Singularity 3.8.5 in epel and fedora testing

7 views
Skip to first unread message

Dave Dykstra

unread,
Nov 29, 2021, 9:11:40 PM11/29/21
to singu...@lbl.gov, wlcg-co...@cern.ch
singularity-3.8.5 is now in el7 and el8 epel-testing and in Fedora 34
testing. It should be in Fedora 35 testing soon (and Fedora 33 is end
of life tomorrow). If no problems are found, it should be promoted to
the stable repositories in about a week.

Dave

On Mon, Nov 29, 2021 at 04:11:09PM -0800, Krishna Muriki wrote:
> Singularity 3.8.5 is now available
>
> https://github.com/hpcng/singularity/releases/tag/v3.8.5
> We are pleased to announce the release of Singularity 3.8.5. This is a
> minor security release over the last v3.8.4 release. Please read the
> release notes below carefully. As always, please report any bugs to:
> https://github.com/hpcng/singularity/issues/new
>
> If you think that you've discovered a security vulnerability please report
> it to singularit...@hpcng.org.
>
> Security Related Fixes
>
> - CVE-2021-41190
> <https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh >
> / GHSA-77vh-xpmg-72qh
> <https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh >
> :
> OCI specifications allow ambiguous documents that contain both
> "manifests"
> and "layers" fields. Interpretation depends on the presence / value of a
> Content-Type header. Dependencies handling the retrieval of OCI images
> have been updated to versions that reject ambiguous documents.
>
> Changed defaults / behaviours
>
> - Building Singularity from source requires go >=1.16. We now aim to
> support
> the two most recent stable versions of Go. This corresponds to the Go
> Release Maintenance Policy
> <https://github.com/golang/go/wiki/Go-Release-Cycle#release-maintenance >
> and Security Policy <https://golang.org/security >,
> ensuring critical bug fixes and security patches are available for all
> supported language
> versions. However, rpm packaging applies a patch to support older native
> go installations.
>
> Bug fixes
>
> - Sourcing a script based on PATH is now permitted, fixing a regression
> introduced in 3.6.0.
> - Environment variables in container definition files are properly
> scoped, fixing a regression introduced in 3.8.0.
>
> --
> You received this message because you are subscribed to the Google Groups "singularity" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to singularity...@lbl.gov.
> To view this discussion on the web visit https://groups.google.com/a/lbl.gov/d/msgid/singularity/CAJm6r9_C27eqHSqs80wLKBEAYp0-Go2ue9qoPjHtgy-9NtzPQQ%40mail.gmail.com .
Reply all
Reply to author
Forward
0 new messages