Skip to content

PMIx v4.2.6

Compare
Choose a tag to compare
@rhc54 rhc54 released this 09 Sep 18:30
· 1510 commits to master since this release
f20e0d5

This is a critical bug fix release in the PMIx v4.2 series.


WARNING: CVE-2023-41915
A security issue was reported by François Diakhate (CEA)
which is addressed in the PMIx v4.2.6 and v5.0.1 releases.
(Older PMIx versions may be vulnerable, but are no longer
supported.)

A filesystem race condition could permit a malicious user
to obtain ownership of an arbitrary file on the filesystem
when parts of the PMIx library are called by a process
running as uid 0. This may happen under the default
configuration of certain workload managers, including Slurm.


Detailed changes include:

  • PR #3150 Do not follow links when doing chown
  • PR #3147 Multiple commits
    • Retrieve pset names upon PMIx_Get request
    • Add a new "pctrl" tool for requesting job control ops
  • PR #3143 Multiple commits
    • Properly support the "log" example
    • Enable building of tarball
    • show_help: strip leading/trailing blank lines
    • docs: fix some leftover "Open MPI" references
    • docs: fix HTML word wapping in table cells
    • Improve error handling in setup_topology
    • Minor cleanups for disable-dlopen
    • Fix Python bindings
  • PR #3132 Multiple commits
    • Switch to using event lib for connections
    • Roll to v4.2.6

SHASUMS

c66a6c2ce73dcb3a83109ade87b2cd6ef2e4395b  pmix-4.2.6.tar.bz2
8316703725a3982db41330c92366dfa410a7c3f5  pmix-4.2.6.tar.gz
868b62c7ed333e9446ec57e531a01f3e408893ba  pmix-4.2.6-1.src.rpm