From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35098)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1gXXvr-0006dI-MY
	for guix-patches@gnu.org; Thu, 13 Dec 2018 15:50:08 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1gXXvm-0002cV-7p
	for guix-patches@gnu.org; Thu, 13 Dec 2018 15:50:07 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:42664)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1gXXvm-0002c0-1i
	for guix-patches@gnu.org; Thu, 13 Dec 2018 15:50:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1gXXvl-0003Rm-Vo
	for guix-patches@gnu.org; Thu, 13 Dec 2018 15:50:02 -0500
Subject: [bug#33730] [PATCH] gnu: Singularity: Update to 2.6.1 [fixes
	CVE-2018-19295].
Resent-Message-ID: <handler.33730.B.154473414713182@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34780)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1gXXue-0006Zj-Os
	for guix-patches@gnu.org; Thu, 13 Dec 2018 15:48:54 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1gXXuZ-0000Cs-MQ
	for guix-patches@gnu.org; Thu, 13 Dec 2018 15:48:52 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:60379)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1gXXuZ-00009U-GZ
	for guix-patches@gnu.org; Thu, 13 Dec 2018 15:48:47 -0500
Received: from jasmine.lan (c-76-124-202-137.hsd1.pa.comcast.net
	[76.124.202.137])
	by mail.messagingengine.com (Postfix) with ESMTPA id 8E77B102F3
	for <guix-patches@gnu.org>; Thu, 13 Dec 2018 15:48:43 -0500 (EST)
From: Leo Famulari <leo@famulari.name>
Date: Thu, 13 Dec 2018 15:48:39 -0500
Message-Id: <b3ac8bd5d34c01dd2eb6897015fc931c6fc15770.1544734119.git.leo@famulari.name>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 33730@debbugs.gnu.org

Our Singularity package is not vulnerable to CVE-2018-19295 by default,
becuase that vulnerability is based on the 'mount', 'start', and
'action' Singularity binaries being installed setuid, which we do not do
in Guix.

* gnu/packages/linux.scm (singularity): Update to 2.6.1.
---
 gnu/packages/linux.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 1cdf2bf47..de6439449 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -2612,7 +2612,7 @@ thanks to the use of namespaces.")
 (define-public singularity
   (package
     (name "singularity")
-    (version "2.5.1")
+    (version "2.6.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/singularityware/singularity/"
@@ -2620,7 +2620,7 @@ thanks to the use of namespaces.")
                                   "/singularity-" version ".tar.gz"))
               (sha256
                (base32
-                "0f28dgf2qcy8ljjfix7p9q36q12j7rxyicfzzi4n0fl8zr8ab88g"))))
+                "1whx0hqqi1326scgdxxxa1d94vn95mnq0drid6s8wdp84ni4d3gk"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
-- 
2.20.0