aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-12-19T14:58:11Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11055net-snmp-5.8: broken ErrorMsg at ucd-snmp2019-12-19T14:58:11ZJoao Vitor Arrudanet-snmp-5.8: broken ErrorMsg at ucd-snmpNo error messages at UCD-SNMP-MIB::prErrMessage in net-snmp 5.8 (Alpine 3.9, 3.10 and edge).
It works fine in nt-snmp 5.7.3 (Alpine 3.8, 3.7)
Steps to reproduce with a configuration to monitor a process:
```
rocommunity public
proc snm...No error messages at UCD-SNMP-MIB::prErrMessage in net-snmp 5.8 (Alpine 3.9, 3.10 and edge).
It works fine in nt-snmp 5.7.3 (Alpine 3.8, 3.7)
Steps to reproduce with a configuration to monitor a process:
```
rocommunity public
proc snmpd
```
Query proc error messages in Alpine <= 3.8:
```
snmpwalk -v 2c -c public localhost UCD-SNMP-MIB::prErrMessage
UCD-SNMP-MIB::prErrMessage.1 = STRING:
```
Query proc error messages in Alpine >= 3.9:
```
snmpwalk -v 2c -c public localhost UCD-SNMP-MIB::prErrMessage
UCD-SNMP-MIB::prErrMessage = No Such Instance currently exists at this OID
```
It seems to be related with this upstream bug: https://github.com/net-snmp/net-snmp/issues/263.11.0Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11036Touchpad issues on AMD Chromebook-class laptops: fix (linux-lts)2019-12-18T08:44:54ZRupert CarmichaelTouchpad issues on AMD Chromebook-class laptops: fix (linux-lts)I have fixed detection of the touchpad on my laptop by enabling the following kernel config options:
```
CONFIG_X86_AMD_PLATFORM_DEVICE=y
CONFIG_PINCTRL_AMD=y
```
As this is my first ever contribution to Alpine, I am unaware of what conv...I have fixed detection of the touchpad on my laptop by enabling the following kernel config options:
```
CONFIG_X86_AMD_PLATFORM_DEVICE=y
CONFIG_PINCTRL_AMD=y
```
As this is my first ever contribution to Alpine, I am unaware of what conventions are in place to have this change made, should it be considered an acceptable change. I am more than happy to create a merge request if that is preferred; please inform. Thank you!3.11.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/11021v3.11 rc1: apk add linux-firmware-ath10k purges packages2019-12-11T17:09:15ZChristian Dietrichv3.11 rc1: apk add linux-firmware-ath10k purges packages```
localhost:~# apk add linux-firmware-ath10k
(1/84) Purging linux-firmware (20191022-r0)
....
(84/84) Purging linux-firmware-other (20191022-r0)
OK: 286 MiB in 66 packages
```
```
localhost:~# apk del linux-firmware-ath10k
World updat...```
localhost:~# apk add linux-firmware-ath10k
(1/84) Purging linux-firmware (20191022-r0)
....
(84/84) Purging linux-firmware-other (20191022-r0)
OK: 286 MiB in 66 packages
```
```
localhost:~# apk del linux-firmware-ath10k
World updated, but the following packages are not removed due to:
linux-firmware-ath10k: linux-firmware linux-lts
(1/84) Installing linux-firmware-yamaha (20191022-r0)
....
(84/84) Installing linux-firmware (20191022-r0)
OK: 758 MiB in 150 packages
```
This seems to be wrong3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11020v3.11 rc1: /etc/update-extlinux.conf still "vanilla"2019-12-12T13:05:22ZChristian Dietrichv3.11 rc1: /etc/update-extlinux.conf still "vanilla"```
# default
# default kernel to boot
default=vanilla
```
That should probably be "lts" (or not?)```
# default
# default kernel to boot
default=vanilla
```
That should probably be "lts" (or not?)3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10937wget included in alpine / busybox does not support IPv62019-12-11T08:18:18ZNico Schotteliuswget included in alpine / busybox does not support IPv6I was trying to download something from github, which is IPv4 only. The network provides DNS entries AAAA for github (so called DNS64) and wget should try to retrieve files via IPv6. However the result is that wget only tries IPv4:
```
...I was trying to download something from github, which is IPv4 only. The network provides DNS entries AAAA for github (so called DNS64) and wget should try to retrieve files via IPv6. However the result is that wget only tries IPv4:
```
Connecting to github.com (140.82.118.3:443)
wget: can't connect to remote host (140.82.118.3): Network unreachable
```
This breaks Alpine on IPv6 only systems with DNS64/NAT64, which tend to become more common.
I assume there is a busybox config / file for enabling IPv6 - if you can point me to the config, I can make a merge request with the required change.3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10933use composer to build roundcubemail2019-12-18T19:52:03ZAndy Postnikovuse composer to build roundcubemailthere's pear-php packages like [community/php7-pear-net_smtp](https://pkgs.alpinelinux.org/package/edge/community/x86_64/php7-pear-net_smtp) which looks not used anymore
Ref https://github.com/roundcube/roundcubemail/wiki/Installation#...there's pear-php packages like [community/php7-pear-net_smtp](https://pkgs.alpinelinux.org/package/edge/community/x86_64/php7-pear-net_smtp) which looks not used anymore
Ref https://github.com/roundcube/roundcubemail/wiki/Installation#install-dependencies3.11.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/10733Moving GNOME to community2019-10-12T10:05:36ZRasmus Thomsenoss@cogitri.devMoving GNOME to communityAlthough I'm a bit unsure if others are invested in this (I think at least PmOS people are though), I thought it might be worth laying out a short overview of how I plan to move GNOME into community
1. Wait for GNOME 3.34, which will be...Although I'm a bit unsure if others are invested in this (I think at least PmOS people are though), I thought it might be worth laying out a short overview of how I plan to move GNOME into community
1. Wait for GNOME 3.34, which will be released in September. It brings along a bunch of improvements, so I think it's worth waiting for it
2. Move core GNOME packages to community. Some are already in community (e.g. gnome-desktop), while others like mutter and gnome-shell aren't. The first batch of moved packages should just be core ones.
3. Slowly move over non-core packages (e.g. gnome-maps and friends) to community once they're ready, but before due date.
4. Move gnome metapackage to community & add missing applications to it
CC: @PureTryOut3.11.0Rasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.dev2019-10-31https://gitlab.alpinelinux.org/alpine/aports/-/issues/10717Getting rid of main/jasper2019-08-21T11:56:46ZRasmus Thomsenoss@cogitri.devGetting rid of main/jasperJasper has had a lot of CVEs in recent days and the dev doesn't have enough time for the project anymore, lots of other distros have dropped it due to that reason.[1] It'd be nice if we could do the same.
Packages which need to be chang...Jasper has had a lot of CVEs in recent days and the dev doesn't have enough time for the project anymore, lots of other distros have dropped it due to that reason.[1] It'd be nice if we could do the same.
Packages which need to be changed:
### main
- [x] ghostscript
### community
- [x] qt5-qtimageformats
- [x] gegl (CC @ncopa)
- [x] graphicsmagick (CC @fcolista)
### testing
- [x] openimageio
- [x] openscenegraph
1: https://github.com/mdadams/jasper/issues/2083.11.0Rasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.devhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10665[3.11] squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-1...2019-07-16T11:21:56ZAlicha CH[3.11] squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345)The cachemgr.cgi web module of Squid through 4.7 has
XSS via the user\_name or auth parameter.
### References:
https://bugs.squid-cache.org/show\_bug.cgi?id=4957
https://github.com/squid-cache/squid/pull/429
*(from redmine: issue...The cachemgr.cgi web module of Squid through 4.7 has
XSS via the user\_name or auth parameter.
### References:
https://bugs.squid-cache.org/show\_bug.cgi?id=4957
https://github.com/squid-cache/squid/pull/429
*(from redmine: issue id 10665, created on 2019-07-09)*
* Relations:
* parent #10664
* Changesets:
* Revision 1bd365a6732f045db6dd96f516dec5764f0c8c57 by Natanael Copa on 2019-07-11T16:35:18Z:
```
main/squid: upgrade to 4.8
fixes #10665
```3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10654[3.11] irssi: Use after free when sending SASL login to the server (CVE-2019-...2019-07-23T11:06:11ZAlicha CH[3.11] irssi: Use after free when sending SASL login to the server (CVE-2019-13045)Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when
SASL is enabled,
has a use after free when sending SASL login to the server.
### Fixed In Version:
Irssi 1.0.8, 1.1.3, 1.2.1
### References:
https://irssi.org/sec...Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when
SASL is enabled,
has a use after free when sending SASL login to the server.
### Fixed In Version:
Irssi 1.0.8, 1.1.3, 1.2.1
### References:
https://irssi.org/security/irssi\_sa\_2019\_06.txt
https://www.openwall.com/lists/oss-security/2019/06/29/1
*(from redmine: issue id 10654, created on 2019-07-04, closed on 2019-07-04)*
* Relations:
* parent #10653
* Changesets:
* Revision a95d7efded7650a16db9f1cfa01e95bc5513cf83 by Natanael Copa on 2019-07-04T10:36:31Z:
```
main/irssi: security upgrade to 1.2.1 (CVE-2019-13045)
fixes #10654
```3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10643[3.11] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)2019-07-23T11:06:20ZAlicha CH[3.11] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10643, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision 53b02f8b1597aabb4ec836bb5aa421e0d1f95189 on 2019-07-04T15:37:46Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10643
```3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10626[3.11] bind: Race condition when discarding malformed packets can cause bind ...2019-08-08T10:00:24ZAlicha CH[3.11] bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471)A race condition which may occur when discarding malformed packets can
result in BIND exiting due to a REQUIRE assertion failure in
dispatch.c.
An attacker who can cause a resolver to perform queries which will be
answered by a server ...A race condition which may occur when discarding malformed packets can
result in BIND exiting due to a REQUIRE assertion failure in
dispatch.c.
An attacker who can cause a resolver to perform queries which will be
answered by a server which responds with deliberately malformed
answers
can cause named to exit, denying service to clients.
### Versions affected:
BIND 9.11.0 ->9.11.7, 9.12.0 ->9.12.4-P1, 9.14.0 ->9.14.2.
Also all releases of the BIND 9.13 development branch and
version 9.15.0 of the BIND 9.15 development branch. BIND Supported
Preview Edition versions 9.11.3-S1 ->9.11.7-S1.
### Fixed In Version:
bind 9.11.8, bind 9.12.4-P2, bind 9.14.3, bind 9.15.1
### References:
https://kb.isc.org/docs/cve-2019-6471
*(from redmine: issue id 10626, created on 2019-06-27)*3.11.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/10622[3.11] evince: uninitialized memory use in function tiff_document_render() an...2019-07-23T11:06:33ZAlicha CH[3.11] evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)The tiff\_document\_render() and tiff\_document\_get\_thumbnail()
functions in the TIFF document backend in GNOME Evince through 3.32.0
did
not handle errors from TIFFReadRGBAImageOriented(), leading to
uninitialized memory use when pr...The tiff\_document\_render() and tiff\_document\_get\_thumbnail()
functions in the TIFF document backend in GNOME Evince through 3.32.0
did
not handle errors from TIFFReadRGBAImageOriented(), leading to
uninitialized memory use when processing certain TIFF image files.
### Reference:
https://gitlab.gnome.org/GNOME/evince/issues/1129
### Patch:
https://gitlab.gnome.org/GNOME/evince/commit/234f034a4d15cd46dd556f4945f99fbd57ef5f15
*(from redmine: issue id 10622, created on 2019-06-25, closed on 2019-07-09)*
* Relations:
* parent #10621
* Changesets:
* Revision 21b65c26f6a56dd83992ba9783befc0455e3bdb0 by Natanael Copa on 2019-07-08T12:20:43Z:
```
community/evince: fix CVE-2019-11459
remove unused patch
fixes #10622
```3.11.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/10616[3.11] libvirt: Multiple vulnerabilities (CVE-2019-10161, CVE-2019-10166, CVE...2019-07-23T11:06:40ZAlicha CH[3.11] libvirt: Multiple vulnerabilities (CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168)CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
-----------------------------------------------------------------------------
It was discovered that libvirtd would permit readonly clients to use
the
virDo...CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
-----------------------------------------------------------------------------
It was discovered that libvirtd would permit readonly clients to use
the
virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which
would be accessed with the permissions of the libvirtd process. An
attacker with access to the libvirtd socket could use this to probe
the
existence of arbitrary files, cause denial of service or cause
libvirtd
to execute arbitrary programs.
This vulnerability was first present in libvirt v0.9.4.
### Fixed In Version:
libvirt 4.10.1, libvirt 5.4.1
### References:
https://security-tracker.debian.org/tracker/CVE-2019-10161
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2019-10161
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580
CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients
-----------------------------------------------------------------------------
It was discovered that libvirtd would permit readonly clients to use
the
virDomainManagedSaveDefineXML() API, which would permit them to modify
managed save state files. If a managed save had already been created
by
a privileged user, a local attacker could modify this file such that
libvirtd would execute an arbitrary program when the domain was resumed.
This vulnerability was first present in libvirt v3.6.1.
### Fixed In Version:
libvirt 4.10.1, libvirt 5.4.1
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2019-10166
https://security-tracker.debian.org/tracker/CVE-2019-10166
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=db0b78457f183e4c7ac45bc94de86044a1e2056a
CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API
-----------------------------------------------------------------------------------
The virConnectGetDomainCapabilities() libvirt API accepts an
“emulatorbin”
argument to specify the program providing emulation for a domain.
Since
v1.2.19, libvirt will execute that program to probe the domain’s
capabilities. Read-only clients could specify an arbitrary path for
this
argument, causing libvirtd to execute a crafted executable with its own
### Fixed In Version:
libvirt 4.10.1, libvirt 5.4.1
### References:
https://security-tracker.debian.org/tracker/CVE-2019-10167
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26
CVE-2019-10168: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
-----------------------------------------------------------------------------------------------------------------------
The virConnectBaselineHypervisorCPU() and
virConnectCompareHypervisorCPU()
libvirt APIs accept an “emulator” argument to specify the program
providing
emulation for a domain. Since v1.2.19, libvirt will execute that program
to
probe the domain’s capabilities. Read-only clients could specify an
arbitrary
path for this argument, causing libvirtd to execute a crafted executable
with
its own privileges.
### Fixed In Version:
libvirt 4.10.1, libvirt 5.4.1
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2019-10168
https://security-tracker.debian.org/tracker/CVE-2019-10168
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=bf6c2830b6c338b1f5699b095df36f374777b291
*(from redmine: issue id 10616, created on 2019-06-25, closed on 2019-07-04)*
* Relations:
* parent #106153.11.0Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10605OpenSMTPd 6.4.x2019-12-05T07:45:11ZKévin GuignardOpenSMTPd 6.4.xOpenSMTPd package is already available, but not the latest version
**6.4.1** *<span lang="1"></span>*.
However since **6.4.0** *<span lang="2"></span>* the configuration file
syntax has been completely reworked, breaking compatibility w...OpenSMTPd package is already available, but not the latest version
**6.4.1** *<span lang="1"></span>*.
However since **6.4.0** *<span lang="2"></span>* the configuration file
syntax has been completely reworked, breaking compatibility with
previous configuration files
and OpenSMTPD now depends on LibreSSL as an SSL library (efforts will no
longer be done to support OpenSSL too).
Do you plan to provide OpenSMTPd, maybe in a new package
“opensmtpd-6.4”, with the new features (including the incoming ECDSA
support) ?
*<span lang="1"></span>*
https://www.opensmtpd.org/announces/release-6.4.1.txt
*<span lang="2"></span>*
https://www.opensmtpd.org/announces/release-6.4.0.txt
*(from redmine: issue id 10605, created on 2019-06-23)*3.11.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/10601[3.11] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)2019-07-24T09:55:29ZAlicha CH[3.11] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)Insufficient vetting of parameters passed with the \`Prompt:Open\`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combin...Insufficient vetting of parameters passed with the \`Prompt:Open\`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combined with additional vulnerabilities
this could result in executing arbitrary code on the user’s computer.
### Fixed In Version:
Firefox ESR 60.7.2
### Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
*(from redmine: issue id 10601, created on 2019-06-21, closed on 2019-06-28)*
* Relations:
* parent #10600
* Changesets:
* Revision ed5e768abd1db57117bb63de5dcff4da11d0576e on 2019-06-27T14:41:49Z:
```
community/firefox-esr: security upgrade to 60.7.2 (CVE-2019-11708)
fixes #10601
```3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10589[3.11] samba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)2019-07-23T11:06:49ZAlicha CH[3.11] samba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
----------------------------------------------------------------------------------
The (poorly named) dnsserver RPC pipe provides administrative
facili...CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
----------------------------------------------------------------------------------
The (poorly named) dnsserver RPC pipe provides administrative
facilities to modify DNS records and zones.
An authenticated user can crash the RPC server process via a NULL
pointer de-reference.
There is no further vulnerability associated with this issue, merely a
denial of service.
### Affected Versions:
Samba 4.9 and 4.10
### Fixed In Version:
Samba 4.9.9 and 4.10.5
### References:
https://www.samba.org/samba/security/CVE-2019-12435.html
https://www.samba.org/samba/history/security.html
### Patches:
https://download.samba.org/pub/samba/patches/security/samba-4.9.8-security-2019-06-19.patch
https://download.samba.org/pub/samba/patches/security/samba-4.10.4-security-2019-06-19.patch
CVE-2019-12436: Samba AD DC LDAP server crash (paged searches)
--------------------------------------------------------------
A user with read access to the LDAP server can crash the LDAP
server process. Depending on the Samba version and the choice
of process model, this may crash only the user’s own connection.
Specifically, while in Samba 4.10 the default is for one process per
connected client, site-specific configuration trigger can change
this.
Samba 4.10 also supports the ‘prefork’ process model and by
using the -M option to ‘samba’ and a ‘single’ process model.
Both of these share on process between multiple clients.
### Affected Versions:
All versions of Samba since Samba 4.10.0
### Fixed In Version:
Samba 4.10.5
### References:
https://www.samba.org/samba/security/CVE-2019-12436.html
### Patch:
https://download.samba.org/pub/samba/patches/security/samba-4.10.4-security-2019-06-19.patch
*(from redmine: issue id 10589, created on 2019-06-20, closed on 2019-06-21)*
* Relations:
* parent #10588
* Changesets:
* Revision bcc49b4c70d8234ad73c32628b01f58554ec5b5e on 2019-06-20T08:09:34Z:
```
main/samba: security upgrade to 4.10.5
CVE-2019-12435
CVE-2019-12436
fixes #10589
```
* Revision a80d49fcecdaa5350d709fc4e9b5d71716661eb7 on 2019-06-20T08:43:16Z:
```
main/samba: security upgrade to 4.10.5
CVE-2019-12435
CVE-2019-12436
fixes #10589
```3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10586udhcpc default config missing in minirootfs - no IPv4 connectivity2020-07-08T11:35:17ZTaylor Buchananudhcpc default config missing in minirootfs - no IPv4 connectivityI’ve been messing around with using minirootfs as a base for lxc with
s6. However, IPv4 connectivity doesn’t seem to work by default (not
setting IP on interface). I was able to get it working by copying
/usr/share/udhcpc/default.script ...I’ve been messing around with using minirootfs as a base for lxc with
s6. However, IPv4 connectivity doesn’t seem to work by default (not
setting IP on interface). I was able to get it working by copying
/usr/share/udhcpc/default.script from the main alpine lxc image.
The default config currently resides in busybox-initscripts which is not
deployed on minirootfs since it has primarily been focused around
Docker. After a brief chat with Natanael on IRC he said it might be
better located in the busybox package. I agree in this case since
minirootfs is targeted towards containers and LXC on Proxmox can be
configured to use DHCP.
*(from redmine: issue id 10586, created on 2019-06-18)*3.11.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10581Upgrade MPFR2019-12-19T14:56:24ZalgitbotUpgrade MPFRMPFR is on version 4.0.2 but Alpine still uses 3.1.5.
Would be good to update the version for Alpine 3.10 release
*(from redmine: issue id 10581, created on 2019-06-15)*MPFR is on version 4.0.2 but Alpine still uses 3.1.5.
Would be good to update the version for Alpine 3.10 release
*(from redmine: issue id 10581, created on 2019-06-15)*3.11.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/10258Nginx init-script not working when /var/tmp is bind-mounted to /tmp2019-07-12T15:46:45ZMiguel Da SilvaNginx init-script not working when /var/tmp is bind-mounted to /tmpThe nginx init script requires an existing directory /var/tmp/nginx.
In case the /var/tmp directory is bind-mounted to /tmp and therefore
wiped on each reboot, nginx refuses to start.
It is suggested to create the missing directory in...The nginx init script requires an existing directory /var/tmp/nginx.
In case the /var/tmp directory is bind-mounted to /tmp and therefore
wiped on each reboot, nginx refuses to start.
It is suggested to create the missing directory in case it is not there
yet.
See the proposal in the attached patch file
*(from redmine: issue id 10258, created on 2019-04-15, closed on 2019-06-03)*
* Relations:
* relates #9364
* Changesets:
* Revision 8ded1028a7bcdabc411b39367920a61f7919fdd6 by Natanael Copa on 2019-06-21T10:20:45Z:
```
Revert "main/nginx: move /var/lib/nginx/tmp to /var/tmp/nginx"
FHS-3.0 says that /var/tmp should survive reboots, but for it is common
practice to ignore FHS for security reasons and wipe dirs that are world
writable.
There is no good reason to store nginx data under a world writable
directory, so move it back to /var/lib/nginx/tmp. Other distros does
something similar.
fixes #9246
fixes #10258
ref #9364
This reverts commit d6d624a149ca62af8679baf9cc99ce1354c190f0.
```
* Uploads:
* [0001-nginx-missing-directory.patch](/uploads/cb4568118481ecf44c8122d6a75133f3/0001-nginx-missing-directory.patch)3.11.0Jakub JirutkaJakub Jirutka