Singularity 3.8.5 in epel and fedora
12 views
Skip to first unread message
Dave Dykstra
Dec 9, 2021, 1:03:01 PM12/9/21
to singu...@lbl.gov, wlcg-co...@cern.ch
singularity-3.8.5 has been promoted to stable epel and fedora repositories
Dave
On Mon, Nov 29, 2021 at 08:11:35PM -0600, Dave Dykstra wrote:
> singularity-3.8.5 is now in el7 and el8 epel-testing and in Fedora 34
> testing. It should be in Fedora 35 testing soon (and Fedora 33 is end
> of life tomorrow). If no problems are found, it should be promoted to
> the stable repositories in about a week.
>
> Dave
>
> On Mon, Nov 29, 2021 at 04:11:09PM -0800, Krishna Muriki wrote:
> > Singularity 3.8.5 is now available
> >
> > https://github.com/hpcng/singularity/releases/tag/v3.8.5
> > We are pleased to announce the release of Singularity 3.8.5. This is a
> > minor security release over the last v3.8.4 release. Please read the
> > release notes below carefully. As always, please report any bugs to:
> > https://github.com/hpcng/singularity/issues/new
> >
> > If you think that you've discovered a security vulnerability please report
> > it to singularit...@hpcng.org.
> >
> > Security Related Fixes
> >
> > - CVE-2021-41190
> > <https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh >
> > / GHSA-77vh-xpmg-72qh
> > <https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh >
> > :
> > OCI specifications allow ambiguous documents that contain both
> > "manifests"
> > and "layers" fields. Interpretation depends on the presence / value of a
> > Content-Type header. Dependencies handling the retrieval of OCI images
> > have been updated to versions that reject ambiguous documents.
> >
> > Changed defaults / behaviours
> >
> > - Building Singularity from source requires go >=1.16. We now aim to
> > support
> > the two most recent stable versions of Go. This corresponds to the Go
> > Release Maintenance Policy
> > <https://github.com/golang/go/wiki/Go-Release-Cycle#release-maintenance >
> > and Security Policy <https://golang.org/security >,
> > ensuring critical bug fixes and security patches are available for all
> > supported language
> > versions. However, rpm packaging applies a patch to support older native
> > go installations.
> >
> > Bug fixes
> >
> > - Sourcing a script based on PATH is now permitted, fixing a regression
> > introduced in 3.6.0.
> > - Environment variables in container definition files are properly
> > scoped, fixing a regression introduced in 3.8.0.
> >
> > --
> > You received this message because you are subscribed to the Google Groups "singularity" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to singularity...@lbl.gov.
> > To view this discussion on the web visit https://groups.google.com/a/lbl.gov/d/msgid/singularity/CAJm6r9_C27eqHSqs80wLKBEAYp0-Go2ue9qoPjHtgy-9NtzPQQ%40mail.gmail.com .
Dave
On Mon, Nov 29, 2021 at 08:11:35PM -0600, Dave Dykstra wrote:
> singularity-3.8.5 is now in el7 and el8 epel-testing and in Fedora 34
> testing. It should be in Fedora 35 testing soon (and Fedora 33 is end
> of life tomorrow). If no problems are found, it should be promoted to
> the stable repositories in about a week.
>
> Dave
>
> On Mon, Nov 29, 2021 at 04:11:09PM -0800, Krishna Muriki wrote:
> > Singularity 3.8.5 is now available
> >
> > https://github.com/hpcng/singularity/releases/tag/v3.8.5
> > We are pleased to announce the release of Singularity 3.8.5. This is a
> > minor security release over the last v3.8.4 release. Please read the
> > release notes below carefully. As always, please report any bugs to:
> > https://github.com/hpcng/singularity/issues/new
> >
> > If you think that you've discovered a security vulnerability please report
> > it to singularit...@hpcng.org.
> >
> > Security Related Fixes
> >
> > - CVE-2021-41190
> > <https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh >
> > / GHSA-77vh-xpmg-72qh
> > <https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh >
> > :
> > OCI specifications allow ambiguous documents that contain both
> > "manifests"
> > and "layers" fields. Interpretation depends on the presence / value of a
> > Content-Type header. Dependencies handling the retrieval of OCI images
> > have been updated to versions that reject ambiguous documents.
> >
> > Changed defaults / behaviours
> >
> > - Building Singularity from source requires go >=1.16. We now aim to
> > support
> > the two most recent stable versions of Go. This corresponds to the Go
> > Release Maintenance Policy
> > <https://github.com/golang/go/wiki/Go-Release-Cycle#release-maintenance >
> > and Security Policy <https://golang.org/security >,
> > ensuring critical bug fixes and security patches are available for all
> > supported language
> > versions. However, rpm packaging applies a patch to support older native
> > go installations.
> >
> > Bug fixes
> >
> > - Sourcing a script based on PATH is now permitted, fixing a regression
> > introduced in 3.6.0.
> > - Environment variables in container definition files are properly
> > scoped, fixing a regression introduced in 3.8.0.
> >
> > --
> > You received this message because you are subscribed to the Google Groups "singularity" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to singularity...@lbl.gov.
> > To view this discussion on the web visit https://groups.google.com/a/lbl.gov/d/msgid/singularity/CAJm6r9_C27eqHSqs80wLKBEAYp0-Go2ue9qoPjHtgy-9NtzPQQ%40mail.gmail.com .
Reply all
Reply to author
Forward
0 new messages