aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2024-03-27T19:29:00Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/15788main/dnsmasq: Upgrade from 2.89-r6 to 2.90-r0 causes issues 100% CPU usage an...2024-03-27T19:29:00ZNewbytemain/dnsmasq: Upgrade from 2.89-r6 to 2.90-r0 causes issues 100% CPU usage and DNS lookup fail for some usersDownstream issue with more information and reports from users, including a workaround: https://gitlab.com/postmarketOS/pmaports/-/issues/2601
Everyone reporting issues is on aarch64.
Not sure if I should copy information from there to ...Downstream issue with more information and reports from users, including a workaround: https://gitlab.com/postmarketOS/pmaports/-/issues/2601
Everyone reporting issues is on aarch64.
Not sure if I should copy information from there to here. Let me know if you prefer that.
Relevant commit: https://gitlab.alpinelinux.org/alpine/aports/-/commit/72ab6c34cd91684f87630c5dbe1180b18360e4b3
Paging maintainer: @ncopa
And author of the commit: @omnihttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12413GDM broken after rootless Xorg change2024-03-15T15:46:51ZRasmus Thomsenoss@cogitri.devGDM broken after rootless Xorg changeAfter !16022 has been applied, GDM doesn't start anymore in Xorg mode. The Xorg log mentions `XF86OpenConsole: Cannot open virtual console 1 (Permission denied)`. After re-adding SUID to `/usr/bin/X` it works again.After !16022 has been applied, GDM doesn't start anymore in Xorg mode. The Xorg log mentions `XF86OpenConsole: Cannot open virtual console 1 (Permission denied)`. After re-adding SUID to `/usr/bin/X` it works again.3.18.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/15838community/tokodon: fails to launch2024-03-15T08:10:48ZMarco Schrödercommunity/tokodon: fails to launchTokodon does not launch.
The following is printed in the log:
```
QQmlApplicationEngine failed to load component
qrc:/qt/qml/org/kde/tokodon/content/ui/Main.qml: module "org.kde.desktop" is not installed
```
System information:
- postm...Tokodon does not launch.
The following is printed in the log:
```
QQmlApplicationEngine failed to load component
qrc:/qt/qml/org/kde/tokodon/content/ui/Main.qml: module "org.kde.desktop" is not installed
```
System information:
- postmarketOS edge
- tokodon 24.02.0-r0https://gitlab.alpinelinux.org/alpine/aports/-/issues/13017main/alpine-baselayout: profile $PATH has the wrong path order with SSH2024-03-11T10:39:54ZEric Shiehmain/alpine-baselayout: profile $PATH has the wrong path order with SSHCurrently `/etc/profile` checks for duplicate paths, however, when used with SSH, this will lead to incorrect PATH order after SSH login.
```shell
$ grep PATH /etc/ssh/sshd_config
# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/...Currently `/etc/profile` checks for duplicate paths, however, when used with SSH, this will lead to incorrect PATH order after SSH login.
```shell
$ grep PATH /etc/ssh/sshd_config
# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
# login from console
$ printenv PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# login from SSH
$ printenv PATH
/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin
```
Since SSH already comes with PATH `/bin:/usr/bin:/sbin:/usr/sbin`,
after logging in and excluding duplicates, it becomes `/bin:/usr/bin:/sbin:/usr/sbin` + `:/usr/local/sbin:/usr/local/bin`.
Steps to reproduce (with docker):
start-sshd.sh
```shell
#!/bin/sh
set -e
apk --no-cache --update \
--repository https://dl-cdn.alpinelinux.org/alpine/v3.14/main \
add openssh-server
rm -rf /var/lib/apk/*
passwd -d -u root
ssh-keygen -t ed25519 -P "" -f /etc/ssh/ssh_host_ed25519_key
sed -i \
-e 's/#\(PermitRootLogin\).*/\1 yes/g' \
-e 's/#\(PasswordAuthentication\).*/\1 yes/g' \
-e 's/#\(PermitEmptyPasswords\).*/\1 yes/g' \
/etc/ssh/sshd_config
exec /usr/sbin/sshd -D
```
```shell
# 1. Run the SSH server
CONTAINER_ID=$(docker run -d --rm -v $PWD/start-sshd.sh:/start-sshd.sh:ro --init alpine:3.14 /bin/sh /start-sshd.sh)
CONTAINER_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "$CONTAINER_ID" | head -n1)
# 2. Check $PATH with docker exec
$ docker exec "$CONTAINER_ID" printenv PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# 3. Check $PATH after SSH login
$ ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null "root@$CONTAINER_IP"
$ printenv PATH
/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin
# 4. Stop and remove container
$ docker stop "$CONTAINER_ID"
```
related:
- Issue #12803
- MR !22657
- Commit 6104bf463.18.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/15255community/k3s: panic in v1.27.4+k3s12023-12-22T23:28:17ZWilliam Wilhelmcommunity/k3s: panic in v1.27.4+k3s1(Moved from upstream issue, raised by different user https://github.com/k3s-io/k3s/issues/8293)
k3s 1.27.4.1-r1 fails to start with
```
panic: flag alsologtostderr set at github.com/k3s-io/k3s/pkg/cli/cmds/log.go:78 before being define...(Moved from upstream issue, raised by different user https://github.com/k3s-io/k3s/issues/8293)
k3s 1.27.4.1-r1 fails to start with
```
panic: flag alsologtostderr set at github.com/k3s-io/k3s/pkg/cli/cmds/log.go:78 before being defined
goroutine 2334 [running]:
flag.(*FlagSet).Var(0xc000122150, {0x5ccebe0, 0x8964529}, {0x43de2d7, 0xf}, {0x4549454, 0x49})
flag/flag.go:1031 +0x33a
k8s.io/klog/v2.InitFlags.func1(0xc0002943f0?)
k8s.io/klog/v2@v2.90.1/klog.go:437 +0x31
flag.(*FlagSet).VisitAll(0x89618e0?, 0xc001bddf30)
flag/flag.go:458 +0x42
k8s.io/klog/v2.InitFlags(0x5d03618?)
k8s.io/klog/v2@v2.90.1/klog.go:436 +0x45
github.com/k3s-io/k3s/pkg/daemons/executor.(*Embedded).Bootstrap.func1()
github.com/k3s-io/k3s/pkg/daemons/executor/embed.go:61 +0x55
created by github.com/k3s-io/k3s/pkg/daemons/executor.(*Embedded).Bootstrap in goroutine 1
github.com/k3s-io/k3s/pkg/daemons/executor/embed.go:54 +0x8f
```
1.27.3.1-r2 works fine.
According to https://github.com/k3s-io/k3s/issues/8293 this isn't reproducible in upstream k3s.Oleg TitovOleg Titovhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13536heimdal conflicts with shadow2023-12-20T11:07:39ZGray Wolfheimdal conflicts with shadowI wanted to connect to NFS, so I wanted to install kinit, which is provided by heimdal package. However I was told
```
ERROR: unable to select packages:
heimdal-7.7.0-r6:
conflicts: shadow-4.8.1-r1[cmd:su=7.7.0-r6]
satisfies: ...I wanted to connect to NFS, so I wanted to install kinit, which is provided by heimdal package. However I was told
```
ERROR: unable to select packages:
heimdal-7.7.0-r6:
conflicts: shadow-4.8.1-r1[cmd:su=7.7.0-r6]
satisfies: world[heimdal]
shadow-4.8.1-r1:
conflicts: heimdal-7.7.0-r6[cmd:su=4.8.1-r1]
satisfies: world[shadow]
```
I don't understand why su is packaged by heimdal. Is that intentional? If yes, could it at least be in heimdal-su subpackage, so that I can have both shadow and heimdal installed?Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12246Machine became offline after reboot : /etc/init.d/networking is missing2023-12-17T00:07:26ZTaner TasMachine became offline after reboot : /etc/init.d/networking is missingAfter my machine became offline after first reboot, I realized that there isn't /etc/init.d/networking anymore. It seems this file belongs to ifupdown-ng-openrc according to https://git.alpinelinux.org/aports/tree/main/ifupdown-ng/APKBUI...After my machine became offline after first reboot, I realized that there isn't /etc/init.d/networking anymore. It seems this file belongs to ifupdown-ng-openrc according to https://git.alpinelinux.org/aports/tree/main/ifupdown-ng/APKBUILD but there is no such package somehow. Did I miss something?
https://git.alpinelinux.org/aports/commit/main/ifupdown-ng?id=69ac0711d35c69e5dc385d337b83c51c9978f62c
Any explanation for why this critical change has done?
Alpine Edge
Edit: network -> networkingAriadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/15512community/firefox: pgo build segfaults on aarch642023-11-30T12:02:10ZPatrycja Rosaalpine@ptrcnull.mecommunity/firefox: pgo build segfaults on aarch64follow-up from !55934follow-up from !55934Patrycja Rosaalpine@ptrcnull.mePatrycja Rosaalpine@ptrcnull.mehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13029chromium-93.0.4577.82-r0 crashes without gtk+3.02023-04-26T17:39:57Zavollmerhauschromium-93.0.4577.82-r0 crashes without gtk+3.0I've got a small fleet (about 20) of Alpine "Webkiosks".
The setup is done via ansible, the big picture looks like this:
The user is logged in automatically via inittab `tty1::respawn:/bin/login -f webkiosk`, runs startx via `~/.prof...I've got a small fleet (about 20) of Alpine "Webkiosks".
The setup is done via ansible, the big picture looks like this:
The user is logged in automatically via inittab `tty1::respawn:/bin/login -f webkiosk`, runs startx via `~/.profile` and in turn chromium via `~/.xinitrc`.
On shutdown, `~/.cache/chromium` and `~/.config/chromium` are deleted.
I've ran `apk update; apk upgrade` and chromium on my Alpine 3.14 installs got updated to `chromium-93.0.4577.82-r0`.
Since then, chromium crashes with this error:
```
[3803:3803:0922/085533.312903:FATAL:gtk_compat.cc(45)] Check failed: !check || library.
[0922/085533.317129:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317451:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317543:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317602:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317636:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317686:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317730:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317769:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317803:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317855:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317891:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
[0922/085533.317929:WARNING:process_reader_linux.cc(76)] sched_getscheduler: Function not implemented (38)
Received signal 6
r8: 00007ffc669a9640 r9: 00007ff5f66669d0 r10: 0000000000000008 r11: 0000000000000246
r12: aaaaaaaaaaaaaaaa r13: 00007ff5f6d27401 r14: 00007ff5f2d8d600 r15: 0000000000000058
di: 0000000000000002 si: 00007ffc669a94d0 bp: 00007ffc669a94d0 bx: 0000000000000000
dx: 0000000000000000 ax: 0000000000000000 cx: 00007ff5f919a3f2 sp: 00007ffc669a94c8
ip: 00007ff5f919a3f2 efl: 0000000000000246 cgf: 002b000000000033 erf: 0000000000000000
trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
```
This is reproducible on all 3.14 machines, including a fresh test install, and on Alpine edge.
The hardware is rather diverse across the about 20 machines, but all of them have a touchscreen - not sure if this is relevant.
While I start chromium with a few parameters in my script, the crash is reproducible when chromium is called simply as `chromium-browser https://google.com`.
I've taken to downgrading the machines to 3.13, `chromium-86.0.4240.111-r0` available there is not affected.https://gitlab.alpinelinux.org/alpine/aports/-/issues/12061community/firefox: seccomp sandbox violation2023-02-07T20:37:23ZMarian Buschsiewekecommunity/firefox: seccomp sandbox violationIt seems that the latest `musl` update results in new / other system calls being to implement some function resulting in this happy message greeting me during startup:
```
Sandbox: seccomp sandbox violation: pid 3469, tid 3469, syscall ...It seems that the latest `musl` update results in new / other system calls being to implement some function resulting in this happy message greeting me during startup:
```
Sandbox: seccomp sandbox violation: pid 3469, tid 3469, syscall 16, args 2 21523 140720484156728 0 1 0.
```
Using
```
export MOZ_DISABLE_CONTENT_SANDBOX=1
```
disabled the sandbox and prevents the crash, but that seems not to be a sensible solution on the long term. Does anyone have an idea how to fix?https://gitlab.alpinelinux.org/alpine/aports/-/issues/12510Unsatisfiable constraints when adding g++62023-02-07T13:21:36ZercUnsatisfiable constraints when adding g++6It seems, for me, that the recipe for g++6 is broken. Here is how I reproduced.
Starting from a clean docker environment, when I try to `apk add g++6` it throws me the following error:
```
ERROR: unsatisfiable constraints:
libstdc++-9...It seems, for me, that the recipe for g++6 is broken. Here is how I reproduced.
Starting from a clean docker environment, when I try to `apk add g++6` it throws me the following error:
```
ERROR: unsatisfiable constraints:
libstdc++-9.3.0-r2:
breaks: g++6-6.4.0-r11[libstdc++=6.4.0-r11]
satisfies: gcc-9.3.0-r2[so:libstdc++.so.6] binutils-2.34-r1[so:libstdc++.so.6]
gcc-9.3.0-r2:
breaks: g++6-6.4.0-r11[gcc=6.4.0-r11]
```
Trying to understand what's happening, I've run the `apk dot g++6 gcc6` which gaves me the following graph:
![20210309155654_1047x707_scrot](/uploads/06facf3ce903fb9d70c59e292d261d47/20210309155654_1047x707_scrot.png)
The dependency line from `gcc6` to `binutils` to `libstdc++-10` caught my attention. As we can see, g++6 depends on libstdc++6, but `binutils` wants the latest version. Maybe `gcc6` should not depend on `binutils`?
Unfortunately I could not find the recipe of g++6, so I couldn't go any further. I'm still trying, if anyone wants to show me the right direction it would be very welcoming :)
Edit: I did find the recibe, it's the same of gcc6. But still, I could not find how to test it without a whole ready environment. Unfortunately I can't help much for now. I'll move on with another distro, but I'll keep an eye on this to try again later.Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13016"apk" give "Illegal instruction" in x86 edge on vortex86 device.2023-02-07T11:49:41ZThorbjørn Ravn Andersen"apk" give "Illegal instruction" in x86 edge on vortex86 device.We need to deploy Alpine Linux on vortex86 devices and since I used edge the last time about a month ago something has happened.
```
device-001beb6a7a42:~# gdb /sbin/apk
GNU gdb (GDB) 10.2
Copyright (C) 2021 Free Software Foundation, In...We need to deploy Alpine Linux on vortex86 devices and since I used edge the last time about a month ago something has happened.
```
device-001beb6a7a42:~# gdb /sbin/apk
GNU gdb (GDB) 10.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "i586-alpine-linux-musl".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /sbin/apk...
(No debugging symbols found in /sbin/apk)
(gdb) run
Starting program: /sbin/apk
Program received signal SIGILL, Illegal instruction.
0xb7d312d0 in ?? () from /lib/libcrypto.so.3
(gdb)
```
Device type number one (which is what I saw the error on).
```
device-444d50627512:~# cat /proc/cpuinfo
processor : 0
vendor_id : CentaurHauls
cpu family : 6
model : 9
model name : VIA Nehemiah
stepping : 10
cpu MHz : 530.989
cache size : 64 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr cx8 sep mtrr pge cmov pat mmx fxsr sse cpuid rng rng_en ace ace_en
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit
bogomips : 1062.22
clflush size : 32
cache_alignment : 32
address sizes : 32 bits physical, 32 bits virtual
power management:
```
Other device (copied from https://gitlab.alpinelinux.org/alpine/aports/-/issues/12934) which I have not verified the bug on yet.
```
processor : 0
vendor_id : Vortex86 SoC
cpu family : 5
model : 2
model name : 05/02
stepping : 2
cpu MHz : 799.972
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu tsc cx8 cpuid
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit
bogomips : 1600.60
clflush size : 32
cache_alignment : 32
address sizes : 32 bits physical, 32 bits virtual
power management:
```
Please advisehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11979main/ruby: deadlock in test suite2022-12-30T10:14:35ZKevin Daudtmain/ruby: deadlock in test suiteThe ruby test suite deadlocks due to using async unsafe functions after fork. The test suite has been temporarily disabled.
Upstream bug: https://bugs.ruby-lang.org/issues/17189The ruby test suite deadlocks due to using async unsafe functions after fork. The test suite has been temporarily disabled.
Upstream bug: https://bugs.ruby-lang.org/issues/17189https://gitlab.alpinelinux.org/alpine/aports/-/issues/12496grub: Multiple vulnerabilities (CVE-2020-14372, CVE-2020-25632, CVE-2020-2564...2022-12-20T13:48:19ZAlicha CHgrub: Multiple vulnerabilities (CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-3418, CVE-2021-20225, CVE-2021-20233)### CVE-2020-14372: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure ...### CVE-2020-14372: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
#### References:
* https://www.openwall.com/lists/oss-security/2021/03/02/3
* https://www.openwall.com/lists/oss-security/2021/03/02/3
### CVE-2020-25632: Use-after-free in rmmod command
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-25632
* https://www.openwall.com/lists/oss-security/2021/03/02/3
### CVE-2020-25647: Out-of-bound write in grub_usb_device_initialize()
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-25647
* https://www.openwall.com/lists/oss-security/2021/03/02/3
### CVE-2020-27749: Stack buffer overflow in grub_parser_split_cmdline
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
#### References:
* https://www.openwall.com/lists/oss-security/2021/03/02/3
* https://nvd.nist.gov/vuln/detail/CVE-2020-27749
#### CVE-2020-27779: The cutmem command allows privileged user to remove memory regions when Secure Boot is enabled
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-27779
### CVE-2021-3418: GRUB 2.05 reintroduced CVE-2020-15705
This flaw only affects upstream and distributions using the shim_lock verifier.
#### References:
* https://www.openwall.com/lists/oss-security/2021/03/02/3
* https://bugzilla.redhat.com/show_bug.cgi?id=1933757
### CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2021-20225
* https://www.openwall.com/lists/oss-security/2021/03/02/3
### CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of space required for quoting
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2021-20233
* https://www.openwall.com/lists/oss-security/2021/03/02/3
### Affected branches:
* [x] master
* [ ] 3.13-stable
* [ ] 3.12-stable
* [ ] 3.11-stable
* [ ] 3.10-stableTimo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11933mumble should install samples/*.ogg2022-11-08T22:50:36Zshummumble should install samples/*.ogg`Alpine Edge, x86_64`
Currently Mumble is missing [audio samples](https://github.com/mumble-voip/mumble/tree/master/samples) to produce notification sounds and other stuff (e.g. in Audio Wizard there is `Device tuning` section which mak...`Alpine Edge, x86_64`
Currently Mumble is missing [audio samples](https://github.com/mumble-voip/mumble/tree/master/samples) to produce notification sounds and other stuff (e.g. in Audio Wizard there is `Device tuning` section which makes the whole process of device tuning kind of pointless, because there is no sample sound producing).Johannes MatheisJohannes Matheishttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13276mariadb compiled with UNIV_DEBUG2022-11-03T11:04:04ZKevin Daudtmariadb compiled with UNIV_DEBUGWhen starting mariadb, the log mentions:
```
2021-12-05 20:49:45 0 [Note] InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!!
```
This apparently has a impact on performance. This is possibly caused by `CMAKE_BUILDTYPE=none`.
storage/in...When starting mariadb, the log mentions:
```
2021-12-05 20:49:45 0 [Note] InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!!
```
This apparently has a impact on performance. This is possibly caused by `CMAKE_BUILDTYPE=none`.
storage/innobase/innodb.cmake contains:
```
# Enable InnoDB's UNIV_DEBUG in debug builds
SET(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -DUNIV_DEBUG")
```3.15.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12604setuptools>52.0.0-r0 do not recognize `entry_points`2022-10-04T01:47:42ZLeosetuptools>52.0.0-r0 do not recognize `entry_points`As stated in the title the `entry_points` section of a setup.py or setup.cfg file is not recognized causing the package to not install any binaries into `/usr/bin`.
Our package de-vendors upstream dependencies and Arch Linux is in 54.2....As stated in the title the `entry_points` section of a setup.py or setup.cfg file is not recognized causing the package to not install any binaries into `/usr/bin`.
Our package de-vendors upstream dependencies and Arch Linux is in 54.2.0 with no bug reports related to it.
@ddevaultLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12325main/linux-5.10: failure to find root fs on lvm volume2022-09-13T10:28:12ZKevin Daudtmain/linux-5.10: failure to find root fs on lvm volumeWhen booting a legacy bios server, and the rootfs is on lvm, nlplug-findfs fails to find the block devices that contain the lvm volumes, preventing these volumes from being activated and resulting in mkinitfs-init not being able to mount...When booting a legacy bios server, and the rootfs is on lvm, nlplug-findfs fails to find the block devices that contain the lvm volumes, preventing these volumes from being activated and resulting in mkinitfs-init not being able to mount / switch_root to the rootfs.
This works on Alpine 3.12 with linux 5.4.84. Just upgrading the kernel to 5.10.7 results in these issues.
When running nlplug-findfs with debugging on, on a working system, this is part of the output:
```
nlplug-findfs: uevent: action='add' subsystem='block' devname='sdc2' devpath='/devices/pci0000:00/0000:00:03.2/0000:01:00.0/host12/port-12:0/end_device-12:0/target12:0:0/12:0:0:0/block/sdc/sdc2'
```
With linux-5.10.7, this line (and other related lines) are missing.
If I manually run nlplug-findfs afterwards in the emergency shell, the lvm volumes are activated, so this is some kind of timing issue.https://gitlab.alpinelinux.org/alpine/aports/-/issues/13329community/opencv-4.5.4: inlining failed in call to 'always_inline', target sp...2022-08-10T17:49:10ZKevin Daudtcommunity/opencv-4.5.4: inlining failed in call to 'always_inline', target specific option mismatch on ppc64leopencv failes to build on ppc64le:
```
In file included from /usr/include/eigen3/Eigen/src/Core/arch/AltiVec/MatrixProduct.h:18,
from /usr/include/eigen3/Eigen/Core:350,
from /home/buildozer/aports/comm...opencv failes to build on ppc64le:
```
In file included from /usr/include/eigen3/Eigen/src/Core/arch/AltiVec/MatrixProduct.h:18,
from /usr/include/eigen3/Eigen/Core:350,
from /home/buildozer/aports/community/opencv/src/opencv-4.5.4/modules/core/include/opencv2/core/private.hpp:70,
from /home/buildozer/aports/community/opencv/src/opencv-4.5.4/modules/core/src/precomp.hpp:59,
from /home/buildozer/aports/community/opencv/src/opencv-4.5.4/modules/core/src/lapack.cpp:43:
/usr/include/eigen3/Eigen/src/Core/arch/AltiVec/MatrixProductMMA.h: In function 'Eigen::internal::ploadRhsMMA<float, float __vector(4)>(float const*, float __vector(4)&)void':
/usr/include/eigen3/Eigen/src/Core/arch/AltiVec/MatrixProductCommon.h:215:28: error: inlining failed in call to 'always_inline' 'Eigen::internal::ploadRhs<float, float __vector(4)>(float const*)float __vector(4)': target specific option mismatch
215 | EIGEN_ALWAYS_INLINE Packet ploadRhs(const Scalar* rhs)
| ^~~~~~~~
In file included from /usr/include/eigen3/Eigen/src/Core/arch/AltiVec/MatrixProduct.h:38,
from /usr/include/eigen3/Eigen/Core:350,
from /home/buildozer/aports/community/opencv/src/opencv-4.5.4/modules/core/include/opencv2/core/private.hpp:70,
from /home/buildozer/aports/community/opencv/src/opencv-4.5.4/modules/core/src/precomp.hpp:59,
from /home/buildozer/aports/community/opencv/src/opencv-4.5.4/modules/core/src/lapack.cpp:43:
/usr/include/eigen3/Eigen/src/Core/arch/AltiVec/MatrixProductMMA.h:128:34: note: called from here
128 | rhsV = ploadRhs<Scalar, Packet>((const Scalar*)(rhs));
| ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
make[2]: *** [modules/core/CMakeFiles/opencv_core.dir/build.make:537: modules/core/CMakeFiles/opencv_core.dir/src/lapack.cpp.o] Error 1
```
The package has been disabled to unblock the builder.
See: https://build.alpinelinux.org/buildlogs/build-edge-ppc64le/community/opencv/opencv-4.5.4-r1.logBart RibbersBart Ribbershttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13164Upgrade lxqt to 1.0.02022-08-03T04:34:07ZAndy PostnikovUpgrade lxqt to 1.0.0There's a set of aports to upgrade
https://github.com/lxqt/lxqt/releases/tag/1.0.0
- [x] upgrade all related packages
- [x] make sure soname dependencies are rebuild
- [ ] consider move some packages to subpackages
- [ ] decide on move...There's a set of aports to upgrade
https://github.com/lxqt/lxqt/releases/tag/1.0.0
- [x] upgrade all related packages
- [x] make sure soname dependencies are rebuild
- [ ] consider move some packages to subpackages
- [ ] decide on move to community
/cc @antoni.aloytorrens