v1.6.1

This is a minor update to the release v1.6:

• Updated Gramine dependencies:

  • libcurl to version 8.5.0: fixes CVE-2023-46218 and CVE-2023-46219.
  • glibc to version 2.39: fixes CVE-2023-6246, CVE-2023-6779 and CVE-2023-6780.
  • mbedTLS to version 3.5.2: fixes CVE-2024-23170 and CVE-2024-23775.

• Added sgx.insecure__allow_memfaults_without_exinfo manifest option as a workaround for usability regression (custom signal handlers not working on older Intel CPUs) caused by recent security hardening.

  • Details can be found here and here.

• Misc:

  • Fixed a bug of missed SIGTERM signal on some applications, notably MongoDB.
  • Fixed a bug with ENOTCONN error code, notably on Python's ssl.py.
  • Added support for madvise(MADV_DONTNEED) on non-writable mappings, notably fixes Node.js v20.
  • Fixed a bug of missing fsync() on Encrypted Files, notably fixes persistent database workloads like RocksDB.
  • Improved Gramine's internal SLAB memory allocator, notably improves performance of Encrypted Files.

The installation instructions are the same as for the release v1.6.