Accepting request 615950 from home:mslacken

- Fix security issue in handling of username and gid fields
  CVE-2018-10995 what implied an update from 17.11.5 to 17.11.7
- Update from 17.11.5 to 17.11.7
  Highlights of 17.11.6:
  * CRAY - Add slurmsmwd to the contribs/cray dir
  * PMIX - Added the direct connect authentication.
  * Prevent the backup slurmctld from losing the active/available node
    features list on takeover.
  * Be able to force power_down of cloud node even if in power_save state.
  * Allow cloud nodes to be recognized in Slurm when booted out of band.
  * Numerous fixes - check 'NEWS' file.
  Highlights of 17.11.7:
  * Notify srun and ctld when unkillable stepd exits.
  * Numerous fixes - check 'NEWS' file.

OBS-URL: https://build.opensuse.org/request/show/615950
OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=58

removed-deprecated-xdaemon.patch

@@ -1,17 +1,12 @@
+From 783f241cc56d789bf795efc7172672da1c8b2a10 Mon Sep 17 00:00:00 2001
 From: Christian Goll <cgoll@suse.de>
-Date: Mon Apr 9 11:52:58 2018 +0200
-Subject: removed deprecated xdaemon
-Patch-mainline: Not yet
-Git-repo: https://github.com/SchedMD/slurm
-Git-commit: ca2921a03af842792810efd3d49fbdbfeccfd438
-References: bsc#1084125
+Date: Mon, 9 Apr 2018 11:52:58 +0200
+Subject: [PATCH 6/6] removed deprecated xdaemon
 
-
-Signed-off-by: Egbert Eich <eich@suse.de>
 ---
  src/common/daemonize.c | 11 -----------
- src/common/daemonize.h |  7 -------
- 2 files changed, 18 deletions(-)
+ src/common/daemonize.h |  1 -
+ 2 files changed, 12 deletions(-)
 
 diff --git a/src/common/daemonize.c b/src/common/daemonize.c
 index 2987a40af0..32dc79c577 100644
@@ -36,20 +31,17 @@ index 2987a40af0..32dc79c577 100644
  /*
   * Read and return pid stored in pidfile.
 diff --git a/src/common/daemonize.h b/src/common/daemonize.h
-index c932d83f74..d0ab92e860 100644
+index 8b2a866b61..4ec16f22b0 100644
 --- a/src/common/daemonize.h
 +++ b/src/common/daemonize.h
-@@ -60,13 +60,6 @@ extern int xdaemon_init(void);
+@@ -44,7 +44,6 @@
+  * Start fork process into background and inherit new session.
+  *
   */
- extern void xdaemon_finish(int fd);
- 
--/*
-- * Fork process into background and inherit new session.
-- *
-- * Returns -1 on error.
-- */
 -extern int xdaemon(void);
--
- /* Write pid into file pidfile if uid is not 0 change the owner of the
-  * pidfile to that user.
-  */
+ extern int xdaemon_init(void);
+ 
+ /*
+-- 
+2.13.7
+

slurm-17.11.5.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:39f5c53bc101909494c4abc1fb47a8cd86cba16ec77503aa9e994c11bef7f01d
-size 6248551

slurm-17.11.7.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a4ab10870b1c35f67a3465796960b32e4270e52acc257987b10acc4f17035a57
+size 6249399

slurm.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Tue Jun  5 13:24:43 UTC 2018 - cgoll@suse.com
+
+- Fix security issue in handling of username and gid fields
+  CVE-2018-10995 what implied an update from 17.11.5 to 17.11.7
+- Update from 17.11.5 to 17.11.7
+  Highlights of 17.11.6:
+  * CRAY - Add slurmsmwd to the contribs/cray dir
+  * PMIX - Added the direct connect authentication.
+  * Prevent the backup slurmctld from losing the active/available node
+    features list on takeover.
+  * Be able to force power_down of cloud node even if in power_save state.
+  * Allow cloud nodes to be recognized in Slurm when booted out of band.
+  * Numerous fixes - check 'NEWS' file.
+  Highlights of 17.11.7:
+  * Notify srun and ctld when unkillable stepd exits.
+  * Numerous fixes - check 'NEWS' file.
+
+
 -------------------------------------------------------------------
 Thu Apr 19 21:05:04 UTC 2018 - eich@suse.com
 

slurm.spec

@@ -18,7 +18,7 @@
 
 # Check file META in sources: update so_version to (API_CURRENT - API_AGE)
 %define so_version 32
-%define ver 17.11.5
+%define ver 17.11.7
 # so-version is 0 and seems to be stable
 %define pmi_so 0
 
@@ -67,11 +67,13 @@ Source1:        slurm-rpmlintrc
 Patch0:         slurm-2.4.4-rpath.patch
 Patch1:         slurm-2.4.4-init.patch
 Patch2:         pam_slurm-Initialize-arrays-and-pass-sizes.patch
-Patch3:         split-xdaemon-in-xdaemon_init-and-xdaemon_finish-for-systemd-compatibilty.patch
+Patch3:         split-xdaemon-in-xdaemon_init-and-xdaemon_finish-for.patch
 Patch4:         slurmctld-uses-xdaemon_-for-systemd.patch
 Patch5:         slurmd-uses-xdaemon_-for-systemd.patch
 Patch6:         slurmdbd-uses-xdaemon_-for-systemd.patch
-Patch7:         removed-deprecated-xdaemon.patch
+Patch7:         slurmsmwd-uses-xdaemon_-for-systemd.patch
+Patch8:         removed-deprecated-xdaemon.patch
+
 Requires:       slurm-config = %{version}
 Requires:       slurm-node = %{version}
 %if 0%{?suse_version} <= 1140
@@ -325,6 +327,7 @@ for the slurm daemons.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 %build
 %configure --enable-shared \
@@ -624,6 +627,7 @@ exit 0
 %{_bindir}/strigger
 %{?have_netloc:%{_bindir}/netloc_to_topology}
 %{_sbindir}/slurmctld
+%{_sbindir}/slurmsmwd
 %{_mandir}/man1/sacct.1*
 %{_mandir}/man1/sacctmgr.1*
 %{_mandir}/man1/salloc.1*

slurmctld-uses-xdaemon_-for-systemd.patch

@@ -1,19 +1,14 @@
+From f0650e14983c9551fd644697285d84b35dad16aa Mon Sep 17 00:00:00 2001
 From: Christian Goll <cgoll@suse.de>
-Date: Mon Apr 9 10:23:01 2018 +0200
-Subject: slurmctld uses xdaemon_* for systemd
-Patch-mainline: Not yet
-Git-repo: https://github.com/SchedMD/slurm
-Git-commit: b11aae54f69855084370aaf0af3e928f63c639b3
-References: bsc#1084125
+Date: Mon, 9 Apr 2018 10:23:01 +0200
+Subject: [PATCH 2/6] slurmctld uses xdaemon_* for systemd
 
-
-Signed-off-by: Egbert Eich <eich@suse.de>
 ---
- src/slurmctld/controller.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
+ src/slurmctld/controller.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
 
 diff --git a/src/slurmctld/controller.c b/src/slurmctld/controller.c
-index 7867e1d479..dd5f3863b1 100644
+index 7867e1d479..bd1c12600e 100644
 --- a/src/slurmctld/controller.c
 +++ b/src/slurmctld/controller.c
 @@ -250,7 +250,7 @@ static bool         _wait_for_server_thread(void);
@@ -25,17 +20,20 @@ index 7867e1d479..dd5f3863b1 100644
  	struct stat stat_buf;
  	struct rlimit rlim;
  	/* Locks: Write configuration, job, node, and partition */
-@@ -298,7 +298,8 @@ int main(int argc, char **argv)
+@@ -298,7 +298,11 @@ int main(int argc, char **argv)
  
  	if (daemonize) {
  		slurmctld_config.daemonize = 1;
 -		if (xdaemon())
++		/*
++		 * Just start daemonizing if not in test mode 
++		 */
 +		fd = xdaemon_init();
 +		if (fd == -1)
  			error("daemon(): %m");
  		log_set_timefmt(slurmctld_conf.log_fmt);
  		log_alter(log_opts, LOG_DAEMON,
-@@ -318,6 +319,9 @@ int main(int argc, char **argv)
+@@ -318,6 +322,9 @@ int main(int argc, char **argv)
  	 */
  	_init_pidfile();
  	_become_slurm_user();
@@ -45,3 +43,6 @@ index 7867e1d479..dd5f3863b1 100644
  
  	/*
  	 * Create StateSaveLocation directory if necessary.
+-- 
+2.13.7
+

slurmd-uses-xdaemon_-for-systemd.patch

@@ -1,19 +1,14 @@
+From 712caf6306c5b08b12e5a481d60bb91adc6c625e Mon Sep 17 00:00:00 2001
 From: Christian Goll <cgoll@suse.de>
-Date: Mon Apr 9 10:59:57 2018 +0200
-Subject: slurmd uses xdaemon_* for systemd
-Patch-mainline: Not yet
-Git-repo: https://github.com/SchedMD/slurm
-Git-commit: a048f30f7e41089f9f2f014897ca2c02bc41abb5
-References: bsc#1084125
+Date: Mon, 9 Apr 2018 10:59:57 +0200
+Subject: [PATCH 3/6] slurmd uses xdaemon_* for systemd
 
-
-Signed-off-by: Egbert Eich <eich@suse.de>
 ---
  src/slurmd/slurmd/slurmd.c | 8 ++++++--
  1 file changed, 6 insertions(+), 2 deletions(-)
 
 diff --git a/src/slurmd/slurmd/slurmd.c b/src/slurmd/slurmd/slurmd.c
-index 09d3a7136b..299fe3a2a9 100644
+index 140fd70adc..92d1faf0bc 100644
 --- a/src/slurmd/slurmd/slurmd.c
 +++ b/src/slurmd/slurmd/slurmd.c
 @@ -214,7 +214,7 @@ static void      _wait_for_all_threads(int secs);
@@ -45,3 +40,6 @@ index 09d3a7136b..299fe3a2a9 100644
  
  	rfc2822_timestamp(time_stamp, sizeof(time_stamp));
  	info("%s started on %s", slurm_prog_name, time_stamp);
+-- 
+2.13.7
+

slurmdbd-uses-xdaemon_-for-systemd.patch

@@ -1,19 +1,14 @@
+From 9533827148d1214b8fe9a9ba47a9dd20287085d7 Mon Sep 17 00:00:00 2001
 From: Christian Goll <cgoll@suse.de>
-Date: Mon Apr 9 11:13:54 2018 +0200
-Subject: slurmdbd uses xdaemon_* for systemd
-Patch-mainline: Not yet
-Git-repo: https://github.com/SchedMD/slurm
-Git-commit: fde4321ead76bc2a419d37d09b2a9b8273e836de
-References: bsc#1084125
+Date: Mon, 9 Apr 2018 11:13:54 +0200
+Subject: [PATCH 4/6] slurmdbd uses xdaemon_* for systemd
 
-
-Signed-off-by: Egbert Eich <eich@suse.de>
 ---
  src/slurmdbd/slurmdbd.c | 18 +++++++++++++-----
  1 file changed, 13 insertions(+), 5 deletions(-)
 
 diff --git a/src/slurmdbd/slurmdbd.c b/src/slurmdbd/slurmdbd.c
-index d37cad28a7..6b523691bd 100644
+index ae2f27d617..7b336b824f 100644
 --- a/src/slurmdbd/slurmdbd.c
 +++ b/src/slurmdbd/slurmdbd.c
 @@ -103,7 +103,7 @@ static List lft_rgt_list = NULL;
@@ -55,7 +50,7 @@ index d37cad28a7..6b523691bd 100644
  	_become_slurm_user();
  	if (foreground == 0)
  		_set_work_dir();
-@@ -593,11 +598,14 @@ static void _init_pidfile(void)
+@@ -595,11 +600,14 @@ static void _init_pidfile(void)
  
  /* Become a daemon (child of init) and
   * "cd" to the LogFile directory (if one is configured) */
@@ -72,3 +67,6 @@ index d37cad28a7..6b523691bd 100644
  }
  
  static void _set_work_dir(void)
+-- 
+2.13.7
+

slurmsmwd-uses-xdaemon_-for-systemd.patch

@@ -0,0 +1,41 @@
+From b01f2ce29ce362b0724ea8104aadbab45122e9a4 Mon Sep 17 00:00:00 2001
+From: Christian Goll <cgoll@suse.de>
+Date: Mon, 4 Jun 2018 14:44:31 +0200
+Subject: [PATCH 5/6] slurmsmwd uses xdaemon_* for systemd
+
+---
+ contribs/cray/slurmsmwd/main.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/contribs/cray/slurmsmwd/main.c b/contribs/cray/slurmsmwd/main.c
+index 8d405b2916..c1d3fce2d4 100644
+--- a/contribs/cray/slurmsmwd/main.c
++++ b/contribs/cray/slurmsmwd/main.c
+@@ -536,6 +536,7 @@ int main(int argc, char **argv)
+ {
+ 	pthread_t processing_thread, signal_handler_thread;
+ 	pthread_attr_t thread_attr;
++	int pipefd;
+ 
+ 	_parse_commandline(argc, argv);
+ 
+@@ -544,11 +545,15 @@ int main(int argc, char **argv)
+ 	slurmsmwd_print_config();
+ 
+ 	if (!foreground) {
+-		if (xdaemon())
++		pipefd = xdaemon_init();
++		if (pipefd == -1)
+ 			error("daemon(): %m");
+ 	}
+ 	if (create_pidfile("/var/run/slurmsmwd.pid", 0) < 0)
+ 		fatal("Unable to create pidfile /var/run/slurmswmd.pid");
++	if (!foreground) {
++		xdaemon_finish(pipefd);
++	}
+ 
+ 	slurm_mutex_init(&down_node_lock);
+ 
+-- 
+2.13.7
+

split-xdaemon-in-xdaemon_init-and-xdaemon_finish-for.patch

@@ -1,17 +1,13 @@
+From 1f12c590038c7f738ff19159629fdc38de5cba82 Mon Sep 17 00:00:00 2001
 From: Christian Goll <cgoll@suse.de>
-Date: Mon Apr 9 10:05:50 2018 +0200
-Subject: split xdaemon in xdaemon_init and xdaemon_finish for systemd compatibilty
-Patch-mainline: Not yet
-Git-repo: https://github.com/SchedMD/slurm
-Git-commit: 2bbe988c0ef133942d0d0077b0f064eff553e3a2
-References: bsc#1084125
+Date: Mon, 9 Apr 2018 10:05:50 +0200
+Subject: [PATCH 1/6] split xdaemon in xdaemon_init and xdaemon_finish for
+ systemd compatibilty
 
-
-Signed-off-by: Egbert Eich <eich@suse.de>
 ---
  src/common/daemonize.c | 73 ++++++++++++++++++++++++++++++++++++++++++++------
- src/common/daemonize.h | 20 ++++++++++++++
- 2 files changed, 85 insertions(+), 8 deletions(-)
+ src/common/daemonize.h | 10 +++++--
+ 2 files changed, 73 insertions(+), 10 deletions(-)
 
 diff --git a/src/common/daemonize.c b/src/common/daemonize.c
 index e22a1d0a7f..2987a40af0 100644
@@ -124,33 +120,29 @@ index e22a1d0a7f..2987a40af0 100644
  
  /*
 diff --git a/src/common/daemonize.h b/src/common/daemonize.h
-index 22a31f6ccf..c932d83f74 100644
+index 22a31f6ccf..8b2a866b61 100644
 --- a/src/common/daemonize.h
 +++ b/src/common/daemonize.h
-@@ -40,6 +40,26 @@
- #ifndef _HAVE_DAEMONIZE_H
+@@ -41,11 +41,17 @@
  #define _HAVE_DAEMONIZE_H
  
-+
-+/*
-+ * Fork process into background open a pipe to
-+ * communicate status between parent and child.
-+ * parent: wait until child has closed the pipe.
-+ * child: return fd.
-+ *
-+ * Returns fd or -1 on error.
-+ */
+ /*
+- * Fork process into background and inherit new session.
++ * Start fork process into background and inherit new session.
+  *
+- * Returns -1 on error.
+  */
+ extern int xdaemon(void);
 +extern int xdaemon_init(void);
 +
 +/*
-+ * Finish child side of the fork:
-+ * This needs to get called after the PID file
-+ * has been written.
-+ * Close STDIN, STDOUT and STDERR and inherit
-+ * new session. Close pipe when done.
++ * Finish daemonization by ending grandparen
 + */
-+extern void xdaemon_finish(int fd);
 +
- /*
-  * Fork process into background and inherit new session.
-  *
++extern void xdaemon_finish(int fd);
+ 
+ /* Write pid into file pidfile if uid is not 0 change the owner of the
+  * pidfile to that user.
+-- 
+2.13.7
+