Debian Package Tracker
Register | Log in
Subscribe

singularity-container

container platform focused on supporting "Mobility of Compute"

Choose email to subscribe with

general
  • source: singularity-container (main)
  • version: 3.5.2+ds1-1
  • maintainer: Debian HPC Team (archive) (DMD)
  • uploaders: Dmitry Smirnov [DMD] – Yaroslav Halchenko [DMD] – Mehdi Dogguy [DMD] – Dave Love [DMD] – Afif Elghraoui [DMD]
  • arch: all any
  • std-ver: 4.4.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • old-bpo: 2.6.1-1~bpo9+2
  • unstable: 3.5.2+ds1-1
versioned links
  • 2.6.1-1~bpo9+2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.5.2+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • golang-github-sylabs-singularity-dev
  • singularity-container
action needed
A new upstream version is available: 3.7.0 high
A new upstream version 3.7.0 is available, you should consider packaging it.
Created: 2020-06-29 Last update: 2021-01-16 01:07
6 security issues in sid high
There are 6 open security issues in sid.
6 important issues:
  • CVE-2020-13845: Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
  • CVE-2020-13846: Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.
  • CVE-2020-13847: Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
  • CVE-2020-15229: Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `--fakeroot` or a VM for that.
  • CVE-2020-25039: Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
  • CVE-2020-25040: Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
Please fix them.
Created: 2020-07-14 Last update: 2020-10-16 06:00
lintian reports 1 error and 5 warnings high
Lintian reports 1 error and 5 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2020-07-29 Last update: 2020-09-21 06:04
The package has not entered testing even though the delay is over normal
The package has not entered testing even though the 5-day delay is over. Check why.
Created: 2020-08-13 Last update: 2021-01-16 05:34
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.4.1).
Created: 2020-01-21 Last update: 2020-11-17 05:41
testing migrations
  • excuses:
    • Migrates after: golang-procfs
    • Migration status for singularity-container (- to 3.5.2+ds1-1): BLOCKED: Rejected/violates migration policy/introduces a regression
    • Issues preventing migration:
    • Updating singularity-container introduces new bugs: #964779, #965040, #970465, #972212, #978441
    • singularity-container/amd64 has unsatisfiable Built-Using on golang-1.13 1.13.5-1
    • singularity-container/amd64 has unsatisfiable Built-Using on golang-golang-x-net-dev 1:0.0+git20191112.2180aed+dfsg-1
    • singularity-container/arm64 has unsatisfiable Built-Using on golang-1.13 1.13.5-1
    • singularity-container/arm64 has unsatisfiable Built-Using on golang-golang-x-net-dev 1:0.0+git20191112.2180aed+dfsg-1
    • singularity-container/armel has unsatisfiable Built-Using on golang-1.13 1.13.5-1
    • singularity-container/armel has unsatisfiable Built-Using on golang-golang-x-net-dev 1:0.0+git20191112.2180aed+dfsg-1
    • singularity-container/armhf has unsatisfiable Built-Using on golang-1.13 1.13.5-1
    • singularity-container/armhf has unsatisfiable Built-Using on golang-golang-x-net-dev 1:0.0+git20191112.2180aed+dfsg-1
    • singularity-container/i386 has unsatisfiable Built-Using on golang-1.13 1.13.5-1
    • singularity-container/i386 has unsatisfiable Built-Using on golang-golang-x-net-dev 1:0.0+git20191112.2180aed+dfsg-1
    • singularity-container/mips64el has unsatisfiable Built-Using on golang-1.13 1.13.5-1
    • singularity-container/mips64el has unsatisfiable Built-Using on golang-golang-x-net-dev 1:0.0+git20191112.2180aed+dfsg-1
    • singularity-container/mipsel has unsatisfiable Built-Using on golang-1.13 1.13.5-1
    • singularity-container/mipsel has unsatisfiable Built-Using on golang-golang-x-net-dev 1:0.0+git20191112.2180aed+dfsg-1
    • singularity-container/ppc64el has unsatisfiable Built-Using on golang-1.13 1.13.5-1
    • singularity-container/ppc64el has unsatisfiable Built-Using on golang-golang-x-net-dev 1:0.0+git20191112.2180aed+dfsg-1
    • singularity-container/s390x has unsatisfiable Built-Using on golang-1.13 1.13.5-1
    • singularity-container/s390x has unsatisfiable Built-Using on golang-golang-x-net-dev 1:0.0+git20191112.2180aed+dfsg-1
    • Built-Using: singularity-container golang-procfs
    • Additional info:
    • Piuparts tested OK - https://piuparts.debian.org/sid/source/s/singularity-container.html
    • 395 days old (needed 5 days)
    • Not considered
news
[rss feed]
  • [2020-08-14] singularity-container REMOVED from testing (Debian testing watch)
  • [2019-12-20] singularity-container 3.5.2+ds1-1 MIGRATED to testing (Debian testing watch)
  • [2019-12-18] Accepted singularity-container 3.5.2+ds1-1 (source) into unstable (Dmitry Smirnov)
  • [2019-12-17] singularity-container 3.5.1+ds1-1 MIGRATED to testing (Debian testing watch)
  • [2019-12-05] Accepted singularity-container 3.5.1+ds1-1 (source) into unstable (Dmitry Smirnov)
  • [2019-12-01] Accepted singularity-container 3.5.0+ds1-2 (source) into unstable (Dmitry Smirnov)
  • [2019-11-14] Accepted singularity-container 3.5.0+ds1-1 (source) into unstable (Dmitry Smirnov)
  • [2019-11-05] Accepted singularity-container 3.4.2+ds2-4 (source) into unstable (Dmitry Smirnov)
  • [2019-10-31] Accepted singularity-container 3.4.2+ds2-3 (source) into unstable (Dmitry Smirnov)
  • [2019-10-24] Accepted singularity-container 3.4.2+ds1-2 (source) into unstable (Dmitry Smirnov)
  • [2019-10-16] Accepted singularity-container 3.4.2+ds-1 (source) into experimental (Dmitry Smirnov)
  • [2019-10-13] Accepted singularity-container 3.3.0+ds-2 (source all amd64) into experimental, experimental (Dmitry Smirnov)
  • [2019-10-10] Accepted singularity-container 3.3.0+ds-1 (source) into experimental (Dmitry Smirnov)
  • [2019-07-09] singularity-container 3.1.1+ds-1 MIGRATED to testing (Debian testing watch)
  • [2019-06-28] singularity-container REMOVED from testing (Debian testing watch)
  • [2019-05-15] Accepted singularity-container 3.1.1+ds-1 (source) into unstable (Afif Elghraoui)
  • [2019-02-11] singularity-container 3.0.3+ds-1 MIGRATED to testing (Debian testing watch)
  • [2019-01-31] Accepted singularity-container 3.0.3+ds-1 (source) into unstable (Afif Elghraoui)
  • [2019-01-20] singularity-container 2.6.1-2 MIGRATED to testing (Debian testing watch)
  • [2019-01-15] Accepted singularity-container 2.6.1-2 (source) into unstable (Afif Elghraoui)
  • [2019-01-12] Accepted singularity-container 2.6.1-1~bpo9+2 (source) into stretch-backports (Afif Elghraoui)
  • [2018-12-17] singularity-container 2.6.1-1 MIGRATED to testing (Debian testing watch)
  • [2018-12-13] Accepted singularity-container 2.6.1-1~bpo9+1 (source) into stretch-backports (Afif Elghraoui)
  • [2018-12-13] Accepted singularity-container 2.6.1-1 (source) into unstable (Afif Elghraoui)
  • [2018-08-08] singularity-container 2.5.2-2 MIGRATED to testing (Debian testing watch)
  • [2018-08-02] Accepted singularity-container 2.5.2-2 (source amd64) into unstable (Yaroslav Halchenko)
  • [2018-07-07] singularity-container 2.5.2-1 MIGRATED to testing (Debian testing watch)
  • [2018-07-04] Accepted singularity-container 2.5.2-1~bpo9+1 (source) into stretch-backports (Afif Elghraoui)
  • [2018-07-04] Accepted singularity-container 2.5.2-1~bpo8+1 (source) into jessie-backports-sloppy (Afif Elghraoui)
  • [2018-07-04] Accepted singularity-container 2.5.2-1 (source) into unstable (Afif Elghraoui)
  • 1
  • 2
bugs [bug history graph]
  • all: 5 6
  • RC: 5 6
  • I&N: 0
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (1, 5)
  • buildd: logs, checks, clang, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing