alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T14:08:18Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2836[3.x.x] Warning! ehci_hcd should always be loaded before uhci_hcd and ohci_hc...2019-07-23T14:08:18ZPanthera Tigris[3.x.x] Warning! ehci_hcd should always be loaded before uhci_hcd and ohci_hcd, not afterIt seems, during boot the UHCI driver is being loaded before the EHCI
driver, which generates a warning in dmsg (see below @ 5.140022). This
is related to
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9beeee65...It seems, during boot the UHCI driver is being loaded before the EHCI
driver, which generates a warning in dmsg (see below @ 5.140022). This
is related to
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9beeee6584b9aa4f9192055512411484a2a624df&id2=2b70f07343389cb474235def00b021a645ede916
Please, ignore the device descriptor errors shown in the log @ 6.500953
and later, that are caused by a wacky USB device and have nothing to do
with the issue reported.
\[ 5.102694\] uhci\_hcd: USB Universal Host Controller Interface
driver
\[ 5.102868\] xen: registering gsi 23 triggering 0 polarity 1
\[ 5.102880\] Already setup the GSI :23
\[ 5.102920\] uhci\_hcd 0000:00:1d.0: setting latency timer to 64
\[ 5.102931\] uhci\_hcd 0000:00:1d.0: UHCI Host Controller
\[ 5.102946\] uhci\_hcd 0000:00:1d.0: new USB bus registered, assigned
bus number 1
\[ 5.103066\] uhci\_hcd 0000:00:1d.0: irq 23, io base 0x000040a0
\[ 5.103245\] usb usb1: New USB device found, idVendor=1d6b,
idProduct=0001
\[ 5.103252\] usb usb1: New USB device strings: Mfr=3, Product=2,
SerialNumber=1
\[ 5.103258\] usb usb1: Product: UHCI Host Controller
\[ 5.103263\] usb usb1: Manufacturer: Linux 3.10.36-0-grsec uhci\_hcd
\[ 5.103268\] usb usb1: SerialNumber: 0000:00:1d.0
\[ 5.104624\] hub 1-0:1.0: USB hub found
\[ 5.104651\] hub 1-0:1.0: 2 ports detected
\[ 5.105167\] xen: registering gsi 19 triggering 0 polarity 1
\[ 5.105180\] Already setup the GSI :19
\[ 5.105230\] uhci\_hcd 0000:00:1d.1: setting latency timer to 64
\[ 5.105246\] uhci\_hcd 0000:00:1d.1: UHCI Host Controller
\[ 5.105268\] uhci\_hcd 0000:00:1d.1: new USB bus registered, assigned
bus number 2
\[ 5.105431\] uhci\_hcd 0000:00:1d.1: irq 19, io base 0x00004080
\[ 5.105672\] usb usb2: New USB device found, idVendor=1d6b,
idProduct=0001
\[ 5.105682\] usb usb2: New USB device strings: Mfr=3, Product=2,
SerialNumber=1
\[ 5.105691\] usb usb2: Product: UHCI Host Controller
\[ 5.105699\] usb usb2: Manufacturer: Linux 3.10.36-0-grsec uhci\_hcd
\[ 5.105707\] usb usb2: SerialNumber: 0000:00:1d.1
\[ 5.114001\] hub 2-0:1.0: USB hub found
\[ 5.114026\] hub 2-0:1.0: 2 ports detected
\[ 5.114619\] xen: registering gsi 18 triggering 0 polarity 1
\[ 5.114634\] Already setup the GSI :18
\[ 5.114688\] uhci\_hcd 0000:00:1d.2: setting latency timer to 64
\[ 5.114707\] uhci\_hcd 0000:00:1d.2: UHCI Host Controller
\[ 5.114727\] uhci\_hcd 0000:00:1d.2: new USB bus registered, assigned
bus number 3
\[ 5.114891\] uhci\_hcd 0000:00:1d.2: irq 18, io base 0x00004060
\[ 5.115150\] usb usb3: New USB device found, idVendor=1d6b,
idProduct=0001
\[ 5.115161\] usb usb3: New USB device strings: Mfr=3, Product=2,
SerialNumber=1
\[ 5.115169\] usb usb3: Product: UHCI Host Controller
\[ 5.115176\] usb usb3: Manufacturer: Linux 3.10.36-0-grsec uhci\_hcd
\[ 5.115184\] usb usb3: SerialNumber: 0000:00:1d.2
\[ 5.119577\] hub 3-0:1.0: USB hub found
\[ 5.119610\] hub 3-0:1.0: 2 ports detected
\[ 5.120175\] xen: registering gsi 16 triggering 0 polarity 1
\[ 5.120188\] Already setup the GSI :16
\[ 5.120240\] uhci\_hcd 0000:00:1d.3: setting latency timer to 64
\[ 5.120257\] uhci\_hcd 0000:00:1d.3: UHCI Host Controller
\[ 5.120280\] uhci\_hcd 0000:00:1d.3: new USB bus registered, assigned
bus number 4
\[ 5.120444\] uhci\_hcd 0000:00:1d.3: irq 16, io base 0x00004040
\[ 5.120702\] usb usb4: New USB device found, idVendor=1d6b,
idProduct=0001
\[ 5.120713\] usb usb4: New USB device strings: Mfr=3, Product=2,
SerialNumber=1
\[ 5.120721\] usb usb4: Product: UHCI Host Controller
\[ 5.120730\] usb usb4: Manufacturer: Linux 3.10.36-0-grsec uhci\_hcd
\[ 5.120738\] usb usb4: SerialNumber: 0000:00:1d.3
\[ 5.134539\] hub 4-0:1.0: USB hub found
\[ 5.134567\] hub 4-0:1.0: 2 ports detected
\[ 5.140013\] ehci\_hcd: USB 2.0 ‘Enhanced’ Host Controller (EHCI)
Driver
\[ 5.140022\] Warning! ehci\_hcd should always be loaded before
uhci\_hcd and ohci\_hcd, not after
\[ 5.143366\] ehci-pci: EHCI PCI platform driver
\[ 5.143592\] xen: registering gsi 23 triggering 0 polarity 1
\[ 5.143606\] Already setup the GSI :23
\[ 5.143694\] ehci-pci 0000:00:1d.7: setting latency timer to 64
\[ 5.163483\] ehci-pci 0000:00:1d.7: EHCI Host Controller
\[ 5.163514\] ehci-pci 0000:00:1d.7: new USB bus registered, assigned
bus number 5
\[ 5.163571\] ehci-pci 0000:00:1d.7: debug port 1
\[ 5.167664\] ehci-pci 0000:00:1d.7: cache line size of 64 is not
supported
\[ 5.167697\] ehci-pci 0000:00:1d.7: irq 23, io mem 0xd0804400
\[ 5.177695\] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
\[ 5.177745\] usb usb5: New USB device found, idVendor=1d6b,
idProduct=0002
\[ 5.177752\] usb usb5: New USB device strings: Mfr=3, Product=2,
SerialNumber=1
\[ 5.177757\] usb usb5: Product: EHCI Host Controller
\[ 5.177763\] usb usb5: Manufacturer: Linux 3.10.36-0-grsec ehci\_hcd
\[ 5.177768\] usb usb5: SerialNumber: 0000:00:1d.7
\[ 5.178899\] hub 5-0:1.0: USB hub found
\[ 5.178916\] hub 5-0:1.0: 8 ports detected
\[ 5.180247\] hub 1-0:1.0: USB hub found
\[ 5.180269\] hub 1-0:1.0: 2 ports detected
\[ 5.180956\] hub 2-0:1.0: USB hub found
\[ 5.180985\] hub 2-0:1.0: 2 ports detected
\[ 5.184613\] hub 3-0:1.0: USB hub found
\[ 5.184644\] hub 3-0:1.0: 2 ports detected
\[ 5.186959\] hub 4-0:1.0: USB hub found
\[ 5.186982\] hub 4-0:1.0: 2 ports detected
\[ 5.204972\] xen: registering gsi 19 triggering 0 polarity 1
\[ 5.204986\] Already setup the GSI :19
\[ 5.205059\] i801\_smbus 0000:00:1f.3: SMBus using PCI Interrupt
\[ 5.545786\] EXT4-fs (sda2): mounted filesystem with ordered data mode.
Opts: (null)
\[ 5.794304\] usb 5-8: new high-speed USB device number 4 using
ehci-pci
\[ 5.918009\] usb 5-8: New USB device found, idVendor=058f,
idProduct=6254
\[ 5.918018\] usb 5-8: New USB device strings: Mfr=0, Product=0,
SerialNumber=0
\[ 5.919235\] hub 5-8:1.0: USB hub found
\[ 5.919416\] hub 5-8:1.0: 4 ports detected
\[ 6.384292\] usb 2-2: new low-speed USB device number 2 using
uhci\_hcd
\[ 6.500953\] usb 2-2: device descriptor read/64, error –71
\[ 6.720998\] usb 2-2: device descriptor read/64, error –71
\[ 6.930962\] usb 2-2: new low-speed USB device number 3 using
uhci\_hcd
\[ 6.991598\] udevd\[896\]: starting version 175
\[ 7.047637\] usb 2-2: device descriptor read/64, error –71
\[ 7.267663\] usb 2-2: device descriptor read/64, error –71
*(from redmine: issue id 2836, created on 2014-04-10, closed on 2014-05-28)*
* Relations:
* copied_to #2965https://gitlab.alpinelinux.org/alpine/aports/-/issues/2835Freeradius fail to start2019-07-23T14:07:40ZLingbing JiangFreeradius fail to startThis is the second time I saw that libssl upgrade broke freeradius.
Maybe there is a build tool issue here always prevent the freeradius got
built with the latest libssl.
localhost:/var/log\# /usr/sbin/radiusd -X
libssl version mismat...This is the second time I saw that libssl upgrade broke freeradius.
Maybe there is a build tool issue here always prevent the freeradius got
built with the latest libssl.
localhost:/var/log\# /usr/sbin/radiusd -X
libssl version mismatch. Built with: 1000106f Linked: 1000107f
*(from redmine: issue id 2835, created on 2014-04-08, closed on 2015-12-09)*
* Changesets:
* Revision b58ac471f72c5b941fc07f27abddcc7d82aed2e8 on 2014-04-08T16:43:16Z:
```
main/freeradius: rebuild against new openssl. Fixes #2835
```
* Revision 21261928b01ff60012fcc177a859cc859e39303c on 2014-04-08T16:44:15Z:
```
main/freeradius: rebuild against new openssl. Fixes #2835
(cherry picked from commit b58ac471f72c5b941fc07f27abddcc7d82aed2e8)
```
* Revision b62a86b8d8ef8eb4b0b40d08579ee546938ce827 on 2014-04-08T16:48:39Z:
```
main/freeradius: rebuild against new openssl. Fixes #2835
```
* Revision 3b20c957e35fd291082cd04a309ebab3075675a8 on 2014-04-08T16:58:35Z:
```
main/freeradius: rebuild against new openssl. Fixes #2835
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/2834Package request: GlusterFS2021-07-07T18:37:12Zmastr y0daPackage request: GlusterFSWould it be possible to get a gluster package built?
-m
*(from redmine: issue id 2834, created on 2014-04-06)*Would it be possible to get a gluster package built?
-m
*(from redmine: issue id 2834, created on 2014-04-06)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/2833Package request: EnhanceIO kernel module2020-01-18T20:17:37Zmastr y0daPackage request: EnhanceIO kernel moduleWould it be possible to get an Enhance-Io Package built?
-m
*(from redmine: issue id 2833, created on 2014-04-06)*Would it be possible to get an Enhance-Io Package built?
-m
*(from redmine: issue id 2833, created on 2014-04-06)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/2832ZFS on Linux package2019-07-23T13:51:28Zmastr y0daZFS on Linux packageWould it be possible to get a zfsonlinux package for alpinelinux?
I was considering trying to build it myself, but i can’t seem to
track down any documentation on pulling the sources to build against?
*(from redmine: issue id 2832,...Would it be possible to get a zfsonlinux package for alpinelinux?
I was considering trying to build it myself, but i can’t seem to
track down any documentation on pulling the sources to build against?
*(from redmine: issue id 2832, created on 2014-04-06, closed on 2015-12-09)*
* Relations:
* relates #4434
* relates #43703.3.0https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/2831apk upgrade --available should not consider cache as available repo2019-07-14T07:32:50ZNatanael Copaapk upgrade --available should not consider cache as available repoWhen doing apk upgrade —available, apk will consider cached (adn
installed?) packages as available. We want it to always prefer the
repository version and not the installed when doing —available.
*(from redmine: issue id 2831, created ...When doing apk upgrade —available, apk will consider cached (adn
installed?) packages as available. We want it to always prefer the
repository version and not the installed when doing —available.
*(from redmine: issue id 2831, created on 2014-04-04, closed on 2014-04-17)*
* Changesets:
* Revision ec1a3d57ab66e4b5159d280809e0e5f09867dcff by Timo Teräs on 2014-04-04T09:56:13Z:
```
solver: do not consider packages in cache as 'available'
'available' really means 'available in one or more configured
repository'. Cache is not a repository we track, so those are
only available for installation, but not available as preferred
to be installed from repository. fixes #2831.
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/2830[v2.7] openswan: remote DoS (CVE-2013-6466)2019-07-23T14:10:15ZAlexander Belous[v2.7] openswan: remote DoS (CVE-2013-6466)Openswan 2.6.39 and earlier allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon restart) via IKEv2
packets that lack expected payloads.
•MISC: https://libreswan.org/security/CVE-2013-6467/CVE-20...Openswan 2.6.39 and earlier allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon restart) via IKEv2
packets that lack expected payloads.
•MISC: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
•REDHAT:RHSA-2014:0185
•URL: http://rhn.redhat.com/errata/RHSA-2014-0185.html
•XF:openswan-cve20136466-dos(90524)
•URL: http://xforce.iss.net/xforce/xfdb/90524
*(from redmine: issue id 2830, created on 2014-04-03, closed on 2014-04-21)*
* Relations:
* parent #2826
* Changesets:
* Revision f61b6c8609c53376958880ab2a1741f6888859a4 by Timo Teräs on 2014-04-17T09:01:16Z:
```
main/openswan: security upgrade to 2.6.41 (CVE-2013-6466)
fixes #2830
```Alpine 2.7.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2829[v2.6] openswan: remote DoS (CVE-2013-6466)2019-07-23T14:10:16ZAlexander Belous[v2.6] openswan: remote DoS (CVE-2013-6466)Openswan 2.6.39 and earlier allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon restart) via IKEv2
packets that lack expected payloads.
•MISC: https://libreswan.org/security/CVE-2013-6467/CVE-20...Openswan 2.6.39 and earlier allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon restart) via IKEv2
packets that lack expected payloads.
•MISC: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
•REDHAT:RHSA-2014:0185
•URL: http://rhn.redhat.com/errata/RHSA-2014-0185.html
•XF:openswan-cve20136466-dos(90524)
•URL: http://xforce.iss.net/xforce/xfdb/90524
*(from redmine: issue id 2829, created on 2014-04-03, closed on 2014-04-21)*
* Relations:
* parent #2826
* Changesets:
* Revision 59f82a99051677a0a8ffbd33585293f529cf627c by Timo Teräs on 2014-04-18T14:45:15Z:
```
main/openswan: security upgrade to 2.6.41 (CVE-2013-6466)
fixes #2829
```
* Revision 95c7f93375ff9e15f0ccd68ff25ae08f230dec98 by Timo Teräs on 2014-04-18T14:46:38Z:
```
main/openswan: security upgrade to 2.6.41 (CVE-2013-6466)
fixes #2829
```Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2828[v2.5] openswan: remote DoS (CVE-2013-6466)2019-07-23T14:10:17ZAlexander Belous[v2.5] openswan: remote DoS (CVE-2013-6466)Openswan 2.6.39 and earlier allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon restart) via IKEv2
packets that lack expected payloads.
•MISC: https://libreswan.org/security/CVE-2013-6467/CVE-20...Openswan 2.6.39 and earlier allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon restart) via IKEv2
packets that lack expected payloads.
•MISC: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
•REDHAT:RHSA-2014:0185
•URL: http://rhn.redhat.com/errata/RHSA-2014-0185.html
•XF:openswan-cve20136466-dos(90524)
•URL: http://xforce.iss.net/xforce/xfdb/90524
*(from redmine: issue id 2828, created on 2014-04-03, closed on 2014-04-21)*
* Relations:
* parent #2826Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2827[v2.4] openswan: remote DoS (CVE-2013-6466)2019-07-23T14:10:18ZAlexander Belous[v2.4] openswan: remote DoS (CVE-2013-6466)Openswan 2.6.39 and earlier allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon restart) via IKEv2
packets that lack expected payloads.
•MISC: https://libreswan.org/security/CVE-2013-6467/CVE-20...Openswan 2.6.39 and earlier allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon restart) via IKEv2
packets that lack expected payloads.
•MISC: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
•REDHAT:RHSA-2014:0185
•URL: http://rhn.redhat.com/errata/RHSA-2014-0185.html
•XF:openswan-cve20136466-dos(90524)
•URL: http://xforce.iss.net/xforce/xfdb/90524
*(from redmine: issue id 2827, created on 2014-04-03, closed on 2014-04-21)*
* Relations:
* parent #2826
* Changesets:
* Revision 1df893d29e73824172978ca87bc5575b1fcace34 by Timo Teräs on 2014-04-18T15:04:02Z:
```
main/openswan: security upgrade to 2.6.41 (CVE-2013-6466)
fixes #2827
```Alpine 2.4.12Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2826openswan: remote DoS (CVE-2013-6466)2019-07-23T14:10:19ZAlexander Belousopenswan: remote DoS (CVE-2013-6466)Openswan 2.6.39 and earlier allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon restart) via IKEv2
packets that lack expected payloads.
•MISC: https://libreswan.org/security/CVE-2013-6467/CVE-20...Openswan 2.6.39 and earlier allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon restart) via IKEv2
packets that lack expected payloads.
•MISC: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
•REDHAT:RHSA-2014:0185
•URL: http://rhn.redhat.com/errata/RHSA-2014-0185.html
•XF:openswan-cve20136466-dos(90524)
•URL: http://xforce.iss.net/xforce/xfdb/90524
*(from redmine: issue id 2826, created on 2014-04-03, closed on 2014-04-21)*
* Relations:
* child #2827
* child #2828
* child #2829
* child #2830https://gitlab.alpinelinux.org/alpine/aports/-/issues/2825[v2.7] a2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)2019-07-23T14:10:20ZAlexander Belous[v2.7] a2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)Several vulnerabilities have been found in a2ps, an ‘Anything to
PostScript’ converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2001-1593
The spy\_user function which ...Several vulnerabilities have been found in a2ps, an ‘Anything to
PostScript’ converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2001-1593
The spy\_user function which is called when a2ps is invoked with the
—debug flag insecurely used temporary files.
http://seclists.org/oss-sec/2014/q1/257
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
https://bugzilla.redhat.com/show\_bug.cgi?id=1060630
PATCH:
http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
CVE-2014-0466
Brian M. Carlson reported that a2ps’s fixps script does not invoke gs
with the -dSAFER option. Consequently executing fixps on a malicious
PostScript file could result in files being deleted or arbitrary
commands being executed with the privileges of the user running fixps.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
PATCH:
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=a2ps-4.14-1.3-nmu.diff;att=1;bug=742902
*(from redmine: issue id 2825, created on 2014-04-03, closed on 2014-04-18)*
* Relations:
* parent #2821
* Changesets:
* Revision 8d6047b8be70cba29f22c2d0f809907e7367bcbb by Natanael Copa on 2014-04-18T11:22:00Z:
```
main/a2ps: security fix for CVE-2001-1593 and CVE-2014-0466
fixes #2825
(cherry picked from commit 9544460de3b7282c473654a2a67586c6645a05c1)
```Alpine 2.7.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2824[v2.6] a2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)2019-07-23T14:10:21ZAlexander Belous[v2.6] a2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)Several vulnerabilities have been found in a2ps, an ‘Anything to
PostScript’ converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2001-1593
The spy\_user function which ...Several vulnerabilities have been found in a2ps, an ‘Anything to
PostScript’ converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2001-1593
The spy\_user function which is called when a2ps is invoked with the
—debug flag insecurely used temporary files.
http://seclists.org/oss-sec/2014/q1/257
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
https://bugzilla.redhat.com/show\_bug.cgi?id=1060630
PATCH:
http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
CVE-2014-0466
Brian M. Carlson reported that a2ps’s fixps script does not invoke gs
with the -dSAFER option. Consequently executing fixps on a malicious
PostScript file could result in files being deleted or arbitrary
commands being executed with the privileges of the user running fixps.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
PATCH:
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=a2ps-4.14-1.3-nmu.diff;att=1;bug=742902
*(from redmine: issue id 2824, created on 2014-04-03, closed on 2014-04-18)*
* Relations:
* parent #2821
* Changesets:
* Revision 5290aa6bd3d877fe9f42553936e6d5be623c469d by Natanael Copa on 2014-04-18T11:30:11Z:
```
main/a2ps: security fix for CVE-2001-1593 and CVE-2014-0466
fixes #2824
(cherry picked from commit 9544460de3b7282c473654a2a67586c6645a05c1)
Conflicts:
main/a2ps/APKBUILD
```Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2823[v2.5] a2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)2019-07-23T14:10:22ZAlexander Belous[v2.5] a2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)Several vulnerabilities have been found in a2ps, an ‘Anything to
PostScript’ converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2001-1593
The spy\_user function which ...Several vulnerabilities have been found in a2ps, an ‘Anything to
PostScript’ converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2001-1593
The spy\_user function which is called when a2ps is invoked with the
—debug flag insecurely used temporary files.
http://seclists.org/oss-sec/2014/q1/257
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
https://bugzilla.redhat.com/show\_bug.cgi?id=1060630
PATCH:
http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
CVE-2014-0466
Brian M. Carlson reported that a2ps’s fixps script does not invoke gs
with the -dSAFER option. Consequently executing fixps on a malicious
PostScript file could result in files being deleted or arbitrary
commands being executed with the privileges of the user running fixps.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
PATCH:
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=a2ps-4.14-1.3-nmu.diff;att=1;bug=742902
*(from redmine: issue id 2823, created on 2014-04-03, closed on 2014-04-18)*
* Relations:
* parent #2821
* Changesets:
* Revision ad0ffed17c16a068739dacf23ea90c2a50b2f11f by Natanael Copa on 2014-04-18T11:44:45Z:
```
main/a2ps: security fix for CVE-2001-1593 and CVE-2014-0466
fixes #2823
(cherry picked from commit 9544460de3b7282c473654a2a67586c6645a05c1)
Conflicts:
main/a2ps/APKBUILD
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2822[v2.4] a2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)2019-07-23T14:10:23ZAlexander Belous[v2.4] a2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)Several vulnerabilities have been found in a2ps, an ‘Anything to
PostScript’ converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2001-1593
The spy\_user function which ...Several vulnerabilities have been found in a2ps, an ‘Anything to
PostScript’ converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2001-1593
The spy\_user function which is called when a2ps is invoked with the
—debug flag insecurely used temporary files.
http://seclists.org/oss-sec/2014/q1/257
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
https://bugzilla.redhat.com/show\_bug.cgi?id=1060630
PATCH:
http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
CVE-2014-0466
Brian M. Carlson reported that a2ps’s fixps script does not invoke gs
with the -dSAFER option. Consequently executing fixps on a malicious
PostScript file could result in files being deleted or arbitrary
commands being executed with the privileges of the user running fixps.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
PATCH:
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=a2ps-4.14-1.3-nmu.diff;att=1;bug=742902
*(from redmine: issue id 2822, created on 2014-04-03, closed on 2014-04-18)*
* Relations:
* parent #2821
* Changesets:
* Revision dc904137c8e3e8f68a9410dbc8bfac56b382b50d by Natanael Copa on 2014-04-18T11:46:20Z:
```
main/a2ps: security fix for CVE-2001-1593 and CVE-2014-0466
fixes #2822
(cherry picked from commit 9544460de3b7282c473654a2a67586c6645a05c1)
Conflicts:
main/a2ps/APKBUILD
```Alpine 2.4.12Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2821a2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)2019-07-23T14:10:24ZAlexander Belousa2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)Several vulnerabilities have been found in a2ps, an ‘Anything to
PostScript’ converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2001-1593
The spy\_user function which i...Several vulnerabilities have been found in a2ps, an ‘Anything to
PostScript’ converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2001-1593
The spy\_user function which is called when a2ps is invoked with the
—debug flag insecurely used temporary files.
http://seclists.org/oss-sec/2014/q1/257
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
https://bugzilla.redhat.com/show\_bug.cgi?id=1060630
PATCH:
http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
CVE-2014-0466
Brian M. Carlson reported that a2ps’s fixps script does not invoke
gs with the -dSAFER option. Consequently executing fixps on a
malicious PostScript file could result in files being deleted or
arbitrary commands being executed with the privileges of the user
running fixps
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
PATCH:
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=a2ps-4.14-1.3-nmu.diff;att=1;bug=742902
*(from redmine: issue id 2821, created on 2014-04-03, closed on 2014-04-18)*
* Relations:
* child #2822
* child #2823
* child #2824
* child #2825
* Changesets:
* Revision 9544460de3b7282c473654a2a67586c6645a05c1 by Natanael Copa on 2014-04-18T10:21:32Z:
```
main/a2ps: security fix for CVE-2001-1593 and CVE-2014-0466
ref #2821
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/2820[v2.7] curl: multiple vulnerabilities (CVE-2014-0138 CVE-2014-0139)2019-07-23T14:10:25ZAlexander Belous[v2.7] curl: multiple vulnerabilities (CVE-2014-0138 CVE-2014-0139)CVE-2014-0138 (affected versions: from libcurl 7.10.6 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-bad-reuse.patch
Source: http://curl.haxx.se/docs/adv\_20140326A.html
CVE-2014-0139 ...CVE-2014-0138 (affected versions: from libcurl 7.10.6 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-bad-reuse.patch
Source: http://curl.haxx.se/docs/adv\_20140326A.html
CVE-2014-0139 (affected versions: from libcurl 7.1 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-reject-cert-ip-wildcards.patch
Source: http://curl.haxx.se/docs/adv\_20140326B.html
*(from redmine: issue id 2820, created on 2014-04-03, closed on 2014-04-21)*
* Relations:
* parent #2816Alpine 2.7.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2819[v2.6] curl: multiple vulnerabilities (CVE-2014-0138 CVE-2014-0139)2019-07-23T14:10:26ZAlexander Belous[v2.6] curl: multiple vulnerabilities (CVE-2014-0138 CVE-2014-0139)CVE-2014-0138 (affected versions: from libcurl 7.10.6 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-bad-reuse.patch
Source: http://curl.haxx.se/docs/adv\_20140326A.html
CVE-2014-0139 ...CVE-2014-0138 (affected versions: from libcurl 7.10.6 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-bad-reuse.patch
Source: http://curl.haxx.se/docs/adv\_20140326A.html
CVE-2014-0139 (affected versions: from libcurl 7.1 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-reject-cert-ip-wildcards.patch
Source: http://curl.haxx.se/docs/adv\_20140326B.html
*(from redmine: issue id 2819, created on 2014-04-03, closed on 2014-04-21)*
* Relations:
* parent #2816Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2818[v2.5] curl: multiple vulnerabilities (CVE-2014-0138 CVE-2014-0139)2019-07-23T14:10:27ZAlexander Belous[v2.5] curl: multiple vulnerabilities (CVE-2014-0138 CVE-2014-0139)CVE-2014-0138 (affected versions: from libcurl 7.10.6 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-bad-reuse.patch
Source: http://curl.haxx.se/docs/adv\_20140326A.html
CVE-2014-0139 ...CVE-2014-0138 (affected versions: from libcurl 7.10.6 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-bad-reuse.patch
Source: http://curl.haxx.se/docs/adv\_20140326A.html
CVE-2014-0139 (affected versions: from libcurl 7.1 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-reject-cert-ip-wildcards.patch
Source: http://curl.haxx.se/docs/adv\_20140326B.html
*(from redmine: issue id 2818, created on 2014-04-03, closed on 2014-04-21)*
* Relations:
* parent #2816
* Changesets:
* Revision 79b587113081d0b59d896b2c5df8a9fce2b640de by Timo Teräs on 2014-04-18T11:54:59Z:
```
main/curl: security upgrade to 7.36.0 (CVE-2014-0138 CVE-2014-0139)
groff is now needed to build built-in manual. ref #2816
fixes #2818
(cherry picked from commit d218307c3f5ca3bb714075368f71f8c7332371cb)
Conflicts:
main/curl/APKBUILD
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2817[v2.4] curl: multiple vulnerabilities (CVE-2014-0138 CVE-2014-0139)2019-07-23T14:10:28ZAlexander Belous[v2.4] curl: multiple vulnerabilities (CVE-2014-0138 CVE-2014-0139)CVE-2014-0138 (affected versions: from libcurl 7.10.6 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-bad-reuse.patch
Source: http://curl.haxx.se/docs/adv\_20140326A.html
CVE-2014-0139 ...CVE-2014-0138 (affected versions: from libcurl 7.10.6 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-bad-reuse.patch
Source: http://curl.haxx.se/docs/adv\_20140326A.html
CVE-2014-0139 (affected versions: from libcurl 7.1 to and including
7.35.0):
A patch for this problem is available at:
http://curl.haxx.se/libcurl-reject-cert-ip-wildcards.patch
Source: http://curl.haxx.se/docs/adv\_20140326B.html
*(from redmine: issue id 2817, created on 2014-04-03, closed on 2014-04-21)*
* Relations:
* parent #2816
* Changesets:
* Revision b40a99c8c0a04a119db0f5fad7fbe186981f054c by Timo Teräs on 2014-04-18T14:29:09Z:
```
main/curl: security fixes (CVE-2014-0138 CVE-2014-0139)
fixes #2817
```Alpine 2.4.12Natanael CopaNatanael Copa