aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2021-02-23T19:46:03Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11857libvirt: potential DoS by holding a monitor job while querying QEMU guest-age...2021-02-23T19:46:03ZAlicha CHlibvirt: potential DoS by holding a monitor job while querying QEMU guest-agent (CVE-2019-20485)qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
#### Reference:
https://nvd.nist.gov/vuln/detail/CV...qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-20485
#### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc
### Affected branches:
* [x] master (9148d7c169a087f453eaaf2631fb09b8f8ce6fe6)
* [x] 3.12-stable (9148d7c169a087f453eaaf2631fb09b8f8ce6fe6)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable3.11.7Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11854pcre: integer overflow in libpcre (CVE-2020-14155)2020-12-10T12:07:38ZAlicha CHpcre: integer overflow in libpcre (CVE-2020-14155)libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
#### Fixed In Version:
pcre 8.44
#### Reference:
* https://nvd.nist.gov/vuln/detail/CVE-2020-14155
* https://www.pcre.org/original/chang...libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
#### Fixed In Version:
pcre 8.44
#### Reference:
* https://nvd.nist.gov/vuln/detail/CVE-2020-14155
* https://www.pcre.org/original/changelog.txt
### Affected branches:
* [x] master (47b52e878e5d803ceb888a1404a311e19f30cb6e)
* [x] 3.12-stable (47b52e878e5d803ceb888a1404a311e19f30cb6e)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable3.11.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12067open-iscsi 2.1.0 broken with CHAP md52020-11-04T07:21:41ZHenrik Riomaropen-iscsi 2.1.0 broken with CHAP md5The CHAP support in 2.1.0 does not work with CHAP md5, used by for instance tgtd and Synology.
This was fixed in 2.1.1 with the following PR:
https://github.com/open-iscsi/open-iscsi/pull/182
Upstream issue:
https://github.com/open-i...The CHAP support in 2.1.0 does not work with CHAP md5, used by for instance tgtd and Synology.
This was fixed in 2.1.1 with the following PR:
https://github.com/open-iscsi/open-iscsi/pull/182
Upstream issue:
https://github.com/open-iscsi/open-iscsi/issues/180
Please backport 2.1.2 from edge to v3.12 and v3.11 (where 2.1.0 was introduced)3.11.7Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11448Bootstrapping aarch64 on x86_64 with 3.11-stable fails due to issue with pkgconf2020-06-08T09:13:29ZDaniel KuleszBootstrapping aarch64 on x86_64 with 3.11-stable fails due to issue with pkgconfI am building on 3.11.6 from a live environment and started the build with:
./scripts/bootstrap.sh aarch64
Everything goes fine until pkgconf starts to build. It fails as follows:
```
./install-sh -c -d '/home/user/aports/main/pk...I am building on 3.11.6 from a live environment and started the build with:
./scripts/bootstrap.sh aarch64
Everything goes fine until pkgconf starts to build. It fails as follows:
```
./install-sh -c -d '/home/user/aports/main/pkgconf/pkg/pkgconf/usr/include/pkgconf'
/usr/bin/install -c -m 644 man/pkg.m4.7 '/home/user/aports/main/pkgconf/pkg/pkgconf/usr/share/man/man7'
./install-sh -c -d '/home/user/aports/main/pkgconf/pkg/pkgconf/usr/lib/pkgconfig'
./install-sh -c -d '/home/user/aports/main/pkgconf/pkg/pkgconf/usr/include/pkgconf/libpkgconf'
/usr/bin/install -c -m 644 libpkgconf.pc '/home/user/aports/main/pkgconf/pkg/pkgconf/usr/lib/pkgconfig'
./install-sh -c -d '/home/user/aports/main/pkgconf/pkg/pkgconf/usr/bin'
/usr/bin/install -c -m 644 libpkgconf/bsdstubs.h libpkgconf/iter.h libpkgconf/libpkgconf.h libpkgconf/stdinc.h libpkgconf/libpkgconf-api.h '/home/user/aports/main/pkgconf/pkg/pkgconf/usr/include/pkgconf/libpkgconf'
/bin/sh ./libtool --mode=install /usr/bin/install -c pkgconf '/home/user/aports/main/pkgconf/pkg/pkgconf/usr/bin'
libtool: warning: 'libpkgconf.la' has not been installed in '/usr/lib'
libtool: install: /usr/bin/install -c .libs/pkgconf /home/user/aports/main/pkgconf/pkg/pkgconf/usr/bin/pkgconf
make[1]: Leaving directory '/home/user/aports/main/pkgconf/src/pkgconf-1.6.3'
>>> pkgconf-doc*: Running split function doc...
>>> pkgconf-doc*: Preparing subpackage pkgconf-doc...
>>> pkgconf-doc*: Running postcheck for pkgconf-doc
>>> pkgconf-dev*: Running split function dev...
>>> pkgconf-dev*: Preparing subpackage pkgconf-dev...
>>> pkgconf-dev*: Stripping binaries
>>> pkgconf-dev*: Running postcheck for pkgconf-dev
>>> WARNING: pkgconf-dev*: Found static archive on usr/lib/libpkgconf.a but name doesn't end with -static
>>> pkgconf*: Running postcheck for pkgconf
>>> pkgconf*: Preparing package pkgconf...
>>> pkgconf*: Stripping binaries
strip: Unable to recognise the format of the input file `./usr/bin/pkgconf'
>>> ERROR: pkgconf*: prepare_package failed
>>> ERROR: pkgconf: rootpkg failed
>>> pkgconf: Uninstalling dependencies...
(1/5) Purging .makedepends-pkgconf (20200426.060215)
(2/5) Purging build-base-aarch64 (0.5-r1)
(3/5) Purging gcc-aarch64 (9.2.0-r4)
(4/5) Purging binutils-aarch64 (2.33.1-r0)
(5/5) Purging g++-aarch64 (9.2.0-r4)
Executing busybox-1.31.1-r9.trigger
OK: 254 MiB in 80 packages
(1/1) Purging .hostdepends-pkgconf (20200426.060216)
OK: 16 MiB in 6 packages
```3.11.7