From bd06e0c7650b1161f9fc3cfcbebbcd60419870ffce240028ade0d2006b9d0ac8 Mon Sep 17 00:00:00 2001
From: Corot Sebastien <scorot@free.fr>
Date: Thu, 2 Feb 2017 20:23:02 +0000
Subject: [PATCH] Accepting request 454272 from
 home:eeich:branches:network:cluster

- Updated to 16.05.8.1
 * Remove StoragePass from being printed out in the slurmdbd log at debug2
   level.
 * Defer PATH search for task program until launch in slurmstepd.
 * Modify regression test1.89 to avoid leaving vestigial job. Also reduce
    logging to reduce likelyhood of Expect buffer overflow.
 * Do not PATH search for mult-prog launches if LaunchParamters=test_exec is
    enabled.
 * Fix for possible infinite loop in select/cons_res plugin when trying to
    satisfy a job's ntasks_per_core or socket specification.
 * If job is held for bad constraints make it so once updated the job doesn't
    go into JobAdminHeld.
 * sched/backfill - Fix logic to reserve resources for jobs that require a
    node reboot (i.e. to change KNL mode) in order to start.
 * When unpacking a node or front_end record from state and the protocol
    version is lower than the min version, set it to the min.
 * Remove redundant lookup for part_ptr when updating a reservation's nodes.
 * Fix memory and file descriptor leaks in slurmd daemon's sbcast logic.
 * Do not allocate specialized cores to jobs using the --exclusive option.
 * Cancel interactive job if Prolog failure with "PrologFlags=contain" or
   "PrologFlags=alloc" configured. Send new error prolog failure message to
   the salloc or srun command as needed.
 * Prevent possible out-of-bounds read in slurmstepd on an invalid #! line.
 * Fix check for PluginDir within slurmctld to work with multiple directories.
 * Cancel interactive jobs automatically on communication error to launching
   srun/salloc process.
 * Fix security issue caused by insecure file path handling triggered by the
   failure of a Prolog script. To exploit this a user needs to anticipate or
   cause the Prolog to fail for their job. CVE-2016-10030 (bsc#1018371).
- Replace group/user add macros with function calls.
- Disable building with netloc support: the netloc API is part of the devel
  branch of hwloc. Since this devel branch was included accidentally and has
  been reversed since, we need to disable this for the time being.
- Conditionalized architecture specific pieces to support non-x86 architectures
  better.

- Remove: unneeded 'BuildRequires:  python'
- Add:
  BuildRequires:  freeipmi-devel
  BuildRequires:  libibmad-devel
  BuildRequires:  libibumad-devel
  so they are picked up by the slurm build.
- Enable modifications from openHPC Project.
- Enable lua API package build.
- Add a recommends for slurm-munge to the slurm package:
  This is way, the munge auth method is available and slurm
  works out of the box.
- Create /var/lib/slurm as StateSaveLocation directory.
  /tmp is dangerous.

- Keep %{_libdir}/libpmi* and %{_libdir}/mpi_pmi2* on SUSE.

OBS-URL: https://build.opensuse.org/request/show/454272
OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=13
---
 ...urm-Initialize-arrays-and-pass-sizes.patch | 82 ++++++++++++++++
 slurm-16-05-5-1.tar.gz                        |  3 -
 slurm-16-05-8-1.tar.gz                        |  3 +
 slurm.changes                                 | 61 ++++++++++++
 slurm.spec                                    | 93 +++++++++++++++----
 5 files changed, 223 insertions(+), 19 deletions(-)
 create mode 100644 pam_slurm-Initialize-arrays-and-pass-sizes.patch
 delete mode 100644 slurm-16-05-5-1.tar.gz
 create mode 100644 slurm-16-05-8-1.tar.gz

diff --git a/pam_slurm-Initialize-arrays-and-pass-sizes.patch b/pam_slurm-Initialize-arrays-and-pass-sizes.patch
new file mode 100644
index 0000000..9f327fe
--- /dev/null
+++ b/pam_slurm-Initialize-arrays-and-pass-sizes.patch
@@ -0,0 +1,82 @@
+From: Sebastian Krahmer <krahmer@suse.com>
+Date: Thu Feb 2 09:49:38 2017 +0100
+Subject: [PATCH]pam_slurm: Initialize arrays and pass sizes
+Git-repo: https://github.com/SchedMD/slurm
+Git-commit: fbfbb90f6a2e7f134220991ed3263894ba365411
+References: bsc#1007053
+Signed-off-by: Egbert Eich <eich@suse.de>
+
+PAM is security critical:
+- clear arrays
+- ensure strings are NULL-terminated.
+
+Signed-off-by: Egbert Eich <eich@suse.com>
+---
+ contribs/pam/pam_slurm.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/contribs/pam/pam_slurm.c b/contribs/pam/pam_slurm.c
+index 0968a9c..ee179d5 100644
+--- a/contribs/pam/pam_slurm.c
++++ b/contribs/pam/pam_slurm.c
+@@ -266,9 +266,9 @@ static int
+ _gethostname_short (char *name, size_t len)
+ {
+ 	int error_code, name_len;
+-	char *dot_ptr, path_name[1024];
++	char *dot_ptr, path_name[1024] = {0};
+ 
+-	error_code = gethostname(path_name, sizeof(path_name));
++	error_code = gethostname(path_name, sizeof(path_name) - 1);
+ 	if (error_code)
+ 		return error_code;
+ 
+@@ -296,11 +296,11 @@ static int
+ _slurm_match_allocation(uid_t uid)
+ {
+ 	int authorized = 0, i;
+-	char hostname[MAXHOSTNAMELEN];
++	char hostname[MAXHOSTNAMELEN] = {0};
+ 	char *nodename = NULL;
+ 	job_info_msg_t * msg;
+ 
+-	if (_gethostname_short(hostname, sizeof(hostname)) < 0) {
++	if (_gethostname_short(hostname, sizeof(hostname) - 1) < 0) {
+ 		_log_msg(LOG_ERR, "gethostname: %m");
+ 		return 0;
+ 	}
+@@ -409,7 +409,7 @@ _send_denial_msg(pam_handle_t *pamh, struct _options *opts,
+  */
+ extern void libpam_slurm_init (void)
+ {
+-	char libslurmname[64];
++	char libslurmname[64] = {0};
+ 
+ 	if (slurm_h)
+ 		return;
+@@ -417,10 +417,10 @@ extern void libpam_slurm_init (void)
+ 	/* First try to use the same libslurm version ("libslurm.so.24.0.0"),
+ 	 * Second try to match the major version number ("libslurm.so.24"),
+ 	 * Otherwise use "libslurm.so" */
+-	if (snprintf(libslurmname, sizeof(libslurmname),
++	if (snprintf(libslurmname, sizeof(libslurmname) - 1,
+ 			"libslurm.so.%d.%d.%d", SLURM_API_CURRENT,
+ 			SLURM_API_REVISION, SLURM_API_AGE) >=
+-			sizeof(libslurmname) ) {
++			sizeof(libslurmname) - 1) {
+ 		_log_msg (LOG_ERR, "Unable to write libslurmname\n");
+ 	} else if ((slurm_h = dlopen(libslurmname, RTLD_NOW|RTLD_GLOBAL))) {
+ 		return;
+@@ -429,8 +429,10 @@ extern void libpam_slurm_init (void)
+ 			libslurmname, dlerror ());
+ 	}
+ 
+-	if (snprintf(libslurmname, sizeof(libslurmname), "libslurm.so.%d",
+-			SLURM_API_CURRENT) >= sizeof(libslurmname) ) {
++	memset(libslurmname, 0, sizeof(libslurmname));
++
++	if (snprintf(libslurmname, sizeof(libslurmname) - 1, "libslurm.so.%d",
++			SLURM_API_CURRENT) >= sizeof(libslurmname) - 1) {
+ 		_log_msg (LOG_ERR, "Unable to write libslurmname\n");
+ 	} else if ((slurm_h = dlopen(libslurmname, RTLD_NOW|RTLD_GLOBAL))) {
+ 		return;
diff --git a/slurm-16-05-5-1.tar.gz b/slurm-16-05-5-1.tar.gz
deleted file mode 100644
index 2941b1e..0000000
--- a/slurm-16-05-5-1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7d3c30c1683fd207dda22f4078e038d110fa5bce133828fbd8e1ae6317f2ad38
-size 8582827
diff --git a/slurm-16-05-8-1.tar.gz b/slurm-16-05-8-1.tar.gz
new file mode 100644
index 0000000..2b2fac6
--- /dev/null
+++ b/slurm-16-05-8-1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2c162d56138360543a9a0f2486ae671c588883685a80eda028e9e17541a1f7b1
+size 8432017
diff --git a/slurm.changes b/slurm.changes
index b5036f6..39c7f92 100644
--- a/slurm.changes
+++ b/slurm.changes
@@ -1,3 +1,64 @@
+-------------------------------------------------------------------
+Wed Feb  1 20:17:47 UTC 2017 - eich@suse.com
+
+- Updated to 16.05.8.1
+ * Remove StoragePass from being printed out in the slurmdbd log at debug2
+   level.
+ * Defer PATH search for task program until launch in slurmstepd.
+ * Modify regression test1.89 to avoid leaving vestigial job. Also reduce
+    logging to reduce likelyhood of Expect buffer overflow.
+ * Do not PATH search for mult-prog launches if LaunchParamters=test_exec is
+    enabled.
+ * Fix for possible infinite loop in select/cons_res plugin when trying to
+    satisfy a job's ntasks_per_core or socket specification.
+ * If job is held for bad constraints make it so once updated the job doesn't
+    go into JobAdminHeld.
+ * sched/backfill - Fix logic to reserve resources for jobs that require a
+    node reboot (i.e. to change KNL mode) in order to start.
+ * When unpacking a node or front_end record from state and the protocol
+    version is lower than the min version, set it to the min.
+ * Remove redundant lookup for part_ptr when updating a reservation's nodes.
+ * Fix memory and file descriptor leaks in slurmd daemon's sbcast logic.
+ * Do not allocate specialized cores to jobs using the --exclusive option.
+ * Cancel interactive job if Prolog failure with "PrologFlags=contain" or
+   "PrologFlags=alloc" configured. Send new error prolog failure message to
+   the salloc or srun command as needed.
+ * Prevent possible out-of-bounds read in slurmstepd on an invalid #! line.
+ * Fix check for PluginDir within slurmctld to work with multiple directories.
+ * Cancel interactive jobs automatically on communication error to launching
+   srun/salloc process.
+ * Fix security issue caused by insecure file path handling triggered by the
+   failure of a Prolog script. To exploit this a user needs to anticipate or
+   cause the Prolog to fail for their job. CVE-2016-10030 (bsc#1018371).
+- Replace group/user add macros with function calls.
+- Disable building with netloc support: the netloc API is part of the devel
+  branch of hwloc. Since this devel branch was included accidentally and has
+  been reversed since, we need to disable this for the time being.
+- Conditionalized architecture specific pieces to support non-x86 architectures
+  better.
+
+-------------------------------------------------------------------
+Tue Jan  3 17:21:58 UTC 2017 - eich@suse.com
+
+- Remove: unneeded 'BuildRequires:  python'
+- Add:
+  BuildRequires:  freeipmi-devel
+  BuildRequires:  libibmad-devel
+  BuildRequires:  libibumad-devel
+  so they are picked up by the slurm build.
+- Enable modifications from openHPC Project.
+- Enable lua API package build.
+- Add a recommends for slurm-munge to the slurm package:
+  This is way, the munge auth method is available and slurm
+  works out of the box.
+- Create /var/lib/slurm as StateSaveLocation directory.
+  /tmp is dangerous. 
+
+-------------------------------------------------------------------
+Wed Nov 30 15:16:05 UTC 2016 - eich@suse.com
+
+- Keep %{_libdir}/libpmi* and %{_libdir}/mpi_pmi2* on SUSE.
+
 -------------------------------------------------------------------
 Tue Nov 22 21:42:04 UTC 2016 - eich@suse.com
 
diff --git a/slurm.spec b/slurm.spec
index 6e7d13d..358cc69 100644
--- a/slurm.spec
+++ b/slurm.spec
@@ -21,14 +21,28 @@
 %define vers_t() %(%trunc)
 
 %if 0%{?suse_version} >= 1220 || 0%{?sle_version} >= 120000
-%define with_systemd 1
+ %define with_systemd 1
 %endif
-%if 0%{suse_version} >= 1310
-%define have_netloc 1
+
+%if 0
+ %define have_netloc 1
+%endif
+
+%ifarch x86_64
+ %define have_libnuma 1
+%else
+ %ifarch %{ix86} 
+  %if 0%{?sle_version} >= 120200
+   %define have_libnuma 1
+  %endif
+ %endif
 %endif
 
 %define libslurm libslurm29
-%define ver_exp 16-05-5-1
+%define ver_exp 16-05-8-1
+
+%define slurm_u %name
+%define slurm_g %name
 
 Name:           slurm
 Version:        %{vers_f %ver_exp}
@@ -44,14 +58,19 @@ Patch0:         slurm-2.4.4-rpath.patch
 Patch1:         slurm-2.4.4-init.patch
 Patch2:		slurmd-Fix-slurmd-for-new-API-in-hwloc-2.0.patch
 Patch3:		plugins-cgroup-Fix-slurmd-for-new-API-in-hwloc-2.0.patch
+Patch4:         pam_slurm-Initialize-arrays-and-pass-sizes.patch
 Requires:       slurm-plugins = %{version}
+%if 0%{?suse_version} <= 1140
+Requires(pre):  pwdutils
+%else
+Requires(pre):  shadow
+%endif
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  gtk2-devel
 BuildRequires:  libbitmask-devel
 BuildRequires:  libcpuset-devel
-BuildRequires:  libhwloc-devel
-%ifarch x86_64
+%if 0%{?have_libnuma}
 BuildRequires:  libnuma-devel
 %endif
 BuildRequires:  mysql-devel >= 5.0.0
@@ -59,8 +78,17 @@ BuildRequires:  ncurses-devel
 BuildRequires:  openssl-devel >= 0.9.6
 BuildRequires:  pkgconfig
 BuildRequires:  postgresql-devel >= 8.0.0
-BuildRequires:  python
 BuildRequires:  readline-devel
+%if 0%{?suse_version} > 1310 || 0%{?sle_version}
+BuildRequires:  libibmad-devel
+BuildRequires:  libibumad-devel
+%endif
+%if 0%{?suse_version} > 1140
+BuildRequires:  libhwloc-devel
+%ifarch %{ix86} x86_64
+BuildRequires:  freeipmi-devel
+%endif
+%endif
 %if 0%{?with_systemd}
 %{?systemd_requires}
 BuildRequires:  systemd
@@ -68,6 +96,7 @@ BuildRequires:  systemd
 PreReq:         %insserv_prereq %fillup_prereq
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+Recommends:    %{name}-munge
 
 %description
 SLURM is an open source, fault-tolerant, and highly
@@ -243,6 +272,15 @@ Linux Utility for Resource Managment (SLURM) is in use.  Access is granted
 to root, any user with an SLURM-launched job currently running on the node,
 or any user who has allocated resources on the node according to the SLURM
 
+%package lua
+Summary:       Lua API for SLURM
+Group:          Development/Libraries/Other
+Requires:       slurm = %{version}
+BuildRequires:  lua-devel
+
+%description lua
+LUA API package for SLURM. This package includes the lua API to provide a
+helpful interface to SLURM through LUA.
 
 %prep
 %setup -q -n %{name}-%{name}-%{ver_exp}
@@ -250,17 +288,18 @@ or any user who has allocated resources on the node according to the SLURM
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
-chmod 0644 doc/html/*.{gif,jpg}
+%patch4 -p1
 
 %build
 %configure --enable-shared \
            --disable-static \
            --without-rpath \
+%{!?have_netloc:--without-netloc} \
            --sysconfdir=%{_sysconfdir}/%{name}
 make %{?_smp_mflags}
 
 %install
-%makeinstall
+%make_install
 make install-contrib DESTDIR=$RPM_BUILD_ROOT PERL_MM_PARAMS="INSTALLDIRS=vendor"
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/slurm.conf.template
 rm -f $RPM_BUILD_ROOT/%{_sbindir}/slurmconfgen.py
@@ -294,10 +333,11 @@ install -D -m755 contribs/sjstat ${RPM_BUILD_ROOT}%{_bindir}/sjstat
 
 %if 0%{?OHPC_BUILD}
 # 6/16/15 karl.w.schulz@intel.com - do not package Slurm's version of libpmi with OpenHPC.
-rm -f $RPM_BUILD_ROOT/%{_libdir}/libpmi*
-rm -f $RPM_BUILD_ROOT/%{_libdir}/mpi_pmi2*
+## rm -f $RPM_BUILD_ROOT/%%{_libdir}/libpmi*
+## rm -f $RPM_BUILD_ROOT/%%{_libdir}/mpi_pmi2*
 # 9/8/14 karl.w.schulz@intel.com - provide starting config file
 head -n -2 $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf.example | grep -v ReturnToService > $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
+sed -i 's#\(StateSaveLocation=\).*#\1%_localstatedir/lib/slurm#'  $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
 echo "# OpenHPC default configuration" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
 echo "PropagateResourceLimitsExcept=MEMLOCK" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
 echo "SlurmdLogFile=/var/log/slurm.log" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
@@ -309,6 +349,7 @@ echo "PartitionName=normal Nodes=c[1-4] Default=YES MaxTime=24:00:00 State=UP" >
 echo "ReturnToService=1" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
 # 9/17/14 karl.w.schulz@intel.com - Add option to drop VM cache during epilog
 sed -i '/^# No other SLURM jobs,/i \\n# Drop clean caches (OpenHPC)\necho 3 > /proc/sys/vm/drop_caches\n\n#' $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.epilog.clean
+%{__mkdir_p} $RPM_BUILD_ROOT%_localstatedir/lib/slurm
 %endif
 
 # Delete unpackaged files:
@@ -359,18 +400,23 @@ libdir=%{_libdir}
 Cflags: -I\${includedir}
 Libs: -L\${libdir} -lslurm
 Description: Slurm API
-Name: %{pname}
+Name: %{name}
 Version: %{version}
 EOF
 
 
 %fdupes -s $RPM_BUILD_ROOT
 
-%if 0%{?with_systemd}
 %pre
+%if 0%{?with_systemd}
 %service_add_pre slurmd.service
 %service_add_pre slurmctld.service
 %endif
+%define slurmdir %{_sysconfdir}/slurm
+%define slurmdescr "SLURM workload manager"
+getent group %name >/dev/null || groupadd -r %name
+getent passwd %name >/dev/null || useradd -r -g %name -d %slurmdir -s /bin/false -c %{slurmdescr} %name
+exit 0
 
 %post
 %if 0%{?with_systemd}
@@ -512,6 +558,7 @@ EOF
 %{_sbindir}/rcslurm
 %endif
 %{?with_systemd:%{_sbindir}/rcslurmctld}
+%{?OHPC_BUILD:%attr(0755, %slurm_u, %slurm_g) %_localstatedir/lib/slurm}
 
 %files openlava
 %defattr(-,root,root)
@@ -537,8 +584,8 @@ EOF
 %files devel
 %defattr(-,root,root)
 %{_prefix}/include/slurm
-%{!?OHPC_BUILD:%{_libdir}/libpmi.so}
-%{!?OHPC_BUILD:%{_libdir}/libpmi2.so}
+%{_libdir}/libpmi.so
+%{_libdir}/libpmi2.so
 %{_libdir}/libslurm.so
 %{_libdir}/libslurmdb.so
 %{_libdir}/slurm/src/*
@@ -553,7 +600,7 @@ EOF
 %files sched-wiki
 %defattr(-,root,root)
 %{_libdir}/slurm/sched_wiki*.so
-%{_mandir}/man5/wiki.*
+#%%{_mandir}/man5/wiki.*
 
 %files auth-none
 %defattr(-,root,root)
@@ -683,6 +730,20 @@ EOF
 %{_libdir}/slurm/mcs_group.so
 %{_libdir}/slurm/mcs_none.so
 %{_libdir}/slurm/mcs_user.so
+%if 0%{?suse_version} > 1310
+%{_libdir}/slurm/acct_gather_infiniband_ofed.so
+%endif
+%if 0%{?suse_version} > 1140
+%ifarch %{ix86} x86_64
+%{_libdir}/slurm/acct_gather_energy_ipmi.so
+%endif
+%endif
+%{_libdir}/slurm/node_features_knl_generic.so
+
+%files lua
+%defattr(-,root,root)
+%{_libdir}/slurm/job_submit_lua.so
+%{_libdir}/slurm/proctrack_lua.so
 
 %files torque
 %defattr(-,root,root)