Accepting request 615950 from home:mslacken

- Fix security issue in handling of username and gid fields
  CVE-2018-10995 what implied an update from 17.11.5 to 17.11.7
- Update from 17.11.5 to 17.11.7
  Highlights of 17.11.6:
  * CRAY - Add slurmsmwd to the contribs/cray dir
  * PMIX - Added the direct connect authentication.
  * Prevent the backup slurmctld from losing the active/available node
    features list on takeover.
  * Be able to force power_down of cloud node even if in power_save state.
  * Allow cloud nodes to be recognized in Slurm when booted out of band.
  * Numerous fixes - check 'NEWS' file.
  Highlights of 17.11.7:
  * Notify srun and ctld when unkillable stepd exits.
  * Numerous fixes - check 'NEWS' file.

OBS-URL: https://build.opensuse.org/request/show/615950
OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=58
This commit is contained in:
Egbert Eich 2018-06-11 10:31:14 +00:00 committed by Git OBS Bridge
parent 7d56316590
commit 55d6d2b0c7
10 changed files with 137 additions and 92 deletions

View File

@ -1,17 +1,12 @@
From 783f241cc56d789bf795efc7172672da1c8b2a10 Mon Sep 17 00:00:00 2001
From: Christian Goll <cgoll@suse.de> From: Christian Goll <cgoll@suse.de>
Date: Mon Apr 9 11:52:58 2018 +0200 Date: Mon, 9 Apr 2018 11:52:58 +0200
Subject: removed deprecated xdaemon Subject: [PATCH 6/6] removed deprecated xdaemon
Patch-mainline: Not yet
Git-repo: https://github.com/SchedMD/slurm
Git-commit: ca2921a03af842792810efd3d49fbdbfeccfd438
References: bsc#1084125
Signed-off-by: Egbert Eich <eich@suse.de>
--- ---
src/common/daemonize.c | 11 ----------- src/common/daemonize.c | 11 -----------
src/common/daemonize.h | 7 ------- src/common/daemonize.h | 1 -
2 files changed, 18 deletions(-) 2 files changed, 12 deletions(-)
diff --git a/src/common/daemonize.c b/src/common/daemonize.c diff --git a/src/common/daemonize.c b/src/common/daemonize.c
index 2987a40af0..32dc79c577 100644 index 2987a40af0..32dc79c577 100644
@ -36,20 +31,17 @@ index 2987a40af0..32dc79c577 100644
/* /*
* Read and return pid stored in pidfile. * Read and return pid stored in pidfile.
diff --git a/src/common/daemonize.h b/src/common/daemonize.h diff --git a/src/common/daemonize.h b/src/common/daemonize.h
index c932d83f74..d0ab92e860 100644 index 8b2a866b61..4ec16f22b0 100644
--- a/src/common/daemonize.h --- a/src/common/daemonize.h
+++ b/src/common/daemonize.h +++ b/src/common/daemonize.h
@@ -60,13 +60,6 @@ extern int xdaemon_init(void); @@ -44,7 +44,6 @@
* Start fork process into background and inherit new session.
*
*/ */
extern void xdaemon_finish(int fd);
-/*
- * Fork process into background and inherit new session.
- *
- * Returns -1 on error.
- */
-extern int xdaemon(void); -extern int xdaemon(void);
- extern int xdaemon_init(void);
/* Write pid into file pidfile if uid is not 0 change the owner of the
* pidfile to that user. /*
*/ --
2.13.7

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:39f5c53bc101909494c4abc1fb47a8cd86cba16ec77503aa9e994c11bef7f01d
size 6248551

3
slurm-17.11.7.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a4ab10870b1c35f67a3465796960b32e4270e52acc257987b10acc4f17035a57
size 6249399

View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Tue Jun 5 13:24:43 UTC 2018 - cgoll@suse.com
- Fix security issue in handling of username and gid fields
CVE-2018-10995 what implied an update from 17.11.5 to 17.11.7
- Update from 17.11.5 to 17.11.7
Highlights of 17.11.6:
* CRAY - Add slurmsmwd to the contribs/cray dir
* PMIX - Added the direct connect authentication.
* Prevent the backup slurmctld from losing the active/available node
features list on takeover.
* Be able to force power_down of cloud node even if in power_save state.
* Allow cloud nodes to be recognized in Slurm when booted out of band.
* Numerous fixes - check 'NEWS' file.
Highlights of 17.11.7:
* Notify srun and ctld when unkillable stepd exits.
* Numerous fixes - check 'NEWS' file.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 19 21:05:04 UTC 2018 - eich@suse.com Thu Apr 19 21:05:04 UTC 2018 - eich@suse.com

View File

@ -18,7 +18,7 @@
# Check file META in sources: update so_version to (API_CURRENT - API_AGE) # Check file META in sources: update so_version to (API_CURRENT - API_AGE)
%define so_version 32 %define so_version 32
%define ver 17.11.5 %define ver 17.11.7
# so-version is 0 and seems to be stable # so-version is 0 and seems to be stable
%define pmi_so 0 %define pmi_so 0
@ -67,11 +67,13 @@ Source1: slurm-rpmlintrc
Patch0: slurm-2.4.4-rpath.patch Patch0: slurm-2.4.4-rpath.patch
Patch1: slurm-2.4.4-init.patch Patch1: slurm-2.4.4-init.patch
Patch2: pam_slurm-Initialize-arrays-and-pass-sizes.patch Patch2: pam_slurm-Initialize-arrays-and-pass-sizes.patch
Patch3: split-xdaemon-in-xdaemon_init-and-xdaemon_finish-for-systemd-compatibilty.patch Patch3: split-xdaemon-in-xdaemon_init-and-xdaemon_finish-for.patch
Patch4: slurmctld-uses-xdaemon_-for-systemd.patch Patch4: slurmctld-uses-xdaemon_-for-systemd.patch
Patch5: slurmd-uses-xdaemon_-for-systemd.patch Patch5: slurmd-uses-xdaemon_-for-systemd.patch
Patch6: slurmdbd-uses-xdaemon_-for-systemd.patch Patch6: slurmdbd-uses-xdaemon_-for-systemd.patch
Patch7: removed-deprecated-xdaemon.patch Patch7: slurmsmwd-uses-xdaemon_-for-systemd.patch
Patch8: removed-deprecated-xdaemon.patch
Requires: slurm-config = %{version} Requires: slurm-config = %{version}
Requires: slurm-node = %{version} Requires: slurm-node = %{version}
%if 0%{?suse_version} <= 1140 %if 0%{?suse_version} <= 1140
@ -325,6 +327,7 @@ for the slurm daemons.
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1
%build %build
%configure --enable-shared \ %configure --enable-shared \
@ -624,6 +627,7 @@ exit 0
%{_bindir}/strigger %{_bindir}/strigger
%{?have_netloc:%{_bindir}/netloc_to_topology} %{?have_netloc:%{_bindir}/netloc_to_topology}
%{_sbindir}/slurmctld %{_sbindir}/slurmctld
%{_sbindir}/slurmsmwd
%{_mandir}/man1/sacct.1* %{_mandir}/man1/sacct.1*
%{_mandir}/man1/sacctmgr.1* %{_mandir}/man1/sacctmgr.1*
%{_mandir}/man1/salloc.1* %{_mandir}/man1/salloc.1*

View File

@ -1,19 +1,14 @@
From f0650e14983c9551fd644697285d84b35dad16aa Mon Sep 17 00:00:00 2001
From: Christian Goll <cgoll@suse.de> From: Christian Goll <cgoll@suse.de>
Date: Mon Apr 9 10:23:01 2018 +0200 Date: Mon, 9 Apr 2018 10:23:01 +0200
Subject: slurmctld uses xdaemon_* for systemd Subject: [PATCH 2/6] slurmctld uses xdaemon_* for systemd
Patch-mainline: Not yet
Git-repo: https://github.com/SchedMD/slurm
Git-commit: b11aae54f69855084370aaf0af3e928f63c639b3
References: bsc#1084125
Signed-off-by: Egbert Eich <eich@suse.de>
--- ---
src/slurmctld/controller.c | 8 ++++++-- src/slurmctld/controller.c | 11 +++++++++--
1 file changed, 6 insertions(+), 2 deletions(-) 1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/slurmctld/controller.c b/src/slurmctld/controller.c diff --git a/src/slurmctld/controller.c b/src/slurmctld/controller.c
index 7867e1d479..dd5f3863b1 100644 index 7867e1d479..bd1c12600e 100644
--- a/src/slurmctld/controller.c --- a/src/slurmctld/controller.c
+++ b/src/slurmctld/controller.c +++ b/src/slurmctld/controller.c
@@ -250,7 +250,7 @@ static bool _wait_for_server_thread(void); @@ -250,7 +250,7 @@ static bool _wait_for_server_thread(void);
@ -25,17 +20,20 @@ index 7867e1d479..dd5f3863b1 100644
struct stat stat_buf; struct stat stat_buf;
struct rlimit rlim; struct rlimit rlim;
/* Locks: Write configuration, job, node, and partition */ /* Locks: Write configuration, job, node, and partition */
@@ -298,7 +298,8 @@ int main(int argc, char **argv) @@ -298,7 +298,11 @@ int main(int argc, char **argv)
if (daemonize) { if (daemonize) {
slurmctld_config.daemonize = 1; slurmctld_config.daemonize = 1;
- if (xdaemon()) - if (xdaemon())
+ /*
+ * Just start daemonizing if not in test mode
+ */
+ fd = xdaemon_init(); + fd = xdaemon_init();
+ if (fd == -1) + if (fd == -1)
error("daemon(): %m"); error("daemon(): %m");
log_set_timefmt(slurmctld_conf.log_fmt); log_set_timefmt(slurmctld_conf.log_fmt);
log_alter(log_opts, LOG_DAEMON, log_alter(log_opts, LOG_DAEMON,
@@ -318,6 +319,9 @@ int main(int argc, char **argv) @@ -318,6 +322,9 @@ int main(int argc, char **argv)
*/ */
_init_pidfile(); _init_pidfile();
_become_slurm_user(); _become_slurm_user();
@ -45,3 +43,6 @@ index 7867e1d479..dd5f3863b1 100644
/* /*
* Create StateSaveLocation directory if necessary. * Create StateSaveLocation directory if necessary.
--
2.13.7

View File

@ -1,19 +1,14 @@
From 712caf6306c5b08b12e5a481d60bb91adc6c625e Mon Sep 17 00:00:00 2001
From: Christian Goll <cgoll@suse.de> From: Christian Goll <cgoll@suse.de>
Date: Mon Apr 9 10:59:57 2018 +0200 Date: Mon, 9 Apr 2018 10:59:57 +0200
Subject: slurmd uses xdaemon_* for systemd Subject: [PATCH 3/6] slurmd uses xdaemon_* for systemd
Patch-mainline: Not yet
Git-repo: https://github.com/SchedMD/slurm
Git-commit: a048f30f7e41089f9f2f014897ca2c02bc41abb5
References: bsc#1084125
Signed-off-by: Egbert Eich <eich@suse.de>
--- ---
src/slurmd/slurmd/slurmd.c | 8 ++++++-- src/slurmd/slurmd/slurmd.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-) 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/slurmd/slurmd/slurmd.c b/src/slurmd/slurmd/slurmd.c diff --git a/src/slurmd/slurmd/slurmd.c b/src/slurmd/slurmd/slurmd.c
index 09d3a7136b..299fe3a2a9 100644 index 140fd70adc..92d1faf0bc 100644
--- a/src/slurmd/slurmd/slurmd.c --- a/src/slurmd/slurmd/slurmd.c
+++ b/src/slurmd/slurmd/slurmd.c +++ b/src/slurmd/slurmd/slurmd.c
@@ -214,7 +214,7 @@ static void _wait_for_all_threads(int secs); @@ -214,7 +214,7 @@ static void _wait_for_all_threads(int secs);
@ -45,3 +40,6 @@ index 09d3a7136b..299fe3a2a9 100644
rfc2822_timestamp(time_stamp, sizeof(time_stamp)); rfc2822_timestamp(time_stamp, sizeof(time_stamp));
info("%s started on %s", slurm_prog_name, time_stamp); info("%s started on %s", slurm_prog_name, time_stamp);
--
2.13.7

View File

@ -1,19 +1,14 @@
From 9533827148d1214b8fe9a9ba47a9dd20287085d7 Mon Sep 17 00:00:00 2001
From: Christian Goll <cgoll@suse.de> From: Christian Goll <cgoll@suse.de>
Date: Mon Apr 9 11:13:54 2018 +0200 Date: Mon, 9 Apr 2018 11:13:54 +0200
Subject: slurmdbd uses xdaemon_* for systemd Subject: [PATCH 4/6] slurmdbd uses xdaemon_* for systemd
Patch-mainline: Not yet
Git-repo: https://github.com/SchedMD/slurm
Git-commit: fde4321ead76bc2a419d37d09b2a9b8273e836de
References: bsc#1084125
Signed-off-by: Egbert Eich <eich@suse.de>
--- ---
src/slurmdbd/slurmdbd.c | 18 +++++++++++++----- src/slurmdbd/slurmdbd.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-) 1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/slurmdbd/slurmdbd.c b/src/slurmdbd/slurmdbd.c diff --git a/src/slurmdbd/slurmdbd.c b/src/slurmdbd/slurmdbd.c
index d37cad28a7..6b523691bd 100644 index ae2f27d617..7b336b824f 100644
--- a/src/slurmdbd/slurmdbd.c --- a/src/slurmdbd/slurmdbd.c
+++ b/src/slurmdbd/slurmdbd.c +++ b/src/slurmdbd/slurmdbd.c
@@ -103,7 +103,7 @@ static List lft_rgt_list = NULL; @@ -103,7 +103,7 @@ static List lft_rgt_list = NULL;
@ -55,7 +50,7 @@ index d37cad28a7..6b523691bd 100644
_become_slurm_user(); _become_slurm_user();
if (foreground == 0) if (foreground == 0)
_set_work_dir(); _set_work_dir();
@@ -593,11 +598,14 @@ static void _init_pidfile(void) @@ -595,11 +600,14 @@ static void _init_pidfile(void)
/* Become a daemon (child of init) and /* Become a daemon (child of init) and
* "cd" to the LogFile directory (if one is configured) */ * "cd" to the LogFile directory (if one is configured) */
@ -72,3 +67,6 @@ index d37cad28a7..6b523691bd 100644
} }
static void _set_work_dir(void) static void _set_work_dir(void)
--
2.13.7

View File

@ -0,0 +1,41 @@
From b01f2ce29ce362b0724ea8104aadbab45122e9a4 Mon Sep 17 00:00:00 2001
From: Christian Goll <cgoll@suse.de>
Date: Mon, 4 Jun 2018 14:44:31 +0200
Subject: [PATCH 5/6] slurmsmwd uses xdaemon_* for systemd
---
contribs/cray/slurmsmwd/main.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/contribs/cray/slurmsmwd/main.c b/contribs/cray/slurmsmwd/main.c
index 8d405b2916..c1d3fce2d4 100644
--- a/contribs/cray/slurmsmwd/main.c
+++ b/contribs/cray/slurmsmwd/main.c
@@ -536,6 +536,7 @@ int main(int argc, char **argv)
{
pthread_t processing_thread, signal_handler_thread;
pthread_attr_t thread_attr;
+ int pipefd;
_parse_commandline(argc, argv);
@@ -544,11 +545,15 @@ int main(int argc, char **argv)
slurmsmwd_print_config();
if (!foreground) {
- if (xdaemon())
+ pipefd = xdaemon_init();
+ if (pipefd == -1)
error("daemon(): %m");
}
if (create_pidfile("/var/run/slurmsmwd.pid", 0) < 0)
fatal("Unable to create pidfile /var/run/slurmswmd.pid");
+ if (!foreground) {
+ xdaemon_finish(pipefd);
+ }
slurm_mutex_init(&down_node_lock);
--
2.13.7

View File

@ -1,17 +1,13 @@
From 1f12c590038c7f738ff19159629fdc38de5cba82 Mon Sep 17 00:00:00 2001
From: Christian Goll <cgoll@suse.de> From: Christian Goll <cgoll@suse.de>
Date: Mon Apr 9 10:05:50 2018 +0200 Date: Mon, 9 Apr 2018 10:05:50 +0200
Subject: split xdaemon in xdaemon_init and xdaemon_finish for systemd compatibilty Subject: [PATCH 1/6] split xdaemon in xdaemon_init and xdaemon_finish for
Patch-mainline: Not yet systemd compatibilty
Git-repo: https://github.com/SchedMD/slurm
Git-commit: 2bbe988c0ef133942d0d0077b0f064eff553e3a2
References: bsc#1084125
Signed-off-by: Egbert Eich <eich@suse.de>
--- ---
src/common/daemonize.c | 73 ++++++++++++++++++++++++++++++++++++++++++++------ src/common/daemonize.c | 73 ++++++++++++++++++++++++++++++++++++++++++++------
src/common/daemonize.h | 20 ++++++++++++++ src/common/daemonize.h | 10 +++++--
2 files changed, 85 insertions(+), 8 deletions(-) 2 files changed, 73 insertions(+), 10 deletions(-)
diff --git a/src/common/daemonize.c b/src/common/daemonize.c diff --git a/src/common/daemonize.c b/src/common/daemonize.c
index e22a1d0a7f..2987a40af0 100644 index e22a1d0a7f..2987a40af0 100644
@ -124,33 +120,29 @@ index e22a1d0a7f..2987a40af0 100644
/* /*
diff --git a/src/common/daemonize.h b/src/common/daemonize.h diff --git a/src/common/daemonize.h b/src/common/daemonize.h
index 22a31f6ccf..c932d83f74 100644 index 22a31f6ccf..8b2a866b61 100644
--- a/src/common/daemonize.h --- a/src/common/daemonize.h
+++ b/src/common/daemonize.h +++ b/src/common/daemonize.h
@@ -40,6 +40,26 @@ @@ -41,11 +41,17 @@
#ifndef _HAVE_DAEMONIZE_H
#define _HAVE_DAEMONIZE_H #define _HAVE_DAEMONIZE_H
+ /*
+/* - * Fork process into background and inherit new session.
+ * Fork process into background open a pipe to + * Start fork process into background and inherit new session.
+ * communicate status between parent and child. *
+ * parent: wait until child has closed the pipe. - * Returns -1 on error.
+ * child: return fd. */
+ * extern int xdaemon(void);
+ * Returns fd or -1 on error.
+ */
+extern int xdaemon_init(void); +extern int xdaemon_init(void);
+ +
+/* +/*
+ * Finish child side of the fork: + * Finish daemonization by ending grandparen
+ * This needs to get called after the PID file
+ * has been written.
+ * Close STDIN, STDOUT and STDERR and inherit
+ * new session. Close pipe when done.
+ */ + */
+extern void xdaemon_finish(int fd);
+ +
/* +extern void xdaemon_finish(int fd);
* Fork process into background and inherit new session.
* /* Write pid into file pidfile if uid is not 0 change the owner of the
* pidfile to that user.
--
2.13.7