From 81ada2f4b46994b8828fabc3d260705f416dcccd Mon Sep 17 00:00:00 2001
From: Sumynwa <80809794+Sumynwa@users.noreply.github.com>
Date: Thu, 21 Sep 2023 14:00:04 +0530
Subject: [PATCH] Upgrade pmix to 4.1.3 to address CVE-2023-41915 (#6256)

* pmix: Bump package version to 4.1.3 to address CVE-2023-41915

Reference: https://github.com/openpmix/openpmix/releases/tag/v4.1.3

* pmix: update cgmanifest entry
---
 SPECS/pmix/pmix.signatures.json |  2 +-
 SPECS/pmix/pmix.spec            | 10 +++++++---
 cgmanifest.json                 |  4 ++--
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/SPECS/pmix/pmix.signatures.json b/SPECS/pmix/pmix.signatures.json
index 195310c905..9d47045634 100644
--- a/SPECS/pmix/pmix.signatures.json
+++ b/SPECS/pmix/pmix.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "pmix-4.1.2.tar.bz2": "670d3a02b39fb2126fe8084174cf03c484e027b5921b5c98a851108134e2597a"
+  "pmix-4.1.3.tar.bz2": "c96a12bb5e565867b27f526611182801ecc0cb9dcb0146b195e77ed511eef9dd"
  }
 }
\ No newline at end of file
diff --git a/SPECS/pmix/pmix.spec b/SPECS/pmix/pmix.spec
index acb670e1c6..a19b8c2637 100644
--- a/SPECS/pmix/pmix.spec
+++ b/SPECS/pmix/pmix.spec
@@ -1,12 +1,12 @@
 Summary:        Process Management Interface Exascale (PMIx)
 Name:           pmix
-Version:        4.1.2
+Version:        4.1.3
 Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 URL:            https://pmix.org/
-Source0:        https://github.com/pmix/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
+Source0:        https://github.com/openpmix/openpmix/releases/download/v%{version}/%{name}-%{version}.tar.bz2
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  flex
@@ -58,7 +58,7 @@ based starters (e.g., mpirun).
 * pevent - inject an event into the system
 
 %prep
-%setup -q
+%autosetup -p1
 
 echo touching lexer sources to recompile them ...
 find src -name \*.l -print -exec touch --no-create {} \;
@@ -103,6 +103,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %files devel
 %{_datadir}/%{name}/*.supp
 %{_includedir}/pmix*.h
+%{_includedir}/pmix/
 %{_libdir}/libpmix.so
 %{_libdir}/pkgconfig/*.pc
 
@@ -110,6 +111,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_bindir}/*
 
 %changelog
+* Thu Sep 21 2023 Sumedh Sharma <sumsharma@microsoft.com> - 4.1.3-1
+- Bump version to address CVE-2023-41915
+
 * Thu Feb 02 2023 Riken Maharjan <rmaharjan@microsoft.com> - 4.1.2-1
 - Move from Extended to core
 - Update to 4.1.2 (from Fedora 38 (license: MIT))
diff --git a/cgmanifest.json b/cgmanifest.json
index 83648d4137..bb3743bbe4 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -21294,8 +21294,8 @@
         "type": "other",
         "other": {
           "name": "pmix",
-          "version": "4.1.2",
-          "downloadUrl": "https://github.com/pmix/pmix/releases/download/v4.1.2/pmix-4.1.2.tar.bz2"
+          "version": "4.1.3",
+          "downloadUrl": "https://github.com/openpmix/openpmix/releases/download/v4.1.3/pmix-4.1.3.tar.bz2"
         }
       }
     },