SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libsingularity1-2.6.1-1.4.x86_64.rpm :

* Thu Dec 20 2018 Christian Neyers - Update to 2.6.1- Security related fix in 2.6.1
* disables instance features for mount commands, disables instance join for start command, and disables daemon start for action commands (fixes CVE-2018-19295)
* Tue Aug 07 2018 neyersAATTgeod.uni-bonn.de- Update to 2.6.0- Implemented enhancements in 2.6.0
* Allow admin to specify a non-standard location for mksquashfs binary at build time with --with-mksquashfs option #1662
* --nv option will use nvidia-container-cli if installed #1681
* nvliblist.conf now has a section for binaries #1681
* --nv can be made default with all action commands in singularity.conf #1681
* --nv can be controlled by env vars $SINGULARITY_NV and $SINGULARITY_NV_OFF [#1681]
* Refactored travis build and packaging tests #1601
* Added build and packaging tests for Debian 8/9 and openSUSE 42.3/15.0 #1713
* Restore shim init process for proper signal handling and child reaping when container is initiated in its own PID namespace #1221
* Add -i option to image.create to specify the inode ratio. #1759
* Bind /dev/nvidia
* into the container when the --nv flag is used in conjuction with the --contain flag #1358
* Add --no-home option to not mount user $HOME if it is not the $CWD and mount home = yes is set. #1761
* Added support for OAUTH2 Docker registries like Azure Container Registry [#1622]- Bug fixes in 2.6.0
* Fix 404 when using Arch Linux bootstrap #1731
* Fix environment variables clearing while starting instances #1766
* Tue Jul 03 2018 neyersAATTgeod.uni-bonn.de- Move completion file to /usr/share/bash-completion/completions/- Update to 2.5.2- Security related fixes in 2.5.2
* Removed the option to use overlay images with singularity mount. This flaw could allow a malicious user accessing the host system to access sensitive information when coupled with persistent ext3 overlay.
* Fixed a race condition that might allow a malicious user to bypass directory image restrictions, like mounting the host root filesystem as a container image.- Bugfixes in 2.5.2
* Fix an error in malloc allocation #1620
* Honor debug flag when pulling from docker hub #1556
* Fix a bug with passwd abort #1580
* Allow user to override singularity.conf \"mount home = no\" with --home option #1496
* Improve debugging output #1535
* Fix some bugs in bind mounting #1525
* Define PR_(S|G)ET_NO_NEW_PRIVS in user space so that these features will work with kernels that implement them (like Cray systems) #1506
* Create /dev/fd and standard streams symlinks in /dev when using minimal dev mount or when specifying -c/-C/--contain option #1420
* Fixed
* expansion during app runscript creation #1486
* Fri May 04 2018 neyersAATTgeod.uni-bonn.de- Update to 2.5.1- Bugfixes in 2.5.1
* Corrected a permissions error when attempting to run Singularity from a directory on NFS with root_squash enabled
* Fixed a bug that closed a socket early, preventing correct container execution on hosts using identity services like SSSD
* Fixed a regression that broke the debootstrap agent
* Mon Apr 30 2018 neyersAATTgeod.uni-bonn.de- Place license files with %license for newer SUSE versions- Remove generic build instructions and contribution information from package- Update to 2.5.0- Security related fixes in 2.5.0 Patches are provided to prevent a malicious user with the ability to log in to the host system and use the Singularity container runtime from carrying out any of the following actions:
* Create world writable files in root-owned directories on the host system by manipulating symbolic links and bind mounts
* Create folders outside of the container by manipulating symbolic links in conjunction with the --nv option or by bypassing check_mounted function with relative symlinks
* Bypass the enable overlay = no option in the singularity.conf configuration file by setting an environment variable
* Exploit buffer overflows in src/util/daemon.c and/or src/lib/image/ext3/init.c (reported by Erik Sjölund (DBB, Stockholm University, Sweden))
* Forge of the pid_path to join any Singularity namespace (reported by Erik Sjölund (DBB, Stockholm University, Sweden))- Implemented enhancements in 2.5.0
* Restore docker-extract aufs whiteout handling that implements correct extraction of docker container layers. This adds libarchive-devel as a build time dep. At runtime libarchive is needed for whiteout handling. If libarchive is not available at runtime will fall back to previous extraction method.
* Changed behavior of SINGULARITYENV_PATH to overwrite container PATH and added SINGULARITYENV_PREPEND_PATH and SINGULARITYENV_APPEND_PATH for users wanting to prepend or append to the container PATH at runtime- Bug fixes in 2.5.0
* Support pulls from the NVIDIA cloud docker registry (fix by Justin Riley, Harvard)
* Close socket file descriptors in fd_cleanup
* Fix conflict between --nv and --contain options
* Throw errors at build and runtime if NO_NEW_PRIVS is not present and working
* Reset umask to 0022 at start to corrrect several errors
* Verify docker layers after download with sha256 checksum
* Do not make excessive requests for auth tokens to docker registries
* Fixed stripping whitespaces and empty new lines for the app commands (fix by Rafal Gumienny, Biozentrum, Basel)
* Improved the way that working directory is mounted
* Fixed an out of bounds array in src/lib/image/ext3/init.c
* Wed Mar 28 2018 neyersAATTgeod.uni-bonn.de- Move rpmlint fixes from patch file into %prep section of spec file- Fix rpmlint warnings
* `non-executable-script`: shub/api.py only provides definitions
* `sourced-script-with-shebang`: bash completion file
* `files-duplicate`: legacy examples- Remove version update from _service- Update to 2.4.5- Changes in 2.4.5
* Strip authorization header on http redirect to different domain when interacting with docker registries.
* Wed Mar 07 2018 neyersAATTgeod.uni-bonn.de- Fix rpmlint error `env-script-interpreter` for python
* Wed Mar 07 2018 neyersAATTgeod.uni-bonn.de- Update to 2.4.4- Changes in 2.4.4
* Removed capability to handle docker layer aufs whiteout files correctly as it increased potential attack surface on some distros (with apologies to users who requested it).- Changes in 2.4.3
* Close file descriptors pointing to a directory #1305
* Fix permission denied when binding directory located on NFS with root_squash enabled
* Add capability to support all tar compression formats #1155
* Handle docker layer aufs whiteout files correctly (requires libarchive).
* Close file descriptors pointing to a directory #1305
* Updated output of image.print command #1190
* Fixed parsing of backslashes in apprun script #1189
* Fixed parsing of arch keyword from definition file #1217
* Fixed incompatibility between --pwd and --contain options #1259
* Updated license information #1267
* Fix non-root build from docker containers with non-writable file/dir permissions
* Fix race condition between container exit and cleanupd while removing runtime directory
* Tue Dec 05 2017 neyersAATTgeod.uni-bonn.de- Adapt network:cluster>singularity to 2.4.2
  
ICM