alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-26T05:11:34Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10228Package request: libbson-dev2019-07-26T05:11:34ZmuzuigetPackage request: libbson-devBSON is a binary serialization format use by a popular database MongoDB.
Mongo C Driver https://github.com/mongodb/mongo-c-driver provide a
libbson library to use in other program.
- libbson a library providing useful routines relate...BSON is a binary serialization format use by a popular database MongoDB.
Mongo C Driver https://github.com/mongodb/mongo-c-driver provide a
libbson library to use in other program.
- libbson a library providing useful routines related to building,
parsing, and iterating BSON documents.
Thanks.
*(from redmine: issue id 10228, created on 2019-04-11)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10227USB support missing from opensc packages !2020-04-30T18:07:15ZJohn DoeUSB support missing from opensc packages !pkcs15-tool -D
Failed to establish context: Unable to load external module
and
Apr 10 18:59:38 foo user.info :
hotplug\_libudev.c:122:HPReadBundleValues() Cannot open PC/SC drivers
directory: /usr/lib/pcsc/dri
vers
Apr 10 18:59:3...pkcs15-tool -D
Failed to establish context: Unable to load external module
and
Apr 10 18:59:38 foo user.info :
hotplug\_libudev.c:122:HPReadBundleValues() Cannot open PC/SC drivers
directory: /usr/lib/pcsc/dri
vers
Apr 10 18:59:38 foo user.info :
hotplug\_libudev.c:123:HPReadBundleValues() Disabling USB support for
pcscd.
and
ls /usr/lib/pcsc/drivers
ls: /usr/lib/pcsc/drivers: No such file or directory
All of this makes it impossible to use USB smartcards !
*(from redmine: issue id 10227, created on 2019-04-10)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10224regression: rpi0w > boot on pi-armhf-3.9.2 but not on pi-armhf-3.9.32020-04-30T19:48:03ZV Sregression: rpi0w > boot on pi-armhf-3.9.2 but not on pi-armhf-3.9.3the rpi doesn’t even start, so I’m not sure what the problem is.
One thing for sure, it works on 3.9.2
*(from redmine: issue id 10224, created on 2019-04-09)*the rpi doesn’t even start, so I’m not sure what the problem is.
One thing for sure, it works on 3.9.2
*(from redmine: issue id 10224, created on 2019-04-09)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10221Restore MongoDB drivers2020-06-09T10:13:59ZKai RenRestore MongoDB driversWith the commit
[https://git.alpinelinux.org/aports/commit/testing?id=8a901de31fa055ed591d487e12f8bb9ffcc0df21](https://git.alpinelinux.org/aports/commit/testing?id=8a901de31fa055ed591d487e12f8bb9ffcc0df21)
all MongoDB drivers where remo...With the commit
[https://git.alpinelinux.org/aports/commit/testing?id=8a901de31fa055ed591d487e12f8bb9ffcc0df21](https://git.alpinelinux.org/aports/commit/testing?id=8a901de31fa055ed591d487e12f8bb9ffcc0df21)
all MongoDB drivers where removed from the testing repository for the
reason: “Upstream has switched to a nonfree license”.
However, this is not true. For example
https://github.com/mongodb/mongo-c-driver and
https://github.com/mongodb/mongo-php-library have both Apache-2.0
licenses at their master branch. Can these packages be restored? If not,
can you explain the details of this decision further?
*(from redmine: issue id 10221, created on 2019-04-09, closed on 2019-04-10)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10220Enalbe Aquantia atlantic driver in kernel2019-11-26T13:00:55ZYonggang LuoEnalbe Aquantia atlantic driver in kernelAquantia ethernet are more and more common now
*(from redmine: issue id 10220, created on 2019-04-09)*Aquantia ethernet are more and more common now
*(from redmine: issue id 10220, created on 2019-04-09)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10217XFS on GPT boot partition2019-07-23T11:12:10ZAndrew DutyXFS on GPT boot partitionAlpine fails to boot using syslinux when disk is GPT partitioned and
boot partition uses XFS.
These setups work:
MBR + XFS (boot) + XFS (root)
GPT + ext4 (boot) + XFS (root)
This fails (results in “Missing OS” message):
GPT + XFS...Alpine fails to boot using syslinux when disk is GPT partitioned and
boot partition uses XFS.
These setups work:
MBR + XFS (boot) + XFS (root)
GPT + ext4 (boot) + XFS (root)
This fails (results in “Missing OS” message):
GPT + XFS (boot) + XFS (root)
I have tried disabling sparse inodes when creating the XFS boot
partition, as the default behavior for this was recently changed, but
this had no effect.
Environment: VM (SeaBIOS) under KVM. I have tried both the standard and
virt ISOs.
I lack the knowledge to proceed in troubleshooting this and would
appreciate help.
*(from redmine: issue id 10217, created on 2019-04-08, closed on 2019-04-25)*Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10216libc6-compat does not install on reboot2020-04-30T18:06:59ZRyan Campolibc6-compat does not install on rebootUsing Alpine in diskless mode, libc6-compat fails to load.
(4.14.69-0-vanilla \#1-Alpine SMP Mon Sep 10 19:33:23 UTC 2018 x86\_64
Linux,/etc/alpine-release 3.8.1)
This error is presented at top of screen upon a reboot, then the system
c...Using Alpine in diskless mode, libc6-compat fails to load.
(4.14.69-0-vanilla \#1-Alpine SMP Mon Sep 10 19:33:23 UTC 2018 x86\_64
Linux,/etc/alpine-release 3.8.1)
This error is presented at top of screen upon a reboot, then the system
continues to load.
ERROR: libc6-compat-1.1.19-r10: failed to rename
/.apk.a92d152b48d95529c336355de
However, apk list show it installed:
libc6-compat-1.1.19-r10 x86\_64 {musl} (MIT) \[installed\]
Though programs depending on libs from this pkg fail to start. I must
apk del and apk add in order to fix it.
*(from redmine: issue id 10216, created on 2019-04-08)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10215Dvoecot LUA support2023-02-07T15:15:28ZPhillip SchichtelDvoecot LUA supportSince Dovecot release 2.3.0 there is support for LUA-script-based
passdbs and userdbs, however this support is currently not being build
in alpine.
In order to enable LUA support just a few changes are necessary:
1. add the lua dev pac...Since Dovecot release 2.3.0 there is support for LUA-script-based
passdbs and userdbs, however this support is currently not being build
in alpine.
In order to enable LUA support just a few changes are necessary:
1. add the lua dev package to makedepends
2. add a lua subpackage
3. add —with-lua=plugin to the \_configure call in build()
4. create the subpackage with the **\_lua**
*(from redmine: issue id 10215, created on 2019-04-08)*Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10210wget: Buffer overflow vulnerability (CVE-2019-5953)2019-07-23T11:12:16ZAlicha CHwget: Buffer overflow vulnerability (CVE-2019-5953)A buffer overflow vulnerability was found in GNU Wget 1.20.1 and
earlier. An attacker may be able
to cause a denial-of-service (DoS) or may execute an arbitrary code.
### Fixed In Version:
wget 1.20.3
### Reference:
https://jvn.jp/...A buffer overflow vulnerability was found in GNU Wget 1.20.1 and
earlier. An attacker may be able
to cause a denial-of-service (DoS) or may execute an arbitrary code.
### Fixed In Version:
wget 1.20.3
### Reference:
https://jvn.jp/en/jp/JVN25261088/
### Patch:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17
(cosmetic, removes debug lines)
*(from redmine: issue id 10210, created on 2019-04-08, closed on 2019-04-15)*
* Relations:
* child #10211
* child #10212
* child #10213
* child #10214Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10208/etc/periodic/daily/spamassassin-update is useless2019-07-23T11:12:18ZJohn Doe/etc/periodic/daily/spamassassin-update is uselessSorry, but whoever wrote /etc/periodic/daily/spamassassin-update needs
to RTFM. As presently written the script achieves nothing useful.
(1) I quote from
https://spamassassin.apache.org/full/3.2.x/doc/sa-update.html
*“Note that sa-upda...Sorry, but whoever wrote /etc/periodic/daily/spamassassin-update needs
to RTFM. As presently written the script achieves nothing useful.
(1) I quote from
https://spamassassin.apache.org/full/3.2.x/doc/sa-update.html
*“Note that sa-update will not restart spamd or otherwise cause a
scanner to reload the now-updated ruleset automatically. Instead,
sa-update is typically used in something like the following manner:
sa-update && /etc/init.d/spamassassin reload”*
(2) The script also needs to take into account the need to run
*sa-compile* where installed.
*(from redmine: issue id 10208, created on 2019-04-07, closed on 2019-06-19)*Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/102063.9.2 not parsing /etc/network/interfaces correctly2021-01-30T13:21:05ZJohn Doe3.9.2 not parsing /etc/network/interfaces correctlyIf I have an /etc/network/interfaces file like the below, when the
system gets rebooted, only eth0 and eth0:0 are created, eth0:1 never
gets created.
This seems to be a bug of some sort ?
auto lo
iface lo inet loopback
aut...If I have an /etc/network/interfaces file like the below, when the
system gets rebooted, only eth0 and eth0:0 are created, eth0:1 never
gets created.
This seems to be a bug of some sort ?
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.0.2.30
netmask 255.255.255.0
broadcast 192.0.2.255
gateway 192.0.2.250
auto eth0:0
iface eth0:0 inet static
name Foo
address 192.0.2.31
netmask 255.255.255.0
broadcast 192.0.2.255
auto eth0:1
iface eth0:1 inet static
name Bar
address 192.0.2.32
netmask 255.255.255.0
broadcast 192.0.2.255
*(from redmine: issue id 10206, created on 2019-04-07)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10204Spamassassin sa-compile fails on Alpine 3.9.22019-07-26T05:19:34ZJohn DoeSpamassassin sa-compile fails on Alpine 3.9.2apk add spamassassin spamassassin-compiler && sa-update && sa-compile
Results in the following:
Apr 6 22:10:39.407 \[3702\] info: body\_0: 1155 base strings extracted
in 10 seconds
cd /tmp/.spamassassin3702IcCNoItmp
reading bases\_...apk add spamassassin spamassassin-compiler && sa-update && sa-compile
Results in the following:
Apr 6 22:10:39.407 \[3702\] info: body\_0: 1155 base strings extracted
in 10 seconds
cd /tmp/.spamassassin3702IcCNoItmp
reading bases\_body\_0.in
cd Mail-SpamAssassin-CompiledRegexps-body\_0
re2c -i -b -o scanner1.c scanner1.re
re2c -i -b -o scanner2.c scanner2.re
re2c -i -b -o scanner3.c scanner3.re
re2c -i -b -o scanner4.c scanner4.re
re2c -i -b -o scanner5.c scanner5.re
re2c -i -b -o scanner6.c scanner6.re
/usr/bin/perl Makefile.PL PREFIX=/tmp/.spamassassin3702IcCNoItmp/ignored
INSTALLSITEARCH=/var/lib/spamassassin/compiled/5.026/3.004002
Generating a Unix-style Makefile
Writing Makefile for Mail::SpamAssassin::CompiledRegexps::body\_0
Writing MYMETA.yml and MYMETA.json
make PREFIX=/tmp/.spamassassin3702IcCNoItmp/ignored
INSTALLSITEARCH=/var/lib/spamassassin/compiled/5.026/3.004002
Can’t exec “make”: No such file or directory at /usr/bin/sa-compile line
323.
command failed to execute: No such file or directory
*(from redmine: issue id 10204, created on 2019-04-06)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10203openvas-scanner script use a logger option not available on Alpine Linux2019-07-23T11:12:20ZSébastien Prud'hommeopenvas-scanner script use a logger option not available on Alpine LinuxThe new openvas-scanner package submitted in edge today have a script
that is using an option not present on Alpine Linux :
logger: unrecognized option: socket-error=off
BusyBox v1.30.1 (2019-02-16 10:01:46 UTC) multi-call binary.
Us...The new openvas-scanner package submitted in edge today have a script
that is using an option not present on Alpine Linux :
logger: unrecognized option: socket-error=off
BusyBox v1.30.1 (2019-02-16 10:01:46 UTC) multi-call binary.
Usage: logger \[OPTIONS\] \[MESSAGE\]
Write MESSAGE (or stdin) to syslog
-s Log to stderr as well as the system log
-t TAG Log using the specified tag (defaults to user name)
-p PRIO Priority (numeric or facility.level pair)
Here is a patch for that :
diff --git a/tools/greenbone-nvt-sync.in b/tools/greenbone-nvt-sync.in
index d4f95c5..f507d7e 100644
--- a/tools/greenbone-nvt-sync.in
+++ b/tools/greenbone-nvt-sync.in
@@ -92,7 +92,7 @@ check_logger () {
logger --socket-error=on -p daemon.info -t $SCRIPT_NAME "Checking logger" --no-act 1>/dev/null 2>&1
if [ $? -gt 0 ]
then
- LOG_CMD="logger --socket-error=off -s -t $SCRIPT_NAME"
+ LOG_CMD="logger -s -t $SCRIPT_NAME"
$LOG_CMD -p daemon.warning "The log facility is not working as expected. All messages will be written to the standard error stream."
fi
}
*(from redmine: issue id 10203, created on 2019-04-06, closed on 2019-06-19)*
* Changesets:
* Revision 2c6d619198b5f755efe18e41921e9c1061ad81ac by Francesco Colista on 2019-04-07T06:40:07Z:
```
community/openvas-scanner: add dependency to make logger work fully. Fixes #10203
```Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10202tzdata out of date2019-07-23T11:12:21Ztcelytzdata out of datehttps://github.com/alpinelinux/aports/pull/6881
*(from redmine: issue id 10202, created on 2019-04-06, closed on 2019-06-19)*
* Changesets:
* Revision d7631d72560e54b9f0caa8a04c8c504c7e7c896d on 2019-04-30T12:15:36Z:
```
main/tzdat...https://github.com/alpinelinux/aports/pull/6881
*(from redmine: issue id 10202, created on 2019-04-06, closed on 2019-06-19)*
* Changesets:
* Revision d7631d72560e54b9f0caa8a04c8c504c7e7c896d on 2019-04-30T12:15:36Z:
```
main/tzdata: upgrade to 2019a
ref #10202
```
* Revision befba36fdb9aa7b8eb391cf7c8a05cd8613df878 on 2019-04-30T12:21:12Z:
```
main/tzdata: upgrade to 2019a
ref #10202
```
* Revision 3a02f275595824223d98464b032c6b73d7c5b6dd by Andy Postnikov on 2019-04-30T12:26:09Z:
```
main/tzdata: upgrade to 2019a
fixes #10202
```Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10199Illegal instruction (SIGILL) in libaprutil-1.so.02021-09-27T16:13:16ZthealikIllegal instruction (SIGILL) in libaprutil-1.so.0When running Apache with SSL enabled, httpd processes frequently crash
with the following message:
[Mon Apr 01 13:21:49.170358 2019] [core:notice] [pid 1:tid 140156675435368] AH00051: child pid 332 exit signal Illegal instruction (4...When running Apache with SSL enabled, httpd processes frequently crash
with the following message:
[Mon Apr 01 13:21:49.170358 2019] [core:notice] [pid 1:tid 140156675435368] AH00051: child pid 332 exit signal Illegal instruction (4), possible coredump in /usr/local/apache2
No issues when the exact same image ran in the same configuration on a
VM without AES-NI.
Coredump:
warning: .dynamic section for "/usr/lib/libssl.so.1.1" is not at the expected address (wrong library or version mismatch?)
Core was generated by `httpd -DFOREGROUND'.
Program terminated with signal SIGILL, Illegal instruction.
#0 0x00007f93c3da265b in apr_brigade_flatten () from /usr/lib/libaprutil-1.so.0
[Current thread is 1 (LWP 210)]
(gdb) bt
#0 0x00007f93c3da265b in apr_brigade_flatten () from /usr/lib/libaprutil-1.so.0
#1 0x00007f93c38ef8f3 in get_line () from /usr/local/apache2/modules/mod_http2.so
#2 0x00007f93c38f0690 in h2_from_h1_parse_response () from /usr/local/apache2/modules/mod_http2.so
#3 0x00007f93c391cffb in h2_filter_parse_h1 () from /usr/local/apache2/modules/mod_http2.so
#4 0x000055a3e961729c in ap_pass_brigade ()
#5 0x000055a3e96607bc in ap_process_request_after_handler ()
#6 0x000055a3e9661047 in ap_process_async_request ()
#7 0x000055a3e9661080 in ap_process_request ()
#8 0x00007f93c391e794 in h2_task_process_request () from /usr/local/apache2/modules/mod_http2.so
#9 0x00007f93c391f0ea in h2_task_process_conn () from /usr/local/apache2/modules/mod_http2.so
#10 0x000055a3e964ebef in ap_run_process_connection ()
#11 0x00007f93c391df63 in h2_task_do () from /usr/local/apache2/modules/mod_http2.so
#12 0x00007f93c39248eb in slot_run () from /usr/local/apache2/modules/mod_http2.so
#13 0x00007f93c3e714d8 in ?? () from /lib/ld-musl-x86_64.so.1
#14 0x0000000000000000 in ?? ()
CPU: Intel® Celeron® CPU J3455 @ 1.50GHz
CPU Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx
pdpe1gb rdtscp lm constant\_tsc art arch\_perfmon pebs bts rep\_good
nopl xtopology tsc\_reliable nonstop\_tsc cpuid aperfmperf
tsc\_known\_freq pni pclmulqdq dtes64 ds\_cpl vmx est tm2 ssse3 sdbg
cx16 xtpr pdcm sse4\_1 sse4\_2 x2apic movbe popcnt tsc\_deadline\_timer
aes xsave rdrand lahf\_lm 3dnowprefetch cpuid\_fault cat\_l2 ibrs ibpb
stibp tpr\_shadow vnmi flexpriority ept vpid fsgsbase tsc\_adjust smep
erms mpx rdt\_a rdseed smap clflushopt intel\_pt sha\_ni xsaveopt xsavec
xgetbv1 xsaves dtherm ida arat pln pts arch\_capabilities
I first opened this issue against Alpine Docker image, please see it
here for more details:
https://github.com/docker-library/httpd/issues/128
*(from redmine: issue id 10199, created on 2019-04-04)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10198main/lvm2: update patches for actual version(2.02.182)2020-03-16T01:48:16ZIlya Fedorushkovmain/lvm2: update patches for actual version(2.02.182)Problem:
Last fix-stdio-usage.patch updates for version v2\_02\_166 in
commit(https://github.com/alpinelinux/aports/commit/ea1e601d5000aa6e6ff8348c23bef5568703ebe0)
Last mlockall-default-config.patch updates for version v2\_02\_135 in...Problem:
Last fix-stdio-usage.patch updates for version v2\_02\_166 in
commit(https://github.com/alpinelinux/aports/commit/ea1e601d5000aa6e6ff8348c23bef5568703ebe0)
Last mlockall-default-config.patch updates for version v2\_02\_135 in
commit(https://github.com/alpinelinux/aports/commit/be05d69d9f75822e37f283ebb7a6823e2dc46d7f)
In result patches incompatible:
\`\`\`
/LVM2.2.02.182/patches \# wget -q
https://git.alpinelinux.org/aports/plain/main/lvm2/fix-stdio-usage.patch
/LVM2.2.02.182/patches \# wget -q
https://git.alpinelinux.org/aports/plain/main/lvm2/mlockall-default-config.patch
…
/LVM2.2.02.182 \# patch —dry-run -p0 <
patches/fix-stdio-usage.patch
patching file ./tools/lvmcmdline.c
patching file ./lib/commands/toolcontext.c
Hunk 1 FAILED 1860/1860.
/\* FIXME Make this configurable? \*/
reset\_lvm\_errno(1);
-\#ifndef VALGRIND\_POOL
+\#if !defined(VALGRIND\_POOL) && defined(*GLIBC*)
/\* Set in/out stream buffering before glibc \*/
if (set\_buffering) {
/\* Allocate 2 buffers \*/
/LVM2.2.02.182 \# patch —dry-run -p1 <
patches/mlockall-default-config.patch
patching file conf/example.conf.in
patching file lib/config/defaults.h
Hunk 1 FAILED 53/53.
\#define DEFAULT\_WAIT\_FOR\_LOCKS 1
\#define DEFAULT\_LVMLOCKD\_LOCK\_RETRIES 3
\#define DEFAULT\_PRIORITISE\_WRITE\_LOCKS 1
-\#define DEFAULT\_USE\_MLOCKALL 0
+\#define DEFAULT\_USE\_MLOCKALL 1
\#define DEFAULT\_METADATA\_READ\_ONLY 0
\#define DEFAULT\_LVDISPLAY\_SHOWS\_FULL\_DEVICE\_PATH 0
\`\`\`
PR with fixes: https://github.com/alpinelinux/aports/pull/6941
*(from redmine: issue id 10198, created on 2019-04-04)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10192putty: Multiple vulnerabilities (CVE-2019-9894, CVE-2019-9895, CVE-2019-9897,...2019-07-23T11:12:28ZAlicha CHputty: Multiple vulnerabilities (CVE-2019-9894, CVE-2019-9895, CVE-2019-9897, CVE-2019-9898)**CVE-2019-9894**: A remotely triggerable memory overwrite in RSA key
exchange in
PuTTY before 0.71 can occur before host key verification.
### Fixed In Version:
putty 0.71
### References:
https://www.chiark.greenend.org.uk/~sgtath...**CVE-2019-9894**: A remotely triggerable memory overwrite in RSA key
exchange in
PuTTY before 0.71 can occur before host key verification.
### Fixed In Version:
putty 0.71
### References:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rsa-kex-integer-overflow.html
https://nvd.nist.gov/vuln/detail/CVE-2019-9894
### Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d82854999516046122501b2e145099740ed0284f
**CVE-2019-9895**: In PuTTY versions before 0.71 on Unix, a remotely
triggerable
buffer overflow exists in any kind of server-to-client forwarding.
### Fixed In Version:
putty 0.71
### References:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://nvd.nist.gov/vuln/detail/CVE-2019-9895
### Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=5c926d9ea4a9e0a0a2384f06c7583648cdff3ed6
**CVE-2019-9897**: Multiple denial-of-service attacks that can be
triggered by writing
to the terminal exist in PuTTY versions before 0.71.
### Fixed In Version:
putty 0.71
### References:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://security-tracker.debian.org/tracker/CVE-2019-9897
### Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=da1c8f15b1bc14c855f0027cf06ba7f1a9c36f3c
**CVE-2019-9898**: Potential recycling of random numbers used in
cryptography exists within PuTTY before 0.71.
### Fixed In Version:
putty 0.71
### References:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rng-reuse.html
### Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=320bf8479ff5bcbad239db4f9f4aa63656b0675e
*(from redmine: issue id 10192, created on 2019-04-04, closed on 2019-04-15)*
* Relations:
* child #10193
* child #10194
* child #10195
* child #10196
* child #10197Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10191ppc64le openssl package version differs from other architectures2019-07-23T11:12:29ZManjunath Kumatagippc64le openssl package version differs from other architecturesopenssl for ppc64le architecture does not match with the other
architectures.
more info:
https://pkgs.alpinelinux.org/packages?name=openssl&branch=v3.6
*(from redmine: issue id 10191, created on 2019-04-03, closed on 2019-04-03)*openssl for ppc64le architecture does not match with the other
architectures.
more info:
https://pkgs.alpinelinux.org/packages?name=openssl&branch=v3.6
*(from redmine: issue id 10191, created on 2019-04-03, closed on 2019-04-03)*Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10185apache2: Multiple vulnerabilities (CVE-2019-0196, CVE-2019-0197, CVE-2019-021...2019-07-23T11:12:36ZAlicha CHapache2: Multiple vulnerabilities (CVE-2019-0196, CVE-2019-0197, CVE-2019-0211, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220)CVE-2019-0196: mod\_http2, read-after-free on a string compare
--------------------------------------------------------------
Using fuzzed network input, the http/2 request
handling could be made to access freed memory in string
com...CVE-2019-0196: mod\_http2, read-after-free on a string compare
--------------------------------------------------------------
Using fuzzed network input, the http/2 request
handling could be made to access freed memory in string
comparision when determining the method of a request and
thus process the request incorrectly.
### Versions Affected:
httpd 2.4.17 to 2.4.38
### Fixed In Version:
Apache httpd 2.4.39
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2019-0197: mod\_http2, possible crash on late upgrade
---------------------------------------------------------
When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for
h2
on a https: host, an Upgrade request from http/1.1 to http/2 that was
not the first request on a connection could lead to a misconfiguration
and crash. Servers that never enabled the h2 protocol or only enabled
it
for https: and did not set“H2Upgrade on” are unaffected by this issue.
### Versions Affected:
httpd 2.4.34 to 2.4.38
### Fixed In Version:
Apache httpd 2.4.39
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
https://www.openwall.com/lists/oss-security/2019/04/02/2
CVE-2019-0211: Apache HTTP Server privilege escalation from modules’ scripts
----------------------------------------------------------------------------
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event,
worker or prefork, code executing in less-privileged child processes
or threads (including scripts executed by an in-process scripting
interpreter) could execute arbitrary code with the privileges of the
parent process (usually root) by manipulating the scoreboard. Non-Unix
systems are not affected.
### Fixed In Version:
Apache httpd 2.4.39
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
https://www.openwall.com/lists/oss-security/2019/04/02/3
CVE-2019-0215: mod\_ssl access control bypass
---------------------------------------------
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a
bug in mod\_ssl when using per-location client certificate
verification with TLSv1.3 allowed a client to bypass
configured access control restrictions.
### Fixed In Version:
Apache httpd 2.4.39
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
https://www.openwall.com/lists/oss-security/2019/04/02/4
CVE-2019-0217: mod\_auth\_digest access control bypass
------------------------------------------------------
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition
in mod\_auth\_digest when running in a threaded server could allow a
user with valid credentials to authenticate using another username,
bypassing configured access control restrictions.
### Fixed In Version:
Apache httpd 2.4.39
### References:
https://www.openwall.com/lists/oss-security/2019/04/02/5
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2019-0220: URL normalization inconsistincies
------------------------------------------------
When the path component of a request URL contains multiple consecutive
slashes
(‘/’), directives such as LocationMatch and RewriteRule must account
for
duplicates in regular expressions while other aspects of the servers
processing
will implicitly collapse them.
### Versions Affected:
httpd 2.4.0 to 2.4.38
### Fixed In Version:
Apache httpd 2.4.39
References:
https://httpd.apache.org/security/vulnerabilities\_24.html
*(from redmine: issue id 10185, created on 2019-04-02, closed on 2019-04-04)*
* Relations:
* child #10186
* child #10187
* child #10188
* child #10189
* child #10190Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10184postgresql: upgrade to fix fsync issue2019-07-23T11:12:41ZMilan P. Stanićpostgresql: upgrade to fix fsync issueAccording to https://www.postgresql.org/about/news/1920/
there was a long time serious problem how fsync works.
So postgresql should be upgraded on all Alpine releases which
are still maintained.
I tested upgrade on current stabl...According to https://www.postgresql.org/about/news/1920/
there was a long time serious problem how fsync works.
So postgresql should be upgraded on all Alpine releases which
are still maintained.
I tested upgrade on current stable and edge to version 11.2 and
it worked without issue (or I simply didn’t seen any till now)
*(from redmine: issue id 10184, created on 2019-04-02, closed on 2019-04-03)*