Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2021-06-04 22:44:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "singularity" Fri Jun 4 22:44:18 2021 rev:26 rq:897437 version:3.7.4 Changes: -------- --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2021-06-01 10:35:58.272660786 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.1898/singularity.changes 2021-06-04 22:44:41.771222334 +0200 @@ -1,0 +2,16 @@ +Fri Jun 4 11:35:15 UTC 2021 - Christian Goll <cg...@suse.com> + +- Update to version 3.7.4 (boo#1186619) + Fix for CVE-2021-32635: + Due to incorrect use of a default URL, singularity action commands + (run/shell/exec) specifying a container using a library:// URI will always + attempt to retrieve the container from the default remote endpoint + (cloud.sylabs.io) rather than the configured remote endpoint. An attacker may + be able to push a malicious container to the default remote endpoint with a + URI that is identical to the URI used by a victim with a non-default remote + endpoint, thus executing the malicious container. +- Disabled ppc64le builds as these are non pie builds and so not + suiteable for the distribution in SLE and ppc64le is not relevant + for openSUSE + +------------------------------------------------------------------- Old: ---- singularity-3.7.3.tar.gz New: ---- singularity-3.7.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ singularity.spec ++++++ --- /var/tmp/diff_new_pack.aibcRx/_old 2021-06-04 22:44:42.239223284 +0200 +++ /var/tmp/diff_new_pack.aibcRx/_new 2021-06-04 22:44:42.243223292 +0200 @@ -23,7 +23,7 @@ License: BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version: 3.7.3 +Version: 3.7.4 Release: 0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL: https://github.com/hpcng/singularity @@ -45,8 +45,8 @@ Requires: squashfs PreReq: permissions -# there's no golang for ppc64, just ppc64le -ExcludeArch: ppc64 +# there's no golang for ppc64, ppc64le does not have non pie builds +ExcludeArch: ppc64 ppc64le Provides: %{name}-runtime @@ -54,7 +54,6 @@ Singularity provides functionality to make portable containers that can be used across host environments. - %prep %setup -q -n gopath/%{singgopath} -c %patch1 -p 4 ++++++ singularity-3.7.3.tar.gz -> singularity-3.7.4.tar.gz ++++++ /work/SRC/openSUSE:Factory/singularity/singularity-3.7.3.tar.gz /work/SRC/openSUSE:Factory/.singularity.new.1898/singularity-3.7.4.tar.gz differ: char 5, line 1
