Accepting request 1117163 from network:cluster

- update to 23.02.6 to fix (CVE-2023-41914)
  * Removed Fix-test-32.8.patch as fixed upstream
  * Bug Fixes:
    + Fix `CpusPerTres=` not upgreadable with scontrol update
    + Fix unintentional gres removal when validating the gres job state.
    + Fix `--without-hpe-slingshot` configure option.
    + Fix cgroup v2 memory calculations when transparent huge pages are used.
    + Fix parsing of `sgather --timeout` option.
    + Fix regression from 22.05.0 that caused `srun --cpu-bind "=verbose"`
      and `"=v"` options give different CPU bind masks.
    + Fix "_find_node_record: lookup failure for node" error message appearing
      for all dynamic nodes during reconfigure.
    + Avoid segfault if loading serializer plugin fails.
    + `slurmrestd` - Correct OpenAPI format for `GET /slurm/v0.0.39/licenses`.
    + `slurmrestd` - Correct OpenAPI format for
      `GET /slurm/v0.0.39/job/{job_id}`.
    + `slurmrestd` - Change format to multiple fields in
     'GET /slurmdb/v0.0.39/assocations` and `GET /slurmdb/v0.0.39/qos` to
      handle infinite and unset states.
    + When a node fails in a job with `--no-kill`, preserve the extern step on the
      remaining nodes to avoid breaking features that rely on the extern step
      such as `pam_slurm_adopt`, `x11`, and `job_container/tmpfs`.
    + `auth/jwt` - Ignore `x5c` field in JWKS files.
    + `auth/jwt` - Treat 'alg' field as optional in JWKS files.
    + Allow job_desc.selinux_context to be read from the job_submit.lua script.
    + Skip check in slurmstepd that causes a large number of errors in the
      munge log: "Unauthorized credential for client UID=0 GID=0".
      This error will still appear on `slurmd`/`slurmctld`/`slurmdbd` start up
      and is not a cause for concern.
    + `slurmctld` - Allow startup with zero partitions.

OBS-URL: https://build.opensuse.org/request/show/1117163
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/slurm?expand=0&rev=96

Fix-test-32.8.patch

@@ -1,26 +0,0 @@
-From: Egbert Eich <eich@suse.com>
-Date: Wed Jun 15 08:41:16 2022 +0200
-Subject: Fix test 32.8
-Patch-mainline: Not yet
-Git-repo: https://github.com/SchedMD/slurm
-Git-commit: 6641a03b1d1dfcb937617067f50c8069a04ec9b0
-References: 
-
-Signed-off-by: Egbert Eich <eich@suse.com>
-Signed-off-by: Egbert Eich <eich@suse.de>
----
- testsuite/expect/test32.8 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/testsuite/expect/test32.8 b/testsuite/expect/test32.8
-index 76f65c3ccc..61dba8759b 100755
---- a/testsuite/expect/test32.8
-+++ b/testsuite/expect/test32.8
-@@ -86,7 +86,7 @@ if {$job_id == 0} {
- }
- 
- wait_for_job -fail $job_id "DONE"
--wai_for_file -fail $file_out
-+wait_for_file -fail $file_out
- 
- set number_1 -1
- set number_2 -1

slurm-23.02.5.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7620f1dd1134d14dff402a9127d5a36c340d7a2b69b55f67d8a44b3b8681a59d
-size 7274119

slurm-23.02.6.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4a5cbc19228c324aea267266e49b034a12529f20052edb5cbd63599a431e3f23
+size 7444926

slurm.changes

@@ -1,3 +1,71 @@
+-------------------------------------------------------------------
+Thu Oct 12 08:23:20 UTC 2023 - Christian Goll <cgoll@suse.com>
+
+- update to 23.02.6 to fix (CVE-2023-41914)
+  * Removed Fix-test-32.8.patch as fixed upstream
+  * Bug Fixes:
+    + Fix `CpusPerTres=` not upgreadable with scontrol update
+    + Fix unintentional gres removal when validating the gres job state.
+    + Fix `--without-hpe-slingshot` configure option.
+    + Fix cgroup v2 memory calculations when transparent huge pages are used.
+    + Fix parsing of `sgather --timeout` option.
+    + Fix regression from 22.05.0 that caused `srun --cpu-bind "=verbose"`
+      and `"=v"` options give different CPU bind masks.
+    + Fix "_find_node_record: lookup failure for node" error message appearing
+      for all dynamic nodes during reconfigure.
+    + Avoid segfault if loading serializer plugin fails.
+    + `slurmrestd` - Correct OpenAPI format for `GET /slurm/v0.0.39/licenses`.
+    + `slurmrestd` - Correct OpenAPI format for
+      `GET /slurm/v0.0.39/job/{job_id}`.
+    + `slurmrestd` - Change format to multiple fields in
+     'GET /slurmdb/v0.0.39/assocations` and `GET /slurmdb/v0.0.39/qos` to
+      handle infinite and unset states.
+    + When a node fails in a job with `--no-kill`, preserve the extern step on the
+      remaining nodes to avoid breaking features that rely on the extern step
+      such as `pam_slurm_adopt`, `x11`, and `job_container/tmpfs`.
+    + `auth/jwt` - Ignore `x5c` field in JWKS files.
+    + `auth/jwt` - Treat 'alg' field as optional in JWKS files.
+    + Allow job_desc.selinux_context to be read from the job_submit.lua script.
+    + Skip check in slurmstepd that causes a large number of errors in the
+      munge log: "Unauthorized credential for client UID=0 GID=0".
+      This error will still appear on `slurmd`/`slurmctld`/`slurmdbd` start up
+      and is not a cause for concern.
+    + `slurmctld` - Allow startup with zero partitions.
+    + Fix some mig profile names in slurm not matching nvidia mig profiles.
+    + Prevent `slurmscriptd` processing delays from blocking other threads in
+      `slurmctld` while trying to launch `{Prolog|Epilog}Slurmctld`.
+    + Fix sacct printing ReqMem field when memory doesn't exist in requested
+      TRES.
+    + Fix how heterogenous steps in an allocation with `CR_PACK_NODE` or
+      `-mpack` are created.
+    + Fix `slurmctld` crash from race condition within `job_submit_throttle`
+      plugin.
+    + Fix `--with-systemdsystemunitdir` when requesting a default location.
+    + Fix not being able to cancel an array task by the jobid (i.e. not
+      `<jobid>_<taskid>`) through scancel, job launch failure or prolog
+      failure.
+    + Fix cancelling the whole array job when the array task is the meta job
+      and it fails job or prolog launch and is not requeable. Cancel only the
+      specific task instead.
+    + Fix regression in 21.08.2 where MailProg did not run for `mail-type=end`
+      for jobs with non+zero exit codes.
+    + Fix incorrect setting of memory.swap.max in cgroup/v2.
+    + Fix `jobacctgather/cgroup` collection of disk/io, gpumem, gpuutil TRES
+      values.
+    + Fix -d singleton for heterogeneous jobs.
+    + Downgrade info logs about a job meeting a "maximum node limit" in the
+      select plugin to `DebugFlags=SelectType`. These info logs could spam the
+      slurmctld log file under certain circumstances.
+    + `prep/script` - Fix `[Srun|Task]<Prolog|Epilog>` missing
+      `SLURM_JOB_NODELIST`.
+    + gres - Rebuild GRES core bitmap for nodes at startup. This fixes error:
+      "Core bitmaps size mismatch on node [HOSTNAME]", which causes jobs to
+      enter state "Requested node configuration is not available".
+    + `slurmctd` - Allow startup with zero nodes.
+    + Fix filesystem handling race conditions that could lead to an attacker
+      taking control of an arbitrary file, or removing entire directories'
+      contents. CVE-2023-41914.
+
 -------------------------------------------------------------------
 Mon Sep 18 05:23:19 UTC 2023 - Egbert Eich <eich@suse.com>
 

slurm.spec

@@ -18,7 +18,7 @@
 
 # Check file META in sources: update so_version to (API_CURRENT - API_AGE)
 %define so_version 39
-%define ver 23.02.5
+%define ver 23.02.6
 %define _ver _23_02
 #%%define rc_v 0rc1
 %define dl_ver %{ver}
@@ -146,7 +146,6 @@ Source21:       README_Testsuite.md
 Patch0:         Remove-rpath-from-build.patch
 Patch2:         pam_slurm-Initialize-arrays-and-pass-sizes.patch
 Patch10:        Fix-test-21.41.patch
-Patch12:        Fix-test-32.8.patch
 Patch14:        Keep-logs-of-skipped-test-when-running-test-cases-sequentially.patch
 Patch15:        Fix-test7.2-to-find-libpmix-under-lib64-as-well.patch
 
@@ -597,7 +596,6 @@ Do not run test suite and file bug reports for each failed test!
 %patch0 -p1
 %patch2 -p1
 %patch10 -p1
-%patch12 -p1
 %patch14 -p1
 %patch15 -p1