From cbe6c9fcaa9f322b33de5a0298e4aa9cdb82a6c0a5ca50a70d137021e630c4ae Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Thu, 15 Mar 2018 19:52:49 +0000 Subject: [PATCH] Accepting request 587617 from home:eeich:branches:network:cluster - Fix security issue in accounting_storage/mysql plugin by always escaping strings within the slurmdbd. CVE-2018-7033 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7033 (bsc#1085240). - Update slurm to v17.11.5 (FATE#325451) Highlights of 17.11: * Support for federated clusters to manage a single work-flow across a set of clusters. * Support for heterogeneous job allocations (various processor types, memory sizes, etc. by job component). Support for heterogeneous job steps within a single MPI_COMM_WORLD is not yet supported for most configurations. * X11 support is now fully integrated with the main Slurm code. Remove any X11 plugin configured in your plugstack.conf file to avoid errors being logged about conflicting options. * Added new advanced reservation flag of "flex", which permits jobs requesting the reservation to begin prior to the reservation's start time and use resources inside or outside of the reservation. A typical use case is to prevent jobs not explicitly requesting the reservation from using those reserved resources rather than forcing jobs requesting the reservation to use those resources in the time frame reserved. * The sprio command has been modified to report a job's priority information for every partition the job has been submitted to. * Group ID lookup performed at job submit time to avoid lookup on all compute nodes. Enable with PrologFlags=SendGIDs configuration parameter. * Slurm commands and daemons dynamically link to libslurmfull.so instead of statically linking. This dramatically reduces the footprint of Slurm. OBS-URL: https://build.opensuse.org/request/show/587617 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=46 --- slurm-17.11.4.tar.bz2 | 3 --- slurm-17.11.5.tar.bz2 | 3 +++ slurm.changes | 55 +++++++++++++++++++++++++++++++++++++++---- slurm.spec | 2 +- 4 files changed, 55 insertions(+), 8 deletions(-) delete mode 100644 slurm-17.11.4.tar.bz2 create mode 100644 slurm-17.11.5.tar.bz2 diff --git a/slurm-17.11.4.tar.bz2 b/slurm-17.11.4.tar.bz2 deleted file mode 100644 index fe787fe..0000000 --- a/slurm-17.11.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:18216a38e5660bbb340d906480b4f663192e158e9a9eaa8e713415c9e4766df2 -size 6203468 diff --git a/slurm-17.11.5.tar.bz2 b/slurm-17.11.5.tar.bz2 new file mode 100644 index 0000000..0216cff --- /dev/null +++ b/slurm-17.11.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:39f5c53bc101909494c4abc1fb47a8cd86cba16ec77503aa9e994c11bef7f01d +size 6248551 diff --git a/slurm.changes b/slurm.changes index 5201545..82fbd5a 100644 --- a/slurm.changes +++ b/slurm.changes @@ -1,9 +1,56 @@ ------------------------------------------------------------------- Wed Mar 14 19:34:58 UTC 2018 - eich@suse.com -- Update slurm to v17.11.4 (FATE#325451) - * Link dynamically to libslurm.so to reduce footprint - of all binaries. +- Fix security issue in accounting_storage/mysql plugin by always escaping + strings within the slurmdbd. CVE-2018-7033 + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7033 + (bsc#1085240). +- Update slurm to v17.11.5 (FATE#325451) + Highlights of 17.11: + * Support for federated clusters to manage a single work-flow + across a set of clusters. + * Support for heterogeneous job allocations (various processor types, + memory sizes, etc. by job component). Support for heterogeneous job + steps within a single MPI_COMM_WORLD is not yet supported for most + configurations. + * X11 support is now fully integrated with the main Slurm code. Remove + any X11 plugin configured in your plugstack.conf file to avoid errors + being logged about conflicting options. + * Added new advanced reservation flag of "flex", which permits jobs + requesting the reservation to begin prior to the reservation's + start time and use resources inside or outside of the reservation. + A typical use case is to prevent jobs not explicitly requesting the + reservation from using those reserved resources rather than forcing + jobs requesting the reservation to use those resources in the time + frame reserved. + * The sprio command has been modified to report a job's priority + information for every partition the job has been submitted to. + * Group ID lookup performed at job submit time to avoid lookup on + all compute nodes. Enable with PrologFlags=SendGIDs configuration + parameter. + * Slurm commands and daemons dynamically link to libslurmfull.so + instead of statically linking. This dramatically reduces the + footprint of Slurm. + * In switch plugin, added plugin_id symbol to plugins and wrapped + switch_jobinfo_t with dynamic_plugin_data_t in interface calls + in order to pass switch information between clusters with different + switch types. + * Changed default ProctrackType to cgroup. + * Changed default sched_min_interval from 0 to 2 microseconds. + * Added new 'scontrol write batch_script ' command to fetch a job's + batch script. Removed the ability to see the script as part of the + 'scontrol -dd show job' command. + * Add new "billing" TRES which allows jobs to be limited based on the + job's billable TRES calculated by the job's partition's + TRESBillingWeights. + * Regular user use of "scontrol top" command is now disabled. Use the + configuration parameter "SchedulerParameters=enable_user_top" to + enable that functionality. The configuration parameter + "SchedulerParameters=disable_user_top" will be silently ignored. + * Change default to let pending jobs run outside of reservation after + reservation is gone to put jobs in held state. Added + NO_HOLD_JOBS_AFTER_END reservation flag to use old default. + Support for PMIx v2.0 as well as UCX support. * Remove plugins for obsolete MPI stacks: - lam - mpich1_p4 @@ -15,7 +62,7 @@ Wed Mar 14 19:34:58 UTC 2018 - eich@suse.com Removed. Code upstream. - slurmctld-service-var-run-path.patch: Replaced by sed script. -- Fixed some rpmlint warnings. +- Fix some rpmlint warnings. ------------------------------------------------------------------- Mon Jan 29 13:43:57 UTC 2018 - cgoll@suse.com diff --git a/slurm.spec b/slurm.spec index bf9a23b..99fa1ad 100644 --- a/slurm.spec +++ b/slurm.spec @@ -18,7 +18,7 @@ # Check file META in sources: update so_version to (API_CURRENT - API_AGE) %define so_version 32 -%define ver 17.11.4 +%define ver 17.11.5 # so-version is 0 and seems to be stable %define pmi_so 0