SUSE-CU-2025:862-1: Security update of bci/spack
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Feb 12 12:37:45 UTC 2025
SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:862-1
Container Tags : bci/spack:0.23 , bci/spack:0.23.0 , bci/spack:0.23.0-2.1 , bci/spack:latest
Container Release : 2.1
Severity : important
Type : security
References : 1235144 1235873 1236267 1236460 1236588 1236590 CVE-2022-49043
CVE-2025-0167 CVE-2025-0725
-----------------------------------------------------------------
The container bci/spack was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4671-1
Released: Wed Dec 6 14:33:41 2023
Summary: Recommended update for man
Type: recommended
Severity: moderate
References:
This update of man fixes the following problem:
- The 'man' commands is delivered to SUSE Linux Enterprise Micro
to allow browsing man pages.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:323-1
Released: Mon Feb 3 09:12:14 2025
Summary: Feature update for spack
Type: feature
Severity: moderate
References: 1235144
This update for spack fixes the following issues:
spack was updated from version 0.21.3 to 0.23.0:
- Improved documentation generation (bsc#1235144)
- Version v0.23.0:
* New features:
+ Spec splicing
+ Broader variant propagation
+ Ability to query specs by namespace
+ `spack spec` now respects environment settings and `unify:true`
+ Improved and polished `spack spec` and `spack find -c` output
+ The command `spack -C <env>` allows to use an environment's configuration without activation
* New commands, options, and directives:
+ The new `spack env track` command takes a non-managed Spack environment and adds a symlink to Spack's
`$environments_root` directory.
+ Added `-t` short option for `spack --backtrace` to output backtrace errors
+ `gc` now allows to garbage-collect specific packages through the command line
+ `oci buildcaches` now supports the option `--only=package`
* Highlighted bugfixes:
+ Externals no longer override the preferred provider
+ Composable `cflags`
+ Fixed concretizer Unification for included environments
* Deprecations, removals, and syntax changes:
+ The old concretizer has been removed from Spack, along with the `config:concretizer` config option
+ Best-effort expansion of spec matrices has been removed
+ The old Cray `platform` (based on Cray PE modules) has been removed, and `platform=cray` is no longer supported
+ The `config:install_missing_compilers` config option has beendeprecated
+ Config options that deprecated in `v0.21` have been removed
+ Spack's old test interface has been removed
+ The `spack versions --safe-only` option, deprecated since `v0.21.0`, has been removed
+ The `--dependencies` and `--optimize` arguments to `spack ci` have been deprecated
- Version 0.22.2:
* Bugs fixed:
+ Bumped vendored `archspec` for better aarch64 support
+ Fixed regression in `{variants.X}` and `{variants.X.value}` format strings
+ Ensure shell escaping of environment variable values in load and activate commands
+ Fixed an issue where `spec[pkg]` considers specs outside the current DAG
+ Do not halt concretization on unknown variants in externals
+ Improved validation of `develop` config section/
+ Explicitly disable `ccache` if turned off in config, to avoid cache pollution
+ Improved backwards compatibility in `include_concrete`
+ Fixed issue where package tags were sometimes repeated
+ Make `setup-env.sh` 'sourced only' by dropping execution bits
+ Make certain source/binary fetch errors recoverable instead of a hard error
+ Do not initialize previous store state in `use_store`
- Update to 0.22.1.
* Bugs fixed:
+ Fix reuse of externals on Linux
+ Ensure parent gcc-runtime version >= child
+ Ensure the latest gcc-runtime is rpath'ed when multiple exist
among link deps
+ Improve version detection of glibc
+ Improve heuristics for solver
+ Make strong preferences override reuse
+ Reduce verbosity when C compiler is missing
+ Make missing ccache executable an error when required
+ Make every environment view containing `python` a `venv`
+ Fix external detection for compilers with os but no target.
+ Fix version optimization for roots.
+ Handle common implementations of pagination of tags in OCI
build caches.
+ Apply fetched patches to develop specs
+ Avoid Windows wrappers for filesystem utilities on non-Windows
+ Fix formatting issue in `spack audit`
* Other changes:
+ Give 'site' scope a lower precedence than 'system' scope
- Version 0.22.0:
* New features:
+ Compiler dependencies are moving from `compilers.yaml` to `packages.yaml`
+ Improved spack find UI for Environments
+ Improved command-line string quoting
+ Revert default spack install behavior to `--reuse`
+ The `install` command now offers three options
+ More control over reused specs
+ New `conflict:` and `prefer:` syntax for package preferences
+ `include_concrete` in environments
+ `python-venv` isolation
+ Packages can now specify whether they may be distributed in source or binary form
* Removals, deprecations, and syntax changes:
+ Removed `dpcpp` compiler and package
+ `spack load`: removed `--only` argument
* Bugs fixed:
+ repo.py: drop deleted packages from provider cache
+ Allow `+` in module file names
+ `cmd/python`: use runpy to allow multiprocessing in scripts
+ Show extension commands with `spack -h`
+ Support environment variable expansion inside module projections
+ Alert user to failed concretizations
+ `shell`: fix `zsh` color formatting for PS1 in environments
+ `spack mirror create --all`: include patches
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:348-1
Released: Tue Feb 4 08:10:23 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1236460,CVE-2022-49043
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:358-1
Released: Wed Feb 5 10:06:22 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1235873
This update for permissions fixes the following issues:
- Version update 20240826:
* permissions: remove legacy and nonsensical entries.
* permissions: remove traceroute entry.
* permissions: remove outdated sudo directories.
* permissions: remove legacy RPM directory entries.
* permissions: remove some static /var/spool/* dirs.
* permissions: remove unnecessary static dirs and devices (bsc#1235873).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:367-1
Released: Wed Feb 5 14:25:31 2025
Summary: Recommended update for gcc7
Type: recommended
Severity: moderate
References: 1236267
This update for gcc7 fixes the following issues:
- Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:369-1
Released: Wed Feb 5 16:32:36 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
The following package changes have been done:
- libxml2-2-2.10.3-150500.5.20.1 updated
- libcurl4-8.6.0-150600.4.21.1 updated
- permissions-20240826-150600.10.15.2 updated
- system-user-nobody-20170617-150400.24.2.1 added
- curl-8.6.0-150600.4.21.1 updated
- libasan4-7.5.0+r278197-150000.4.44.1 updated
- libcilkrts5-7.5.0+r278197-150000.4.44.1 updated
- libubsan0-7.5.0+r278197-150000.4.44.1 updated
- libgfortran4-7.5.0+r278197-150000.4.44.1 updated
- cpp7-7.5.0+r278197-150000.4.44.1 updated
- libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.44.1 updated
- libcurl-devel-8.6.0-150600.4.21.1 updated
- gcc7-7.5.0+r278197-150000.4.44.1 updated
- gcc7-fortran-7.5.0+r278197-150000.4.44.1 updated
- gcc7-c++-7.5.0+r278197-150000.4.44.1 updated
- spack-recipes-0.23.0-150400.21.1 updated
- spack-0.23.0-150400.21.1 updated
- container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated
More information about the sle-container-updates
mailing list