Versions before 2.5.0 have many security vulnerabilities and should be installed anymore. 2.5.1 has been released about a month ago: https://github.com/singularityware/singularity/releases
Created attachment 551636 [details] =sys-cluster/singularity-2.6.0.ebuild Updated ebuild for sys-cluster/singularity-2.6.0 I only changed the account in the github download url to 'sylabs'. Compiles and runs fine on my amd64 machine.
Created attachment 554458 [details] sys-cluster/singularity-3.0.1.ebuild Updated ebuild for v3.0.1.
CVE-2018-12021(https://nvd.nist.gov/vuln/detail/CVE-2018-12021): Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features. Upstream: https://github.com/sylabs/singularity/releases/tag/2.5.2 A malicious user with network access to the host system (e.g. ssh) could exploit this vulnerability to access sensitive information on disk and bypass directory image restrictions like those preventing the root file system from being mounted into the container.
commit e5282d8147687f9785ac63d6d050995492cebaad (HEAD -> master, origin/master, origin/HEAD) Author: Justin Lecher <jlec@gentoo.org> Date: Mon Jul 8 13:23:22 2019 +0100 sys-cluster/singularity: Version Bump & drop vulnerable version https://bugs.gentoo.org/657020 Package-Manager: Portage-2.3.68, Repoman-2.3.16 Signed-off-by: Justin Lecher <jlec@gentoo.org>
Closing because noglsa and tree is clean.
