alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2022-09-07T08:51:41Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12932net-snmp(snmpd) apk install service crashed on x86 3.14.1 and edge(3.15)2022-09-07T08:51:41ZRon Kwannet-snmp(snmpd) apk install service crashed on x86 3.14.1 and edge(3.15)fresh installed 3.14.1 on n270 x86 with net-snmp 5.9r4 and default snmpd.conf except one line enabled;
rocommunity public localhost
snmpd serviced crashed after a coouple hours, more or less
same thing happened after system upgraded t...fresh installed 3.14.1 on n270 x86 with net-snmp 5.9r4 and default snmpd.conf except one line enabled;
rocommunity public localhost
snmpd serviced crashed after a coouple hours, more or less
same thing happened after system upgraded to edge with net-snmp 5.9.1-r1
i've also tried inside a virtualbox client (win host) and same thing happened.
please investigate, much thanks.https://gitlab.alpinelinux.org/alpine/aports/-/issues/12931Add support for Hardkernel Odroid xu4 and family2022-08-21T15:18:07ZDavy LandmanAdd support for Hardkernel Odroid xu4 and familyIt would be nice if the generic armv7 build of alpine would include uboot for odroid xu4 as well.
The dtbs are already there, but the u-boot is not configured with it yet.
I have a xu4 and I think the right serial monitor, so I can do ...It would be nice if the generic armv7 build of alpine would include uboot for odroid xu4 as well.
The dtbs are already there, but the u-boot is not configured with it yet.
I have a xu4 and I think the right serial monitor, so I can do some testing.Milan P. StanićMilan P. Stanićhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12926Package request: loop2021-08-29T17:43:52ZnevinenPackage request: looploop lets you write powerful, intuitive looping one-liners in your favorite shell! Finally, loops in Bash that make sense!
Homepage: https://github.com/Miserlou/Loop , this software source code is already very stable.loop lets you write powerful, intuitive looping one-liners in your favorite shell! Finally, loops in Bash that make sense!
Homepage: https://github.com/Miserlou/Loop , this software source code is already very stable.https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10760Parallelize triggers2024-01-10T16:03:46ZAriadne Conillariadne@ariadne.spaceParallelize triggersSome triggers can take multiple seconds (up to minutes) to run, like the `mkinitfs` trigger.
It would be a nice win to run all triggers in parallel.
Another thing to consider might be running triggers in the background.Some triggers can take multiple seconds (up to minutes) to run, like the `mkinitfs` trigger.
It would be a nice win to run all triggers in parallel.
Another thing to consider might be running triggers in the background.v3.1https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10040libc6-compat has wrong provides2021-08-12T20:12:50ZAlex Xu (Hello71)libc6-compat has wrong provideshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12916Add a runtime dependency to gpsd-clients or split the package2021-08-12T19:27:33ZBenoit RozelAdd a runtime dependency to gpsd-clients or split the package`py3-cairo` and `py3-gpsd` are runtime dependencies of the programs `xgps` and `xgpsspeed` provide by `gpsd-clients`.
Either add this runtime dependency to the package, or split the package (or remove these two programs of the package).`py3-cairo` and `py3-gpsd` are runtime dependencies of the programs `xgps` and `xgpsspeed` provide by `gpsd-clients`.
Either add this runtime dependency to the package, or split the package (or remove these two programs of the package).https://gitlab.alpinelinux.org/alpine/aports/-/issues/12915openvas, gvm-libs, nmap segfaults or traps2021-08-13T15:24:25ZJosef Fröhlegithub@josef-froehle.deopenvas, gvm-libs, nmap segfaults or traps**Describe the bug**
When scanning, often the process is "interrupted" before completing, and messages such as these shows up in dmesg on the host.
openvas randomly segfaults, and nmap segfaults or traps. The results are unreliable, as ...**Describe the bug**
When scanning, often the process is "interrupted" before completing, and messages such as these shows up in dmesg on the host.
openvas randomly segfaults, and nmap segfaults or traps. The results are unreliable, as hosts or services are missed, even if the scanning does not end up as interrupted.
```
[ 2693.808760] traps: nmap[35860] trap invalid opcode ip:55817d153440 sp:7fffb5e326e0 error:0 in nmap[55817d105000+8e000]
[ 3359.422992] traps: nmap[49098] trap invalid opcode ip:564ed9eca440 sp:7ffe1c1e2010 error:0 in nmap[564ed9e7c000+8e000]
[ 3362.479530] traps: nmap[49100] trap invalid opcode ip:55abef014440 sp:7fffbe46dce0 error:0 in nmap[55abeefc6000+8e000]
[ 3440.949354] traps: nmap[49061] trap invalid opcode ip:55fd5d253440 sp:7fff20e88640 error:0 in nmap[55fd5d205000+8e000]
[ 3453.341204] nmap[49004]: segfault at 7efe666dd020 ip 000055dfacbe9448 sp 00007fffde1dc920 error 4 in nmap[55dfacb9b000+8e000]
[ 3453.341216] Code: 24 08 0f b7 cb 48 39 e8 73 09 48 8d 14 08 48 39 d5 72 0f 48 39 e8 76 0c 48 8d 54 0d 00 48 39 d0 73 02 0f 0b 48 89 c7 48 89 ee <f3> a4 66 41 c7 44 24 06 00 00 4c 89 e0 5a 5b 5d 41 5c 41 5d 41 5e
[ 4191.012447] traps: nmap[70547] trap invalid opcode ip:55949bb89440 sp:7ffc176d6d00 error:0 in nmap[55949bb3b000+8e000]
[ 5130.462535] traps: nmap[91191] trap invalid opcode ip:558715bcc440 sp:7fff806baaf0 error:0 in nmap[558715b7e000+8e000]
[ 7261.504889] traps: nmap[127905] trap invalid opcode ip:5626d9ef7440 sp:7ffc469912b0 error:0 in nmap[5626d9ea9000+8e000]
[ 9403.617868] openvas[2488]: segfault at 7f498fae1d80 ip 00007f4991a76313 sp 00007fff87ed2610 error 4 in libgvm_base.so.21.4.2[7f4991a74000+8000]
[ 9403.617879] Code: 5d 41 5e 41 5f c3 55 48 89 fd bf 10 00 00 00 53 48 89 f3 50 e8 1e df ff ff 48 89 28 48 89 58 08 5a 5b 5d c3 48 85 ff 74 2b 55 <83> 7f 10 00 48 89 fd 75 08 48 8b 3f e8 94 e8 ff ff 48 8b 7d 18 48
[20059.115781] traps: openvas[161562] general protection fault ip:7f627b0a1896 sp:7fffe0c00948 error:0 in ld-musl-x86_64.so.1[7f627b093000+48000]
[20338.874947] traps: nmap[167472] trap invalid opcode ip:55816621e440 sp:7ffef834f8e0 error:0 in nmap[5581661d0000+8e000]
[39743.448666] traps: openvas[48511] general protection fault ip:7fb82608d896 sp:7fffb961cff8 error:0 in ld-musl-x86_64.so.1[7fb82607f000+48000]
[42038.536454] openvas[72556]: segfault at 0 ip 00007f2fcd70a081 sp 00007ffdc4a7f5a8 error 4 in ld-musl-x86_64.so.1[7f2fcd6d0000+48000]
[42038.536467] Code: 20 c7 44 24 0c 30 00 00 00 48 89 44 24 18 e8 ce fe ff ff 48 81 c4 d8 00 00 00 c3 89 f8 99 31 d0 29 d0 c3 31 f6 e9 7d 09 00 00 <0f> be 17 89 d0 83 ea 09 83 fa 04 77 05 48 ff c7 eb ee 3c 20 74 f7
[54412.214396] traps: openvas[144887] general protection fault ip:7f3844d4f896 sp:7ffccc6df338 error:0 in ld-musl-x86_64.so.1[7f3844d41000+48000]
[81753.907458] traps: nmap[330293] trap invalid opcode ip:5609dabcc440 sp:7fff86095920 error:0 in nmap[5609dab7e000+8e000]
[81852.061828] nmap[330299]: segfault at 7f1fb29a0020 ip 00005589dbcb2448 sp 00007ffe740c76a0 error 4 in nmap[5589dbc64000+8e000]
[81852.061866] Code: 24 08 0f b7 cb 48 39 e8 73 09 48 8d 14 08 48 39 d5 72 0f 48 39 e8 76 0c 48 8d 54 0d 00 48 39 d0 73 02 0f 0b 48 89 c7 48 89 ee <f3> a4 66 41 c7 44 24 06 00 00 4c 89 e0 5a 5b 5d 41 5c 41 5d 41 5e
[81915.730041] traps: nmap[330307] trap invalid opcode ip:559711ad3440 sp:7ffc79e170b0 error:0 in nmap[559711a85000+8e000]
[82046.006118] traps: nmap[339261] trap invalid opcode ip:55a2f8890440 sp:7fffdbbab200 error:0 in nmap[55a2f8842000+8e000]
[82205.134292] traps: nmap[347358] trap invalid opcode ip:557c04521440 sp:7ffc7aa75510 error:0 in nmap[557c044d3000+8e000]
[82251.198955] traps: nmap[351206] trap invalid opcode ip:562658bea440 sp:7fff706de6e0 error:0 in nmap[562658b9c000+8e000]
[82404.256601] traps: nmap[363056] trap invalid opcode ip:55ac34db6440 sp:7ffe30cf4f70 error:0 in nmap[55ac34d68000+8e000]
[82960.779933] traps: nmap[376132] trap invalid opcode ip:56457442a440 sp:7ffcee51e470 error:0 in nmap[5645743dc000+8e000]
[83482.088115] traps: nmap[396343] trap invalid opcode ip:559faf5fc440 sp:7fff817eb360 error:0 in nmap[559faf5ae000+8e000]
[83485.654411] traps: nmap[398085] trap invalid opcode ip:5631cbbba440 sp:7ffdb22b3ad0 error:0 in nmap[5631cbb6c000+8e000]
[83701.749437] nmap[404134]: segfault at 7fde00003020 ip 0000559481cdb448 sp 00007ffe68d6c540 error 4 in nmap[559481c8d000+8e000]
[83701.749447] Code: 24 08 0f b7 cb 48 39 e8 73 09 48 8d 14 08 48 39 d5 72 0f 48 39 e8 76 0c 48 8d 54 0d 00 48 39 d0 73 02 0f 0b 48 89 c7 48 89 ee <f3> a4 66 41 c7 44 24 06 00 00 4c 89 e0 5a 5b 5d 41 5c 41 5d 41 5e
[84947.667435] traps: nmap[432432] trap invalid opcode ip:5566ae0a1440 sp:7ffd2a52f780 error:0 in nmap[5566ae053000+8e000]
[85905.583853] nmap[448314]: segfault at 7fed19cca020 ip 000055a60fbde448 sp 00007ffd5e8935e0 error 4 in nmap[55a60fb90000+8e000]
[85905.583864] Code: 24 08 0f b7 cb 48 39 e8 73 09 48 8d 14 08 48 39 d5 72 0f 48 39 e8 76 0c 48 8d 54 0d 00 48 39 d0 73 02 0f 0b 48 89 c7 48 89 ee <f3> a4 66 41 c7 44 24 06 00 00 4c 89 e0 5a 5b 5d 41 5c 41 5d 41 5e
[86291.951492] traps: nmap[458906] trap invalid opcode ip:55b732c21440 sp:7fffdad874c0 error:0 in nmap[55b732bd3000+8e000]
[88792.139689] traps: openvas[376047] general protection fault ip:7f6f0cdb1896 sp:7ffce68edc48 error:0 in ld-musl-x86_64.so.1[7f6f0cda3000+48000]
[91899.867229] traps: nmap[489571] trap invalid opcode ip:5641d022e440 sp:7fff95dfe730 error:0 in nmap[5641d01e0000+8e000]
[91918.141517] traps: nmap[489592] trap invalid opcode ip:560cb5499440 sp:7ffe286d8cd0 error:0 in nmap[560cb544b000+8e000]
[91948.451528] traps: nmap[489598] trap invalid opcode ip:56160af38440 sp:7fffb7ed41a0 error:0 in nmap[56160aeea000+8e000]
[91967.426301] traps: nmap[489580] trap invalid opcode ip:55cfa6100440 sp:7fffd6ec3110 error:0 in nmap[55cfa60b2000+8e000]
[92294.752484] traps: nmap[491526] trap invalid opcode ip:5626df88f440 sp:7fffced184e0 error:0 in nmap[5626df841000+8e000]
[92589.964141] traps: nmap[493348] trap invalid opcode ip:56508ad73440 sp:7ffd26f2c600 error:0 in nmap[56508ad25000+8e000]
[93833.598764] traps: openvas[489491] general protection fault ip:7f3b38d8c896 sp:7ffd272f0c58 error:0 in ld-musl-x86_64.so.1[7f3b38d7e000+48000]
```
**Steps to reproduce the behavior:**
Just running a simple scanning.
- Target has 32 IP addresses
- Alive Test: Consider Alive
- Scanning Config: Full and fast (unmodified)
Expected behavior
Finalized scanning with no code errors, and all hosts covered in the result.
**core dumps can be fround on **
https://github.josef-froehle.de/cores.tar.gz
```
gdb /usr/bin/openvas /core.openvas
GNU gdb (GDB) 10.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-alpine-linux-musl".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/openvas...
(No debugging symbols found in /usr/bin/openvas)
[New LWP 8854]
Core was generated by `openvas --scan-start 73fb6771-3823-42b5-886e-302b6df32ea2'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 get_meta (p=p@entry=0x7f3b50cfd550 "±\373", <incomplete sequence \311>) at src/malloc/mallocng/meta.h:141
141 src/malloc/mallocng/meta.h: No such file or directory.
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/12913nginx: Don't use nginx' custom memory allocator2021-08-21T20:00:55Zjvoisinnginx: Don't use nginx' custom memory allocatorNginx uses its [own memory allocator]( https://github.com/nginx/nginx/blob/master/src/core/ngx_palloc.c ), tailored for [speed and efficiency]( https://forum.nginx.org/read.php?29,228121,228126#msg-228126 ), and unfortunately, it doesn't...Nginx uses its [own memory allocator]( https://github.com/nginx/nginx/blob/master/src/core/ngx_palloc.c ), tailored for [speed and efficiency]( https://forum.nginx.org/read.php?29,228121,228126#msg-228126 ), and unfortunately, it doesn't have any security feature at all: no defenses against buffer overrun and use-after-free, unprotected metadata (with function pointers in them), no double/invalid-free detection, … Fortunately, there is a [way to disabled it]( https://nginx.org/en/docs/dev/development_guide.html#debug_memory ) and use the [default allocator]( https://git.musl-libc.org/cgit/musl/commit/?id=503bd3976623493a10b0f32c617feb51f9ba04c8 ) instead, by compiling nginx with `auto/configure --with-cc-opt='-DNGX_DEBUG_PALLOC=1'`.
Since musl's allocator is quite performant, there shouldn't™ be any noticeable (if at all) performance impact.https://gitlab.alpinelinux.org/alpine/aports/-/issues/12908Package request: pgroonga2021-08-11T06:50:13Z杨文 陈Package request: pgroongahttps://github.com/pgroonga/pgroongahttps://github.com/pgroonga/pgroongahttps://gitlab.alpinelinux.org/alpine/cloud/alpine-cloud-images/-/issues/90Bootload Directly via EFI_STUB?2023-04-23T23:31:13ZJake Buchholz GöktürkBootload Directly via EFI_STUB?*Created by: tomalok*
(As reported in https://github.com/mcrute/tiny-ec2-bootstrap/issues/15 by @tsarna)
Problem is that the bootloader on **x86_64** is installed on the raw EBS volume (allowing `resize2fs` to expand to the full volume...*Created by: tomalok*
(As reported in https://github.com/mcrute/tiny-ec2-bootstrap/issues/15 by @tsarna)
Problem is that the bootloader on **x86_64** is installed on the raw EBS volume (allowing `resize2fs` to expand to the full volume size) vs. a partition on **aarch64**, which restricts `resize2fs` to the size of root partition, as defined by the AMI image.
Possible solutions to be applied here (instead of https://github.com/mcrute/tiny-ec2-bootstrap)...
* install `grub` bootloader on raw EBS volume instead of partitioning (if that's even possible)
* perhaps switch to `u-boot` bootloader. There is apparently some compatibility with `syslinux` -- https://linux-sunxi.org/U-Boot#Booting_with_extlinux.conf -- switching would likely reduce the footprint of the **aarch64** AMI.https://gitlab.alpinelinux.org/alpine/cloud/alpine-cloud-images/-/issues/23Document update and retention policy2023-10-14T19:47:07ZMike Crutemike@crute.usDocument update and retention policyWe may want to add links in the README (or in a separate document) for publicly-available historical AMIs. Probably not a bad idea to clearly state retention policy for old AMIs, too.We may want to add links in the README (or in a separate document) for publicly-available historical AMIs. Probably not a bad idea to clearly state retention policy for old AMIs, too.https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/issues/7Specific branch data per CVE and package version2022-05-05T21:53:56ZhadasbloomSpecific branch data per CVE and package versionWhen extracting the security tracker data in JSON format, each item in the `state` references a different branch with a different state and package version, but currently there isn't an easy way to identify which branch each item is rela...When extracting the security tracker data in JSON format, each item in the `state` references a different branch with a different state and package version, but currently there isn't an easy way to identify which branch each item is related to.
Is it possible to add this kind of data? Or otherwise, when requesting data under a specific branch `https://security.alpinelinux.org/branch/...` maybe it can be possible to see only the package versions relevant to that branch?
Thanks! :)https://gitlab.alpinelinux.org/alpine/aports/-/issues/12903Package request: gpac2021-08-08T11:20:17ZFengying ZhaoPackage request: gpachttps://github.com/gpac/gpachttps://github.com/gpac/gpachttps://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10758Ignored / phantom packages2022-12-21T19:37:22ZAlan DiwixIgnored / phantom packagesIs there any way to replace a package with "phantom" version of it that neither replaces nor introduces any files, but satisfies the same dependencies as original?
For example xbps' ignorepkg:
https://man.voidlinux.org/xbps.d.5
If not, ...Is there any way to replace a package with "phantom" version of it that neither replaces nor introduces any files, but satisfies the same dependencies as original?
For example xbps' ignorepkg:
https://man.voidlinux.org/xbps.d.5
If not, I guess this would be a feature request.v3.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/12895[3.11, 3.12, 3.13] main/ruby-bundler: vulnerable to CVE-2020-363272021-08-04T14:42:38ZAriadne Conillariadne@ariadne.space[3.11, 3.12, 3.13] main/ruby-bundler: vulnerable to CVE-2020-36327Hello,
The security team is not certain what the best way to fix this issue is, due to lack of familiarity with the Ruby ecosystem. So, I am opening this bug to allow somebody with more experience in the Ruby ecosystem to help find a m...Hello,
The security team is not certain what the best way to fix this issue is, due to lack of familiarity with the Ruby ecosystem. So, I am opening this bug to allow somebody with more experience in the Ruby ecosystem to help find a mitigation. Specifically, we do not know what effect upgrading Bundler would have for users using it in production.
## Description
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application.
## Affected Branches
- [ ] 3.11-stable (`2.0.2-r1`)
- [ ] 3.12-stable (`2.1.4-r1`)
- [ ] 3.13-stable (`2.2.2-r0`)
Please fix according to what you think is appropriate, and then record the appropriate secfixes entries in the APKBUILD. Thanks!Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10756Document proxy support better2022-12-21T19:39:45ZHadmut DanischDocument proxy support betterThis is rather a documentation than a software issue, but the wiki didn't let me write to the discussion page of the apk management.
When creating virtual images (especially with docker) with alpine (what it is just perfect for), it ta...This is rather a documentation than a software issue, but the wiki didn't let me write to the discussion page of the apk management.
When creating virtual images (especially with docker) with alpine (what it is just perfect for), it takes typically lots of iterations to recreate the image and have lots of apk packages installed from scratch. Since every installation run typically starts with a fresh, clean system without a persistent cache dir, there is no point in using the local cache feature of apk.
Fetching the images again with every run is time consuming, creates network traffic (possibly expensive), and puts load on alpine's servers. So there's good reason to try to have some local mirror/cache. Unfortunately I didn't find any hint in the docs on what's the recommended way. They are just mentioning apk's local cache function.
Other package managers like apt, yum, gem allow to configure external caches/proxies.
My guess (not yet tested) would be hat apk should honor a https_proxy environment variable pointing to an external, HTTPS-intercepting cache after installing it's certificate to /etc/ssl/certs, but I didn't try this yet.
It would therefore be good to have a section in the documentation about how to use apk with some external cache mechanism.backloghttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12890Add numpy to boost-python2021-08-02T16:29:04ZMonkeyKhanAdd numpy to boost-pythonAlpine's boost-python does not contain the NumPy extension, which is an optional component in https://github.com/boostorg/python.Alpine's boost-python does not contain the NumPy extension, which is an optional component in https://github.com/boostorg/python.https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10755replaced files are not restored when uninstalling replacing package2022-12-21T20:28:45ZAlex Xu (Hello71)replaced files are not restored when uninstalling replacing packageexample: install libc6-compat, then install gcompat, then remove gcompat. expected behavior is libc6-compat files are restored, but this doesn't happenexample: install libc6-compat, then install gcompat, then remove gcompat. expected behavior is libc6-compat files are restored, but this doesn't happenv3.1https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10039Allow specifying extract directory for archives2021-08-08T00:54:27ZKevin DaudtAllow specifying extract directory for archives`default_unpack` expects that the files in archives live in a subdirectory, which is the case for most archives that we use. But once in a while, there are archives where the there is not single directory that contains everything. When s...`default_unpack` expects that the files in archives live in a subdirectory, which is the case for most archives that we use. But once in a while, there are archives where the there is not single directory that contains everything. When such an archive is extracted, the files are directly extracted to `$srcdir`.
The issue is that `default_unpack` is not extensible. You have to completely reimplement it if you want to change its behavior and you cannot use `default_unpack` for some sources and custom logic for others. See for example [this](https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/23415/diffs?commit_id=8e6a2eb7bd0b3619207e74f26047f121f707c3e5#1f6d3c0846150ab5716bdfbd83b0d1f3102c8582_0_132) commit, where `default_unpack` has been copied almost verbatim, with just a few changes to extract the files in a dedicated subdirectory.
The direct solution to this problem would be a possibility to specify a subdirectory to extract the archive in.
A more general solution would involve breaking up `default_unpack` into more reusable components that can be reused or hookpoints.https://gitlab.alpinelinux.org/alpine/aports/-/issues/12879Package request: matio2021-07-28T18:07:37ZJ0WIPackage request: matiohttps://github.com/tbeu/matiohttps://github.com/tbeu/matio