From 8a75af002a5e37816c7e9013766cf39f87843dfde5025257373df8e2ec0c5cce Mon Sep 17 00:00:00 2001 From: Christian Goll Date: Thu, 27 Apr 2023 13:15:28 +0000 Subject: [PATCH] Accepting request 1083262 from home:mslacken:pr - Included a fix for CVE-2023-30549 which is a vulnerability in setuid-root installations of Apptainer iwhich was not active in the recent openSUSE packages. Still this is included for completenss. The fix adds allow setuid-mount configuration options encrypted, squashfs, and extfs, and makes the default for extfs be "no". That disables the use of extfs mounts including for overlays or binds while in the setuid-root mode, while leaving it enabled for unprivileged user namespace mode. The default for encrypted and squashfs is "yes". - Other bug fixes: * Fix loop device 'no such device or address' spurious errors when using shared loop devices. * Add xino=on mount option for writable kernel overlay mount points to fix inode numbers consistency after kernel cache flush (not applicable to fuse-overlayfs). OBS-URL: https://build.opensuse.org/request/show/1083262 OBS-URL: https://build.opensuse.org/package/show/network:cluster/apptainer?expand=0&rev=43 --- apptainer-1.1.7.tar.gz | 3 --- apptainer-1.1.8.tar.gz | 3 +++ apptainer.changes | 19 +++++++++++++++++++ apptainer.spec | 2 +- 4 files changed, 23 insertions(+), 4 deletions(-) delete mode 100644 apptainer-1.1.7.tar.gz create mode 100644 apptainer-1.1.8.tar.gz diff --git a/apptainer-1.1.7.tar.gz b/apptainer-1.1.7.tar.gz deleted file mode 100644 index a877737..0000000 --- a/apptainer-1.1.7.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:40c193d078484c2bb6435030c9308e34ee00d75870454f7c4acfb4f1b222d3f7 -size 5188635 diff --git a/apptainer-1.1.8.tar.gz b/apptainer-1.1.8.tar.gz new file mode 100644 index 0000000..dcdcfab --- /dev/null +++ b/apptainer-1.1.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e8915fe7e140f8d0a195b9517a90bcbffe4378cbf7b9c4d05186a17ab12096fe +size 5190246 diff --git a/apptainer.changes b/apptainer.changes index 1af9b98..4c9d613 100644 --- a/apptainer.changes +++ b/apptainer.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Thu Apr 27 12:59:22 UTC 2023 - Christian Goll + +- Included a fix for CVE-2023-30549 which is a vulnerability in setuid-root + installations of Apptainer iwhich was not active in the recent openSUSE + packages. Still this is included for completenss. The fix adds allow + setuid-mount configuration options encrypted, squashfs, and extfs, and makes + the default for extfs be "no". That disables the use of extfs mounts + including for overlays or binds while in the setuid-root mode, while leaving + it enabled for unprivileged user namespace mode. The default for encrypted + and squashfs is "yes". +- Other bug fixes: + * Fix loop device 'no such device or address' spurious errors when using shared + loop devices. + * Add xino=on mount option for writable kernel overlay mount points to fix + inode numbers consistency after kernel cache flush (not applicable to + fuse-overlayfs). + + ------------------------------------------------------------------- Wed Mar 29 08:14:47 UTC 2023 - Christian Goll diff --git a/apptainer.spec b/apptainer.spec index 143c53c..f41d709 100644 --- a/apptainer.spec +++ b/apptainer.spec @@ -25,7 +25,7 @@ Summary: Application and environment virtualization License: BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version: 1.1.7 +Version: 1.1.8 Release: 0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL: https://apptainer.org