PMIx v4.2.6
This is a critical bug fix release in the PMIx v4.2 series.
WARNING: CVE-2023-41915
A security issue was reported by François Diakhate (CEA)
which is addressed in the PMIx v4.2.6 and v5.0.1 releases.
(Older PMIx versions may be vulnerable, but are no longer
supported.)
A filesystem race condition could permit a malicious user
to obtain ownership of an arbitrary file on the filesystem
when parts of the PMIx library are called by a process
running as uid 0. This may happen under the default
configuration of certain workload managers, including Slurm.
Detailed changes include:
- PR #3150 Do not follow links when doing
chown - PR #3147 Multiple commits
- Retrieve pset names upon PMIx_Get request
- Add a new "pctrl" tool for requesting job control ops
- PR #3143 Multiple commits
- Properly support the "log" example
- Enable building of tarball
- show_help: strip leading/trailing blank lines
- docs: fix some leftover "Open MPI" references
- docs: fix HTML word wapping in table cells
- Improve error handling in setup_topology
- Minor cleanups for disable-dlopen
- Fix Python bindings
- PR #3132 Multiple commits
- Switch to using event lib for connections
- Roll to v4.2.6
SHASUMS
c66a6c2ce73dcb3a83109ade87b2cd6ef2e4395b pmix-4.2.6.tar.bz2
8316703725a3982db41330c92366dfa410a7c3f5 pmix-4.2.6.tar.gz
868b62c7ed333e9446ec57e531a01f3e408893ba pmix-4.2.6-1.src.rpm