Accepting request 1137045 from network:cluster

- Update to 23.02.6 to fix (CVE-2023-49933 - bsc#1218046, CVE-2023-49935 -
  bsc#1218049, CVE-2023-49936 - bsc#1218050, CVE-2023-49937 - bsc#1218051,
  CVE-2023-49938 - bsc#1218053)
  * Security Fixes:
    + Add `JobAcctGatherParams=DisableGPUAcct` to disable gpu accounting.
    + `acct_gather_energy/ipmi` - Improve logging of DCMI issues.
    + `gpu/oneapi` - Add support for new env vars `ZE_FLAT_DEVICE_HIERARCHY`
      and `ZE_ENABLE_PCI_ID_DEVICE_ORDER`.
    + `data_parser/v0.0.39` - skip empty string when parsing QOS ids.
    + Remove error message from `assoc_mgr_update_assocs` when purposefully
      resetting the default QOS.
  * Bug Fixes:
    + `libslurm_nss` - Avoid causing glibc to assert due to an unexpected
      return from slurm_nss due to an error during lookup.
    + Fix job requests with `--tres-per-task` sometimes resulting in bad
      allocations that cannot run subsequent job steps.
    + Fix issue with `slurmd` where `srun` fails to be warned when a node
      prolog script runs beyond `MsgTimeout` set in `slurm.conf`.
    + `gres/shard` - Fix plugin functions to have matching parameter orders.
    + `gpu/nvml` - Fix issue that resulted in the wrong MIG devices being
      constrained to a job
    + `gpu/nvml` - Fix linking issue with MIGs that prevented multiple MIGs
      being used in a single job for certain MIG configurations
    + Fix file descriptor leak in slurmd when using `acct_gather_energy/ipmi`
      with DCMI devices.
    + `sview` - avoid crash when job has a node list string > 49 characters.
    + Prevent `slurmctld` crash during reconfigure when packing job start
      messages.
    + Preserve reason uid on reconfig.
    + Update node reason with updated `INVAL` state reason if different from (forwarded request 1136624 from eeich)

OBS-URL: https://build.opensuse.org/request/show/1137045
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/slurm?expand=0&rev=102
This commit is contained in:
Dominique Leuenberger 2024-01-05 20:45:15 +00:00 committed by Git OBS Bridge
commit 1f813cb386
5 changed files with 77 additions and 8 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4a5cbc19228c324aea267266e49b034a12529f20052edb5cbd63599a431e3f23
size 7444926

3
slurm-23.02.7.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eba6db8990abf40402d8e30d8706a7ddd0560e0e307c567f0fb72f1c8a522078
size 7447239

View File

@ -1,3 +1,72 @@
-------------------------------------------------------------------
Wed Jan 3 10:45:48 UTC 2024 - Egbert Eich <eich@suse.com>
- Update to 23.02.6 to fix (CVE-2023-49933 - bsc#1218046, CVE-2023-49935 -
bsc#1218049, CVE-2023-49936 - bsc#1218050, CVE-2023-49937 - bsc#1218051,
CVE-2023-49938 - bsc#1218053)
* Security Fixes:
+ Add `JobAcctGatherParams=DisableGPUAcct` to disable gpu accounting.
+ `acct_gather_energy/ipmi` - Improve logging of DCMI issues.
+ `gpu/oneapi` - Add support for new env vars `ZE_FLAT_DEVICE_HIERARCHY`
and `ZE_ENABLE_PCI_ID_DEVICE_ORDER`.
+ `data_parser/v0.0.39` - skip empty string when parsing QOS ids.
+ Remove error message from `assoc_mgr_update_assocs` when purposefully
resetting the default QOS.
* Bug Fixes:
+ `libslurm_nss` - Avoid causing glibc to assert due to an unexpected
return from slurm_nss due to an error during lookup.
+ Fix job requests with `--tres-per-task` sometimes resulting in bad
allocations that cannot run subsequent job steps.
+ Fix issue with `slurmd` where `srun` fails to be warned when a node
prolog script runs beyond `MsgTimeout` set in `slurm.conf`.
+ `gres/shard` - Fix plugin functions to have matching parameter orders.
+ `gpu/nvml` - Fix issue that resulted in the wrong MIG devices being
constrained to a job
+ `gpu/nvml` - Fix linking issue with MIGs that prevented multiple MIGs
being used in a single job for certain MIG configurations
+ Fix file descriptor leak in slurmd when using `acct_gather_energy/ipmi`
with DCMI devices.
+ `sview` - avoid crash when job has a node list string > 49 characters.
+ Prevent `slurmctld` crash during reconfigure when packing job start
messages.
+ Preserve reason uid on reconfig.
+ Update node reason with updated `INVAL` state reason if different from
last registration.
+ `conmgr` - Avoid NULL dereference when using `auth/none`.
+ `data_parser/v0.0.39` - Fixed how deleted QOS and associations for jobs
are dumped.
+ `burst_buffer/lua` - fix stage in counter not decrementing when a job is
cancelled during stage in. This counter is used to enforce the limit of
128 scripts per stage.
+ `data_parser/v0.0.39` - Fix how the `INVALID` nodes state is dumped.
+ `data_parser/v0.0.39` - Fix parsing of flag arrays to allow muliple
flags to be set.
+ Avoid leaking sockets when an x11 application is closed in an allocation.
+ Fix missing mutex unlock in group cache code which could cause slurmctld
to freeze.
+ Fix scrontab monthly jobs possibly skipping a month if added near the
end of the month.
+ Fix loading of the gpu account gather energy plugin.
+ Fix `slurmctld` segfault when reconfiguring after a job resize.
+ Fix crash in slurmstepd that can occur when launching tasks via mpi using
the `pmi2` plugin and using the `route/topology` plugin.
+ Fix `qos <id> doesn't exist` error message in `assoc_mgr_update_assocs`
to print the attempted new default qos, rather than the current default
qos.
+ `data_parser/v0.0.39` - Fix segfault when POSTing data with association
usage.
* Other Changes and Improvements:
+ Prevent message extension attacks that could bypass the message hash.
CVE-2023-49933.
+ Prevent message hash bypass in slurmd which can allow an attacker to
reuse root-level MUNGE tokens and escalate permissions. CVE-2023-49935.
+ Prevent NULL pointer dereference on `size_valp` overflow. CVE-2023-49936.
+ Prevent double-xfree() on error in `_unpack_node_reg_resp()`.
CVE-2023-49937.
+ Prevent modified `sbcast` RPCs from opening a file with the wrong group
permissions. CVE-2023-49938.
- Fix %do_obsoletes macro expansion to work with SLE-12.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 30 18:52:44 UTC 2023 - Egbert Eich <eich@suse.com> Thu Nov 30 18:52:44 UTC 2023 - Egbert Eich <eich@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file # spec file
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -19,7 +19,7 @@
# Check file META in sources: update so_version to (API_CURRENT - API_AGE) # Check file META in sources: update so_version to (API_CURRENT - API_AGE)
%define so_version 39 %define so_version 39
# Make sure to update `upgrades` as well! # Make sure to update `upgrades` as well!
%define ver 23.02.6 %define ver 23.02.7
%define _ver _23_02 %define _ver _23_02
#%%define rc_v 0rc1 #%%define rc_v 0rc1
%define dl_ver %{ver} %define dl_ver %{ver}
@ -92,7 +92,7 @@ Conflicts: %{*} >= %{ver_m}.99 }
%define upgrade_dep() %{?upgrade: # %define upgrade_dep() %{?upgrade: #
Provides: %{*} = %{version} Provides: %{*} = %{version}
%{do_obsoletes %{*}} %{expand:%%do_obsoletes %{*}}
Conflicts: %{*} } Conflicts: %{*} }
%if 0%{?suse_version} >= 1500 %if 0%{?suse_version} >= 1500
@ -405,8 +405,6 @@ Requires: libpmix%{pmix_so}
Requires: pmix Requires: pmix
%endif %endif
Requires: %{name}-config = %{version} Requires: %{name}-config = %{version}
# This may be removed once older versions have all been fixed.
%{base_conflicts %{pname}-sview}
%description plugins %description plugins
This package contains the SLURM plugins (loadable shared objects) This package contains the SLURM plugins (loadable shared objects)

View File

@ -1,6 +1,8 @@
23.02.6
23.02.5 23.02.5
23.02.3 23.02.3
23.02.0 23.02.0
22.05.11
22.05.10 22.05.10
22.05.5 22.05.5
22.05.2 22.05.2