Adélie Package Tree issues
https://git.adelielinux.org/adelie/packages/-/issues
2023-11-10T16:13:39Z
https://git.adelielinux.org/adelie/packages/-/issues/249
system/patch: multiple vulnerabilities
2023-11-10T16:13:39Z
Emily
system/patch: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 249 |
| Alias(es) | CVE-2019-20633 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-01 20:13:17 -0500 |
| Modified | 2020-06-22 06:09:42 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 249 |
| Alias(es) | CVE-2019-20633 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-01 20:13:17 -0500 |
| Modified | 2020-06-22 06:09:42 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | system/patch |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-20633 |
| See also | https://bugzilla.suse.com/show_bug.cgi?id=1167721 |
## Description
> GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free
> vulnerability in the function another_hunk in pch.c that can cause a
> denial of service via a crafted patch file. NOTE: this issue exists
> because of an incomplete fix for CVE-2018-6952.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/246
user/bluez: CVE-2020-0556: HID and HOGP profiles don't require bonding
2022-02-02T02:04:36Z
Emily
user/bluez: CVE-2020-0556: HID and HOGP profiles don't require bonding
| | |
| --- | --- |
| Bugzilla ID | 246 |
| Alias(es) | CVE-2020-0556 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-03-18 14:44:50 -0500 |
| Modified | 2020-06-17 17:14:19 -0500 |
| Status | ...
| | |
| --- | --- |
| Bugzilla ID | 246 |
| Alias(es) | CVE-2020-0556 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-03-18 14:44:50 -0500 |
| Modified | 2020-06-17 17:14:19 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-0556 |
## Description
> Improper access control in subsystem for BlueZ before version 5.54 may
> allow an unauthenticated user to potentially enable escalation of
> privilege and denial of service via adjacent access
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/245
system/sqlite: multiple vulnerabilities
2022-11-12T03:17:50Z
Emily
system/sqlite: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 245 |
| Alias(es) | CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-13871, CVE-2020-15358, CVE-2020-9327 |
| Reporter | Max Re...
| | |
| --- | --- |
| Bugzilla ID | 245 |
| Alias(es) | CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-13871, CVE-2020-15358, CVE-2020-9327 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-03-16 19:54:09 -0500 |
| Modified | 2020-07-01 14:18:58 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/sqlite |
## Description
CVE-2020-9327: https://nvd.nist.gov/vuln/detail/CVE-2020-9327
> In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger
> a NULL pointer dereference and segmentation fault because of generated
> column optimizations.
Unreleased fix
https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d
https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21
Since we currently build from the amalgamation distribution, this will need to wait on either an overhaul of the entire aport or a new release.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/242
system/pcre2: CVE-2019-20454: out-of-bounds read in do_extuni_no_utf
2022-02-02T16:51:19Z
Emily
system/pcre2: CVE-2019-20454: out-of-bounds read in do_extuni_no_utf
| | |
| --- | --- |
| Bugzilla ID | 242 |
| Alias(es) | CVE-2019-20454 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-03-03 17:35:40 -0600 |
| Modified | 2020-03-29 02:26:44 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 242 |
| Alias(es) | CVE-2019-20454 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-03-03 17:35:40 -0600 |
| Modified | 2020-03-29 02:26:44 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-20454 |
## Description
> An out-of-bounds read was discovered in PCRE before 10.34 when the
> pattern \X is JIT compiled and used to match specially crafted
> subjects in non-UTF mode. Applications that use PCRE to parse
> untrusted input may be vulnerable to this flaw, which would allow an
> attacker to crash the application. The flaw occurs in do_extuni_no_utf
> in pcre2_jit_compile.c.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/240
user/libgd: CVE-2018-14553: NULL pointer dereference
2022-02-02T16:51:27Z
Emily
user/libgd: CVE-2018-14553: NULL pointer dereference
| | |
| --- | --- |
| Bugzilla ID | 240 |
| Alias(es) | CVE-2018-14553 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:22:11 -0600 |
| Modified | 2020-03-09 21:56:49 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 240 |
| Alias(es) | CVE-2018-14553 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:22:11 -0600 |
| Modified | 2020-03-09 21:56:49 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-14553 |
## Description
> gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL
> pointer dereference allowing attackers to crash an application via a
> specific function call sequence. Only affects PHP when linked with an
> external libgd (not bundled).
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/239
user/weechat: CVE-2020-8955: buffer overflow
2022-02-02T16:51:33Z
Emily
user/weechat: CVE-2020-8955: buffer overflow
| | |
| --- | --- |
| Bugzilla ID | 239 |
| Alias(es) | CVE-2020-8955 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:14:45 -0600 |
| Modified | 2020-03-09 21:56:27 -0500 |
| Status | ...
| | |
| --- | --- |
| Bugzilla ID | 239 |
| Alias(es) | CVE-2020-8955 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:14:45 -0600 |
| Modified | 2020-03-09 21:56:27 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-8955 |
## Description
> irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through
> 2.7 allows remote attackers to cause a denial of service (buffer
> overflow and application crash) or possibly have unspecified other
> impact via a malformed IRC message 324 (channel mode).
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/238
user/mariadb: CVE-2020-7221: symlink attack
2022-02-02T16:51:41Z
Emily
user/mariadb: CVE-2020-7221: symlink attack
| | |
| --- | --- |
| Bugzilla ID | 238 |
| Alias(es) | CVE-2020-7221 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:13:31 -0600 |
| Modified | 2020-03-03 08:09:11 -0600 |
| Status | ...
| | |
| --- | --- |
| Bugzilla ID | 238 |
| Alias(es) | CVE-2020-7221 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:13:31 -0600 |
| Modified | 2020-03-03 08:09:11 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-7221 |
## Description
> mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege
> escalation from the mysql user account to root because chown and chmod
> are performed unsafely, as demonstrated by a symlink attack on a chmod
> 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect
> the Oracle MySQL product, which implements mysql_install_db
> differently.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/237
user/djvulibre: CVE-2019-18804: NULL pointer dereference
2022-02-02T16:51:50Z
Emily
user/djvulibre: CVE-2019-18804: NULL pointer dereference
| | |
| --- | --- |
| Bugzilla ID | 237 |
| Alias(es) | CVE-2019-18804 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:09:26 -0600 |
| Modified | 2020-03-09 21:56:17 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 237 |
| Alias(es) | CVE-2019-18804 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:09:26 -0600 |
| Modified | 2020-03-09 21:56:17 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-18804 |
## Description
> DjVuLibre 3.5.27 has a NULL pointer dereference in the function
> DJVU::filter_fv at IW44EncodeCodec.cpp.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/236
user/librsvg: CVE-2019-20446: exponential SVG expansion
2022-02-02T16:51:58Z
Emily
user/librsvg: CVE-2019-20446: exponential SVG expansion
| | |
| --- | --- |
| Bugzilla ID | 236 |
| Alias(es) | CVE-2019-20446 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:08:45 -0600 |
| Modified | 2020-03-09 21:58:28 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 236 |
| Alias(es) | CVE-2019-20446 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:08:45 -0600 |
| Modified | 2020-03-09 21:58:28 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-20446 |
## Description
CVE-2019-20446: https://nvd.nist.gov/vuln/detail/CVE-2019-20446
> In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with
> nested patterns can cause denial of service when passed to the library
> for processing. The attacker constructs pattern elements so that the
> number of final rendered objects grows exponentially.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/235
user/openjpeg: multiple vulnerabilities
2020-03-10T02:57:06Z
Emily
user/openjpeg: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 235 |
| Alias(es) | CVE-2020-6851, CVE-2020-8112 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:02:41 -0600 |
| Modified | 2020-03-09 21:57:06 -050...
| | |
| --- | --- |
| Bugzilla ID | 235 |
| Alias(es) | CVE-2020-6851, CVE-2020-8112 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:02:41 -0600 |
| Modified | 2020-03-09 21:57:06 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2020-6851: https://nvd.nist.gov/vuln/detail/CVE-2020-6851
> OpenJPEG through 2.3.1 has a heap-based buffer overflow in
> opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of
> opj_j2k_update_image_dimensions validation.
CVE-2020-8112: https://nvd.nist.gov/vuln/detail/CVE-2020-8112
> opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through
> 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a
> different issue than CVE-2020-6851.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/234
system/libxml2: multiple vulnerabilities
2020-03-10T02:56:00Z
Emily
system/libxml2: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 234 |
| Alias(es) | CVE-2019-20388, CVE-2020-7595 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:01:52 -0600 |
| Modified | 2020-03-09 21:56:00 -05...
| | |
| --- | --- |
| Bugzilla ID | 234 |
| Alias(es) | CVE-2019-20388, CVE-2020-7595 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 23:01:52 -0600 |
| Modified | 2020-03-09 21:56:00 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2019-20388: https://nvd.nist.gov/vuln/detail/CVE-2019-20388
> xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an
> xmlSchemaValidateStream memory leak.
CVE-2020-7595: https://nvd.nist.gov/vuln/detail/CVE-2020-7595
> xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an
> infinite loop in a certain end-of-file situation.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/233
user/exiv2: CVE-2019-20421: infinite loop
2022-02-02T16:52:05Z
Emily
user/exiv2: CVE-2019-20421: infinite loop
| | |
| --- | --- |
| Bugzilla ID | 233 |
| Alias(es) | CVE-2019-20421 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 22:56:53 -0600 |
| Modified | 2020-03-09 21:55:19 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 233 |
| Alias(es) | CVE-2019-20421 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 22:56:53 -0600 |
| Modified | 2020-03-09 21:55:19 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-20421 |
## Description
> In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input
> file can result in an infinite loop and hang, with high CPU
> consumption. Remote attackers could leverage this vulnerability to
> cause a denial of service via a crafted file.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/232
system/python3: multiple vulnerabilities
2022-05-02T03:29:22Z
Emily
system/python3: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 232 |
| Alias(es) | CVE-2019-18348, CVE-2019-20907, CVE-2019-20916, CVE-2019-9674, CVE-2020-14422, CVE-2020-26116, CVE-2020-27619, CVE-2020-8315, CVE-2020-8492 |
| Reporter | Max Rees (sroracle) |
| ...
| | |
| --- | --- |
| Bugzilla ID | 232 |
| Alias(es) | CVE-2019-18348, CVE-2019-20907, CVE-2019-20916, CVE-2019-9674, CVE-2020-14422, CVE-2020-26116, CVE-2020-27619, CVE-2020-8315, CVE-2020-8492 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 22:56:38 -0600 |
| Modified | 2020-12-03 23:22:57 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/python3 |
## Description
CVE-2019-18348: https://nvd.nist.gov/vuln/detail/CVE-2019-18348
> An issue was discovered in urllib2 in Python 2.x through 2.7.17 and
> urllib in Python 3.x through 3.8.0. CRLF injection is possible if the
> attacker controls a url parameter, as demonstrated by the first
> argument to urllib.request.urlopen with \r\n (specifically in the host
> component of a URL) followed by an HTTP header. This is similar to the
> CVE-2019-9740 query string issue and the CVE-2019-9947 path string
> issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)
CVE-2020-8315: https://nvd.nist.gov/vuln/detail/CVE-2020-8315
> In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8
> through 3.8.1, an insecure dependency load upon launch on Windows 7
> may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll
> being loaded and used instead of the system's copy. Windows 8 and
> later are unaffected.
CVE-2020-8492: https://nvd.nist.gov/vuln/detail/CVE-2020-8492
> Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7
> through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct
> Regular Expression Denial of Service (ReDoS) attacks against a client
> because of urllib.request.AbstractBasicAuthHandler catastrophic
> backtracking.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/231
user/lxqt-panel: LXQt panel menus disappear as soon as they are disabled
2024-01-25T23:33:55Z
Emily
user/lxqt-panel: LXQt panel menus disappear as soon as they are disabled
| | |
| --- | --- |
| Bugzilla ID | 231 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-01-26 23:45:52 -0600 |
| Modified | 2020-06-22 06:13:33 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...
| | |
| --- | --- |
| Bugzilla ID | 231 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-01-26 23:45:52 -0600 |
| Modified | 2020-06-22 06:13:33 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / critical |
| Package(s) | user/lxqt-panel |
## Description
Symptom:
Menus cannot be opened.
Steps to reproduce:
Click the 'Applications' menu (the LXQt icon in the bottom left), or context-click somewhere on the panel to bring up the panel settings menu.
Expected behaviour:
Menu stays open long enough to choose an option.
Actual behavior:
Menu closes within three frames of being opened (tested on erica, 600 MHz iBook G3).
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/230
system/man-db: Segmentation fault recreating database on 32-bit x86 (pmmx)
2020-06-05T23:02:05Z
Emily
system/man-db: Segmentation fault recreating database on 32-bit x86 (pmmx)
| | |
| --- | --- |
| Bugzilla ID | 230 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-01-26 23:42:39 -0600 |
| Modified | 2020-06-05 18:02:05 -0500 |
| Status | RESOLVED FIXED |
| Version | 1...
| | |
| --- | --- |
| Bugzilla ID | 230 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-01-26 23:42:39 -0600 |
| Modified | 2020-06-05 18:02:05 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / Intel x86 (32-bit) |
| Importance | --- / critical |
## Description
Symptom:
Executing man-db-2.8.6.1-r0.trigger
ERROR: man-db-2.8.6.1-r0.trigger: script exited with error 0
Cause:
Starting program: /usr/bin/mandb /usr/share/man
Purging old database entries in /usr/share/man...
Program received signal SIGSEGV, Segmentation fault.
__stack_chk_fail () at src/env/__stack_chk_fail.c:17
17 src/env/__stack_chk_fail.c: No such file or directory.
(gdb) bt
#0 __stack_chk_fail () at src/env/__stack_chk_fail.c:17
#1 0xb7ea5827 in __stack_chk_fail_local () at /usr/src/packages/system/gcc/src/gcc-8.3.0/libssp/ssp-local.c:48
#2 0xb7e904c5 in __os_unique_id (env=env@entry=0xb7fffe00, idp=idp@entry=0x4217f4) at ../src/os/os_uid.c:50
#3 0xb7e5a84a in __env_attach (env=env@entry=0xb7fffe00, init_flagsp=init_flagsp@entry=0xbfffee88, create_ok=create_ok@entry=1, retry_ok=retry_ok@entry=1) at ../src/env/env_region.c:442
#4 0xb7e53b02 in __env_attach_regions (dbenv=dbenv@entry=0xb7f43030, flags=66561, orig_flags=orig_flags@entry=0, retry_ok=retry_ok@entry=1) at ../src/env/env_open.c:1030
#5 0xb7e542a7 in __env_open (dbenv=0xb7f43030, db_home=db_home@entry=0x0, flags=<optimized out>, flags@entry=66561, mode=mode@entry=0) at ../src/env/env_open.c:209
#6 0xb7e1050d in __env_setup (dbp=dbp@entry=0xb7f434b0, txn=txn@entry=0x0, fname=fname@entry=0xb7fffde0 "/var/cache/man/index.bt", dname=dname@entry=0x0, id=0, flags=flags@entry=0) at ../src/db/db.c:486
#7 0xb7e317fb in __db_open (dbp=dbp@entry=0xb7f434b0, ip=0x0, txn=0x0, fname=fname@entry=0xb7fffde0 "/var/cache/man/index.bt", dname=dname@entry=0x0, type=type@entry=DB_BTREE, flags=flags@entry=0, mode=mode@entry=420, meta_pgno=meta_pgno@entry=0)
at ../src/db/db_open.c:211
#8 0xb7e2ae33 in __db_open_pp (dbp=0xb7f434b0, txn=<optimized out>, txn@entry=0x0, fname=fname@entry=0xb7fffde0 "/var/cache/man/index.bt", dname=dname@entry=0x0, type=type@entry=DB_BTREE, flags=0, mode=mode@entry=420) at ../src/db/db_iface.c:1193
#9 0xb7d36d08 in __db185_open (file=file@entry=0xb7fffde0 "/var/cache/man/index.bt", oflags=oflags@entry=2, mode=mode@entry=420, type=DB_BTREE, type@entry=0, openinfo=openinfo@entry=0xbffff12c) at ../lang/db185/db185.c:230
#10 0xb7f3e4e6 in btree_flopen (filename=0xb7fffde0 "/var/cache/man/index.bt", flags=flags@entry=2, mode=mode@entry=420) at db_btree.c:127
#11 0x00405538 in purge_missing (manpath=0xb7fffce0 "/usr/share/man", catpath=0xb7fffcb0 "/var/cache/man", will_run_mandb=1) at check_mandirs.c:965
#12 0x0040b77c in process_manpath (manpath=0xb7fffce0 "/usr/share/man", global_manpath=true, tried_catdirs=<optimized out>) at mandb.c:601
#13 0x00402e8f in main (argc=2, argv=0xbffff784) at mandb.c:876
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/229
user/rust: 1.38.0 fails test suite on ARM64: assertion failure in ui/variadic...
2022-11-11T21:46:18Z
Emily
user/rust: 1.38.0 fails test suite on ARM64: assertion failure in ui/variadic-ffi.rs
| | |
| --- | --- |
| Bugzilla ID | 229 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | Samuel Holland |
| Reported | 2020-01-23 14:52:54 -0600 |
| Modified | 2020-06-22 06:13:52 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 ...
| | |
| --- | --- |
| Bugzilla ID | 229 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | Samuel Holland |
| Reported | 2020-01-23 14:52:54 -0600 |
| Modified | 2020-06-22 06:13:52 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
| Hardware | Adélie Linux / [Community] ARM (64-bit) |
| Importance | --- / critical |
| Package(s) | user/rust |
## Description
failures:
---- [ui] ui/variadic-ffi.rs stdout ----
error: test run failed!
status: exit code: 101
command: "/usr/src/packages/user/rust/src/rustc-1.38.0-src/build/aarch64-foxkit-linux-musl/test/ui/variadic-ffi/a"
stdout:
------------------------------------------
------------------------------------------
stderr:
------------------------------------------
thread 'main' panicked at 'assertion failed: `(left == right)`
left: `30`,
right: `50`', /usr/src/packages/user/rust/src/rustc-1.38.0-src/src/test/ui/variadic-ffi.rs:31:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.
------------------------------------------
failures:
[ui] ui/variadic-ffi.rs
test result: FAILED. 8818 passed; 1 failed; 62 ignored; 0 measured; 0 filtered out
thread 'main' panicked at 'Some tests failed', src/tools/compiletest/src/main.rs:536:22
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.
command did not execute successfully: "/usr/src/packages/user/rust/src/rustc-1.38.0-src/build/aarch64-foxkit-linux-musl/stage0-tools-bin/compiletest" "--compile-lib-path" "/usr/src/packages/user/rust/src/rustc-1.38.0-src/build/aarch64-foxkit-linux-musl/stage2/lib" "--run-lib-path" "/usr/src/packages/user/rust/src/rustc-1.38.0-src/build/aarch64-foxkit-linux-musl/stage2/lib/rustlib/aarch64-foxkit-linux-musl/lib" "--rustc-path" "/usr/src/packages/user/rust/src/rustc-1.38.0-src/build/aarch64-foxkit-linux-musl/stage2/bin/rustc" "--src-base" "/usr/src/packages/user/rust/src/rustc-1.38.0-src/src/test/ui" "--build-base" "/usr/src/packages/user/rust/src/rustc-1.38.0-src/build/aarch64-foxkit-linux-musl/test/ui" "--stage-id" "stage2-aarch64-foxkit-linux-musl" "--mode" "ui" "--target" "aarch64-foxkit-linux-musl" "--host" "aarch64-foxkit-linux-musl" "--llvm-filecheck" "/usr/lib/llvm8/bin/FileCheck" "--linker" "aarch64-foxkit-linux-musl-gcc" "--host-rustcflags" "-Crpath -O -Cdebuginfo=0 -Zunstable-options -Lnative=/usr/src/packages/user/rust/src/rustc-1.38.0-src/build/aarch64-foxkit-linux-musl/native/rust-test-helpers" "--target-rustcflags" "-Crpath -O -Cdebuginfo=0 -Zunstable-options -Lnative=/usr/src/packages/user/rust/src/rustc-1.38.0-src/build/aarch64-foxkit-linux-musl/native/rust-test-helpers" "--docck-python" "/usr/bin/python3" "--lldb-python" "/usr/bin/python3" "--llvm-version" "8.0.1\n" "--system-llvm" "--cc" "" "--cxx" "" "--cflags" "" "--llvm-components" "" "--llvm-cxxflags" "" "--adb-path" "adb" "--adb-test-dir" "/data/tmp/work" "--android-cross-path" ""
expected success, got: exit code: 101
finished in 211.445
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/223
system/xmlto: contains bashisms but has /bin/sh shebang
2022-02-02T16:52:58Z
Emily
system/xmlto: contains bashisms but has /bin/sh shebang
| | |
| --- | --- |
| Bugzilla ID | 223 |
| Reporter | Molly Miller |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-12-09 16:13:16 -0600 |
| Modified | 2020-02-16 17:36:57 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA...
| | |
| --- | --- |
| Bugzilla ID | 223 |
| Reporter | Molly Miller |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-12-09 16:13:16 -0600 |
| Modified | 2020-02-16 17:36:57 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA4 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
## Description
Our xmlto package correctly depends on bash, however the script's shebang is #!/bin/sh. On systems with dash as /bin/sh, xmlto will not run, as the script contains bashisms which dash will fail to parse.
A possible fix for this is to patch the xmlto script so that it invokes /bin/bash directly instead of /bin/sh.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/220
system/libarchive: CVE-2018-1000879: NULL pointer dereference
2022-02-02T16:53:15Z
Emily
system/libarchive: CVE-2018-1000879: NULL pointer dereference
| | |
| --- | --- |
| Bugzilla ID | 220 |
| Alias(es) | CVE-2018-1000879 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-10-24 16:31:17 -0500 |
| Modified | 2019-10-24 16:32:27 -0500 |
| Status...
| | |
| --- | --- |
| Bugzilla ID | 220 |
| Alias(es) | CVE-2018-1000879 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-10-24 16:31:17 -0500 |
| Modified | 2019-10-24 16:32:27 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 |
## Description
> libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205
> onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer
> Dereference vulnerability in ACL parser - libarchive/archive_acl.c,
> archive_acl_from_text_l() that can result in Crash/DoS. This attack
> appear to be exploitable via the victim must open a specially crafted
> archive file.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/219
system/file: CVE-2019-18218: heap-based buffer overflow
2022-02-02T16:53:24Z
Emily
system/file: CVE-2019-18218: heap-based buffer overflow
| | |
| --- | --- |
| Bugzilla ID | 219 |
| Alias(es) | CVE-2019-18218 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-10-24 16:29:38 -0500 |
| Modified | 2020-02-25 17:43:55 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 219 |
| Alias(es) | CVE-2019-18218 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-10-24 16:29:38 -0500 |
| Modified | 2020-02-25 17:43:55 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-18218 |
## Description
> cdf_read_property_info in cdf.c in file through 5.37 does not restrict
> the number of CDF_VECTOR elements, which allows a heap-based buffer
> overflow (4-byte out-of-bounds write).
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/218
system/libxslt: CVE-2019-18197: lack of pointer reset may lead to memory writ...
2022-02-02T16:53:38Z
Emily
system/libxslt: CVE-2019-18197: lack of pointer reset may lead to memory write or disclosure of uninitialized data
| | |
| --- | --- |
| Bugzilla ID | 218 |
| Alias(es) | CVE-2019-18197 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-10-24 16:27:05 -0500 |
| Modified | 2020-02-25 17:43:06 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 218 |
| Alias(es) | CVE-2019-18197 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-10-24 16:27:05 -0500 |
| Modified | 2020-02-25 17:43:06 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA4 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-18197 |
## Description
> In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable
> isn't reset under certain circumstances. If the relevant memory area
> happened to be freed and reused in a certain way, a bounds check could
> fail and memory outside a buffer could be written to, or uninitialized
> data could be disclosed.
1.0-BETA3