From b60ac5f5698a4a4cac7d6e00292219534ebcac3a935f26c0f644c8e6776b6c4c Mon Sep 17 00:00:00 2001
From: Egbert Eich <eich@suse.com>
Date: Tue, 2 Aug 2022 15:34:01 +0000
Subject: [PATCH] Accepting request 992353 from
 home:eeich:branches:network:cluster

- Fix a potential security vulnerability in the test package
  (bsc#1201674, CVE-2022-31251).

- Patch NOFILE Limit in the slurmd.service copy for the testsuite.

OBS-URL: https://build.opensuse.org/request/show/992353
OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=214
---
 slurm.changes |  9 +++++++--
 slurm.spec    | 13 ++++++++++---
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/slurm.changes b/slurm.changes
index b081fa1..06c3a4c 100644
--- a/slurm.changes
+++ b/slurm.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Aug  2 12:43:39 UTC 2022 - Egbert Eich <eich@suse.com>
+
+- Fix a potential security vulnerability in the test package
+  (bsc#1201674, CVE-2022-31251).
+
 -------------------------------------------------------------------
 Thu Jul 21 19:20:42 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>
 
@@ -8,8 +14,7 @@ Thu Jul 14 15:20:46 UTC 2022 - Egbert Eich <eich@suse.com>
 
 - Improve check for mpicc in testsuite package: if binary isn't
   found, don't crash.
-- Fix a typo which prevented the nproc limit for slurmd to be
-  up-ed for the test suite.
+- Patch NOFILE Limit in the slurmd.service copy for the testsuite.
 
 -------------------------------------------------------------------
 Mon Jun 20 09:23:17 UTC 2022 - Christian Goll <cgoll@suse.com>
diff --git a/slurm.spec b/slurm.spec
index f4e0acb..1b026c2 100644
--- a/slurm.spec
+++ b/slurm.spec
@@ -883,7 +883,8 @@ tar --group=%slurm_g --owner=%slurm_u \
 cd -
 rm -rf %{buildroot}/srv/slurm-testsuite
 mkdir -p %{buildroot}/srv/slurm-testsuite
-mv /tmp/slurmtest.tar.bz2 %{buildroot}/srv/slurm-testsuite
+mkdir -p %{buildroot}/%{_datadir}/%{name}
+mv /tmp/slurmtest.tar.bz2 %{buildroot}/%{_datadir}/%{name}
 
 mkdir -p %{buildroot}/etc/sudoers.d
 echo "slurm ALL=(auser) NOPASSWD:ALL" > %{buildroot}/etc/sudoers.d/slurm
@@ -895,7 +896,12 @@ cp %{buildroot}/%_unitdir/slurmd.service  $SLURMD_SERVICE
 if grep -qE "^LimitNPROC" $SLURMD_SERVICE; then
     sed -i -e '/LimitNPROC/s@=.*@=infinity@' $SLURMD_SERVICE
 else
-    sed -i -e '/LimitNPROC/aLimitNPROC=infinity' $SLURMD_SERVICE
+    sed -i -e '/LimitSTACK/aLimitNPROC=infinity' $SLURMD_SERVICE
+fi
+if grep -qE "^LimitNOFILE" $SLURMD_SERVICE; then
+    sed -i -e '/LimitNOFILE/s@=.*@=131072:infinity@' $SLURMD_SERVICE
+else
+    sed -i -e '/LimitSTACK/aLimitNOFILE=131072:infinity' $SLURMD_SERVICE
 fi
 sed -i -e '/ExecStart/aExecStartPre=/bin/bash -c "for i in 0 1 2 3; do test -e /dev/nvidia$i || mknod /dev/nvidia$i c 10 $((i+2)); done"' $SLURMD_SERVICE
 
@@ -1037,7 +1043,7 @@ exit 0
 
 %post testsuite
 rm -rf /srv/slurm-testsuite/src /srv/slurm-testsuite/testsuite /srv/slurm-testsuite/config.h
-tar --same-owner -C /srv/slurm-testsuite -xjf /srv/slurm-testsuite/slurmtest.tar.bz2
+sudo -u %slurm_u /usr/bin/tar --same-owner -C /srv/slurm-testsuite -xjf %{_datadir}/%{name}/slurmtest.tar.bz2
 
 %preun testsuite
 rm -rf /srv/slurm-testsuite/src /srv/slurm-testsuite/testsuite /srv/slurm-testsuite/config.h
@@ -1473,6 +1479,7 @@ rm -rf /srv/slurm-testsuite/src /srv/slurm-testsuite/testsuite /srv/slurm-testsu
 %files testsuite
 %defattr(-, %slurm_u, %slurm_u, -)
 %dir %attr(-, %slurm_u, %slurm_u) /srv/slurm-testsuite
+%attr(-, root, root) %{_datadir}/%{name}
 %if 0%{?sle_version} == 120200
 %dir %{_pam_secconfdir}/limits.d
 %endif