SUSE-CU-2025:862-1: Security update of bci/spack

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Feb 12 12:37:45 UTC 2025


SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:862-1
Container Tags        : bci/spack:0.23 , bci/spack:0.23.0 , bci/spack:0.23.0-2.1 , bci/spack:latest
Container Release     : 2.1
Severity              : important
Type                  : security
References            : 1235144 1235873 1236267 1236460 1236588 1236590 CVE-2022-49043
                        CVE-2025-0167 CVE-2025-0725 
-----------------------------------------------------------------

The container bci/spack was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4671-1
Released:    Wed Dec  6 14:33:41 2023
Summary:     Recommended update for man
Type:        recommended
Severity:    moderate
References:  

This update of man fixes the following problem:

- The 'man' commands is delivered to SUSE Linux Enterprise Micro
  to allow browsing man pages.

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:323-1
Released:    Mon Feb  3 09:12:14 2025
Summary:     Feature update for spack
Type:        feature
Severity:    moderate
References:  1235144
This update for spack fixes the following issues:

spack was updated from version 0.21.3 to 0.23.0:

- Improved documentation generation (bsc#1235144)
- Version v0.23.0:
  * New features:
    + Spec splicing
    + Broader variant propagation
    + Ability to query specs by namespace
    + `spack spec` now respects environment settings and `unify:true`
    + Improved and polished `spack spec` and `spack find -c` output
    + The command `spack -C <env>` allows to use an environment's configuration without activation
  * New commands, options, and directives:
    + The new `spack env track` command takes a non-managed Spack environment and adds a symlink to Spack's
      `$environments_root` directory.
    + Added `-t` short option for `spack --backtrace` to output backtrace errors
    + `gc` now allows to garbage-collect specific packages through the command line
    + `oci buildcaches` now supports the option `--only=package`
  * Highlighted bugfixes:
    + Externals no longer override the preferred provider
    + Composable `cflags`
    + Fixed concretizer Unification for included environments
  * Deprecations, removals, and syntax changes:
    + The old concretizer has been removed from Spack, along with the `config:concretizer` config option
    + Best-effort expansion of spec matrices has been removed
    + The old Cray `platform` (based on Cray PE modules) has been removed, and `platform=cray` is no longer supported
    + The `config:install_missing_compilers` config option has beendeprecated
    + Config options that deprecated in `v0.21` have been removed
    + Spack's old test interface has been removed
    + The `spack versions --safe-only` option, deprecated since `v0.21.0`, has been removed
    + The `--dependencies` and `--optimize` arguments to `spack ci` have been deprecated

- Version 0.22.2:
  * Bugs fixed:
    + Bumped vendored `archspec` for better aarch64 support
    + Fixed regression in `{variants.X}` and `{variants.X.value}` format strings
    + Ensure shell escaping of environment variable values in load and activate commands
    + Fixed an issue where `spec[pkg]` considers specs outside the current DAG
    + Do not halt concretization on unknown variants in externals
    + Improved validation of `develop` config section/
    + Explicitly disable `ccache` if turned off in config, to avoid cache pollution
    + Improved backwards compatibility in `include_concrete`
    + Fixed issue where package tags were sometimes repeated
    + Make `setup-env.sh` 'sourced only' by dropping execution bits
    + Make certain source/binary fetch errors recoverable instead of a hard error
    + Do not initialize previous store state in `use_store`

- Update to 0.22.1.
  * Bugs fixed:
    + Fix reuse of externals on Linux
    + Ensure parent gcc-runtime version >= child
    + Ensure the latest gcc-runtime is rpath'ed when multiple exist
      among link deps
    + Improve version detection of glibc
    + Improve heuristics for solver
    + Make strong preferences override reuse
    + Reduce verbosity when C compiler is missing
    + Make missing ccache executable an error when required
    + Make every environment view containing `python` a `venv`
    + Fix external detection for compilers with os but no target.
    + Fix version optimization for roots.
    + Handle common implementations of pagination of tags in OCI
      build caches.
    + Apply fetched patches to develop specs
    + Avoid Windows wrappers for filesystem utilities on non-Windows
    + Fix formatting issue in `spack audit`
  * Other changes:
    + Give 'site' scope a lower precedence than 'system' scope

- Version 0.22.0:
  * New features:
    + Compiler dependencies are moving from `compilers.yaml` to `packages.yaml`
    + Improved spack find UI for Environments
    + Improved command-line string quoting
    + Revert default spack install behavior to `--reuse`
    + The `install` command now offers three options
    + More control over reused specs
    + New `conflict:` and `prefer:` syntax for package preferences
    + `include_concrete` in environments
    + `python-venv` isolation
    + Packages can now specify whether they may be distributed in source or binary form
  * Removals, deprecations, and syntax changes:
    + Removed `dpcpp` compiler and package
    + `spack load`: removed `--only` argument
  * Bugs fixed:
    + repo.py: drop deleted packages from provider cache
    + Allow `+` in module file names
    + `cmd/python`: use runpy to allow multiprocessing in scripts
    + Show extension commands with `spack -h`
    + Support environment variable expansion inside module projections
    + Alert user to failed concretizations
    + `shell`: fix `zsh` color formatting for PS1 in environments
    + `spack mirror create --all`: include patches

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:348-1
Released:    Tue Feb  4 08:10:23 2025
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1236460,CVE-2022-49043
This update for libxml2 fixes the following issues:

- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:358-1
Released:    Wed Feb  5 10:06:22 2025
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1235873
This update for permissions fixes the following issues:

- Version update 20240826:
  * permissions: remove legacy and nonsensical entries.
  * permissions: remove traceroute entry.
  * permissions: remove outdated sudo directories.
  * permissions: remove legacy RPM directory entries.
  * permissions: remove some static /var/spool/* dirs.
  * permissions: remove unnecessary static dirs and devices (bsc#1235873).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:367-1
Released:    Wed Feb  5 14:25:31 2025
Summary:     Recommended update for gcc7
Type:        recommended
Severity:    moderate
References:  1236267
This update for gcc7 fixes the following issues:

- Fix vec_madd and vec_msub vector intrinsics on s390x.  [bsc#1236267]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:369-1
Released:    Wed Feb  5 16:32:36 2025
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1236588,1236590,CVE-2025-0167,CVE-2025-0725
This update for curl fixes the following issues:

- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)


The following package changes have been done:

- libxml2-2-2.10.3-150500.5.20.1 updated
- libcurl4-8.6.0-150600.4.21.1 updated
- permissions-20240826-150600.10.15.2 updated
- system-user-nobody-20170617-150400.24.2.1 added
- curl-8.6.0-150600.4.21.1 updated
- libasan4-7.5.0+r278197-150000.4.44.1 updated
- libcilkrts5-7.5.0+r278197-150000.4.44.1 updated
- libubsan0-7.5.0+r278197-150000.4.44.1 updated
- libgfortran4-7.5.0+r278197-150000.4.44.1 updated
- cpp7-7.5.0+r278197-150000.4.44.1 updated
- libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.44.1 updated
- libcurl-devel-8.6.0-150600.4.21.1 updated
- gcc7-7.5.0+r278197-150000.4.44.1 updated
- gcc7-fortran-7.5.0+r278197-150000.4.44.1 updated
- gcc7-c++-7.5.0+r278197-150000.4.44.1 updated
- spack-recipes-0.23.0-150400.21.1 updated
- spack-0.23.0-150400.21.1 updated
- container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated


More information about the sle-container-updates mailing list