aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2021-09-09T10:18:02Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10603When should -dbg packages be added?2021-09-09T10:18:02ZRasmus Thomsenoss@cogitri.devWhen should -dbg packages be added?Right now we don’t really have a policy for when to add -dbg packages
(at least I can’t seem to find anything)? As a result we mostly don’t
use them (there are about 80 dbg packages, apparently). It’d be nice if
we provided -dbg packages...Right now we don’t really have a policy for when to add -dbg packages
(at least I can’t seem to find anything)? As a result we mostly don’t
use them (there are about 80 dbg packages, apparently). It’d be nice if
we provided -dbg packages for more (if not all) packages to make
debugging possible.
Pro:
\+ Without -dbg packages for a package *and all of its (recursive)
dependencies)* it’s usually impossible to properly debug a program.
Stacktraces won’t have any info for where errors occured and won’t
contain function names (due to them being optimized away), making
debugging via gbd/lldb or similiar somewhat impossible.
Neutral:
o These -dbg packages won’t take up space on the user’s setup unless he
explicitly installs them (maybe we could add a dbg package which just
installs them all, like doc)
Con:
- Dbg packages can be massive, especially for already big packages. This
would mean that we’d need quite a bit more disk spaces on the mirrors.
We could disable -dbg packages for super big packages like webkit2gtk
though.
*(from redmine: issue id 10603, created on 2019-06-22)*
Subtasks:
- [ ] Make debugoptimized the default for meson
- [ ] Make RelWithDebInfo the default for CMake
- [ ] Make `$pkgname-dbg` a default subpkg in newapkbuild
- [ ] Add `-g` to CFLAGSRasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.devhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10602[3.10] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)2019-07-23T11:06:44ZAlicha CH[3.10] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)Insufficient vetting of parameters passed with the \`Prompt:Open\`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combin...Insufficient vetting of parameters passed with the \`Prompt:Open\`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combined with additional vulnerabilities
this could result in executing arbitrary code on the user’s computer.
### Fixed In Version:
Firefox ESR 60.7.2
### Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
*(from redmine: issue id 10602, created on 2019-06-21, closed on 2019-06-28)*
* Relations:
* parent #10600
* Changesets:
* Revision f1f49be1c7278df89e43c698ccc2e30659902683 on 2019-06-27T14:48:06Z:
```
community/firefox-esr: security upgrade to 60.7.2 (CVE-2019-11708)
fixes #10602
```3.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10601[3.11] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)2019-07-24T09:55:29ZAlicha CH[3.11] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)Insufficient vetting of parameters passed with the \`Prompt:Open\`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combin...Insufficient vetting of parameters passed with the \`Prompt:Open\`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combined with additional vulnerabilities
this could result in executing arbitrary code on the user’s computer.
### Fixed In Version:
Firefox ESR 60.7.2
### Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
*(from redmine: issue id 10601, created on 2019-06-21, closed on 2019-06-28)*
* Relations:
* parent #10600
* Changesets:
* Revision ed5e768abd1db57117bb63de5dcff4da11d0576e on 2019-06-27T14:41:49Z:
```
community/firefox-esr: security upgrade to 60.7.2 (CVE-2019-11708)
fixes #10601
```3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10600firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)2019-07-23T11:06:46ZAlicha CHfirefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)Insufficient vetting of parameters passed with the \`Prompt:Open\`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combin...Insufficient vetting of parameters passed with the \`Prompt:Open\`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combined with additional vulnerabilities
this could result in executing arbitrary code on the user’s computer.
### Fixed In Version:
Firefox ESR 60.7.2
### Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
*(from redmine: issue id 10600, created on 2019-06-21, closed on 2019-06-28)*
* Relations:
* child #10601
* child #10602Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10599[3.10] webkit2gtk: Multiple vulnerabilities (CVE-2019-6251, CVE-2019-8506, CV...2019-08-13T08:22:05ZAlicha CH[3.10] webkit2gtk: Multiple vulnerabilities (CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE….CVE-2019-8622, CVE-2019-8623)CVE-2019-6251
Processing maliciously crafted web content may lead to spoofing.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8506
Processing maliciously crafted web content may lead to arbitrary code
execution....CVE-2019-6251
Processing maliciously crafted web content may lead to spoofing.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8506
Processing maliciously crafted web content may lead to arbitrary code
execution.
A type confusion issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8524
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8535
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved state
management.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8536
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8544
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
CVE-2019-8551
Processing maliciously crafted web content may lead to universal cross
site scripting.
A logic issue was addressed with improved validation.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8558
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8559
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8563
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-11070
WebKitGTK and WPE WebKit failed to properly apply configured HTTP proxy
settings when downloading livestream video (HLS, DASH, or Smooth
Streaming),
an error resulting in deanonymization. This issue was corrected by
changing the way livestreams are downloaded.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
### Reference:
https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-6237
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8571
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8583
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8584
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8586
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8587
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8594
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8595
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
CVE-2019-8596
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8597
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8601
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8607
Processing maliciously crafted web content may result in the disclosure
of process memory.
An out-of-bounds read was addressed with improved input validation.
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
CVE-2019-8608
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8609
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8610
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8615
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
CVE-2019-8611
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8619
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8622
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8623
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
### Reference:
https://webkitgtk.org/security/WSA-2019-0003.html
*(from redmine: issue id 10599, created on 2019-06-21)*
* Relations:
* parent #105973.10.2https://gitlab.alpinelinux.org/alpine/aports/-/issues/10596[3.10] chromium: Multiple vulnerabilities (CVE-2019-5824, CVE-2019-5825, CVE…...2020-04-24T06:54:58ZAlicha CH[3.10] chromium: Multiple vulnerabilities (CVE-2019-5824, CVE-2019-5825, CVE…CVE-2019-5838, CVE-2019-5839, CVE-2019-5840)CVE-2019-5825: Out-of-bounds write in V8
CVE-2019-5826: Use-after-free in IndexedDB
CVE-2019-5827: Out-of-bounds access in SQLite
CVE-2019-5824: Parameter passing error in media player
### Fixed In Version:
chromium 74.0.3729.131...CVE-2019-5825: Out-of-bounds write in V8
CVE-2019-5826: Use-after-free in IndexedDB
CVE-2019-5827: Out-of-bounds access in SQLite
CVE-2019-5824: Parameter passing error in media player
### Fixed In Version:
chromium 74.0.3729.131
### Reference:
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop\_30.html
CVE-2019-5828: Use after free in ServiceWorker.
CVE-2019-5829: Use after free in Download Manager.
CVE-2019-5830: Incorrectly credentialed requests in CORS.
CVE-2019-5831: Incorrect map processing in V8.
CVE-2019-5832: Incorrect CORS handling in XHR.
CVE-2019-5833: Inconsistent security UI placement.
CVE-2019-5835: Out of bounds read in Swiftshader.
CVE-2019-5836: Heap buffer overflow in Angle.
CVE-2019-5837: Cross-origin resources size disclosure in Appcache .
CVE-2019-5838: Overly permissive tab access in Extensions.
CVE-2019-5839: Incorrect handling of certain code points in Blink.
CVE-2019-5840: Popup blocker bypass.
### Fixed In Version:
Chromium 75.0.3770.80
### Reference:
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
*(from redmine: issue id 10596, created on 2019-06-21)*
* Relations:
* parent #105943.10.3Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10592udhcpc does not pass hostname2021-05-09T17:52:48ZShannon Barberudhcpc does not pass hostnameWhile this can be added in /etc/network/interfaces this file gets
stomped over by LXC and this ought to happen out-of-the-box not be an
add-on configuration.
*(from redmine: issue id 10592, created on 2019-06-20)*While this can be added in /etc/network/interfaces this file gets
stomped over by LXC and this ought to happen out-of-the-box not be an
add-on configuration.
*(from redmine: issue id 10592, created on 2019-06-20)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10590[3.10] samba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)2019-07-23T11:06:48ZAlicha CH[3.10] samba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
----------------------------------------------------------------------------------
The (poorly named) dnsserver RPC pipe provides administrative
facili...CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
----------------------------------------------------------------------------------
The (poorly named) dnsserver RPC pipe provides administrative
facilities to modify DNS records and zones.
An authenticated user can crash the RPC server process via a NULL
pointer de-reference.
There is no further vulnerability associated with this issue, merely a
denial of service.
### Affected Versions:
Samba 4.9 and 4.10
### Fixed In Version:
Samba 4.9.9 and 4.10.5
### References:
https://www.samba.org/samba/security/CVE-2019-12435.html
https://www.samba.org/samba/history/security.html
### Patches:
https://download.samba.org/pub/samba/patches/security/samba-4.9.8-security-2019-06-19.patch
https://download.samba.org/pub/samba/patches/security/samba-4.10.4-security-2019-06-19.patch
CVE-2019-12436: Samba AD DC LDAP server crash (paged searches)
--------------------------------------------------------------
A user with read access to the LDAP server can crash the LDAP
server process. Depending on the Samba version and the choice
of process model, this may crash only the user’s own connection.
Specifically, while in Samba 4.10 the default is for one process per
connected client, site-specific configuration trigger can change
this.
Samba 4.10 also supports the ‘prefork’ process model and by
using the -M option to ‘samba’ and a ‘single’ process model.
Both of these share on process between multiple clients.
### Affected Versions:
All versions of Samba since Samba 4.10.0
### Fixed In Version:
Samba 4.10.5
### References:
https://www.samba.org/samba/security/CVE-2019-12436.html
### Patch:
https://download.samba.org/pub/samba/patches/security/samba-4.10.4-security-2019-06-19.patch
*(from redmine: issue id 10590, created on 2019-06-20, closed on 2019-06-21)*
* Relations:
* parent #105883.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10589[3.11] samba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)2019-07-23T11:06:49ZAlicha CH[3.11] samba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
----------------------------------------------------------------------------------
The (poorly named) dnsserver RPC pipe provides administrative
facili...CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
----------------------------------------------------------------------------------
The (poorly named) dnsserver RPC pipe provides administrative
facilities to modify DNS records and zones.
An authenticated user can crash the RPC server process via a NULL
pointer de-reference.
There is no further vulnerability associated with this issue, merely a
denial of service.
### Affected Versions:
Samba 4.9 and 4.10
### Fixed In Version:
Samba 4.9.9 and 4.10.5
### References:
https://www.samba.org/samba/security/CVE-2019-12435.html
https://www.samba.org/samba/history/security.html
### Patches:
https://download.samba.org/pub/samba/patches/security/samba-4.9.8-security-2019-06-19.patch
https://download.samba.org/pub/samba/patches/security/samba-4.10.4-security-2019-06-19.patch
CVE-2019-12436: Samba AD DC LDAP server crash (paged searches)
--------------------------------------------------------------
A user with read access to the LDAP server can crash the LDAP
server process. Depending on the Samba version and the choice
of process model, this may crash only the user’s own connection.
Specifically, while in Samba 4.10 the default is for one process per
connected client, site-specific configuration trigger can change
this.
Samba 4.10 also supports the ‘prefork’ process model and by
using the -M option to ‘samba’ and a ‘single’ process model.
Both of these share on process between multiple clients.
### Affected Versions:
All versions of Samba since Samba 4.10.0
### Fixed In Version:
Samba 4.10.5
### References:
https://www.samba.org/samba/security/CVE-2019-12436.html
### Patch:
https://download.samba.org/pub/samba/patches/security/samba-4.10.4-security-2019-06-19.patch
*(from redmine: issue id 10589, created on 2019-06-20, closed on 2019-06-21)*
* Relations:
* parent #10588
* Changesets:
* Revision bcc49b4c70d8234ad73c32628b01f58554ec5b5e on 2019-06-20T08:09:34Z:
```
main/samba: security upgrade to 4.10.5
CVE-2019-12435
CVE-2019-12436
fixes #10589
```
* Revision a80d49fcecdaa5350d709fc4e9b5d71716661eb7 on 2019-06-20T08:43:16Z:
```
main/samba: security upgrade to 4.10.5
CVE-2019-12435
CVE-2019-12436
fixes #10589
```3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10588samba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)2019-07-23T11:06:50ZAlicha CHsamba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
----------------------------------------------------------------------------------
The (poorly named) dnsserver RPC pipe provides administrative
facili...CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
----------------------------------------------------------------------------------
The (poorly named) dnsserver RPC pipe provides administrative
facilities to modify DNS records and zones.
An authenticated user can crash the RPC server process via a NULL
pointer de-reference.
There is no further vulnerability associated with this issue, merely a
denial of service.
### Affected Versions:
Samba 4.9 and 4.10
### Fixed In Version:
Samba 4.9.9 and 4.10.5
### References:
https://www.samba.org/samba/security/CVE-2019-12435.html
https://www.samba.org/samba/history/security.html
### Patches:
https://download.samba.org/pub/samba/patches/security/samba-4.9.8-security-2019-06-19.patch
https://download.samba.org/pub/samba/patches/security/samba-4.10.4-security-2019-06-19.patch
CVE-2019-12436: Samba AD DC LDAP server crash (paged searches)
--------------------------------------------------------------
A user with read access to the LDAP server can crash the LDAP
server process. Depending on the Samba version and the choice
of process model, this may crash only the user’s own connection.
Specifically, while in Samba 4.10 the default is for one process per
connected client, site-specific configuration trigger can change
this.
Samba 4.10 also supports the ‘prefork’ process model and by
using the -M option to ‘samba’ and a ‘single’ process model.
Both of these share on process between multiple clients.
### Affected Versions:
All versions of Samba since Samba 4.10.0
### Fixed In Version:
Samba 4.10.5
### References:
https://www.samba.org/samba/security/CVE-2019-12436.html
### Patch:
https://download.samba.org/pub/samba/patches/security/samba-4.10.4-security-2019-06-19.patch
*(from redmine: issue id 10588, created on 2019-06-20, closed on 2019-06-21)*
* Relations:
* child #10589
* child #10590Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10587enable kernel options for x86_64 hw error event reporting2019-07-23T11:06:51ZHenrik Riomarenable kernel options for x86_64 hw error event reportingSee PR: https://github.com/alpinelinux/aports/pull/8221
*(from redmine: issue id 10587, created on 2019-06-19, closed on 2019-07-11)*See PR: https://github.com/alpinelinux/aports/pull/8221
*(from redmine: issue id 10587, created on 2019-06-19, closed on 2019-07-11)*3.10.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/10586udhcpc default config missing in minirootfs - no IPv4 connectivity2020-07-08T11:35:17ZTaylor Buchananudhcpc default config missing in minirootfs - no IPv4 connectivityI’ve been messing around with using minirootfs as a base for lxc with
s6. However, IPv4 connectivity doesn’t seem to work by default (not
setting IP on interface). I was able to get it working by copying
/usr/share/udhcpc/default.script ...I’ve been messing around with using minirootfs as a base for lxc with
s6. However, IPv4 connectivity doesn’t seem to work by default (not
setting IP on interface). I was able to get it working by copying
/usr/share/udhcpc/default.script from the main alpine lxc image.
The default config currently resides in busybox-initscripts which is not
deployed on minirootfs since it has primarily been focused around
Docker. After a brief chat with Natanael on IRC he said it might be
better located in the busybox package. I agree in this case since
minirootfs is targeted towards containers and LXC on Proxmox can be
configured to use DHCP.
*(from redmine: issue id 10586, created on 2019-06-18)*3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10585OpenSSH "Unsupported option PrintLastLog"2021-05-09T16:59:15ZEd DOpenSSH "Unsupported option PrintLastLog"Inside the example /etc/sshd\_config an option “PrintLastLog” is
included but commented. Commenting it out makes this error appear on
service reload:
/etc/ssh/sshd\_config line xx: Unsupported option PrintLastLog
SSHD version is:
Ope...Inside the example /etc/sshd\_config an option “PrintLastLog” is
included but commented. Commenting it out makes this error appear on
service reload:
/etc/ssh/sshd\_config line xx: Unsupported option PrintLastLog
SSHD version is:
OpenSSH\_8.0p1, OpenSSL 1.1.1c 28 May 2019
*(from redmine: issue id 10585, created on 2019-06-18)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10581Upgrade MPFR2019-12-19T14:56:24ZalgitbotUpgrade MPFRMPFR is on version 4.0.2 but Alpine still uses 3.1.5.
Would be good to update the version for Alpine 3.10 release
*(from redmine: issue id 10581, created on 2019-06-15)*MPFR is on version 4.0.2 but Alpine still uses 3.1.5.
Would be good to update the version for Alpine 3.10 release
*(from redmine: issue id 10581, created on 2019-06-15)*3.11.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/10580Provide static library for libatomic_ops2019-07-23T11:06:52ZNicola SquartiniProvide static library for libatomic_opslibatomic\_ops is currently configured with -disable-static.
*(from redmine: issue id 10580, created on 2019-06-15, closed on 2019-06-19)*
* Changesets:
* Revision 1ad5b564ce566993a5d1af04d0f3e768e95458bc by Leo Leo on 2019-06-17T10...libatomic\_ops is currently configured with -disable-static.
*(from redmine: issue id 10580, created on 2019-06-15, closed on 2019-06-19)*
* Changesets:
* Revision 1ad5b564ce566993a5d1af04d0f3e768e95458bc by Leo Leo on 2019-06-17T10:18:46Z:
```
main/libatomic_ops: provide static library
closes #10580
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/10579/etc/passwd file contains logins with shell (even for system accounts)2019-07-23T09:28:21ZJurrian Fahner/etc/passwd file contains logins with shell (even for system accounts)See below the contents of the passwd file. I’ve marked the unsave lines
by marking it bold.
I saw this in the official docker container and in the minirootfs
distribution (but might be also applicable to other versions).
root:x:0:0:roo...See below the contents of the passwd file. I’ve marked the unsave lines
by marking it bold.
I saw this in the official docker container and in the minirootfs
distribution (but might be also applicable to other versions).
root:x:0:0:root:/root:/bin/ash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
**operator:x:11:0:operator:/root:/bin/sh**
man:x:13:15:man:/usr/man:/sbin/nologin
postmaster:x:14:12:postmaster:/var/spool/mail:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
**postgres:x:70:70::/var/lib/postgresql:/bin/sh**
cyrus:x:85:12::/usr/cyrus:/sbin/nologin
vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
guest:x:405:100:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
*(from redmine: issue id 10579, created on 2019-06-14)*
* Changesets:
* Revision 770d8ce7c6c556d952884ad436dd82b17ceb1a9a by Natanael Copa on 2019-06-17T08:54:47Z:
```
main/alpine-baselayout: remove shell from operator account
fixes #10579
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/10578[3.7] glib: file permission vulnerability (CVE-2019-12450)2019-07-23T11:06:53ZAlicha CH[3.7] glib: file permission vulnerability (CVE-2019-12450)file\_copy\_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1
does not properly restrict file
permissions while a copy operation is in progress. Instead, default
permissions are used.
### References:
https://nvd.nist.gov/vu...file\_copy\_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1
does not properly restrict file
permissions while a copy operation is in progress. Instead, default
permissions are used.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12450
### Patch:
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
*(from redmine: issue id 10578, created on 2019-06-14, closed on 2019-06-20)*
* Relations:
* parent #10574
* Changesets:
* Revision 6d61c0096ba308d340d865f9fc295ac6e88e1277 by Natanael Copa on 2019-06-17T09:42:04Z:
```
main/glib: security fix for CVE-2019-12450
fixes #10578
```3.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10577[3.8] glib: file permission vulnerability (CVE-2019-12450)2019-07-23T11:06:54ZAlicha CH[3.8] glib: file permission vulnerability (CVE-2019-12450)file\_copy\_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1
does not properly restrict file
permissions while a copy operation is in progress. Instead, default
permissions are used.
### References:
https://nvd.nist.gov/vu...file\_copy\_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1
does not properly restrict file
permissions while a copy operation is in progress. Instead, default
permissions are used.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12450
### Patch:
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
*(from redmine: issue id 10577, created on 2019-06-14, closed on 2019-06-20)*
* Relations:
* parent #10574
* Changesets:
* Revision a59a37b197c56022525bbdcbec2d0b98b048883b by Natanael Copa on 2019-06-17T09:38:05Z:
```
main/glib: security fix for CVE-2019-12450
fixes #10577
```3.8.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10576[3.9] glib: file permission vulnerability (CVE-2019-12450)2019-07-23T11:06:55ZAlicha CH[3.9] glib: file permission vulnerability (CVE-2019-12450)file\_copy\_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1
does not properly restrict file
permissions while a copy operation is in progress. Instead, default
permissions are used.
### References:
https://nvd.nist.gov/vu...file\_copy\_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1
does not properly restrict file
permissions while a copy operation is in progress. Instead, default
permissions are used.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12450
### Patch:
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
*(from redmine: issue id 10576, created on 2019-06-14, closed on 2019-06-20)*
* Relations:
* parent #10574
* Changesets:
* Revision 300c17172f28b6d0bd024111bc74805dc28de56a by Natanael Copa on 2019-06-17T09:35:30Z:
```
main/glib: security fix for CVE-2019-12450
fixes #10576
```3.9.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10575[3.10] glib: file permission vulnerability (CVE-2019-12450)2019-07-23T11:06:56ZAlicha CH[3.10] glib: file permission vulnerability (CVE-2019-12450)file\_copy\_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1
does not properly restrict file
permissions while a copy operation is in progress. Instead, default
permissions are used.
### References:
https://nvd.nist.gov/vu...file\_copy\_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1
does not properly restrict file
permissions while a copy operation is in progress. Instead, default
permissions are used.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12450
### Patch:
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
*(from redmine: issue id 10575, created on 2019-06-14, closed on 2019-06-20)*
* Relations:
* parent #105743.10.0Natanael CopaNatanael Copa