alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T13:58:56Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3684[v3.1] openssl: Security Advisory [08 Jan 2015]2019-07-23T13:58:56ZNatanael Copa[v3.1] openssl: Security Advisory [08 Jan 2015]DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===========================================================
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
t...DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===========================================================
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
to a NULL pointer dereference. This could lead to a Denial Of Service attack.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of
Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL
core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
=======================================================
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain
conditions. In particular this could occur if an attacker sent repeated DTLS
records with the same sequence number but for the next epoch. The memory leak
could be exploited by an attacker in a Denial of Service attack through memory
exhaustion.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also
provided an initial patch. Further analysis was performed by Matt Caswell of the
OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
=========================================================
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is
received the ssl method would be set to NULL which could later result in
a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The
fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
==========================================================
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite
using an ECDSA certificate if the server key exchange message is omitted. This
effectively removes forward secrecy from the ciphersuite.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
==============================================================
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. A server could present a weak temporary key
and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
=============================================================================
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. This effectively allows a client
to authenticate without the use of a private key. This only affects servers
which trust a client certificate authority which issues certificates
containing DH keys: these are extremely rare and hardly ever encountered.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
========================================================
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. By modifying the contents of the
signature algorithm or the encoding of the signature, it is possible
to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not
affect certificate verification or OpenSSL servers/clients in any
other way. It also does not affect common revocation mechanisms. Only
custom applications that rely on the uniqueness of the fingerprint
(e.g. certificate blacklists) may be affected.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and
0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and
Tuomo Untinen from the Codenomicon CROSS program and reported to
OpenSSL on 1st December 2014 by NCSC-FI Vulnerability
Co-ordination. Another variant was independently reported to OpenSSL
on 12th December 2014 by Konrad Kraszewski from Google. Further
analysis was conducted and fixes were developed by Stephen Henson of
the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
=============================================================
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. This bug occurs at random with a very
low probability, and is not known to be exploitable in any way, though
its exact impact is difficult to determine. The following has been
determined:
*) The probability of BN_sqr producing an incorrect result at random
is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and
1/2^128 on affected 64-bit platforms.
*) On most platforms, RSA follows a different code path and RSA
operations are not affected at all. For the remaining platforms
(e.g. OpenSSL built without assembly support), pre-existing
countermeasures thwart bug attacks [1].
*) Static ECDH is theoretically affected: it is possible to construct
elliptic curve points that would falsely appear to be on the given
curve. However, there is no known computationally feasible way to
construct such points with low order, and so the security of static
ECDH private keys is believed to be unaffected.
*) Other routines known to be theoretically affected are modular
exponentiation, primality testing, DSA, RSA blinding, JPAKE and
SRP. No exploits are known and straightforward bug attacks fail -
either the attacker cannot control when the bug triggers, or no
private key material is involved.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille
(Blockstream) who also suggested an initial fix. Further analysis was
conducted by the OpenSSL development team and Adam Langley of
Google. The final fix was developed by Andy Polyakov of the OpenSSL
core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
====
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
releases will be provided after that date. Users of these releases are advised
to upgrade.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
*(from redmine: issue id 3684, created on 2015-01-09, closed on 2015-01-12)*
* Relations:
* parent #3683
* Changesets:
* Revision 685e0007369debe9b7cb827dd5abbabeaea9fcc0 by Timo Teräs on 2015-01-09T13:21:27Z:
```
main/openssl: security upgrade to 1.0.1k
fixes #3684
CVE-2014-3571 DTLS segmentation fault in dtls1_get_record
CVE-2015-0206 DTLS memory leak in dtls1_buffer_record
CVE-2014-3569 no-ssl3 configuration sets method to NULL
CVE-2014-3572 ECDHE silently downgrades to ECDH [Client]
CVE-2015-0204 RSA silently downgrades to EXPORT_RSA [Client]
CVE-2015-0205 DH client certificates accepted without verification [Server]
CVE-2014-8275 Certificate fingerprints can be modified
CVE-2014-3570 Bignum squaring may produce incorrect results
(cherry picked from commit 26dd384585d2182a35bd9450091726b6472b3b24)
```3.1.2https://gitlab.alpinelinux.org/alpine/aports/-/issues/3683openssl: Security Advisory [08 Jan 2015]2019-07-23T13:58:57ZNatanael Copaopenssl: Security Advisory [08 Jan 2015]DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===========================================================
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
t...DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===========================================================
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
to a NULL pointer dereference. This could lead to a Denial Of Service attack.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of
Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL
core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
=======================================================
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain
conditions. In particular this could occur if an attacker sent repeated DTLS
records with the same sequence number but for the next epoch. The memory leak
could be exploited by an attacker in a Denial of Service attack through memory
exhaustion.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also
provided an initial patch. Further analysis was performed by Matt Caswell of the
OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
=========================================================
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is
received the ssl method would be set to NULL which could later result in
a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The
fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
==========================================================
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite
using an ECDSA certificate if the server key exchange message is omitted. This
effectively removes forward secrecy from the ciphersuite.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
==============================================================
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. A server could present a weak temporary key
and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
=============================================================================
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. This effectively allows a client
to authenticate without the use of a private key. This only affects servers
which trust a client certificate authority which issues certificates
containing DH keys: these are extremely rare and hardly ever encountered.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
========================================================
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. By modifying the contents of the
signature algorithm or the encoding of the signature, it is possible
to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not
affect certificate verification or OpenSSL servers/clients in any
other way. It also does not affect common revocation mechanisms. Only
custom applications that rely on the uniqueness of the fingerprint
(e.g. certificate blacklists) may be affected.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and
0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and
Tuomo Untinen from the Codenomicon CROSS program and reported to
OpenSSL on 1st December 2014 by NCSC-FI Vulnerability
Co-ordination. Another variant was independently reported to OpenSSL
on 12th December 2014 by Konrad Kraszewski from Google. Further
analysis was conducted and fixes were developed by Stephen Henson of
the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
=============================================================
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. This bug occurs at random with a very
low probability, and is not known to be exploitable in any way, though
its exact impact is difficult to determine. The following has been
determined:
*) The probability of BN_sqr producing an incorrect result at random
is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and
1/2^128 on affected 64-bit platforms.
*) On most platforms, RSA follows a different code path and RSA
operations are not affected at all. For the remaining platforms
(e.g. OpenSSL built without assembly support), pre-existing
countermeasures thwart bug attacks [1].
*) Static ECDH is theoretically affected: it is possible to construct
elliptic curve points that would falsely appear to be on the given
curve. However, there is no known computationally feasible way to
construct such points with low order, and so the security of static
ECDH private keys is believed to be unaffected.
*) Other routines known to be theoretically affected are modular
exponentiation, primality testing, DSA, RSA blinding, JPAKE and
SRP. No exploits are known and straightforward bug attacks fail -
either the attacker cannot control when the bug triggers, or no
private key material is involved.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille
(Blockstream) who also suggested an initial fix. Further analysis was
conducted by the OpenSSL development team and Adam Langley of
Google. The final fix was developed by Andy Polyakov of the OpenSSL
core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
====
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
releases will be provided after that date. Users of these releases are advised
to upgrade.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
*(from redmine: issue id 3683, created on 2015-01-09, closed on 2015-01-12)*
* Relations:
* child #3684
* child #3685
* child #3686
* child #3687https://gitlab.alpinelinux.org/alpine/aports/-/issues/3682py-gst0.10 symbol not found2019-07-23T13:58:58ZCarlo Landmeterpy-gst0.10 symbol not foundImportError: Error relocating
/usr/lib/python2.7/site-packages/gst-0.10/gst/\_gst.so:
libxml\_xmlDocPtrWrap: symbol not found
*(from redmine: issue id 3682, created on 2015-01-09, closed on 2019-06-11)*ImportError: Error relocating
/usr/lib/python2.7/site-packages/gst-0.10/gst/\_gst.so:
libxml\_xmlDocPtrWrap: symbol not found
*(from redmine: issue id 3682, created on 2015-01-09, closed on 2019-06-11)*Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3681package request: pam_mkhomedir2019-07-12T14:53:24ZJean-Charles de Longuevillepackage request: pam_mkhomedirI’d like to use it with nss-pam-ldapd. Just add an user to openldap and
first time he logs in $home is automagically setup.
Would it be possible to add it to AL?
Thanks
https://github.com/tonnerre/pam-mkhomedir/
*(from redmine: is...I’d like to use it with nss-pam-ldapd. Just add an user to openldap and
first time he logs in $home is automagically setup.
Would it be possible to add it to AL?
Thanks
https://github.com/tonnerre/pam-mkhomedir/
*(from redmine: issue id 3681, created on 2015-01-08, closed on 2015-01-12)*3.1.2https://gitlab.alpinelinux.org/alpine/aports/-/issues/3679Illegal Command in lftp package on raspberry pi2019-07-23T13:58:59ZNicolas SchmerberIllegal Command in lftp package on raspberry piHello to all,
First I wish you a happy and very good new year 2015.
I recently began to test the raspberry Pi port of Alpine Linux
(3.1.0).
All seems fine unetil i wanted to use lftp FTP client.
When connecting to a remote server wi...Hello to all,
First I wish you a happy and very good new year 2015.
I recently began to test the raspberry Pi port of Alpine Linux
(3.1.0).
All seems fine unetil i wanted to use lftp FTP client.
When connecting to a remote server with TLS enabled I got that :
\_lftp myserver
lftp myserver:~>user backup
Password:
lftp backup@myserver:~>ls
Illegal instructionng…\]\_
I managed to get a strace print with the sequence :
\_write(5, “AUTH TLS\\r\\n”, 10) = 10
clock\_gettime(CLOCK\_REALTIME, {1420699310, 27377604}) = 0
select(6, \[5\], \[\], NULL, {0, 64820}) = 1 (in \[5\], left {0,
31294})
clock\_gettime(CLOCK\_REALTIME, {1420699310, 61874660}) = 0
read(5, “234 AUTH TLS ex\\351cut\\351 avec succ\\350s”…, 65536) = 34
fstat64(4, {st\_mode=S\_IFCHR|0444, st\_rdev=makedev(1, 9), …}) = 0
access(“/etc/pki/tls/certs/ca-bundle.crt”, R\_OK) = –1 ENOENT (No such
file or directory)
access(“/etc/certs/ca-bundle.crt”, R\_OK) = –1 ENOENT (No such file or
directory)
access(“/usr/share/ssl/certs/ca-bundle.crt”, R\_OK) = –1 ENOENT (No such
file or directory)
access(“/etc/ssl/certs/ca-certificates.crt”, R\_OK) = 0
stat64(“/etc/ssl/certs/ca-certificates.crt”, {st\_mode=S\_IFREG|0644,
st\_size=273790, …}) = 0
access(“/etc/ssl/certs/ca-certificates.crt”, R\_OK) = 0
open(“/etc/ssl/certs/ca-certificates.crt”, O\_RDONLY|O\_LARGEFILE) = 6
fstat64(6, {st\_mode=S\_IFREG|0644, st\_size=273790, …}) = 0
mmap2(NULL, 273790, PROT\_READ, MAP\_SHARED, 6, 0) = 0xb6949000
close(6) = 0
brk(0x185c000) = 0x185c000
brk(0x185d000) = 0x185d000
brk(0x185e000) = 0x185e000
brk(0x185f000) = 0x185f000
brk(0x1860000) = 0x1860000
brk(0x1861000) = 0x1861000
brk(0x1862000) = 0x1862000
brk(0x1863000) = 0x1863000
brk(0x1864000) = 0x1864000
brk(0x1865000) = 0x1865000
brk(0x1866000) = 0x1866000
brk(0x1867000) = 0x1867000
brk(0x1868000) = 0x1868000
….
brk(0x1d9b000) = 0x1d9b000
brk(0x1d9c000) = 0x1d9c000
brk(0x1d9d000) = 0x1d9d000
brk(0x1d9e000) = 0x1d9e000
brk(0x1d9f000) = 0x1d9f000
brk(0x1da0000) = 0x1da0000
brk(0x1da1000) = 0x1da1000
brk(0x1da2000) = 0x1da2000
munmap(0xb6949000, 273790) = 0
brk(0x1da3000) = 0x1da3000
brk(0x1da4000) = 0x1da4000
clock\_gettime(CLOCK\_REALTIME, {1420699310, 928273403}) = 0
brk(0x1da5000) = 0x1da5000
clock\_gettime(CLOCK\_REALTIME, {1420699310, 929035471}) = 0
clock\_gettime(CLOCK\_REALTIME, {1420699310, 929338498}) = 0
getpid() = 1173
—- SIGILL {si\_signo=SIGILL, si\_code=ILL\_ILLOPC, si\_addr=0xb6a424d8}
—-
<span class="underline"></span>+ killed by SIGILL <span
class="underline"></span>+\_
At this point a don’t know to do to do more debug.
Any clue so i can report you next traces ?
Thanks in advance.
*(from redmine: issue id 3679, created on 2015-01-08, closed on 2017-05-17)*Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3677Package request: Vino2019-07-23T13:59:00ZAlan LacerdaPackage request: VinoThe GNOME desktop sharing server.
https://wiki.gnome.org/Projects/Vino
http://ftp.acc.umu.se/pub/GNOME/sources/vino/
*(from redmine: issue id 3677, created on 2015-01-07, closed on 2015-02-10)*The GNOME desktop sharing server.
https://wiki.gnome.org/Projects/Vino
http://ftp.acc.umu.se/pub/GNOME/sources/vino/
*(from redmine: issue id 3677, created on 2015-01-07, closed on 2015-02-10)*Alan LacerdaAlan Lacerdahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3676alpine-announce only for specific members2019-07-23T13:59:01ZMartin Hansenalpine-announce only for specific membersI suggest that since alpine-announce has a very limited usage, that only
selected members are allowed to post to that list.
In order to better avoid spam and unnecessary clutter on the list.
Kind regards
*(from redmine: issue id 3676...I suggest that since alpine-announce has a very limited usage, that only
selected members are allowed to post to that list.
In order to better avoid spam and unnecessary clutter on the list.
Kind regards
*(from redmine: issue id 3676, created on 2015-01-03, closed on 2015-02-14)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/3675root filesystem with xfs2019-07-23T13:59:02Zalgitbotroot filesystem with xfsHi,
There seems to be a problem with xfs compiled in as a module. If I use
xfs for the root partition, initramfs can’t mount the partition to
/newroot.
# modprobe xfs
modprobe: can't load module libcrc32c (kernel/lib/libcrc32c....Hi,
There seems to be a problem with xfs compiled in as a module. If I use
xfs for the root partition, initramfs can’t mount the partition to
/newroot.
# modprobe xfs
modprobe: can't load module libcrc32c (kernel/lib/libcrc32c.ko): unknown symbol in module, or unknown parameter
It works when I recomple the kernel by enabling xfs in-kernel rather
than module.
CONFIG\_XFS\_FS=m to CONFIG\_XFS\_FS=y \[1\]
This whole thing is very strange, but it seems that other distros are
facing the same problem \[2\].
\[1\]
http://git.alpinelinux.org/cgit/aports/tree/main/linux-grsec/kernelconfig.x86\_64\#n5197
\[2\]
https://github.com/funtoo/funtoo-overlay/blob/master/sys-kernel/debian-sources/files/debian-sources-3.10.11-xfs-libcrc32c-fix.patch
*(from redmine: issue id 3675, created on 2015-01-03, closed on 2018-06-25)*3.8.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/3674Loading kernel module "tridentfb" crashes system2019-07-23T13:59:03ZMarian BuschsiewekeLoading kernel module "tridentfb" crashes systemHi there,
when I load the kernel module “tridentfb” on an ancient notebook the
system crashes. Neither local shell nor ssh shell are responding after
tridentfb has been loaded and I cannot connect new ssh sessions. Only
restarting using...Hi there,
when I load the kernel module “tridentfb” on an ancient notebook the
system crashes. Neither local shell nor ssh shell are responding after
tridentfb has been loaded and I cannot connect new ssh sessions. Only
restarting using Sysrequest (Sys Req + r, e, i, s, u, b) still works.
The screen is showing a “messed up” version of the logo the BIOS is
showing during boot up (“Toshiba - in touch with tomorrow” in big red
letters - quite ironic on such an ancient device).
The vga16fb kernel seems to work fine on this machine so far. Also did
tridentfb work when I ran Arch Linux on this device. So this looks like
a software problem to me.
Some info about the device:
Toshiba Satellite S1800-224, version PS181E-0E53E
CPU: Intel Celeron(Coppermine) 1Ghz
Graphic: Trident Cyberblade/i1
Regards,
maribu
PS: I tried the grsec kernel of both Alpine Linux v3.1 and edge an the
vanilla kernel in edge. With all three kernel packages I had this
problem
*(from redmine: issue id 3674, created on 2014-12-29, closed on 2019-06-11)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/3673Alpine 3.1.0-x86_64 stalls during install2019-07-23T13:59:04ZMartin HansenAlpine 3.1.0-x86_64 stalls during installI am trying to install alpine-mini-3.1.0-x86\_64.iso onto an Acer Aspire
5820TG with an Intel Core i5 M430 CPU.
During installation boot up the installer stalls at Loading Hardware
Drivers.
The system is unresponsive to CTRL-DEL and ha...I am trying to install alpine-mini-3.1.0-x86\_64.iso onto an Acer Aspire
5820TG with an Intel Core i5 M430 CPU.
During installation boot up the installer stalls at Loading Hardware
Drivers.
The system is unresponsive to CTRL-DEL and has to be turned of manually.
However, NUMLOCK can still be switched on and off so its not a complete
freeze.
I have tried switching between IDE and ACHI mode in bios without any
difference.
*(from redmine: issue id 3673, created on 2014-12-28, closed on 2019-06-11)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/3672[3.1.0] alpine-vanilla isos are broken2019-07-23T13:59:04ZAugust Klein[3.1.0] alpine-vanilla isos are brokenThey give me this error: “Loading /boot/vmlinuz-vanilla failed: No such
file or directory”
If I mount iso, I can see two files with same size (“vmlinuz” and
“vanilla”) instead one “vmlinuz-vanilla” file.
*(from redmine: issue id 3672,...They give me this error: “Loading /boot/vmlinuz-vanilla failed: No such
file or directory”
If I mount iso, I can see two files with same size (“vmlinuz” and
“vanilla”) instead one “vmlinuz-vanilla” file.
*(from redmine: issue id 3672, created on 2014-12-26, closed on 2015-01-07)*
* Changesets:
* Revision 34028faf4bcb764dd20a21914cc2363d16a1de9b by Natanael Copa on 2014-12-30T15:03:07Z:
```
main/openrc: modloop: fix detection of vanilla kernel flavor
ref #3672
```
* Revision 0420e2d4a9615e06b4efbbf42153e0e393197ac0 by Natanael Copa on 2014-12-30T15:04:34Z:
```
main/openrc: modloop: fix detection of vanilla kernel flavor
ref #3672
(cherry picked from commit 34028faf4bcb764dd20a21914cc2363d16a1de9b)
```3.1.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/3671[v3.0] kernel: ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)2019-07-12T14:53:19ZAlexander Belous[v3.0] kernel: ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)Stack-based buffer overflow in the
ttusbdecfe\_dvbs\_diseqc\_send\_master\_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before
3.17.4 allows local users to cause a denial of service (system crash) or
possi...Stack-based buffer overflow in the
ttusbdecfe\_dvbs\_diseqc\_send\_master\_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before
3.17.4 allows local users to cause a denial of service (system crash) or
possibly gain privileges via a large message length in an ioctl call.
Fixed in 3.10.61 and 3.14.25.
References:
•MLIST:\[oss-security\] 20141114 Re: CVE Request: Linux kernel:
ttusb-dec: overflow by descriptor
•URL: http://www.openwall.com/lists/oss-security/2014/11/14/7
•CONFIRM:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2e323ec96077642d397bb1c355def536d489d16
•CONFIRM: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1164266
•CONFIRM:
https://github.com/torvalds/linux/commit/f2e323ec96077642d397bb1c355def536d489d16
•COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/0ec4fc584c3ee470f5150450acf49dd2dab5d1e7
•COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/c8e0fd4818f29aaafafb01f0bacf376b86e82830
*(from redmine: issue id 3671, created on 2014-12-24, closed on 2017-09-05)*
* Relations:
* parent #36683.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3670[v2.7] kernel: ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)2019-07-12T14:53:19ZAlexander Belous[v2.7] kernel: ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)Stack-based buffer overflow in the
ttusbdecfe\_dvbs\_diseqc\_send\_master\_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before
3.17.4 allows local users to cause a denial of service (system crash) or
possi...Stack-based buffer overflow in the
ttusbdecfe\_dvbs\_diseqc\_send\_master\_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before
3.17.4 allows local users to cause a denial of service (system crash) or
possibly gain privileges via a large message length in an ioctl call.
Fixed in 3.10.61 and 3.14.25.
References:
•MLIST:\[oss-security\] 20141114 Re: CVE Request: Linux kernel:
ttusb-dec: overflow by descriptor
•URL: http://www.openwall.com/lists/oss-security/2014/11/14/7
•CONFIRM:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2e323ec96077642d397bb1c355def536d489d16
•CONFIRM: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1164266
•CONFIRM:
https://github.com/torvalds/linux/commit/f2e323ec96077642d397bb1c355def536d489d16
•COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/0ec4fc584c3ee470f5150450acf49dd2dab5d1e7
•COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/c8e0fd4818f29aaafafb01f0bacf376b86e82830
*(from redmine: issue id 3670, created on 2014-12-24, closed on 2017-09-05)*
* Relations:
* parent #3668Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3669[v2.6] kernel: ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)2019-07-12T14:53:18ZAlexander Belous[v2.6] kernel: ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)Stack-based buffer overflow in the
ttusbdecfe\_dvbs\_diseqc\_send\_master\_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before
3.17.4 allows local users to cause a denial of service (system crash) or
possi...Stack-based buffer overflow in the
ttusbdecfe\_dvbs\_diseqc\_send\_master\_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before
3.17.4 allows local users to cause a denial of service (system crash) or
possibly gain privileges via a large message length in an ioctl call.
Fixed in 3.10.61 and 3.14.25.
References:
•MLIST:\[oss-security\] 20141114 Re: CVE Request: Linux kernel:
ttusb-dec: overflow by descriptor
•URL: http://www.openwall.com/lists/oss-security/2014/11/14/7
•CONFIRM:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2e323ec96077642d397bb1c355def536d489d16
•CONFIRM: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1164266
•CONFIRM:
https://github.com/torvalds/linux/commit/f2e323ec96077642d397bb1c355def536d489d16
•COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/0ec4fc584c3ee470f5150450acf49dd2dab5d1e7
•COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/c8e0fd4818f29aaafafb01f0bacf376b86e82830
*(from redmine: issue id 3669, created on 2014-12-24, closed on 2017-09-05)*
* Relations:
* parent #3668Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3667[v3.0] kernel: sctp: multiple issues (CVE-2014-3673, CVE-2014-3687, CVE-2014-...2019-07-12T14:53:18ZAlexander Belous[v3.0] kernel: sctp: multiple issues (CVE-2014-3673, CVE-2014-3687, CVE-2014-3688)Fixed in 3.10.61 and 3.14.25.
References:
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/cda702df4736ab981f81ea4b529d14a2858fdc36
COMMIT (3.14.y):
ht...Fixed in 3.10.61 and 3.14.25.
References:
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/cda702df4736ab981f81ea4b529d14a2858fdc36
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/e36b6ac9e011205eb7ad3af329dbd27a21bacd50
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/3329125539de90e5fa6ab83009f5f82ef73a3259
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/59ea8663e3a7fc3a0c2841e310b83f7aaec1c017
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/bf53932bce5c58cf006ca2e1f81bd1d66d14ba45
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/75680aa393f12465fc10642d2d55be49a333d828
*(from redmine: issue id 3667, created on 2014-12-24, closed on 2017-09-05)*
* Relations:
* parent #36643.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3666[v2.7] kernel: sctp: multiple issues (CVE-2014-3673, CVE-2014-3687, CVE-2014-...2019-07-12T14:53:17ZAlexander Belous[v2.7] kernel: sctp: multiple issues (CVE-2014-3673, CVE-2014-3687, CVE-2014-3688)Fixed in 3.10.61 and 3.14.25.
References:
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/cda702df4736ab981f81ea4b529d14a2858fdc36
COMMIT (3.14.y):
ht...Fixed in 3.10.61 and 3.14.25.
References:
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/cda702df4736ab981f81ea4b529d14a2858fdc36
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/e36b6ac9e011205eb7ad3af329dbd27a21bacd50
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/3329125539de90e5fa6ab83009f5f82ef73a3259
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/59ea8663e3a7fc3a0c2841e310b83f7aaec1c017
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/bf53932bce5c58cf006ca2e1f81bd1d66d14ba45
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/75680aa393f12465fc10642d2d55be49a333d828
*(from redmine: issue id 3666, created on 2014-12-24, closed on 2017-09-05)*
* Relations:
* parent #3664Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3665[v2.6] kernel: sctp: multiple issues (CVE-2014-3673, CVE-2014-3687, CVE-2014-...2019-07-12T14:53:17ZAlexander Belous[v2.6] kernel: sctp: multiple issues (CVE-2014-3673, CVE-2014-3687, CVE-2014-3688)Fixed in 3.10.61 and 3.14.25.
References:
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/cda702df4736ab981f81ea4b529d14a2858fdc36
COMMIT (3.14.y):
ht...Fixed in 3.10.61 and 3.14.25.
References:
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/cda702df4736ab981f81ea4b529d14a2858fdc36
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/e36b6ac9e011205eb7ad3af329dbd27a21bacd50
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/3329125539de90e5fa6ab83009f5f82ef73a3259
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/59ea8663e3a7fc3a0c2841e310b83f7aaec1c017
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/bf53932bce5c58cf006ca2e1f81bd1d66d14ba45
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/75680aa393f12465fc10642d2d55be49a333d828
*(from redmine: issue id 3665, created on 2014-12-24, closed on 2017-09-05)*
* Relations:
* parent #3664Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3663[v3.0] kernel: net: sctp: remote DoS (CVE-2014-7841)2019-07-12T14:53:16ZAlexander Belous[v3.0] kernel: net: sctp: remote DoS (CVE-2014-7841)An SCTP server doing ASCONF will panic on malformed INIT ping-of-death
in the form of:
—————— INIT\[PARAM: SET\_PRIMARY\_IP\] ——————&gt;
A remote attacker could use this flaw to crash the system by sending a
maliciously prepared SCTP ...An SCTP server doing ASCONF will panic on malformed INIT ping-of-death
in the form of:
—————— INIT\[PARAM: SET\_PRIMARY\_IP\] ——————>
A remote attacker could use this flaw to crash the system by sending a
maliciously prepared SCTP packet in order to trigger a NULL pointer
dereference on the server.
Fixed in 3.14.25 and 3.10.61 (please find links to the commits below).
References:
CONFIRM: http://seclists.org/oss-sec/2014/q4/604
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1163087
COMMIT (upstream):
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/358905266ed83d4a9e693ae7ff86c1595220ec60
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/7031dcb018db2a7776c1c31ef156cf8ac8da8a99
*(from redmine: issue id 3663, created on 2014-12-24, closed on 2017-09-05)*
* Relations:
* parent #36603.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3662[v2.7] kernel: net: sctp: remote DoS (CVE-2014-7841)2019-07-12T14:53:15ZAlexander Belous[v2.7] kernel: net: sctp: remote DoS (CVE-2014-7841)An SCTP server doing ASCONF will panic on malformed INIT ping-of-death
in the form of:
—————— INIT\[PARAM: SET\_PRIMARY\_IP\] ——————&gt;
A remote attacker could use this flaw to crash the system by sending a
maliciously prepared SCTP ...An SCTP server doing ASCONF will panic on malformed INIT ping-of-death
in the form of:
—————— INIT\[PARAM: SET\_PRIMARY\_IP\] ——————>
A remote attacker could use this flaw to crash the system by sending a
maliciously prepared SCTP packet in order to trigger a NULL pointer
dereference on the server.
Fixed in 3.14.25 and 3.10.61 (please find links to the commits below).
References:
CONFIRM: http://seclists.org/oss-sec/2014/q4/604
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1163087
COMMIT (upstream):
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/358905266ed83d4a9e693ae7ff86c1595220ec60
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/7031dcb018db2a7776c1c31ef156cf8ac8da8a99
*(from redmine: issue id 3662, created on 2014-12-24, closed on 2017-09-05)*
* Relations:
* parent #3660Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3661[v2.6] kernel: net: sctp: remote DoS (CVE-2014-7841)2019-07-12T14:53:15ZAlexander Belous[v2.6] kernel: net: sctp: remote DoS (CVE-2014-7841)An SCTP server doing ASCONF will panic on malformed INIT ping-of-death
in the form of:
—————— INIT\[PARAM: SET\_PRIMARY\_IP\] ——————&gt;
A remote attacker could use this flaw to crash the system by sending a
maliciously prepared SCTP ...An SCTP server doing ASCONF will panic on malformed INIT ping-of-death
in the form of:
—————— INIT\[PARAM: SET\_PRIMARY\_IP\] ——————>
A remote attacker could use this flaw to crash the system by sending a
maliciously prepared SCTP packet in order to trigger a NULL pointer
dereference on the server.
Fixed in 3.14.25 and 3.10.61 (please find links to the commits below).
References:
CONFIRM: http://seclists.org/oss-sec/2014/q4/604
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1163087
COMMIT (upstream):
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/358905266ed83d4a9e693ae7ff86c1595220ec60
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/7031dcb018db2a7776c1c31ef156cf8ac8da8a99
*(from redmine: issue id 3661, created on 2014-12-24, closed on 2017-09-05)*
* Relations:
* parent #3660Alpine 2.6.7Natanael CopaNatanael Copa