Adélie Package Tree issues
https://git.adelielinux.org/adelie/packages/-/issues
2023-12-08T03:10:42Z
https://git.adelielinux.org/adelie/packages/-/issues/206
system/dash: shell PS1 is wrong when using su(1) and root uses Dash as shell
2023-12-08T03:10:42Z
Emily
system/dash: shell PS1 is wrong when using su(1) and root uses Dash as shell
| | |
| --- | --- |
| Bugzilla ID | 206 |
| Reporter | erhard_f |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-09-28 16:08:35 -0500 |
| Modified | 2019-10-16 18:04:07 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
| Ha...
| | |
| --- | --- |
| Bugzilla ID | 206 |
| Reporter | erhard_f |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-09-28 16:08:35 -0500 |
| Modified | 2019-10-16 18:04:07 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
| Hardware | Adélie Linux / PowerPC (32-bit) |
| Importance | --- / normal |
## Description
When logging in from another machine (my Gentoo amd64 box) on my PowerMac G4 DP, the command prompt is correctly shown when I log in as user. As soon as I do an 'su' the prompt gets funky.
Looks like this:
$ ssh T600
Password:
ef on T600 ~ % ls
Desktop Documents Downloads Music Pictures Public Templates Videos
ef on T600 ~ % su
Password:
%n on %B%F{white}%m%f%b %~ %B%F{green}%#%f%b ls /home/ef/
Desktop Documents Downloads Music Pictures Public Templates Videos
%n on %B%F{white}%m%f%b %~ %B%F{green}%#%f%b
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/309
user/elixir: FTTFS: warning: redefining module A (current version defined in ...
2023-10-25T22:02:41Z
Emily
user/elixir: FTTFS: warning: redefining module A (current version defined in memory)
| | |
| --- | --- |
| Bugzilla ID | 309 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-19 00:37:02 -0500 |
| Modified | 2020-06-22 06:05:30 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...
| | |
| --- | --- |
| Bugzilla ID | 309 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-19 00:37:02 -0500 |
| Modified | 2020-06-22 06:05:30 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / [Community] ARM (64-bit) |
| Importance | --- / normal |
| Package(s) | user/elixir |
## Description
**Created [attachment 32](/uploads/a431d9f06da0ef558fd378aedac6e6b2/elixir-1.10.3-r0-athena.log)**
elixir 1.10.3-r0 check() snippet from athena.adelielinux.org
The superficial issue is these two tests ("test undefined aliases" and "test undefined warn for unrequired module") are issuing unexpected warnings of the form:
warning: redefining module A (current version defined in memory)
This issue doesn't seem to have been encountered on other distros. I could not find any relevant patches. Likewise the changelog for the file showed no interesting changes https://github.com/elixir-lang/elixir/commits/master/lib/elixir/test/elixir/module/checker_test.exs
This upstream issue indicates that these warnings are encountered by others in other places however: https://github.com/elixir-lang/elixir/issues/9858
This is unrelated, but at some point we should pick this up to enforce network isolation: https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-lang/elixir/files/elixir-1.9.1-disable-network-tests.patch
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/209
system/binutils: 2.32 fails test suite on 32-bit ARM (v7)
2023-10-05T17:32:25Z
Emily
system/binutils: 2.32 fails test suite on 32-bit ARM (v7)
| | |
| --- | --- |
| Bugzilla ID | 209 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-10-01 19:52:29 -0500 |
| Modified | 2020-06-22 05:58:30 -0500 |
| Status | CONFIRMED |
| Version | 1.0-B...
| | |
| --- | --- |
| Bugzilla ID | 209 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-10-01 19:52:29 -0500 |
| Modified | 2020-06-22 05:58:30 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
| Hardware | Adélie Linux / [Community] ARM (32-bit) |
| Importance | --- / normal |
| Package(s) | system/binutils |
| Blocks | https://bts.adelielinux.org/show_bug.cgi?id=87 |
## Description
Running /usr/src/packages/system/binutils/src/binutils-2.32/ld/testsuite/ld-elf/tls.exp ...
FAIL: Build pr22263-1
Running /usr/src/packages/system/binutils/src/binutils-2.32/ld/testsuite/ld-elfvers/vers.exp ...
FAIL: vers4
FAIL: vers4b
FAIL: vers16
Running /usr/src/packages/system/binutils/src/binutils-2.32/ld/testsuite/ld-elfvsb/elfvsb.exp ...
XPASS: visibility (hidden) (non PIC)
XPASS: visibility (hidden) (non PIC, load offset)
XPASS: visibility (hidden) (PIC main, non PIC so)
XPASS: visibility (hidden_normal) (non PIC)
XPASS: visibility (hidden_normal) (non PIC, load offset)
XPASS: visibility (hidden_normal) (PIC main, non PIC so)
XPASS: visibility (hidden_undef) (non PIC)
XPASS: visibility (hidden_undef) (non PIC, load offset)
XPASS: visibility (hidden_undef) (PIC main, non PIC so)
XPASS: visibility (hidden_undef_def) (non PIC)
XPASS: visibility (hidden_undef_def) (non PIC, load offset)
XPASS: visibility (hidden_undef_def) (PIC main, non PIC so)
XPASS: visibility (hidden_weak) (non PIC)
XPASS: visibility (hidden_weak) (non PIC, load offset)
XPASS: visibility (hidden_weak) (PIC main, non PIC so)
XPASS: visibility (protected_undef) (non PIC)
XPASS: visibility (protected_undef) (non PIC, load offset)
XPASS: visibility (protected_undef) (PIC main, non PIC so)
XPASS: visibility (protected_weak) (non PIC)
XPASS: visibility (protected_weak) (non PIC, load offset)
XPASS: visibility (protected_weak) (PIC main, non PIC so)
XPASS: visibility (normal) (non PIC)
XPASS: visibility (normal) (non PIC, load offset)
XPASS: visibility (normal) (PIC main, non PIC so)
Running /usr/src/packages/system/binutils/src/binutils-2.32/ld/testsuite/ld-shared/shared.exp ...
XPASS: shared (non PIC)
XPASS: shared (non PIC, load offset)
XPASS: shared (PIC main, non PIC so)
=== ld Summary ===
# of expected passes 1495
# of unexpected failures 4
# of unexpected successes 27
# of expected failures 40
# of untested testcases 6
# of unsupported tests 52
./ld-new 2.32
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/196
system/binutils: 2.32: multiple test suite failures
2023-10-05T17:32:06Z
Emily
system/binutils: 2.32: multiple test suite failures
| | |
| --- | --- |
| Bugzilla ID | 196 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-09-11 18:17:02 -0500 |
| Modified | 2020-06-22 05:58:32 -0500 |
| Status | CONFIRMED |
| Version | 1.0-B...
| | |
| --- | --- |
| Bugzilla ID | 196 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-09-11 18:17:02 -0500 |
| Modified | 2020-06-22 05:58:32 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
| Hardware | Adélie Linux / Intel x86 (32-bit) |
| Importance | --- / normal |
| Package(s) | system/binutils |
| Blocks | https://bts.adelielinux.org/show_bug.cgi?id=87 |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=170 |
## Description
**Created [attachment 17](/uploads/e56754e5b438747fd37d8e5ef78e64e9/ld.log)**
src/binutils-2.32/ld/ld.log
> Running /af/aports/system/binutils/src/binutils-2.32/ld/testsuite/ld-i386/i386.exp ...
> FAIL: Run pr19031
> FAIL: Run got1
> FAIL: Undefined weak symbol (-fPIE -no-pie)
> FAIL: Undefined weak symbol (-fPIE -pie)
> FAIL: Run pr22001-1
> FAIL: Run pr21997-1
> Running /af/aports/system/binutils/src/binutils-2.32/ld/testsuite/ld-i386/no-plt.exp ...
> FAIL: Build libno-plt-1b.so
> FAIL: No PLT (dynamic 1a)
> FAIL: No PLT (dynamic 1b)
> FAIL: No PLT (dynamic 1c)
> FAIL: No PLT (static 1d)
> FAIL: No PLT (PIE 1e)
> FAIL: No PLT (PIE 1f)
> FAIL: No PLT (PIE 1g)
> FAIL: No PLT (static 1j)
> FAIL: No PLT (static 1j)
Attached is the abbreviated ld test log. Notably there were two test cases that segfaulted.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/170
system/binutils: 2.32: FAIL: No PLT (static 1d)
2023-10-05T17:31:57Z
Emily
system/binutils: 2.32: FAIL: No PLT (static 1d)
| | |
| --- | --- |
| Bugzilla ID | 170 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-08-02 23:09:38 -0500 |
| Modified | 2020-06-22 05:58:33 -0500 |
| Status | CONFIRMED |
| Version | 1.0-B...
| | |
| --- | --- |
| Bugzilla ID | 170 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-08-02 23:09:38 -0500 |
| Modified | 2020-06-22 05:58:33 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / Intel x86 (64-bit) |
| Importance | --- / normal |
| Package(s) | system/binutils |
| Blocks | https://bts.adelielinux.org/show_bug.cgi?id=87 |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=196 |
## Description
on x86_64:
> gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -I/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -O2 -g0 -march=nocona -mtune=core2 -fno
> -omit-frame-pointer -mfpmath=sse -g -c -O2 -g0 -march=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -Wa,-mx86-used-note=yes -c /git/system/binutils
> /src/binutils-2.32/ld/testsuite/ld-x86-64/dummy.s -o tmpdir/dummy.o
> Executing on host: sh -c {gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -I/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -O2 -g0 -marc
> h=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -c -O2 -g0 -march=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -Wa,-mx86-used-note=y
> es -c /git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64/dummy.s -o tmpdir/dummy.o 2>&1} /dev/null ld.tmp (timeout = 300)
> spawn [open ...]
> gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -L=/usr/x86_64-foxkit-linux-musl/lib64 -L=/usr/local/lib64 -L=/lib64 -L=/usr/lib64 -L=/usr/x86_64-foxk
> it-linux-musl/lib -L=/usr/local/lib -L=/lib -L=/usr/lib -o tmpdir/no-plt-1d -L/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -static tmpdir/no-plt
> -check1.o tmpdir/no-plt-main1.o tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o tmpdir/dummy.o
> Executing on host: sh -c {gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -L=/usr/x86_64-foxkit-linux-musl/lib64 -L=/usr/local/lib64 -L=/lib64 -L=/usr
> /lib64 -L=/usr/x86_64-foxkit-linux-musl/lib -L=/usr/local/lib -L=/lib -L=/usr/lib -o tmpdir/no-plt-1d -L/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x8
> 6-64 -static tmpdir/no-plt-check1.o tmpdir/no-plt-main1.o tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o tmpdir/dummy.o 2>&1} /dev/null ld.tmp (timeout = 300)
> spawn [open ...]
> /git/system/binutils/src/binutils-2.32/ld/../binutils/readelf -Wr tmpdir/no-plt-1d > dump.out
> fail if no difference
> extra regexps in /git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64/no-plt-1d.rd starting with "^[0-9a-f ]+R_X86_64_GLOB_DAT +.*$"
> EOF from dump.out
> /git/system/binutils/src/binutils-2.32/ld/../binutils/objdump -dwrj.text tmpdir/no-plt-1d > dump.out
> regexp_diff match failure
> regexp "^ +[a-f0-9]+: 48 81 f8 ([0-9a-f]{2} ){4}[ ]+cmp \$0x[0-9a-f]+,%rax$"
> line " 6aa: 48 3b 05 3f 19 20 00 cmp 0x20193f(%rip),%rax # 201ff0 <_GLOBAL_OFFSET_TABLE_+0x30>"
> regexp_diff match failure
> regexp "^ +[a-f0-9]+: 4(0|8) c7 c0 ([0-9a-f]{2} ){4}[ ]+(rex |)mov +\$0x[0-9a-f]+,%(e|r)ax$"
> line " 700: 48 8d 05 e9 ff ff ff lea -0x17(%rip),%rax # 6f0 <func>"
> FAIL: No PLT (static 1d)
> gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -I/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -O2 -g0 -march=nocona -mtune=core2 -fno
> -omit-frame-pointer -mfpmath=sse -g -c -O2 -g0 -march=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -Wa,-mx86-used-note=yes -c /git/system/binutils
> /src/binutils-2.32/ld/testsuite/ld-x86-64/dummy.s -o tmpdir/dummy.o
> Executing on host: sh -c {gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -I/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -O2 -g0 -marc
> h=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -c -O2 -g0 -march=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -Wa,-mx86-used-note=y
> es -c /git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64/dummy.s -o tmpdir/dummy.o 2>&1} /dev/null ld.tmp (timeout = 300)
> spawn [open ...]
> gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -L=/usr/x86_64-foxkit-linux-musl/lib64 -L=/usr/local/lib64 -L=/lib64 -L=/usr/lib64 -L=/usr/x86_64-foxk
> it-linux-musl/lib -L=/usr/local/lib -L=/lib -L=/usr/lib -o tmpdir/no-plt-1d -L/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -static tmpdir/no-plt
> -check1.o tmpdir/no-plt-main1.o tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o tmpdir/dummy.o
> Executing on host: sh -c {gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -L=/usr/x86_64-foxkit-linux-musl/lib64 -L=/usr/local/lib64 -L=/lib64 -L=/usr
> /lib64 -L=/usr/x86_64-foxkit-linux-musl/lib -L=/usr/local/lib -L=/lib -L=/usr/lib -o tmpdir/no-plt-1d -L/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x8
> 6-64 -static tmpdir/no-plt-check1.o tmpdir/no-plt-main1.o tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o tmpdir/dummy.o 2>&1} /dev/null ld.tmp (timeout = 300)
> spawn [open ...]
> /git/system/binutils/src/binutils-2.32/ld/../binutils/readelf -Wr tmpdir/no-plt-1d > dump.out
> fail if no difference
> extra regexps in /git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64/no-plt-1d.rd starting with "^[0-9a-f ]+R_X86_64_GLOB_DAT +.*$"
> EOF from dump.out
> /git/system/binutils/src/binutils-2.32/ld/../binutils/objdump -dwrj.text tmpdir/no-plt-1d > dump.out
> regexp_diff match failure
> regexp "^ +[a-f0-9]+: 48 81 f8 ([0-9a-f]{2} ){4}[ ]+cmp \$0x[0-9a-f]+,%rax$"
> line " 6aa: 48 3b 05 3f 19 20 00 cmp 0x20193f(%rip),%rax # 201ff0 <_GLOBAL_OFFSET_TABLE_+0x30>"
> regexp_diff match failure
> regexp "^ +[a-f0-9]+: 4(0|8) c7 c0 ([0-9a-f]{2} ){4}[ ]+(rex |)mov +\$0x[0-9a-f]+,%(e|r)ax$"
> line " 700: 48 8d 05 e9 ff ff ff lea -0x17(%rip),%rax # 6f0 <func>"
> FAIL: No PLT (static 1d)
Likely fail on pmmx as well.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/301
user/gnucobol: multiple vulnerabilities
2023-08-16T12:38:20Z
Emily
user/gnucobol: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 301 |
| Alias(es) | CVE-2019-14468, CVE-2019-14486, CVE-2019-14528, CVE-2019-14541, CVE-2019-16395, CVE-2019-16396 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported |...
| | |
| --- | --- |
| Bugzilla ID | 301 |
| Alias(es) | CVE-2019-14468, CVE-2019-14486, CVE-2019-14528, CVE-2019-14541, CVE-2019-16395, CVE-2019-16396 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-10 00:46:02 -0500 |
| Modified | 2021-05-11 20:50:31 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/gnucobol |
## Description
CVE-2019-14468: https://nvd.nist.gov/vuln/detail/CVE-2019-14468
> GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via
> crafted COBOL source code.
CVE-2019-14486: https://nvd.nist.gov/vuln/detail/CVE-2019-14486
> GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c
> via crafted COBOL source code.
CVE-2019-14528: https://nvd.nist.gov/vuln/detail/CVE-2019-14528
> GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in
> cobc/scanner.l via crafted COBOL source code.
CVE-2019-14541: https://nvd.nist.gov/vuln/detail/CVE-2019-14541
> GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id
> in cobc/typeck.c via crafted COBOL source code.
CVE-2019-16395: https://nvd.nist.gov/vuln/detail/CVE-2019-16395
> GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name()
> function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16396: https://nvd.nist.gov/vuln/detail/CVE-2019-16396
> GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name()
> function in cobc/parser.y via crafted COBOL source code.
1.0-BETA3
Zach van Rijn
Zach van Rijn
https://git.adelielinux.org/adelie/packages/-/issues/264
user/mate-panel: 1.24.0 MATE clock panel applet crashes when attempting to ad...
2023-05-05T13:40:45Z
Emily
user/mate-panel: 1.24.0 MATE clock panel applet crashes when attempting to add a Location
| | |
| --- | --- |
| Bugzilla ID | 264 |
| Reporter | Max Rees (sroracle) |
| Assignee | Kiyoshi Aman |
| Reported | 2020-04-15 19:41:26 -0500 |
| Modified | 2020-06-22 06:12:03 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| ...
| | |
| --- | --- |
| Bugzilla ID | 264 |
| Reporter | Max Rees (sroracle) |
| Assignee | Kiyoshi Aman |
| Reported | 2020-04-15 19:41:26 -0500 |
| Modified | 2020-06-22 06:12:03 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / Intel x86 (32-bit) |
| Importance | --- / normal |
| Package(s) | user/mate-panel |
## Description
I'll try to get a backtrace on this later, but as soon as attempting to save a new Location in the preferences for the MATE clock panel applet on pmmx, the applet crashes and the panel prompts the user to either reload or remove the applet.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/262
user/mesa: 19.3.4-r0 causes crash during VLC playback
2023-05-05T13:38:01Z
Emily
user/mesa: 19.3.4-r0 causes crash during VLC playback
| | |
| --- | --- |
| Bugzilla ID | 262 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-15 19:23:43 -0500 |
| Modified | 2020-06-22 06:11:10 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...
| | |
| --- | --- |
| Bugzilla ID | 262 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-15 19:23:43 -0500 |
| Modified | 2020-06-22 06:11:10 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / Intel x86 (32-bit) |
| Importance | --- / normal |
| Package(s) | user/mesa |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=261 |
## Description
**Created [attachment 24](/uploads/55ddb2fb6d9ffce92450f7f28d6454c1/mesa19-vlc-pmmx.txt)**
gdb backtrace for VLC + Mesa 19 on pmmx
When playing a video using VLC on pmmx with mesa 19, a segfault occurs in the gallium i915 driver. This is a regression from mesa 18 (BETA4), similar to bug #261.
Backtrace is attached.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/297
user/libreoffice: multiple vulnerabilities
2023-05-03T18:14:57Z
Emily
user/libreoffice: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 297 |
| Alias(es) | CVE-2020-12801, CVE-2020-12802, CVE-2020-12803 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-06 02:11:41 -0500 |
| Modified | 2020-0...
| | |
| --- | --- |
| Bugzilla ID | 297 |
| Alias(es) | CVE-2020-12801, CVE-2020-12802, CVE-2020-12803 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-06 02:11:41 -0500 |
| Modified | 2020-08-13 16:58:02 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libreoffice |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-12801 |
## Description
> If LibreOffice has an encrypted document open and crashes, that
> document is auto-saved encrypted. On restart, LibreOffice offers to
> restore the document and prompts for the password to decrypt it. If
> the recovery is successful, and if the file format of the recovered
> document was not LibreOffice's default ODF file format, then affected
> versions of LibreOffice default that subsequent saves of the document
> are unencrypted. This may lead to a user accidentally saving a
> MSOffice file format document unencrypted while believing it to be
> encrypted. This issue affects: LibreOffice 6-3 series versions prior
> to 6.3.6; 6-4 series versions prior to 6.4.3.
https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801
Fixed in >= 6.4.3
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/225
system/linux-pam: pam_tally and pam_tally2 have invalid printf formats
2023-01-05T17:21:23Z
Emily
system/linux-pam: pam_tally and pam_tally2 have invalid printf formats
| | |
| --- | --- |
| Bugzilla ID | 225 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-12-22 20:10:43 -0600 |
| Modified | 2019-12-22 20:10:43 -0600 |
| Status | CONFIRMED |
| Version | 1.0-B...
| | |
| --- | --- |
| Bugzilla ID | 225 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-12-22 20:10:43 -0600 |
| Modified | 2019-12-22 20:10:43 -0600 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
| Hardware | Adélie Linux / All |
| Importance | --- / trivial |
## Description
In file included from pam_tally.c:47:
pam_tally.c: In function ‘tally_check’:
pam_tally.c:541:7: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
_("Account temporary locked (%ld seconds left)"),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../libpam/include/security/pam_ext.h:74:70: note: in definition of macro ‘pam_info’
#define pam_info(pamh, fmt...) pam_prompt(pamh, PAM_TEXT_INFO, NULL, fmt)
^~~
pam_tally.c:541:5: note: in expansion of macro ‘_’
_("Account temporary locked (%ld seconds left)"),
^
pam_tally.c:546:40: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
"user %s (%lu) has time limit [%lds left]"
~~^
%lld
pam_tally.c:549:7:
oldtime+lock_time-time(NULL));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
========
In file included from pam_tally2.c:93:
pam_tally2.c: In function ‘tally_check’:
pam_tally2.c:597:27: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
pam_info(pamh, _("Account temporary locked (%ld seconds left)"),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../libpam/include/security/pam_ext.h:74:70: note: in definition of macro ‘pam_info’
#define pam_info(pamh, fmt...) pam_prompt(pamh, PAM_TEXT_INFO, NULL, fmt)
^~~
pam_tally2.c:597:25: note: in expansion of macro ‘_’
pam_info(pamh, _("Account temporary locked (%ld seconds left)"),
^
pam_tally2.c:602:50: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
"user %s (%lu) has time limit [%lds left]"
~~^
%lld
pam_tally2.c:605:17:
oldtime+opts->lock_time-time(NULL));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/205
system/lz4: intermittent test suite failures
2023-01-05T17:16:23Z
Emily
system/lz4: intermittent test suite failures
| | |
| --- | --- |
| Bugzilla ID | 205 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2019-09-28 14:21:06 -0500 |
| Modified | 2020-06-22 06:22:34 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
|...
| | |
| --- | --- |
| Bugzilla ID | 205 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2019-09-28 14:21:06 -0500 |
| Modified | 2020-06-22 06:22:34 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/lz4 |
| Blocks | https://bts.adelielinux.org/show_bug.cgi?id=87 |
## Description
**Created [attachment 18](/uploads/c5daff858c1f6a716f507aaa0db9b10d/lz4-ppc64-test.log)**
system/lz4 build log from APK Foundry
The lz4 test suite has intermittent failures on at least ppc64 (according to APK Foundry, see attached log snippet) and x86_64 (according to aranea@).
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/179
system/gcc: ICE building Firefox on pmmx due to bad google code
2023-01-05T17:08:12Z
Emily
system/gcc: ICE building Firefox on pmmx due to bad google code
| | |
| --- | --- |
| Bugzilla ID | 179 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-08-14 07:18:30 -0500 |
| Modified | 2019-08-14 07:18:30 -0500 |
| Status | CONFIRMED |
| Version | 1.0-B...
| | |
| --- | --- |
| Bugzilla ID | 179 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-08-14 07:18:30 -0500 |
| Modified | 2019-08-14 07:18:30 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / Intel x86 (32-bit) |
| Importance | --- / major |
## Description
The patches from:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90756
and:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90139
need to be applied for pmmx to be able to build Firefox without patching, due to awful google code: https://bugs.chromium.org/p/skia/issues/detail?id=9202
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/105
user/llvm8: has a few test failures on ppc32 that may indicate the Rust issue
2023-01-05T16:28:27Z
Emily
user/llvm8: has a few test failures on ppc32 that may indicate the Rust issue
| | |
| --- | --- |
| Bugzilla ID | 105 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-07-23 19:43:53 -0500 |
| Modified | 2020-06-22 06:21:28 -0500 |
| Status | CONFIRMED |
| Version | 1.0-B...
| | |
| --- | --- |
| Bugzilla ID | 105 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-07-23 19:43:53 -0500 |
| Modified | 2020-06-22 06:21:28 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / PowerPC (32-bit) |
| Importance | --- / major |
| Package(s) | user/llvm |
## Description
[100%] Running the LLVM regression tests
FAIL: LLVM :: ExecutionEngine/mov64zext32.ll (18832 of 29332)
******************** TEST 'LLVM :: ExecutionEngine/mov64zext32.ll' FAILED ********************
Script:
--
: 'RUN: at line 1'; /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/lli /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/ExecutionEngine/mov64zext32.ll > /dev/null
--
Exit Code: 132
Command Output (stderr):
--
Stack dump:
0. Program arguments: /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/lli /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/ExecutionEngine/mov64zext32.ll
#0 0xfffffffff382e558 PrintStackTraceSignalHandler(void*) /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/lib/Support/Unix/Signals.inc:559:1
#1 0xfffffffff382b484 llvm::sys::RunSignalHandlers() /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/lib/Support/Signals.cpp:69:5
#2 0xfffffffff382b654 SignalHandler(int) /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/lib/Support/Unix/Signals.inc:358:1
#3 0x001003d4 0x3d4
0 libLLVM-8.so 0xf382e558
1 libLLVM-8.so 0xf382b484 llvm::sys::RunSignalHandlers() + 124
2 libLLVM-8.so 0xf382b654
3 0x001003d4 __kernel_sigtramp32 + 0
/usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/test/ExecutionEngine/Output/mov64zext32.ll.script: line 1: 43993 Illegal instruction /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/lli /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/ExecutionEngine/mov64zext32.ll > /dev/null
--
********************
FAIL: LLVM :: ExecutionEngine/frem.ll (18837 of 29332)
******************** TEST 'LLVM :: ExecutionEngine/frem.ll' FAILED ********************
Script:
--
: 'RUN: at line 5'; /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/lli /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/ExecutionEngine/frem.ll | /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/FileCheck /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/ExecutionEngine/frem.ll
--
Exit Code: 2
Command Output (stderr):
--
Stack dump:
0. Program arguments: /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/lli /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/ExecutionEngine/frem.ll
#0 0xfffffffff3b68558 PrintStackTraceSignalHandler(void*) /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/lib/Support/Unix/Signals.inc:559:1
#1 0xfffffffff3b65484 llvm::sys::RunSignalHandlers() /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/lib/Support/Signals.cpp:69:5
#2 0xfffffffff3b65654 SignalHandler(int) /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/lib/Support/Unix/Signals.inc:358:1
#3 0x001003d4 0x3d4
0 libLLVM-8.so 0xf3b68558
1 libLLVM-8.so 0xf3b65484 llvm::sys::RunSignalHandlers() + 124
2 libLLVM-8.so 0xf3b65654
3 0x001003d4 __kernel_sigtramp32 + 0
FileCheck error: '-' is empty.
FileCheck command line: /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/FileCheck /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/ExecutionEngine/frem.ll
--
********************
FAIL: LLVM :: Transforms/SampleProfile/indirect-call-gcc.ll (27016 of 29332)
******************** TEST 'LLVM :: Transforms/SampleProfile/indirect-call-gcc.ll' FAILED ********************
Script:
--
: 'RUN: at line 1'; /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/opt < /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/Transforms/SampleProfile/indirect-call-gcc.ll -sample-profile -sample-profile-file=/usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/Transforms/SampleProfile/Inputs/indirect-call.afdo -S | /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/FileCheck /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/Transforms/SampleProfile/indirect-call-gcc.ll
--
Exit Code: 1
Command Output (stderr):
--
/usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/Transforms/SampleProfile/indirect-call-gcc.ll:13:11: error: CHECK: expected string not found in input
; CHECK: call {{.*}}, !prof ![[PROF:[0-9]+]]
^
<stdin>:1:1: note: scanning from here
; ModuleID = '<stdin>'
^
<stdin>:4:19: note: possible intended match here
define void @test(void ()*) !dbg !3 {
^
--
********************
FAIL: LLVM :: tools/llvm-objdump/eh_frame-coff.test (28926 of 29332)
******************** TEST 'LLVM :: tools/llvm-objdump/eh_frame-coff.test' FAILED ********************
Script:
--
: 'RUN: at line 1'; /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/yaml2obj /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-objdump/Inputs/eh_frame-coff.yaml | /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/llvm-objdump -dwarf=frames - 2>/dev/null | /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/FileCheck /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-objdump/eh_frame-coff.test
--
Exit Code: 1
Command Output (stderr):
--
/usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-objdump/eh_frame-coff.test:11:10: error: CHECK: expected string not found in input
# CHECK: Personality Address: 004025d7
^
<stdin>:16:2: note: scanning from here
Personality Address: 00a177d1
^
--
********************
FAIL: LLVM :: tools/llvm-profdata/memop-size-prof.proftext (29005 of 29332)
******************** TEST 'LLVM :: tools/llvm-profdata/memop-size-prof.proftext' FAILED ********************
Script:
--
: 'RUN: at line 1'; /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/llvm-profdata show -memop-sizes -ic-targets -function=foo /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-profdata/memop-size-prof.proftext | /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/FileCheck /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-profdata/memop-size-prof.proftext --check-prefixes=MEMOP,MEMOP_SUM,ICALL,ICALL_SUM
: 'RUN: at line 2'; /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/llvm-profdata show -memop-sizes -ic-targets -counts -text -function=foo /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-profdata/memop-size-prof.proftext | /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/FileCheck /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-profdata/memop-size-prof.proftext --check-prefixes=TEXT,MEMOP_TEXT,ICALL_TEXT
: 'RUN: at line 3'; /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/llvm-profdata merge -o /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/test/tools/llvm-profdata/Output/memop-size-prof.proftext.tmp.profdata /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-profdata/memop-size-prof.proftext
: 'RUN: at line 4'; /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/llvm-profdata show -memop-sizes -ic-targets -function=foo /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/test/tools/llvm-profdata/Output/memop-size-prof.proftext.tmp.profdata | /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/FileCheck /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-profdata/memop-size-prof.proftext --check-prefixes=MEMOP,MEMOP_SUM,ICALL,ICALL_SUM
: 'RUN: at line 5'; /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/llvm-profdata merge -o /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/test/tools/llvm-profdata/Output/memop-size-prof.proftext.tmp.proftext -text /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-profdata/memop-size-prof.proftext
: 'RUN: at line 6'; /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/llvm-profdata show -memop-sizes -ic-targets -function=foo /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/test/tools/llvm-profdata/Output/memop-size-prof.proftext.tmp.proftext| /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/build/bin/FileCheck /usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-profdata/memop-size-prof.proftext --check-prefixes=MEMOP,MEMOP_SUM,ICALL,ICALL_SUM
--
Exit Code: 1
Command Output (stderr):
--
/usr/src/packages/user/llvm8/src/llvm-8.0.0.src/test/tools/llvm-profdata/memop-size-prof.proftext:71:14: error: MEMOP-NEXT: expected string not found in input
#MEMOP-NEXT: [ 0, 1, 99 ]
^
<stdin>:12:2: note: scanning from here
[ 0, 4293355246, 99 ] (17.81%)
^
<stdin>:13:2: note: possible intended match here
[ 0, 18696185, 88 ] (15.83%)
^
--
********************
Testing Time: 154.43s
********************
Failing Tests (5):
LLVM :: ExecutionEngine/frem.ll
LLVM :: ExecutionEngine/mov64zext32.ll
LLVM :: Transforms/SampleProfile/indirect-call-gcc.ll
LLVM :: tools/llvm-objdump/eh_frame-coff.test
LLVM :: tools/llvm-profdata/memop-size-prof.proftext
Expected Passes : 27595
Expected Failures : 149
Unsupported Tests : 1583
Unexpected Failures: 5
make[3]: *** [test/CMakeFiles/check-llvm.dir/build.make:58: test/CMakeFiles/check-llvm] Error 1
make[2]: *** [CMakeFiles/Makefile2:65676: test/CMakeFiles/check-llvm.dir/all] Error 2
make[1]: *** [CMakeFiles/Makefile2:65683: test/CMakeFiles/check-llvm.dir/rule] Error 2
make: *** [Makefile:13589: check-llvm] Error 2
>>> ERROR: llvm8: check failed
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/306
user/node: >= 10.19.0-r0 fails two tests on pmmx
2022-12-17T23:26:30Z
Emily
user/node: >= 10.19.0-r0 fails two tests on pmmx
| | |
| --- | --- |
| Bugzilla ID | 306 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-15 23:28:01 -0500 |
| Modified | 2020-06-22 05:56:14 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...
| | |
| --- | --- |
| Bugzilla ID | 306 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-15 23:28:01 -0500 |
| Modified | 2020-06-22 05:56:14 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / Intel x86 (32-bit) |
| Importance | --- / normal |
| Package(s) | user/node |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=300 |
## Description
=== release test-http-invalid-te ===
Path: parallel/test-http-invalid-te
assert.js:126
throw err;
^
AssertionError [ERR_ASSERTION]: function should not have been called at /af/build/user/node/src/node-v10.21.0/test/parallel/test-http-invalid-te.js:27
at Server.mustNotCall (/af/build/user/node/src/node-v10.21.0/test/common/index.js:436:12)
at Server.emit (events.js:198:13)
at parserOnIncoming (_http_server.js:691:12)
at HTTPParser.parserOnHeadersComplete (_http_common.js:111:17)
Command: out/Release/node /af/build/user/node/src/node-v10.21.0/test/parallel/test-http-invalid-te.js
=== release test-worker-stdio ===
Path: parallel/test-worker-stdio
buffer.js:118
return new ArrayBuffer(size);
^
RangeError: Array buffer allocation failed
at new ArrayBuffer (<anonymous>)
at createUnsafeArrayBuffer (buffer.js:118:12)
at createUnsafeBuffer (buffer.js:112:25)
at allocate (buffer.js:330:12)
at Function.allocUnsafe (buffer.js:292:10)
at Function.concat (buffer.js:473:23)
at BufferingWritable.get buffer [as buffer] (/af/build/user/node/src/node-v10.21.0/test/parallel/test-worker-stdio.js:22:19)
at BufferingWritable.passed.on.common.mustCall (/af/build/user/node/src/node-v10.21.0/test/parallel/test-worker-stdio.js:37:55)
at BufferingWritable.<anonymous> (/af/build/user/node/src/node-v10.21.0/test/common/index.js:379:15)
at BufferingWritable.emit (events.js:203:15)
Command: out/Release/node --experimental-worker /af/build/user/node/src/node-v10.21.0/test/parallel/test-worker-stdio.js
[07:30|% 100|+ 2505|- 2]: Done
make[1]: *** [Makefile:274: jstest] Error 1
make: *** [Makefile:293: test-only] Error 2
>>> ERROR: node: check failed
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/291
user/nsd, user/unbound: multiple vulnerabilities
2022-11-13T06:54:43Z
Emily
user/nsd, user/unbound: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 291 |
| Alias(es) | CVE-2020-12662, CVE-2020-12663, CVE-2020-28935 |
| Reporter | Max Rees (sroracle) |
| Assignee | Alyx Wolcott |
| Reported | 2020-05-19 17:00:04 -0500 |
| Modified | 2020-12-09 17...
| | |
| --- | --- |
| Bugzilla ID | 291 |
| Alias(es) | CVE-2020-12662, CVE-2020-12663, CVE-2020-28935 |
| Reporter | Max Rees (sroracle) |
| Assignee | Alyx Wolcott |
| Reported | 2020-05-19 17:00:04 -0500 |
| Modified | 2020-12-09 17:23:35 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/nsd, user/unbound |
| URL | https://www.openwall.com/lists/oss-security/2020/05/19/5 |
## Description
> = CVE-2020-12662
> Unbound can be tricked into amplifying an incoming query into a large
> number of queries directed to a target.
>
> = CVE-2020-12663
> Malformed answers from upstream name servers can be used to make
> Unbound unresponsive.
Fixed in >= 1.10.1
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/253
user/jasper: multiple vulnerabilities
2022-11-13T06:54:43Z
Emily
user/jasper: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 253 |
| Alias(es) | CVE-2016-9398, CVE-2016-9399, CVE-2017-13746, CVE-2017-13748, CVE-2017-13750, CVE-2017-13751, CVE-2017-14132, CVE-2017-14232, CVE-2017-5499, CVE-2017-5503, CVE-2017-5504, CVE-2017...
| | |
| --- | --- |
| Bugzilla ID | 253 |
| Alias(es) | CVE-2016-9398, CVE-2016-9399, CVE-2017-13746, CVE-2017-13748, CVE-2017-13750, CVE-2017-13751, CVE-2017-14132, CVE-2017-14232, CVE-2017-5499, CVE-2017-5503, CVE-2017-5504, CVE-2017-5505, CVE-2017-6851, CVE-2017-9782, CVE-2018-18873, CVE-2018-19139, CVE-2018-19540, CVE-2018-19541, CVE-2018-19543, CVE-2018-20570, CVE-2018-20622, CVE-2018-9055, CVE-2018-9154, CVE-2018-9252 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-03 14:18:15 -0500 |
| Modified | 2020-10-30 22:37:34 -0500 |
| Status | IN_PROGRESS |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/jasper |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2017-14232 |
## Description
> The read_chunk function in flif-dec.cpp in Free Lossless Image Format
> (FLIF) 0.3 allows remote attackers to cause a denial of service
> (invalid memory read and application crash) via a crafted flif file.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/169
user/mcpp: CVE-2019-14274: heap-based buffer overflow
2022-11-13T06:54:43Z
Emily
user/mcpp: CVE-2019-14274: heap-based buffer overflow
| | |
| --- | --- |
| Bugzilla ID | 169 |
| Alias(es) | CVE-2019-14274 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-08-02 18:06:37 -0500 |
| Modified | 2020-06-22 06:12:43 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 169 |
| Alias(es) | CVE-2019-14274 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-08-02 18:06:37 -0500 |
| Modified | 2020-06-22 06:12:43 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/mcpp |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-14274 |
## Description
> MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function
> in support.c.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/270
user/ctags: multiple vulnerabilities
2022-11-13T06:54:43Z
Emily
user/ctags: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 270 |
| Alias(es) | CVE-2014-7204 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-23 12:27:09 -0500 |
| Modified | 2020-06-22 06:11:36 -0500 |
| Status | ...
| | |
| --- | --- |
| Bugzilla ID | 270 |
| Alias(es) | CVE-2014-7204 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-23 12:27:09 -0500 |
| Modified | 2020-06-22 06:11:36 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/ctags |
## Description
We currently ship 5.8, which is missing at least this fix for a format string vulnerability as described in [1, 2]:
https://sourceforge.net/p/ctags/code/747/
There seems to be even more commits after this one in trunk on SF as late as 2014. Seems the following distros only have the commits since 2011-03-10 however:
Debian
Trisquel
Ubuntu
Fedora[3] made me aware of CVE-2014-7204[4]:
> jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a
> denial of service (infinite loop and CPU and disk consumption) via a
> crafted JavaScript file.
Nix[5] is building off the latest SVN trunk.
openSUSE[6] has a hodgepodge of patches.
Alpine[7] switched to Universal ctags and dropped Exuberant ctags entirely.
[1] https://www.openwall.com/lists/oss-security/2020/04/23/4
[2] https://blog.jasper.la/poking-old-format-string-bugs.html
[3] https://src.fedoraproject.org/rpms/ctags/tree/master
[4] https://nvd.nist.gov/vuln/detail/CVE-2014-7204
[5] https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/tools/misc/ctags/default.nix#L5
[6] https://build.opensuse.org/package/show/openSUSE:Factory/ctags
[7] https://git.alpinelinux.org/aports/commit/?id=a92e43efbc78b4f7a6b601653f07fb80e1ebd25f
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/136
user/fastjar: multiple vulnerabilities
2022-11-13T06:54:42Z
Emily
user/fastjar: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 136 |
| Alias(es) | CVE-2010-0831, CVE-2010-2322 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:26 -0500 |
| Modified | 2020-06-22 06:08:04 -050...
| | |
| --- | --- |
| Bugzilla ID | 136 |
| Alias(es) | CVE-2010-0831, CVE-2010-2322 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:26 -0500 |
| Modified | 2020-06-22 06:08:04 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | user/fastjar |
## Description
CVE-2010-0831: https://nvd.nist.gov/vuln/detail/CVE-2010-0831
> Directory traversal vulnerability in the extract_jar function in
> jartool.c in FastJar 0.98 allows remote attackers to create or
> overwrite arbitrary files via a .. (dot dot) in a non-initial pathname
> component in a filename within a .jar archive, a related issue to
> CVE-2005-1080. NOTE: this vulnerability exists because of an
> incomplete fix for CVE-2006-3619.
CVE-2010-2322: https://nvd.nist.gov/vuln/detail/CVE-2010-2322
> Absolute path traversal vulnerability in the extract_jar function in
> jartool.c in FastJar 0.98 allows remote attackers to create or
> overwrite arbitrary files via a full pathname for a file within a .jar
> archive, a related issue to CVE-2010-0831. NOTE: this vulnerability
> exists because of an incomplete fix for CVE-2006-3619.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/124
user/audiofile: multiple vulnerabilities
2022-11-13T06:54:42Z
Emily
user/audiofile: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 124 |
| Alias(es) | CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,...
| | |
| --- | --- |
| Bugzilla ID | 124 |
| Alias(es) | CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839, CVE-2018-13440 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 04:13:10 -0500 |
| Modified | 2020-06-22 06:06:49 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/audiofile |
## Description
CVE-2017-6827: https://nvd.nist.gov/vuln/detail/CVE-2017-6827
> Heap-based buffer overflow in the MSADPCM::initializeCoefficients
> function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File
> Library) 0.3.6 allows remote attackers to have unspecified impact via
> a crafted audio file.
CVE-2017-6828: https://nvd.nist.gov/vuln/detail/CVE-2017-6828
> Heap-based buffer overflow in the readValue function in FileHandle.cpp
> in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows
> remote attackers to have unspecified impact via a crafted WAV file.
CVE-2017-6829: https://nvd.nist.gov/vuln/detail/CVE-2017-6829
> The decodeSample function in IMA.cpp in Audio File Library (aka
> audiofile) 0.3.6 allows remote attackers to cause a denial of service
> (crash) via a crafted file.
CVE-2017-6830: https://nvd.nist.gov/vuln/detail/CVE-2017-6830
> Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp
> in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to
> cause a denial of service (crash) via a crafted file.
CVE-2017-6831: https://nvd.nist.gov/vuln/detail/CVE-2017-6831
> Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp
> in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to
> cause a denial of service (crash) via a crafted file.
CVE-2017-6832: https://nvd.nist.gov/vuln/detail/CVE-2017-6832
> Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio
> File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
> denial of service (crash) via a crafted file.
CVE-2017-6833: https://nvd.nist.gov/vuln/detail/CVE-2017-6833
> The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio
> File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
> denial of service (divide-by-zero error and crash) via a crafted file.
CVE-2017-6834: https://nvd.nist.gov/vuln/detail/CVE-2017-6834
> Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp
> in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to
> cause a denial of service (crash) via a crafted file.
CVE-2017-6835: https://nvd.nist.gov/vuln/detail/CVE-2017-6835
> The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio
> File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
> denial of service (divide-by-zero error and crash) via a crafted file.
CVE-2017-6836: https://nvd.nist.gov/vuln/detail/CVE-2017-6836
> Heap-based buffer overflow in the Expand3To4Module::run function in
> libaudiofile/modules/SimpleModule.h in Audio File Library (aka
> audiofile) 0.3.6 allows remote attackers to cause a denial of service
> (crash) via a crafted file.
CVE-2017-6837: https://nvd.nist.gov/vuln/detail/CVE-2017-6837
> WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
> attackers to cause a denial of service (crash) via vectors related to
> a large number of coefficients.
CVE-2017-6838: https://nvd.nist.gov/vuln/detail/CVE-2017-6838
> Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka
> audiofile) 0.3.6 allows remote attackers to cause a denial of service
> (crash) via a crafted file.
CVE-2017-6839: https://nvd.nist.gov/vuln/detail/CVE-2017-6839
> Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka
> audiofile) 0.3.6 allows remote attackers to cause a denial of service
> (crash) via a crafted file.
1.0-BETA3