alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2022-10-01T07:50:11Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11544feat: swtpm - software TPM for libvirt/qemu2022-10-01T07:50:11ZMark Cfeat: swtpm - software TPM for libvirt/qemuAllows libvirt/qemu to provide virtual tpm to virtual machines
Homepage: https://github.com/stefanberger/swtpm
Download: https://github.com/stefanberger/swtpm/archive/v0.3.1.tar.gzAllows libvirt/qemu to provide virtual tpm to virtual machines
Homepage: https://github.com/stefanberger/swtpm
Download: https://github.com/stefanberger/swtpm/archive/v0.3.1.tar.gzhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11542Imagick: Load remote files into Imagick2022-10-28T16:51:34ZJoão SilvaImagick: Load remote files into ImagickGreetings,
I will replicate what I originally explained [here](https://github.com/Imagick/imagick/issues/325) (apparently the wrong place for the issue). Without no real evidences, the thoughts points to a problem related to Alpine vers...Greetings,
I will replicate what I originally explained [here](https://github.com/Imagick/imagick/issues/325) (apparently the wrong place for the issue). Without no real evidences, the thoughts points to a problem related to Alpine versions > 3.7.0 accordingly with @Danack, the maintainer of Imagick.
-----------------------------------------------------------------------------------------
So my problem after hours of debug, resulted in this: PHP release **<= 7.1.20** works fine with Imagick against this snippet `php -r "new \Imagick('https://file-examples.com/wp-content/uploads/2017/10/file_example_JPG_100kB.jpg');"` however **> 7.1.20** the snippet always fail with
```
Fatal error: Uncaught ImagickException: no decode delegate for this image format `' @ error/constitute.c/ReadImage/560 in Command line code:1
Stack trace:
#0 Command line code(1): Imagick->__construct('https://file-ex...')
#1 {main}
thrown in Command line code on line 1
```
I think it's not related to PHP version directly but with the imagemagick binaries that ships with the alpine version that holds every PHP image. Concluding that the snippet above always fails for `imagemagick 7.0.8-68` or higher (this version is present in PHP 7.1.21-fpm-alpine image).
-----------------------------------------------------------------------------------------
Here are some Dockerfiles what I said before:
PHP 7.1.20
imagemagick 7.0.7-11
imagick extension version 3.4.4
alpine 3.7.0
result: exits with error code 1 meaning that the PHP script worked fine
```
FROM php:7.1.20-fpm-alpine
RUN set -eux; \
apk add --no-cache --virtual .phpize-deps $PHPIZE_DEPS imagemagick-dev libtool \
&& export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \
&& pecl install imagick-3.4.4 \
&& docker-php-ext-enable imagick \
&& apk add --no-cache --virtual .imagick-runtime-deps imagemagick \
&& apk del .phpize-deps
RUN set -eux; \
php -r "new \Imagick('https://file-examples.com/wp-content/uploads/2017/10/file_example_JPG_100kB.jpg');" \
&& exit 1
```
PHP 7.1.21
imagemagick 7.0.8-68
imagick extension version 3.4.4
alpine 3.8.1
result: ```Fatal error: Uncaught ImagickException: no decode delegate for this image format `' @ error/constitute.c/ReadImage/560 in Command line code:1```
```
FROM php:7.1.21-fpm-alpine
RUN set -eux; \
apk add --no-cache --virtual .phpize-deps $PHPIZE_DEPS imagemagick-dev libtool \
&& export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \
&& pecl install imagick-3.4.4 \
&& docker-php-ext-enable imagick \
&& apk add --no-cache --virtual .imagick-runtime-deps imagemagick \
&& apk del .phpize-deps
RUN set -eux; \
php -r "new \Imagick('https://file-examples.com/wp-content/uploads/2017/10/file_example_JPG_100kB.jpg');" \
&& exit 1
```
PS 1: The same problem is also reproducible against the lastest PHP version `php:7.4.5-fpm-alpine`.
PS 2: Another test scenario
```
$imagick = new \Imagick();
$url = 'https://file-examples.com/wp-content/uploads/2017/10/file_example_JPG_100kB.jpg';
$imagick->readImageFile(fopen($url, 'rb')); // fails in the cases mentioned earlier
$imagick->readImageBlob(file_get_contents($url)); // always work
```
Thank you!https://gitlab.alpinelinux.org/alpine/aports/-/issues/11541iproute2: Use-after-free (CVE-2019-20795)2020-05-21T10:38:53ZAlicha CHiproute2: Use-after-free (CVE-2019-20795)iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-20795
* https://security-tracker.debian.org/tracker/CVE-2019-2079
* Introduced in: htt...iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-20795
* https://security-tracker.debian.org/tracker/CVE-2019-2079
* Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0)
#### Patch:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
### Affected branches:
* [x] master (04ff1e80f29b49189cfa18e59ec2e328b33222df)
* [x] 3.11-stable (04ff1e80f29b49189cfa18e59ec2e328b33222df)
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11540apache-ant: Insecure temporary file vulnerability (CVE-2020-1945)2020-06-11T09:12:13ZAlicha CHapache-ant: Insecure temporary file vulnerability (CVE-2020-1945)Apache Ant uses the default temporary directory identified by the Java
system property java.io.tmpdir for several tasks and may thus leak
sensitive information. The fixcrlf and replaceregexp tasks also copy
files from the temporary direc...Apache Ant uses the default temporary directory identified by the Java
system property java.io.tmpdir for several tasks and may thus leak
sensitive information. The fixcrlf and replaceregexp tasks also copy
files from the temporary directory back into the build tree allowing an
attacker to inject modified source files into the build process.
#### Affected Versions:
apache-ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7
#### Fixed In Version:
apache-ant 1.10.8
#### References:
* https://ant.apache.org/security.html
* https://www.openwall.com/lists/oss-security/2020/05/13/1
### Affected branches:
* [x] master (c902b4f58f0146fedbe0e40a24e0b1384ee70220)
* [x] 3.11-stableJakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11539libexif: Multiple vulnerabilities (CVE-2018-20030, CVE-2020-12767)2020-05-19T11:59:55ZAlicha CHlibexif: Multiple vulnerabilities (CVE-2018-20030, CVE-2020-12767)### CVE-2018-20030: Input validation issue resulting in a denial of service
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources....### CVE-2018-20030: Input validation issue resulting in a denial of service
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20030
#### Patch:
https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
### CVE-2020-12767: divide-by-zero in exif_entry_get_value function in exif-entry.c
Exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
#### References:
* https://github.com/libexif/libexif/issues/31
* https://nvd.nist.gov/vuln/detail/CVE-2020-12767
#### Patch:
https://github.com/libexif/libexif/pull/32/commits/4431cd0d67c2b17bf764fa9c253f11051ae8355a
### Affected branches:
* [x] master (9959b863135bbaa1251dbddfa038c9256e155702)
* [x] 3.11-stable (7d1a8137daa5c1f5312ad957dc1857027b8999df)
* [x] 3.10-stable (726529dabef044127d02831c4b26fa6c6fc9d5f5)
* [x] 3.9-stable (cc9c8ab403cd5dfa204be58c326dd98d0702d70c)
* [x] 3.8-stable (5dea23e076ed7123339473f529d74d8a9362e7c6)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11537Cheese error 'org.gnome.desktop.thumbnailers' is not installed2020-05-14T17:36:05ZAntonio PiniCheese error 'org.gnome.desktop.thumbnailers' is not installedI just installed Cheese on Alpine with Jwm desktop and got this error:
(cheese:5094): GLib-GIO-ERROR **: 20:43:14.680: Settings schema 'org.gnome.desktop.thumbnailers' is not installed
Trace/breakpoint trap
I have been looking for a cor...I just installed Cheese on Alpine with Jwm desktop and got this error:
(cheese:5094): GLib-GIO-ERROR **: 20:43:14.680: Settings schema 'org.gnome.desktop.thumbnailers' is not installed
Trace/breakpoint trap
I have been looking for a corresponding gnome pkg but I don't seem to find it.https://gitlab.alpinelinux.org/alpine/aports/-/issues/11536Two different nss.h?2020-05-13T11:17:22ZM.Two different nss.h?I am currently trying to compile libnss-mysql (https://github.com/saknopper/libnss-mysql) on alpine. The compilation works great on CentOS 8, but on alpine the nss headers seem to heavily differ and miss some types:
```
/bin/sh ../libto...I am currently trying to compile libnss-mysql (https://github.com/saknopper/libnss-mysql) on alpine. The compilation works great on CentOS 8, but on alpine the nss headers seem to heavily differ and miss some types:
```
/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/include/mysql -I/usr/include/mysql/mysql -g -O2 -MT libnss_mysql_la-nss_config.lo -MD -MP -MF .deps/libnss_mysql_la-nss_config.Tpo -c -o libnss_mysql_la-nss_config.lo `test -f 'nss_config.c' || echo './'`nss_config.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/include/mysql -I/usr/include/mysql/mysql -g -O2 -MT libnss_mysql_la-nss_config.lo -MD -MP -MF .deps/libnss_mysql_la-nss_config.Tpo -c nss_config.c -fPIC -DPIC -o .libs/libnss_mysql_la-nss_config.o
In file included from nss_config.c:22:
nss_mysql.h:31:2: error: #error I need either nss.h or nss_common.h!
31 | #error I need either nss.h or nss_common.h!
| ^~~~~
In file included from nss_config.c:22:
nss_mysql.h:242:1: error: unknown type name 'NSS_STATUS'
242 | NSS_STATUS _nss_mysql_init (void);
| ^~~~~~~~~~
nss_mysql.h:250:1: error: unknown type name 'NSS_STATUS'
250 | NSS_STATUS _nss_mysql_load_passwd (void *result, char *buffer, size_t buflen,
| ^~~~~~~~~~
```
However, on CentOS there are two nss.h header files [centos-nss3.h](/uploads/2fc66361b60640f2570406d6bbee2f44/centos-nss3.h) (same as the file on alpine, except version numbers), [centos-nss.h](/uploads/a907db25e3e8b91f1633f5c28629e277/centos-nss.h) (not similar at all).
Where with the nss-dev package on alpine, only [alpine-nss.h](/uploads/132b897927f985ff5b50b0aaa6a6472f/alpine-nss.h) is provided.
Whats the best way to proceed here?https://gitlab.alpinelinux.org/alpine/aports/-/issues/11535Package request: Trelby2021-01-20T17:55:56ZAntonio PiniPackage request: TrelbyI'd like to see Trelby in Alpine. It is a state of the art screenwriting program. Sources are available at https://github.com/oskusalerma/trelby/I'd like to see Trelby in Alpine. It is a state of the art screenwriting program. Sources are available at https://github.com/oskusalerma/trelby/https://gitlab.alpinelinux.org/alpine/aports/-/issues/11534vlc-qt: unsatisfiable constraints: vlc-xorg (missing)2020-05-13T11:21:09Zc705vlc-qt: unsatisfiable constraints: vlc-xorg (missing)unable to add package vlc-qt:
```
Linux alpine 5.4.40-0-lts #1-Alpine SMP Mon, 11 May 2020 10:41:15 UTC x86_64 Linux
3.12_alpha20200428
```
```
sudo apk add vlc-qt
ERROR: unsatisfiable constraints:
vlc-xorg (missing):
required by...unable to add package vlc-qt:
```
Linux alpine 5.4.40-0-lts #1-Alpine SMP Mon, 11 May 2020 10:41:15 UTC x86_64 Linux
3.12_alpha20200428
```
```
sudo apk add vlc-qt
ERROR: unsatisfiable constraints:
vlc-xorg (missing):
required by: vlc-qt-3.0.10-r2[vlc-xorg=3.0.10-r2]
```
```
76bc:[~]$ sudo apk search vlc-*
vlc-dev-3.0.10-r2
acf-vlc-daemon-0.5.0-r3
vlc-3.0.10-r2
vlc-libs-3.0.10-r2
vlc-qt-3.0.10-r2
vlc-doc-3.0.10-r2
vlc-daemon-3.0.10-r2
```
```
cat /etc/apk/repositories
http://dl-cdn.alpinelinux.org/alpine/edge/main
http://dl-cdn.alpinelinux.org/alpine/edge/community
# http://dl-2.alpinelinux.org/alpine/edge/main
# http://dl-2.alpinelinux.org/alpine/edge/community
```
related to
```
root/community/vlc/APKBUILD: 191-206
qt() {
pkgdesc="Qt frontend for VLC"
depends="vlc-xorg=$pkgver-r$pkgrel"
cd "$pkgdir"
# scan for elf files that directly or indirectly depends on
# libQt* libraries
cd "$pkgdir"
for i in $(find . -type f ); do
if ldd $i 2>/dev/null | grep -q "libQt"; then
_mv "$i"
fi
done
mkdir -p "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/qvlc \
"$subpkgdir"/usr/bin/
}
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/11533FFMPEG libx264 Segfault error2021-07-27T14:55:29ZAriel FrischerFFMPEG libx264 Segfault errorI'm installing ffmpeg 4.2.1 on alpine:3.11 image and I continuously get segfault errors which using ffmpeg with libx264.
```
Step 18/33 : RUN ffmpeg -version
ffmpeg version 4.2.1 Copyright (c) 2000-2019 the FFmpeg developers
built wit...I'm installing ffmpeg 4.2.1 on alpine:3.11 image and I continuously get segfault errors which using ffmpeg with libx264.
```
Step 18/33 : RUN ffmpeg -version
ffmpeg version 4.2.1 Copyright (c) 2000-2019 the FFmpeg developers
built with gcc 9.2.0 (Alpine 9.2.0)
configuration: --prefix=/usr --enable-avresample --enable-avfilter --enable-gnutls --enable-gpl --enable-libass --enable-libmp3lame --enable-libvorbis --enable-libvpx --enable-libxvid --enable-libx264 --enable-libx265 --enable-libtheora --enable-libv4l2 --enable-postproc --enable-pic --enable-pthreads --enable-shared --enable-libxcb --disable-stripping --disable-static --disable-librtmp --enable-vaapi --enable-vdpau --enable-libopus --disable-debug
libavutil 56. 31.100 / 56. 31.100
libavcodec 58. 54.100 / 58. 54.100
libavformat 58. 29.100 / 58. 29.100
libavdevice 58. 8.100 / 58. 8.100
libavfilter 7. 57.100 / 7. 57.100
libavresample 4. 0. 0 / 4. 0. 0
libswscale 5. 5.100 / 5. 5.100
libswresample 3. 5.100 / 3. 5.100
libpostproc 55. 5.100 / 55. 5.100
```
The command is:
```
ffmpeg -f rawvideo -vcodec rawvideo -pix_fmt rgba -s 320x180 -r 15 -i - -map 0:v:0 -vf format=yuv420p -vcodec libx264 -profile:v high -preset:v ultrafast -crf 18 -mov
```
The error is: `Segmentation fault (core dumped)` and that's it. I'm using xvfb to run node, inside node a package called editly is running this ffmpeg command. Other fluent-ffmpeg commands seem to work without issues, only libx264 crashes.https://gitlab.alpinelinux.org/alpine/aports/-/issues/11532feat meta package tesseract-ocr-data-all2020-05-13T08:48:51Zhertzgfeat meta package tesseract-ocr-data-allCould we include a meta package for `tesseract-ocr` similar to `tesseract-ocr-all` like in debian linux distros?
Links:
* https://packages.debian.org/buster/tesseract-ocr-all
* https://packages.ubuntu.com/eoan/tesseract-ocr-allCould we include a meta package for `tesseract-ocr` similar to `tesseract-ocr-all` like in debian linux distros?
Links:
* https://packages.debian.org/buster/tesseract-ocr-all
* https://packages.ubuntu.com/eoan/tesseract-ocr-allhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11531feat package tesseract-ocr-data-kat / tesseract-ocr-data-kat-old2020-12-21T10:28:07Zhertzgfeat package tesseract-ocr-data-kat / tesseract-ocr-data-kat-oldHello, I was unable to find a package which provides `Georgian` (new and old script) training data for `tesseract-ocr`.
The package is provided in most Linux distros and training data exists on official https://tesseract-ocr.github.io/te...Hello, I was unable to find a package which provides `Georgian` (new and old script) training data for `tesseract-ocr`.
The package is provided in most Linux distros and training data exists on official https://tesseract-ocr.github.io/tessdoc/Data-Files.
Can we get into the registry?https://gitlab.alpinelinux.org/alpine/aports/-/issues/11530minizip static lib request2020-05-13T04:29:13ZLionel Untereinerminizip static lib requestHi,
The minizip library is available as a shared library via the packages minizip and minizip-dev.
I would request the static version of the library.
Thank youHi,
The minizip library is available as a shared library via the packages minizip and minizip-dev.
I would request the static version of the library.
Thank youhttps://gitlab.alpinelinux.org/alpine/abuild/-/issues/9997Follow XDG Base Directory specifications2023-10-24T01:52:52ZBart RibbersFollow XDG Base Directory specificationsCurrently abuild write it's config file and build keys to `~/.abuild`, and puts generated packages in `~/packages`. It would be nice if it would use [the XDG Base Directory specification](https://specifications.freedesktop.org/basedir-sp...Currently abuild write it's config file and build keys to `~/.abuild`, and puts generated packages in `~/packages`. It would be nice if it would use [the XDG Base Directory specification](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html) instead so it doesn't clutter the `$HOME` directory.
The config file would go to `~/.config/abuild/abuild.conf` (if `$XDG_CONFIG_DIR` isn't set) and the keys and packages to `~/.local/share/abuild` (if `$XDG_DATA_DIRS` isn't set).https://gitlab.alpinelinux.org/alpine/aports/-/issues/11529bubblewrap: --bind does not work (0.4.1-r0)2021-11-25T02:53:25Zminusbubblewrap: --bind does not work (0.4.1-r0)The current version in the repo (0.4.1-r0) fails to bind mount anything.
```
$ bwrap --ro-bind /bin /bin --ro-bind /lib /lib /bin/busybox sh
bwrap: Can't bind mount /oldroot/bin on /newroot/bin: No such file or directory
```
When build...The current version in the repo (0.4.1-r0) fails to bind mount anything.
```
$ bwrap --ro-bind /bin /bin --ro-bind /lib /lib /bin/busybox sh
bwrap: Can't bind mount /oldroot/bin on /newroot/bin: No such file or directory
```
When building the package myself, it works fine. There is a workaround patch for a realpath issue in aports. The error message is exactly the same as when this patch is not applied.https://gitlab.alpinelinux.org/alpine/aports/-/issues/11528too hard to report bugs2022-07-06T13:40:42ZDan Ackroydtoo hard to report bugsHi,
My name is Danack, and I maintain the PHP Imagick library http://pecl.php.net/package/imagick
It seems that it is really hard for people using Imagick on Alpine to report Alpine related issues. I've had multiple users report issues...Hi,
My name is Danack, and I maintain the PHP Imagick library http://pecl.php.net/package/imagick
It seems that it is really hard for people using Imagick on Alpine to report Alpine related issues. I've had multiple users report issues at https://github.com/Imagick/imagick/ even though as part of the bug report they say something along the lines of:
"Apologies for posting this here, I didn't know where better to post it."
I think they have a point. Even if you know the alpine Imagick project page is here: https://pkgs.alpinelinux.org/package/edge/community/x86/php7-pecl-imagick
Figuring out how to open a bug for the package is not trivial.
There is no 'report a bug' button on that page and clicking on 'bugs' takes me to https://gitlab.alpinelinux.org/ - which 'somewhat surprisingly' does not have any way of reporting bugs on it.
I really think the page at https://pkgs.alpinelinux.org/package/edge/community/x86/php7-pecl-imagick should have a "Report a bug" button that takes the user directly to the correct page to open a bug for that project. Or just a link to view bugs for that project, that has the 'new issue' button on that page.
Oh wow - does this bug reporting system not allow me to select packages......that's not great.
cheers
Dan
Ack
ps - I don't like the word bug. The word 'issue' is far more neutral. e.g. a missing feature is an issue, not a bug.https://gitlab.alpinelinux.org/alpine/aports/-/issues/11527uacme 1.3 was not built for aarch642020-05-12T13:13:42Zshumuacme 1.3 was not built for aarch64[Take a look](https://pkgs.alpinelinux.org/packages?name=uacme&branch=edge).[Take a look](https://pkgs.alpinelinux.org/packages?name=uacme&branch=edge).https://gitlab.alpinelinux.org/alpine/aports/-/issues/11526libvirt: Multiple vulnerabilities (CVE-2020-10703, CVE-2020-12430)2020-05-14T06:51:56ZAlicha CHlibvirt: Multiple vulnerabilities (CVE-2020-10703, CVE-2020-12430)### CVE-2020-10703: Potential denial of service via active pool without target path
A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a...### CVE-2020-10703: Potential denial of service via active pool without target path
A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a read only user.
#### Fixed In Version:
libvirt 6.0.0
#### Reference:
https://security-tracker.debian.org/tracker/CVE-2020-10703
#### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f
### CVE-2020-12430: memory leak in domstats may allow read-only user to perform DoS attack
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-12430
#### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581
### Affected branches:
* [x] master (7734b4b3e750791216f1558be58f0b51607e788d)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11525jbig2dec: Heap-buffer-overflow in jbig2_image_compose (CVE-2020-12268)2020-12-11T04:55:23ZAlicha CHjbig2dec: Heap-buffer-overflow in jbig2_image_compose (CVE-2020-12268)jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12268
* https://security-tracker.debian.org/tracker/CVE-2020-12268
#...jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12268
* https://security-tracker.debian.org/tracker/CVE-2020-12268
#### Patch:
https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
### Affected branches:
* [x] master (3844aa04647ff7fe7442c0b1575c01a394878975)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [ ] 3.8-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11524testing/lockrun: new aport (see mr)2020-05-12T07:47:21ZMikhail Snetkovtesting/lockrun: new aport (see mr)http://unixwiz.net/tools/lockrun.html
Run cron job with overrun protection
Single source code file `lockrun.c` contains license:
```
* ===================================================================
* ======== This software is in...http://unixwiz.net/tools/lockrun.html
Run cron job with overrun protection
Single source code file `lockrun.c` contains license:
```
* ===================================================================
* ======== This software is in the public domain, and can be ========
* ======== used by anybody for any purpose ========
* ===================================================================
```
I don't undestand witch license I can apply. So I chose WTFPL. Can I leave it like that?