alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2023-04-18T13:22:15Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11906Python3 package includes 23 mb of precompiled files?2023-04-18T13:22:15ZgatopeichPython3 package includes 23 mb of precompiled files?I am slightly surprised to find 23 MB worth of .pyc files included in Python 3.8 as packaged for Alpine 3.12;
```
$ docker run -it alpine:3.12
/ # export PYTHONDONTWRITEBYTECODE=1
/ # apk add python3
fetch http://dl-cdn.alpinelinux.org/a...I am slightly surprised to find 23 MB worth of .pyc files included in Python 3.8 as packaged for Alpine 3.12;
```
$ docker run -it alpine:3.12
/ # export PYTHONDONTWRITEBYTECODE=1
/ # apk add python3
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/10) Installing libbz2 (1.0.8-r1)
(2/10) Installing expat (2.2.9-r1)
(3/10) Installing libffi (3.3-r2)
(4/10) Installing gdbm (1.13-r1)
(5/10) Installing xz-libs (5.2.5-r0)
(6/10) Installing ncurses-terminfo-base (6.2_p20200523-r0)
(7/10) Installing ncurses-libs (6.2_p20200523-r0)
(8/10) Installing readline (8.0.4-r0)
(9/10) Installing sqlite-libs (3.32.1-r0)
(10/10) Installing python3 (3.8.5-r0)
Executing busybox-1.31.1-r16.trigger
OK: 53 MiB in 24 packages
/ # du -csh $(find /usr/lib/python3.8 -name __pycache__)|grep M|sort -n
1.2M /usr/lib/python3.8/asyncio/__pycache__
1.2M /usr/lib/python3.8/pydoc_data/__pycache__
1.8M /usr/lib/python3.8/encodings/__pycache__
9.8M /usr/lib/python3.8/__pycache__
23.2M total
```
Also, the 2 variants seem to be present for every module (opt-1, opt-2).
Is this intentional?
Is there a supported way to avoid them and let the interpreter compile what is really needed?3.18.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11907weston: system freeze on launch2020-09-01T13:34:45Zshumweston: system freeze on launch`Alpine Edge, x86_64`
Weston freezes the system upon launch with `weston-launch`.
Steps to reproduce:
1. `apk add weston weston-backend-drm weston-shell-desktop weston-xwayland weston-clients`
2. `addgroup $(whoami) weston-launch`
3. D...`Alpine Edge, x86_64`
Weston freezes the system upon launch with `weston-launch`.
Steps to reproduce:
1. `apk add weston weston-backend-drm weston-shell-desktop weston-xwayland weston-clients`
2. `addgroup $(whoami) weston-launch`
3. Do not forget to [set XDG_RUNTIME_DIR](https://wiki.alpinelinux.org/wiki/Wayland).
4. Logout from your session and log back in.
5. Run `weston-launch 2> 1.log` from TTY.
After this, system just hangs. To unfreeze the system, one can switch to another TTY and kill the weston process.
The thing is – `sway` starts perfectly fine.
Here is a log file from fifth step: [1.log](/uploads/d89952d72c7d8bc6217787e1731082f2/1.log)https://gitlab.alpinelinux.org/alpine/aports/-/issues/11908CppUTest library files are removed2021-12-11T01:07:31ZShivaCppUTest library files are removedThe cpputest testing package removes the installed libraries during the package step. This implies that when the package is installed, it cannot be used as the library required are missing
Note: https://git.alpinelinux.org/aports/tree/c...The cpputest testing package removes the installed libraries during the package step. This implies that when the package is installed, it cannot be used as the library required are missing
Note: https://git.alpinelinux.org/aports/tree/community/cpputest/APKBUILD removes the libraries (line 33)
```
rmdir "$pkgdir"/usr/lib/CppUTest
```
When installed, as seen below, the libraries are missing
```
bash-5.0# find / -name "*CppUTest*"
/usr/lib/cmake/CppUTest
/usr/lib/cmake/CppUTest/Modules/CppUTestBuildTimeDiscoverTests.cmake
/usr/lib/cmake/CppUTest/CppUTestConfig.cmake
/usr/lib/cmake/CppUTest/CppUTestTargets.cmake
/usr/lib/cmake/CppUTest/CppUTestConfigVersion.cmake
/usr/lib/cmake/CppUTest/CppUTestTargets-none.cmake
/usr/lib/cmake/CppUTest/Scripts/CppUTestBuildTimeDiscoverTests.cmake
/usr/include/CppUTestExt
/usr/include/CppUTest
/usr/include/CppUTest/CppUTestGeneratedConfig.h
/usr/include/CppUTest/CppUTestConfig.h
```ShivaShivahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11909testing/3proxy: init script fails to properly start 3proxy2020-09-24T23:05:30ZJohannes Heimansbergtesting/3proxy: init script fails to properly start 3proxyThe init script of testing/3proxy fails to start 3proxy, because it passes arguments to the 3proxy executable that are not understood (the only argument that it accepts is the path to the config file).
Also, start-stop-daemon gets confus...The init script of testing/3proxy fails to start 3proxy, because it passes arguments to the 3proxy executable that are not understood (the only argument that it accepts is the path to the config file).
Also, start-stop-daemon gets confused with the username and group named "3proxy", because of the number at the beginning and treats them as numeric IDs. As such it starts the process under the wrong user. It will use whichever user has UID 3 on the system, in my case user "adm".https://gitlab.alpinelinux.org/alpine/aports/-/issues/11910recompile dovecot-fts-xapian2021-01-07T05:55:09Zhelmut72recompile dovecot-fts-xapian```
Error: Couldn't load required plugin /usr/lib/dovecot/lib21_fts_xapian_plugin.so: Module is for different ABI version 2.3.ABIv10(2.3.10.1) (we have 2.3.ABIv11(2.3.11.3))
```
Thanks```
Error: Couldn't load required plugin /usr/lib/dovecot/lib21_fts_xapian_plugin.so: Module is for different ABI version 2.3.ABIv10(2.3.10.1) (we have 2.3.ABIv11(2.3.11.3))
```
ThanksLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11911Asterisk-16.7.0 crash if 'pjsip set logger on'2020-09-01T19:45:30ZHenrikAsterisk-16.7.0 crash if 'pjsip set logger on'I've experienced an issue where Asterisk exists/crashes when 'pjsip set logger on' is set in the Asterisk CLI. This happens with the asterisk-16.7.0 in alpine:3.12.0 and asterisk-15.7.4 in alpine:3.9.3. The problem occurs when the above ...I've experienced an issue where Asterisk exists/crashes when 'pjsip set logger on' is set in the Asterisk CLI. This happens with the asterisk-16.7.0 in alpine:3.12.0 and asterisk-15.7.4 in alpine:3.9.3. The problem occurs when the above is set and asterisk receives a new call. It works fine if the above is not set.
The same happens if PJSIP tries to parse a call with a faulty SIP-header so I guess it might be related. There is no error unfortunately but this is the output I get while calling to it with 'pjsip set logger on' set.
```
/ # asterisk -vvvvvvvvvvvvvvvvvvvvr
Asterisk 16.7.0, Copyright (C) 1999 - 2018, Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 16.7.0 currently running on HP-EliteBook (pid = 8)
HP-EliteBook*CLI> pjsip set logger on
PJSIP Logging enabled
HP-EliteBook*CLI>
HP-EliteBook*CLI>
{"hostname":"","timestamp":"Sep 1 14:49:01","identifiers":{"lwp":34,"callid":""},"logmsg":{"location":{"filename":"res_pjsip_logger.c","function":"logging_on_rx_msg","line":104},"level":"VERBOSE","message":"<--- Received SIP request (474 bytes) from UDP:127.0.0.1:5061 --->\nINVITE sip:echo-bot-se@127.0.0.1:5060 SIP/2.0\r\nVia: SIP/2.0/UDP 127.0.0.1:5061\r\nFrom: sipp <sip:sipp@127.0.0.15061>;tag=1\r\nTo: echo-bot <sip:echo-bot-se@127.0.0.1:5060>\r\nCall-ID: 1-7@127.0.0.1\r\nCseq: 1 INVITE\r\nContact: sip:sipp@127.0.0.1:5061\r\nMax-Forwards: 70\r\nSubject: Performance Test\r\nContent-Type: application/sdp\r\nContent-Length: 129\r\n\r\nv=0\r\no=user1 53655765 2353687637 IN IP4 127.0.0.1\r\ns=-\r\nt=0 0\r\nc=IN IP4 127.0.0.1\r\nm=audio 6000 RTP/AVP 8\r\na=rtpmap:8 PCMA/8000\r\n\n"}}
{"hostname":"","timestamp":"Sep 1 14:49:01","identifiers":{"lwp":35,"callid":""},"logmsg":{"location":{"filename":"pbx_variables.c","function":"pbx_builtin_setvar_helper","line":1115},"level":"VERBOSE","message":"Setting global variable 'SIPDOMAIN' to '127.0.0.1'\n"}}
{"hostname":"","timestamp":"Sep 1 14:49:01","identifiers":{"lwp":35,"callid":""},"logmsg":{"location":{"filename":"res_pjsip_logger.c","function":"logging_on_tx_msg","line":83},"level":"VERBOSE","message":"<--- Transmitting SIP response (263 bytes) to UDP:127.0.0.1:5061 --->\nSIP/2.0 100 Trying\r\nVia: SIP/2.0/UDP 127.0.0.1:5061;rport=5061;received=127.0.0.1\r\nCall-ID: 1-7@127.0.0.1\r\nFrom: \"sipp\" <sip:sipp@127.0.0.15061>;tag=1\r\nTo: \"echo-bot\" <sip:echo-bot-se@127.0.0.1>\r\nCSeq: 1 INVITE\r\nServer: Asterisk PBX 16.7.0\r\nContent-Length: 0\r\n\r\n\n"}}
{"hostname":"","timestamp":"Sep 1 14:49:01","identifiers":{"lwp":59,"callid":"[C-00000001]"},"logmsg":{"location":{"filename":"pbx.c","function":"pbx_extension_helper","line":2940},"level":"VERBOSE","message":"Executing [echo-bot-se@inbound:1] NoOp(\"PJSIP/anonymous-00000000\", \"\") in new stack\n"}}
{"hostname":"","timestamp":"Sep 1 14:49:01","identifiers":{"lwp":59,"callid":"[C-00000001]"},"logmsg":{"location":{"filename":"pbx.c","function":"pbx_extension_helper","line":2940},"level":"VERBOSE","message":"Executing [echo-bot-se@inbound:2] EAGI(\"PJSIP/anonymous-00000000\", \"main\") in new stack\n"}}
{"hostname":"","timestamp":"Sep 1 14:49:01","identifiers":{"lwp":59,"callid":"[C-00000001]"},"logmsg":{"location":{"filename":"res_agi.c","function":"launch_script","line":2296},"level":"VERBOSE","message":"Launched AGI Script /var/lib/asterisk/agi-bin/main\n"}}
{"hostname":"","timestamp":"Sep 1 14:49:02","identifiers":{"lwp":35,"callid":""},"logmsg":{"location":{"filename":"res_rtp_asterisk.c","function":"ast_rtp_remote_address_set","line":8051},"level":"VERBOSE","message":"0x557ec287c020 -- Strict RTP learning after remote address set to: 127.0.0.1:6000\n"}}
{"hostname":"","timestamp":"Sep 1 14:49:02","identifiers":{"lwp":35,"callid":""},"logmsg":{"location":{"filename":"res_pjsip_logger.c","function":"logging_on_tx_msg","line":83},"level":"VERBOSE","message":"<--- Transmitting SIP response (693 bytes) to UDP:127.0.0.1:5061 --->\nSIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 127.0.0.1:5061;rport=5061;received=127.0.0.1\r\nCall-ID: 1-7@127.0.0.1\r\nFrom: \"sipp\" <sip:sipp@127.0.0.15061>;tag=1\r\nTo: \"echo-bot\" <sip:echo-bot-se@127.0.0.1>;tag=mLJYvgSGETo4B9HLu57UOS6WrQNXN3QK\r\nCSeq: 1 INVITE\r\nServer: Asterisk PBX 16.7.0\r\nContact: <sip:127.0.0.1:5060>\r\nAllow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER\r\nSupported: 100rel, timer, replaces, norefersub\r\nContent-Type: application/sdp\r\nContent-Length: 173\r\n\r\nv=0\r\no=- 53655765 2353687639 IN IP4 127.0.0.1\r\ns=Asterisk\r\nc=IN IP4 127.0.0.1\r\nt=0 0\r\nm=audio 15670 RTP/AVP 8\r\na=rtpmap:8 PCMA/8000\r\na=ptime:20\r\na=maxptime:150\r\na=sendrecv\r\n\n
HP-EliteBook*CLI>
Disconnected from Asterisk server
Asterisk cleanly ending (0).
Executing last minute cleanups
```
With:
```
HP-EliteBook*CLI> pjsip show version
PJPROJECT version currently running against: 2.9
```Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11912main/wpa_supplicant: CVE-2017-13077 reported to be fixed twice in secfixes co...2020-12-10T01:04:45ZNatanael Copamain/wpa_supplicant: CVE-2017-13077 reported to be fixed twice in secfixes commentFrom IRC:
> 1. Overloaded CVE's on the same package for different fixed versions - For example, package "wpa_supplicant" in https://secdb.alpinelinux.org/v3.11/main.json has CVE-2017-13077 both under secfix `2.7-r0` and under secfix `2....From IRC:
> 1. Overloaded CVE's on the same package for different fixed versions - For example, package "wpa_supplicant" in https://secdb.alpinelinux.org/v3.11/main.json has CVE-2017-13077 both under secfix `2.7-r0` and under secfix `2.6-r7`.
This was introduced with 5d9b6ee36295e84a95a5f48e7d226f6f2da265a7. I think we backported the secfixes in `2.6-r7`.
We should check the other branches and clean this up.
May also be good to have some tooling to prevent this from happening?
@Leo do you think the apkbuild-linter can look for duplicate CVEs in secfixes comment?https://gitlab.alpinelinux.org/alpine/aports/-/issues/11913empty features: must contains instructions or removed those2020-09-08T20:41:27ZPICCORO Lenz McKAYempty features: must contains instructions or removed thosewiki-aports: must contains instructions or removed the wiki
in alpine gitlab there's a wiki and other stuffs not used or empty.. please, can permit to users added content or removed empty parts of gitlab alpine!wiki-aports: must contains instructions or removed the wiki
in alpine gitlab there's a wiki and other stuffs not used or empty.. please, can permit to users added content or removed empty parts of gitlab alpine!https://gitlab.alpinelinux.org/alpine/aports/-/issues/11914CVE's reported to be fixed twice in the secfixes comments/ secdb.alpinelinux.org2021-06-14T13:36:26ZtomerCVE's reported to be fixed twice in the secfixes comments/ secdb.alpinelinux.orgHey @Leo @ncopa :wave:!
Following up from our chat on IRC, adding here all the cases we found that have the same CVE for different fixed version for a specific package
- [x] v3.3 openssl CVE-2017-3738 (fdbb0da20b1753c914ec6a875aba5f82...Hey @Leo @ncopa :wave:!
Following up from our chat on IRC, adding here all the cases we found that have the same CVE for different fixed version for a specific package
- [x] v3.3 openssl CVE-2017-3738 (fdbb0da20b1753c914ec6a875aba5f822ea14112)
- [x] v3.4 openssl CVE-2017-3738 (29180d09249debd2664515ab070994f786ea062c)
- [x] v3.4 php5 CVE-2018-5712 (da800bdf92b52780d530ccd62124244158fbc906)
- [x] v3.5 openssl CVE-2017-3738 (9dd91880b841901a329b7e6106e8fb8cbb18bf58)
- [x] v3.5 php5 CVE-2018-5712 (67c11dd3adcfbfd16efd92aefff956d134173819)
- [x] v3.5 php7 CVE-2018-5712 (df489246d9495cfe9a9f2f8788f27f409af7e1e2)
- [x] v3.6 bind CVE-2017-3145 (fa2e4d9ed31c04dfb86417c73c843c17548a70cb)
- [x] v3.6 bind CVE-2017-3142 (fa2e4d9ed31c04dfb86417c73c843c17548a70cb)
- [x] v3.6 bind CVE-2017-3143 (fa2e4d9ed31c04dfb86417c73c843c17548a70cb)
- [x] v3.6 ffmpeg CVE-2017-11665 (60935a48a04a4d44dcb85fbb77afe205b45a118a)
- [x] v3.6 ghostscript CVE-2019-6116 (8202374bff865de300bfb515aeda769c74e2934b)
- [x] v3.6 openssl CVE-2017-3738 (24a4091d7bad11126019af6e755e2bd1c4cec58c)
- [x] v3.6 php5 CVE-2018-5712 (3f847fb3ac68917f2ba63615e9896289467e7602)
- [x] v3.6 php7 CVE-2018-5712 (244815ceb1ccbd824a6546386b14c9c1709c4b70)
- [x] v3.6 wireshark CVE-2018-7335 (bd8ad1d0d3552d0c8388277af95353b144ad48c5)
- [x] v3.6 wireshark CVE-2018-7334 (bd8ad1d0d3552d0c8388277af95353b144ad48c5)
- [x] v3.6 wireshark CVE-2018-7336 (bd8ad1d0d3552d0c8388277af95353b144ad48c5)
- [x] v3.7 bind CVE-2017-3145 (cbc49e4fa030d37b162abb7a0f927f23b14bd7d2)
- [x] v3.7 firefox-esr CVE-2017-7843 (a56ee65a13ad08abc5912e99e53350607d9244b2)
- [x] v3.7 ghostscript CVE-2019-6116 (413d825a4dd91f1844be576faaf171d85c2e8dab)
- [x] v3.7 lame CVE-2017-9410 (5e0c4c47f361ded66a31cc95086051cfbaf72ecd)
- [x] v3.7 lame CVE-2017-9411 (5e0c4c47f361ded66a31cc95086051cfbaf72ecd)
- [x] v3.7 lame CVE-2017-9412 (5e0c4c47f361ded66a31cc95086051cfbaf72ecd)
- [x] v3.7 lame CVE-2015-9099 (5e0c4c47f361ded66a31cc95086051cfbaf72ecd)
- [x] v3.7 openssl CVE-2017-3738 (81efcef4e47735342ff6ec703342ceac612ab08e)
- [x] v3.7 php5 CVE-2018-5712 (89054febb84496a28c1fcd9e93cd4be07019cc5a)
- [x] v3.7 php7 CVE-2018-5712 (05c7db6273d283c074f592ecdfdb24962972d2f7)
- [x] v3.7 php7 CVE-2018-7584 (05c7db6273d283c074f592ecdfdb24962972d2f7)
- [x] v3.7 sdl CVE-2019-7577 (0b9593eb3e442f7ffc9637fdbc3b6b718de760a2)
- [x] v3.7 wireshark CVE-2017-15191 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.7 wireshark CVE-2017-15192 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.7 wireshark CVE-2017-15193 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.7 wireshark CVE-2017-13765 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.7 wireshark CVE-2017-13766 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.7 wireshark CVE-2017-13767 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.8 exim CVE-2018-6789 (04e42b67607f27c9a9f0de508cb9a76b17545ae0)
- [x] v3.8 firefox-esr CVE-2017-7843 (268f75ea1dfff471bf223fba0006dd26e2d9db99)
- [x] v3.8 ghostscript CVE-2019-6116 (5a4b02d348f1cf28383716d57e9f6f5e01961533)
- [x] v3.8 lame CVE-2017-9410 (cd6dbbc5bd2c2e789a964eab886ca83208266cc8)
- [x] v3.8 lame CVE-2017-9411 (cd6dbbc5bd2c2e789a964eab886ca83208266cc8)
- [x] v3.8 lame CVE-2017-9412 (cd6dbbc5bd2c2e789a964eab886ca83208266cc8)
- [x] v3.8 lame CVE-2015-9099 (cd6dbbc5bd2c2e789a964eab886ca83208266cc8)
- [x] v3.8 openssl CVE-2017-3738 (90ac76e9e71f4c04f4d3272ccddbec73432b006c)
- [x] v3.8 php5 CVE-2018-5712 (f86eadb4774f574b4817a9478d105e6e46086409)
- [x] v3.8 samba CVE-2018-14629 (1ffd0c4cd3320861dc492dadab9b301ae46cf940)
- [x] v3.8 sdl CVE-2019-7577 (14810256dfb9a67456e1e5575d12f1da1b8c9363)
- [x] v3.8 sqlite CVE-2018-20346 (9001046cd0ab9384287ae19cabbe48da791fc228)
- [x] v3.8 sqlite CVE-2019-19242 (9001046cd0ab9384287ae19cabbe48da791fc228)
- [x] v3.8 wireshark CVE-2017-15191 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.8 wireshark CVE-2017-15192 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.8 wireshark CVE-2017-15193 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.8 wireshark CVE-2017-13765 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.8 wireshark CVE-2017-13766 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.8 wireshark CVE-2017-13767 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.9 exim CVE-2018-6789 (0a5dfd7ffad2fb4f5afd7c3662b2fe0b7a9e4d1f)
- [x] v3.9 firefox-esr CVE-2017-7843 (a2c80d00ba77e9bc5d6409a89c7ba878edb1aa43)
- [x] v3.9 ghostscript CVE-2019-6116 (038246e38e3bfc238233a135099f18a6861748c7)
- [x] v3.9 hostapd CVE-2017-13082 (d01d4710894fca29153c206187cef34ecea5adba)
- [x] v3.9 lame CVE-2015-9099 (86cfc54be6e153f58d6cf07280ef42b9402d9621)
- [x] v3.9 lame CVE-2017-9410 (86cfc54be6e153f58d6cf07280ef42b9402d9621)
- [x] v3.9 lame CVE-2017-9411 (86cfc54be6e153f58d6cf07280ef42b9402d9621)
- [x] v3.9 lame CVE-2017-9412 (86cfc54be6e153f58d6cf07280ef42b9402d9621)
- [x] v3.9 libsndfile CVE-2018-19758 (e831cc1b68dcf8de4a10f48cb4024543ca0b190d)
- [x] v3.9 libvorbis CVE-2018-10393 (f45d0b27d75b5f5c7fd59fcf4a1d5ddb6bbddad5)
- [x] v3.9 samba CVE-2018-14629 (3bac040ea858e606f8542fe706179cebe880d322)
- [x] v3.9 sdl CVE-2019-7577 (635f81bc184683783db7e4075ff002bee6ee30f6)
- [x] v3.9 sqlite CVE-2019-19242 (357837f918f2af34d95f6d1412d9426c76e96ac0)
- [x] v3.9 wireshark CVE-2017-15191 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wireshark CVE-2017-15192 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wireshark CVE-2017-15193 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wireshark CVE-2017-13765 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wireshark CVE-2017-13766 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wireshark CVE-2017-13767 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wpa_supplicant CVE-2017-13077 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13078 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13079 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13080 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13081 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13082 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13086 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13087 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13088 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 xen CVE-2019-19579,XSA-306 (bd0c62f6b9c88da21a1df03c538b4ad5feae4ec1)
- [x] v3.10 busybox CVE-2019-5747 (cee91fd29b5ab25582daad5b656926434215c526)
- [x] v3.10 exim CVE-2018-6789 (8395de3dd337a1f7ba74e8912949259885838bd4)
- [x] v3.10 firefox-esr CVE-2017-7843 (6b8eb050897be275f01508a9b179df6e19d6e165)
- [x] v3.10 ghostscript CVE-2019-6116 (174d3dcdf9c57fff9b809bf4b85b34611bc5ca26)
- [x] v3.10 hostapd CVE-2017-13082 (7485795662c9ff3143ea1ad1f01ac62e54c98e42)
- [x] v3.10 lame CVE-2015-9099 (a57b3d9fc5e242b95282e0cf9fcb25fc94cdd58c)
- [x] v3.10 lame CVE-2017-9410 (a57b3d9fc5e242b95282e0cf9fcb25fc94cdd58c)
- [x] v3.10 lame CVE-2017-9411 (a57b3d9fc5e242b95282e0cf9fcb25fc94cdd58c)
- [x] v3.10 lame CVE-2017-9412 (a57b3d9fc5e242b95282e0cf9fcb25fc94cdd58c)
- [x] v3.10 libsndfile CVE-2018-19758 (d9c76cb0a3f5dc6d772c077670c54c8d426f22ab)
- [x] v3.10 libvorbis CVE-2018-10393 (18b62e4064585644169ba78b1e822eeeb1700b88)
- [x] v3.10 rdesktop CVE-2018-20175 (06cd87d9668cd50e0cce527675e0a4a957880bc6)
- [x] v3.10 rdesktop CVE-2018-20176 (06cd87d9668cd50e0cce527675e0a4a957880bc6)
- [x] v3.10 samba CVE-2018-14629 (d43122c11e9d50586a5da728cf0ca1668e315565)
- [x] v3.10 sdl CVE-2019-7577 (22f290af7ffbdf9e944110770b93d2b4b9870637)
- [x] v3.10 sqlite CVE-2019-19242 (b513c7d94bb3d9a92ab2fe7f8a7be4ee7cd4d960)
- [x] v3.10 unbound CVE-2020-12662 (7de636025945747f96f6f7c384e1fb718330140b)
- [x] v3.10 unbound CVE-2020-12663 (7de636025945747f96f6f7c384e1fb718330140b)
- [x] v3.10 wireshark CVE-2017-15191 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wireshark CVE-2017-15192 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wireshark CVE-2017-15193 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wireshark CVE-2017-13765 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wireshark CVE-2017-13766 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wireshark CVE-2017-13767 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wpa_supplicant CVE-2019-11555 (6104fab14e0d4f9fc3a1856ccd610db3e5a5f966)
- [x] v3.10 wpa_supplicant CVE-2017-13077 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13078 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13079 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13080 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13081 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13082 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13086 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13087 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13088 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.11 busybox CVE-2019-5747 (5086c803952ad718b70b4dce8db0106d6de69a3f)
- [x] v3.11 exim CVE-2018-6789 (73d689f0582595d9ac3a51ef7a28fc8cba82db95)
- [x] v3.11 firefox-esr CVE-2017-7843 (235d94b82a05a7014c9efe904ba1ada934370d2d)
- [x] v3.11 ghostscript CVE-2019-6116 (a77318953d9b30f1d20efd372749e0e1adaf316e)
- [x] v3.11 hostapd CVE-2017-13082 (6d852c12b2c390bcf558cb649d9ed89a5a3c06a8)
- [x] v3.11 lame CVE-2015-9099 (4682ce00611e4a9d1a77a815c767ffe85e4c55e5)
- [x] v3.11 lame CVE-2017-9410 (4682ce00611e4a9d1a77a815c767ffe85e4c55e5)
- [x] v3.11 lame CVE-2017-9411 (4682ce00611e4a9d1a77a815c767ffe85e4c55e5)
- [x] v3.11 lame CVE-2017-9412 (4682ce00611e4a9d1a77a815c767ffe85e4c55e5)
- [x] v3.11 libsndfile CVE-2018-19758 (aba083c6205d4219a5226f0f483e1a)
- [x] v3.11 libvorbis CVE-2018-10393 (28c3640a4801f078d04351861dad3e6a4bb071d7)
- [x] v3.11 rdesktop CVE-2018-20175 (32b2d233fc49232cfa743617a4bd9f8c281b73d8)
- [x] v3.11 rdesktop CVE-2018-20176 (32b2d233fc49232cfa743617a4bd9f8c281b73d8)
- [x] v3.11 samba CVE-2018-14629 (ee1c2d92411b942f6c51608657045f11cf497f5f)
- [x] v3.11 sdl CVE-2019-7577 (f149d00ef4ae06d6537aee912a58019fd6d0b4c5)
- [x] v3.11 sqlite CVE-2019-19242 (71fcdfce7595c5e8e9ccc486ba1bb762994cdbba)
- [x] v3.11 tor CVE-2019-8955 (945ddd429b5fbf78ba4c02b2ff22ff99d6ed76f4)
- [x] v3.11 wireshark CVE-2017-13765 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wireshark CVE-2017-13766 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wireshark CVE-2017-13767 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wireshark CVE-2017-15191 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wireshark CVE-2017-15192 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wireshark CVE-2017-15193 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wpa_supplicant CVE-2019-11555 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13077 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13078 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13079 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13080 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13081 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13082 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13086 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13087 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13088 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.12 busybox CVE-2019-5747 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 clamav CVE-2020-3123 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 exim CVE-2018-6789 (8069e74a2a50bf3a85175552330814017ddd7d50)
- [x] v3.12 firefox-esr CVE-2017-7843 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 ghostscript CVE-2019-6116 (880b8f85d82cd930babae4443e52beaa6b8e38b7)
- [x] v3.12 hostapd CVE-2017-13082 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 lame CVE-2015-9099 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 lame CVE-2017-9410 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 lame CVE-2017-9411 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 lame CVE-2017-9412 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 libsndfile CVE-2018-19758 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 libvorbis CVE-2018-10393 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 rdesktop CVE-2018-20175 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 rdesktop CVE-2018-20176 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 samba CVE-2018-14629 (eeaffa453f2c3f950ef79845278efe7a13d9b960)
- [x] v3.12 sdl CVE-2019-7577 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 sqlite CVE-2019-19242 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 tor CVE-2019-8955 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 wireshark CVE-2017-15191 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wireshark CVE-2017-15192 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wireshark CVE-2017-15193 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wireshark CVE-2017-13765 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wireshark CVE-2017-13766 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wireshark CVE-2017-13767 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wpa_supplicant CVE-2017-13077 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13078 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13079 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13080 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13081 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13082 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13086 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13087 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13088 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2019-11555 (48fb8266320f52c98c5d0d62836c03dbd242072e)
For the cases shown above, it isn't well defined which of the versions should be expected as the initial fixed version for the CVE.
If you're able to fix those, that's great. Otherwise, if you're able to let us know which one we should treat as the initial fixed version, we can report the correct versions in Snyk.
As @ncopa suggested - https://gitlab.alpinelinux.org/alpine/aports/-/issues/11912, it will be awesome if we could prevent this cases from happening at all - this would help us have more accurate and correct understanding of the security fixes :pray:
Thanks!https://gitlab.alpinelinux.org/alpine/aports/-/issues/11915linux-pam>=1.4.0-r0 doesn't read $HOME/.pam_environment by default2023-02-07T19:01:08ZLeolinux-pam>=1.4.0-r0 doesn't read $HOME/.pam_environment by defaultBreaks lots of setups, I got a gnome-initial-startup screenBreaks lots of setups, I got a gnome-initial-startup screenRasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.devhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11916py3-django: Multiple vulnerabilities (CVE-2020-24583, CVE-2020-24584)2020-12-11T05:34:07ZAlicha CHpy3-django: Multiple vulnerabilities (CVE-2020-24583, CVE-2020-24584)### CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
On Python 3.7+, ``FILE_UPLOAD_DIRECTORY_PERMISSIONS`` mode was not
applied to intermediate-level directories created in the process of uploading
...### CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
On Python 3.7+, ``FILE_UPLOAD_DIRECTORY_PERMISSIONS`` mode was not
applied to intermediate-level directories created in the process of uploading
files and to intermediate-level collected static directories when using the
``collectstatic`` management command.
#### Fixed In Version:
Django 3.0.10
#### References:
* https://docs.djangoproject.com/en/dev/releases/3.0.10/
* https://www.openwall.com/lists/oss-security/2020/09/01/2
#### Patch:
https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e
### CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+
On Python 3.7+, the intermediate-level directories of the file system cache had
the system's standard umask rather than ``0o077`` (no group or others
permissions).
#### Fixed In Version:
Django 3.0.10
#### References:
* https://docs.djangoproject.com/en/dev/releases/3.0.10/
* https://www.openwall.com/lists/oss-security/2020/09/01/2
#### Patch:
https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11917mycroft-core: maybe add git to dependencies2020-09-22T15:35:44ZMax Buchholzmycroft-core: maybe add git to dependencies**Expected behaviour:**
After installing mycroft-core on a fresh system running /usr/bin/mycroft-messagebus should start the mycroft messagebus.
**Real behaviour:**
It complains about git is not in the PATH (is not even installed)
** pos...**Expected behaviour:**
After installing mycroft-core on a fresh system running /usr/bin/mycroft-messagebus should start the mycroft messagebus.
**Real behaviour:**
It complains about git is not in the PATH (is not even installed)
** possible solution:** add git to the dependencies. As it is required to run one of the core-services.
@PureTryOut As you packaged mycroftBart RibbersBart Ribbershttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11918gnome-shell: Password from logged-out user may be shown on login screen (CVE-...2020-09-03T09:40:07ZAlicha CHgnome-shell: Password from logged-out user may be shown on login screen (CVE-2020-17489)An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the ...An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)
Fixed In Version: 3.36.5
#### References:
* https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
* https://security-tracker.debian.org/tracker/CVE-2020-17489
### Affected branches:
* [x] master (a3ea1fff64024c24ba66d19eb87f8796a891f417)
* [x] 3.12-stableRasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.devhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11919putty: Observable Discrepancy leading to an information leak in the algorithm...2020-10-19T11:59:59ZAlicha CHputty: Observable Discrepancy leading to an information leak in the algorithm negotiation (CVE-2020-14002)PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been c...PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).
#### Fixed In Version:
putty 0.74
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-14002
#### Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764
### Affected branches:
* [x] master (6a05d4c312493d0518d86b56411d4469544133d0)
* [x] 3.12-stable (a6711fc6e490927e45d63cc20256ea0bfaf018c1)
* [x] 3.11-stable (566840bfb9de0046efde706947747b378db4d7b6)
* [x] 3.10-stable (200b36bd904c8285e3bfa79ec734790a5ad18ec3)
* [x] 3.9-stable (257a6fdac10af3a4a590a200f7fe2bef5982a88e)3.12.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/11920Waybar downloads & builds "date" subproject during build2020-09-07T02:35:28ZRasmus Thomsenoss@cogitri.devWaybar downloads & builds "date" subproject during buildInstead of downloading the subproject it should link against a shared library that's packaged separately, if possible.
```
The Meson build system
Version: 0.54.3
Source dir: /builds/Cogitri/aports/community/waybar/src/Waybar-0.9.3
Build...Instead of downloading the subproject it should link against a shared library that's packaged separately, if possible.
```
The Meson build system
Version: 0.54.3
Source dir: /builds/Cogitri/aports/community/waybar/src/Waybar-0.9.3
Build dir: /builds/Cogitri/aports/community/waybar/src/Waybar-0.9.3/output
Build type: native build
Project name: waybar
Project version: 0.9.3
Using 'CC' from environment with value: 'gcc'
Using 'CFLAGS' from environment with value: '-Os -fomit-frame-pointer'
Using 'LDFLAGS' from environment with value: '-Wl,--as-needed'
Using 'CPPFLAGS' from environment with value: '-Os -fomit-frame-pointer'
Using 'CXX' from environment with value: 'g++'
Using 'CXXFLAGS' from environment with value: '-Os -fomit-frame-pointer'
Using 'LDFLAGS' from environment with value: '-Wl,--as-needed'
Using 'CPPFLAGS' from environment with value: '-Os -fomit-frame-pointer'
Using 'CC' from environment with value: 'gcc'
Using 'CFLAGS' from environment with value: '-Os -fomit-frame-pointer'
Using 'LDFLAGS' from environment with value: '-Wl,--as-needed'
Using 'CPPFLAGS' from environment with value: '-Os -fomit-frame-pointer'
C compiler for the host machine: gcc (gcc 10.2.0 "gcc (Alpine 10.2.0) 10.2.0")
C linker for the host machine: gcc ld.bfd 2.34
Using 'CXX' from environment with value: 'g++'
Using 'CXXFLAGS' from environment with value: '-Os -fomit-frame-pointer'
Using 'LDFLAGS' from environment with value: '-Wl,--as-needed'
Using 'CPPFLAGS' from environment with value: '-Os -fomit-frame-pointer'
C++ compiler for the host machine: g++ (gcc 10.2.0 "g++ (Alpine 10.2.0) 10.2.0")
C++ linker for the host machine: g++ ld.bfd 2.34
Host machine cpu family: x86_64
Host machine cpu: x86_64
Compiler for C++ supports link arguments -lc++fs: NO
Compiler for C++ supports link arguments -lc++experimental: NO
Compiler for C++ supports link arguments -lstdc++fs: YES
Program git found: YES (/usr/bin/git)
Has header "filesystem" : YES
Checking if "nl_langinfo with _NL_TIME_WEEK_1STDAY, _NL_TIME_FIRST_WEEKDAY" links: NO
Run-time dependency threads found: YES
Found pkg-config: /usr/bin/pkg-config (1.7.3)
Run-time dependency fmt found: YES 7.0.3
Run-time dependency spdlog found: YES 1.8.0
Run-time dependency wayland-client found: YES 1.18.0
Run-time dependency wayland-cursor found: YES 1.18.0
Run-time dependency wayland-protocols found: YES 1.20
Run-time dependency gtkmm-3.0 found: YES 3.24.2
Did not find CMake 'cmake'
Found CMake: NO
Run-time dependency dbusmenu-gtk3-0.4 found: NO (tried pkgconfig and cmake)
Run-time dependency gio-unix-2.0 found: YES 2.64.5
Run-time dependency jsoncpp found: YES 1.9.3
Run-time dependency sigc++-2.0 found: YES 2.10.3
Run-time dependency epoll-shim found: NO (tried pkgconfig and cmake)
Run-time dependency libnl-3.0 found: YES 3.5.0
Run-time dependency libnl-genl-3.0 found: YES 3.5.0
Run-time dependency libpulse found: YES 13.0
Run-time dependency libudev found: YES 243
Run-time dependency libmpdclient found: YES 2.19
Run-time dependency gtk-layer-shell-0 found: YES 0.1.0
Run-time dependency systemd found: NO (tried pkgconfig and cmake)
Run-time dependency date found: NO (tried pkgconfig and cmake)
Looking for a fallback subproject for the dependency date
meson.build:101:0: ERROR: Automatic wrap-based subproject downloading is disabled
A full log can be found at /builds/Cogitri/aports/community/waybar/src/Waybar-0.9.3/output/meson-logs/meson-log.txt
�[1;31m>>> ERROR:�[1;0m �[1;1mwaybar�[1;0m: build failed
```
@z3ntuhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11921kgx fails to build2020-09-04T12:53:27ZRasmus Thomsenoss@cogitri.devkgx fails to build```
kgx-0.2.1.tar.gz: OK
�[1;32m>>>�[1;0m �[1;1mkgx�[1;0m: Unpacking /var/cache/distfiles/kgx-0.2.1.tar.gz...
The Meson build system
Version: 0.54.3
Source dir: /builds/Cogitri/aports/community/kgx/src/kgx-0.2.1
Build dir: /builds/Cogitr...```
kgx-0.2.1.tar.gz: OK
�[1;32m>>>�[1;0m �[1;1mkgx�[1;0m: Unpacking /var/cache/distfiles/kgx-0.2.1.tar.gz...
The Meson build system
Version: 0.54.3
Source dir: /builds/Cogitri/aports/community/kgx/src/kgx-0.2.1
Build dir: /builds/Cogitri/aports/community/kgx/src/kgx-0.2.1/output
Build type: native build
Project name: kgx
Project version: 0.2.1
Using 'CC' from environment with value: 'gcc'
Using 'CFLAGS' from environment with value: '-Os -fomit-frame-pointer'
Using 'LDFLAGS' from environment with value: '-Wl,--as-needed'
Using 'CPPFLAGS' from environment with value: '-Os -fomit-frame-pointer'
Using 'CC' from environment with value: 'gcc'
Using 'CFLAGS' from environment with value: '-Os -fomit-frame-pointer'
Using 'LDFLAGS' from environment with value: '-Wl,--as-needed'
Using 'CPPFLAGS' from environment with value: '-Os -fomit-frame-pointer'
C compiler for the host machine: gcc (gcc 10.2.0 "gcc (Alpine 10.2.0) 10.2.0")
C linker for the host machine: gcc ld.bfd 2.34
Host machine cpu family: x86_64
Host machine cpu: x86_64
Configuring kgx-config.h.in using configuration
Found git repository at /builds/Cogitri/aports
Compiler for C supports arguments -Wdeclaration-after-statement: YES
Compiler for C supports arguments -Werror=format-security -Werror=format=2: YES
Compiler for C supports arguments -Werror=missing-declarations: YES
Compiler for C supports arguments -Wformat-nonliteral: YES
Compiler for C supports arguments -Wformat-security: YES
Compiler for C supports arguments -Winit-self: YES
Compiler for C supports arguments -Wmaybe-uninitialized: YES
Compiler for C supports arguments -Wno-strict-aliasing -Wstrict-aliasing: YES
Compiler for C supports arguments -Wno-unused-parameter -Wunused-parameter: YES
Compiler for C supports arguments -Wold-style-definition: YES
Compiler for C supports arguments -Wshadow: YES
Compiler for C supports arguments -Wstrict-prototypes: YES
Compiler for C supports arguments -Wswitch-default: YES
Compiler for C supports arguments -Wswitch-enum: YES
Compiler for C supports arguments -Wunused-function: YES
Configuring gi using configuration
Program desktop-file-validate found: YES (/usr/bin/desktop-file-validate)
Program appstream-util found: NO
Program glib-compile-schemas found: YES (/usr/bin/glib-compile-schemas)
Configuring org.gnome.zbrown.KingsCross.service using configuration
Found pkg-config: /usr/bin/pkg-config (1.7.3)
Run-time dependency gio-2.0 found: YES 2.64.5
Run-time dependency gtk+-3.0 found: YES 3.24.22
Run-time dependency libhandy-0.0 found: YES 0.0.13
Library m found: YES
Run-time dependency vte-2.91 found: YES 0.61.90
Run-time dependency libgtop-2.0 found: YES 2.40.0
Found pkg-config: /usr/bin/pkg-config (1.7.3)
Program build-aux/meson/postinstall.py found: YES (/builds/Cogitri/aports/community/kgx/src/kgx-0.2.1/build-aux/meson/postinstall.py)
Build targets in project: 12
Found ninja-1.9.0 at /usr/bin/ninja
[1/29] Generating kgx-enums.c with a meson_exe.py custom command
[2/29] Generating kgx-enums.h with a meson_exe.py custom command
[3/29] Generating kgx-resources_h with a custom command
[4/29] Generating kgx-resources_c with a custom command
[5/29] Generating org.gnome.zbrown.KingsCross.appdata.xml_data_merge with a custom command
[6/29] Generating org.gnome.zbrown.KingsCross.desktop_data_merge with a custom command
[7/29] Generating kgx-config.h with a custom command
fatal: No annotated tags can describe '2ab75cc6f206db761622cc00acab859d8dc7c78d'.
However, there were unannotated tags: try --tags.
[8/29] Compiling C object 'src/25a6634@@kgx@exe/kgx-process.c.o'
[9/29] Compiling C object 'src/25a6634@@kgx@exe/kgx-window.c.o'
[10/29] Compiling C object 'src/25a6634@@kgx@exe/kgx-close-dialog-row.c.o'
[11/29] Compiling C object 'src/25a6634@@kgx@exe/kgx-close-dialog.c.o'
[12/29] Compiling C object 'src/25a6634@@kgx@exe/kgx-terminal.c.o'
[13/29] Compiling C object 'src/25a6634@@kgx@exe/fp-vte-util.c.o'
[14/29] Compiling C object 'src/25a6634@@kgx@exe/kgx-application.c.o'
[15/29] Compiling C object 'src/25a6634@@kgx@exe/main.c.o'
[16/29] Compiling C object 'src/25a6634@@kgx@exe/meson-generated_.._kgx-resources.c.o'
[17/29] Compiling C object 'src/25a6634@@kgx@sha/kgx-process.c.o'
[18/29] Compiling C object 'src/25a6634@@kgx@sha/kgx-window.c.o'
[19/29] Compiling C object 'src/25a6634@@kgx@sha/kgx-close-dialog-row.c.o'
[20/29] Compiling C object 'src/25a6634@@kgx@sha/kgx-close-dialog.c.o'
[21/29] Compiling C object 'src/25a6634@@kgx@sha/kgx-terminal.c.o'
[22/29] Compiling C object 'src/25a6634@@kgx@sha/fp-vte-util.c.o'
[23/29] Compiling C object 'src/25a6634@@kgx@sha/kgx-application.c.o'
[24/29] Compiling C object 'src/25a6634@@kgx@sha/meson-generated_.._kgx-resources.c.o'
[25/29] Compiling C object 'src/25a6634@@kgx@exe/meson-generated_.._kgx-enums.c.o'
[26/29] Compiling C object 'src/25a6634@@kgx@sha/meson-generated_.._kgx-enums.c.o'
[27/29] Linking target src/libkgx.so
ninja: job failed: gcc -o src/libkgx.so 'src/25a6634@@kgx@sha/meson-generated_.._kgx-resources.c.o' 'src/25a6634@@kgx@sha/meson-generated_.._kgx-enums.c.o' 'src/25a6634@@kgx@sha/kgx-application.c.o' 'src/25a6634@@kgx@sha/fp-vte-util.c.o' 'src/25a6634@@kgx@sha/kgx-terminal.c.o' 'src/25a6634@@kgx@sha/kgx-close-dialog.c.o' 'src/25a6634@@kgx@sha/kgx-close-dialog-row.c.o' 'src/25a6634@@kgx@sha/kgx-window.c.o' 'src/25a6634@@kgx@sha/kgx-process.c.o' -Wl,--as-needed -Wl,--no-undefined -shared -fPIC -Wl,--start-group -Wl,-soname,libkgx.so -Os -fomit-frame-pointer -Wl,--as-needed /usr/lib/libgio-2.0.so /usr/lib/libgobject-2.0.so /usr/lib/libglib-2.0.so /usr/lib/libintl.so /usr/lib/libgtk-3.so /usr/lib/libgdk-3.so /lib/../lib/libz.so /usr/lib/libpangocairo-1.0.so /usr/lib/libpango-1.0.so /usr/lib/libharfbuzz.so /usr/lib/libatk-1.0.so /usr/lib/libcairo-gobject.so /usr/lib/libcairo.so /usr/lib/libgdk_pixbuf-2.0.so /usr/lib/libhandy-0.0.so -lm /usr/lib/libvte-2.91.so /usr/lib/libgtop-2.0.so -Wl,--end-group
ninja: subcommand failed
/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.0/../../../../x86_64-alpine-linux-musl/bin/ld: src/25a6634@@kgx@sha/fp-vte-util.c.o: in function `fp_vte_pty_spawn_cb':
fp-vte-util.c:(.text+0x176): undefined reference to `vte_pty_spawn_finish'
collect2: error: ld returned 1 exit status
Found runner: ninja
```
@okiashttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11922iputils fails to build2020-09-09T03:09:38ZRasmus Thomsenoss@cogitri.deviputils fails to build```
Found ninja-1.9.0 at /usr/bin/ninja
[1/28] Generating git-version.h with a custom command
fatal: No annotated tags can describe '2ab75cc6f206db761622cc00acab859d8dc7c78d'.
However, there were unannotated tags: try --tags.
[2/28] Comp...```
Found ninja-1.9.0 at /usr/bin/ninja
[1/28] Generating git-version.h with a custom command
fatal: No annotated tags can describe '2ab75cc6f206db761622cc00acab859d8dc7c78d'.
However, there were unannotated tags: try --tags.
[2/28] Compiling C object 'ninfod/0cb6efe@@ninfod@exe/ninfod_name.c.o'
[3/28] Compiling C object 'ninfod/0cb6efe@@ninfod@exe/ninfod_core.c.o'
[4/28] Compiling C object 'ninfod/0cb6efe@@ninfod@exe/ninfod_addrs.c.o'
[5/28] Compiling C object 'ninfod/0cb6efe@@ninfod@exe/ninfod.c.o'
[6/28] Compiling C object 'ninfod/0cb6efe@@ninfod@exe/ni_ifaddrs.c.o'
[7/28] Compiling C object 'rarpd@exe/rarpd.c.o'
[8/28] Compiling C object 'tftpd@exe/tftpsubs.c.o'
[9/28] Compiling C object 'tftpd@exe/tftpd.c.o'
[10/28] Compiling C object 'arping@exe/arping.c.o'
[11/28] Compiling C object 'rdisc@exe/rdisc.c.o'
[12/28] Compiling C object 'clockdiff@exe/clockdiff.c.o'
[13/28] Compiling C object 'traceroute6@exe/traceroute6.c.o'
[14/28] Compiling C object 'tracepath@exe/tracepath.c.o'
[15/28] Compiling C object 'ping@exe/ping6_common.c.o'
[16/28] Compiling C object 'ping@exe/ping_common.c.o'
[17/28] Compiling C object 'ping@exe/ping.c.o'
[18/28] Compiling C object 'common@sta/iputils_common.c.o'
ninja: job failed: gcc -Ininfod/0cb6efe@@ninfod@exe -Ininfod -I../ninfod -I. -I.. -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -std=c99 -include config.h -include git-version.h -Os -fomit-frame-pointer -Os -fomit-frame-pointer -fPIE -pthread -MD -MQ 'ninfod/0cb6efe@@ninfod@exe/ninfod.c.o' -MF 'ninfod/0cb6efe@@ninfod@exe/ninfod.c.o.d' -o 'ninfod/0cb6efe@@ninfod@exe/ninfod.c.o' -c ../ninfod/ninfod.c
�[01m�[K../ninfod/ninfod.c:457:26:�[m�[K �[01;31m�[Kerror: �[m�[K'�[01m�[Kcap_setuid�[m�[K' redeclared as different kind of symbol
457 | static const cap_value_t �[01;31m�[Kcap_setuid�[m�[K = CAP_SETUID;
| �[01;31m�[K^~~~~~~~~~�[m�[K
In file included from �[01m�[K../ninfod/ninfod.c:117�[m�[K:
�[01m�[K/usr/include/sys/capability.h:178:12:�[m�[K �[01;36m�[Knote: �[m�[Kprevious declaration of '�[01m�[Kcap_setuid�[m�[K' was here
178 | extern int �[01;36m�[Kcap_setuid�[m�[K(uid_t uid);
| �[01;36m�[K^~~~~~~~~~�[m�[K
ninja: subcommand failed
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/11923unzip fails to unzip empty files in encrypted zip files2020-09-23T20:33:29Ziinuwaunzip fails to unzip empty files in encrypted zip filesI'm not sure if this is the right place to report bugs, but I'll try here.
The unzip utility from APK fails to unzip empty files with an error:
```
error: invalid compression data to inflate
```
This does not fail with the Ubuntu unzi...I'm not sure if this is the right place to report bugs, but I'll try here.
The unzip utility from APK fails to unzip empty files with an error:
```
error: invalid compression data to inflate
```
This does not fail with the Ubuntu unzip utility, (or with Windows). I think it would be good to follow what those tools do and just create the empty file instead of failing.
I'm not exactly sure which patch from Ubuntu's unzip fixes the issue; I don't know any C code.Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11924Conflict between gcc-go and go over /usr/bin/go and /usr/bin/gofmt2020-09-05T10:43:30ZLeoConflict between gcc-go and go over /usr/bin/go and /usr/bin/gofmtCaused by: https://gitlab.alpinelinux.org/alpine/aports/-/commit/b93b0b134f7d10720a4359579ff4f55575ac90e3Caused by: https://gitlab.alpinelinux.org/alpine/aports/-/commit/b93b0b134f7d10720a4359579ff4f55575ac90e3Sören TempelSören Tempelhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11925community/xfce4-settings broken because of glade2020-09-05T18:36:26ZAndy Postnikovcommunity/xfce4-settings broken because of gladeThe `community/glade` disabled for mips(64) and s390x since https://gitlab.alpinelinux.org/alpine/aports/-/commit/055814da153ce48757ef36a6375bf64eeb773148
That's why `community/libxfce4ui-dev` is not build anymore for this arches
Ref h...The `community/glade` disabled for mips(64) and s390x since https://gitlab.alpinelinux.org/alpine/aports/-/commit/055814da153ce48757ef36a6375bf64eeb773148
That's why `community/libxfce4ui-dev` is not build anymore for this arches
Ref https://build.alpinelinux.org/buildlogs/build-edge-s390x/community/xfce4-settings/xfce4-settings-4.14.3-r0.log