From d4c2b2bcf30e5bb08f03d62435940ab8e3549fb2d162957c529dee0fff6dc8c5 Mon Sep 17 00:00:00 2001 From: Christian Goll Date: Wed, 17 Nov 2021 08:37:51 +0000 Subject: [PATCH] - updated to 21.08.4 which fixes (CVE-2021-43337) which is only present in 21.08 tree. * CVE-2021-43337: For sites using the new AccountingStoreFlags=job_script and/or job_env options, an issue was reported with the access control rules in SlurmDBD that will permit users to request job scripts and environment files that they should not have access to. (Scripts/environments are meant to only be accessible by user accounts with administrator privileges, by account coordinators for jobs submitted under their account, and by the user themselves.) - changes from 21.08.3: * This includes a number of fixes since the last release a month ago, including one critical fix to prevent a communication issue between slurmctld and slurmdbd for sites that have started using the new AccountingStoreFlags=job_script functionality. OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=193 --- slurm-21.08.2.tar.bz2 | 3 --- slurm-21.08.4.tar.bz2 | 3 +++ slurm.changes | 19 +++++++++++++++++++ slurm.spec | 4 ++-- 4 files changed, 24 insertions(+), 5 deletions(-) delete mode 100644 slurm-21.08.2.tar.bz2 create mode 100644 slurm-21.08.4.tar.bz2 diff --git a/slurm-21.08.2.tar.bz2 b/slurm-21.08.2.tar.bz2 deleted file mode 100644 index f4ac322..0000000 --- a/slurm-21.08.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6cfea3ae89021dd5986109ef0bda5ad1418f88b61a446631bea576fd6c3399f3 -size 6739808 diff --git a/slurm-21.08.4.tar.bz2 b/slurm-21.08.4.tar.bz2 new file mode 100644 index 0000000..b0cd99f --- /dev/null +++ b/slurm-21.08.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cf5256dfe08c565ddcca387a4d902a1643e125d427c8c2e0c07a32c950bc57aa +size 6743524 diff --git a/slurm.changes b/slurm.changes index bd266f7..f78a1eb 100644 --- a/slurm.changes +++ b/slurm.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Wed Nov 17 08:33:13 UTC 2021 - Christian Goll + +- updated to 21.08.4 which fixes (CVE-2021-43337) which is only present + in 21.08 tree. + * CVE-2021-43337: + For sites using the new AccountingStoreFlags=job_script and/or job_env + options, an issue was reported with the access control rules in SlurmDBD + that will permit users to request job scripts and environment files that + they should not have access to. (Scripts/environments are meant to only be + accessible by user accounts with administrator privileges, by account + coordinators for jobs submitted under their account, and by the user + themselves.) +- changes from 21.08.3: + * This includes a number of fixes since the last release a month ago, + including one critical fix to prevent a communication issue between + slurmctld and slurmdbd for sites that have started using the new + AccountingStoreFlags=job_script functionality. + ------------------------------------------------------------------- Fri Oct 29 15:54:53 UTC 2021 - Egbert Eich diff --git a/slurm.spec b/slurm.spec index dcf117b..fe1b313 100644 --- a/slurm.spec +++ b/slurm.spec @@ -1,5 +1,5 @@ # -# spec file for package slurm +# spec file # # Copyright (c) 2021 SUSE LLC # @@ -18,7 +18,7 @@ # Check file META in sources: update so_version to (API_CURRENT - API_AGE) %define so_version 37 -%define ver 21.08.2 +%define ver 21.08.4 %define _ver _21_08 %define dl_ver %{ver} # so-version is 0 and seems to be stable