aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-12T14:23:34Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/166wanpipe drivers2019-07-12T14:23:34ZTimo Teräswanpipe driversIncorporate wanpipe drivers from:
http://wiki.sangoma.com/wanpipe-linux-drivers
Will probably require fixing the build script to not touch kernel
sources. But it would be really nice to have these in Alpine.
*(from redmine: issue id...Incorporate wanpipe drivers from:
http://wiki.sangoma.com/wanpipe-linux-drivers
Will probably require fixing the build script to not touch kernel
sources. But it would be really nice to have these in Alpine.
*(from redmine: issue id 166, created on 2009-09-16, closed on 2013-10-02)*
* Changesets:
* Revision 04efd3f9aa7e80a15988f0ae9553200afad82e60 by Natanael Copa on 2012-03-02T13:55:35Z:
```
testing/wanpipe-grsec: new aport
Sangoma Wanpipe drivers for grsec kernel
http://wiki.sangoma.com/wanpipe-linux-drivers
ref #166
```Alpine 2.7.02012-10-01https://gitlab.alpinelinux.org/alpine/aports/-/issues/755Errors before/in init when running from ram on sda12019-07-12T14:29:13ZCarlo LandmeterErrors before/in init when running from ram on sda1When booting current edge the following will be displayed just before
init (boot is OK):
mkdir: can’t create directory ’’: no such file or directory
mount: can’t find /media/sda1 in fstab
I am using grub:
title ISCSI SCST
root (hd...When booting current edge the following will be displayed just before
init (boot is OK):
mkdir: can’t create directory ’’: no such file or directory
mount: can’t find /media/sda1 in fstab
I am using grub:
title ISCSI SCST
root (hd0,0)
kernel /boot/scst alpine\_dev=sda1:ext3
modloop=/boot/scst.modloop.squashfs
modules=loop,squashfs,sd-mod,usb-storage
initrd /boot/scst.gz
title ISCSI SCST UUID
root (hd0,0)
kernel /boot/scst
alpine\_dev=UUID=0b149c29-d3bf-41ed-90e6-b88a92d334e5:ext3
modloop=/boot/scst.modloop.squashfs
modules=loop,squashfs,sd-mod,usb-storage
initrd /boot/scst.gz
Both entries have similar issues.
*(from redmine: issue id 755, created on 2011-10-06, closed on 2013-10-18)*Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/849script for migration from dnscache to unbound2019-07-12T14:30:04ZNatanael Copascript for migration from dnscache to unboundScript should parse the dnscache configuration and set up a
corresponding unbound config.
Can be implemented in either shell or lua.
*(from redmine: issue id 849, created on 2011-12-02, closed on 2013-11-06)*Script should parse the dnscache configuration and set up a
corresponding unbound config.
Can be implemented in either shell or lua.
*(from redmine: issue id 849, created on 2011-12-02, closed on 2013-11-06)*Alpine 2.7.0Natanael CopaNatanael Copa2012-10-01https://gitlab.alpinelinux.org/alpine/aports/-/issues/897upgrade lua to 5.22019-07-12T14:30:27ZNatanael Copaupgrade lua to 5.2This includes rebuild all the lua modules.
We also need figure out if we want /usr/bin/lua or /usr/bin/lua5.2 or
both.
We also need figure out if we want keep a lua5.1 and if so, what do we
do with 3rd party modules and 5.1?
*(from r...This includes rebuild all the lua modules.
We also need figure out if we want /usr/bin/lua or /usr/bin/lua5.2 or
both.
We also need figure out if we want keep a lua5.1 and if so, what do we
do with 3rd party modules and 5.1?
*(from redmine: issue id 897, created on 2012-01-06, closed on 2013-10-31)*Alpine 2.7.0Natanael CopaNatanael Copa2012-10-01https://gitlab.alpinelinux.org/alpine/aports/-/issues/1154request : shorewall 4.5 and shorewall62019-07-23T14:34:04ZNicolas Schmerberrequest : shorewall 4.5 and shorewall6It would be nice to have a recent shorewall (4.5.3) and its companion
tool for ipv6 manipulation shorewall6.
Links :
http://www.shorewall.net/
source :
-
http://france.shorewall.net/pub/4.5/shorewall-4.5.3/shorewall-4.5.3.tar.bz2 ...It would be nice to have a recent shorewall (4.5.3) and its companion
tool for ipv6 manipulation shorewall6.
Links :
http://www.shorewall.net/
source :
-
http://france.shorewall.net/pub/4.5/shorewall-4.5.3/shorewall-4.5.3.tar.bz2
-
http://france.shorewall.net/pub/4.5/shorewall-4.5.3/shorewall6-4.5.3.tar.bz2
*(from redmine: issue id 1154, created on 2012-05-14, closed on 2013-11-06)*
* Changesets:
* Revision 31244fed0df5f208ba5501ed7c0fa888d35c989b by Natanael Copa on 2013-10-18T20:47:12Z:
```
testing/shorewall6: new aport
ref #1154
```
* Revision 0eb75c46cc856896ec25325e1d0673b673ee639e by Natanael Copa on 2013-11-06T15:00:43Z:
```
main/shorewall*: upgrade to 4.5.21.3
fixes #1154
```Alpine 2.7.02012-10-01https://gitlab.alpinelinux.org/alpine/aports/-/issues/1337setup-bootable, and boot media mounting improvements2019-07-23T14:18:35ZTimo Terässetup-bootable, and boot media mounting improvementsThe new setup-bootable unconditionally overwrites the alpine\_dev boot
option with UUID=xxx style line.
This has following implications:
- apk repositories, and lbu media need to be updated if UUID changes
- setup-bootable help tex...The new setup-bootable unconditionally overwrites the alpine\_dev boot
option with UUID=xxx style line.
This has following implications:
- apk repositories, and lbu media need to be updated if UUID changes
- setup-bootable help text is misleading (-u says “Keep existing
syslinux.cfg” which is not true without -k)
- it also overwrites LABEL=xxx things
Suggestions:
- do not touch alpine\_dev if it is LABEL=xxx style
- maybe plain or UUID style alpine\_dev should be mounted as
/media/boot, so we get consistent mount point for other config
files?
- could we drop UUID= from the mount point name? /media/UUID=xxx is
inconvenient
- additionally we might need to pass initial mount options when
mounting boot media, an ability to do that would be nice (e.g. -o
barrier=0 is useful in certain cases)
*(from redmine: issue id 1337, created on 2012-08-23, closed on 2013-11-06)*
* Relations:
* duplicates #2258Alpine 2.7.0Natanael CopaNatanael Copa2012-10-01https://gitlab.alpinelinux.org/alpine/aports/-/issues/1340Software raid startup broken2019-07-23T14:31:28ZCarlo LandmeterSoftware raid startup brokenWhen using software raid on Alpine 2.4 and having udev installed, im
unable to make it start properly by init.
First of all udev has a script which will try to start it
/lib/udev/rules.d/64-md-raid.rules, because udev is run before my ...When using software raid on Alpine 2.4 and having udev installed, im
unable to make it start properly by init.
First of all udev has a script which will try to start it
/lib/udev/rules.d/64-md-raid.rules, because udev is run before my raid
module is loaded, the raid will be started as inactive.
I can prevent this behavior by adding an empty file
/etc/udev/rules.d/64-md-raid.rules which prevents udev to start the
array and have the default scripts jump in.
After doing the above I still run into another issue. The new way of
handling raid devices are based on names. Linux raid will auto number md
devices (starting from 127 and down) and should create a symlink to
/dev/md/devicename to be access. After trying a few options, I am not
able to have this symlink although mdadm outputs it has started it.
mdadm.conf I used was
ARRAY /dev/md/stripe metadata=1.2
UUID=9dbff4d2:b343c7fe:4bca5b42:d2053de1 name=xen:stripe
I had to switch back the old naming like:
ARRAY /dev/md0 UUID=9dbff4d2:b343c7fe:4bca5b42:d2053de1
This starts the array as md0 again and init script work again.
*(from redmine: issue id 1340, created on 2012-08-24, closed on 2013-11-06)*Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1464Alpine 2.5.0 rc2 x86 will not boot in a Hyper-V VM2019-07-23T14:29:46ZJeff Bilykjbilyk@gmail.comAlpine 2.5.0 rc2 x86 will not boot in a Hyper-V VMTested with both the grsec and vserver kernels. For grsec, a general
protection fault occurs and boot halts. For vserver, “BUG: unable to
handle kernel NULL pointer dereference at …” and an OOPS later on.
*(from redmine: issue id 1464,...Tested with both the grsec and vserver kernels. For grsec, a general
protection fault occurs and boot halts. For vserver, “BUG: unable to
handle kernel NULL pointer dereference at …” and an OOPS later on.
*(from redmine: issue id 1464, created on 2012-11-06, closed on 2013-11-06)*
* Relations:
* duplicates #1021Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/1479package request: portablexdr2019-07-23T14:29:37ZNatanael Copapackage request: portablexdrI think this can replace our current rpcgen which generates broken C
code when bootstrapping libvirt from git sources.
http://people.redhat.com/~rjones/portablexdr/
*(from redmine: issue id 1479, created on 2012-11-22, closed on 2013-...I think this can replace our current rpcgen which generates broken C
code when bootstrapping libvirt from git sources.
http://people.redhat.com/~rjones/portablexdr/
*(from redmine: issue id 1479, created on 2012-11-22, closed on 2013-08-06)*Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/1483Processes leaves .pid files even if process stopped2019-07-23T14:29:35ZMika HavelaProcesses leaves .pid files even if process stoppedWhen stopping syslogd and crond I noticed that they left their pidfiles
in /var/run/{crond|syslogd}.pid
This was noticed on Alpine Linux 2.2.x
To reproduce:
/etc/init.d/syslog stop
pidof syslogd
cat /var/run/syslogd.pid
...When stopping syslogd and crond I noticed that they left their pidfiles
in /var/run/{crond|syslogd}.pid
This was noticed on Alpine Linux 2.2.x
To reproduce:
/etc/init.d/syslog stop
pidof syslogd
cat /var/run/syslogd.pid
/etc/init.d/cron stop
pidof crond
cat /var/run/crond.pid
*(from redmine: issue id 1483, created on 2012-11-28, closed on 2013-10-31)*Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1628nginx fresh install2019-07-23T14:27:36Zcybernet cybynginx fresh installafter i tried to install nginx
i tried to start it
and i got an error
getpwnam(http) failed
i dont know why and how to fix
but, why would you provide a package that with default configuration,
wont even start ?
i would like...after i tried to install nginx
i tried to start it
and i got an error
getpwnam(http) failed
i dont know why and how to fix
but, why would you provide a package that with default configuration,
wont even start ?
i would like to help this community …
*(from redmine: issue id 1628, created on 2013-03-03, closed on 2013-11-04)*
* Uploads:
* ![alpine](/uploads/36c07a35bf85959227dff3a498aaa265/alpine.png)Alpine 2.7.0Cameron BantaCameron Bantahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1788php-memcache2019-07-23T14:25:08ZDaniel Ocenophp-memcacheHello developers!
I just want to ask, please, if you can build the php-memcache apk, to
save information in RAM that we use often so we can reduce the CPU load.
Thanks for the hard work!!!
*(from redmine: issue id 1788, created on 20...Hello developers!
I just want to ask, please, if you can build the php-memcache apk, to
save information in RAM that we use often so we can reduce the CPU load.
Thanks for the hard work!!!
*(from redmine: issue id 1788, created on 2013-04-17, closed on 2013-10-25)*
* Changesets:
* Revision 9e9254edf90750eec3fd9d269e6a1c29e2882e46 by Natanael Copa on 2013-04-19T13:16:29Z:
```
testing/php-memcache: new aport
PHP memcache extension
http://pecl.php.net/package/memcache
ref #1788
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/1907Possibly useful patches for uClibc 0.9.33.22019-07-23T14:23:44ZDubiousjim .Possibly useful patches for uClibc 0.9.33.2While building a cross-compiler targeting Alpine, I had a look at what
patches Buildroot and Gentoo were applying to the toolchain, and found
some they were using that we weren’t. Among these, a casual glance made
some look not especiall...While building a cross-compiler targeting Alpine, I had a look at what
patches Buildroot and Gentoo were applying to the toolchain, and found
some they were using that we weren’t. Among these, a casual glance made
some look not especially useful for us. The rest looked like they may be
useful, or at any rate, looked like I didn’t understand well enough what
they were doing to have even a casual judgment about their usefulness. I
thought I’d link to these patches in our bugtracker so that someone more
familiar with the toolchain sources might have a look at them, and make
a more considered judgment about whether they might be useful for us
too.
http://git.buildroot.net/buildroot/tree/toolchain/uClibc has three
patches with 0.9.33.2 in the title. Looking a them casually, they look
like they’re porting some glibc functionality over to uClibc, rather
than fixing bugs. But perhaps it’s very useful functionality, or perhaps
I’ve misread them. Someone who’s more steeped in the uClibc source
should have a look.
*(from redmine: issue id 1907, created on 2013-05-18, closed on 2013-05-27)*
* Changesets:
* Revision 7d25e7fc4a44602dee310694029ce247bd0e6853 by Natanael Copa on 2013-05-21T09:35:41Z:
```
main/libc0.9.32: resync of upstream kernel features
fixes #1907
```
* Revision 3add5c2b32636e01e488c451c15442720644f486 by Natanael Copa on 2013-05-21T09:38:39Z:
```
main/libraw1394: remove unneeded patch
ref #1907
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/1909weirdness in libc0.9.32 APKBUILD2019-07-23T14:23:43ZDubiousjim .weirdness in libc0.9.32 APKBUILDbuild() has:
>local \_kh=
>…
>if \[ -n “$SYSROOT” \]; then
\_kh=KERNEL\_HEADERS=“$SYSROOT/include”; fi
>…
>make -j1 V=2 pregen KERNEL\_HEADERS=“$SYSROOT”/usr/include
CROSS=“$CROSS” || return 1
>make all V=2 KERNEL\_HEADERS=“$S...build() has:
>local \_kh=
>…
>if \[ -n “$SYSROOT” \]; then
\_kh=KERNEL\_HEADERS=“$SYSROOT/include”; fi
>…
>make -j1 V=2 pregen KERNEL\_HEADERS=“$SYSROOT”/usr/include
CROSS=“$CROSS” || return 1
>make all V=2 KERNEL\_HEADERS=“$SYSROOT/usr/include” CROSS=“$CROSS”
|| return 1
>…
\_kh is never used. Is this cruft from an earlier version?
*(from redmine: issue id 1909, created on 2013-05-18, closed on 2013-05-27)*
* Changesets:
* Revision 888a762e3e7bf47d79c8f2f87ae9c2382e936d63 by Natanael Copa on 2013-05-21T09:18:52Z:
```
main/libc0.9.32: clean up dead code
fixes #1909
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/1917Alpine configures uClibc with COMPAT_ATEXIT, the need for which seems to have...2019-07-12T14:38:32ZDubiousjim .Alpine configures uClibc with COMPAT_ATEXIT, the need for which seems to have passedIn the uClibc 0.9.33.2 sources, extra/Configs/Config.in says:
config COMPAT\_ATEXIT
bool “Old (visible) atexit Support”
help
Enable this option if you want to update from 0.9.28 to git/0.9.29,
else you will be missing atexit() u...In the uClibc 0.9.33.2 sources, extra/Configs/Config.in says:
config COMPAT\_ATEXIT
bool “Old (visible) atexit Support”
help
Enable this option if you want to update from 0.9.28 to git/0.9.29,
else you will be missing atexit() until you rebuild all apps.
It looks like we can now safely disable this.
*(from redmine: issue id 1917, created on 2013-05-19, closed on 2013-11-04)*Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2024Request for package: Monit2019-07-23T14:22:03ZV KrishnRequest for package: Monithttp://mmonit.com/monit/
(seems newer versions 5.4+ have uCLibc support)
*(from redmine: issue id 2024, created on 2013-05-29, closed on 2013-11-04)*
* Changesets:
* Revision 1ea3bbe5cbf5f795f712eb5d6333b496891aeb32 by Carlo Landm...http://mmonit.com/monit/
(seems newer versions 5.4+ have uCLibc support)
*(from redmine: issue id 2024, created on 2013-05-29, closed on 2013-11-04)*
* Changesets:
* Revision 1ea3bbe5cbf5f795f712eb5d6333b496891aeb32 by Carlo Landmeter on 2013-06-17T14:29:16Z:
```
testing/monit: new aport
a utility for monitoring and managing daemons or similar programs running on a Unix system.
ref #2024
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2114[v2.7] CVE-2013-2175 : haproxy may crash when using header occurrences relati...2019-07-23T14:20:36ZNatanael Copa[v2.7] CVE-2013-2175 : haproxy may crash when using header occurrences relative to the tailDavid Torgerson reported an haproxy crash with enough traces to
diagnose
the cause as being related to the use of a negative occurrence number
in
a header extraction, which is used to extract an entry starting from
the
last occurre...David Torgerson reported an haproxy crash with enough traces to
diagnose
the cause as being related to the use of a negative occurrence number
in
a header extraction, which is used to extract an entry starting from
the
last occurrence.
—- summary —-
Configurations at risk are those which make use of “hdr\_ip(name,–1)”
(in
1.4) or any hdr\_\* variant with a negative occurrence count in 1.5,
or
the “usesrc hdr\_ip(name)” statement in both 1.4 and 1.5. These
configurations may be crashed when run with haproxy 1.4.4 to 1.4.23 or
development versions up to and including 1.5-dev18. Versions 1.4.24
and
1.5-dev19 are safe.
—- quick workaround —-
A workaround consists in rejecting dangerous requests early using
hdr\_cnt(<name>), which is available both in 1.4 and 1.5 :
block if { hdr\_cnt(<name>) ge 10 }
—- details —-
When a config makes use of hdr\_ip(x-forwarded-for,–1) or any such
thing
involving a negative occurrence count, the header is still parsed in
the
order it appears, and an array of up to MAX\_HDR\_HISTORY entries is
created.
When more entries are used, the entries simply wrap and continue this
way.
A problem happens when the incoming header field count exactly divides
MAX\_HDR\_HISTORY, because the computation removes the number of
requested
occurrences from the count, but does not care about the risk of
wrapping
with a negative number. Thus we can dereference the array with a
negative
number and randomly crash the process.
The bug is located in http\_get\_hdr() in haproxy 1.5, and
get\_ip\_from\_hdr2()
in haproxy 1.4. It affects configurations making use of one of the
following
functions with a negative <value> occurence number :
\- hdr\_ip(<name>, <value>) (in 1.4)
- hdr\_\*(<name>, <value>) (in 1.5)
It also affects “source” statements involving “hdr\_ip(<name>)” since
that
statement implicitly uses –1 for <value> :
\- source 0.0.0.0 usesrc hdr\_ip(<name>)
This bug has been present since the introduction of the negative
offset
count in 1.4.4 via commit bce70882.
CVE-2013-2175 was assigned to this bug.
Special thanks to David Torgerson who provided a significant number of
traces, and to Ryan O’Hara from Red Hat for providing a CVE id.
—- links —-
1.4-stable patch for version <= 1.4.23 :
http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=f534af74ed
1.4.24 source code:
http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.24.tar.gz
1.5-dev patch for versions <= 1.5-dev18 :
http://git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=67dad2715b
1.5-dev19 source code:
http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev19.tar.gz
*(from redmine: issue id 2114, created on 2013-06-21, closed on 2013-07-03)*
* Relations:
* parent #2098
* Changesets:
* Revision d2207b3c4708cac6038cfbb0b7c58722e49c5c4e by Natanael Copa on 2013-06-21T13:37:42Z:
```
main/haproxy: security upgrade to 1.4.24 (CVE-2013-2175)
fixes #2114
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2115[v2.7] Xen Security Advisory 55 (CVE-2013-2194, CVE-2013-2195, CVE-2013-2196)...2019-07-23T14:20:35ZNatanael Copa[v2.7] Xen Security Advisory 55 (CVE-2013-2194, CVE-2013-2195, CVE-2013-2196) - Multiple vulnerabilities in libelf PV kernel handling——<s>BEGIN PGP SIGNED MESSAGE——</s>
Hash: SHA1
Xen Security Advisory CVE-2013-2194,CVE-2013-2195,CVE-2013-2196 /
XSA-55
version 5
Multiple vulnerabilities in libelf PV kernel handling
UPDATES IN VERSION 5
CVE numbers have been ...——<s>BEGIN PGP SIGNED MESSAGE——</s>
Hash: SHA1
Xen Security Advisory CVE-2013-2194,CVE-2013-2195,CVE-2013-2196 /
XSA-55
version 5
Multiple vulnerabilities in libelf PV kernel handling
UPDATES IN VERSION 5
CVE numbers have been assigned.
ISSUE DESCRIPTION
=
The ELF parser used by the Xen tools to read domains’ kernels and
construct domains has multiple integer overflows, pointer dereferences
based on calculations from unchecked input values, and other problems.
This corresponds to the following CVEs:
CVE-2013-2194 XEN XSA-55 integer overflows
CVE-2013-2195 XEN XSA-55 pointer dereferences
CVE-2013-2196 XEN XSA-55 other problems
IMPACT
==
A malicious PV domain administrator who can specify their own kernel
can escalate their privilege to that of the domain construction tools
(i.e., normally, to control of the host).
Additionally a malicious HVM domain administrator who is able to
supply their own firmware (“hvmloader”) can do likewise; however we
think this would be very unusual and it is unlikely that such
configurations exist in production systems.
VULNERABLE SYSTEMS
==
All Xen versions are affected.
Installations which only allow the use of trustworthy kernels for PV
domains are not affected.
MITIGATION
==
Ensuring that PV guests use only trustworthy kernels will avoid this
problem.
RESOLUTION
==
Applying the appropriate patch series will resolve this issue.
These were attached to v3 of the advisory which can be found here:
http://lists.xen.org/archives/html/xen-devel/2013-06/msg01626.html
These are available in xen.git
http://xenbits.xen.org/gitweb/?p=xen.git
git://xenbits.xen.org/xen.git
http://xenbits.xen.org/git-http/xen.git
in the git changesets listed below.
xen-unstable:
82cb4113b6ace16de192021de20f6cbd991e478f libxc: Better range check in
xc\_dom\_alloc\_segment
966070058d02cce9684e30073b61d6465e4b351c libxc: check blob size before
proceeding in xc\_dom\_check\_gzip
de7911eaef98b6643d80e4612fe4dcd4528d15b9 libxc: range checks in
xc\_dom\_p2m\_host
and \_guest
3d5a1d4733e55e33521cd5004cab1313e5c5d5ff libxc: check return values from
malloc
aaebaba5ae225f591e0602e071037a935bb281b6 libxc: check failure of
xc\_dom\_\*\_to\_ptr, xc\_map\_foreign\_range
2bcee4b3c316379f4b52cb308947eb6db3faf1a0 libxc: Add range checking to
xc\_dom\_binloader
66fe2726fe8492676f9970b9c2c511bce6186ece libelf: abolish obsolete
macros
39bf7b9d0ae534491745e54df5232127c0bddaf1 libelf: check loops for running
away
a004800f8fc607b96527815c8e3beabcb455d8e0 libelf: use only unsigned
integers
7a549a6aa04dba807f8dd4c1577ab6a7592c4c76 libelf: use C99 bool for
booleans
c84481fbc7de7d15ff7476b3b9cd2713f81feaa3 libelf: Make all callers call
elf\_check\_broken
943de71cf07d9d04ccb215bd46153b04930e9f25 libelf: Check pointer
references in
elf\_is\_elfbinary
65808a8ed41cc7c044f588bd6cab5af0fdc0e029 libelf: check all pointer
accesses
04877847ade4ac9216e9f408fd544ade8f90cf9a libelf: check nul-terminated
strings
properly
50421bd56bf164f490d7d0bf5741e58936de41e8 tools/xcutils/readnotes:
adjust
print\_l1\_mfn\_valid\_note
85256359995587df00001dca22e9a76ba6ea8258 libelf: introduce macros for
memory
access and pointer handling
95dd49bed681af93f71a401b0a35bf2f917c6e68
libelf/xc\_dom\_load\_elf\_symtab: Do not
use “syms” uninitialised
f7aa72ec00aec71eed055dac5e8a151966d75c9c libelf: move include of
<asm/guest\_access.h>to top of file
13e2c808f7ea721c8f200062e2b9b977ee924471 libelf: abolish elf\_sval and
elf\_access\_signed
009ddca51504ce80889937e485d44ac0f9290d63 libelf: add \`struct
elf\_binary\*’
parameter to elf\_load\_image
b5a869209998fedadfe205d37addbd50a802998b libxc: Fix range checking in
xc\_dom\_pfn\_to\_ptr etc.
53bfcf585b09eb4ac2240f89d1ade77421cd2451 libxc: introduce
xc\_dom\_seg\_to\_ptr\_pages
14573b974850d82de7aebad17e6471d27d847f2c libelf: abolish
libelf-relocate.c
Xen 4.2.x:
d21d36e84354c04638b60a739a5f7c3d9f8adaf8 libxc: Better range check in
xc\_dom\_alloc\_segment
2a548e22915535ac13694eb38222903bca7245e3 libxc: check blob size before
proceeding in xc\_dom\_check\_gzip
052a689aa526ca51fd70528d4b0f83dfb2de99c1 libxc: range checks in
xc\_dom\_p2m\_host
and \_guest
8dc90d163650ce8aa36ae0b46debab83cc61edb6 libxc: check return values from
malloc
77c0829fa751f052f7b8ec08287aef6e7ba97bc5 libxc: check failure of
xc\_dom\_\*\_to\_ptr, xc\_map\_foreign\_range
b06e277b1fc08c7da3befeb3ac3950e1d941585d libxc: Add range checking to
xc\_dom\_binloader
3baaa4ffcd3e7dd6227f9bdf817f90e5b75aeda2 libelf: abolish obsolete
macros
52d8cc2dd3bb3e0f6d51e00280da934e8d91653a libelf: check loops for running
away
e673ca50127b6c1263727aa31de0b8bb966ca7a2 libelf: use only unsigned
integers
3fb6ccf2faccaf5e22e33a3155ccc72d732896d8 libelf: use C99 bool for
booleans
a965b8f80388603d439ae2b8ee7b9b018a079f90 libelf: Make all callers call
elf\_check\_broken
d0790bdad7496e720416b2d4a04563c4c27e7b95 libelf: Check pointer
references in
elf\_is\_elfbinary
cc8761371aac432318530c2ddfe2c8234bc0621f libelf: check all pointer
accesses
db14d5bd9b6508adfcd2b910f454fae12fa4ba00 libelf: check nul-terminated
strings
properly
59f66d58180832af6b99a9e4489031b5c2f627ab tools/xcutils/readnotes:
adjust
print\_l1\_mfn\_valid\_note
40020ab55a1e9a1674ddecdb70299fab4fe8579d libelf: introduce macros for
memory
access and pointer handling
de9089b449d2508b1ba05590905c7ebaee00c8c4
libelf/xc\_dom\_load\_elf\_symtab: Do not
use “syms” uninitialised
682a04488e7b3bd6c3448ab60599566eb7c6177a libelf: move include of
<asm/guest\_access.h>to top of file
83ec905922b496e1a5756e3a88405eb6c2c6ba88 libelf: abolish elf\_sval and
elf\_access\_signed
035634047d10c678cbb8801c4263747bdaf4e5b1 libelf: add \`struct
elf\_binary\*’
parameter to elf\_load\_image
8c738fa5c1f3cfcd935b6191b3526f7ac8b2a5bd libxc: Fix range checking in
xc\_dom\_pfn\_to\_ptr etc.
a672da4b2d58ef12be9d7407160e9fb43cac75d9 libxc: introduce
xc\_dom\_seg\_to\_ptr\_pages
9737484becab4a25159f1e985700eaee89690d34 libelf: abolish
libelf-relocate.c
Xen 4.1.x:
ac63ddd70a5ccf5ebf790f06ea4cd4ed794c3978 libxc: check blob size before
proceeding in xc\_dom\_check\_gzip
6eca85d5c144ee8c899ee3cf8791f9087b15f2e8 libxc: range checks in
xc\_dom\_p2m\_host
and \_guest
a2986a7959919bc748784bb75970bfbd42697d3b libxc: check return values from
malloc
117a538dbef62f8d39159dea652e633e01b50a9a libxc: check failure of
xc\_dom\_\*\_to\_ptr, xc\_map\_foreign\_range
40b76f1fb04af421c1415f7bcb168dfaa6960d0d libxc: Add range checking to
xc\_dom\_binloader
4a3a60d8caee49af6951a672c55b08436a8d1f86 libelf: abolish obsolete
macros
968c0399159c65e24bb8b9969259e18791e1f4d8 libelf: check loops for running
away
282188ea84b9e0f9c4865f0609e7740f2f28e7b0 libxc: Introduce xc\_bitops.h
86e39ce58e91fe55d4fdbc914cb1955c45acc20e libelf: use only unsigned
integers
bd3dba9f435fa59f305407f7d9b34e1e164ddd98 libelf: use C99 bool for
booleans
44c74b1ed31c75ed9026abf62ab7427a46d8027a libelf: Make all callers call
elf\_check\_broken
9962d7ffcce97ec2d69a15ef861996b1ead33694 libelf: Check pointer
references in
elf\_is\_elfbinary
39923542bb43e67776c4e8292d4a5a1adef2bd3b libelf: check all pointer
accesses
8ce60b35beaac91a97b79c004ca6bf5d58e7390b libelf: check nul-terminated
strings
properly
4e46085972d2367dff2345a73361c1c17b47ce73 tools/xcutils/readnotes:
adjust
print\_l1\_mfn\_valid\_note
de49d6e83c3a8c753646b007972140ddbb746ba8 libelf: introduce macros for
memory
access and pointer handling
4d3339de1fe3cbf7b05487fdb6cadd7267950948
libelf/xc\_dom\_load\_elf\_symtab: Do not
use “syms” uninitialised
e719b136b750e5eee87c4647d1846e4e1e70eac0 libelf: abolish elf\_sval and
elf\_access\_signed
f7fb94409c562beec06094141ef262dc85f28dac libxc: Fix range checking in
xc\_dom\_pfn\_to\_ptr etc.
bbf40e6b6d47809f4289a866d7d167c25104ecc0 libxc: introduce
xc\_dom\_seg\_to\_ptr\_pages
64a0206c451920b72a9c5721a6f2427baf99e3dd libelf: abolish
libelf-relocate.c
——<s>BEGIN PGP SIGNATURE——</s>
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRwticAAoJEIP+FMlX6CvZFbEIAMjbI64TpgYSm3cRSFmdHol/
FC2d4mo/aeb8e24RCTnJvxP3oE+o1Oar5FGJi+AATDynzbqcuv7yK7iDQ9ZfwGm5
xZR+knkFKymWLsutb8uhDRT8eYCgmK8aQEXorvcjr69sxrxJascPGv4aHesNihxO
t4tRqRbqGhAzkm9Gm32LaVz3UYCW2ZRs4lxDBjtW5HmsugaOarCYNTqSpftAiAkn
XE8UChNUVO95PAJKRtmihLQ+TGJ9cyujBACrl6RsxdD8JZU6EP4rq7fccdzyqD6D
+c5pw859mtukyy56fwfP5Ji6G9O2VrrZyf4kq13V74SPZ/LV3VKDalfaVVItLGQ=
=RVh5
——<s>END PGP SIGNATURE——</s>
*(from redmine: issue id 2115, created on 2013-06-21, closed on 2013-07-03)*
* Relations:
* parent #2108
* Changesets:
* Revision f78e9dea47b7c130cb417d9826c984d8664f01ec by Natanael Copa on 2013-06-21T15:32:40Z:
```
main/xen: security fix (CVE-2013-2194,CVE-2013-2195,CVE-2013-2196)
fixes #2115
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2122[v2.7] Xen Security Advisory 57 - libxl allows guest write access to sensitiv...2019-07-23T14:20:26ZNatanael Copa[v2.7] Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys (CVE-2013-2211 )ISSUE DESCRIPTION
=
The libxenlight (libxl) toolstack library does not correctly set
permissions on xenstore keys relating to paravirtualised and emulated
serial console devices. This could allow a malicious guest
administrator ...ISSUE DESCRIPTION
=
The libxenlight (libxl) toolstack library does not correctly set
permissions on xenstore keys relating to paravirtualised and emulated
serial console devices. This could allow a malicious guest
administrator to change values in xenstore which the host later relies
on being implicitly trusted.
IMPACT
==
A malicious guest administrator can read and write any files in the
host filesystem which are accessible to the user id running the
xenconsole client binary. This may be the user id of a host
administrator who connects to the guest’s console or the user id of
any self service mechanism provided to guest administrators by the
host provider.
As well as reading and writing files an attacker with access to an HVM
guest can cause any PV or serial consoles to be connected to a variety
of network resources (sockets, udp connections) or other end points
(fifo, pipes) in the host file filesystem according to the privileges
granted to the qemu device model for that guest.
A malicious guest administrator can also redirect the VNC console
port of the guest to another port on the host. This may expose the VNC
port of other guests or of other firewalled services to an attack.
VULNERABLE SYSTEMS
==
All systems which use libxl as part of the toolstack are vulnerable.
libxl is present in Xen versions 4.0 onwards.
The major consumer of libxl functionality is the xl toolstack which
became the default in Xen 4.2.
In addition to this libvirt can optionally make use of libxl. This can
be queried with
\# virsh version
Which will report “xenlight” if libxl is in use. libvirt currently
prefers the xend backend if xend is running.
The xend and xapi toolstacks do not currently use libxl.
MITIGATION
==
Host administrators can start a domain paused and manually correct the
xenstore permissions of the relevant nodes.
A domain can be started in the paused state with xl by using
\# xl create -p <cfg>
A domain’s domid can then be determined with:
\# xl domid <name>
If using libvirt then virsh can be used instead:
\# virsh start —paused <name>
\# virsh domid <name>
For a domain $DOMID the following command will recursively correct the
permissions for the primary PV console:
\# xenstore-chmod -r /local/domain/$DOMID/console n0 r$DOMID
If the domain uses a device model stubdomain then it will also be
necessary to fix the permissions for the stubdomain. The stubdomain is
named “<name>-dm”. Assuming its domain ID is $DMDOM:
\# xenstore-chmod -r /local/domain/$DMDOM/console n0 r$DMDOM
In addition a stub domain has three secondary PV consoles which must
be
fixed, however in this case the “state” and “protocol” nodes along
with the device node itself should not be restricted. For each device
$D in \[1,2,3\]:
\# xenstore-chmod -r /local/domain/$DMDOM/device/console/$N n0 r$DMDOM
\# xenstore-chmod /local/domain/$DMDOM/device/console/$N/state n$DMDOM
r0
\# xenstore-chmod /local/domain/$DMDOM/device/console/$N/protocol
n$DMDOM r0
\# xenstore-chmod /local/domain/$DMDOM/device/console/$N n$DMDOM r0
The current permissions can be listed with
\# xenstore-ls -fp <PATH>
Once the permissions are fixed you may unpause the domain with
\# xl unpause <domain>
or with virsh:
\# virsh resume <domain>
The permissions can also be corrected on a live system if they are
then manually validated to be non-malicious.
See http://wiki.xen.org/wiki/XenBus\#Permissions for information on
the
permissions syntax.
RESOLUTION
==
Applying the appropriate attached patch resolves this issue.
xsa57-4.2.patch Xen 4.2.x
xsa57-4.1.patch Xen 4.1.x
xsa57-unstable.patch xen-unstable
$ sha256sum xsa57-\*.patch
428a1d42f4314404cde339a78a59422bf4f0590c4d16ea8adc83425fe5eede3d
xsa57-4.1.patch
b6a5106848541972519cc529859d9ff3083c79367276c7031560fa4ce6f9f770
xsa57-4.2.patch
d329f56c30f7a4f91906658ea661234d2ca31b74ee68257bf009072999b3d3ef
xsa57-unstable.patch
*(from redmine: issue id 2122, created on 2013-06-26, closed on 2013-07-03)*
* Relations:
* parent #2117
* Changesets:
* Revision 932f289cf129abc7a42e3160b4e30b2e720d0633 by Natanael Copa on 2013-06-26T11:48:01Z:
```
main/xen: fix xsa57 (CVE-2013-2211)
ref #2117
fixes #2122
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2129gcc specs files should be installed in gcc dir2019-07-23T14:20:19ZNatanael Copagcc specs files should be installed in gcc dirthe gcc specs files are installed in wrong directory:
dev32-edge:~/test$ export GCC_SPECS="vanilla.specs"
dev32-edge:~/test$ gcc hello.c
gcc: error: vanilla.specs: No such file or directory
To workaround:
dev32-edge:~...the gcc specs files are installed in wrong directory:
dev32-edge:~/test$ export GCC_SPECS="vanilla.specs"
dev32-edge:~/test$ gcc hello.c
gcc: error: vanilla.specs: No such file or directory
To workaround:
dev32-edge:~/test$ sudo cp /usr/share/gcc/* /usr/lib/gcc/i486-alpine-linux-uclibc/4.7.3/
dev32-edge:~/test$ export GCC_SPECS="vanilla.specs"
dev32-edge:~/test$ gcc hello.c
The gcc package should have installed the specs files there.
*(from redmine: issue id 2129, created on 2013-07-02, closed on 2013-07-10)*
* Changesets:
* Revision fd641092f593d069b998a466b54b882d9c8d7910 by Natanael Copa on 2013-07-03T09:30:15Z:
```
main/gcc: install gcc specs in proper location
and unify gcclibdir and gcclibexec variables
the specs fix should make the vanilla.specs work again.
fixes #2129
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2167[v2.7] CVE-2013-4130 spice: unsafe clients ring access abort2019-07-23T14:20:00ZNatanael Copa[v2.7] CVE-2013-4130 spice: unsafe clients ring access abortreference:
https://bugzilla.redhat.com/show\_bug.cgi?id=984769
*(from redmine: issue id 2167, created on 2013-07-19, closed on 2013-07-23)*
* Relations:
* parent #2159
* Changesets:
* Revision 5b9d90d339f52b93cbfcead950e13453080...reference:
https://bugzilla.redhat.com/show\_bug.cgi?id=984769
*(from redmine: issue id 2167, created on 2013-07-19, closed on 2013-07-23)*
* Relations:
* parent #2159
* Changesets:
* Revision 5b9d90d339f52b93cbfcead950e13453080f954c by Natanael Copa on 2013-07-19T15:00:24Z:
```
main/spice: security upgrade to 0.12.4 (CVE-2013-4130)
ref #2159
fixes #2167
```
* Revision c763478c8941f0bbcd4bfc70c3c5a7a2b19e120c by Natanael Copa on 2013-07-24T09:20:04Z:
```
main/ruby: security upgrade to 1.8.7_p374 (CVE-2013-4073)
ref #2164
fixes #2167
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2174[v2.7] bind: CVE-2013-4854: A specially crafted query can cause BIND to termi...2019-07-23T14:19:53ZNatanael Copa[v2.7] bind: CVE-2013-4854: A specially crafted query can cause BIND to terminate abnormallyCVE: CVE-2013-4854
Document Version: 2.0
Posting date: 26 July 2013
Program Impacted: BIND
Versions affected: 9.7.0<s><span style="text-align:right;">9.7.7,
9.8.0</span></s>&gt;9.8.5-P1, 9.9.0-&gt;9.9.3-P1, 9.8.6b1 and 9.9.4b1;
S...CVE: CVE-2013-4854
Document Version: 2.0
Posting date: 26 July 2013
Program Impacted: BIND
Versions affected: 9.7.0<s><span style="text-align:right;">9.7.7,
9.8.0</span></s>>9.8.5-P1, 9.9.0->9.9.3-P1, 9.8.6b1 and 9.9.4b1;
Subscription: 9.9.3-S1 and 9.9.4-S1b1
Severity: Critical
Exploitable: Remotely
### Description
A specially crafted query that includes malformed rdata can cause named
to terminate with an assertion failure while rejecting the malformed
query.
BIND 9.6 and BIND 9.6-ESV are unaffected by this problem. Earlier
branches of BIND 9 are believed to be unaffected but have not been
tested. BIND 10 is also unaffected by this issue.
Please Note: All versions of BIND 9.7 are known to be affected, but
these branches are beyond their “end of life” (EOL) and no longer
receive testing or security fixes from ISC. For current information on
which versions are actively supported, please see
http://www.isc.org/downloads/software-support-policy/bind-software-status/.
### Impact
Authoritative and recursive servers are equally vulnerable. Intentional
exploitation of this condition can cause a denial of service in all
nameservers running affected versions of BIND 9. Access Control Lists do
not provide any protection from malicious clients.
In addition to the named server, applications built using libraries from
the affected source distributions may crash with assertion failures
triggered in the same fashion.
CVSS Score: 7.8
CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to
obtain your specific environmental score please visit:
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)
### Workarounds
No known workarounds at this time.
### Active exploits
Crashes have been reported by multiple ISC customers. First observed in
the wild on 26 July 2013.
*(from redmine: issue id 2174, created on 2013-07-29, closed on 2013-07-30)*
* Relations:
* parent #2173
* Changesets:
* Revision 6f4a5f3bb411ea0521660bd0352684ec216fa575 by Natanael Copa on 2013-07-29T08:20:58Z:
```
main/bind: security upgrade to 9.9.3_p2 (CVE-2013-4854)
fixes #2174
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2180[v2.7] wireshark: upgrade to 1.10.1. fixes various security vulnerabilities2019-07-23T14:19:47ZNatanael Copa[v2.7] wireshark: upgrade to 1.10.1. fixes various security vulnerabilitiesWhat’s New
Bug Fixes
The following vulnerabilities have been fixed.
\* \[1\]wnpa-sec-2013-41
The DCP ETSI dissector could crash. (\[2\]Bug 8717)
Versions affected: 1.10.0, 1.8.0 to 1.8.7
\[3\]CVE-2013-4083
\* \[4\]wnpa-sec-2...What’s New
Bug Fixes
The following vulnerabilities have been fixed.
\* \[1\]wnpa-sec-2013-41
The DCP ETSI dissector could crash. (\[2\]Bug 8717)
Versions affected: 1.10.0, 1.8.0 to 1.8.7
\[3\]CVE-2013-4083
\* \[4\]wnpa-sec-2013-42
The P1 dissector could crash. Discovered by Laurent Butti.
(\[5\]Bug 8826)
Versions affected: 1.10.0
\[6\]CVE-2013-4920
\* \[7\]wnpa-sec-2013-43
The Radiotap dissector could crash. Discovered by Laurent
Butti. (\[8\]Bug 8830)
Versions affected: 1.10.0
\[9\]CVE-2013-4921
\* \[10\]wnpa-sec-2013-44
The DCOM ISystemActivator dissector could crash. Discovered
by Laurent Butti. (\[11\]Bug 8828)
Versions affected: 1.10.0
\[12\]CVE-2013-4922 \[13\]CVE-2013-4923 \[14\]CVE-2013-4924
\[15\]CVE-2013-4925 \[16\]CVE-2013-4926
\* \[17\]wnpa-sec-2013-45
The Bluetooth SDP dissector could go into a large loop.
Discovered by Laurent Butti. (\[18\]Bug 8831)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
\[19\]CVE-2013-4927
\* \[20\]wnpa-sec-2013-46
The Bluetooth OBEX dissector could go into an infinite
loop. (\[21\]Bug 8875)
Versions affected: 1.10.0
\[22\]CVE-2013-4928
\* \[23\]wnpa-sec-2013-47
The DIS dissector could go into a large loop. (\[24\]Bug
8911)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
\[25\]CVE-2013-4929
\* \[26\]wnpa-sec-2013-48
The DVB-CI dissector could crash. Discovered by Laurent
Butti. (\[27\]Bug 8916)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
\[28\]CVE-2013-4930
\* \[29\]wnpa-sec-2013-49
The GSM RR dissector (and possibly others) could go into a
large loop. (\[30\]Bug 8923)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
\[31\]CVE-2013-4931
\* \[32\]wnpa-sec-2013-50
The GSM A Common dissector could crash. (\[33\]Bug 8940)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
\[34\]CVE-2013-4932
\* \[35\]wnpa-sec-2013-51
The Netmon file parser could crash. Discovered by G.
Geshev. (\[36\]Bug 8742)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
\[37\]CVE-2013-4933 \[38\]CVE-2013-4934
\* \[39\]wnpa-sec-2013-52
The ASN.1 PER dissector could crash. Discovered by
Oliver-Tobias Ripka. (\[40\]Bug 8722)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
\[41\]CVE-2013-4935
\* \[42\]wnpa-sec-2013-53
The PROFINET Real-Time dissector could crash. (\[43\]Bug
8904)
Versions affected: 1.10.0
\[44\]CVE-2013-4936
http://www.wireshark.org/lists/wireshark-announce/201307/msg00000.html
*(from redmine: issue id 2180, created on 2013-07-29, closed on 2013-07-30)*
* Relations:
* parent #2179
* Changesets:
* Revision e49369a9fbba515630a272fdfb7538be9b8c57c2 by Natanael Copa on 2013-07-30T11:27:16Z:
```
main/wireshark: upgrade to 1.10.1
ref #2179
fixes #2180
Bug Fixes
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2013-41
The DCP ETSI dissector could crash. ([2]Bug 8717)
Versions affected: 1.10.0, 1.8.0 to 1.8.7
[3]CVE-2013-4083
* [4]wnpa-sec-2013-42
The P1 dissector could crash. Discovered by Laurent Butti.
([5]Bug 8826)
Versions affected: 1.10.0
[6]CVE-2013-4920
* [7]wnpa-sec-2013-43
The Radiotap dissector could crash. Discovered by Laurent
Butti. ([8]Bug 8830)
Versions affected: 1.10.0
[9]CVE-2013-4921
* [10]wnpa-sec-2013-44
The DCOM ISystemActivator dissector could crash. Discovered
by Laurent Butti. ([11]Bug 8828)
Versions affected: 1.10.0
[12]CVE-2013-4922 [13]CVE-2013-4923 [14]CVE-2013-4924
[15]CVE-2013-4925 [16]CVE-2013-4926
* [17]wnpa-sec-2013-45
The Bluetooth SDP dissector could go into a large loop.
Discovered by Laurent Butti. ([18]Bug 8831)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[19]CVE-2013-4927
* [20]wnpa-sec-2013-46
The Bluetooth OBEX dissector could go into an infinite
loop. ([21]Bug 8875)
Versions affected: 1.10.0
[22]CVE-2013-4928
* [23]wnpa-sec-2013-47
The DIS dissector could go into a large loop. ([24]Bug
8911)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[25]CVE-2013-4929
* [26]wnpa-sec-2013-48
The DVB-CI dissector could crash. Discovered by Laurent
Butti. ([27]Bug 8916)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[28]CVE-2013-4930
* [29]wnpa-sec-2013-49
The GSM RR dissector (and possibly others) could go into a
large loop. ([30]Bug 8923)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[31]CVE-2013-4931
* [32]wnpa-sec-2013-50
The GSM A Common dissector could crash. ([33]Bug 8940)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[34]CVE-2013-4932
* [35]wnpa-sec-2013-51
The Netmon file parser could crash. Discovered by G.
Geshev. ([36]Bug 8742)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[37]CVE-2013-4933 [38]CVE-2013-4934
* [39]wnpa-sec-2013-52
The ASN.1 PER dissector could crash. Discovered by
Oliver-Tobias Ripka. ([40]Bug 8722)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
[41]CVE-2013-4935
* [42]wnpa-sec-2013-53
The PROFINET Real-Time dissector could crash. ([43]Bug
8904)
Versions affected: 1.10.0
[44]CVE-2013-4936
http://www.wireshark.org/lists/wireshark-announce/201307/msg00000.html
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2184[v2.7] phpmyadmin several vulnerabilities2019-07-23T14:19:43ZPeter Kotcauer[v2.7] phpmyadmin several vulnerabilitiesreference:
http://www.openwall.com/lists/oss-security/2013/07/30/1
CVE-2013-4995
http://www.phpmyadmin.net/home\_page/security/PMASA-2013-8.php
CVE-2013-4996 , CVE-2013-4997
http://www.phpmyadmin.net/home\_page/security/PMASA-201...reference:
http://www.openwall.com/lists/oss-security/2013/07/30/1
CVE-2013-4995
http://www.phpmyadmin.net/home\_page/security/PMASA-2013-8.php
CVE-2013-4996 , CVE-2013-4997
http://www.phpmyadmin.net/home\_page/security/PMASA-2013-9.php
http://www.phpmyadmin.net/home\_page/security/PMASA-2013-11.php
CVE-2013-4998 , CVE-2013-4999 , CVE-2013-5000
http://www.phpmyadmin.net/home\_page/security/PMASA-2013-12.php
CVE-2013-5001
http://www.phpmyadmin.net/home\_page/security/PMASA-2013-13.php
CVE-2013-5002
http://www.phpmyadmin.net/home\_page/security/PMASA-2013-14.php
CVE-2013-5003
http://www.phpmyadmin.net/home\_page/security/PMASA-2013-15.php
*(from redmine: issue id 2184, created on 2013-07-31, closed on 2013-08-01)*
* Relations:
* parent #2183
* Changesets:
* Revision b6fd6a62542fc140d5d957f2e1820e1a06e6d5cf by Natanael Copa on 2013-08-01T13:07:24Z:
```
main/phpmyadmin: security upgrade to 4.0.4.2 (CVE-2013-4995,CVE-2013-4996,CVE-2013-4997,CVE-2013-4998,CVE-2013-4999,CVE-2013-5000,CVE-2013-5001,CVE-2013-5002,CVE-2013-5003)
fixes #2184
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2204[v2.7] Multiple security issues in libtiff (CVE-2013-1960 , CVE-2013-1961)2019-07-23T14:19:27ZPeter Kotcauer[v2.7] Multiple security issues in libtiff (CVE-2013-1960 , CVE-2013-1961)references:
https://access.redhat.com/security/cve/CVE-2013-1960
https://access.redhat.com/security/cve/CVE-2013-1961
Two flaws were reported to us in tiff2pdf utility shipped with the
libtiff library. Details as follows:
1. CVE-...references:
https://access.redhat.com/security/cve/CVE-2013-1960
https://access.redhat.com/security/cve/CVE-2013-1961
Two flaws were reported to us in tiff2pdf utility shipped with the
libtiff library. Details as follows:
1. CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with
malformed image-length and resolution
A stack-based buffer overflow was found in the way tiff2pdf, a TIFF
image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image
format
files, performed write of TIFF image content into particular PDF
document file, when malformed image-length and resolution values are
used in the TIFF file. A remote attacker could provide a specially-
crafted TIFF image format file, that when processed by tiff2pdf would
lead to tiff2pdf executable crash.
Reference: https://bugzilla.redhat.com/show\_bug.cgi?id=952131
2. CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in
t2\_process\_jpeg\_strip()
A heap-based buffer overflow flaw was found in the way tiff2pdf, a
TIFF
image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image
format
files, performed write of TIFF image content into particular PDF
document file, in the tp\_process\_jpeg\_strip() function. A remote
attacker could provide a specially-crafted TIFF image format file,
that
when processed by tiff2pdf would lead to tiff2pdf executable crash or,
potentially, arbitrary code execution with the privileges of the user
running the tiff2pdf binary.
Reference: https://bugzilla.redhat.com/show\_bug.cgi?id=952158
*(from redmine: issue id 2204, created on 2013-08-06, closed on 2013-08-29)*
* Relations:
* parent #2203
* Changesets:
* Revision c14e887330c5944f12ea9eb71a29774bf9a1f09a by Natanael Copa on 2013-08-07T14:21:11Z:
```
main/tiff: sec fixes from upstream (CVE-2012-4447,CVE-2012-4564,CVE-2013-1960,CVE-2013-1961)
ref #2203
fixes #2204
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2221Package request: Flashcache2019-07-23T14:19:11ZDennis PrzytarskiPackage request: Flashcachehttps://github.com/facebook/flashcache
\[15:55\]
&lt;`ncopa> then it would be nice if someone kicked the flashcache devs in the butt
[15:55] <`ncopa>to make a release
\[15:55\]
&lt;`ncopa> say that now that 3.10 is announced longterm,...https://github.com/facebook/flashcache
\[15:55\]
<`ncopa> then it would be nice if someone kicked the flashcache devs in the butt
[15:55] <`ncopa>to make a release
\[15:55\]
<`ncopa> say that now that 3.10 is announced longterm, would it be an idea to tag new release?
[15:56] <`ncopa>i’ll try make a v1.0\_git<date> release even if they
dont
Thanks!
*(from redmine: issue id 2221, created on 2013-08-13, closed on 2013-10-25)*
* Changesets:
* Revision b6a53db259db21259a6256d9c0dcb2a8be8b14c5 by Natanael Copa on 2013-08-15T13:25:45Z:
```
testing/flashcache-grsec: new aport
a general purpose writeback block cache for Linux
https://github.com/facebook/flashcache/
ref #2221
```
* Revision f3112215df0e91f7bcf786149d09da0ea360eb5e by Natanael Copa on 2013-08-15T14:03:27Z:
```
testing/flashcache-utils: new aport
Userspace utilities for flashcache
https://github.com/facebook/flashcache
ref #2221
```
* Revision 83507b0af1ff05a470d062769b4455e3e4ee2c6c by Natanael Copa on 2013-10-23T11:35:05Z:
```
main/flashcashe: moved from testing
fixes #2221
```
* Uploads:
* [flashcache-test.log](/uploads/a7794827da1e018c6d606626b95a1f39/flashcache-test.log)Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2222move drbd to main2019-07-23T14:19:10ZNatanael Copamove drbd to mainFrom: http://alpinelinux.org/comment/33\#comment-33
New drbd apk works with little mods.
Install apks:
apk add drbd
apk add perl (for “drbd-overview” command)
Edit drbd init script:
vi /etc/init.d/drbd
delete at line 33 and line ...From: http://alpinelinux.org/comment/33\#comment-33
New drbd apk works with little mods.
Install apks:
apk add drbd
apk add perl (for “drbd-overview” command)
Edit drbd init script:
vi /etc/init.d/drbd
delete at line 33 and line 43 the first word, “function”
It works!
Now it’s time to update, if you want, pacemaker and corosync apk!
(drbd+pacemaker is great!)
Thank you very much,
Giuseppe
*(from redmine: issue id 2222, created on 2013-08-13, closed on 2013-10-25)*
* Changesets:
* Revision 8ddd19ebf77c0fb29136d21b81033991f46a340c by Natanael Copa on 2013-10-18T19:47:59Z:
```
main/drbd: move from testing
fixes #2222
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2223Package request: gcc-ada2019-07-23T14:19:09ZDennis PrzytarskiPackage request: gcc-adaThere is no gcc-ada but gcc-go, -java and -objc.
*(from redmine: issue id 2223, created on 2013-08-13, closed on 2013-11-04)*
* Uploads:
* [gcc-gnat-test.log](/uploads/1a73eb3ab856adcf429ea41401f3c14e/gcc-gnat-test.log)There is no gcc-ada but gcc-go, -java and -objc.
*(from redmine: issue id 2223, created on 2013-08-13, closed on 2013-11-04)*
* Uploads:
* [gcc-gnat-test.log](/uploads/1a73eb3ab856adcf429ea41401f3c14e/gcc-gnat-test.log)Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2227Request for package: notes manager2019-07-23T14:19:03ZV KrishnRequest for package: notes managerI found some nice textbased/commandline notes manager.
devtodo - http://swapoff.org/DevTodo
note - http://www.daemon.de/NOTE
task - http://taskwarrior.org (cool)
Please evaluate them as which can be best/easily be build for alpine...I found some nice textbased/commandline notes manager.
devtodo - http://swapoff.org/DevTodo
note - http://www.daemon.de/NOTE
task - http://taskwarrior.org (cool)
Please evaluate them as which can be best/easily be build for alpine.
*(from redmine: issue id 2227, created on 2013-08-26, closed on 2013-10-31)*
* Changesets:
* Revision ccb96e9ddc75695902c8306821504da0e59ce54f by Natanael Copa on 2013-08-28T14:24:15Z:
```
testing/task: new aport
A command-line to do list manager
http://taskwarrior.org
ref #2227
```
* Revision 6b85d6b99939dec708c3a1a27dd4647aa60c7afa by Natanael Copa on 2013-10-30T13:20:06Z:
```
main/task: moved from testing
fixes #2227
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2230[2.7] PHP CVE-2013-4113 CVE-2013-42482019-07-23T14:19:00ZPeter Kotcauer[2.7] PHP CVE-2013-4113 CVE-2013-4248The PHP development team announces the immediate availability of PHP
5.4.18. About 30 bugs were fixed, including security issues
CVE-2013-4113 and CVE-2013-4248. All users of PHP are encouraged to
upgrade to this release.
v 5.4.19 chang...The PHP development team announces the immediate availability of PHP
5.4.18. About 30 bugs were fixed, including security issues
CVE-2013-4113 and CVE-2013-4248. All users of PHP are encouraged to
upgrade to this release.
v 5.4.19 changelog:
Fixed UMR in fix for CVE-2013-4248
*(from redmine: issue id 2230, created on 2013-08-29, closed on 2013-08-30)*
* Relations:
* parent #2228
* Changesets:
* Revision a14adf155f31301c8e578831c7bfdce26d63f6f9 by Natanael Copa on 2013-08-30T14:09:29Z:
```
main/php: security upgrade to 5.4.19 (CVE-2013-4113,CVE-2013-4248)
fixes #2230
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2232[2.7] cacti CVE-2013-1434, CVE-2013-14352019-07-23T14:18:58ZPeter Kotcauer[2.7] cacti CVE-2013-1434, CVE-2013-1435Two security issues (SQL injection and command line injection via SNMP
settings) were found in Cacti, a web interface for graphing of
monitoring
systems.
*(from redmine: issue id 2232, created on 2013-08-29, closed on 2013-08-30)*
...Two security issues (SQL injection and command line injection via SNMP
settings) were found in Cacti, a web interface for graphing of
monitoring
systems.
*(from redmine: issue id 2232, created on 2013-08-29, closed on 2013-08-30)*
* Relations:
* parent #2231Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2239[2.7]lcms CVE-2013-42762019-07-23T14:18:52ZPeter Kotcauer[2.7]lcms CVE-2013-4276references:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682
https://bugzilla.redhat.com/show\_bug.cgi?id=991757\#attach\_783274
https://bugzilla.redhat.com/show\_bug.cgi?id=991757
*(from redmine: issue id 2239, created on...references:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682
https://bugzilla.redhat.com/show\_bug.cgi?id=991757\#attach\_783274
https://bugzilla.redhat.com/show\_bug.cgi?id=991757
*(from redmine: issue id 2239, created on 2013-08-29, closed on 2013-08-30)*
* Relations:
* parent #2237
* Changesets:
* Revision 54ea48c2d606ad7dc278b7c9f6e72cf4b11ed9ca by Natanael Copa on 2013-08-30T12:00:24Z:
```
main/lcms: fix CVE-2013-4276
fixes #2239
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2245create www-data group and add webservers to that group2019-07-23T14:18:48ZNatanael Copacreate www-data group and add webservers to that groupsome web apps needs that the webserver has write permissions to some
dirs. Rather thatn let user chown it manually on install and on each
upgrade, lets have a group www-data so we can ship the package with the
correct permissions.
*(fr...some web apps needs that the webserver has write permissions to some
dirs. Rather thatn let user chown it manually on install and on each
upgrade, lets have a group www-data so we can ship the package with the
correct permissions.
*(from redmine: issue id 2245, created on 2013-09-03, closed on 2013-10-31)*
* Changesets:
* Revision 5f23cebed477095dfe3c76034f155f7b1974bd7b by Natanael Copa on 2013-10-28T11:36:45Z:
```
main/alpine-baselayout: rename slocate to locate and add www-data group
ref #2245
http://lists.alpinelinux.org/alpine-devel/3282.html
```
* Revision e15798a4740c90d3f79e32dfd8fcb4baf0249018 by Natanael Copa on 2013-10-28T13:07:25Z:
```
main/lighttpd: add lighttpd to www-data group
and make sure www-data is created on upgrade
ref #2245
```
* Revision 71f74b583df0e1be3189e91c3e19ff58c975dea7 by Natanael Copa on 2013-10-28T13:07:25Z:
```
main/apache2: add www-data group if its missing
ref #2245
```
* Revision c5b7fe019808ce1a437895a65816f8d2b13ec79d by Natanael Copa on 2013-10-28T13:07:25Z:
```
main/nginx: create and use an nginx user and www-data group
ref #2245
```
* Revision 885bc1016470602807358582dcd1c336bda5c06d by Natanael Copa on 2013-12-02T16:25:14Z:
```
main/mkinitfs: fix lvm dep
fixes #2245
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2246owncloud: move writeable dirs to /var2019-07-23T14:18:47ZNatanael Copaowncloud: move writeable dirs to /varthe wiki says that /usr/share/webapps/owncloud/apps needs write
permissions. We should move it to /var/lib/owncloud/apps and create
symlink(s) so /usr can be read-only
*(from redmine: issue id 2246, created on 2013-09-03, closed on 201...the wiki says that /usr/share/webapps/owncloud/apps needs write
permissions. We should move it to /var/lib/owncloud/apps and create
symlink(s) so /usr can be read-only
*(from redmine: issue id 2246, created on 2013-09-03, closed on 2013-10-02)*Alpine 2.7.0Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2258setup-bootable should not modify alpine_dev by default with -u switch2019-07-23T14:18:37ZJeff Bilykjbilyk@gmail.comsetup-bootable should not modify alpine_dev by default with -u switchBy default, setup-bootable replaces alpine\_dev with uuid, which can
break apk cache on upgrades if the mountpoint isn’t specified in
/etc/fstab. The -k switch offers a fix, but I believe this should be the
default behaviour.
*(from re...By default, setup-bootable replaces alpine\_dev with uuid, which can
break apk cache on upgrades if the mountpoint isn’t specified in
/etc/fstab. The -k switch offers a fix, but I believe this should be the
default behaviour.
*(from redmine: issue id 2258, created on 2013-09-16, closed on 2013-10-31)*
* Relations:
* duplicates #1337
* Changesets:
* Revision 040617e7fdd342de7f0d3bd9401535729a675a8e by Natanael Copa on 2013-10-29T17:04:57Z:
```
setup-bootable: don't replace alpine_dev with UUID by default
fixes #2258
```
* Revision e33edf913f9bc27bf416ce94ee505dc2e31632c1 by Natanael Copa on 2013-10-30T11:26:58Z:
```
main/alpine-conf: upgrade to 2.14.0
fixes #2258
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2259sipp causes busybox vi go nuts2019-07-23T14:18:36ZNatanael Copasipp causes busybox vi go nutsto reproduce:
apk add sipp
sipp -sn uac 127.0.0.1
press ctrl-c
vi anyfile.txt
results with:
vi: can’t read user input
*(from redmine: issue id 2259, created on 2013-09-18, closed on 2013-10-02)*
* Changesets:
* Revision 32610...to reproduce:
apk add sipp
sipp -sn uac 127.0.0.1
press ctrl-c
vi anyfile.txt
results with:
vi: can’t read user input
*(from redmine: issue id 2259, created on 2013-09-18, closed on 2013-10-02)*
* Changesets:
* Revision 326109d8c7653579121de2b8737dfe487e5a436e by Natanael Copa on 2013-09-24T08:34:42Z:
```
main/sipp: reset stdin on exit
fixes #2259
upstream: https://sourceforge.net/p/sipp/bugs/123/
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2261'ruby' package is worthless without 'ruby-gems'2019-07-23T14:18:33ZA. Wilcox'ruby' package is worthless without 'ruby-gems'### Environment
New server with freshly downloaded Alpine 2.6.4 mini ISO.
Linux ind-web010 3.10.10-1-grsec #2-Alpine SMP Tue Sep 3 07:05:53 UTC 2013 x86_64 Linux
### Issue
Adding the ‘ruby’ package installs an interpreter that ca...### Environment
New server with freshly downloaded Alpine 2.6.4 mini ISO.
Linux ind-web010 3.10.10-1-grsec #2-Alpine SMP Tue Sep 3 07:05:53 UTC 2013 x86_64 Linux
### Issue
Adding the ‘ruby’ package installs an interpreter that cannot be
started.
### Steps to reproduce
ind-web010:~# apk add ruby
(1/7) Installing libffi (3.0.13-r0)
(2/7) Installing gdbm (1.10-r0)
(3/7) Installing ncurses-base (5.9-r1)
(4/7) Installing ncurses-libs (5.9-r1)
(5/7) Installing readline (6.2.004-r0)
(6/7) Installing ruby-libs (2.0.0_p247-r0)
(7/7) Installing ruby (2.0.0_p247-r0)
Executing busybox-1.21.1-r0.trigger
Executing uclibc-utils-0.9.33.2-r21.trigger
OK: 332 MiB in 86 packages
ind-web010:~# ruby
/usr/lib/ruby/2.0.0/rubygems.rb:15:in `require': cannot load such file -- rubygems/compatibility (LoadError)
from /usr/lib/ruby/2.0.0/rubygems.rb:15:in `<top (required)>'
from <internal:gem_prelude>:1:in `require'
from <internal:gem_prelude>:1:in `<compiled>'
ind-web010:~#
### Suggested fix
Add the ‘ruby-gems’ package as a dependency of ‘ruby’, as installing
this package fixes the issue:
ind-web010:~# apk add ruby-gems
(1/1) Installing ruby-gems (2.0.0_p247-r0)
Executing busybox-1.21.1-r0.trigger
Executing uclibc-utils-0.9.33.2-r21.trigger
OK: 333 MiB in 87 packages
ind-web010:~# ruby
puts "yay"
^D
yay
ind-web010:~#
*(from redmine: issue id 2261, created on 2013-09-24, closed on 2013-10-02)*
* Changesets:
* Revision 6e6c8a53bccc83eee29da01b305739ef5ccfa41a by Natanael Copa on 2013-09-26T14:07:01Z:
```
main/ruby: remove ruby-gems subpackage
ruby does not work witout it
fixes #2261
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2277extra files in perl-dbd-sqlite2019-07-23T14:18:24ZV Krishnextra files in perl-dbd-sqliteperl-dbd-sqlite.apk in 2.6.x has .c/.h files
I think same issue in edge/main
This makes the file size
v2.6/main/x86/perl-dbd-sqlite-1.37-r0.apk - 1.8M
If those files are needed can they be moved to
perl-dbd-sqlite-dev ?
*(from...perl-dbd-sqlite.apk in 2.6.x has .c/.h files
I think same issue in edge/main
This makes the file size
v2.6/main/x86/perl-dbd-sqlite-1.37-r0.apk - 1.8M
If those files are needed can they be moved to
perl-dbd-sqlite-dev ?
*(from redmine: issue id 2277, created on 2013-10-09, closed on 2013-10-25)*
* Changesets:
* Revision 86345a32f811c11e79e43c8b76cf00ffa3cb3f94 by Natanael Copa on 2013-10-17T08:36:04Z:
```
main/perl-dbd-sqlite: split out -dev subpackage and use system sqlite
ref #2277
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2278acf broken in 'edge'2019-07-23T14:18:23ZMika Havelaacf broken in 'edge'ACF now complains:
haserl CGI Error
/usr/share/lua/5.1/posix.lua:5: module 'bit' not found:
no field package.preload['bit']
no file './bit.lua'
no file '/usr/local/share/lua/5.1/bit.lua'
no file ...ACF now complains:
haserl CGI Error
/usr/share/lua/5.1/posix.lua:5: module 'bit' not found:
no field package.preload['bit']
no file './bit.lua'
no file '/usr/local/share/lua/5.1/bit.lua'
no file '/usr/local/share/lua/5.1/bit/init.lua'
no file '/usr/local/lib/lua/5.1/bit.lua'
no file '/usr/local/lib/lua/5.1/bit/init.lua'
no file '/usr/share/lua/5.1/bit.lua'
no file '/usr/share/lua/5.1/bit/init.lua'
no file './bit.so'
no file '/usr/local/lib/lua/5.1/bit.so'
no file '/usr/lib/lua/5.1/bit.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
*(from redmine: issue id 2278, created on 2013-10-10, closed on 2013-10-16)*
* Changesets:
* Revision 3c2b28a3f1ff8568d0bcd163f8d2c9c192e7c3cb by Natanael Copa on 2013-10-10T14:26:54Z:
```
main/lua-posix: the 5.1 version needs lua-bitlib
fixes #2278
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2280tmux split panel display error2019-07-23T14:18:21ZV Krishntmux split panel display errorHow to recreate issue:
1. install awesome in v2.6.5 (qemu)
2. install tmux aterm
3. Split the pane into two in aterm/tmux, ->**this show text
character instead on line**
4. same issue with rxvt/mrxvt
Note: display works ok in co...How to recreate issue:
1. install awesome in v2.6.5 (qemu)
2. install tmux aterm
3. Split the pane into two in aterm/tmux, ->**this show text
character instead on line**
4. same issue with rxvt/mrxvt
Note: display works ok in console
*(from redmine: issue id 2280, created on 2013-10-14, closed on 2013-11-05)*
* Changesets:
* Revision 6e4a21f72c03d48d0a14f3fc5e50351ee12c0318 by Natanael Copa on 2013-11-04T17:09:08Z:
```
main/aterm: removed. dead upstream
fixes #2280
```Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2283The version of Bluez used in Alpine is not supported anymore.2019-07-23T14:18:19ZalgitbotThe version of Bluez used in Alpine is not supported anymore.Dear Alpine Linux Team,
No doubt, many of us have appreciated that you have included support for
Bluetooth, or Bluez in Alpine Linux.
As the version of Bluez used in Alpine is not supported anymore and new
version is recommended...Dear Alpine Linux Team,
No doubt, many of us have appreciated that you have included support for
Bluetooth, or Bluez in Alpine Linux.
As the version of Bluez used in Alpine is not supported anymore and new
version is recommended, we would like to kindly ask you to include Bluez
5 (5.9 at the moment) in Alpine Linux. It will improve Bluetooth
connection with many devices.
Thank you very much.
Sasha
*(from redmine: issue id 2283, created on 2013-10-16, closed on 2013-10-31)*Alpine 2.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2289Fixes to /etc/profile.d mechanism2019-07-23T14:18:14ZLeslie PolzerFixes to /etc/profile.d mechanismWith SHELL=/bin/zsh and no \*.sh files in /etc/profile.d, execution of
/etc/profile produces a warning:
/etc/profile:8: no matches found: /etc/profile.d/*.sh
Moreover, alpine-baselayout installs /etc/profile.d/color\_prompt which
b...With SHELL=/bin/zsh and no \*.sh files in /etc/profile.d, execution of
/etc/profile produces a warning:
/etc/profile:8: no matches found: /etc/profile.d/*.sh
Moreover, alpine-baselayout installs /etc/profile.d/color\_prompt which
breaks the implied assumption that /etc/profile.d should contain files
ending in \*.sh.
When alpine-baselayout is fixed then /etc/profile can be adjusted to zsh
by changing the for loop to something like that:
if [ `ls -A1 /etc/profile.d/ | wc -l` -gt 0 ]; then
for script in /etc/profile.d/*.sh; do
if [ -r $script ]; then
. $script
fi
done
fi
*(from redmine: issue id 2289, created on 2013-10-21, closed on 2013-10-31)*
* Changesets:
* Revision 4f46a13f4eeec20f9200dfd07b299c9dd816d7ed by Natanael Copa on 2013-10-28T14:19:33Z:
```
main/alpine-baselayout: add comment to color_prompt
We tell that it needs to be renamed to be enabled.
ref #2289
```
* Revision df455ba2f5cd552ecee941ed11d8b468753f43a0 by Natanael Copa on 2013-10-28T14:34:10Z:
```
main/zsh: ship a separate zprofile for zsh
fixes #2289
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2291SLiM creates nasty systemd service2019-07-23T14:18:13Zfreedomrun freedomrunSLiM creates nasty systemd serviceInstallation of SLiM - Simple Login Manager creates nasty systemd
services. (I hope alpine will stay with OpenRC)
file created by package:
/usr/usr/lib/systemd/system/slim.service
content of file:
\[Unit\]
Description=SLiM Simple ...Installation of SLiM - Simple Login Manager creates nasty systemd
services. (I hope alpine will stay with OpenRC)
file created by package:
/usr/usr/lib/systemd/system/slim.service
content of file:
\[Unit\]
Description=SLiM Simple Login Manager
After=systemd-user-sessions.service
\[Service\]
ExecStart=/usr/bin/slim -nodaemon
\[Install\]
Alias=display-manager.service
*(from redmine: issue id 2291, created on 2013-10-21, closed on 2013-10-31)*
* Changesets:
* Revision 5ca3aa8cbfb7b3ef110cb620b7acd6b794f364fd by Natanael Copa on 2013-10-25T14:51:10Z:
```
main/slim: remove unused systemd service
fixes #2291
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2292Samba 4.1 is missing library libtevent.so.02019-07-23T14:18:12Zfreedomrun freedomrunSamba 4.1 is missing library libtevent.so.0apk add samba (it installs and at the first sight looks ok)
Trying to start samba v4.1 looks like this:
1. /etc/init.d/samba start
\* Starting smbd …
/usr/sbin/smbd: can’t load library ‘libtevent.so.0’
\* start-stop-...apk add samba (it installs and at the first sight looks ok)
Trying to start samba v4.1 looks like this:
1. /etc/init.d/samba start
\* Starting smbd …
/usr/sbin/smbd: can’t load library ‘libtevent.so.0’
\* start-stop-daemon: failed to start \`/usr/sbin/smbd’ \[ !! \]
\* Starting nmbd …
/usr/sbin/nmbd: can’t load library ‘libtevent.so.0’
\* start-stop-daemon: failed to start \`/usr/sbin/nmbd’ \[ !! \]
\* ERROR: samba failed to start
—-
Indeed I tried to start without configuring /etc/samba/smb.conf file
first but the system complains on missing library so I\`ve started
to research
cd /usr/lib
inside there are only 2 files related to name:
libtevent-util.so.0
libtevent-util.so.0.0.1
apk search libtevent
samba-3.6.19-r0
samba-libs-4.1.0-r0
…as you can see apk reports these 2 packages holds “libtevent” but it
obviously shows everything that holds something that starts with
“libtevet” even that could mean “libtevent-util.so.0” &
“libtevent-util.so.0.0.1”
apk add samba-libs (installs ok, but the required file is not in the
package)
So I did a bit of search and found that some distros pack it as a
separate package.
I think we\`re missing this package:
http://pkgs.org/altlinux-sisyphus/classic-i586/libtevent-0.9.19-alt1.i586.rpm.html
(for 32bit & 64bit) which provides /usr/lib/libtevent.so.0 ..
for now this is what we have:
1. apk add libtevent
ERROR: unsatisfiable constraints:
libtevent (missing):
required by: world\[libtevent\]
s.
also just to note that in /etc/samba there is no default smb.conf file
Sorry if I didn\`t use all apk commands or all alpine scripts that could
help to explain this better, I\`m still learning to use Alpine Linux.
Best regards
*(from redmine: issue id 2292, created on 2013-10-21, closed on 2013-11-04)*
* Changesets:
* Revision f5ebfdab3142c5e4a565a030889c7a2deb079603 by Natanael Copa on 2013-10-31T16:17:16Z:
```
testing/samba: use system tevent, iniparser, subunit and heimdal
fixes #2292
```Alpine 2.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2295talloc an python2019-07-23T14:18:09ZJovan Radukintalloc an pythonPackage talloc shouldn’t depend on python py-talloc should?
*(from redmine: issue id 2295, created on 2013-11-03, closed on 2013-11-08)*
* Changesets:
* Revision 5aa7405989643fba210e50179fcc92cc37acdcb3 by Natanael Copa on 2013-11-0...Package talloc shouldn’t depend on python py-talloc should?
*(from redmine: issue id 2295, created on 2013-11-03, closed on 2013-11-08)*
* Changesets:
* Revision 5aa7405989643fba210e50179fcc92cc37acdcb3 by Natanael Copa on 2013-11-04T15:22:30Z:
```
main/talloc: move libpytalloc-util to py-talloc
se we dont pull in python
ref #2295
```Alpine 2.7.0