aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:23:43Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1909weirdness in libc0.9.32 APKBUILD2019-07-23T14:23:43ZDubiousjim .weirdness in libc0.9.32 APKBUILDbuild() has:
>local \_kh=
>…
>if \[ -n “$SYSROOT” \]; then
\_kh=KERNEL\_HEADERS=“$SYSROOT/include”; fi
>…
>make -j1 V=2 pregen KERNEL\_HEADERS=“$SYSROOT”/usr/include
CROSS=“$CROSS” || return 1
>make all V=2 KERNEL\_HEADERS=“$S...build() has:
>local \_kh=
>…
>if \[ -n “$SYSROOT” \]; then
\_kh=KERNEL\_HEADERS=“$SYSROOT/include”; fi
>…
>make -j1 V=2 pregen KERNEL\_HEADERS=“$SYSROOT”/usr/include
CROSS=“$CROSS” || return 1
>make all V=2 KERNEL\_HEADERS=“$SYSROOT/usr/include” CROSS=“$CROSS”
|| return 1
>…
\_kh is never used. Is this cruft from an earlier version?
*(from redmine: issue id 1909, created on 2013-05-18, closed on 2013-05-27)*
* Changesets:
* Revision 888a762e3e7bf47d79c8f2f87ae9c2382e936d63 by Natanael Copa on 2013-05-21T09:18:52Z:
```
main/libc0.9.32: clean up dead code
fixes #1909
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2130ACF WebLog - Highlight Blocked and Bypassed entries2019-07-23T14:20:17ZRay PatingACF WebLog - Highlight Blocked and Bypassed entriesWould it be possible for us to highlight or place a red background for
the entries which are blocked and/or bypassed by users? Thanks!
*(from redmine: issue id 2130, created on 2013-07-08, closed on 2013-11-19)*Would it be possible for us to highlight or place a red background for
the entries which are blocked and/or bypassed by users? Thanks!
*(from redmine: issue id 2130, created on 2013-07-08, closed on 2013-11-19)*3.0.0Ted TraskTed Traskhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2250setup-disk: syslinux trigger fails2019-07-23T14:18:44ZKaarle Ritvanensetup-disk: syslinux trigger failsIn the ‘sys’ mode, the trigger of the syslinux package fails when
installing the root file system. The boot loader is installed correctly
by setup-disk, but ‘apk fix’ must be run manually after the reboot to
recover the state of the sysl...In the ‘sys’ mode, the trigger of the syslinux package fails when
installing the root file system. The boot loader is installed correctly
by setup-disk, but ‘apk fix’ must be run manually after the reboot to
recover the state of the syslinux package.
*(from redmine: issue id 2250, created on 2013-09-10, closed on 2013-10-02)*
* Changesets:
* Revision 562765e842b43133319b1f084f0479ba4843abbe by Natanael Copa on 2013-10-02T09:58:33Z:
```
main/alpine-conf: fix running syslinux trigger from setup-disk
ref #2250
```
* Revision 754f8509b4e36cf2d08c08473daf979bae5569ba by Natanael Copa on 2013-10-02T10:22:49Z:
```
main/alpine-conf: fix running syslinux trigger from setup-disk
fixes #2250
(cherry picked from commit 562765e842b43133319b1f084f0479ba4843abbe)
Conflicts:
main/alpine-conf/APKBUILD
```Alpine 2.6.5https://gitlab.alpinelinux.org/alpine/aports/-/issues/2296testing/mplayer2 won't build2019-07-23T14:18:08ZLeslie Polzertesting/mplayer2 won't buildWhen trying to build mplayer2 2.0-3 on an up to date edge system (as per
4 Nov 2013), the build fails.
>>> mplayer2: Unpacking /var/cache/distfiles/mplayer2-2.0.tar.xz...
>>> mplayer2: mplayer-gcc-4.6-audio-fix.patch
patchin...When trying to build mplayer2 2.0-3 on an up to date edge system (as per
4 Nov 2013), the build fails.
>>> mplayer2: Unpacking /var/cache/distfiles/mplayer2-2.0.tar.xz...
>>> mplayer2: mplayer-gcc-4.6-audio-fix.patch
patching file mp3lib/dct64_sse.c
>>> mplayer2: c33fafd6f1bc2a430c114231cecc6e1c56c1f939.patch
patching file av_log.c
Hunk #1 succeeded at 56 (offset -1 lines).
patching file av_opts.c
patching file libmpcodecs/ad_ffmpeg.c
patching file libmpcodecs/vd_ffmpeg.c
Hunk #2 succeeded at 539 (offset -2 lines).
Hunk #3 succeeded at 783 (offset -2 lines).
patching file libmpcodecs/vf_geq.c
patching file libmpcodecs/vf_pp.c
patching file libmpdemux/demux_lavf.c
Hunk #2 succeeded at 366 (offset 5 lines).
Hunk #3 succeeded at 437 (offset 4 lines).
Hunk #4 succeeded at 480 (offset 4 lines).
Hunk #5 succeeded at 759 (offset 1 line).
Hunk #6 succeeded at 930 (offset 5 lines).
Detected operating system: Linux
Detected host architecture: i386
Checking for host cc ... cc
Checking for cross compilation ... yes
cc: error: /usr/share/gcc/hardenednopie.specs: No such file or directory
cc: error: /usr/share/gcc/hardenednopie.specs: No such file or directory
Checking for GCC & CPU optimization abilities ... i486
Checking for byte order ... failed to autodetect byte order, defaulting to little-endian
Checking for extern symbol prefix ...
Error: Symbol mangling check failed.
Check "config.log" if you do not understand why it failed.
>>> ERROR: mplayer2: all failed
Removing the gcc spec envvar export in the APKBUILD we get:
gcc -MD -MP -Wundef -Wstrict-prototypes -Wmissing-prototypes -Wdisabled-optimization -Wno-pointer-sign -std=gnu99 -Os -fomit-frame-pointer -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I. -Os -fomit-frame-pointer -DPIC -D_REENTRANT -I/usr/include/freetype2 -c -o libmpcodecs/vf_eq2.o libmpcodecs/vf_eq2.c
libmpcodecs/vf_eq.c: In function 'process_MMX':
libmpcodecs/vf_eq.c:65:3: error: 'asm' operand has impossible constraints
__asm__ volatile (
^
Makefile:606: recipe for target 'libmpcodecs/vf_eq.o' failed
make: *** [libmpcodecs/vf_eq.o] Error 1
make: *** Waiting for unfinished jobs....
libmpcodecs/vf_eq2.c: In function 'affine_1d_MMX':
libmpcodecs/vf_eq2.c:147:5: error: 'asm' operand has impossible constraints
__asm__ volatile (
^
Makefile:606: recipe for target 'libmpcodecs/vf_eq2.o' failed
make: *** [libmpcodecs/vf_eq2.o] Error 1
>>> ERROR: mplayer2: all failed
*(from redmine: issue id 2296, created on 2013-11-04, closed on 2013-11-25)*
* Relations:
* relates #24383.0.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2356pv-grub needs to support alpine2019-07-23T14:17:17ZFlorian Heiglpv-grub needs to support alpineXen users are currently recommended to switch to pv-grub when hitting
issues w/pygrub.
There’s two problems:
\- pv-grub doesn’t read a /boot/extlinux.cfg inside a VM
Since it’s called pv-**grub** that’s kinda understandable.
\- pv-g...Xen users are currently recommended to switch to pv-grub when hitting
issues w/pygrub.
There’s two problems:
\- pv-grub doesn’t read a /boot/extlinux.cfg inside a VM
Since it’s called pv-**grub** that’s kinda understandable.
\- pv-grub needs to be given a named root partition
apparently it doesn’t do any of the active partitions and MBR stuff.
That means a user can’t repartition their VM or do anything like it.
So, in fact, it’s not a working replacement for pygrub!
Not mentioning advanced use cases like pxe boot with disk fallback?
I think in any case those issues are solveable. They’re mostly upstream
issues but since using extlinux Alpine Linux is pretty much affected.
A solution might be as easy (and ugly) as having a compatibility hook in
update-extlinux.
Hopefully a fix would not be too hackish or we just have the next
incomplete thing to deprecate in a few years.
*(from redmine: issue id 2356, created on 2013-11-14, closed on 2014-06-26)*3.0.1Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2536Request for Macchanger package2019-07-23T14:14:51ZChris SpillaneRequest for Macchanger packageThis is a request for the macchanger package (see github page at
https://github.com/alobbs/macchanger). Allows changing of interface MAC
addresses. This can be very useful in hostile environments, especially
over wireless.
*(from redmi...This is a request for the macchanger package (see github page at
https://github.com/alobbs/macchanger). Allows changing of interface MAC
addresses. This can be very useful in hostile environments, especially
over wireless.
*(from redmine: issue id 2536, created on 2013-12-31, closed on 2015-12-09)*
* Changesets:
* Revision fae75e67314abd6fa9ee9cc170e219fa515a7076 by Natanael Copa on 2014-10-15T15:17:10Z:
```
testing/macchanger: new aport
An utility for viewing/manipulating the MAC address of network interfaces
https://github.com/alobbs/macchanger
fixes #2536
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/2537ACF-Unbound feature request2019-07-23T14:14:50ZChris SpillaneACF-Unbound feature requestAn ACF interface for unbound DNS server would be very cool. Alas, this
will be low priority, since editing the config file isn’t difficult :)
*(from redmine: issue id 2537, created on 2013-12-31, closed on 2014-06-04)*An ACF interface for unbound DNS server would be very cool. Alas, this
will be low priority, since editing the config file isn’t difficult :)
*(from redmine: issue id 2537, created on 2013-12-31, closed on 2014-06-04)*Ted TraskTed Traskhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2677pidgin: multiple vulnerabilies2019-07-23T14:12:36ZAlexander Belouspidgin: multiple vulnerabiliesNew version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pi...New version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pidgin.im/
*(from redmine: issue id 2677, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* child #2678
* child #2679
* child #2680
* child #2681https://gitlab.alpinelinux.org/alpine/aports/-/issues/2678[v2.4] pidgin: multiple vulnerabilies2019-07-23T14:12:35ZAlexander Belous[v2.4] pidgin: multiple vulnerabiliesNew version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pi...New version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pidgin.im/
*(from redmine: issue id 2678, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* parent #2677
* Changesets:
* Revision 6c587ad3a39bae5d6a3f4c0d78f0a239b253242e by Natanael Copa on 2014-03-03T11:22:54Z:
```
main/pidgin: security upgrade to 2.10.9 (various CVEs)
fixes #2678
CVE-2014-0020 Remotely triggerable crash in IRC argument parsing
CVE-2013-6490 Buffer overflow in SIMPLE header parsing
CVE-2013-6489 Buffer overflow in MXit emoticon parsing
CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6486 Pidgin uses clickable links to untrusted executables
CVE-2013-6485 Buffer overflow parsing chunked HTTP responses
CVE-2013-6484 Crash reading response from STUN server
CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies
CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN
CVE-2013-6482 NULL pointer dereference parsing headers in MSN
CVE-2013-6481 Remote crash reading Yahoo! P2P message
CVE-2013-6479 Remote crash parsing HTTP responses
CVE-2013-6478 Crash when hovering pointer over a long URL
CVE-2013-6477 Crash handling bad XMPP timestamp
CVE-2012-6152 Yahoo! remote crash from incorrect character encoding
```Alpine 2.4.12Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2679[v2.5] pidgin: multiple vulnerabilies2019-07-23T14:12:34ZAlexander Belous[v2.5] pidgin: multiple vulnerabiliesNew version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pi...New version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pidgin.im/
*(from redmine: issue id 2679, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* parent #2677
* Changesets:
* Revision 32cb9c69dda4231f5c74c8654b308d3bbf6922cf by Natanael Copa on 2014-03-03T11:22:52Z:
```
main/pidgin: security upgrade to 2.10.9 (various CVEs)
fixes #2679
CVE-2014-0020 Remotely triggerable crash in IRC argument parsing
CVE-2013-6490 Buffer overflow in SIMPLE header parsing
CVE-2013-6489 Buffer overflow in MXit emoticon parsing
CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6486 Pidgin uses clickable links to untrusted executables
CVE-2013-6485 Buffer overflow parsing chunked HTTP responses
CVE-2013-6484 Crash reading response from STUN server
CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies
CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN
CVE-2013-6482 NULL pointer dereference parsing headers in MSN
CVE-2013-6481 Remote crash reading Yahoo! P2P message
CVE-2013-6479 Remote crash parsing HTTP responses
CVE-2013-6478 Crash when hovering pointer over a long URL
CVE-2013-6477 Crash handling bad XMPP timestamp
CVE-2012-6152 Yahoo! remote crash from incorrect character encoding
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2680[v2.6] pidgin: multiple vulnerabilies2019-07-23T14:12:33ZAlexander Belous[v2.6] pidgin: multiple vulnerabiliesNew version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pi...New version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pidgin.im/
*(from redmine: issue id 2680, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* parent #2677Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2681[v2.7] pidgin: multiple vulnerabilies2019-07-23T14:12:32ZAlexander Belous[v2.7] pidgin: multiple vulnerabilies*(from redmine: issue id 2681, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* parent #2677
* Changesets:
* Revision 9fc8798bff8fb121be4a3bda0075f124967b12e7 by Natanael Copa on 2014-03-03T11:20:18Z:
```
main/pidgin: s...*(from redmine: issue id 2681, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* parent #2677
* Changesets:
* Revision 9fc8798bff8fb121be4a3bda0075f124967b12e7 by Natanael Copa on 2014-03-03T11:20:18Z:
```
main/pidgin: security upgrade to 2.10.9 (various CVEs)
fixes #2681
CVE-2014-0020 Remotely triggerable crash in IRC argument parsing
CVE-2013-6490 Buffer overflow in SIMPLE header parsing
CVE-2013-6489 Buffer overflow in MXit emoticon parsing
CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6486 Pidgin uses clickable links to untrusted executables
CVE-2013-6485 Buffer overflow parsing chunked HTTP responses
CVE-2013-6484 Crash reading response from STUN server
CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies
CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN
CVE-2013-6482 NULL pointer dereference parsing headers in MSN
CVE-2013-6481 Remote crash reading Yahoo! P2P message
CVE-2013-6479 Remote crash parsing HTTP responses
CVE-2013-6478 Crash when hovering pointer over a long URL
CVE-2013-6477 Crash handling bad XMPP timestamp
CVE-2012-6152 Yahoo! remote crash from incorrect character encoding
```
* Revision 3f7dfec3a08a89eb71c26eb2bb6852fa45e069fb by Natanael Copa on 2014-03-03T13:50:06Z:
```
main/pidgin: security upgrade to 2.10.9 (various CVEs)
fixes #2681
CVE-2014-0020 Remotely triggerable crash in IRC argument parsing
CVE-2013-6490 Buffer overflow in SIMPLE header parsing
CVE-2013-6489 Buffer overflow in MXit emoticon parsing
CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6486 Pidgin uses clickable links to untrusted executables
CVE-2013-6485 Buffer overflow parsing chunked HTTP responses
CVE-2013-6484 Crash reading response from STUN server
CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies
CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN
CVE-2013-6482 NULL pointer dereference parsing headers in MSN
CVE-2013-6481 Remote crash reading Yahoo! P2P message
CVE-2013-6479 Remote crash parsing HTTP responses
CVE-2013-6478 Crash when hovering pointer over a long URL
CVE-2013-6477 Crash handling bad XMPP timestamp
CVE-2012-6152 Yahoo! remote crash from incorrect character encoding
```Alpine 2.7.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2685php-fpm shows as crashed2019-07-23T14:12:30Zalgitbotphp-fpm shows as crashedFor some reason, php-fpm-5.5.9-r0 always shows as crashed in rc-status
even if it’s working properly.
*(from redmine: issue id 2685, created on 2014-02-13, closed on 2014-06-25)*
* Changesets:
* Revision 0449861a8f541e2091c0e4b04968...For some reason, php-fpm-5.5.9-r0 always shows as crashed in rc-status
even if it’s working properly.
*(from redmine: issue id 2685, created on 2014-02-13, closed on 2014-06-25)*
* Changesets:
* Revision 0449861a8f541e2091c0e4b049682f8deee67333 by Natanael Copa on 2014-06-19T09:16:29Z:
```
main/php: fix php-fpm script
ref #2685
The problem was that it usesd start-stop-daemon --exec but the argv[0]
name didnt correpond so start-stop-daemon could not know that it was up
and running.
The fix is to use pidfile.
Script is based on update from gentoo.
```
* Revision 903608c37a934b946dab8b5ee3af925422e95dc1 by Natanael Copa on 2014-06-19T09:24:02Z:
```
main/php: fix php-fpm script
fixes #2685
The problem was that it usesd start-stop-daemon --exec but the argv[0]
name didnt correpond so start-stop-daemon could not know that it was up
and running.
The fix is to use pidfile.
Script is based on update from gentoo.
(cherry picked from commit 0449861a8f541e2091c0e4b049682f8deee67333)
```
* Revision 0b27b4f563b0ade438f24589d0bc413a25f8e77e by Natanael Copa on 2014-06-19T09:27:46Z:
```
main/php: fix php-fpm script
ref #2685
The problem was that it usesd start-stop-daemon --exec but the argv[0]
name didnt correpond so start-stop-daemon could not know that it was up
and running.
The fix is to use pidfile.
Script is based on update from gentoo.
(cherry picked from commit 0449861a8f541e2091c0e4b049682f8deee67333)
```Alpine 2.7.9https://gitlab.alpinelinux.org/alpine/aports/-/issues/2686dbus should create a "system" user/group2019-07-23T14:12:29ZIgor Falcomatadbus should create a "system" user/groupAt the moment the dbus installer creates a messagebus user with uid/gid
1000 (or the first “normale user” uid/gid free)
Something like:
addgroup -S messagebus
adduser -H -h /dev/null -s /bin/false -D -S -G messagebus messagebus
*(...At the moment the dbus installer creates a messagebus user with uid/gid
1000 (or the first “normale user” uid/gid free)
Something like:
addgroup -S messagebus
adduser -H -h /dev/null -s /bin/false -D -S -G messagebus messagebus
*(from redmine: issue id 2686, created on 2014-02-19, closed on 2014-03-07)*
* Changesets:
* Revision 267b0b0452c421add1ce9b7aa9efd3953898118c by Natanael Copa on 2014-03-04T15:49:25Z:
```
main/dbus: create use as system user
fixes #2686
(cherry picked from commit cd6e2e857e4f9a7fc60d8c141a53575e76bdf70f)
Conflicts:
main/dbus/APKBUILD
```Alpine 2.7.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2907libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)2019-07-23T14:09:17ZAlexander Belouslibmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2907, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* child #2908
* child #2909
* child #2910
* Changesets:
* Revision dbaf2189273d3ff04b4d1ac7682a6845d06c0adf by Natanael Copa on 2014-05-21T13:39:30Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
ref #2907
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/2908[v2.5] libmms: heap-based buffer overflow in the get_answer function (CVE-201...2019-07-23T14:09:15ZAlexander Belous[v2.5] libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2908, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* parent #2907
* Changesets:
* Revision cef8b69227bdb1c0039f8ae6833e72d70b275ad1 by Natanael Copa on 2014-05-22T14:49:07Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
fixes #2908
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2909[v2.6] libmms: heap-based buffer overflow in the get_answer function (CVE-201...2019-07-23T14:09:15ZAlexander Belous[v2.6] libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2909, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* parent #2907
* Changesets:
* Revision c543e6951cd74145741b0b300a9c730d7b261d26 by Natanael Copa on 2014-05-22T14:49:40Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
fixes #2909
```Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2910[v2.7] libmms: heap-based buffer overflow in the get_answer function (CVE-201...2019-07-23T14:09:13ZAlexander Belous[v2.7] libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2910, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* parent #2907
* Changesets:
* Revision fb608dbe599624f5f4345feaa292ad2c84c165c9 by Natanael Copa on 2014-05-21T13:37:40Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
fixes #2910
```Alpine 2.7.8Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2969Package Request: mod-sflow2019-07-23T14:08:16ZFlorian HeiglPackage Request: mod-sflowI stumbled over
https://code.google.com/p/mod-sflow/
which is a sFlow plugin for apache.
I think this is a cool feature for busy Apache webserver farms.
Requests are sampled, there’s a http reporting url and more interesting
featu...I stumbled over
https://code.google.com/p/mod-sflow/
which is a sFlow plugin for apache.
I think this is a cool feature for busy Apache webserver farms.
Requests are sampled, there’s a http reporting url and more interesting
features.
I’ll try packaging it.
*(from redmine: issue id 2969, created on 2014-05-28, closed on 2014-12-09)*
* Changesets:
* Revision 5eac8562d04c578359a31869ab1b6860d85a6fde by Natanael Copa on 2014-10-15T16:13:42Z:
```
testing/mod-sflow: new aport
Apache module to implement logging using sFlow for monitoring of large web clusters.
https://code.google.com/p/mod-sflow/
fixes #2969
```3.1.0Florian HeiglFlorian Heigl2014-07-31https://gitlab.alpinelinux.org/alpine/aports/-/issues/2990bash: security feature bypassed2019-07-23T14:07:57ZAlexander Belousbash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2990, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* child #2991
* child #2992
* child #2993
* child #2994
* Changesets:
* Revision 15eb98780f3c051d2835df3860b5bcba16bf1aae by Natanael Copa on 2014-06-05T10:55:05Z:
```
main/bash: fix setuid bug
ref #2990
```
* Revision 3e589033a44832ab8b4f5a8e9a68aac077beae59 by Natanael Copa on 2014-06-17T11:55:11Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2993
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
```
* Revision 47505bf144ffd2f83881a719f85fcc0ec3cf9ba6 by Natanael Copa on 2014-06-17T11:55:37Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2994
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
```
* Revision 883b411c85593d30f2296a157a733aa799c32828 by Natanael Copa on 2014-06-17T11:57:19Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2992
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
```
* Revision 53d049ee391dde7c74d37262eb0c027c61c8562f by Natanael Copa on 2014-06-17T12:01:39Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2991
(cherry picked from commit 883b411c85593d30f2296a157a733aa799c32828)
Conflicts:
main/bash/APKBUILD
```