Description of the patch:
This update for apptainer fixes the following issues:
Changes in apptainer:
-
Fix CVE-2026-34986 (bsc#1262956)
* github.com/go-jose/go-jose/v4@v4.1.4
CVE-2026-33186 GO-2026-4762 (bsc#1260311)
* google.golang.org/grpc@v1.79.3
CVE-2026-24137 GO-2026-4358 (bsc#1264177)
* github.com/sigstore/sigstore@v1.10.4
Fix fallout:
github.com/moby/go-archive@v0.1.0
github.com/containers/image/v5=github.com/containers/image/v5@v5.36.0
-
Fix HTML parser misimplementation of a part of the HTML
specification for table related tags (CVE-2025-58190,
GO-2026-4441, bsc#1258048).
-
Fix issue where the HTML parser takes a very long time or
even never returns (CVE-2025-47911, GO-2026-4440, bsc#1258047).
-
Update ot 1.4.5
- Fix for moderate severity GO-2025-4176 / CVE-2025-65105 /
GHSA-j3rw-fx6g-q46j (bsc#1255462):
Ineffective application of selinux / apparmor --security option.
Updates of a few dependent go libraries for related security fixes.
- Other fix
Run FUSE processes in a separate process group. This detaches them
from the main process so they don't receive signals such as interrupts
sent to a terminal there. This was not a problem with interactive
shells because they start their own group, but was a problem with
some programs with interactive Read/Eval/Print/Loops such as python.
An interrupt there would kill the FUSE processes.
-
From 1.4.4
- By applying patches to the bundled fuse2fs, allow again the possibility
of using a non-writable ext3 image file as an overlay. Fixes regression
introduced in 1.4.3.
- If an overlay or bound data image is asked to be mounted writable but
the user has no write access to the image, show a warning message
instead of silently switching to readonly.
- Avoid a fatal error when starting fakeroot from suid mode while
in an NFS directory.
- Fix 32-bit builds which were accidentally broken by a library...