From c9da5cd5a9e93ca4b8dfa8a3acc749fc6ab8ad76287ac4a382daac296810dfca Mon Sep 17 00:00:00 2001 From: Christian Goll Date: Thu, 31 Jan 2019 11:56:59 +0000 Subject: [PATCH 1/4] Accepting request 670322 from home:eeich:branches:network:cluster - Update to version 18.08.05: * Add mitigation for a potential heap overflow on 32-bit systems in xmalloc. (CVE-2019-6438, bsc#1123304). * Other fixes: + Backfill - If a job has a time_limit guess the end time of a job better if OverTimeLimit is Unlimited. + Fix "sacctmgr show events event=cluster" + Fix sacctmgr show runawayjobs from sibling cluster + Avoid bit offset of -1 in call to bit_nclear(). + Insure that "hbm" is a configured GresType on knl systems. + Fix NodeFeaturesPlugins=node_features/knl_generic to allow other gres other than knl. + cons_res: Prevent overflow on multiply. + Better debug for bad values in gres.conf. + Fix double accounting of energy at end of job. + Read gres.conf for cloud nodes on slurmctld. + Don't assume the first node of a job is the batch host when purging jobs from a node. + Better debugging when a job doesn't have a job_resrcs ptr. + Store ave watts in energy plugins. + Add XCC plugin for reading Lenovo Power. + Fix minor memory leak when scheduling rebootable nodes. + Fix debug2 prefix for sched log. + Fix printing correct SLURM_JOB_ACCOUNT_PACK_GROUP_* in env for a Het Job. + sbatch - search current working directory first for job script. + Make it so held jobs reset the AccrueTime and do not count against any AccrueTime limits. + Add SchedulerParameters option of bf_hetjob_prio=[min|avg|max] to alter the job sorting algorithm for scheduling heterogeneous jobs. + Fix initialization of assoc_mgr_locks and slurmctld_locks lock OBS-URL: https://build.opensuse.org/request/show/670322 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=83 --- ...-the-fix-for-CVE-2019-6438-750cc23ed.patch | 24 +++++++ slurm-18.08.4.tar.bz2 | 3 - slurm-18.08.5.tar.bz2 | 3 + slurm.changes | 68 +++++++++++++++++++ slurm.spec | 10 ++- 5 files changed, 102 insertions(+), 6 deletions(-) create mode 100644 Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch delete mode 100644 slurm-18.08.4.tar.bz2 create mode 100644 slurm-18.08.5.tar.bz2 diff --git a/Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch b/Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch new file mode 100644 index 0000000..32dcb2e --- /dev/null +++ b/Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch @@ -0,0 +1,24 @@ +From: Egbert Eich +Date: Thu Jan 31 11:05:30 2019 +0100 +Subject: Fix contrib/perlapi to build with the fix for CVE-2019-6438 (750cc23ed). +Patch-mainline: Not yet +Git-commit: a4a7f25dcb7d4387daa4367dd3c040f84b5e6f61 +References: + +Signed-off-by: Egbert Eich +--- + slurm-18.08.5/contribs/perlapi/libslurm/perl/slurm-perl.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) +diff --git a/slurm-18.08.5/contribs/perlapi/libslurm/perl/slurm-perl.h b/slurm-18.08.5/contribs/perlapi/libslurm/perl/slurm-perl.h +index 58df275..d4adbfe 100644 +--- a/contribs/perlapi/libslurm/perl/slurm-perl.h ++++ b/contribs/perlapi/libslurm/perl/slurm-perl.h +@@ -17,7 +17,7 @@ + #endif + + extern void slurm_xfree(void **, const char *, int, const char *); +-extern void *slurm_xmalloc(size_t, bool, const char *, int, const char *); ++extern void *slurm_xmalloc(uint64_t, bool, const char *, int, const char *); + + extern void slurm_api_clear_config(void); + diff --git a/slurm-18.08.4.tar.bz2 b/slurm-18.08.4.tar.bz2 deleted file mode 100644 index 3f317fd..0000000 --- a/slurm-18.08.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d215ef87481e48032ac7c3bcf61aac40b5258dedfbab3f56af5d53d59f22b4c8 -size 6069605 diff --git a/slurm-18.08.5.tar.bz2 b/slurm-18.08.5.tar.bz2 new file mode 100644 index 0000000..42db71f --- /dev/null +++ b/slurm-18.08.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:13f7a00adcf0aebb8b0409d4a07075918c9c39e00b4b1d382a119a9b9c019486 +size 6169479 diff --git a/slurm.changes b/slurm.changes index f93c247..489e7f2 100644 --- a/slurm.changes +++ b/slurm.changes @@ -1,3 +1,71 @@ +------------------------------------------------------------------- +Thu Jan 31 09:00:06 UTC 2019 - eich@suse.com + +- Update to version 18.08.05: + * Add mitigation for a potential heap overflow on 32-bit systems in xmalloc. + (CVE-2019-6438, bsc#1123304). + * Other fixes: + + Backfill - If a job has a time_limit guess the end time of a job better + if OverTimeLimit is Unlimited. + + Fix "sacctmgr show events event=cluster" + + Fix sacctmgr show runawayjobs from sibling cluster + + Avoid bit offset of -1 in call to bit_nclear(). + + Insure that "hbm" is a configured GresType on knl systems. + + Fix NodeFeaturesPlugins=node_features/knl_generic to allow other gres + other than knl. + + cons_res: Prevent overflow on multiply. + + Better debug for bad values in gres.conf. + + Fix double accounting of energy at end of job. + + Read gres.conf for cloud nodes on slurmctld. + + Don't assume the first node of a job is the batch host when purging jobs + from a node. + + Better debugging when a job doesn't have a job_resrcs ptr. + + Store ave watts in energy plugins. + + Add XCC plugin for reading Lenovo Power. + + Fix minor memory leak when scheduling rebootable nodes. + + Fix debug2 prefix for sched log. + + Fix printing correct SLURM_JOB_ACCOUNT_PACK_GROUP_* in env for a Het Job. + + sbatch - search current working directory first for job script. + + Make it so held jobs reset the AccrueTime and do not count against any + AccrueTime limits. + + Add SchedulerParameters option of bf_hetjob_prio=[min|avg|max] to alter + the job sorting algorithm for scheduling heterogeneous jobs. + + Fix initialization of assoc_mgr_locks and slurmctld_locks lock + structures. + + Fix segfault with job arrays using X11 forwarding. + + Revert regression caused by e0ee1c7054 which caused negative values and + values starting with a decimal to be invalid for PriorityWeightTRES and + TRESBillingWeight. + + Fix possibility to update a job's reservation to none. + + Suppress connection errors to primary slurmdbd when backup dbd is active. + + Suppress connection errors to primary db when backup db kicks in + + Add missing fields for sacct --completion when using jobcomp/filetxt. + + Fix incorrect values set for UserCPU, SystemCPU, and TotalCPU sacct + fields when JobAcctGatherType=jobacct_gather/cgroup. + + Fixed srun from double printing invalid option msg twice. + + Remove unused -b flag from getopt call in sbatch. + + Disable reporting of node TRES in sreport. + + Re-enabling features combined by OR within parenthesis for non-knl + setups. + + Prevent sending duplicate requests to reboot a node before ResumeTimeout. + + Down nodes that don't reboot by ResumeTimeout. + + Update seff to reflect API change from rss_max to tres_usage_in_max. + + Add missing TRES constants from perl API. + + Fix issue where sacct would return incorrect array tasks when querying + specific tasks. + + Add missing variables to slurmdb_stats_t in the perlapi. + + Fix nodes not getting reboot RPC when job requires reboot of nodes. + + Fix failing update the partition list of a job. + + Use slurm.conf gres ids instead of gres.conf names to get a gres type + name. + * Disable + slurmctld-rerun-agent_init-when-backup-controller-takes-over.patch: + Believed to be fixed by commit c1a537dbbe6 + See: https://bugs.schedmd.com/show_bug.cgi?id=5511 + * Add + Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch: + Fix fallout from 750cc23ed for CVE-2019-6438. + ------------------------------------------------------------------- Thu Dec 13 10:07:00 UTC 2018 - cgoll@suse.com - Update to 18.08.04, with following highlights diff --git a/slurm.spec b/slurm.spec index ef3ab4c..80592b4 100644 --- a/slurm.spec +++ b/slurm.spec @@ -12,13 +12,13 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # Check file META in sources: update so_version to (API_CURRENT - API_AGE) %define so_version 33 -%define ver 18.08.4 +%define ver 18.08.5 # so-version is 0 and seems to be stable %define pmi_so 0 @@ -77,6 +77,7 @@ Patch9: slurmctld-rerun-agent_init-when-backup-controller-takes-over.pat Patch10: pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch Patch11: pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch Patch12: pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch +Patch130: Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch Requires: slurm-config = %{version} Requires: slurm-node = %{version} @@ -351,10 +352,12 @@ Man pages for the SLURM cluster managment software config files. %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch9 -p1 +# Drop this fix as it is considered to be resolved by c1a537dbbe6 +##%patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch130 -p1 %build %configure --enable-shared \ @@ -878,6 +881,7 @@ exit 0 %endif %endif %{_libdir}/slurm/node_features_knl_generic.so +%{_libdir}/slurm/acct_gather_energy_xcc.so %files lua %{_libdir}/slurm/job_submit_lua.so From 2ff256ff3d5350650e37ea0af4d1f3a9391abe5357d8567608f239a25b586672 Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Thu, 31 Jan 2019 20:14:27 +0000 Subject: [PATCH 2/4] - Structural fixes to build on older openSUSE and SLE versions. OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=84 --- slurm.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/slurm.spec b/slurm.spec index 80592b4..6487044 100644 --- a/slurm.spec +++ b/slurm.spec @@ -135,10 +135,10 @@ Documentation (HTML) for the SLURM cluster managment software. Summary: Perl API to SLURM Group: Development/Languages/Perl Requires: slurm = %{version} -%{libperl_requires} %if 0%{?suse_version} < 1140 Requires: perl = %{perl_version} %else +%{libperl_requires} %{perl_requires} %endif @@ -696,6 +696,7 @@ exit 0 %if 0%{?with_systemd} %{_unitdir}/slurmctld.service %{_sbindir}/rcslurmctld +%endif %{_mandir}/man1/sacct.1* %{_mandir}/man1/sacctmgr.1* %{_mandir}/man1/salloc.1* @@ -720,7 +721,6 @@ exit 0 %{_mandir}/man1/sjstat.1.* %{_mandir}/man8/slurmctld.* %{_mandir}/man8/spank* -%endif %files openlava %{_bindir}/bjobs @@ -878,10 +878,10 @@ exit 0 %if 0%{?suse_version} > 1140 %ifarch %{ix86} x86_64 %{_libdir}/slurm/acct_gather_energy_ipmi.so +%{_libdir}/slurm/acct_gather_energy_xcc.so %endif %endif %{_libdir}/slurm/node_features_knl_generic.so -%{_libdir}/slurm/acct_gather_energy_xcc.so %files lua %{_libdir}/slurm/job_submit_lua.so From acb7e0505a20a83ae8342074fc07ce30e2cd82031bcd7700c197104cdbb50635 Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Thu, 31 Jan 2019 20:33:20 +0000 Subject: [PATCH 3/4] - Update to version 18.08.05-2: This version obsoletes: Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch - Fix spec file for older SUSE versions. OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=85 --- ...-the-fix-for-CVE-2019-6438-750cc23ed.patch | 24 ------------------- slurm-18.08.5-2.tar.bz2 | 3 +++ slurm-18.08.5.tar.bz2 | 3 --- slurm.changes | 8 +++++++ slurm.spec | 7 +++--- 5 files changed, 14 insertions(+), 31 deletions(-) delete mode 100644 Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch create mode 100644 slurm-18.08.5-2.tar.bz2 delete mode 100644 slurm-18.08.5.tar.bz2 diff --git a/Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch b/Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch deleted file mode 100644 index 32dcb2e..0000000 --- a/Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Egbert Eich -Date: Thu Jan 31 11:05:30 2019 +0100 -Subject: Fix contrib/perlapi to build with the fix for CVE-2019-6438 (750cc23ed). -Patch-mainline: Not yet -Git-commit: a4a7f25dcb7d4387daa4367dd3c040f84b5e6f61 -References: - -Signed-off-by: Egbert Eich ---- - slurm-18.08.5/contribs/perlapi/libslurm/perl/slurm-perl.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/slurm-18.08.5/contribs/perlapi/libslurm/perl/slurm-perl.h b/slurm-18.08.5/contribs/perlapi/libslurm/perl/slurm-perl.h -index 58df275..d4adbfe 100644 ---- a/contribs/perlapi/libslurm/perl/slurm-perl.h -+++ b/contribs/perlapi/libslurm/perl/slurm-perl.h -@@ -17,7 +17,7 @@ - #endif - - extern void slurm_xfree(void **, const char *, int, const char *); --extern void *slurm_xmalloc(size_t, bool, const char *, int, const char *); -+extern void *slurm_xmalloc(uint64_t, bool, const char *, int, const char *); - - extern void slurm_api_clear_config(void); - diff --git a/slurm-18.08.5-2.tar.bz2 b/slurm-18.08.5-2.tar.bz2 new file mode 100644 index 0000000..82c3475 --- /dev/null +++ b/slurm-18.08.5-2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c45e9d1c18efa0ae0fbeaf0a244794a1288c6adb9e40cf4efc70c359ad083277 +size 6168687 diff --git a/slurm-18.08.5.tar.bz2 b/slurm-18.08.5.tar.bz2 deleted file mode 100644 index 42db71f..0000000 --- a/slurm-18.08.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:13f7a00adcf0aebb8b0409d4a07075918c9c39e00b4b1d382a119a9b9c019486 -size 6169479 diff --git a/slurm.changes b/slurm.changes index 489e7f2..e10ef1f 100644 --- a/slurm.changes +++ b/slurm.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jan 31 20:30:32 UTC 2019 - eich@suse.com + +- Update to version 18.08.05-2: + This version obsoletes: + Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch +- Fix spec file for older SUSE versions. + ------------------------------------------------------------------- Thu Jan 31 09:00:06 UTC 2019 - eich@suse.com diff --git a/slurm.spec b/slurm.spec index 6487044..c618d59 100644 --- a/slurm.spec +++ b/slurm.spec @@ -19,6 +19,7 @@ # Check file META in sources: update so_version to (API_CURRENT - API_AGE) %define so_version 33 %define ver 18.08.5 +%define dl_ver %{ver}-2 # so-version is 0 and seems to be stable %define pmi_so 0 @@ -62,7 +63,7 @@ Summary: Simple Linux Utility for Resource Management License: SUSE-GPL-2.0-with-openssl-exception Group: Productivity/Clustering/Computing Url: https://www.schedmd.com -Source: https://download.schedmd.com/slurm/%{name}-%{ver}.tar.bz2 +Source: https://download.schedmd.com/slurm/%{name}-%{dl_ver}.tar.bz2 Source1: slurm-rpmlintrc Patch0: slurm-2.4.4-rpath.patch Patch1: slurm-2.4.4-init.patch @@ -77,7 +78,6 @@ Patch9: slurmctld-rerun-agent_init-when-backup-controller-takes-over.pat Patch10: pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch Patch11: pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch Patch12: pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch -Patch130: Fix-contrib-perlapi-to-build-with-the-fix-for-CVE-2019-6438-750cc23ed.patch Requires: slurm-config = %{version} Requires: slurm-node = %{version} @@ -342,7 +342,7 @@ Group: Documentation/Man Man pages for the SLURM cluster managment software config files. %prep -%setup -q -n %{name}-%{ver} +%setup -q -n %{name}-%{dl_ver} %patch0 -p1 %patch1 -p1 %patch2 -p1 @@ -357,7 +357,6 @@ Man pages for the SLURM cluster managment software config files. %patch10 -p1 %patch11 -p1 %patch12 -p1 -%patch130 -p1 %build %configure --enable-shared \ From a857bd00b6312f1342d121c3ef9e808e36cd5561f60f5a48c5b96ace953175f4 Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Thu, 31 Jan 2019 21:19:18 +0000 Subject: [PATCH 4/4] - Fix build. OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=86 --- slurm.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/slurm.spec b/slurm.spec index c618d59..cf2fe86 100644 --- a/slurm.spec +++ b/slurm.spec @@ -732,8 +732,8 @@ exit 0 %{_bindir}/smail %files doc -%dir %{_datadir}/doc/%{name}-%{version} -%{_datadir}/doc/%{name}-%{version}/* +%dir %{_datadir}/doc/%{name}-%{dl_ver} +%{_datadir}/doc/%{name}-%{dl_ver}/* %files -n %{libslurm} %{_libdir}/libslurm*.so.%{so_version}*