Safety vulnerability ID: 53743
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Easybuild-easyconfigs 4.5.1 includes a fix for CVE-2021-43527: A remote code execution flaw was found in the way NSS verifies certificates.
https://github.com/easybuilders/easybuild-easyconfigs/pull/14497
Latest version: 4.9.4
Easyconfig files are simple build specification files for EasyBuild, that specify the build parameters for software packages (version, compiler toolchain, dependency versions, etc.).
EasyBuild v4.5.1 is primarily a bugfix and update release, but it also includes various minor enhancements.
Highlights for this release are listed below. More details are available in the [release notes](https://docs.easybuild.io/en/latest/Release_notes.html#easybuild-v4-5-1-december-13th-2021) which includes links to the respective pull requests for more detailed information.
Prominent bug fixes & changes
(bug fixes or changes that (may) warrant re-installing easyconfigs are marked with `(***)`)
- don't try to ensure absolute path for path part of `--repositorypath` EasyBuild configuration option;
- only remove lock if it was created in the same EasyBuild session (not if it existed already);
- `(***)` minor fixes for various software-specific easyblocks: CP2K, MUMmer, netcdf4-python, ORCA, OpenFOAM, OpenMPI, PETSc, SLEPc;
- `(***)` add patch for libfabric v1.12.1 to fix unknown link width 0x10 warning;
- add patch for GCCcore 9.1-9.3 and 10.1-11.1 to fix compatibility with recent kernel headers;
- `(***)` add patch to fix [CVE-2021-43527](https://access.redhat.com/security/cve/CVE-2021-43527) in NSS;
- pass tests on A* GPUs by setting `NVIDIA_TF32_OVERRIDE=0` in jax 0.2.19;
- `(***)` add patch to fix broken (hanging) Mash binaries;
- seed in PCRE2 sources to fix broken MariaDB 10.5.8 + 10.6.4 easyconfigs;
- rename R bindings for `Arrow` to `arrow-R`, so it can be used in a lowercase module naming scheme;
- comment out imkl build dependency for FlexiBLAS 3.0.4 with `GCC/11.2.0`;
- consistently use '`Grace`' software name + sync homepage/source_urls;
Highlighted enhancements
*enhancements that (may) warrant updating existing installations are marked with `(***)`)
- enhancements for experimental feature `--parallel-extensions-install`:
* also determine which extensions can be skipped in parallel;
* fall back to sequential installation for extensions with unknown dependencies;
* see also https://docs.easybuild.io/en/latest/Installing_extensions_in_parallel.html;
- allow oversubscription in sanity check for OpenMPI-based toolchains;
- new software-specific easyblock for Clang-AOMP;
- enhanced Rpm generic easyblock;
- updates and enhancements for various software-specific easyblocks: Eigen, GROMACS, Inspector, jaxlib, SAMtools, tbb;
- `(***)` [additional extensions](https://docs.easybuild.io/en/latest/Partial_installations.html#installing-additional-extensions-using-k-skip) for R-bundle-Bioconductor 3.13;
- `(***)` [additional extensions](https://docs.easybuild.io/en/latest/Partial_installations.html#installing-additional-extensions-using-k-skip) for R v4.1.x;
Supported software
Support for installing 71 new software packages has been added, including (but not limited to):
- BabelStream
- bamtofastq
- bcbio-gff
- Clang-AOMP
- CMSeq
- dRep
- DUBStepR
- elprep
- epiScanpy
- FMM3D
- HIP
- InChI
- LERC
- libtree
- Megalodon
- nnU-Net
- PPanGGOLiN
- ProFit
- PySide2
- ROCm
- Shasta
- SimNIBS
- SMV (Smokeview)
- ThemisPy
- TOBIAS
- zlib-ng
- Zopfli
This brings the total number of supported software packages to 2,575 (excluding extensions)!
An up-to-date list of supported software is available [here](https://docs.easybuild.io/en/latest/version-specific/Supported_software.html).
Various software updates have been added, including (but not limited to):
- AlphaFold 2.1.1
- Arrow 6.0.0
- Boost 1.77.0
- Eigen 3.4.0
- ESMF 8.2.0
- Flye 2.9
- Horovod 0.23.0
- ITK 5.2.1
- jax 0.2.24
- NCO 5.0.3
- OpenMPI 4.1.2
- pangolin 3.1.16
- PyTorch 1.10.0
- R 4.1.2
- R-bundle-Bioconductor 3.14
- scikit-learn 1.0.1
- torchvision 0.11.1
- Trycycler 0.5.2
- Unicycler 0.4.9
- UShER 0.5.0
- WPS 4.3.1
- Yambo 5.0.4
---
These changes result from various contributions, made by 24 different contributors:
* 15 merged pull requests for EasyBuild framework
* 19 merged pull requests for easyblocks
* 244 merged pull requests for easyconfigs
Thanks to everyone who contributed to this release in one way or another!
To upgrade to EasyBuild v4.5.1, there are [several options](https://docs.easybuild.io/en/latest/Installation.html#updating-an-existing-easybuild-installation).
Two particularly easy options include:
* `eb --install-latest-eb-release`
* `eb --from-pr 14545` use easyconfig from [PR 14545](https://github.com/easybuilders/easybuild-easyconfigs/pull/14545)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application