Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-07-18 22:07:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.3193 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apptainer" Tue Jul 18 22:07:32 2023 rev:18 rq:1099096 version:1.1.9 Changes: -------- --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-04-28 16:24:39.822463887 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.3193/apptainer.changes 2023-07-18 22:07:44.262859304 +0200 @@ -1,0 +2,14 @@ +Tue Jun 13 14:00:33 UTC 2023 - Christian Goll <cg...@suse.com> + +- update to 1.1.9 with following changes: + * Remove warning about unknown xino=on option from fuse-overlayfs, introduced + in 1.1.8. + * Ignore extraneous warning from fuse-overlayfs about a readonly /proc. + * Fix dropped "n" characters on some platforms in definition file stored as + part of SIF metadata. + * Remove duplicated group ids. + * Fix not being able to handle multiple entries in LD_PRELOAD when binding + fakeroot into container during apptainer startup for --fakeroot with + fakeroot command. + +------------------------------------------------------------------- Old: ---- apptainer-1.1.8.tar.gz New: ---- apptainer-1.1.9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apptainer.spec ++++++ --- /var/tmp/diff_new_pack.wuMuSO/_old 2023-07-18 22:07:44.978863307 +0200 +++ /var/tmp/diff_new_pack.wuMuSO/_new 2023-07-18 22:07:44.982863329 +0200 @@ -25,7 +25,7 @@ License: BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version: 1.1.8 +Version: 1.1.9 Release: 0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL: https://apptainer.org ++++++ apptainer-1.1.8.tar.gz -> apptainer-1.1.9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/CHANGELOG.md new/apptainer-1.1.9/CHANGELOG.md --- old/apptainer-1.1.8/CHANGELOG.md 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/CHANGELOG.md 2023-06-07 17:51:35.000000000 +0200 @@ -5,11 +5,25 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.1.9 - \[2023-06-07\] + +### Bug fixes + +- Remove warning about unknown `xino=on` option from fuse-overlayfs, + introduced in 1.1.8. +- Ignore extraneous warning from fuse-overlayfs about a readonly `/proc`. +- Fix dropped "n" characters on some platforms in definition file stored as part + of SIF metadata. +- Remove duplicated group ids. +- Fix not being able to handle multiple entries in `LD_PRELOAD` when + binding fakeroot into container during apptainer startup for --fakeroot + with fakeroot command. + ## v1.1.8 - \[2023-04-25\] ### Security fix -- Included a fix for [CVE-2023-30549](https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7) +- Included a fix for [CVE-2023-30549](https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg) which is a vulnerability in setuid-root installations of Apptainer and Singularity that causes an elevation in severity of an existing ext4 filesystem driver vulnerability that is unpatched in several diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/CODE_OF_CONDUCT.md new/apptainer-1.1.9/CODE_OF_CONDUCT.md --- old/apptainer-1.1.8/CODE_OF_CONDUCT.md 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/CODE_OF_CONDUCT.md 2023-06-07 17:51:35.000000000 +0200 @@ -55,7 +55,7 @@ ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project leader (gmkurt...@gmail.com). All +reported by contacting the project leader (`gmkurt...@gmail.com`). All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/CONTRIBUTORS.md new/apptainer-1.1.9/CONTRIBUTORS.md --- old/apptainer-1.1.8/CONTRIBUTORS.md 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/CONTRIBUTORS.md 2023-06-07 17:51:35.000000000 +0200 @@ -81,6 +81,7 @@ - Satish Chebrolu <sat...@sylabs.io> - Shane Loretz <slor...@openrobotics.org>, <shane.lor...@gmail.com> - Shengjing Zhu <i...@zhsj.me> +- Subil Abraham <abrah...@ornl.gov> - Tarcisio Fedrizzi <tarcisio.fedri...@gmail.com> - Thomas Hamel <hm...@t-hamel.fr> - Tim Wright <7im.wri...@protonmail.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/INSTALL.md new/apptainer-1.1.9/INSTALL.md --- old/apptainer-1.1.8/INSTALL.md 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/INSTALL.md 2023-06-07 17:51:35.000000000 +0200 @@ -137,7 +137,7 @@ for example: ```sh -git checkout v1.1.8 +git checkout v1.1.9 ``` ## Compiling Apptainer @@ -259,7 +259,7 @@ <!-- markdownlint-disable MD013 --> ```sh -VERSION=1.1.8 # this is the apptainer version, change as you need +VERSION=1.1.9 # this is the apptainer version, change as you need # Fetch the source wget https://github.com/apptainer/apptainer/releases/download/v${VERSION}/apptainer-${VERSION}.tar.gz ``` @@ -308,7 +308,7 @@ <!-- markdownlint-disable MD013 --> ```sh -VERSION=1.1.8 # this is the latest apptainer version, change as you need +VERSION=1.1.9 # this is the latest apptainer version, change as you need ./mconfig make -C builddir rpm sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/apptainer-$(echo $VERSION|tr - \~)*.x86_64.rpm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/cmd/internal/cli/inspect.go new/apptainer-1.1.9/cmd/internal/cli/inspect.go --- old/apptainer-1.1.8/cmd/internal/cli/inspect.go 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/cmd/internal/cli/inspect.go 2023-06-07 17:51:35.000000000 +0200 @@ -247,7 +247,8 @@ cat_file() { echo "%[3]s $1:$2" - local IFS=$'\n' + local IFS=" +" while read -r content; do printf "%%s\n" "$content" done < "$2" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/e2e/actions/actions.go new/apptainer-1.1.9/e2e/actions/actions.go --- old/apptainer-1.1.8/e2e/actions/actions.go 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/e2e/actions/actions.go 2023-06-07 17:51:35.000000000 +0200 @@ -790,9 +790,6 @@ e2e.ExpectExit(0), ) - e2e.SetDirective(t, c.env, "allow setuid-mount extfs", "yes") - defer e2e.ResetDirective(t, c.env, "allow setuid-mount extfs") - tests := []struct { name string argv []string @@ -1937,9 +1934,6 @@ e2e.ExpectExit(0), ) - e2e.SetDirective(t, c.env, "allow setuid-mount extfs", "yes") - defer e2e.ResetDirective(t, c.env, "allow setuid-mount extfs") - tests := []struct { name string profile e2e.Profile diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/e2e/internal/e2e/config.go new/apptainer-1.1.9/e2e/internal/e2e/config.go --- old/apptainer-1.1.8/e2e/internal/e2e/config.go 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/e2e/internal/e2e/config.go 2023-06-07 17:51:35.000000000 +0200 @@ -26,6 +26,8 @@ apptainerconf.SetCurrentConfig(c) apptainerconf.SetBinaryPath(buildcfg.LIBEXECDIR, true) + c.AllowSetuidMountExtfs = true + Privileged(func(t *testing.T) { f, err := os.Create(path) if err != nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/e2e/overlay/overlay.go new/apptainer-1.1.9/e2e/overlay/overlay.go --- old/apptainer-1.1.8/e2e/overlay/overlay.go 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/e2e/overlay/overlay.go 2023-06-07 17:51:35.000000000 +0200 @@ -74,9 +74,6 @@ e2e.ExpectExit(0), ) - e2e.SetDirective(t, c.env, "allow setuid-mount extfs", "yes") - defer e2e.ResetDirective(t, c.env, "allow setuid-mount extfs") - type test struct { name string profile e2e.Profile diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/e2e/run/run.go new/apptainer-1.1.9/e2e/run/run.go --- old/apptainer-1.1.8/e2e/run/run.go 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/e2e/run/run.go 2023-06-07 17:51:35.000000000 +0200 @@ -286,9 +286,6 @@ t.Fatalf(err.Error()) } - e2e.SetDirective(t, c.env, "allow setuid-mount extfs", "yes") - defer e2e.ResetDirective(t, c.env, "allow setuid-mount extfs") - c.env.RunApptainer( t, e2e.WithProfile(e2e.UserProfile), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/internal/pkg/fakeroot/fakefake.go new/apptainer-1.1.9/internal/pkg/fakeroot/fakefake.go --- old/apptainer-1.1.8/internal/pkg/fakeroot/fakefake.go 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/internal/pkg/fakeroot/fakefake.go 2023-06-07 17:51:35.000000000 +0200 @@ -142,6 +142,13 @@ if libraryPath == "" { return binds, fmt.Errorf("No LD_LIBRARY_PATH in fakeroot environment") } + preloadEntries := strings.Split(preload, ":") + for _, entry := range preloadEntries { + if strings.HasPrefix(entry, "libfakeroot") { + preload = entry + break + } + } src := fakerootPath point := binds[0] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/internal/pkg/image/driver/imagedriver.go new/apptainer-1.1.9/internal/pkg/image/driver/imagedriver.go --- old/apptainer-1.1.8/internal/pkg/image/driver/imagedriver.go 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/internal/pkg/image/driver/imagedriver.go 2023-06-07 17:51:35.000000000 +0200 @@ -152,6 +152,8 @@ case "overlay": f = &d.overlayFeature optsStr := strings.Join(params.FSOptions, ",") + // Ignore xino=on option with fuse-overlayfs + optsStr = strings.Replace(optsStr, ",xino=on", "", -1) // noacl is needed to avoid failures when the upper layer // filesystem type (for example tmpfs) does not support it, // when the fuse-overlayfs version is 1.8 or greater. @@ -270,6 +272,9 @@ // from squashfuse_ll "failed to clone device fd", "continue without -o clone_fd", + // from fuse-overlayfs due to a bug + // (see https://github.com/containers/fuse-overlayfs/issues/397) + "/proc seems to be mounted as readonly", } filterMsg := func() string { var errstr string diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/internal/pkg/util/fs/files/group.go new/apptainer-1.1.9/internal/pkg/util/fs/files/group.go --- old/apptainer-1.1.8/internal/pkg/util/fs/files/group.go 2023-04-25 17:50:20.000000000 +0200 +++ new/apptainer-1.1.9/internal/pkg/util/fs/files/group.go 2023-06-07 17:51:35.000000000 +0200 @@ -73,6 +73,9 @@ content = append(content, '\n') } + // https://github.com/apptainer/apptainer/issues/1254 + // only deduplicate newly added groups + deduplicateStrs := make(map[string]bool) for _, gid := range groups { grInfo, err := user.GetGrGID(uint32(gid)) if err != nil || grInfo == nil { @@ -80,7 +83,10 @@ continue } groupLine := fmt.Sprintf("%s:x:%d:%s\n", grInfo.Name, grInfo.GID, pwInfo.Name) - content = append(content, []byte(groupLine)...) + if _, ok := deduplicateStrs[groupLine]; !ok { + deduplicateStrs[groupLine] = true + content = append(content, []byte(groupLine)...) + } } return content, nil }
