Skip to content

SingularityCE 3.9.0 Release Candidate 2

Pre-release
Pre-release
Compare
Choose a tag to compare
@dtrudg dtrudg released this 28 Oct 16:00
e85e9b0

This is the second release candidate for the upcoming SingularityCE 3.9.0. We'd be grateful for all testing, bug reports, and comments, as we look forward to a stable 3.9.0 release. Please carefully review the release notes below, and refer to the 'master branch (unreleased)' documentation at https://sylabs.io/docs/

Security related fixes

  • Due to trusting a path to an executable that was incorrectly generated in code that could be manipulated by an unprivileged user, privilege escalation was possible when using the new --nvccli GPU configuration option. This vulnerability affected the 3.9.0-rc.1 release candidate only. Stable releases of SingularityCE are not impacted.

    All users who have installed 3.9.0-rc.1 should update to 3.9.0-rc.2

    Thanks to @cclerget for reporting this issue.

Changed defaults / behaviours

  • The location of the cryptsetup, ldconfig and nvidia-container-cli binaries are always taken from singularity.conf. No $PATH search is performed.

Bug fixes

  • Ensure a build with --nvccli runs using nvidia-container-cli and not the legacy gpu support.
  • Advise on limitations and provide workaround for inability to run %test in --fakeroot --nvccli builds.

Additionally, this RC includes fixes introduced in SingularityCE 3.8.4

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: [email protected]

Have fun!

Downloads

Please use the singularity-ce-3.9.0-rc.2.tar.gz download below to obtain and install SingularityCE 3.9.0-rc.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.