Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-18.03] slurm: 17.11.3 -> 17.11.5 (Fix CVE-2018-7033) #39688

Merged
merged 2 commits into from May 2, 2018
Merged

[release-18.03] slurm: 17.11.3 -> 17.11.5 (Fix CVE-2018-7033) #39688

merged 2 commits into from May 2, 2018

Conversation

veprbl
Copy link
Member

@veprbl veprbl commented Apr 29, 2018
edited

Motivation for this change

Fix CVE-2018-7033

Fixes #39668

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@veprbl
Copy link
Member Author

veprbl commented Apr 29, 2018

@GrahamcOfBorg build python2Packages.pyslurm

@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: python2Packages.pyslurm

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowBroken = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

Failure on x86_64-linux (full log)

Attempted: python2Packages.pyslurm

Partial log (click to expand)

INFO:
INFO: Cython version 0.27.3 installed
INFO:
INFO: Clean - checking for objects to clean
INFO: Clean - completed
INFO: Build - Found Slurm header in /nix/store/x393k3h123fcwsq6w86vy5m090pbp4yr-slurm-17.11.5-dev/include
INFO: Build - Detected Slurm version - 0x110b05 (17.11.05)
ERROR: Build - Incorrect slurm version detected, require Slurm-17.11.00 to slurm-17.11.03
builder for '/nix/store/r62a0dbb46h00nq7x5419hy0x7wg8f0p-python2.7-pyslurm-20170302.drv' failed with exit code 1
error: build of '/nix/store/r62a0dbb46h00nq7x5419hy0x7wg8f0p-python2.7-pyslurm-20170302.drv' failed

@GrahamcOfBorg
Copy link

Failure on aarch64-linux (full log)

Attempted: python2Packages.pyslurm

Partial log (click to expand)

INFO:
INFO: Cython version 0.27.3 installed
INFO:
INFO: Clean - checking for objects to clean
INFO: Clean - completed
INFO: Build - Found Slurm header in /nix/store/c0fmczcfll461xq82yk4z87mc1wn9f8m-slurm-17.11.5-dev/include
INFO: Build - Detected Slurm version - 0x110b05 (17.11.05)
ERROR: Build - Incorrect slurm version detected, require Slurm-17.11.00 to slurm-17.11.03
builder for '/nix/store/v0bwyqaphm2lnaqw8kmf343yhp5h2nvz-python2.7-pyslurm-20170302.drv' failed with exit code 1
�[31;1merror:�[0m build of '/nix/store/v0bwyqaphm2lnaqw8kmf343yhp5h2nvz-python2.7-pyslurm-20170302.drv' failed

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: slurm

Partial log (click to expand)

/nix/store/bz51703q68asa90sc94n23qm6mld7vfl-slurm-17.11.5

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: slurm

Partial log (click to expand)

/nix/store/qfdji0jiw8l6bjgps4kndnv0an9922rl-slurm-17.11.5

@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: slurm

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowBroken = true; }
to ~/.config/nixpkgs/config.nix.

@veprbl veprbl requested a review from FRidh as a code owner April 29, 2018 21:37
@veprbl
Copy link
Member Author

veprbl commented Apr 29, 2018

@GrahamcOfBorg build python2Packages.pyslurm

@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: python2Packages.pyslurm

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowBroken = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: python2Packages.pyslurm

Partial log (click to expand)

pyslurm/pyslurm.c:72585:22: note: '__pyx_v_acct_tres_rec.id' was declared here
   slurmdb_tres_rec_t __pyx_v_acct_tres_rec;
                      ^~~~~~~~~~~~~~~~~~~~~
gcc -pthread -shared -lgcc_s build/temp.linux-aarch64-2.7/pyslurm/pyslurm.o -L -L/slurm -L/nix/store/pqby5j0dwxz3bzh0gpqlfrjvvb614r2b-python-2.7.14/lib -Wl,-R/ -Wl,-R/slurm -lslurmdb -lslurm -lpython2.7 -o /build/source/pyslurm/pyslurm.so

----------------------------------------------------------------------
Ran 0 tests in 0.000s

OK
/nix/store/xid0vrsw51s0ivxwn0v5289cpqgqjl5h-python2.7-pyslurm-20180427

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: slurm

Partial log (click to expand)

/nix/store/qfdji0jiw8l6bjgps4kndnv0an9922rl-slurm-17.11.5

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: slurm

Partial log (click to expand)

/nix/store/bz51703q68asa90sc94n23qm6mld7vfl-slurm-17.11.5

@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: slurm

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowBroken = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: python2Packages.pyslurm

Partial log (click to expand)

pyslurm/pyslurm.c:72585:22: note: '__pyx_v_acct_tres_rec.id' was declared here
   slurmdb_tres_rec_t __pyx_v_acct_tres_rec;
                      ^~~~~~~~~~~~~~~~~~~~~
gcc -pthread -shared -lgcc_s build/temp.linux-x86_64-2.7/pyslurm/pyslurm.o -L -L/slurm -L/nix/store/nx3jw576gqw01iiijgsav39w2qa4cni2-python-2.7.14/lib -Wl,-R/ -Wl,-R/slurm -lslurmdb -lslurm -lpython2.7 -o /build/source/pyslurm/pyslurm.so

----------------------------------------------------------------------
Ran 0 tests in 0.000s

OK
/nix/store/nfnzi835jsyc5d339xzcdxrvqqbm556y-python2.7-pyslurm-20180427

@veprbl
Copy link
Member Author

veprbl commented Apr 30, 2018

@GrahamcOfBorg build python3Packages.pyslurm

@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: python3Packages.pyslurm

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowBroken = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: python3Packages.pyslurm

Partial log (click to expand)

pyslurm/pyslurm.c:72585:22: note: '__pyx_v_acct_tres_rec.id' was declared here
   slurmdb_tres_rec_t __pyx_v_acct_tres_rec;
                      ^~~~~~~~~~~~~~~~~~~~~
gcc -pthread -shared build/temp.linux-x86_64-3.6/pyslurm/pyslurm.o -L -L/slurm -L/nix/store/ljhgdba6n8ag6f8clpi4m9zizm7b8mx3-python3-3.6.5/lib -Wl,--enable-new-dtags,-R/ -Wl,--enable-new-dtags,-R/slurm -lslurmdb -lslurm -lpython3.6m -o /build/source/pyslurm/pyslurm.cpython-36m-x86_64-linux-gnu.so

----------------------------------------------------------------------
Ran 0 tests in 0.000s

OK
/nix/store/9hylyvqdjh6j2pdbp2xly7x5qfrqmgbs-python3.6-pyslurm-20180427

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: python3Packages.pyslurm

Partial log (click to expand)

pyslurm/pyslurm.c:72585:22: note: '__pyx_v_acct_tres_rec.id' was declared here
   slurmdb_tres_rec_t __pyx_v_acct_tres_rec;
                      ^~~~~~~~~~~~~~~~~~~~~
gcc -pthread -shared build/temp.linux-aarch64-3.6/pyslurm/pyslurm.o -L -L/slurm -L/nix/store/pipzarm6j8gn3sk87iw89sl44gy89wn1-python3-3.6.5/lib -Wl,--enable-new-dtags,-R/ -Wl,--enable-new-dtags,-R/slurm -lslurmdb -lslurm -lpython3.6m -o /build/source/pyslurm/pyslurm.cpython-36m-aarch64-linux-gnu.so

----------------------------------------------------------------------
Ran 0 tests in 0.000s

OK
/nix/store/ddq2ynw428f2lyszwv9j4vb8hbnzkjqn-python3.6-pyslurm-20180427

@dotlambda
Copy link
Member

You should git cherry-pick -x the appropriate commits from master.

@xeji xeji mentioned this pull request Apr 30, 2018
Closed
8 tasks
@ryantm @veprbl
slurm: 17.11.3 -> 17.11.5
e50476d 
Semi-automatic update generated by https://github.com/ryantm/nix-update tools.

This update was made based on information from https://repology.org/metapackage/slurm/versions.

These checks were done:

- built on NixOS
- ran `/nix/store/kpn869z54bm58ib47qmv74lv01dfyp4f-slurm-17.11.5/bin/sattach -h` got 0 exit code
- ran `/nix/store/kpn869z54bm58ib47qmv74lv01dfyp4f-slurm-17.11.5/bin/sattach --help` got 0 exit code
- ran `/nix/store/kpn869z54bm58ib47qmv74lv01dfyp4f-slurm-17.11.5/bin/sattach -V` and found version 17.11.5
- ran `/nix/store/kpn869z54bm58ib47qmv74lv01dfyp4f-slurm-17.11.5/bin/sattach --version` and found version 17.11.5
- ran `/nix/store/kpn869z54bm58ib47qmv74lv01dfyp4f-slurm-17.11.5/bin/slurmd -h` got 0 exit code
- ran `/nix/store/kpn869z54bm58ib47qmv74lv01dfyp4f-slurm-17.11.5/bin/slurmd -V` and found version 17.11.5
- found 17.11.5 with grep in /nix/store/kpn869z54bm58ib47qmv74lv01dfyp4f-slurm-17.11.5
- directory tree listing: https://gist.github.com/a4fb120a8f87f92e70daccf30910015b

(cherry picked from commit 0e0b80d)
@veprbl veprbl force-pushed the pr/release-18.03/CVE-2018-7033_v2 branch from f3c8d11 to 14f7d51 Compare April 30, 2018 15:32
@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: slurm

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowBroken = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: slurm

Partial log (click to expand)

/nix/store/qfdji0jiw8l6bjgps4kndnv0an9922rl-slurm-17.11.5

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: slurm

Partial log (click to expand)

strip is /nix/store/lvx1acn1ig1j2km8jds5x3ggh3f2wa8v-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/bz51703q68asa90sc94n23qm6mld7vfl-slurm-17.11.5/lib  /nix/store/bz51703q68asa90sc94n23qm6mld7vfl-slurm-17.11.5/bin  /nix/store/bz51703q68asa90sc94n23qm6mld7vfl-slurm-17.11.5/sbin
patching script interpreter paths in /nix/store/bz51703q68asa90sc94n23qm6mld7vfl-slurm-17.11.5
checking for references to /build in /nix/store/bz51703q68asa90sc94n23qm6mld7vfl-slurm-17.11.5...
moving /nix/store/bz51703q68asa90sc94n23qm6mld7vfl-slurm-17.11.5/sbin/* to /nix/store/bz51703q68asa90sc94n23qm6mld7vfl-slurm-17.11.5/bin
shrinking RPATHs of ELF executables and libraries in /nix/store/c0fmczcfll461xq82yk4z87mc1wn9f8m-slurm-17.11.5-dev
strip is /nix/store/lvx1acn1ig1j2km8jds5x3ggh3f2wa8v-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/c0fmczcfll461xq82yk4z87mc1wn9f8m-slurm-17.11.5-dev
checking for references to /build in /nix/store/c0fmczcfll461xq82yk4z87mc1wn9f8m-slurm-17.11.5-dev...
/nix/store/bz51703q68asa90sc94n23qm6mld7vfl-slurm-17.11.5

@dotlambda
Copy link
Member

The pyslurm bump is still not cherry-picked.

@veprbl
Copy link
Member Author

veprbl commented May 2, 2018

Because there is no such commit in master

@veprbl
pythonPackages.pyslurm: 20170302 -> 20180427
be099f0 
Fixes build against slurm 17.11.5

Fixes: 0e0b80d ('slurm: 17.11.3 -> 17.11.5')
(cherry picked from commit bb12277)
@veprbl veprbl force-pushed the pr/release-18.03/CVE-2018-7033_v2 branch from 14f7d51 to be099f0 Compare May 2, 2018 15:57
@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: slurm

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowBroken = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: slurm

Partial log (click to expand)

gzipping man pages under /nix/store/lc6azissw9dhac1q4vscrsszbxr58rhz-slurm-17.11.5/share/man/
strip is /nix/store/b0zlxla7dmy1iwc3g459rjznx59797xy-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/lc6azissw9dhac1q4vscrsszbxr58rhz-slurm-17.11.5/lib  /nix/store/lc6azissw9dhac1q4vscrsszbxr58rhz-slurm-17.11.5/bin  /nix/store/lc6azissw9dhac1q4vscrsszbxr58rhz-slurm-17.11.5/sbin
patching script interpreter paths in /nix/store/lc6azissw9dhac1q4vscrsszbxr58rhz-slurm-17.11.5
checking for references to /build in /nix/store/lc6azissw9dhac1q4vscrsszbxr58rhz-slurm-17.11.5...
moving /nix/store/lc6azissw9dhac1q4vscrsszbxr58rhz-slurm-17.11.5/sbin/* to /nix/store/lc6azissw9dhac1q4vscrsszbxr58rhz-slurm-17.11.5/bin
shrinking RPATHs of ELF executables and libraries in /nix/store/bid2sq0nci5s1qhhjq4gvschhsmd9nsv-slurm-17.11.5-dev
strip is /nix/store/b0zlxla7dmy1iwc3g459rjznx59797xy-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/bid2sq0nci5s1qhhjq4gvschhsmd9nsv-slurm-17.11.5-dev
checking for references to /build in /nix/store/bid2sq0nci5s1qhhjq4gvschhsmd9nsv-slurm-17.11.5-dev...

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: slurm

Partial log (click to expand)

strip is /nix/store/lvx1acn1ig1j2km8jds5x3ggh3f2wa8v-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/wsd0lddla3shkjkkarr5q8ixmm1yhb5y-slurm-17.11.5/lib  /nix/store/wsd0lddla3shkjkkarr5q8ixmm1yhb5y-slurm-17.11.5/bin  /nix/store/wsd0lddla3shkjkkarr5q8ixmm1yhb5y-slurm-17.11.5/sbin
patching script interpreter paths in /nix/store/wsd0lddla3shkjkkarr5q8ixmm1yhb5y-slurm-17.11.5
checking for references to /build in /nix/store/wsd0lddla3shkjkkarr5q8ixmm1yhb5y-slurm-17.11.5...
moving /nix/store/wsd0lddla3shkjkkarr5q8ixmm1yhb5y-slurm-17.11.5/sbin/* to /nix/store/wsd0lddla3shkjkkarr5q8ixmm1yhb5y-slurm-17.11.5/bin
shrinking RPATHs of ELF executables and libraries in /nix/store/smg8fijq9vrlrnhz3fmy7qn427bbn0ar-slurm-17.11.5-dev
strip is /nix/store/lvx1acn1ig1j2km8jds5x3ggh3f2wa8v-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/smg8fijq9vrlrnhz3fmy7qn427bbn0ar-slurm-17.11.5-dev
checking for references to /build in /nix/store/smg8fijq9vrlrnhz3fmy7qn427bbn0ar-slurm-17.11.5-dev...
/nix/store/wsd0lddla3shkjkkarr5q8ixmm1yhb5y-slurm-17.11.5

@xeji
Copy link
Contributor

xeji commented May 2, 2018

@GrahamcOfBorg build python36Packages.pyslurm python27Packages.pyslurm

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: python36Packages.pyslurm, python27Packages.pyslurm

Partial log (click to expand)


OK
gcc -pthread -shared -lgcc_s build/temp.linux-x86_64-2.7/pyslurm/pyslurm.o -L -L/slurm -L/nix/store/nx3jw576gqw01iiijgsav39w2qa4cni2-python-2.7.14/lib -Wl,-R/ -Wl,-R/slurm -lslurmdb -lslurm -lpython2.7 -o /build/source/pyslurm/pyslurm.so

----------------------------------------------------------------------
Ran 0 tests in 0.000s

OK
/nix/store/cx9zc94dpi3wq54b2wjjr3c2s6ayc1cc-python3.6-pyslurm-20180427
/nix/store/zql1gzipdcasvlw3yd6920s0i3yfhzsn-python2.7-pyslurm-20180427

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: python36Packages.pyslurm, python27Packages.pyslurm

Partial log (click to expand)


OK
gcc -pthread -shared -lgcc_s build/temp.linux-aarch64-2.7/pyslurm/pyslurm.o -L -L/slurm -L/nix/store/pqby5j0dwxz3bzh0gpqlfrjvvb614r2b-python-2.7.14/lib -Wl,-R/ -Wl,-R/slurm -lslurmdb -lslurm -lpython2.7 -o /build/source/pyslurm/pyslurm.so

----------------------------------------------------------------------
Ran 0 tests in 0.000s

OK
/nix/store/ji3i65aynv3qb287aalq4z0ms9v9ivj0-python3.6-pyslurm-20180427
/nix/store/fzcs710cbfiyrb3ylgfh03kp3dp19wms-python2.7-pyslurm-20180427

@xeji xeji merged commit 9e5caa8 into NixOS:release-18.03 May 2, 2018
@veprbl veprbl deleted the pr/release-18.03/CVE-2018-7033_v2 branch December 1, 2020 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FRidh FRidh Awaiting requested review from FRidh FRidh is a code owner

Assignees
No one assigned
Labels
6.topic: python 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@veprbl @GrahamcOfBorg @dotlambda @xeji @ryantm