aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2021-01-09T17:34:21Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11464fftw: test failure (segfault)2021-01-09T17:34:21ZKevin Daudtfftw: test failure (segfault)```
FAILED /home/buildozer/aports/main/fftw/src/single/tests/bench: --verify '//obr50x32' --verify '//ofr50x32' --verify 'obr50x32' --verify 'ibr50x32' --verify 'ofr50x32' --verify 'ifr50x32' --verify '//obc50x32' --verify '//ibc50x32' ...```
FAILED /home/buildozer/aports/main/fftw/src/single/tests/bench: --verify '//obr50x32' --verify '//ofr50x32' --verify 'obr50x32' --verify 'ibr50x32' --verify 'ofr50x32' --verify 'ifr50x32' --verify '//obc50x32' --verify '//ibc50x32' --verify '//ofc50x32' --verify '//ifc50x32' --verify 'obc50x32' --verify 'ibc50x32' --verify 'ofc50x32' --verify 'ifc50x32' --verify 'ok7b*10' --verify 'ik7b*10' --verify 'obr14x6x4x4v5' --verify 'ibr14x6x4x4v5' --verify 'ofr14x6x4x4v5' --verify 'ifr14x6x4x4v5' --verify '//obc14x6x4x4v5' --verify '//ibc14x6x4x4v5' --verify '//ofc14x6x4x4v5' --verify '//ifc14x6x4x4v5' --verify 'obc14x6x4x4v5' --verify 'ibc14x6x4x4v5' --verify 'ofc14x6x4x4v5' --verify 'ifc14x6x4x4v5' --verify 'okd2e11x9hx10e11x18o10*7' --verify 'ikd2e11x9hx10e11x18o10*7' --verify '//obr8x7x7x11' --verify '//ofr8x7x7x11' --verify 'obr8x7x7x11' --verify 'ibr8x7x7x11' --verify 'ofr8x7x7x11' --verify 'ifr8x7x7x11' --verify '//obc8x7x7x11' --verify '//ibc8x7x7x11' --verify '//ofc8x7x7x11' --verify '//ifc8x7x7x11' --verify 'obc8x7x7x11' --verify 'ibc8x7x7x11' --verify 'ofc8x7x7x11' --verify 'ifc8x7x7x11'
received signal 11
```
See: https://build.alpinelinux.org/buildlogs/build-3-12-armhf/main/fftw/fftw-3.3.8-r0.loghttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11472fail2ban: segfault in tests2021-01-09T17:40:04ZKevin Daudtfail2ban: segfault in tests```
testFlushBans (fail2ban.tests.databasetestcase.DatabaseTest) ... ok
testGetBansMerged (fail2ban.tests.databasetestcase.DatabaseTest) ... Segmentation fault
>>> ERROR: fail2ban: check failed
```
See: https://build.alpinelinux.org/bui...```
testFlushBans (fail2ban.tests.databasetestcase.DatabaseTest) ... ok
testGetBansMerged (fail2ban.tests.databasetestcase.DatabaseTest) ... Segmentation fault
>>> ERROR: fail2ban: check failed
```
See: https://build.alpinelinux.org/buildlogs/build-3-12-s390x/main/fail2ban/fail2ban-0.11.1-r0.logTuan HoangTuan Hoanghttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11730main/busybox: Busybox /bin/su and /bin/login bypass PAM configuration when us...2023-10-27T19:46:31Zwebstrandmain/busybox: Busybox /bin/su and /bin/login bypass PAM configuration when using linux-pamOn systems using `linux-pam`, where a more restrictive authentication mechanism is used—such as `pam_yubico.so`—the Busybox binaries `/bin/su` and `/bin/login` are not PAM-aware and bypass the PAM configuration. This may be a vulnerabili...On systems using `linux-pam`, where a more restrictive authentication mechanism is used—such as `pam_yubico.so`—the Busybox binaries `/bin/su` and `/bin/login` are not PAM-aware and bypass the PAM configuration. This may be a vulnerability on some systems, since `su` cannot be disabled without also disabling its multi-call binary `/bin/bbsuid`.
Busybox could be built with PAM support by setting `CONFIG_PAM=y` in its configuration. Adding the packages `busybox-pam` ~~and `busybox-suid-pam` would fix the issue~~.
Alternatively, the `shadow` package _is_ PAM aware and provides replacement binaries for `su`, `login`, `passwd`, and `chpasswd`. But removing `busybox-suid` is still problematic, and as long as it's available on the system, it may be a vulnerability.https://gitlab.alpinelinux.org/alpine/aports/-/issues/11738Package mariadb scripts have bash shebang2020-07-17T11:11:22ZGhost UserPackage mariadb scripts have bash shebangHi,
the following by package mariadb provided scripts have a **bash shebang**.
The package doesn't have a bash dependency.
usr/bin/wsrep_sst_mariabackup
usr/bin/wsrep_sst_mysqldump
usr/bin/wsrep_sst_rsync
usr/bin/wsrep_sst_rsyn...Hi,
the following by package mariadb provided scripts have a **bash shebang**.
The package doesn't have a bash dependency.
usr/bin/wsrep_sst_mariabackup
usr/bin/wsrep_sst_mysqldump
usr/bin/wsrep_sst_rsync
usr/bin/wsrep_sst_rsync_wan
What do you mostly do? Add a **bash dependency** or change the shebang to **/bin/sh and fixing bashism**?
Markushttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12943main/unbound: enable --with-deprecate-rsa-10242021-08-23T12:53:37ZJakub Jirutkamain/unbound: enable --with-deprecate-rsa-1024From the changelog:
> Add ./configure --with-deprecate-rsa-1024 that **turns off** RSA 1024.
When I build it with `--with-deprecate-rsa-1024`, the tests fail:
```
test services/authzone.c:auth_zone_verify_zonemd
assertion failure test...From the changelog:
> Add ./configure --with-deprecate-rsa-1024 that **turns off** RSA 1024.
When I build it with `--with-deprecate-rsa-1024`, the tests fail:
```
test services/authzone.c:auth_zone_verify_zonemd
assertion failure testcode/unitzonemd.c:314
make: *** [Makefile:342: test] Error 1
```
Follow-up from https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/24191#note_173950.https://gitlab.alpinelinux.org/alpine/aports/-/issues/13096main/ruby: consider changing the default gems dir to ABI/version-neutral2023-01-17T10:48:46ZJakub Jirutkamain/ruby: consider changing the default gems dir to ABI/version-neutralFollow-up for https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/19106#note_147444Follow-up for https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/19106#note_147444Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/15756Compress linux-firmware packages2024-03-10T10:49:54ZNewbyteCompress linux-firmware packagesCurrently, installing all linux-firmware packages results in a `/lib/firmware` directory which is around 1,0 GB in size. This could be significantly smaller if we started compressing firmware during packaging. The Linux kernel has suppor...Currently, installing all linux-firmware packages results in a `/lib/firmware` directory which is around 1,0 GB in size. This could be significantly smaller if we started compressing firmware during packaging. The Linux kernel has supported loading compressed firmware since version 5.3 and other distributions such as Fedora and Arch Linux have already implemented this successfully. In Fedora, for example, at the time of writing the entire `/lib/firmware` directory is a more modest 238 MB.
There are some problems however. Not all firmware can be compressed, so exceptions would have to be made on a per-file basis. In particular, firmware served to certain remote processors on Qualcomm devices cannot be compressed at the moment as the serving happens in userspace rather than kernelspace. There may also be other necessary exceptions, so this would require extensive testing to avoid breakage. As other distributions already have implemented this, we could investigate what files (if any) they exempt as a start. However, their lists may not be complete as it is unlikely that they've tested more obscure ARM hardware.Natanael CopaNatanael Copa