in the GLUE2 schema rendering.
ARC release 15.03u12 consists of the following source packages:
- NorduGrid ARC, version 5.2.2 (main components)
- NorduGrid ARC Documents version 2.0.13
- metapackages for client tools, computing element and information index,
- Nagios probes for ARC CE, version 1.8.4
- gangliarc - ARC Computing Element monitoring in ganglia, version 1.0.0
- Common authentication library caNl++, version 1.0.1
Source code for main components is available from:
Documentation source (mostly LaTeX) is available from:
Source for metapackages is available from:
Source for Nagios probes is available from:
Source for the common authentication library caNl++ is available from:
Source for gangliarc is available from:
See detailed description at
These repositories provide binary packages for:
- Debian: 5.0, 6.0, 7.0 and 8.0 (i386 and amd64)
- Fedora: from 3 to 25 (i386 and x86_64)
- RedHat: EL4, EL5, EL6 (i386 and x86_64) and EL7 (x86_64)
- Ubuntu: 8.04, 8.10, 9.04, 9.10, 10.04, 10.10, 11.04, 11.10, 12.04, 12.10, 13.04,
13.10, 14.04, 14.10, 15.04, 15.10, 16.04 and 16.10 (i386 and amd64)
Scientific Linux and RedHat are implicitly supported through corresponding CentOS repositories.
Details of previous releases can be found at the ARC Releases page