alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-08-11T11:49:33Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10718Wrong paths for man-pages in coturn-doc2019-08-11T11:49:33ZBug SpencorWrong paths for man-pages in coturn-docThe paths for man-pages in coturn-doc (e.g. v4.5.1.1-r0) seem to be wrong.
E.g. "/usr/share/man/man/man1/turnutils_stunclient.1.gz": the extra "/man" seems to be the problem (see https://pkgs.alpinelinux.org/contents?branch=edge&name=c...The paths for man-pages in coturn-doc (e.g. v4.5.1.1-r0) seem to be wrong.
E.g. "/usr/share/man/man/man1/turnutils_stunclient.1.gz": the extra "/man" seems to be the problem (see https://pkgs.alpinelinux.org/contents?branch=edge&name=coturn-doc&arch=x86&repo=community)
When installing coturn-doc, the man pages are not found by man:
```
alpine:/usr/share/man# man coturn
man: No entry for coturn in the manual.
```
If I copy the man1/ directory from /usr/share/man/man/ to /usr/share/man/ the man-pages are found.
Package details: https://pkgs.alpinelinux.org/package/edge/community/x86/coturn-dochttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10716Conflict between pciutils and hwids-dev2022-09-13T09:08:11ZKevin DaudtConflict between pciutils and hwids-devBoth [pciutils](https://pkgs.alpinelinux.org/contents?file=pci.ids&path=&name=pciutils&branch=edge&arch=x86_64) as [hwids-pci](https://pkgs.alpinelinux.org/contents?file=pci.ids&path=&name=hwids-pci&branch=edge&arch=x86_64) contain `/usr...Both [pciutils](https://pkgs.alpinelinux.org/contents?file=pci.ids&path=&name=pciutils&branch=edge&arch=x86_64) as [hwids-pci](https://pkgs.alpinelinux.org/contents?file=pci.ids&path=&name=hwids-pci&branch=edge&arch=x86_64) contain `/usr/share/hwdata/pci.ids` and `pciutils` depends on `hwids-pci`, resulting in this error:
> ERROR: pciutils-3.6.2-r0: trying to overwrite usr/share/hwdata/pci.ids owned by hwids-pci-20190316-r1.Milan P. StanićMilan P. Stanićhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10715Cannot load snd-usb-audio.ko2019-08-10T07:27:29ZMark WestonCannot load snd-usb-audio.koVersion: 3.10
Arch: x86_64
This was allegedly successfully reproduced by another user in a VM in an IRC channel `#alpine-linux` on freenode servers.
Tried `insmod /lib/modules/4.19.58-0-vanilla/kernel/sound/usb/snd-usb-audio.ko`
`dme...Version: 3.10
Arch: x86_64
This was allegedly successfully reproduced by another user in a VM in an IRC channel `#alpine-linux` on freenode servers.
Tried `insmod /lib/modules/4.19.58-0-vanilla/kernel/sound/usb/snd-usb-audio.ko`
`dmesg` output:
```
[307923.806466] snd_usb_audio: Unknown symbol snd_usbmidi_suspend (err -2)
[307923.806530] snd_usb_audio: Unknown symbol __snd_usbmidi_create (err -2)
[307923.807020] snd_usb_audio: Unknown symbol snd_usbmidi_resume (err -2)
[307923.807224] snd_usb_audio: Unknown symbol snd_usbmidi_disconnect (err -2)
```
Same with `snd-usbmidi-lib.ko`
After `insmod /lib/modules/4.19.58-0-vanilla/kernel/sound/usb/snd-usbmidi-lib.ko`
`dmesg` output
```
[307970.058007] snd_usbmidi_lib: Unknown symbol snd_rawmidi_receive (err -2)
[307970.058069] snd_usbmidi_lib: Unknown symbol snd_rawmidi_transmit_empty (err -2)
[307970.058097] snd_usbmidi_lib: Unknown symbol snd_rawmidi_transmit (err -2)
[307970.058279] snd_usbmidi_lib: Unknown symbol snd_rawmidi_transmit_ack (err -2)
[307970.058416] snd_usbmidi_lib: Unknown symbol snd_rawmidi_transmit_peek (err -2)
[307970.058524] snd_usbmidi_lib: Unknown symbol snd_rawmidi_new (err -2)
[307970.058552] snd_usbmidi_lib: Unknown symbol snd_rawmidi_set_ops (err -2)
```
`modprobe snd-usb-audio` fails with `modprobe: FATAL: Module snd-usb-audio not found in directory /lib/modules/4.19.53-0-vanilla`
and `modprobe `snd-usbmidi-lib` fails with `modprobe: FATAL: Module snd-usbmidi-lib not found in directory /lib/modules/4.19.53-0-vanilla`
Why?
I want to write a synthesizer for my new NEKTAR SE49 keyboard. They USB device is recognized. After plugging in `dmesg` says:
```[308199.933898] usb 1-1.1: USB disconnect, device number 5
[308201.086408] usb 1-1.1: new full-speed USB device number 6 using ehci-pci
[308201.192511] usb 1-1.1: New USB device found, idVendor=2467, idProduct=2035, bcdDevice= 0.11
[308201.192518] usb 1-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[308201.192522] usb 1-1.1: Product: SE49
[308201.192526] usb 1-1.1: Manufacturer: Nektar
```
And you can see it in the output of `lsusb`
```Bus 002 Device 002: ID 8087:0024
Bus 001 Device 001: ID 1d6b:0002
Bus 001 Device 006: ID 2467:2035
Bus 001 Device 002: ID 8087:0024
Bus 002 Device 001: ID 1d6b:0002
Bus 001 Device 003: ID 0a5c:217f
Bus 002 Device 006: ID 0bdb:1911
```
However no device node in `/dev` is created so I could `cat` it and parse it.https://gitlab.alpinelinux.org/alpine/aports/-/issues/10714USB ISO Boot Fails 3.10.12019-08-09T15:54:03ZRyan CampoUSB ISO Boot Fails 3.10.1dd iso to USB. Boot fails with:
```
0%
grep: /sysroot/etc/inittab: No such file or directory
/sbin init not found in new root. Launching emergency recovery shell
Type exit to continue to boot.
sh: can't access tty; job control turned off...dd iso to USB. Boot fails with:
```
0%
grep: /sysroot/etc/inittab: No such file or directory
/sbin init not found in new root. Launching emergency recovery shell
Type exit to continue to boot.
sh: can't access tty; job control turned off
/ #
```
USB keyboard locks up, cannot press enter.
Sometimes it does boot but most times its the above message. I should also note its the same message with syslinux and efi grub bootloaders.https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10641Combining docker with LXC hosts2019-08-09T10:53:28ZKevin DaudtCombining docker with LXC hostsWith our LXC infrastructure, each container receives a unique ip address from the subnet range from the host.
Docker by default tries to NAT/forward everything via the host IP address. Though this works fine, having all traffic going v...With our LXC infrastructure, each container receives a unique ip address from the subnet range from the host.
Docker by default tries to NAT/forward everything via the host IP address. Though this works fine, having all traffic going via the host management IP is not desirable.
This issue is to track possible solutions for this.https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10640Use different favicons on our sites2019-10-22T06:23:16ZNatanael CopaUse different favicons on our sitesIt would be nice to have different favicons on the different sites, so its easier to find the right tab.
Some options:
- use alpine logo in different colors for different sites
- use alpine logo with some emblem
the main site, alpineli...It would be nice to have different favicons on the different sites, so its easier to find the right tab.
Some options:
- use alpine logo in different colors for different sites
- use alpine logo with some emblem
the main site, alpinelinux.org, could use the favicon as it is.
* [ ] Create favicons
* [ ] Change build.alpinelinux.org
* [ ] Change gitlab.alpinelinux.org
* [ ] Change wiki.alpinelinux.org
* [ ] Change pkgs.alpinelinux.org
* [ ] Change git.alpinelinux.org
* [ ] Change docs.alpinelinux.org
* [ ] Change lists.alpinelinux.org
* [ ] Change mirrors.alpinelinux.org
* [ ] Change netbox.alpin.pw
* [ ] Change wiki.alpin.pw
* [ ] Change zabbix.alpin.pwhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10713bat-0.11.0-r0 fails to exec due to dependancy on GNU less feature2019-08-08T16:03:55ZRen Grecobat-0.11.0-r0 fails to exec due to dependancy on GNU less feature`$ bat <file>`
`less: unrecognized option RAW-CONTROL-CHARS`
`Busybox v1.31.0 (2019-07-24 08:12:26 UTC) multi-call binary.`
`Usage: ...... etc``$ bat <file>`
`less: unrecognized option RAW-CONTROL-CHARS`
`Busybox v1.31.0 (2019-07-24 08:12:26 UTC) multi-call binary.`
`Usage: ...... etc`https://gitlab.alpinelinux.org/alpine/aports/-/issues/10712qutebrowser missing runtime dependancy py3-sip-pyqt52019-08-08T15:24:47ZRen Grecoqutebrowser missing runtime dependancy py3-sip-pyqt5Has to be installed manually as is not included when:
`# apk add qutebrowser`Has to be installed manually as is not included when:
`# apk add qutebrowser`https://gitlab.alpinelinux.org/alpine/aports/-/issues/10711openjdk*-jre: java -version returns RT34 on arm*2021-11-07T13:23:50ZBart Ribbersopenjdk*-jre: java -version returns RT34 on arm*`java -version` returns the text "RT34" rather than a proper version string like on x86_64. This breaks `FindJava.cmake` from `cmake`.
This seems to happen on every Java version packaged in the `edge` repos. I've tested this in armhf, a...`java -version` returns the text "RT34" rather than a proper version string like on x86_64. This breaks `FindJava.cmake` from `cmake`.
This seems to happen on every Java version packaged in the `edge` repos. I've tested this in armhf, armv7 and aarch64 VM's.https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10639Allow GitHub users to login with their existing account2019-10-11T19:55:28ZtcelyAllow GitHub users to login with their existing accountAllow GitHub users to login with their existing account because not doing so makes ignoring this GL instance the easier option.
We want as few barriers to helping out as possible.Allow GitHub users to login with their existing account because not doing so makes ignoring this GL instance the easier option.
We want as few barriers to helping out as possible.https://gitlab.alpinelinux.org/alpine/aports/-/issues/10710apache2-ldap mod_ldap.so sigfaults on alpine 3.10.12019-08-09T12:30:24ZGermanapache2-ldap mod_ldap.so sigfaults on alpine 3.10.1When installing apache2-ldap module and activating it in the configuration, the httpd daemon dies with Segmentation Fault during startup.
This installation was upgraded from alpine-3.8 and it was working fine before the upgrade. No confi...When installing apache2-ldap module and activating it in the configuration, the httpd daemon dies with Segmentation Fault during startup.
This installation was upgraded from alpine-3.8 and it was working fine before the upgrade. No configuration changes have been applied.
I'm attaching the apache configuration [apache2-config.tar.gz](/uploads/ed9fb4f7c78692e1a104f219a4748fb7/apache2-config.tar.gz) and an strace [strace.txt.gz](/uploads/cc6bfe3bd4b46b8e27659733cdd61e55/strace.txt.gz) which is the result of running "strace httpd -X".
If the load of the module mod_ldap.so on the apache configuration is commented, apache starts normally.
Note: The environment is bare metal:
- alpine 3.10.1
- Linux repo 4.19.58-0-virt #1-Alpine SMP Wed Jul 10 13:00:23 UTC 2019 x86_64 Linuxhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10709musl: x87 float stack imbalance (CVE-2019-14697)2019-08-07T08:53:24ZAlicha CHmusl: x87 float stack imbalance (CVE-2019-14697)musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source c...musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.
#### References:
* https://www.openwall.com/lists/oss-security/2019/08/06/4
* https://www.openwall.com/lists/musl/2019/08/06/1
* https://nvd.nist.gov/vuln/detail/CVE-2019-14697
#### Patches:
* https://git.musl-libc.org/cgit/musl/patch/?id=f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441
* https://git.musl-libc.org/cgit/musl/patch/?id=6818c31c9bc4bbad5357f1de14bedf781e5b349e
### Affected branches:
* [x] master (7375b3f850ebce7de65f8b59cd5ba2144f245b62)
* [x] 3.10-stable (0c777cf840e82cdc528651e3f3f8f9dda6b1b028)
* [x] 3.9-stable (5842a9a22c792cfddd48e7946f2a406b76f2c6f3)
* [x] 3.8-stable (4ab7eba8eb2d8ab2ce3b54a8dc9fe958a8685d1d)
* [x] 3.7-stable (c07f44bfbb6aa1722bfc72f99ef20e2fd2a61ee4)Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10707mariadb-connector-c: trying to overwrite usr/lib/mariadb/plugin/client_ed2551...2019-08-06T11:04:42ZNatanael Copamariadb-connector-c: trying to overwrite usr/lib/mariadb/plugin/client_ed25519.so owned by mariadb-10.3.16-r0This happens on upgrade:
```
ERROR: mariadb-connector-c-3.1.2-r0: trying to overwrite usr/lib/mariadb/plugin/client_ed25519.so owned by mariadb-10.3.16-r0.
```This happens on upgrade:
```
ERROR: mariadb-connector-c-3.1.2-r0: trying to overwrite usr/lib/mariadb/plugin/client_ed25519.so owned by mariadb-10.3.16-r0.
```Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10706py-django: Multiple vulnerabilities (CVE-2019-14232, CVE-2019-14233, CVE-2019...2019-08-06T10:39:17ZAlicha CHpy-django: Multiple vulnerabilities (CVE-2019-14232, CVE-2019-14233, CVE-2019-14234, CVE-2019-14235)### CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to...### CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
The regular expressions used by Truncator have been simplified in order to avoid potential backtracking issues.
As a consequence, trailing punctuation may now at times be included in the truncated output.
#### Fixed In Version:
py-django 2.2.4, 2.1.11 and 1.11.23
#### Reference:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
### CVE-2019-14233: Denial-of-service possibility in strip_tags()
Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags() would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. The strip_tags() method is used to implement the corresponding striptags template filter, which was thus also vulnerable.
strip_tags() now avoids recursive calls to HTMLParser when progress removing tags, but necessarily incomplete HTML entities, stops being made.
Remember that absolutely NO guarantee is provided about the results of strip_tags() being HTML safe. So NEVER mark safe the result of a strip_tags() call without escaping it first, for example with django.utils.html.escape().
#### Fixed In Version:
py-django 2.2.4, 2.1.11 and 1.11.23
#### Reference:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
### CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField
Key and index lookups for django.contrib.postgres.fields.JSONField and key lookups for django.contrib.postgres.fields.HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.filter().
#### Fixed In Version:
py-django 2.2.4, 2.1.11 and 1.11.23
#### Reference:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
### CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to excessive
recursion when re-percent-encoding invalid UTF-8 octet sequences.
uri_to_iri() now avoids recursion when re-percent-encoding invalid UTF-8 octet sequences.
#### Fixed In Version:
py-django 2.2.4, 2.1.11 and 1.11.23
#### Reference:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
### Affected branches:
* [x] master (5f752ea195f3f8ce66003ac1240b432c30de48ff)
* [x] 3.10-stable (c7fc6af25f0b0cda600ac132b709aa32810a32aa)
* [x] 3.9-stable (f23de6bf75a5fed240444ddc45e8609574c70306)
* [x] 3.8-stable (a647ee3a77fb6aee5cd7f25d13c0521e5a7b9246)
* [x] 3.7-stable (c9242d57e288ae0de776187324f3d0125de602fc)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10705subversion: Multiple vulnerabilities (CVE-2018-11782, CVE-2019-0203)2019-08-06T10:16:07ZAlicha CHsubversion: Multiple vulnerabilities (CVE-2018-11782, CVE-2019-0203)### CVE-2018-11782: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'
Subversion's svnserve server process may exit when a well-formed
read-only request produces a particular answer. This can lead to disruption for us...### CVE-2018-11782: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'
Subversion's svnserve server process may exit when a well-formed
read-only request produces a particular answer. This can lead to disruption for users of the server.
Subversion svn:// connections, including svn+ssh:// and svn+<custom>://, use a custom network protocol [1] with Lisp-like syntax. The code implementing the protocol has dedicated codepaths for serialization of revision numbers into protocol integers. A particular client query could cause the server to attempt to reply with a revision number whose value is the invalid revision number constant `SVN_INVALID_REVNUM`, thereby triggering an assertion failure in the the serialization layer.
#### Fixed In Version:
subversion 1.12.2, subversion 1.10.6, subversion 1.9.12
#### Reference:
https://subversion.apache.org/security/CVE-2018-11782-advisory.txt
### CVE-2019-0203: remote unauthenticated denial-of-service in subversion svnserve
Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. A null-pointer-dereference in svnserve results in a remote unauthenticated Denial-of-Service in some server configurations. The vulnerability can be triggered by an unauthenticated user if the server is configured with anonymous access enabled.
The problem originates in opening a new connection to svnserve. On failure to find the specified repository or to be authorized to access it, svnserve logs and reports the error, but also keeps the connection open despite its incomplete initialization. If the client sends any further command on the same connection, then a null-pointer dereference occurs in svnserve.
Exploitation results in denial of service by crashing an svnserve process. The impact of this differs depending on how svnserve is launched, including the different run modes selected by options such as "svnserve -d", "svnserve -T -d", "svnserve -t", and "svnserve -i".
#### Fixed In Version:
subversion 1.12.2, subversion 1.10.6, subversion 1.9.12
#### Reference:
https://subversion.apache.org/security/CVE-2019-0203-advisory.txt
### Affected branches:
* [x] master (4be711755ca430fbc02d8079ff1bc141450f9735)
* [x] 3.10-stable (92bbb9e70c73b190532ce28b44e074f8f0b1745b)
* [x] 3.9-stable (815a43cf9c8f71f24f63ffdcc6c77c61ff988f59)
* [x] 3.8-stable (00283c5e934a2d9ca643bd5520a1c15855a6e85d)
* [x] 3.7-stable (eceae12fdc59478d8577e129f7c7ff024e0fac0b)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10704flake8: missing runtime dependencies2019-08-01T18:41:14ZJ0WIflake8: missing runtime dependenciesflake8 throws errors in various cases due missing dependencies:
https://gitlab.alpinelinux.org/alpine/aports/blob/312741c94aebcd6dbcc91d535deff5930d06108e/community/py3-flake8/APKBUILD#L29
https://gitlab.com/pycqa/flake8/blob/e8de432f8...flake8 throws errors in various cases due missing dependencies:
https://gitlab.alpinelinux.org/alpine/aports/blob/312741c94aebcd6dbcc91d535deff5930d06108e/community/py3-flake8/APKBUILD#L29
https://gitlab.com/pycqa/flake8/blob/e8de432f8e81e8bcf6fbffabe35b320cc2dafcae/setup.cfg#L43-50
There is not yet any Python3 package for `functools32`.https://gitlab.alpinelinux.org/alpine/aports/-/issues/10703[Feature] Include libb2 (BLAKE2)2019-08-01T11:02:39ZJan-Willem[Feature] Include libb2 (BLAKE2)libb2 provides the BLAKE2 hashing algorithm. https://blake2.net/libb2 provides the BLAKE2 hashing algorithm. https://blake2.net/LeoLeohttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10638Vagrant VirtualBox image for Alpine2019-08-03T06:35:50ZMichael AldridgeVagrant VirtualBox image for AlpineI have a series of scripts and a packer template for both Vagrant Virtualbox and for an Amazon AMI. I can clean up both from my organization's internal repository and provide them to the Alpine project if there is interest. I do not kn...I have a series of scripts and a packer template for both Vagrant Virtualbox and for an Amazon AMI. I can clean up both from my organization's internal repository and provide them to the Alpine project if there is interest. I do not know the best way to do this though, as I am not currently a contributor to Alpine. I also do not think Alpine is currently in control of the atlas namespace (https://app.vagrantup.com/alpine) as there is no official branding on the account.
Lets assume we start with the work on Vagrant, what's the best way for me to proceed here? I can contribute the parts but not take care of the release process for images (I have a personal policy of only maintaining the release train for one distro, and Void already occupies that slot).https://gitlab.alpinelinux.org/alpine/aports/-/issues/10702System hangs on boot if an IPv6 address is configured, but no link on the int...2021-06-10T17:22:46ZNico SchotteliusSystem hangs on boot if an IPv6 address is configured, but no link on the interfaceDetails in https://redmine.ungleich.ch/issues/7009, but in short:
If you have auth eth0, iface eth0 inet6 static + address and netmask and NO link at boot the system hangs infinitely.
Tested on alpine/edge, verified by mpsDetails in https://redmine.ungleich.ch/issues/7009, but in short:
If you have auth eth0, iface eth0 inet6 static + address and netmask and NO link at boot the system hangs infinitely.
Tested on alpine/edge, verified by mpshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10701Feature Request: Enable xfrm interface in kernel config2019-12-18T08:26:08ZFatih USTAFeature Request: Enable xfrm interface in kernel configHi,
XFRM interface supported on Kernel 4.19+. Also supported strongswan Version 5.8.0.
This option required for route based vpn.
https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN#XFRM-Interfaces-on-Linux
Please ena...Hi,
XFRM interface supported on Kernel 4.19+. Also supported strongswan Version 5.8.0.
This option required for route based vpn.
https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN#XFRM-Interfaces-on-Linux
Please enable this option in kernel.
# CONFIG_XFRM_INTERFACE is not set
Thanks.