singularity-container - Debian Package Tracker

general

source: singularity-container (main)
version: 3.11.0+ds1-1
maintainer: Debian HPC Team (archive) (DMD)
uploaders: Benda Xu [DMD] – Mehdi Dogguy [DMD] – Yaroslav Halchenko [DMD] – Dmitry Smirnov [DMD]
arch: all any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

unstable: 3.11.0+ds1-1

versioned links

3.11.0+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-github-sylabs-singularity-dev
singularity-container

action needed

A new upstream version is available: 3.11.3 high

A new upstream version 3.11.3 is available, you should consider packaging it.

Created: 2023-04-09 Last update: 2023-05-17 13:04

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2023-30549: Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0, installations that include apptainer-suid < 1.1.8, and all versions of Singularity in their default configurations on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf (or singularity.conf for singularity versions). This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed.

Created: 2023-04-26 Last update: 2023-04-28 06:08

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2022-23538: github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the client to a backing S3 storage server, to perform a multi-part concurrent download. Depending on site configuration, the S3 service may be provided by a third party. An attacker with access to the S3 service may be able to extract user credentials, allowing them to impersonate the user. The vulnerable multi-part concurrent download flow, with redirect to S3, is only used when communicating with a Singularity Enterprise 1.x installation, or third party server implementing this flow. Interaction with Singularity Enterprise 2.x, and Singularity Container Services (cloud.sylabs.io), does not trigger the vulnerable flow. We encourage all users to update. Users who interact with a Singularity Enterprise 1.x installation, using a 3rd party S3 storage service, are advised to revoke and recreate their authentication tokens within Singularity Enterprise. There is no workaround available at this time.

Created: 2023-01-18 Last update: 2023-01-19 06:08

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 20-day delay is over. Check why.

Created: 2023-03-24 Last update: 2023-05-17 12:35

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 3.11.1+ds1-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 96e6bf81c0932b6b33372ff91c214d4ebdb28bb4
Author: Nilesh Patra <nilesh@debian.org>
Date:   Sun Apr 2 20:07:38 2023 +0530

    [ci skip] Interim d/ch: Needs new version of docker-docker-dev

commit 649529c85d9f99a02bf284f753add40e8f8ec437
Author: Nilesh Patra <nilesh@debian.org>
Date:   Sun Apr 2 19:49:02 2023 +0530

    Change B-D and dep on pelletier-go-toml to go-toml.v2

commit b7f32560a1d3ed67063889d4600a170c3291526c
Merge: 71e17a4b e485f7e0
Author: Nilesh Patra <nilesh@debian.org>
Date:   Sun Apr 2 19:35:04 2023 +0530

    Update upstream source from tag 'upstream/3.11.1+ds1'
    
    Update to upstream version '3.11.1+ds1'
    with Debian dir 86d38d1d77f143915594b2c06833ead1c5a6296d

commit e485f7e098482346cd1617e6bfb22c4c74cbe4b5
Author: Nilesh Patra <nilesh@debian.org>
Date:   Sun Apr 2 19:34:59 2023 +0530

    New upstream version 3.11.1+ds1

commit 71e17a4b46a211b4057990f0aa099329bcad10f6
Author: Nilesh Patra <nilesh@debian.org>
Date:   Sun Apr 2 19:34:36 2023 +0530

    d/copyright: Exclude some more new vendored stuff

commit fa99e9f10f57b8e2792153897cc992d2e84ca1aa
Author: Nilesh Patra <nilesh@debian.org>
Date:   Sun Apr 2 19:34:10 2023 +0530

    d/copyright: Remove three packages from exclusion which are not vendored anymore

Created: 2023-04-02 Last update: 2023-05-11 16:43

lintian reports 21 warnings normal

Lintian reports 21 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-10-13 Last update: 2023-03-23 12:36

debian/patches: 2 patches to forward upstream low

Among the 6 debian patches available in version 3.11.0+ds1-1 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-03-04 07:36

testing migrations

excuses:
- Migration status for singularity-container (- to 3.11.0+ds1-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating singularity-container would introduce bugs in testing: #1029669
- ∙ ∙ blocked by freeze: is not in testing
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/s/singularity-container.html
- ∙ ∙ 74 days old (needed 20 days)
- Not considered

news

[rss feed]

[2023-03-03] Accepted singularity-container 3.11.0+ds1-1 (source) into unstable (Nilesh Patra)
[2023-02-25] singularity-container REMOVED from testing (Debian testing watch)
[2022-10-18] singularity-container 3.10.3+ds1-1 MIGRATED to testing (Debian testing watch)
[2022-10-12] Accepted singularity-container 3.10.3+ds1-1 (source) into unstable (Nilesh Patra)
[2022-09-30] singularity-container 3.10.2+ds3-1 MIGRATED to testing (Debian testing watch)
[2022-09-25] Accepted singularity-container 3.10.2+ds3-1 (source) into unstable (Nilesh Patra)
[2022-08-10] singularity-container 3.10.2+ds2-3 MIGRATED to testing (Debian testing watch)
[2022-08-04] Accepted singularity-container 3.10.2+ds2-3 (source) into unstable (Nilesh Patra)
[2022-07-31] Accepted singularity-container 3.10.2+ds2-2 (source) into unstable (Nilesh Patra)
[2022-07-31] Accepted singularity-container 3.10.2+ds2-1 (source) into unstable (Nilesh Patra)
[2022-07-31] singularity-container 3.10.1+ds1-1 MIGRATED to testing (Debian testing watch)
[2022-07-24] Accepted singularity-container 3.10.1+ds1-1 (source) into unstable (Nilesh Patra)
[2022-06-26] singularity-container 3.10.0+ds2-3 MIGRATED to testing (Debian testing watch)
[2022-06-17] Accepted singularity-container 3.10.0+ds2-3 (source) into unstable (Nilesh Patra)
[2022-06-14] Accepted singularity-container 3.10.0+ds2-2 (source) into unstable (Nilesh Patra)
[2022-06-13] Accepted singularity-container 3.10.0+ds2-1 (source) into unstable (Nilesh Patra)
[2022-06-13] Accepted singularity-container 3.10.0+ds1-1 (source) into unstable (Nilesh Patra)
[2022-05-03] singularity-container 3.9.9+ds1-1 MIGRATED to testing (Debian testing watch)
[2022-04-27] Accepted singularity-container 3.9.9+ds1-1 (source) into unstable (Nilesh Patra)
[2022-04-21] singularity-container 3.9.8+ds1-1 MIGRATED to testing (Debian testing watch)
[2022-04-15] Accepted singularity-container 3.9.8+ds1-1 (source) into unstable (Nilesh Patra)
[2022-03-22] singularity-container 3.9.6+ds1-1 MIGRATED to testing (Debian testing watch)
[2022-03-16] Accepted singularity-container 3.9.6+ds1-1 (source) into unstable (Nilesh Patra)
[2022-03-01] singularity-container 3.9.5+ds1-3 MIGRATED to testing (Debian testing watch)
[2022-02-24] Accepted singularity-container 3.9.5+ds1-3 (source) into unstable (Nilesh Patra)
[2022-02-23] Accepted singularity-container 3.9.5+ds1-2 (source) into unstable (Andreas Tille)
[2022-02-20] Accepted singularity-container 3.9.5+ds1-1 (source) into experimental (Nilesh Patra)
[2022-02-19] Accepted singularity-container 3.9.4+ds2-1 (source) into experimental (Andreas Tille)
[2021-12-21] Accepted singularity-container 3.5.2+ds2-1 (source) into unstable (Benda Xu)
[2020-08-14] singularity-container REMOVED from testing (Debian testing watch)

bugs [bug history graph]

all: 2
RC: 1
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 21)
buildd: logs, checks, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches