aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2020-11-04T07:21:41Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12067open-iscsi 2.1.0 broken with CHAP md52020-11-04T07:21:41ZHenrik Riomaropen-iscsi 2.1.0 broken with CHAP md5The CHAP support in 2.1.0 does not work with CHAP md5, used by for instance tgtd and Synology.
This was fixed in 2.1.1 with the following PR:
https://github.com/open-iscsi/open-iscsi/pull/182
Upstream issue:
https://github.com/open-i...The CHAP support in 2.1.0 does not work with CHAP md5, used by for instance tgtd and Synology.
This was fixed in 2.1.1 with the following PR:
https://github.com/open-iscsi/open-iscsi/pull/182
Upstream issue:
https://github.com/open-iscsi/open-iscsi/issues/180
Please backport 2.1.2 from edge to v3.12 and v3.11 (where 2.1.0 was introduced)3.11.7Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11982mbedtls: local side channel attack on classical CBC decryption in (D)TLS (CVE...2020-09-28T10:24:50ZAlicha CHmbedtls: local side channel attack on classical CBC decryption in (D)TLS (CVE-2020-16150)A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference ...A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.
#### Fixed In Version:
mbedtls 2.24.0, 2.16.8 or 2.7.17
#### References:
* https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
* https://nvd.nist.gov/vuln/detail/CVE-2020-16150
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable3.12.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11972xen: Multiple vulnerabilities (CVE-2020-25602, CVE-2020-25598, CVE-2020-25604...2020-09-24T06:41:02ZMogens Jensenxen: Multiple vulnerabilities (CVE-2020-25602, CVE-2020-25598, CVE-2020-25604, CVE-2020-25595, CVE-2020-25597, CVE-2020-25596, CVE-2020-25603, CVE-2020-25600, CVE-2020-25599, CVE-2020-25601)### CVE-2020-25602, XSA-333: Crash when handling guest access to MSR_MISC_ENABLE
4.11 and higher are affected
#### References
* http://xenbits.xen.org/xsa/advisory-333.html
* https://xenbits.xen.org/xsa/xsa333.patch
### CVE-2020-...### CVE-2020-25602, XSA-333: Crash when handling guest access to MSR_MISC_ENABLE
4.11 and higher are affected
#### References
* http://xenbits.xen.org/xsa/advisory-333.html
* https://xenbits.xen.org/xsa/xsa333.patch
### CVE-2020-25598, XSA-334: Missing unlock in XENMEM_acquire_resource error path
Only 4.14 and later is vulnerable. 4.12 and 4.13 are affected, but not vulnerable to the DoS
#### References
* http://xenbits.xen.org/xsa/advisory-334.html
* https://xenbits.xen.org/xsa/xsa334.patch
* https://xenbits.xen.org/xsa/xsa334-4.12.patch
### CVE-2020-25604, XSA-336: race when migrating timers between x86 HVM vCPU-s
All versions are affected.
#### References
* http://xenbits.xen.org/xsa/advisory-336.html
* https://xenbits.xen.org/xsa/xsa336.patch
* https://xenbits.xen.org/xsa/xsa336-4.11.patch
### CVE-2020-25595, XSA-337: PCI passthrough code reading back hardware registers
All version of Xen (that support PCI passthrough)
#### References
* http://xenbits.xen.org/xsa/advisory-337.html
* https://xenbits.xen.org/xsa/xsa337/xsa337-1.patch
* https://xenbits.xen.org/xsa/xsa337/xsa337-2.patch
* https://xenbits.xen.org/xsa/xsa337/xsa337-4.12-1.patch
* https://xenbits.xen.org/xsa/xsa337/xsa337-4.12-2.patch
* https://xenbits.xen.org/xsa/xsa337/xsa337-4.13-1.patch
* https://xenbits.xen.org/xsa/xsa337/xsa337-4.13-2.patch
### CVE-2020-25597, xsa-338: once valid event channels may not turn invalid
Version 4.4 and higher are vulnerable
#### References:
* http://xenbits.xen.org/xsa/advisory-338.html
* https://xenbits.xen.org/xsa/xsa338.patch
### CVE-2020-25596, XSA-339: x86 pv guest kernel DoS via SYSENTER
Version 3.2 and higher are vulnerable
#### References
* http://xenbits.xen.org/xsa/advisory-339.html
* https://xenbits.xen.org/xsa/xsa339.patch
### CVE-2020-25603, XSA-340: Missing memory barriers when accessing/allocating an event channel
All version of Xen as vulnerable
#### References
* http://xenbits.xen.org/xsa/advisory-340.html
* https://xenbits.xen.org/xsa/xsa340.patch
### CVE-2020-25600, XSA-342: out of bounds event channels available to 32-bit x86 domains
Version 4.4 and higher are vulnerable
#### References
* http://xenbits.xen.org/xsa/advisory-342.html
* https://xenbits.xen.org/xsa/xsa342.patch
* https://xenbits.xen.org/xsa/xsa342-4.13.patch
### CVE-2020-25599, XSA-343: races with evtchn_reset()
Version 4.5 and higher are vulnerable.
#### References
* http://xenbits.xen.org/xsa/advisory-343.html
* https://xenbits.xen.org/xsa/xsa343/xsa343-1.patch
* https://xenbits.xen.org/xsa/xsa343/xsa343-2.patch
* https://xenbits.xen.org/xsa/xsa343/xsa343-3.patch
* https://xenbits.xen.org/xsa/xsa343/xsa343-4.11-1.patch
* https://xenbits.xen.org/xsa/xsa343/xsa343-4.11-2.patch
* https://xenbits.xen.org/xsa/xsa343/xsa343-4.11-3.patch
* https://xenbits.xen.org/xsa/xsa343/xsa343-4.12-1.patch
* https://xenbits.xen.org/xsa/xsa343/xsa343-4.12-2.patch
* https://xenbits.xen.org/xsa/xsa343/xsa343-4.12-3.patch
### CVE-2020-25601, XSA-344: lack of preemption in evtchn_reset() / evtchn_destroy()
#### References
* http://xenbits.xen.org/xsa/advisory-344.html
* https://xenbits.xen.org/xsa/xsa344/xsa344-1.patch
* https://xenbits.xen.org/xsa/xsa344/xsa344-2.patch
* https://xenbits.xen.org/xsa/xsa344/xsa344-4.11-1.patch
* https://xenbits.xen.org/xsa/xsa344/xsa344-4.11-2.patch
* https://xenbits.xen.org/xsa/xsa344/xsa344-4.12-1.patch
* https://xenbits.xen.org/xsa/xsa344/xsa344-4.12-2.patch
* https://xenbits.xen.org/xsa/xsa344/xsa344-4.13-1.patch
* https://xenbits.xen.org/xsa/xsa344/xsa344-4.13-2.patch
### Branches
* [x] master (f48590ae54ca9e0c3bf6b3fae3e6b065f14223e3)
* [x] 3.12-stable (3c903518cc8e34dbbf1e83f9c3c19a586ede964f)
* [x] 3.11-stable (cd21dfead0f06e405f9afd20a4c4e91f7e069c85)
* [x] 3.10-stable (d6ceee47a2ff149fd36100bea035249983f57585)
* [x] 3.9-stable (dbaf4fe21663efcf06e4a5b287383035b36a2106)3.12.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/11893qemu: out-of-bounds r/w access issue while processing usb packets (CVE-2020-1...2020-09-24T04:53:18ZDaniel Nériqemu: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364, XSA-335)Vulnerable packages:
* [community/qemu](https://www.openwall.com/lists/oss-security/2020/08/24/3)
* [main/xen](https://xenbits.xen.org/xsa/advisory-335.html)
## Affected branches
### Xen
* [x] master
* [x] 3.12-stable
* [x] 3.11-stabl...Vulnerable packages:
* [community/qemu](https://www.openwall.com/lists/oss-security/2020/08/24/3)
* [main/xen](https://xenbits.xen.org/xsa/advisory-335.html)
## Affected branches
### Xen
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
### Qemu
* [x] master
* [x] 3.12-stable3.12.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/11871qt5-qtbase: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp (C...2021-02-23T19:45:46ZAlicha CHqt5-qtbase: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp (CVE-2020-17507)An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-17507
### Affected bra...An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-17507
### Affected branches:
* [x] master
* [x] 3.12-stable3.12.1Bart RibbersBart Ribbershttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11870postgresql: Multiple vulnerabilities (CVE-2020-14349, CVE-2020-14350)2020-09-08T09:48:43ZAlicha CHpostgresql: Multiple vulnerabilities (CVE-2020-14349, CVE-2020-14350)### CVE-2020-14349: uncontrolled search path element in logical replication
The PostgreSQL search_path setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided cli...### CVE-2020-14349: uncontrolled search path element in logical replication
The PostgreSQL search_path setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize search_path, but logical replication continued to leave search_path unchanged. Users of a replication publisher or subscriber database can create objects in the "public" schema and harness them to execute arbitrary SQL functions under the identity running replication, often a superuser. Installations having adopted a documented "secure schema usage pattern" are not vulnerable.
#### Fixed In Version:
postgresql 12.4, postgresql 11.9, postgresql 10.14
#### References:
* https://www.postgresql.org/about/news/2060/
* https://security-tracker.debian.org/tracker/CVE-2020-14349
#### Patches:
* https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=11da97024abbe76b8c81e3f2375b2a62e9717c67
* https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc
### CVE-2020-14350: uncontrolled search path element in CREATE EXTENSION
When a superuser issues certain CREATE EXTENSION statements, users may be able to execute arbitrary SQL functions under the identity of that superuser. The attacker must have permission to create objects in the new extension's schema or a schema of a prerequisite extension. Not all extensions are vulnerable. In addition to correcting the extensions provided with PostgreSQL, the project is issuing guidance for third-party extension authors to secure their own work.
##### Fixed In Version:
postgresql 12.4, postgresql 11.9, postgresql 10.14, postgresql 9.6.19, postgresql and 9.5.23
#### References:
https://www.postgresql.org/about/news/2060/
#### Patch:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7eeb1d9861b0a3f453f8b31c7648396cdd7f1e59
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable3.12.1Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11869libetpan: response injection via STARTTLS in IMAP (CVE-2020-15953)2020-10-12T15:42:15ZAlicha CHlibetpan: response injection via STARTTLS in IMAP (CVE-2020-15953)LibEtPan through 1.9.4, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TL...LibEtPan through 1.9.4, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-15953
* https://github.com/dinhvh/libetpan/issues/386
### Affected branches:
* [x] master (f6b8c8ff1924324b5ae18ea879086deec396c9e5)
* [x] 3.12-stable (6a5de63175a42ed6ee6359d5c1692975503353da)3.12.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11845go: ReadUvarint and ReadVarint can read an unlimited number of bytes from inv...2020-10-12T14:30:02ZAlicha CHgo: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-16845
#### Patch:
https://go.goog...Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-16845
#### Patch:
https://go.googlesource.com/go/+/027d7241ce050d197e7fabea3d541ffbe3487258%5E%21/
### Affected branches:
* [x] master (4428c5f3aba5a502ee460b3f6b33585a0ed123ea)
* [x] 3.12-stable (904dd561a5a325f33766cde3ef26a62738f71a92)3.12.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11968nginx binary is owned by 1000:10002020-10-19T14:04:50ZRileynginx binary is owned by 1000:1000I'm using the `alpine:edge` docker image on x86_64, and I've noticed that the `/usr/sbin/nginx` binary installed by the nginx package is owned by uid 1000 and gid 1000 (no such user exists, but that's besides the point). I'd expect the b...I'm using the `alpine:edge` docker image on x86_64, and I've noticed that the `/usr/sbin/nginx` binary installed by the nginx package is owned by uid 1000 and gid 1000 (no such user exists, but that's besides the point). I'd expect the binary to be owned by root. `/var/lib/nginx` should probably also be owned by root (it's currently owned by the nginx user), but I might be wrong about that.3.12.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/12282Certbot is broken due to idna dependency incompatibility2021-01-08T16:56:15ZÉloi RivardCertbot is broken due to idna dependency incompatibilityRecently, certbot got broken:
```
$ sudo certbot --help
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 567, in _build_master
ws.require(__requires__)
File "/usr/lib/pyt...Recently, certbot got broken:
```
$ sudo certbot --help
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 567, in _build_master
ws.require(__requires__)
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 884, in require
needed = self.resolve(parse_requirements(requirements))
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 775, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (idna 3.1 (/usr/lib/python3.8/site-packages), Requirement.parse('idna<3,>=2.5'), {'requests'})
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')())
File "/usr/bin/certbot", line 25, in importlib_load_entry_point
return next(matches).load()
File "/usr/lib/python3.8/importlib/metadata.py", line 77, in load
module = import_module(match.group('module'))
File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
File "<frozen importlib._bootstrap>", line 991, in _find_and_load
File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 783, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/usr/lib/python3.8/site-packages/certbot/main.py", line 2, in <module>
from certbot._internal import main as internal_main
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 17, in <module>
from certbot import crypto_util
File "/usr/lib/python3.8/site-packages/certbot/crypto_util.py", line 32, in <module>
from certbot import util
File "/usr/lib/python3.8/site-packages/certbot/util.py", line 24, in <module>
from certbot._internal import constants
File "/usr/lib/python3.8/site-packages/certbot/_internal/constants.py", line 4, in <module>
import pkg_resources
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 3239, in <module>
def _initialize_master_working_set():
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 3222, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 3251, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 569, in _build_master
return cls._build_from_requirements(__requires__)
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 582, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/lib/python3.8/site-packages/pkg_resources/__init__.py", line 770, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'idna<3,>=2.5' distribution was not found and is required by requests
$ apk search idna
py3-idna-ssl-1.1.0-r4
py3-idna-3.1-r0
```3.13.0LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12153community/firefox: build issues with WasmBaselineCompile on aarch642020-12-01T09:52:03ZKevin Daudtcommunity/firefox: build issues with WasmBaselineCompile on aarch64Firefox fails to build on aarch64:
<details>
<summary>Build errors</summary>
<pre>
./home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:661:13: error: explicit specialization in non-namespace sc...Firefox fails to build on aarch64:
<details>
<summary>Build errors</summary>
<pre>
./home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:661:13: error: explicit specialization in non-namespace scope 'class js::wasm::BaseRegAlloc'
661 | template <>
| ^
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:662:8: error: template-id 'hasFPU<js::jit::MIRType::Simd128>' in declaration of primary template
662 | bool hasFPU<MIRType::Simd128>() {
| ^~~~~~~~~~~~~~~~~~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:747:17: error: too many template-parameter-lists
747 | FloatRegister allocFPU() {
| ^~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:752:13: error: explicit specialization in non-namespace scope 'class js::wasm::BaseRegAlloc'
752 | template <>
| ^
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:753:17: error: expected ';' at end of member declaration
753 | FloatRegister allocFPU<MIRType::Simd128>() {
| ^~~~~~~~
| ;
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:753:17: error: 'js::jit::FloatRegister js::wasm::BaseRegAlloc::allocFPU' conflicts with a previous declaration
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:738:8: note: previous declaration 'void js::wasm::BaseRegAlloc::allocFPU(js::jit::FloatRegister)'
738 | void allocFPU(FloatRegister r) {
| ^~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:753:25: error: expected unqualified-id before '<' token
753 | FloatRegister allocFPU<MIRType::Simd128>() {
| ^
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp: In member function 'js::wasm::RegF32 js::wasm::BaseRegAlloc::needF32()':
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:937:27: error: invalid use of non-static member function 'void js::wasm::BaseRegAlloc::allocFPU(js::jit::FloatRegister)'
937 | return RegF32(allocFPU<MIRType::Float32>());
| ~~~~~~~~^~~~~~~~~~~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:738:8: note: declared here
738 | void allocFPU(FloatRegister r) {
| ^~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:937:18: error: expected primary-expression before '(' token
937 | return RegF32(allocFPU<MIRType::Float32>());
| ^
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:937:27: error: invalid use of non-static member function 'void js::wasm::BaseRegAlloc::allocFPU(js::jit::FloatRegister)'
937 | return RegF32(allocFPU<MIRType::Float32>());
| ~~~~~~~~^~~~~~~~~~~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:738:8: note: declared here
738 | void allocFPU(FloatRegister r) {
| ^~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:937:46: error: expected primary-expression before ')' token
937 | return RegF32(allocFPU<MIRType::Float32>());
| ^
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp: In member function 'js::wasm::RegF64 js::wasm::BaseRegAlloc::needF64()':
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:951:27: error: invalid use of non-static member function 'void js::wasm::BaseRegAlloc::allocFPU(js::jit::FloatRegister)'
951 | return RegF64(allocFPU<MIRType::Double>());
| ~~~~~~~~^~~~~~~~~~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:738:8: note: declared here
738 | void allocFPU(FloatRegister r) {
| ^~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:951:18: error: expected primary-expression before '(' token
951 | return RegF64(allocFPU<MIRType::Double>());
| ^
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:951:27: error: invalid use of non-static member function 'void js::wasm::BaseRegAlloc::allocFPU(js::jit::FloatRegister)'
951 | return RegF64(allocFPU<MIRType::Double>());
| ~~~~~~~~^~~~~~~~~~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:738:8: note: declared here
738 | void allocFPU(FloatRegister r) {
| ^~~~~~~~
/home/buildozer/aports/community/firefox/src/firefox-83.0/js/src/wasm/WasmBaselineCompile.cpp:951:45: error: expected primary-expression before ')' token
951 | return RegF64(allocFPU<MIRType::Double>());
| ^
</pre>
</details>
See: https://build.alpinelinux.org/buildlogs/build-edge-aarch64/community/firefox/firefox-83.0-r1.log3.13.0Rasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.devhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12144java9+: Does not compile with gcc10 on edge2020-12-06T00:13:42ZSimon Fsimon-alpine@fraho.eujava9+: Does not compile with gcc10 on edgeCurrently the builds for almost all java versions >= 9 fail on edge with gcc10.
This issue is for me to keep track of what I've fixed so far
- [x] openjdk9 (!14518) (9.0.4_p12-r3: **OK**)
- [x] openjdk10 (!15039) (10.0.2_p13-r2: **OK**)...Currently the builds for almost all java versions >= 9 fail on edge with gcc10.
This issue is for me to keep track of what I've fixed so far
- [x] openjdk9 (!14518) (9.0.4_p12-r3: **OK**)
- [x] openjdk10 (!15039) (10.0.2_p13-r2: **OK**)
- [x] openjdk11 (!15040) (11.0.9_p11-r1: **OK**)
- [x] openjdk12 (!15044) (12.0.2_p10-r2: **OK**)
- [x] openjdk13 (!15063) (13.0.4_p8-r1: **OK**)
- [x] openjdk14 (!15064) (14.0.2_p12-r1: **OK**)
- [x] openjdk15 (!15065) (15.0.1_p9-r1: **OK**)
blocks #12030, #12118 and !137573.13.0Simon Fsimon-alpine@fraho.euSimon Fsimon-alpine@fraho.euhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12136alpine-ipxe needs patches2020-11-26T12:26:50ZLeoalpine-ipxe needs patchesNeeds -fcommon in flags or fixing of externals and the following upstream patch:
```patch
From 8a1d66c7aec020f3e90254ed2fa55ecd9494fcc3 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Sat, 27 Jun 2020 20:43:32 +0100
...Needs -fcommon in flags or fixing of externals and the following upstream patch:
```patch
From 8a1d66c7aec020f3e90254ed2fa55ecd9494fcc3 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Sat, 27 Jun 2020 20:43:32 +0100
Subject: [PATCH] [golan] Add explicit type casts for nodnic_queue_pair_type
GCC 10 emits warnings for implicit conversions of enumerated types.
The flexboot_nodnic code defines nodnic_queue_pair_type with values
identical to those of ib_queue_pair_type, and implicitly casts between
them. Add an explicit cast to fix the warning.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
drivers/infiniband/flexboot_nodnic.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/drivers/infiniband/flexboot_nodnic.c b/src/drivers/infiniband/flexboot_nodnic.c
index 93bb05446..7d039fffc 100644
--- a/drivers/infiniband/flexboot_nodnic.c
+++ b/drivers/infiniband/flexboot_nodnic.c
@@ -365,7 +365,8 @@ static int flexboot_nodnic_create_qp ( struct ib_device *ibdev,
goto qp_alloc_err;
}
- status = nodnic_port_create_qp(&port->port_priv, qp->type,
+ status = nodnic_port_create_qp(&port->port_priv,
+ (nodnic_queue_pair_type) qp->type,
qp->send.num_wqes * sizeof(struct nodnic_send_wqbb),
qp->send.num_wqes,
qp->recv.num_wqes * sizeof(struct nodnic_recv_wqe),
@@ -406,7 +407,8 @@ static void flexboot_nodnic_destroy_qp ( struct ib_device *ibdev,
struct flexboot_nodnic_port *port = &flexboot_nodnic->port[ibdev->port - 1];
struct flexboot_nodnic_queue_pair *flexboot_nodnic_qp = ib_qp_get_drvdata ( qp );
- nodnic_port_destroy_qp(&port->port_priv, qp->type,
+ nodnic_port_destroy_qp(&port->port_priv,
+ (nodnic_queue_pair_type) qp->type,
flexboot_nodnic_qp->nodnic_queue_pair);
free(flexboot_nodnic_qp);
```3.13.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/12132main/strace: static assertion failed: "IPPROTO_MAX != 256"2020-11-24T03:10:51ZKevin Daudtmain/strace: static assertion failed: "IPPROTO_MAX != 256"strace fails to build due to an update in musl:
```
xlat/inet_protocols.h:242:1: error: static assertion failed: "IPPROTO_MAX != 256"
242 | static_assert((IPPROTO_MAX) == (256), "IPPROTO_MAX != 256");
```
`IPPROTO_MAX` has been updat...strace fails to build due to an update in musl:
```
xlat/inet_protocols.h:242:1: error: static assertion failed: "IPPROTO_MAX != 256"
242 | static_assert((IPPROTO_MAX) == (256), "IPPROTO_MAX != 256");
```
`IPPROTO_MAX` has been updated, but not yet in strace.
Upstream issue: https://github.com/strace/strace/issues/1643.13.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/12109community/libreoffice: build failure with GCC102021-06-05T18:38:56ZKevin Daudtcommunity/libreoffice: build failure with GCC10libreoffice has been disabled with 2cbc79ffc5 (community/libreoffice: disable, 2020-08-28), because it does not build anymore since the upgrade to GCC10.
```
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.0/../../../../x86_64-alpine-linux-m...libreoffice has been disabled with 2cbc79ffc5 (community/libreoffice: disable, 2020-08-28), because it does not build anymore since the upgrade to GCC10.
```
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.0/../../../../x86_64-alpine-linux-musl/bin/ld: /home/build/aports/community/libreoffice/src/libreoffice-7.0.2.2/workdir/CxxObject/sot/source/sdstor/ucbstorage.o: in function `UCBStorage_Impl::Init()':
ucbstorage.cxx:(.text+0x645b): undefined reference to `non-virtual thunk to cppu::WeakImplHelper<com::sun::star::io::XInputStream>::acquire()'
```3.13.0Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11142Asterisk logrotate - Alpine 3.11.32021-06-12T07:16:49ZRyan CampoAsterisk logrotate - Alpine 3.11.3First start of asterisk creates logs with permissions 644. After logrotate, logs are created with 640 via /etc/logrotate.d/asteriskFirst start of asterisk creates logs with permissions 644. After logrotate, logs are created with 640 via /etc/logrotate.d/asterisk3.14.0Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13185Xen: Unable to start Alpine PVH domU after linux-virt upgrade to 5.15.1-r32021-11-15T20:00:13ZMogens JensenXen: Unable to start Alpine PVH domU after linux-virt upgrade to 5.15.1-r3After upgrading linux-virt in a Alpine edge PVH domU from 5.10.x to 5.15.1-r3, Xen is unable to start the VM:
```
xc: error: panic: xc_dom_bzimageloader.c:774: xc_dom_probe_bzimage_kernel: unknown compression format: Invalid kernel
xc: ...After upgrading linux-virt in a Alpine edge PVH domU from 5.10.x to 5.15.1-r3, Xen is unable to start the VM:
```
xc: error: panic: xc_dom_bzimageloader.c:774: xc_dom_probe_bzimage_kernel: unknown compression format: Invalid kernel
xc: error: panic: xc_dom_core.c:691: xc_dom_find_loader: no loader found: Invalid kernel
libxl: error: libxl_dom.c:747:libxl__build_dom: xc_dom_parse_image failed
libxl: error: libxl_create.c:1420:domcreate_rebuild_done: Domain 44:cannot (re-)build domain: -3
libxl: error: libxl_domain.c:1177:libxl__destroy_domid: Domain 44:Non-existant domain
libxl: error: libxl_domain.c:1131:domain_destroy_callback: Domain 44:Unable to destroy guest
libxl: error: libxl_domain.c:1058:domain_destroy_cb: Domain 44:Destruction of domain failed
```
Xen version is 4.13.4 on Alpine 3.12-stable.3.15.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/13172main/zfs-lts-5.15.1-r0: GPL-incompatible module zfs.ko uses GPL-only symbol '...2021-11-09T13:55:15ZKevin Daudtmain/zfs-lts-5.15.1-r0: GPL-incompatible module zfs.ko uses GPL-only symbol 'mmu_feature_keys'zfs-lts fails to build on ppc64le:
```
MODPOST /home/buildozer/aports/main/zfs-lts/src/zfs-2.1.1/5.15.1-0-lts/module/Module.symvers
ERROR: modpost: GPL-incompatible module zfs.ko uses GPL-only symbol 'mmu_feature_keys'
make[4]: *** [s...zfs-lts fails to build on ppc64le:
```
MODPOST /home/buildozer/aports/main/zfs-lts/src/zfs-2.1.1/5.15.1-0-lts/module/Module.symvers
ERROR: modpost: GPL-incompatible module zfs.ko uses GPL-only symbol 'mmu_feature_keys'
make[4]: *** [scripts/Makefile.modpost:134: /home/buildozer/aports/main/zfs-lts/src/zfs-2.1.1/5.15.1-0-lts/module/Module.symvers] Error 1
```
See:
* https://build.alpinelinux.org/buildlogs/build-3-15-ppc64le/main/zfs-lts/zfs-lts-5.15.1-r0.log
* Upstream issue: https://github.com/openzfs/zfs/issues/11958
* Upstream issue: https://github.com/openzfs/zfs/issues/12590
* Ubuntu patch: https://git.launchpad.net/ubuntu/+source/zfs-linux/tree/debian/patches/ubuntu/4900-ppc-get-user-workaround.patch3.15.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13151postgresql/openssl issue on edge2021-11-11T07:32:45ZKonstantin Kulikovpostgresql/openssl issue on edgeAlpine edge. Yandex mirrors.
Repro:
```
kpc:~# apk add postgresql-dev openssl-dev
ERROR: unable to select packages:
openssl-dev-3.0.0-r2:
conflicts: openssl1.1-compat-dev-1.1.1l-r4[pc:libcrypto=3.0.0] openssl1.1-compat-dev-1.1.1l-...Alpine edge. Yandex mirrors.
Repro:
```
kpc:~# apk add postgresql-dev openssl-dev
ERROR: unable to select packages:
openssl-dev-3.0.0-r2:
conflicts: openssl1.1-compat-dev-1.1.1l-r4[pc:libcrypto=3.0.0] openssl1.1-compat-dev-1.1.1l-r4[pc:libssl=3.0.0] openssl1.1-compat-dev-1.1.1l-r4[pc:openssl=3.0.0]
satisfies: world[openssl-dev] libpq-dev-14.0-r5[pc:libcrypto] libpq-dev-14.0-r5[pc:libssl]
openssl1.1-compat-dev-1.1.1l-r4:
conflicts: openssl-dev-3.0.0-r2[pc:libcrypto=1.1.1l] openssl-dev-3.0.0-r2[pc:libssl=1.1.1l] openssl-dev-3.0.0-r2[pc:openssl=1.1.1l]
satisfies: libpq-dev-14.0-r5[pc:libcrypto] libpq-dev-14.0-r5[pc:libssl] postgresql-dev-14.0-r5[openssl1.1-compat-dev]
```
In normal usage what happened is I upgraded postgres and started seeing
```Error relocating /usr/bin/psql: PQmblenBounded: symbol not found```
`apk upgrade -a` reported no errors.
Error is happening because `postgresql-dev` and `postgresql-libs` was stuck on version 13, while server and client were upgraded to 14.3.15.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/13276mariadb compiled with UNIV_DEBUG2022-11-03T11:04:04ZKevin Daudtmariadb compiled with UNIV_DEBUGWhen starting mariadb, the log mentions:
```
2021-12-05 20:49:45 0 [Note] InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!!
```
This apparently has a impact on performance. This is possibly caused by `CMAKE_BUILDTYPE=none`.
storage/in...When starting mariadb, the log mentions:
```
2021-12-05 20:49:45 0 [Note] InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!!
```
This apparently has a impact on performance. This is possibly caused by `CMAKE_BUILDTYPE=none`.
storage/innobase/innodb.cmake contains:
```
# Enable InnoDB's UNIV_DEBUG in debug builds
SET(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -DUNIV_DEBUG")
```3.15.1Natanael CopaNatanael Copa