SingularityCE 3.9.0 Release Candidate 2
Pre-releaseThis is the second release candidate for the upcoming SingularityCE 3.9.0. We'd be grateful for all testing, bug reports, and comments, as we look forward to a stable 3.9.0 release. Please carefully review the release notes below, and refer to the 'master branch (unreleased)' documentation at https://sylabs.io/docs/
Security related fixes
-
Due to trusting a path to an executable that was incorrectly generated in code that could be manipulated by an unprivileged user, privilege escalation was possible when using the new
--nvccli
GPU configuration option. This vulnerability affected the 3.9.0-rc.1 release candidate only. Stable releases of SingularityCE are not impacted.All users who have installed 3.9.0-rc.1 should update to 3.9.0-rc.2
Thanks to @cclerget for reporting this issue.
Changed defaults / behaviours
- The location of the
cryptsetup
,ldconfig
andnvidia-container-cli
binaries are always taken fromsingularity.conf
. No$PATH
search is performed.
Bug fixes
- Ensure a build with
--nvccli
runs usingnvidia-container-cli
and not the legacy gpu support. - Advise on limitations and provide workaround for inability to run
%test
in--fakeroot
--nvccli
builds.
Additionally, this RC includes fixes introduced in SingularityCE 3.8.4
Thanks / Reporting Bugs
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: [email protected]
Have fun!
Downloads
Please use the singularity-ce-3.9.0-rc.2.tar.gz download below to obtain and install SingularityCE 3.9.0-rc.2. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.