SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libsingularity1-2.6.1-1.2.x86_64.rpm :
Thu Dec 20 13:00:00 2018 Christian Neyers
- Update to 2.6.1
- Security related fix in 2.6.1

* disables instance features for mount commands, disables instance join for
start command, and disables daemon start for action commands (fixes
CVE-2018-19295)

Tue Aug 7 14:00:00 2018 neyersAATTgeod.uni-bonn.de
- Update to 2.6.0
- Implemented enhancements in 2.6.0

* Allow admin to specify a non-standard location for mksquashfs binary at
build time with --with-mksquashfs option #1662

* --nv option will use nvidia-container-cli if installed #1681

* nvliblist.conf now has a section for binaries #1681

* --nv can be made default with all action commands in singularity.conf #1681

* --nv can be controlled by env vars $SINGULARITY_NV and $SINGULARITY_NV_OFF
[#1681]

* Refactored travis build and packaging tests #1601

* Added build and packaging tests for Debian 8/9 and openSUSE 42.3/15.0 #1713

* Restore shim init process for proper signal handling and child reaping when
container is initiated in its own PID namespace #1221

* Add -i option to image.create to specify the inode ratio. #1759

* Bind /dev/nvidia
* into the container when the --nv flag is used in
conjuction with the --contain flag #1358

* Add --no-home option to not mount user $HOME if it is not the $CWD and
mount home = yes is set. #1761

* Added support for OAUTH2 Docker registries like Azure Container Registry
[#1622]
- Bug fixes in 2.6.0

* Fix 404 when using Arch Linux bootstrap #1731

* Fix environment variables clearing while starting instances #1766

Tue Jul 3 14:00:00 2018 neyersAATTgeod.uni-bonn.de
- Move completion file to /usr/share/bash-completion/completions/
- Update to 2.5.2
- Security related fixes in 2.5.2

* Removed the option to use overlay images with singularity mount. This flaw
could allow a malicious user accessing the host system to access sensitive
information when coupled with persistent ext3 overlay.

* Fixed a race condition that might allow a malicious user to bypass
directory image restrictions, like mounting the host root filesystem as a
container image.
- Bugfixes in 2.5.2

* Fix an error in malloc allocation #1620

* Honor debug flag when pulling from docker hub #1556

* Fix a bug with passwd abort #1580

* Allow user to override singularity.conf \"mount home = no\" with --home
option #1496

* Improve debugging output #1535

* Fix some bugs in bind mounting #1525

* Define PR_(S|G)ET_NO_NEW_PRIVS in user space so that these features will
work with kernels that implement them (like Cray systems) #1506

* Create /dev/fd and standard streams symlinks in /dev when using minimal dev
mount or when specifying -c/-C/--contain option #1420

* Fixed
* expansion during app runscript creation #1486

Fri May 4 14:00:00 2018 neyersAATTgeod.uni-bonn.de
- Update to 2.5.1
- Bugfixes in 2.5.1

* Corrected a permissions error when attempting to run Singularity from a
directory on NFS with root_squash enabled

* Fixed a bug that closed a socket early, preventing correct container
execution on hosts using identity services like SSSD

* Fixed a regression that broke the debootstrap agent

Mon Apr 30 14:00:00 2018 neyersAATTgeod.uni-bonn.de
- Place license files with %license for newer SUSE versions
- Remove generic build instructions and contribution information from package
- Update to 2.5.0
- Security related fixes in 2.5.0
Patches are provided to prevent a malicious user with the ability to log in
to the host system and use the Singularity container runtime from carrying
out any of the following actions:

* Create world writable files in root-owned directories on the host system by
manipulating symbolic links and bind mounts

* Create folders outside of the container by manipulating symbolic links in
conjunction with the --nv option or by bypassing check_mounted function with
relative symlinks

* Bypass the enable overlay = no option in the singularity.conf configuration
file by setting an environment variable

* Exploit buffer overflows in src/util/daemon.c and/or
src/lib/image/ext3/init.c (reported by Erik Sjölund (DBB, Stockholm
University, Sweden))

* Forge of the pid_path to join any Singularity namespace (reported by Erik
Sjölund (DBB, Stockholm University, Sweden))
- Implemented enhancements in 2.5.0

* Restore docker-extract aufs whiteout handling that implements correct
extraction of docker container layers. This adds libarchive-devel as a
build time dep. At runtime libarchive is needed for whiteout handling. If
libarchive is not available at runtime will fall back to previous
extraction method.

* Changed behavior of SINGULARITYENV_PATH to overwrite container PATH and
added SINGULARITYENV_PREPEND_PATH and SINGULARITYENV_APPEND_PATH for users
wanting to prepend or append to the container PATH at runtime
- Bug fixes in 2.5.0

* Support pulls from the NVIDIA cloud docker registry (fix by Justin Riley,
Harvard)

* Close socket file descriptors in fd_cleanup

* Fix conflict between --nv and --contain options

* Throw errors at build and runtime if NO_NEW_PRIVS is not present and working

* Reset umask to 0022 at start to corrrect several errors

* Verify docker layers after download with sha256 checksum

* Do not make excessive requests for auth tokens to docker registries

* Fixed stripping whitespaces and empty new lines for the app commands (fix by
Rafal Gumienny, Biozentrum, Basel)

* Improved the way that working directory is mounted

* Fixed an out of bounds array in src/lib/image/ext3/init.c

Wed Mar 28 14:00:00 2018 neyersAATTgeod.uni-bonn.de
- Move rpmlint fixes from patch file into %prep section of spec file
- Fix rpmlint warnings

* `non-executable-script`: shub/api.py only provides definitions

* `sourced-script-with-shebang`: bash completion file

* `files-duplicate`: legacy examples
- Remove version update from _service
- Update to 2.4.5
- Changes in 2.4.5

* Strip authorization header on http redirect to different domain when
interacting with docker registries.

Wed Mar 7 13:00:00 2018 neyersAATTgeod.uni-bonn.de
- Fix rpmlint error `env-script-interpreter` for python

Wed Mar 7 13:00:00 2018 neyersAATTgeod.uni-bonn.de
- Update to 2.4.4
- Changes in 2.4.4

* Removed capability to handle docker layer aufs whiteout files correctly as
it increased potential attack surface on some distros (with apologies to
users who requested it).
- Changes in 2.4.3

* Close file descriptors pointing to a directory #1305

* Fix permission denied when binding directory located on NFS with root_squash
enabled

* Add capability to support all tar compression formats #1155

* Handle docker layer aufs whiteout files correctly (requires libarchive).

* Close file descriptors pointing to a directory #1305

* Updated output of image.print command #1190

* Fixed parsing of backslashes in apprun script #1189

* Fixed parsing of arch keyword from definition file #1217

* Fixed incompatibility between --pwd and --contain options #1259

* Updated license information #1267

* Fix non-root build from docker containers with non-writable file/dir
permissions

* Fix race condition between container exit and cleanupd while removing
runtime directory

Tue Dec 5 13:00:00 2017 neyersAATTgeod.uni-bonn.de
- Adapt network:cluster>singularity to 2.4.2


  
ICM