Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-12-21 12:30:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "singularity" Sat Dec 21 12:30:16 2019 rev:16 rq:758322 version:3.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-12-14 12:23:41.683196465 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new.6675/singularity.changes 2019-12-21 12:30:30.903338518 +0100 @@ -1,0 +2,16 @@ +Thu Dec 19 14:12:49 UTC 2019 - Ana Guerrero Lopez <aguerr...@suse.com> + +- New version 3.5.2. Main change is a fix for a security issue related + to incorrect file permissions (CVE-2019-19724) on user configuration + and cache directories. (boo#1159550) + For other minor bug fixes please read CHANGELOG.md + +------------------------------------------------------------------- +Thu Dec 19 08:21:59 UTC 2019 - Ana Guerrero Lopez <aguerr...@suse.com> + +- Update wording in SUSE.README +- New patch, to get a more clear error message when user doesn't + belong to the singularity group + * useful_error_message.patch + +------------------------------------------------------------------- Old: ---- singularity-3.5.1.tar.gz New: ---- singularity-3.5.2.tar.gz useful_error_message.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ singularity.spec ++++++ --- /var/tmp/diff_new_pack.3xVX3l/_old 2019-12-21 12:30:31.907338996 +0100 +++ /var/tmp/diff_new_pack.3xVX3l/_new 2019-12-21 12:30:31.915338999 +0100 @@ -23,7 +23,7 @@ License: BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version: 3.5.1 +Version: 3.5.2 Release: 0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL: https://www.sylabs.io/singularity/ @@ -31,7 +31,7 @@ Source1: README.SUSE Source5: %{name}-rpmlintrc Patch0: build-position-independent-binaries.patch - +Patch1: useful_error_message.patch BuildRequires: cryptsetup BuildRequires: fdupes BuildRequires: gcc @@ -59,6 +59,7 @@ %prep %setup -q -n gopath/%{singgopath} -c %patch0 -p 4 +%patch1 -p 4 cp %{S:1} . %build ++++++ README.SUSE ++++++ --- /var/tmp/diff_new_pack.3xVX3l/_old 2019-12-21 12:30:31.967339024 +0100 +++ /var/tmp/diff_new_pack.3xVX3l/_new 2019-12-21 12:30:31.967339024 +0100 @@ -1,8 +1,13 @@ openSUSE/SUSE specific Settings =============================== -Different from the upstream default, the SUID root binaries -are executible only by users belonging to the group 'singularity'. +openSUSE and SUSE have a small difference with upstream default. +This means the SUID root binaries distributed by singularty are +executable only by users belonging to the group 'singularity'. + +Otherwise, users will get an error message like this one: + +FATAL: while executing /usr/lib/singularity/bin/starter-suid: permission denied To add a user to the group singularity, execute (as root): ++++++ singularity-3.5.1.tar.gz -> singularity-3.5.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/singularity/singularity-3.5.1.tar.gz /work/SRC/openSUSE:Factory/.singularity.new.6675/singularity-3.5.2.tar.gz differ: char 5, line 1 ++++++ useful_error_message.patch ++++++ Subject: Add an useful error message when the user doesn't belong to the singularity group Date: 2019.12.19 diff -Nrua src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go --- a/src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go 2019-12-03 23:07:06.000000000 +0100 +++ b/src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go 2019-12-18 00:48:35.670565337 +0100 @@ -90,7 +90,7 @@ return fmt.Errorf("while initializing starter command: %s", err) } err := unix.Exec(c.path, []string{name}, c.env) - return fmt.Errorf("while executing %s: %s", c.path, err) + return fmt.Errorf("while executing %s: %s\nPlease read /usr/share/doc/packages/singularity/README.SUSE to get help\n", c.path, err) } // Run executes the starter binary and returns once starter