SLFO-pool/pmix
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main pmix revision d5036494583eb8b84f8a175e4ede36da

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-03 19:29:47 +02:00
commit cdd9fc41a9
5 changed files with 546 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

139
Fix-a-potential-vulnerability-which-allows-chown-on-user-created-links.patch Normal file
View File

@ -0,0 +1,139 @@
From: Egbert Eich <eich@suse.com>
Date: Tue Sep 12 15:51:49 2023 +0200
Subject: Fix a potential vulnerability which allows chown on user-created links
Patch-mainline: ae62cdf67b19e80fd821420816f09bf0a56a8166
Git-commit: 6364ce66b4ac487b684d512089eeb0c3d577ba98
References: bsc#1215190
This fixes CVE-2023-41915, bsc#1215190.
This is a backport of:
Do not follow links when doing "chown"
There is a potential issue with allowing a "chown" operation
to follow user-created links, so let's limit any use of that
function to "lchown" - which directs the "chown" operation to
NOT follow a link.
Signed-off-by: Ralph Castain <rhc@pmix.org>
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
src/mca/common/dstore/dstore_base.c | 4 ++--
src/mca/common/dstore/dstore_segment.c | 4 ++--
src/mca/gds/ds12/gds_ds12_lock_fcntl.c | 2 +-
src/mca/gds/ds12/gds_ds12_lock_pthread.c | 2 +-
src/mca/ptl/usock/ptl_usock_component.c | 4 ++--
src/util/pmix_pty.c | 3 ++-
6 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/mca/common/dstore/dstore_base.c b/src/mca/common/dstore/dstore_base.c
index f22461c..7ff2e4d 100644
--- a/src/mca/common/dstore/dstore_base.c
+++ b/src/mca/common/dstore/dstore_base.c
@@ -528,7 +528,7 @@ static int _esh_session_init(pmix_common_dstore_ctx_t *ds_ctx, size_t idx, ns_ma
}
}
if (s->setjobuid > 0){
- if (0 > chown(s->nspace_path, (uid_t) s->jobuid, (gid_t) -1)){
+ if (0 > lchown(s->nspace_path, (uid_t) s->jobuid, (gid_t) -1)){
rc = PMIX_ERROR;
PMIX_ERROR_LOG(rc);
return rc;
@@ -1682,7 +1682,7 @@ pmix_common_dstore_ctx_t *pmix_common_dstor_init(const char *ds_name, pmix_info_
}
}
if (ds_ctx->setjobuid > 0) {
- if (chown(ds_ctx->base_path, (uid_t) ds_ctx->jobuid, (gid_t) -1) < 0){
+ if (lchown(ds_ctx->base_path, (uid_t) ds_ctx->jobuid, (gid_t) -1) < 0){
rc = PMIX_ERR_NO_PERMISSIONS;
PMIX_ERROR_LOG(rc);
goto err_exit;
diff --git a/src/mca/common/dstore/dstore_segment.c b/src/mca/common/dstore/dstore_segment.c
index f0c4f9b..0e68dbf 100644
--- a/src/mca/common/dstore/dstore_segment.c
+++ b/src/mca/common/dstore/dstore_segment.c
@@ -120,7 +120,7 @@ PMIX_EXPORT pmix_dstore_seg_desc_t *pmix_common_dstor_create_new_lock_seg(const
if (setuid > 0){
rc = PMIX_ERR_PERM;
- if (0 > chown(file_name, (uid_t) uid, (gid_t) -1)){
+ if (0 > lchown(file_name, (uid_t) uid, (gid_t) -1)){
PMIX_ERROR_LOG(rc);
goto err_exit;
}
@@ -211,7 +211,7 @@ PMIX_EXPORT pmix_dstore_seg_desc_t *pmix_common_dstor_create_new_segment(pmix_ds
if (setuid > 0){
rc = PMIX_ERR_PERM;
- if (0 > chown(file_name, (uid_t) uid, (gid_t) -1)){
+ if (0 > lchown(file_name, (uid_t) uid, (gid_t) -1)){
PMIX_ERROR_LOG(rc);
goto err_exit;
}
diff --git a/src/mca/gds/ds12/gds_ds12_lock_fcntl.c b/src/mca/gds/ds12/gds_ds12_lock_fcntl.c
index 4452316..82b6d35 100644
--- a/src/mca/gds/ds12/gds_ds12_lock_fcntl.c
+++ b/src/mca/gds/ds12/gds_ds12_lock_fcntl.c
@@ -127,7 +127,7 @@ pmix_status_t pmix_gds_ds12_lock_init(pmix_common_dstor_lock_ctx_t *ctx, const c
}
}
if (0 != setuid) {
- if (0 > chown(lock_ctx->lockfile, uid, (gid_t) -1)) {
+ if (0 > lchown(lock_ctx->lockfile, uid, (gid_t) -1)) {
rc = PMIX_ERROR;
PMIX_ERROR_LOG(rc);
goto error;
diff --git a/src/mca/gds/ds12/gds_ds12_lock_pthread.c b/src/mca/gds/ds12/gds_ds12_lock_pthread.c
index 8192f05..57d855f 100644
--- a/src/mca/gds/ds12/gds_ds12_lock_pthread.c
+++ b/src/mca/gds/ds12/gds_ds12_lock_pthread.c
@@ -113,7 +113,7 @@ pmix_status_t pmix_gds_ds12_lock_init(pmix_common_dstor_lock_ctx_t *ctx, const c
}
memset(lock_ctx->segment->seg_base_addr, 0, size);
if (0 != setuid) {
- if (0 > chown(lock_ctx->lockfile, (uid_t) uid, (gid_t) -1)){
+ if (0 > lchown(lock_ctx->lockfile, (uid_t) uid, (gid_t) -1)){
rc = PMIX_ERROR;
PMIX_ERROR_LOG(rc);
goto error;
diff --git a/src/mca/ptl/usock/ptl_usock_component.c b/src/mca/ptl/usock/ptl_usock_component.c
index 3120302..ff2542d 100644
--- a/src/mca/ptl/usock/ptl_usock_component.c
+++ b/src/mca/ptl/usock/ptl_usock_component.c
@@ -267,14 +267,14 @@ static pmix_status_t setup_listener(pmix_info_t info[], size_t ninfo,
}
/* chown as required */
if (lt->owner_given) {
- if (0 != chown(address->sun_path, lt->owner, -1)) {
+ if (0 != lchown(address->sun_path, lt->owner, -1)) {
pmix_output(0, "CANNOT CHOWN socket %s: %s", address->sun_path, strerror (errno));
CLOSE_THE_SOCKET(lt->socket);
goto sockerror;
}
}
if (lt->group_given) {
- if (0 != chown(address->sun_path, -1, lt->group)) {
+ if (0 != lchown(address->sun_path, -1, lt->group)) {
pmix_output(0, "CANNOT CHOWN socket %s: %s", address->sun_path, strerror (errno));
CLOSE_THE_SOCKET(lt->socket);
goto sockerror;
diff --git a/src/util/pmix_pty.c b/src/util/pmix_pty.c
index 58e8d51..a5e3c0c 100644
--- a/src/util/pmix_pty.c
+++ b/src/util/pmix_pty.c
@@ -11,6 +11,7 @@
* All rights reserved.
* Copyright (c) 2018 Cisco Systems, Inc. All rights reserved
* Copyright (c) 2019-2020 Intel, Inc. All rights reserved.
+ * Copyright (c) 2021-2023 Nanook Consulting. All rights reserved.
* $COPYRIGHT$
*
* Additional copyrights may follow
@@ -248,7 +249,7 @@ static int ptys_open(int fdm, char *pts_name)
gid = -1; /* group tty is not in the group file */
}
/* following two functions don't work unless we're root */
- chown(pts_name, getuid(), gid);
+ lchown(pts_name, getuid(), gid); // DO NOT FOLLOW LINKS
chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP);
fds = open(pts_name, O_RDWR);
if (fds < 0) {

BIN
openpmix-3.2.3.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

170
pmix.changes Normal file
View File

@ -0,0 +1,170 @@
-------------------------------------------------------------------
Tue Sep 12 14:04:10 UTC 2023 - Egbert Eich <eich@suse.com>
- Fix a potential vulnerability where a `chown` may follow a
user-created link:
Fix-a-potential-vulnerability-which-allows-chown-on-user-created-links.patch
(CVE-2023-41915, bsc#1215190).
-------------------------------------------------------------------
Tue Mar 21 15:27:23 UTC 2023 - Egbert Eich <eich@suse.com>
- Move the requirement for pmix-runtime-config to libpmix2 and make
it version-independent (bsc#1209473).
- Install pmix-plugin-munge if munge is installed.
- Use correct prerequisite name: pmix-plugin-munge not pmix-plugins-munge
-------------------------------------------------------------------
Mon Mar 20 13:44:26 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- The devel package must require the actual library libpmix2.
-------------------------------------------------------------------
Fri Mar 17 10:46:51 UTC 2023 - Christian Goll <cgoll@suse.com>
- removed library plugin for slurm as a fix was applied there,
(bsc#1209260)
-------------------------------------------------------------------
Tue Mar 14 19:24:25 UTC 2023 - Egbert Eich <eich@suse.com>
- Create library plugin for Slurm: it contains the libpmix.so
link which normally goes into the devel package - without
the headers (bsc#1209260).
-------------------------------------------------------------------
Mon Jul 11 14:57:37 UTC 2022 - Egbert Eich <eich@suse.com>
- Separate out psec munge plugin to avoid dependency creep.
-------------------------------------------------------------------
Wed Jul 6 08:48:43 UTC 2022 - Nicolas Morey-Chaisemartin <nmoreychaisemartin@suse.com>
- Enable build on i686 and armv7
- Move test files to %{_libexecdir}/pmix/tests to avoid conflicts
on 32 bits systems
-------------------------------------------------------------------
Sat Jul 2 10:48:30 UTC 2022 - Egbert Eich <eich@suse.com>
- Provide Pmix tests in a test package to give users the
opportunity to test their setup. This is particularly
useful for Slurm.
-------------------------------------------------------------------
Thu Feb 18 08:24:53 UTC 2021 - Egbert Eich <eich@suse.com>
- Remove BuildRequires: for pandoc:
Not needed and not available for SLE.
-------------------------------------------------------------------
Tue Feb 16 15:44:56 UTC 2021 - Christian Goll <cgoll@suse.com>
- updated to v3.2.3
* Fix thread conflict in event notification - PR #1967
* Finalize: set hostname in global to NULL to avoid segfault
in apps that call init/finalize multiple times - PR #2001
* Silence unnecessary error log message - PR #1669
* Fixed crash of dstore locks destructor - PR #1776
* Add option to bypass local-only fence optimization - PR #1825
* Increase timeout in test case - PR #1830
* Fix server/get for gds=hash - PR #1990
* Remove stale config command - PR #1933
* Modex size reductions - PR #1402/#1403/#1421/#1423
* Sync 3.2 branch with master - PR #1832
New attributes:
PMIX_HOSTNAME_ALIASES
PMIX_HOSTNAME_KEEP_FQDN
PMIX_GET_REFRESH_CACHE
PMIX_REQUIRED_KEY
Removed PMIX_VALUE_COMPRESSED_STRING_UNPACK macro from pmix_common.h
New frameworks
pcompress - Compression methods - PR #1139
psquash - Flexible integer packing - PR #1423
New components
preg/compress - regular expression methods - PR #1139
Modified string representations produced by PMIx_generate_regex
and PMIx_generate_ppn. - PR #1422
Fixed dmodex support and PMIx_Get behavior - Issue #1586
Removed --with-pmix-symbol-rename configure option - PR #1748
* Expose PMIX_REGEX constant per v3.2 standard - PR #1848
* Fix immediate flag behavior at the server - PR #1885
For futher details, check
- For Issues: https://github.com/openpmix/openpmix/issues/<ID>
- For PRs: https://github.com/openpmix/openpmix/pull/<ID>
-------------------------------------------------------------------
Fri Apr 10 11:00:28 UTC 2020 - Egbert Eich <eich@suse.com>
- Mark header and config packages 'noarch' (boo#1170259).
- Add a bit of QA: include a %check stage.
-------------------------------------------------------------------
Wed Apr 8 12:35:30 UTC 2020 - Egbert Eich <eich@suse.com>
- Create separate plugins package. Since libpmix2 obtains its
functionality from these plugins, add a dependency.
- Plugins depend on libmca_common_dstore - add an explicit
dependency to the package as there are other providers - like
openmpi3 (bsc#1167983).
-------------------------------------------------------------------
Wed Mar 25 08:26:24 UTC 2020 - Bernhard Wiedemann <bwiedemann@suse.com>
- Update to version 3.1.5 (bsc#1167655)
* PR #1413/#1465: Remove unnecessary error log
* PR #1433: Return the correct status from PMIx_Publish
* PR #1445: Sync. with master to fix 'get' of data for unknown namespace
* Includes the following PRs from master
* PR #1382: dstore: fixed truncate key-names while restoring
* PR #1405: Fix xnspace dmodex and add verbose debug
* PR #1406: Resolve request for job-level data
* PR #1407/#1409/#1411: Fix dmodex across nspaces
* PR #1434/#1436: Cleanup handling of info arrays
* PR #1435: Cleanup example and remove debug
* PR #1437: Update blocking Allocation_request signature
* PR #1440: Fix 'get' of data for unknown namespace
* PR #1442: Fix fences with namespaces where no local processes are running
* PR #1472: Initialize nlocal and local in the tracker
* PR #1487: Sync. with master to fix info array and cross-version issues
* PR #1493/#1497/#1501/#1505/#1589: Info array and Cross-version fixes
* PR #1511/#1517/#1520/#1523/#1534/#1565: Fix pmix tests
* PR #1530: Improve handling of servers piror to v3.1.5
* PR #1531: Update transfer from hash to dstore
* PR #1538: Fix singleton initialization
* PR #1547: Add missing PMIx_IOF_deregister function
* PR #1554/#1591: Fix memory leak on namespace deregister
* PR #1561: Configury fix for reproducible builds (boo#1047218)
* PR #1579: Protect pthread setpshared calls
* PR #1587: Fix to gds/dstore configure logic
* PR #1610: Adjust hotel timeout to be in whole seconds
* PR #1613: dstore: Fix cache size calculation
* PR #1622: Fix multiple occurrences of unaligned access in pmix tests
* PR #1620: Re-address the collective tracker problem
* PR #1625: Fix library version triplet
* PR #1630: Fix support for PGI compiler pgcc18
* PR #1637: Realign behavior of PMIx_Get and PMIx_Get_nb
* PR #1640: Properly handle forwarded output when no handler registered
-------------------------------------------------------------------
Thu Feb 13 15:59:50 UTC 2020 - Stanislav Brabec <sbrabec@suse.com>
- Fix invalid RPM groups.
-------------------------------------------------------------------
Fri Jan 10 13:30:55 UTC 2020 - Christian Goll <cgoll@suse.com>
- configuration can now also be provided with openmpi flavors
-------------------------------------------------------------------
Mon Nov 25 14:57:45 UTC 2019 - Christian Goll <cgoll@suse.com>
- using now correct openSUSE:Shared library packaging policy
- removed pmi,pmi-2 as they are already part of slurm and mpi libs
- moved MCA-parameters to separate package
- implementing jsc#SLE-10791
-------------------------------------------------------------------
Fri Oct 25 08:21:37 UTC 2019 - Christian Goll <cgoll@suse.com>
- initial commit of version 3.1.4

211
pmix.spec Normal file
View File

@ -0,0 +1,211 @@
#
# spec file for package pmix
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
#
Name: pmix
Version: 3.2.3
Release: 0
Summary: Process Management Interface for MPI
License: BSD-3-Clause
Group: Development/Libraries/Parallel
URL: https://pmix.org/
Source0: https://github.com/openpmix/openpmix/archive/v%{version}.tar.gz#/openpmix-%{version}.tar.gz
Patch0: Fix-a-potential-vulnerability-which-allows-chown-on-user-created-links.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fdupes
BuildRequires: flex
BuildRequires: hwloc-devel
BuildRequires: libevent-devel
%ifarch x86_64
BuildRequires: libpsm2-devel
%endif
BuildRequires: libtool
BuildRequires: munge-devel
BuildRequires: zlib-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
The Process Management Interface (PMI) has been used for quite some time as a
means of exchanging wireup information needed for interprocess communication. Two
versions (PMI-1 and PMI-2) have been released as part of the MPICH effort. While
PMI-2 demonstrates better scaling properties than its PMI-1 predecessor, attaining
rapid launch and wireup of the roughly 1M processes executing across 100k nodes
expected for exascale operations remains challenging.
This RPM contains all the tools necessary to compile and link against PMIx.
%package -n libpmix2
Summary: PMI-X lib version 1
Group: System/Libraries
Requires: pmix-plugins = %version
Requires: pmix-runtime-config
Recommends: pmix-mca-params = %version
%description -n libpmix2
This package contains the shared library used by the PMI-X standard
%package plugins
Summary: PMI-X plugins version 1
Group: System/Libraries
Requires: libmca_common_dstore1 = %version
Requires: (pmix-plugin-munge = %version if munge)
Recommends: pmix-plugin-munge = %version
# explicit requires for package libmca_common_dstore1
# as other providers for libmca_common_dstore.so.1 exist
%description plugins
This package contains plugins used by libpmix2.
%package plugin-munge
Summary: PMI-X munge plugin version 1
Group: System/Libraries
Requires: libmca_common_dstore1 = %version
# explicit requires for package libmca_common_dstore1
# as other providers for libmca_common_dstore.so.1 exist
%description plugin-munge
This package contains the munge plugin for libpmix2.
%package -n libmca_common_dstore1
Summary: Communication library used by PMI-X
Group: System/Libraries
%description -n libmca_common_dstore1
This package contains the communication library used by the PMI
%package devel
Summary: Process Management Interface for MPI
Group: Development/Libraries/C and C++
Requires: %{name}-headers = %{version}
Requires: libmca_common_dstore1 = %{version}
Requires: libpmix2 = %{version}
%description devel
This Package contains necessary files for development and building PMI-X
aware applications.
%package headers
Summary: Process Management Interface for MPI
Group: Development/Libraries/C and C++
BuildArch: noarch
%description headers
This Package contains necessary the headers for PMI-X.
%package -n pmix-mca-params
Summary: Settings for the Module Component Architecure
Group: Development/Libraries/C and C++
Provides: pmix-runtime-config
Conflicts: pmix-runtime-config
BuildArch: noarch
%description -n pmix-mca-params
PMIX is part of the Module Component Architecure and needs so to have its
parameters configured.
%package test
Summary: Test packages for PMIx
Group: Development/Libraries/C and C++
%description test
Test binaries which allow to test proper PMIx operations.
%prep
%setup -q -n openpmix-%{version}
%autopatch -p1
%build
./autogen.pl --force
%configure \
--with-munge \
--with-devel-headers \
--disable-pmi-backward-compatibility \
--enable-pmix-binaries \
--with-tests-examples \
%ifarch x86_64
--with-psm2 \
%endif
--with-hwloc \
make %{?_smp_mflags}
%install
%make_install
# removed static libaries
rm -v %{buildroot}/%{_libdir}/*.la %{buildroot}/%{_libdir}/pmix/*.la
mkdir -p %{buildroot}/%{_libexecdir}/%{name}/test
for i in pmix_test pmix_client pmix_regex; do
cp test/.libs/$i %{buildroot}/%{_libexecdir}/%{name}/test
done
%fdupes %{buildroot}/%{_datadir}
%check
make check
%post -n libpmix2 -p /sbin/ldconfig
%postun -n libpmix2 -p /sbin/ldconfig
%post -n libmca_common_dstore1 -p /sbin/ldconfig
%postun -n libmca_common_dstore1 -p /sbin/ldconfig
%files
%doc README.md NEWS AUTHORS
%license LICENSE
%dir %{_libdir}/pmix
%{_datadir}/pmix
%{_bindir}/pevent
%{_bindir}/plookup
%{_bindir}/pmix_info
%{_bindir}/pps
#%%{_bindir}/pattrs
#%%{_bindir}/pmixcc
#%%{_bindir}/pquery
%files -n pmix-mca-params
%config %{_sysconfdir}/pmix-mca-params.conf
%files -n libpmix2
%{_libdir}/libpmix.so.*
%files plugins
%exclude %{_libdir}/pmix/mca_psec_munge.so
%{_libdir}/pmix/mca_*.so
%files plugin-munge
%{_libdir}/pmix/mca_psec_munge.so
%files -n libmca_common_dstore1
%{_libdir}/libmca_common_dstore.so.*
%files devel
%{_libdir}/libpmix.so
%{_libdir}/libmca_common_dstore.so
%{_libdir}/pkgconfig/pmix.pc
%files headers
%dir %{_includedir}/pmix
%{_includedir}/pmix*.h
%{_includedir}/pmix/*
%files test
%dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/test
%changelog