aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2021-01-20T09:50:34Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12299Alpine 3.13.0 release checklist2021-01-20T09:50:34ZKevin DaudtAlpine 3.13.0 release checklist* [x] check that kernel version are in sync (eg linux-lts and linux-rpi)
* [x] check that raspberrypi-bootloader is up-to-date
* [x] create new milestone https://gitlab.alpinelinux.org/alpine/aports/-/milestones
* [x] change milestone to...* [x] check that kernel version are in sync (eg linux-lts and linux-rpi)
* [x] check that raspberrypi-bootloader is up-to-date
* [x] create new milestone https://gitlab.alpinelinux.org/alpine/aports/-/milestones
* [x] change milestone to version-next on all unresolved issues
* [x] set version in main/alpine-base. see git log for commit message format
* [x] `git tag -a <version>`
* [x] before git push, verify that builders are idle. don’t push until they are
* [x] `git push && git push --tags`
* [x] For new stable branch
* [x] create new remote stable branch: `git checkout -b 3.13-stable && git push --set-upstream origin 3.13-stable`
on each builder do:
* [x] `cd ~/aports && git fetch origin && git checkout -b 3.13-stable -t origin/3.13-stable`
* [x] `sudo sed -i -e 's/git_branch=master/git_branch=3.13-stable/' /etc/conf.d/mqtt-exec.aports-build`
* [x] Wait til build server is idle
* [x] reboot
* [x] write release notes and publish on alpinelinux.org ([MR](alpine/infra/alpine-mksite!20))
* [x] update https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases
* [x] update alpine-mksite/alpine-releases.conf.yaml
* [x] verify that builders complete the release build successfully (check if release is uploaded to dl-master)
* [x] sign releases
* [x] make docker image release PR
* [x] update topic in IRC channels
* [x] send release announcement to mailto:~alpine/announce@lists.alpinelinux.org with BCC distro@distrowatch.org
* [x] Make sure pkgs.alpinelinux.org syncs the new release
* [x] Invalidate /alpine/latest-stable/* on dl-cdn
* [x] post a tweet (https://tweetdeck.twitter.com)
* [x] Celebrate 🎉3.13.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/12282Certbot is broken due to idna dependency incompatibility2021-01-08T16:56:15ZÉloi RivardCertbot is broken due to idna dependency incompatibilityRecently, certbot got broken:
```
$ sudo certbot --help
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 567, in _build_master
ws.require(__requires__)
File "/usr/lib/pyt...Recently, certbot got broken:
```
$ sudo certbot --help
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 567, in _build_master
ws.require(__requires__)
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 884, in require
needed = self.resolve(parse_requirements(requirements))
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 775, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (idna 3.1 (/usr/lib/python3.8/site-packages), Requirement.parse('idna<3,>=2.5'), {'requests'})
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')())
File "/usr/bin/certbot", line 25, in importlib_load_entry_point
return next(matches).load()
File "/usr/lib/python3.8/importlib/metadata.py", line 77, in load
module = import_module(match.group('module'))
File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
File "<frozen importlib._bootstrap>", line 991, in _find_and_load
File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 783, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/usr/lib/python3.8/site-packages/certbot/main.py", line 2, in <module>
from certbot._internal import main as internal_main
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 17, in <module>
from certbot import crypto_util
File "/usr/lib/python3.8/site-packages/certbot/crypto_util.py", line 32, in <module>
from certbot import util
File "/usr/lib/python3.8/site-packages/certbot/util.py", line 24, in <module>
from certbot._internal import constants
File "/usr/lib/python3.8/site-packages/certbot/_internal/constants.py", line 4, in <module>
import pkg_resources
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 3239, in <module>
def _initialize_master_working_set():
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 3222, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 3251, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 569, in _build_master
return cls._build_from_requirements(__requires__)
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 582, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 770, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'idna<3,>=2.5' distribution was not found and is required by requests
$ apk search idna
py3-idna-ssl-1.1.0-r4
py3-idna-3.1-r0
```3.13.0LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12260community/synapse-1.24.0: test failures on armhf, armv72021-01-09T17:55:24ZKevin Daudtcommunity/synapse-1.24.0: test failures on armhf, armv7synapse fails to build with test failures on armhf and armv7:
```
[ERROR]
Traceback (most recent call last):
Failure: twisted.internet.defer.TimeoutError: <tests.api.test_filtering.FilteringTestCase testMethod=test_filter_presence_match...synapse fails to build with test failures on armhf and armv7:
```
[ERROR]
Traceback (most recent call last):
Failure: twisted.internet.defer.TimeoutError: <tests.api.test_filtering.FilteringTestCase testMethod=test_filter_presence_match> (test_filter_presence_match) still running at 20.0 secs
tests.api.test_filtering.FilteringTestCase.test_filter_presence_match
===============================================================================
[ERROR]
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/twisted/internet/defer.py", line 1475, in gotResult
_inlineCallbacks(r, g, status)
File "/usr/lib/python3.8/site-packages/twisted/internet/defer.py", line 1421, in _inlineCallbacks
status.deferred.callback(getattr(e, "value", None))
File "/usr/lib/python3.8/site-packages/twisted/internet/defer.py", line 460, in callback
self._startRunCallbacks(result)
File "/usr/lib/python3.8/site-packages/twisted/internet/defer.py", line 561, in _startRunCallbacks
raise AlreadyCalledError
twisted.internet.defer.AlreadyCalledError:
```3.13.0LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12257community/gnome-podcasts-0.4.8: test_stuff test failure on armv72020-12-31T09:56:37ZKevin Daudtcommunity/gnome-podcasts-0.4.8: test_stuff test failure on armv7gnome-podcasts has a test failure on armv7:
```
test test_stuff ...
(podcasts_gtk-fe06606cd8c179fc:21416): Gtk-ERROR **: 18:27:23.350: failed to add UI: The resource at “/org/gnome/Podcasts/gtk/headerbar.ui†failed to decompress
er...gnome-podcasts has a test failure on armv7:
```
test test_stuff ...
(podcasts_gtk-fe06606cd8c179fc:21416): Gtk-ERROR **: 18:27:23.350: failed to add UI: The resource at “/org/gnome/Podcasts/gtk/headerbar.ui†failed to decompress
error: test failed, to rerun pass '-p podcasts-gtk --bin podcasts-gtk'
Caused by:
process didn't exit successfully: `/home/buildozer/aports/community/gnome-podcasts/src/gnome-podcasts-0.4.8/output/target/debug/deps/podcasts_gtk-fe06606cd8c179fc --test-threads=1 --nocapture` (signal: 5, SIGTRAP: trace/breakpoint trap)
```
See: https://build.alpinelinux.org/buildlogs/build-3-13-armv7/community/gnome-podcasts/gnome-podcasts-0.4.8-r0.log3.13.0Rasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.devhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12241Build failure: kompare on ppc64le2020-12-29T10:44:08ZLeoBuild failure: kompare on ppc64le```
/home/buildozer/aports/community/kompare/src/kompare-20.08.3/komparepart/kompare_part.cpp: In member function 'void KomparePart::slotFilePrint()':
/home/buildozer/aports/community/kompare/src/kompare-20.08.3/komparepart/kompare_part....```
/home/buildozer/aports/community/kompare/src/kompare-20.08.3/komparepart/kompare_part.cpp: In member function 'void KomparePart::slotFilePrint()':
/home/buildozer/aports/community/kompare/src/kompare-20.08.3/komparepart/kompare_part.cpp:613:13: error: 'class QPrinter' has no member named 'setOrientation'; did you mean 'Orientation'?
613 | printer.setOrientation(QPrinter::Landscape);
| ^~~~~~~~~~~~~~
| Orientation
/home/buildozer/aports/community/kompare/src/kompare-20.08.3/komparepart/kompare_part.cpp: In member function 'void KomparePart::slotFilePrintPreview()':
/home/buildozer/aports/community/kompare/src/kompare-20.08.3/komparepart/kompare_part.cpp:628:13: error: 'class QPrinter' has no member named 'setOrientation'; did you mean 'Orientation'?
628 | printer.setOrientation(QPrinter::Landscape);
| ^~~~~~~~~~~~~~
| Orientation
```3.13.0Bart RibbersBart Ribbershttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12230community/kbuild-0.1.9998.3149-r0: buid failure due to mssing arith.tab.h2020-12-24T16:58:23ZKevin Daudtcommunity/kbuild-0.1.9998.3149-r0: buid failure due to mssing arith.tab.hkbuild fails to build with:
```
In file included from /home/buildozer/aports/community/kbuild/src/kbuild-0.1.9998.3149/src/kash/error.h:63,
from /home/buildozer/aports/community/kbuild/src/kbuild-0.1.9998.3149/src/kash/...kbuild fails to build with:
```
In file included from /home/buildozer/aports/community/kbuild/src/kbuild-0.1.9998.3149/src/kash/error.h:63,
from /home/buildozer/aports/community/kbuild/src/kbuild-0.1.9998.3149/src/kash/arith_lex.l:77:
/usr/include/setjmp.h:35: note: this is the location of the previous definition
35 | #define setjmp setjmp
|
/home/buildozer/aports/community/kbuild/src/kbuild-0.1.9998.3149/out/linux.x86/release/obj/kash/arith.c:160:10: fatal error: arith.tab.h: No such file or directory
160 | #include "arith.tab.h"
| ^~~~~~~~~~~~~
```
See: https://build.alpinelinux.org/buildlogs/build-3-13-x86/community/kbuild/kbuild-0.1.9998.3149-r0.log3.13.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12228crystal fails to pass compiler test on edge2021-01-09T18:00:29ZMilan P. Stanićcrystal fails to pass compiler test on edge```
.build/all_spec --no-color --verbose
Compiler
has a valid version
compiles a file
Invalid memory access (signal 11) at address 0x7f592d74f4f8
[0x55b0d35261c6] *Exception::CallStack::print_backtrace:Int32 +118
[0x55b0d2c8721c] __c...```
.build/all_spec --no-color --verbose
Compiler
has a valid version
compiles a file
Invalid memory access (signal 11) at address 0x7f592d74f4f8
[0x55b0d35261c6] *Exception::CallStack::print_backtrace:Int32 +118
[0x55b0d2c8721c] __crystal_sigfault_handler +316
[0x7f593b85fc4b] ???
make: *** [Makefile:84: spec] Error 11
>>> ERROR: crystal: check failed
>>> crystal: Uninstalling dependencies...
```
I tested it in lxc and by skipping this compiler test all other tests/specs passes.
Also I tried compiler test with gdb and result is here:
```
mps-edge-x86_64:~/aports/community/crystal/src/crystal-0.35.1 > make compiler_spec master
Using /usr/bin/llvm-config [version=10.0.1]
CRYSTAL_CONFIG_LIBRARY_PATH="" CRYSTAL_CONFIG_BUILD_COMMIT="7f9cdb61fd" SOURCE_DATE_EPOCH="1607447069" ./bin/crystal build --exclude-warnings spec/std --exclude-warnings spec/compiler -o .build/compiler_spec spec/compiler_spec.cr
Using compiled compiler at .build/crystal
Using compiled compiler at .build/crystal
.build/compiler_spec
..Invalid memory access (signal 11) at address 0x7f7034396358
[0x561545e44436] *Exception::CallStack::print_backtrace:Int32 +118
[0x561545c1ea4c] __crystal_sigfault_handler +316
[0x7f70427e6c84] ???
make: *** [Makefile:92: compiler_spec] Error 11
mps-edge-x86_64:~/aports/community/crystal/src/crystal-0.35.1 > gdb --args ".build/crystal" "build" "--exclude-warnings spec/std" "--exclude-warnings spec/compiler" "-o .build/compiler_spec spec/compiler_spec.cr"
GNU gdb (GDB) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-alpine-linux-musl".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from .build/crystal...
(gdb) run
Starting program: /home/mps/aports/community/crystal/src/crystal-0.35.1/.build/crystal build --exclude-warnings\ spec/std --exclude-warnings\ spec/compiler -o\ .build/compiler_spec\ spec/compiler_spec.cr
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff3e09524 in GC_find_limit_with_bound () from /usr/lib/libgc.so.1
(gdb) bt
#0 0x00007ffff3e09524 in GC_find_limit_with_bound () from /usr/lib/libgc.so.1
#1 0x00007ffff3e095e3 in GC_init_linux_data_start () from /usr/lib/libgc.so.1
#2 0x00007ffff3e08389 in GC_init () from /usr/lib/libgc.so.1
#3 0x0000555555566808 in main ()
(gdb)
```
looks like the bug is in gc libs but I'm not sure3.13.0Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12225community/ansible-lint-4.2.0-r0: test failures2021-10-11T21:56:15ZKevin Daudtcommunity/ansible-lint-4.2.0-r0: test failuresansible-lint fails to build due to multiple test failures similar to:
```
> raise SystemExit("Couldn't parse task at %s (%s)\n%s" % (task_info, e.message, task_pprint))
E SystemExit: Couldn't parse task at test/alway...ansible-lint fails to build due to multiple test failures similar to:
```
> raise SystemExit("Couldn't parse task at %s (%s)\n%s" % (task_info, e.message, task_pprint))
E SystemExit: Couldn't parse task at test/always-run-failure.yml:4 (conflicting action statements: debug, always_run
E
E The error appears to be in '<unicode string>': line 4, column 5, but may
E be elsewhere in the file depending on the exact syntax problem.
```
See for example: https://build.alpinelinux.org/buildlogs/build-3-13-x86_64/community/ansible-lint/ansible-lint-4.2.0-r0.log3.13.0Fabian AffolterFabian Affolterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12191Kernel 5.10.12020-12-15T09:55:05ZTBKKernel 5.10.1```
commit 841fca5a32cccd7d0123c0271f4350161ada5507
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon Dec 14 19:33:01 2020 +0100
Linux 5.10.1
Link: https://lore.kernel.org/r/20201214170452.563016590@linuxf...```
commit 841fca5a32cccd7d0123c0271f4350161ada5507
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon Dec 14 19:33:01 2020 +0100
Linux 5.10.1
Link: https://lore.kernel.org/r/20201214170452.563016590@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 26934c83005e75eab2b8d54d0fa5adbee4f27535
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon Dec 14 17:51:18 2020 +0100
Revert "dm raid: fix discard limits for raid1 and raid10"
This reverts commit e0910c8e4f87bb9f767e61a778b0d9271c4dc512.
It causes problems :(
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Reported-by: Mike Snitzer <snitzer@redhat.com>
Cc: Zdenek Kabelac <zkabelac@redhat.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 859f70354379ce53be23bca3580cb7f77978c7a2
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon Dec 14 17:48:11 2020 +0100
Revert "md: change mddev 'chunk_sectors' from int to unsigned"
This reverts commit 6ffeb1c3f8226244c08105bcdbeecc04bad6b89a.
It causes problems :(
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Reported-by: Mike Snitzer <snitzer@redhat.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Linus Torvalds <torvalds@linux-foundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
```
Source: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13.13.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12132main/strace: static assertion failed: "IPPROTO_MAX != 256"2020-11-24T03:10:51ZKevin Daudtmain/strace: static assertion failed: "IPPROTO_MAX != 256"strace fails to build due to an update in musl:
```
xlat/inet_protocols.h:242:1: error: static assertion failed: "IPPROTO_MAX != 256"
242 | static_assert((IPPROTO_MAX) == (256), "IPPROTO_MAX != 256");
```
`IPPROTO_MAX` has been updat...strace fails to build due to an update in musl:
```
xlat/inet_protocols.h:242:1: error: static assertion failed: "IPPROTO_MAX != 256"
242 | static_assert((IPPROTO_MAX) == (256), "IPPROTO_MAX != 256");
```
`IPPROTO_MAX` has been updated, but not yet in strace.
Upstream issue: https://github.com/strace/strace/issues/1643.13.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661netstat is vulnerable to escape sequence injection (busybox)2022-04-04T16:02:55ZMartin Kaesbergernetstat is vulnerable to escape sequence injection (busybox)Hey there,
Alpine ships BusyBox with the `netstat` applet enabled. This is vulnerable to escape sequence injection when used from an VT compatible terminal. To exploit this vulnerability the PTR for a remote host must contain a escape s...Hey there,
Alpine ships BusyBox with the `netstat` applet enabled. This is vulnerable to escape sequence injection when used from an VT compatible terminal. To exploit this vulnerability the PTR for a remote host must contain a escape sequence and the victim has to execute `netstat`. I've set up an example at `[elided]` with the PTR resolving to `\027[33\;46mlocalhost.`
```
$ dig -x [elided] @8.8.8.8
; <<>> DiG 9.16.25 <<>> -x [elided] @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59625
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;[elided]. IN PTR
;; ANSWER SECTION:
[elided]. 1 IN PTR \027[33\;46mlocalhost.
;; Query time: 55 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 03 00:11:16 DST 2022
;; MSG SIZE rcvd: 132
```
If you try to `ssh [elided]` and run `netstat -t` while trying to establish the connection from a different terminal, the second terminal will change the background and font color. Other escape sequences may lead to code execution.3.15.4https://gitlab.alpinelinux.org/alpine/aports/-/issues/12867main/krb5-1.18.4-r0: test failure on 3.13-armv72021-08-03T19:54:04ZKevin Daudtmain/krb5-1.18.4-r0: test failure on 3.13-armv7krb5 has a test failure on 3.13-armv7:
```
*** Failure: /home/buildozer/aports/main/krb5/src/krb5-1.18.4/src/clients/kinit/kinit failed with code 1.
*** Last mark: ktutil addent
*** Last command (#137): /home/buildozer/aports/main/krb5/...krb5 has a test failure on 3.13-armv7:
```
*** Failure: /home/buildozer/aports/main/krb5/src/krb5-1.18.4/src/clients/kinit/kinit failed with code 1.
*** Last mark: ktutil addent
*** Last command (#137): /home/buildozer/aports/main/krb5/src/krb5-1.18.4/src/clients/kinit/kinit -k default
*** Output of last command:
kinit: Key table file '/home/buildozer/aports/main/krb5/src/krb5-1.18.4/src/tests/testdir/keytab' not found while getting initial credentials
For details, see: /home/buildozer/aports/main/krb5/src/krb5-1.18.4/src/tests/testlog
Or re-run this test script with the -v flag:
cd /home/buildozer/aports/main/krb5/src/krb5-1.18.4/src/tests
PYTHONPATH=/home/buildozer/aports/main/krb5/src/krb5-1.18.4/src/util /usr/bin/python3 ./t_keytab.py -v
Use --debug=NUM to run a command under a debugger. Use
--stop-after=NUM to stop after a daemon is started in order to
attach to it with a debugger. Use --help to see other
options.
make[1]: *** [Makefile:791: check-pytests] Error 1
```
See:
* https://build.alpinelinux.org/buildlogs/build-3-13-armv7/main/krb5/krb5-1.18.4-r0.log3.13.6J0WIJ0WIhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12789main/mariadb-10.5.10-r0: ftbts on armhf for 3.132021-06-27T12:59:06ZKevin Daudtmain/mariadb-10.5.10-r0: ftbts on armhf for 3.13For 3.13-stable, mariadb fails to build on armhf:
```
/tmp/ccMGBDbG.s:141: Error: selected processor does not support `isb' in ARM mode
/tmp/ccMGBDbG.s:618: Error: selected processor does not support `isb' in ARM mode
make[2]: *** [mys...For 3.13-stable, mariadb fails to build on armhf:
```
/tmp/ccMGBDbG.s:141: Error: selected processor does not support `isb' in ARM mode
/tmp/ccMGBDbG.s:618: Error: selected processor does not support `isb' in ARM mode
make[2]: *** [mysys/CMakeFiles/mysys.dir/build.make:1252: mysys/CMakeFiles/mysys.dir/lf_alloc-pin.c.o] Error 1
/tmp/ccOFIBhb.s: Assembler messages:
/tmp/ccOFIBhb.s:87: Error: selected processor does not support `isb' in ARM mode
make[2]: *** [mysys/CMakeFiles/mysys.dir/build.make:1395: mysys/CMakeFiles/mysys.dir/waiting_threads.c.o] Error 1
[ 17%] Building CXX object storage/rocksdb/CMakeFiles/rocksdblib.dir/rocksdb/env/env_chroot.cc.o
/tmp/cchogPgL.s: Assembler messages:
/tmp/cchogPgL.s:180: Error: selected processor does not support `isb' in ARM mode
/tmp/cchogPgL.s:262: Error: selected processor does not support `isb' in ARM mode
/tmp/cchogPgL.s:290: Error: selected processor does not support `isb' in ARM mode
make[2]: *** [mysys/CMakeFiles/mysys.dir/build.make:1278: mysys/CMakeFiles/mysys.dir/lf_hash.cc.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:8504: mysys/CMakeFiles/mysys.dir/all] Error 2
```
See:
* https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1805267.html
* https://github.com/MariaDB/server/commit/76d2846a71a155ee2861fd52e6635e35490a9dd1
* https://build.alpinelinux.org/buildlogs/build-3-13-armhf/main/mariadb/mariadb-10.5.10-r0.log3.13.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12373Problems starting Xen DomUs with linux 5.10.11 as Dom0 kernel2021-02-02T07:38:33Zomniomni+alpine@hack.orgProblems starting Xen DomUs with linux 5.10.11 as Dom0 kernelThis is a [known problem](https://lore.kernel.org/xen-devel/20210129005129.GA2452@mail-itl/T/#ma8f4a2e5cb092c92dd6496142bb1f5145bed59ad), also discussed in #alpine-devel@freenode, mentioned here for others to see.
If you find yourself h...This is a [known problem](https://lore.kernel.org/xen-devel/20210129005129.GA2452@mail-itl/T/#ma8f4a2e5cb092c92dd6496142bb1f5145bed59ad), also discussed in #alpine-devel@freenode, mentioned here for others to see.
If you find yourself having this problem
```
libxl: error: libxl_device.c:1103:device_backend_callback: Domain 1:unable to add device with path /local/domain/0/backend/vbd/3/2048
libxl: error: libxl_device.c:1103:device_backend_callback: Domain 1:unable to add device with path /local/domain/0/backend/vbd/3/2064
libxl: error: libxl_create.c:1608:domcreate_launch_dm: Domain 1:unable to add disk devices
libxl: error: libxl_device.c:1103:device_backend_callback: Domain 1:unable to remove device with path /local/domain/0/backend/vbd/3/2048
libxl: error: libxl_device.c:1103:device_backend_callback: Domain 1:unable to remove device with path /local/domain/0/backend/vbd/3/2064
libxl: error: libxl_domain.c:1529:devices_destroy_cb: Domain 1:libxl__devices_destroy failed
libxl: error: libxl_domain.c:1182:libxl__destroy_domid: Domain 1:Non-existant domain
libxl: error: libxl_domain.c:1136:domain_destroy_callback: Domain 1:Unable to destroy guest
libxl: error: libxl_domain.c:1063:domain_destroy_cb: Domain 1:Destruction of domain failed
```
the workaround is to downgrade your Dom0 kernel from linux 5.10.11-r0 to 5.10.10-r0, until the patch is backported ~~or linux 5.10.12 is released~~.3.13.2https://gitlab.alpinelinux.org/alpine/aports/-/issues/13475Bump linux-lts for stable releases to mitigate CVE-2022-01852022-01-27T10:54:06Zomniomni+alpine@hack.orgBump linux-lts for stable releases to mitigate CVE-2022-0185I saw this on the devel-list https://lists.alpinelinux.org/~alpine/devel/%3C70b44bb5-6f9d-bbda-0678-36c01fa39a4b%40gmail.com%3E
https://ubuntu.com/security/CVE-2022-0185
- [x] For 3.15-stable https://cdn.kernel.org/pub/linux/kernel/v5....I saw this on the devel-list https://lists.alpinelinux.org/~alpine/devel/%3C70b44bb5-6f9d-bbda-0678-36c01fa39a4b%40gmail.com%3E
https://ubuntu.com/security/CVE-2022-0185
- [x] For 3.15-stable https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.16 (97c7942c97aad38853c6b42edbe3b640d2dbea86)
- [x] For 3.13-stable https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.93 (287c0307619ec3ed2fd001a513538ed0e470b573)
- [x] For 3.14-stable https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.93 (5171c90a78f6a696cfa6de95387eeeb5af00e9a4)
- [x] For 3.12-stable https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.173 (1ad9afeaf376a260120fa1d94c24e42e69c5a9aa)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13409cairo CVE-2019-64612022-05-21T23:28:50ZMiroslav Machuracairo CVE-2019-6461Hello, cairo library is [possibly vulnerable](https://security.alpinelinux.org/vuln/CVE-2019-6461) to CVE-2019-6461, the fix already exists in upstream (not yet in official release though). Would it be possible to apply patch to alpine p...Hello, cairo library is [possibly vulnerable](https://security.alpinelinux.org/vuln/CVE-2019-6461) to CVE-2019-6461, the fix already exists in upstream (not yet in official release though). Would it be possible to apply patch to alpine package?
Fix in upstream: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/155Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13224Install php8-pecl-imagick 3.5.0-r0 failing2022-03-22T11:17:12ZP PandaInstall php8-pecl-imagick 3.5.0-r0 failingWhen adding php8-pecl-imagick 3.5.0-r0 on alpine-3.14 failing with following
```
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/aarch64/APKINDEX....When adding php8-pecl-imagick 3.5.0-r0 on alpine-3.14 failing with following
```
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/aarch64/APKINDEX.tar.gz
ERROR: unable to select packages:
so:libMagickCore-7.Q16HDRI.so.9 (no such package):
required by: php8-pecl-imagick-3.5.0-r0[so:libMagickCore-7.Q16HDRI.so.9]
so:libMagickWand-7.Q16HDRI.so.9 (no such package):
required by: php8-pecl-imagick-3.5.0-r0[so:libMagickWand-7.Q16HDRI.so.9]
```
Probably happening since imagemagick 7.0.11.14-r0J0WIJ0WIhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13051py3-pillow: CVE-2021-234372022-01-31T06:00:07ZRich Braunpy3-pillow: CVE-2021-23437CVE-2021-23437 was reported 7-Sep-2021, a day-0 high-sev:
> The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Edge repo has 8.1.x at this time. 3.14 repo ...CVE-2021-23437 was reported 7-Sep-2021, a day-0 high-sev:
> The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Edge repo has 8.1.x at this time. 3.14 repo has 8.2.0-r0.Fabian AffolterFabian Affolterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13036linux 5.10.61-r0 broke xen pci passthrough2021-11-12T13:44:23ZHenrik Riomarlinux 5.10.61-r0 broke xen pci passthroughCan not boot a XEN PV domU with pci passthrough with the `5.10.61-r0` kernel
This was fixed in `5.10.67` with the following commit
```
commit 5f13c8bae824d491e3e84ebd6efe37d6940792ca
Author: Marek Marczykowski-Górecki <marmarek@invisib...Can not boot a XEN PV domU with pci passthrough with the `5.10.61-r0` kernel
This was fixed in `5.10.67` with the following commit
```
commit 5f13c8bae824d491e3e84ebd6efe37d6940792ca
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date: Thu Aug 26 19:03:42 2021 +0200
PCI/MSI: Skip masking MSI-X on Xen PV
commit 1a519dc7a73c977547d8b5108d98c6e769c89f4b upstream.
When running as Xen PV guest, masking MSI-X is a responsibility of the
hypervisor. The guest has no write access to the relevant BAR at all - when
it tries to, it results in a crash like this:
BUG: unable to handle page fault for address: ffffc9004069100c
#PF: supervisor write access in kernel mode
#PF: error_code(0x0003) - permissions violation
RIP: e030:__pci_enable_msix_range.part.0+0x26b/0x5f0
e1000e_set_interrupt_capability+0xbf/0xd0 [e1000e]
e1000_probe+0x41f/0xdb0 [e1000e]
local_pci_probe+0x42/0x80
(...)
The recently introduced function msix_mask_all() does not check the global
variable pci_msi_ignore_mask which is set by XEN PV to bypass the masking
of MSI[-X] interrupts.
Add the check to make this function XEN PV compatible.
Fixes: 7d5ec3d36123 ("PCI/MSI: Mask all unused MSI-X entries")
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210826170342.135172-1-marmarek@invisiblethingslab.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
```Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12962poppler CVE-2020-353762021-08-31T16:35:53ZMiroslav Machurapoppler CVE-2020-35376Hi, Jfrog Xray detects CVE-2020-35376 in poppler for version `20.12.1-r0` in alpine `3.13`.
If I'm correct issue was resolved by [this commit](https://github.com/freedesktop/poppler/commit/238dc045beeeb1eb619f3fb6cb699ba36813222d#diff-f...Hi, Jfrog Xray detects CVE-2020-35376 in poppler for version `20.12.1-r0` in alpine `3.13`.
If I'm correct issue was resolved by [this commit](https://github.com/freedesktop/poppler/commit/238dc045beeeb1eb619f3fb6cb699ba36813222d#diff-f0904eed11a1204d31ceffdffab6ab20ec75bc6627266f35088cb49a90dfa245) and is part of 21.01.0 release. Please apply a patch to the previous versions or upgrade the library.