From edc6dd03240b8fe0a1530ce0e80637641903095e Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 13 Dec 2018 15:43:20 -0500 Subject: gnu: Singularity: Update to 2.6.1 [fixes CVE-2018-19295]. Our Singularity package is not vulnerable to CVE-2018-19295 by default, becuase that vulnerability is based on the 'mount', 'start', and 'action' Singularity binaries being installed setuid, which we do not do in Guix. * gnu/packages/linux.scm (singularity): Update to 2.6.1. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index ae16491f26..43ee257c70 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -2612,7 +2612,7 @@ thanks to the use of namespaces.") (define-public singularity (package (name "singularity") - (version "2.5.1") + (version "2.6.1") (source (origin (method url-fetch) (uri (string-append "https://github.com/singularityware/singularity/" @@ -2620,7 +2620,7 @@ thanks to the use of namespaces.") "/singularity-" version ".tar.gz")) (sha256 (base32 - "0f28dgf2qcy8ljjfix7p9q36q12j7rxyicfzzi4n0fl8zr8ab88g")))) + "1whx0hqqi1326scgdxxxa1d94vn95mnq0drid6s8wdp84ni4d3gk")))) (build-system gnu-build-system) (arguments `(#:configure-flags -- cgit v1.2.3