Accepting request 538161 from home:eeich:branches:network:cluster

- Updated to 17.02.9 to fix CVE-2017-15566 (bsc#1065697). Changes in 17.0.9 * When resuming powered down nodes, mark DOWN nodes right after ResumeTimeout has been reached (previous logic would wait about one minute longer). * Fix sreport not showing full column name for TRES Count. * Fix slurmdb_reservations_get() giving wrong usage data when job's spanned reservation that was modified. * Fix sreport reservation utilization report showing bad data. * Show all TRES' on a reservation in sreport reservation utilization report by default. * Fix sacctmgr show reservation handling "end" parameter. * Work around issue with sysmacros.h and gcc7 / glibc 2.25. * Fix layouts code to only allow setting a boolean. * Fix sbatch --wait to keep waiting even if a message timeout occurs. * CRAY - If configured with NodeFeatures=knl_cray and there are non-KNL nodes which include no features the slurmctld will abort without this patch when attemping strtok_r(NULL). * Fix regression in 17.02.7 which would run the spank_task_privileged as part of the slurmstepd instead of it's child process. * Fix security issue in Prolog and Epilog by always prepending SPANK_ to all user-set environment variables. CVE-2017-15566. Changes in 17.0.8: * Add 'slurmdbd:' to the accounting plugin to notify message is from dbd instead of local. * mpi/mvapich - Buffer being only partially cleared. No failures observed. * Fix for job --switch option on dragonfly network. * In salloc with --uid option, drop supplementary groups before changing UID. * jobcomp/elasticsearch - strip any trailing slashes from JobCompLoc. * jobcomp/elasticsearch - fix memory leak when transferring generated buffer. OBS-URL: https://build.opensuse.org/request/show/538161 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=29
2017-11-01 17:01:38 +00:00 · 2017-11-01 17:01:38 +00:00 · 2ea5b3f2de
commit 2ea5b3f2de
parent 2f4ce2f8e9
4 changed files with 99 additions and 16 deletions
--- a/slurm-17-02-7-1.tar.gz
+++ b/slurm-17-02-7-1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ca2ddc5c1b2c747b5a04170b499cf1db28c71c059eac2be58d60ebbded3cefdf
-size 8339516
--- a/slurm-17.02.9.tar.bz2
+++ b/slurm-17.02.9.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:faf4704505dfc5b6fa199f099d36dbc3d23faf149251f36672631dbbbe3b1b71
+size 6053443
--- a/slurm.changes
+++ b/slurm.changes
@ -1,3 +1,90 @@
+-------------------------------------------------------------------
+Wed Nov  1 16:15:04 UTC 2017 - eich@suse.com
+
+- Updated to 17.02.9 to fix CVE-2017-15566 (bsc#1065697).
+   Changes in 17.0.9
+   * When resuming powered down nodes, mark DOWN nodes right after
+     ResumeTimeout
+    has been reached (previous logic would wait about one minute longer).
+   * Fix sreport not showing full column name for TRES Count.
+   * Fix slurmdb_reservations_get() giving wrong usage data when job's spanned
+     reservation that was modified.
+   * Fix sreport reservation utilization report showing bad data.
+   * Show all TRES' on a reservation in sreport reservation utilization report
+     by default.
+   * Fix sacctmgr show reservation handling "end" parameter.
+   * Work around issue with sysmacros.h and gcc7 / glibc 2.25.
+   * Fix layouts code to only allow setting a boolean.
+   * Fix sbatch --wait to keep waiting even if a message timeout occurs.
+   * CRAY - If configured with NodeFeatures=knl_cray and there are non-KNL
+     nodes which include no features the slurmctld will abort without
+     this patch when attemping strtok_r(NULL).
+   * Fix regression in 17.02.7 which would run the spank_task_privileged as
+     part of the slurmstepd instead of it's child process.
+   * Fix security issue in Prolog and Epilog by always prepending SPANK_ to
+     all user-set environment variables. CVE-2017-15566.
+   Changes in 17.0.8:
+   * Add 'slurmdbd:' to the accounting plugin to notify message is from dbd
+    instead of local.
+   * mpi/mvapich - Buffer being only partially cleared. No failures observed.
+   * Fix for job  --switch option on dragonfly network.
+   * In salloc with  --uid option, drop supplementary groups before changing UID.
+   * jobcomp/elasticsearch - strip any trailing slashes from JobCompLoc.
+   * jobcomp/elasticsearch - fix memory leak when transferring generated buffer.
+   * Prevent slurmstepd ABRT when parsing gres.conf CPUs.
+   * Fix sbatch --signal to signal all MPI ranks in a step instead of just those
+     on node 0.
+   * Check multiple partition limits when scheduling a job that were previously
+     only checked on submit.
+   * Cray: Avoid running application/step Node Health Check on the external
+     job step.
+   * Optimization enhancements for partition based job preemption.
+   * Address some build warnings from GCC 7.1, and one possible memory leak if
+     /proc is inaccessible.
+   * If creating/altering a core based reservation with scontrol/sview on a
+     remote cluster correctly determine the select type.
+   * Fix autoconf test for libcurl when clang is used.
+   * Fix default location for cgroup_allowed_devices_file.conf to use correct
+     default path.
+   * Document NewName option to sacctmgr.
+   * Reject a second PMI2_Init call within a single step to prevent slurmstepd
+     from hanging.
+   * Handle old 32bit values stored in the database for requested memory
+     correctly in sacct.
+   * Fix memory leaks in the task/cgroup plugin when constraining devices.
+   * Make extremely verbose info messages debug2 messages in the task/cgroup
+     plugin when constraining devices.
+   * Fix issue that would deny the stepd access to /dev/null where GRES has a
+    'type' but no file defined.
+   * Fix issue where the slurmstepd would fatal on job launch if you have no
+     gres listed in your slurm.conf but some in gres.conf.
+   * Fix validating time spec to correctly validate various time formats.
+   * Make scontrol work correctly with job update timelimit [+|-]=.
+   * Reduce the visibily of a number of warnings in _part_access_check.
+   * Prevent segfault in sacctmgr if no association name is specified for
+     an update command.
+   * burst_buffer/cray plugin modified to work with changes in Cray UP05
+     software release.
+   * Fix job reasons for jobs that are violating assoc MaxTRESPerNode limits.
+   * Fix segfault when unpacking a 16.05 slurm_cred in a 17.02 daemon.
+   * Fix setting TRES limits with case insensitive TRES names.
+   * Add alias for xstrncmp() -- slurm_xstrncmp().
+   * Fix sorting of case insensitive strings when using xstrcasecmp().
+   * Gracefully handle race condition when reading /proc as process exits.
+   * Avoid error on Cray duplicate setup of core specialization.
+   * Skip over undefined (hidden in Slurm) nodes in pbsnodes.
+   * Add empty hashes in perl api's slurm_load_node() for hidden nodes.
+   * CRAY - Add rpath logic to work for the alpscomm libs.
+   * Fixes for administrator extended TimeLimit (job reason & time limit reset).
+   * Fix gres selection on systems running select/linear.
+   * sview: Added window decorator for maximize,minimize,close buttons for all
+     systems.
+   * squeue: interpret negative length format specifiers as a request to
+     delimit values with spaces.
+   * Fix the torque pbsnodes wrapper script to parse a gres field with a type
+     set correctly.
+- Fixed ABI version of libslurm.
+
 -------------------------------------------------------------------
 Fri Oct  6 13:53:08 UTC 2017 - jengelh@inai.de

--- a/slurm.spec
+++ b/slurm.spec
@ -16,6 +16,10 @@
 #


+# Check file META in sources: update libslurm version to (API_CURRENT - API_AGE)
+%define libslurm libslurm31
+%define ver 17.02.9
+
 # For anything newer than Leap 42.1 and SLE-12-SP1 build compatible to OpenHPC.
 %if 0%{suse_version} > 1320 || 0%{?sle_version} >= 120200
 %define OHPC_BUILD 1
@ -39,9 +43,6 @@
 %endif
 %endif

-%define libslurm libslurm29
-%define ver_exp 17-02-7-1
-
 %if 0%{?with_systemd}
 %define slurm_u %name
 %define slurm_g %name
@ -50,19 +51,14 @@
 %define slurm_g root
 %endif

-%define trans() ( echo %{1} | sed -e "s#-#\\.#g" )
-%define trunc() ( echo %{1} | sed -e "s#\\([^.]\\+\\.[^.]\\+\\.[^.]\\+\\).*#\\1#" )
-%define vers_f() %(%trans)
-%define vers_t() %(%trunc)
-
 Name:           slurm
-Version:        %{vers_f %ver_exp}
+Version:        %{ver}
 Release:        0
 Summary:        Simple Linux Utility for Resource Management
 License:        SUSE-GPL-2.0-with-openssl-exception
 Group:          Productivity/Clustering/Computing 
 Url:            https://computing.llnl.gov/linux/slurm/
-Source:         https://github.com/SchedMD/slurm/archive/%{name}-%{ver_exp}.tar.gz
+Source:         https://download.schedmd.com/slurm/%{name}-%{ver}.tar.bz2
 Patch0:         slurm-2.4.4-rpath.patch
 Patch1:         slurm-2.4.4-init.patch
 Patch2:         slurmd-Fix-slurmd-for-new-API-in-hwloc-2.0.patch
@ -282,7 +278,7 @@ This package includes the Lua API to provide an interface to SLURM
 through Lua.

 %prep
-%setup -q -n %{name}-%{name}-%{ver_exp}
+%setup -q -n %{name}-%{ver}
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
@ -591,8 +587,8 @@ exit 0

 %files doc
 %defattr(-,root,root)
-%dir %{_datadir}/doc/%{name}-%{vers_t %{version}}
-%{_datadir}/doc/%{name}-%{vers_t %{version}}/*
+%dir %{_datadir}/doc/%{name}-%{version}
+%{_datadir}/doc/%{name}-%{version}/*

 %files -n %{libslurm}
 %defattr(-,root,root)