aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-12T14:32:25Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1130CPU Stuck on Hyper-V Alpine 2.4 64-bit Virtual Machine2019-07-12T14:32:25ZDuane HughesCPU Stuck on Hyper-V Alpine 2.4 64-bit Virtual MachineHi,
Running Alpine 2.4.1-x86\_64 (Linux 3.3.4-grsec (x86\_64)) on Hyper-V
R2, and get the following when booting:
* Loading hardware drivers ...
BUG: soft lockup - CPU#0 stuck for 23s! [modprobe:813]
This doesn’t happen with 3...Hi,
Running Alpine 2.4.1-x86\_64 (Linux 3.3.4-grsec (x86\_64)) on Hyper-V
R2, and get the following when booting:
* Loading hardware drivers ...
BUG: soft lockup - CPU#0 stuck for 23s! [modprobe:813]
This doesn’t happen with 32-bit Alpine 2.4.1. Is this alpine or kernel
related?
*(from redmine: issue id 1130, created on 2012-05-08, closed on 2012-05-08)*
* Relations:
* duplicates #1021Alpine 2.4.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/1123[v2.4] samba<3.6.5: Incorrect permission checks (CVE-2012-2111)2019-07-23T14:34:34ZNatanael Copa[v2.4] samba<3.6.5: Incorrect permission checks (CVE-2012-2111)Description
-----------
Samba versions 3.4.x to 3.6.4 inclusive are affected by a
vulnerability that allows arbitrary users to modify privileges on a
file server.
Security checks were incorrectly applied to the Local Security
Aut...Description
-----------
Samba versions 3.4.x to 3.6.4 inclusive are affected by a
vulnerability that allows arbitrary users to modify privileges on a
file server.
Security checks were incorrectly applied to the Local Security
Authority (LSA) remote proceedure calls (RPC) CreateAccount,
OpenAccount, AddAccountRights and RemoveAccountRights allowing any
authenticated user to modify the privileges database.
This is a serious error, as it means that authenticated users can
connect to the LSA and grant themselves the “take ownership”
privilege. This privilege is used by the smbd file server to grant the
ability to change ownership of a file or directory which means users
could take ownership of files or directories they do not own.
Patch Availability
------------------
Patches addressing this issue have been posted to:
http://www.samba.org/samba/security/
Additionally, Samba 3.6.5, Samba 3.5.15 and 3.4.17 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at:
http://samba.org/samba/patches/
Samba administrators running affected versions are advised to upgrade
to 3.6.5, 3.5.15, or 3.4.17 or apply these patches as soon as
possible.
Workaround
----------
Immediately set the “enable privileges = no” parameter in the
\[global\]
section of the smb.conf. This will prevent any further use of granted
privileges on the file server and protect from compromise.
To remove any incorrectly granted privileges, remove the file:
account\_policy.tdb
from your system, and once the patch is applied re-grant specified
user privileges using the “net rpc rights” command.
Credits
-------
This vulnerability was reported by Ivano Cristofolini. Many thanks to
him for reporting this promptly.
Patches were created by Jeremy Allison of the Samba Team, and reviewed
by Guenther Deschner of the Samba Team, the SUSE Security Team, and
Tyler Hicks of Canonical.
Reference
---------
http://www.samba.org/samba/security/CVE-2012-2111
*(from redmine: issue id 1123, created on 2012-05-07, closed on 2012-05-07)*
* Changesets:
* Revision 6159ade2c62c21a121371ab81cc92242c15ab4b8 by Natanael Copa on 2012-05-07T07:53:23Z:
```
main/samba: security upgrade to 3.6.5 (CVE-2012-2111)
fixes #1123
```
* Revision 278c49ce5052b39cd9c7832222756bad681c14bf by Natanael Copa on 2012-05-07T07:55:29Z:
```
main/samba: security upgrade to 3.6.5 (CVE-2012-2111)
fixes #1123
(cherry picked from commit 6159ade2c62c21a121371ab81cc92242c15ab4b8)
```Alpine 2.4.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1122apk version does not list installed packages2019-07-23T14:34:36ZMika Havelaapk version does not list installed packagesRunning \`apk version\` does not show anything useful (or it’s behaving
differently than it used to do).
mh-netbook:~$ sudo apk version
Installed: Available:
mh-netbook:~$
I’m not sure exactl...Running \`apk version\` does not show anything useful (or it’s behaving
differently than it used to do).
mh-netbook:~$ sudo apk version
Installed: Available:
mh-netbook:~$
I’m not sure exactly when it appeared.
Here’s some info that might be useful.
egrep -iv "^#" /etc/apk/repositories
http://dl-3.alpinelinux.org/alpine/v2.4/main
http://dl-3.alpinelinux.org/alpine/edge/testing
mh-netbook:~$ apk version apk-tools
Installed: Available:
apk-tools-2.3.1-r1 = 2.3.1-r1
(As you can see \`apk version\` provides info when specifying a specific
package)
A workaround is \`apk info | xargs apk version\`.
*(from redmine: issue id 1122, created on 2012-05-06, closed on 2012-05-07)*
* Changesets:
* Revision a6b28beef055c9c454fba49d02995765e6f3aeab by Natanael Copa on 2012-05-07T08:53:45Z:
```
ver: show all packages with -v
ref #1122
```
* Revision 2de0251997cc8d2868931912065f83bd94b6e574 by Natanael Copa on 2012-05-07T11:29:06Z:
```
main/apk-tools: misc apk-tools improvements
fixes #1122
```
* Revision 204b4caa13b128b69d4b19df1cd0858d63f93bb4 by Natanael Copa on 2012-05-07T11:32:51Z:
```
main/apk-tools: misc apk-tools improvements
fixes #1122
(cherry picked from commit 2de0251997cc8d2868931912065f83bd94b6e574)
```Alpine 2.4.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1121[v2.4] php<5.3.12: PHP-CGI query string parameter vulnerability (CVE-2012-1823)2019-07-23T14:34:37ZNatanael Copa[v2.4] php<5.3.12: PHP-CGI query string parameter vulnerability (CVE-2012-1823)https://bugs.php.net/bug.php?id=61910
CVE: CVE-2012-1823
KEYWORDS:
php
php-cgi
OVERVIEW
--------
PHP-CGI-based setups contain a vulnerability when parsing query
string parameters from php files.
DESCRIPTION
-----------
Accord...https://bugs.php.net/bug.php?id=61910
CVE: CVE-2012-1823
KEYWORDS:
php
php-cgi
OVERVIEW
--------
PHP-CGI-based setups contain a vulnerability when parsing query
string parameters from php files.
DESCRIPTION
-----------
According to PHP’s website, “PHP is a widely-used general-purpose
scripting language that is especially suited for Web development and
can be embedded into HTML.” When PHP is used in a CGI-based setup
(such as Apache’s mod\_cgid), the php-cgi receives a processed query
string parameter as command line arguments which allows command-line
switches, such as -s, -d or -c to be passed to the php-cgi binary,
which can be exploited to disclose source code and obtain arbitrary
code execution.
An example of the -s command, allowing an attacker to view the source
code of index.php is below:
http://localhost/index.php?-s
IMPACT
------
A remote unauthenticated attacker could obtain sensitive information,
cause a denial of service condition or may be able to execute
arbitrary code with the privileges of the web server.
SOLUTION
--------
We are currently unaware of a practical solution to this problem.
REFERENCES
----------
http://www.php.net/
http://www.php.net/manual/en/security.cgi-bin.php
CREDIT
------
Thanks to De Eindbazen for reporting this vulnerability.
This document was written by Michael Orlando.
*(from redmine: issue id 1121, created on 2012-05-04, closed on 2012-05-07)*
* Changesets:
* Revision 3094cc97b38c43163f36e8de49b1be8a57f0d7cc by Natanael Copa on 2012-05-07T08:48:33Z:
```
main/php: security upgrade to 5.3.12 (CVE-2012-1823)
fixes #1121
```
* Revision ef73ee2da84cecb091cdfd5267e645a7cb0aa517 by Natanael Copa on 2012-05-07T08:48:58Z:
```
main/php: security upgrade to 5.3.12 (CVE-2012-1823)
fixes #1121
(cherry picked from commit 3094cc97b38c43163f36e8de49b1be8a57f0d7cc)
```Alpine 2.4.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1120HAProxy fails to start2019-07-23T14:34:38ZDuane HughesHAProxy fails to startIn haproxy-1.4.18-r2 it seems that /usr/bin/haproxy moved to
/usr/sbin/haproxy, so current init script fails with error reporting
that it cannot find /usr/bin/haproxy. Need to s/bin/sbin/ in
/etc/init.d/haproxy.
Thanks!
*(from redmine...In haproxy-1.4.18-r2 it seems that /usr/bin/haproxy moved to
/usr/sbin/haproxy, so current init script fails with error reporting
that it cannot find /usr/bin/haproxy. Need to s/bin/sbin/ in
/etc/init.d/haproxy.
Thanks!
*(from redmine: issue id 1120, created on 2012-05-04, closed on 2012-05-07)*
* Changesets:
* Revision 73ff75dc2cad984f4bb65267e6637ccb0aa3ae02 by Natanael Copa on 2012-05-04T06:33:06Z:
```
main/haproxy: fix init.d script
fixes #1120
```
* Revision 2836e773760085b85aaaa7e42fe470bcdcfd7dd6 by Natanael Copa on 2012-05-04T06:34:25Z:
```
main/haproxy: fix init.d script
fixes #1120
(cherry picked from commit 73ff75dc2cad984f4bb65267e6637ccb0aa3ae02)
```Alpine 2.4.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1114linux-firmware missing firmware for bnx2 nic2019-07-23T14:34:44ZCameron Bantalinux-firmware missing firmware for bnx2 nicGet an error in dmesg on boot that the following file is missing:
/lib/firmware/bnx2/bnx2-mips-06-6.2.3.fw
Other firmware for the bnx2 does exist there, but not that version.
This is from edge as of this date.
Copying the file in m...Get an error in dmesg on boot that the following file is missing:
/lib/firmware/bnx2/bnx2-mips-06-6.2.3.fw
Other firmware for the bnx2 does exist there, but not that version.
This is from edge as of this date.
Copying the file in make the driver work fine.
*(from redmine: issue id 1114, created on 2012-04-23, closed on 2012-05-07)*
* Changesets:
* Revision edfb30fea7f51de556723fa53a72a646c8938f88 by Natanael Copa on 2012-05-04T13:59:14Z:
```
main/linux-firmware: use proper firmware source
fixes #1114
```
* Revision e1ca95b6690ece0cbfe3757c9d00b34dd4845135 by Natanael Copa on 2012-05-04T14:17:08Z:
```
main/linux-firmware: use proper firmware source
fixes #1114
(cherry picked from commit edfb30fea7f51de556723fa53a72a646c8938f88)
```Alpine 2.4.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/1096[v2.4] Multiple vulnerabilities in phpmyadmin < 3.4.10.2 may allow remote inf...2019-07-23T14:34:59ZLeonardo Arena[v2.4] Multiple vulnerabilities in phpmyadmin < 3.4.10.2 may allow remote information disclosure and XSShttp://www.phpmyadmin.net/home\_page/security/PMASA-2012-1.php
http://www.phpmyadmin.net/home\_page/security/PMASA-2012-2.php
Solution:
\- Upgrade to 3.4.10.2
*(from redmine: issue id 1096, created on 2012-04-10, closed on 2012-05-...http://www.phpmyadmin.net/home\_page/security/PMASA-2012-1.php
http://www.phpmyadmin.net/home\_page/security/PMASA-2012-2.php
Solution:
\- Upgrade to 3.4.10.2
*(from redmine: issue id 1096, created on 2012-04-10, closed on 2012-05-07)*
* Changesets:
* Revision 1ec60473f59384e9e75ed2ad07711b00a569a8c0 by Natanael Copa on 2012-05-03T06:23:30Z:
```
main/phpmyadmin: security upgrade to 3.4.10.2 (CVE-2012-1190,CVE-2012-1902)
fixes #1096
```Alpine 2.4.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/946replace "opts=" in various init.d scripts2019-07-12T14:30:50ZNatanael Copareplace "opts=" in various init.d scriptsThe *opts=…* in the init.d script should be replaced with
*extra\_commands*, *extra\_started\_commands* or
*extra\_stopped\_commands*.
Please see \#898 for more details.
- main/nginx
- main/pgcluster
- testing/rsyslog
*(from re...The *opts=…* in the init.d script should be replaced with
*extra\_commands*, *extra\_started\_commands* or
*extra\_stopped\_commands*.
Please see \#898 for more details.
- main/nginx
- main/pgcluster
- testing/rsyslog
*(from redmine: issue id 946, created on 2012-01-19, closed on 2012-05-07)*
* Relations:
* parent #898
* Changesets:
* Revision 41329347c2a22370231bcc8fe581fbddf035e15c by Cameron Banta on 2012-01-19T21:30:37Z:
```
main/nginx: update to 1.0.11 and replace "opts=" in init.d script
ref #946
ref #898
```
* Revision 5bedeb376d8641b4567bee777b0d5584fc95c47f by Cameron Banta on 2012-01-23T07:22:18Z:
```
testing/rsyslog: update to 5.8.7 and replace "opts=" in init.d script
ref #946
ref #898
```
* Revision db4d4b9caabb337b737ec40986c362f836ab23bb by Natanael Copa on 2012-05-07T09:31:36Z:
```
main/pgcluster: replace opts in init.d scripts
fixes #946
```
* Revision 56f1ed4d0b525b9bc000047bea70809ba1711c4a by Natanael Copa on 2012-05-07T09:32:08Z:
```
main/pgcluster: replace opts in init.d scripts
fixes #946
(cherry picked from commit db4d4b9caabb337b737ec40986c362f836ab23bb)
```Alpine 2.4.1Cameron BantaCameron Banta2012-04-01https://gitlab.alpinelinux.org/alpine/aports/-/issues/741php-pdo_pgsql and php-pgsql depends on postgrersql (server)2019-07-12T14:29:05ZNatanael Copaphp-pdo_pgsql and php-pgsql depends on postgrersql (server)I wonder if it would be enough if they depended on the postgresql-client
*(from redmine: issue id 741, created on 2011-08-31, closed on 2012-05-07)*
* Changesets:
* Revision 12aeffb20777458004c76c6c2339db003c083c81 by Natanael Copa ...I wonder if it would be enough if they depended on the postgresql-client
*(from redmine: issue id 741, created on 2011-08-31, closed on 2012-05-07)*
* Changesets:
* Revision 12aeffb20777458004c76c6c2339db003c083c81 by Natanael Copa on 2012-05-07T11:32:22Z:
```
main/php: update depends for postgresql plugins
fixes #741
```
* Revision cf51994bd3479e62c75255aacce17764cfcf4be0 by Natanael Copa on 2012-05-07T11:33:03Z:
```
main/php: update depends for postgresql plugins
fixes #741
(cherry picked from commit 12aeffb20777458004c76c6c2339db003c083c81)
```Alpine 2.4.1Natanael CopaNatanael Copa