Adélie Linux issueshttps://git.adelielinux.org/groups/adelie/-/issues2020-05-11T13:31:54Zhttps://git.adelielinux.org/adelie/docs/-/issues/2Installation Handbook: Chapter 1: Maybe don't use `/dev/sdX` as target device...2020-05-11T13:31:54ZMichael SiegelInstallation Handbook: Chapter 1: Maybe don't use `/dev/sdX` as target device name parameter for `dd` command.I've just realized that, in the instructions on how to create a bootable installation medium on Linux or BSD, I used `/dev/sdX` as the parameter for the target device. However, `sd[[:alpha:]]` seems to be a Linux thing. On BSD, device na...I've just realized that, in the instructions on how to create a bootable installation medium on Linux or BSD, I used `/dev/sdX` as the parameter for the target device. However, `sd[[:alpha:]]` seems to be a Linux thing. On BSD, device names may look quite different. The [chapter on creating installation media](https://www.openbsd.org/faq/faq4.html#MkInsMedia) in the OpenBSD FAQ says a few things about that.https://git.adelielinux.org/adelie/gcompat/-/issues/302Cannot build gcompat in Ubuntu 18.042021-05-12T03:50:15ZEmilyCannot build gcompat in Ubuntu 18.04| | |
| --- | --- |
| Bugzilla ID | 302 |
| Reporter | Nikos Dragazis |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-11 06:19:10 -0500 |
| Modified | 2020-06-23 11:28:42 -0500 |
| Status | CONFIRMED |
| Version | 0.2.0 |
| ...| | |
| --- | --- |
| Bugzilla ID | 302 |
| Reporter | Nikos Dragazis |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-11 06:19:10 -0500 |
| Modified | 2020-06-23 11:28:42 -0500 |
| Status | CONFIRMED |
| Version | 0.2.0 |
| Hardware | Other Linux / Intel x86 (64-bit) |
| Importance | --- / blocker |
## Description
OS: Ubuntu 18.04 (bionic)
kernel: 5.3.0-53-generic
arch: x86_64
gcompat version: https://github.com/AdelieLinux/gcompat
Steps to reproduce:
$ cd gcompat
$ make
Actual output:
cc -c -D_BSD_SOURCE \
-DLIBGCOMPAT='"/lib/libgcompat.so.0"' \
-DLINKER='""' -DLOADER='"ld-linux.so.2"' \
-fPIC -Ilibgcompat -std=c99 \
-Wall -Wextra -Wno-frame-address -Wno-unused-parameter \
-o libgcompat/ctype.o libgcompat/ctype.c
cc -c -D_BSD_SOURCE \
-DLIBGCOMPAT='"/lib/libgcompat.so.0"' \
-DLINKER='""' -DLOADER='"ld-linux.so.2"' \
-fPIC -Ilibgcompat -std=c99 \
-Wall -Wextra -Wno-frame-address -Wno-unused-parameter \
-o libgcompat/cxx_thread.o libgcompat/cxx_thread.c
In file included from /usr/include/pthread.h:21:0,
from libgcompat/cxx_thread.c:1:
/usr/include/features.h:184:3: warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp]
# warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
^~~~~~~
cc -c -D_BSD_SOURCE \
-DLIBGCOMPAT='"/lib/libgcompat.so.0"' \
-DLINKER='""' -DLOADER='"ld-linux.so.2"' \
-fPIC -Ilibgcompat -std=c99 \
-Wall -Wextra -Wno-frame-address -Wno-unused-parameter \
-o libgcompat/dlfcn.o libgcompat/dlfcn.c
In file included from /usr/include/dlfcn.h:22:0,
from libgcompat/dlfcn.c:1:
/usr/include/features.h:184:3: warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp]
# warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
^~~~~~~
cc -c -D_BSD_SOURCE \
-DLIBGCOMPAT='"/lib/libgcompat.so.0"' \
-DLINKER='""' -DLOADER='"ld-linux.so.2"' \
-fPIC -Ilibgcompat -std=c99 \
-Wall -Wextra -Wno-frame-address -Wno-unused-parameter \
-o libgcompat/error.o libgcompat/error.c
In file included from /usr/include/errno.h:25:0,
from libgcompat/error.c:2:
/usr/include/features.h:184:3: warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp]
# warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
^~~~~~~
cc -c -D_BSD_SOURCE \
-DLIBGCOMPAT='"/lib/libgcompat.so.0"' \
-DLINKER='""' -DLOADER='"ld-linux.so.2"' \
-fPIC -Ilibgcompat -std=c99 \
-Wall -Wextra -Wno-frame-address -Wno-unused-parameter \
-o libgcompat/execinfo.o libgcompat/execinfo.c
In file included from /usr/include/dlfcn.h:22:0,
from libgcompat/execinfo.c:1:
/usr/include/features.h:184:3: warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp]
# warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
^~~~~~~
libgcompat/execinfo.c: In function ‘backtrace_symbols’:
libgcompat/execinfo.c:53:3: error: unknown type name ‘Dl_info’
Dl_info info;
^~~~~~~
libgcompat/execinfo.c:55:7: warning: implicit declaration of function ‘dladdr’ [-Wimplicit-function-declaration]
if (dladdr(array[i], &info) && info.dli_sname != NULL) {
^~~~~~
libgcompat/execinfo.c:55:38: error: request for member ‘dli_sname’ in something not a structure or union
if (dladdr(array[i], &info) && info.dli_sname != NULL) {
^
libgcompat/execinfo.c:56:20: error: request for member ‘dli_sname’ in something not a structure or union
result[i] = info.dli_sname;
^
libgcompat/execinfo.c: In function ‘backtrace_symbols_fd’:
libgcompat/execinfo.c:73:3: error: unknown type name ‘Dl_info’
Dl_info info;
^~~~~~~
libgcompat/execinfo.c:77:38: error: request for member ‘dli_sname’ in something not a structure or union
if (dladdr(array[i], &info) && info.dli_sname != NULL) {
^
libgcompat/execinfo.c:78:15: error: request for member ‘dli_sname’ in something not a structure or union
line = info.dli_sname;
^
Makefile:79: recipe for target 'libgcompat/execinfo.o' failed
make: *** [libgcompat/execinfo.o] Error 1
Expected output:
It should be compiling successfully.1.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/311user/grub: add arm-smmu.disable_bypass=n quirk for Cavium ThunderX2023-11-12T02:39:23ZEmilyuser/grub: add arm-smmu.disable_bypass=n quirk for Cavium ThunderX| | |
| --- | --- |
| Bugzilla ID | 311 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-19 18:50:33 -0500 |
| Modified | 2020-06-22 06:03:19 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...| | |
| --- | --- |
| Bugzilla ID | 311 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-19 18:50:33 -0500 |
| Modified | 2020-06-22 06:03:19 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / [Community] ARM (64-bit) |
| Importance | --- / normal |
| Package(s) | user/grub |
| See also | https://bugzilla.redhat.com/show_bug.cgi?id=1734557 |
## Description
Linux >= 5.2 contains the following commit, which breaks boot on Cavium ThunderX machines because the Gigabyte devicetree it uses is broken:
https://github.com/gregkh/linux/commit/954a03be033c7cef80ddc232e7cbdb17df735663
We need arm-smmu.disable_bypass=n on these machines.
The "see also" RH bug mentions that iommu.passthrough=1 may also be necessary, but it did not seem needed in order to boot athena.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/313user/bash-completion: 2.10 FTTFS with manpage-related failures2021-11-04T02:07:36ZEmilyuser/bash-completion: 2.10 FTTFS with manpage-related failures| | |
| --- | --- |
| Bugzilla ID | 313 |
| Reporter | Kiyoshi Aman |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-19 21:57:31 -0500 |
| Modified | 2020-06-22 06:03:02 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| ...| | |
| --- | --- |
| Bugzilla ID | 313 |
| Reporter | Kiyoshi Aman |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-19 21:57:31 -0500 |
| Modified | 2020-06-22 06:03:02 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / Intel x86 (64-bit) |
| Importance | --- / normal |
| Package(s) | user/bash-completion |
## Description
* TestAclocal.test_1
* TestGetconf.test_1
* TestIfdown.test_1
* TestIfup.test_1
* TestLdd.test_options
* TestMan.test_1
* TestMan.test_4
* TestMan.test_6
* TestMan.test_8
* TestMan.test_101.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/333user/openjdk8: multiple vulnerabilities2023-01-05T19:09:25ZEmilyuser/openjdk8: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 333 |
| Alias(es) | CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14664, CVE-2020-14779, CVE-2020-14781, CVE...| | |
| --- | --- |
| Bugzilla ID | 333 |
| Alias(es) | CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14664, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-16 18:39:18 -0500 |
| Modified | 2020-10-26 01:43:04 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/openjdk |
| URL | https://www.oracle.com/security-alerts/cpujul2020.html |
## Description
CVE-2020-14556: Better ForkJoinPool behavior
CVE-2020-14577: Enhance certificate verification
CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
CVE-2020-14581: Better matrix operations
CVE-2020-14583: Better Buffer support
CVE-2020-14593: Less Affine Transformations
CVE-2020-14621: Better XML namespace handling
Fixed in >= OpenJDK 8u262 https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-July/012143.html
Waiting on icedtea 3.17.0 to drop https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3787
Note: the Oracle advisory mentions that CVE-2020-14664 affects 8u251 as well. It is unclear whether this was already addressed in 8u252 (unlikely) or does not affect OpenJDK/IcedTea. I could not find any references in their bug trackers, nor on RedHat's bug tracker.1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/335user/librsvg: CVE-2017-11464: box_blur_line division by zero2022-11-13T00:59:28ZEmilyuser/librsvg: CVE-2017-11464: box_blur_line division by zero| | |
| --- | --- |
| Bugzilla ID | 335 |
| Alias(es) | CVE-2017-11464 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-22 13:18:53 -0500 |
| Modified | 2020-07-22 13:18:53 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 335 |
| Alias(es) | CVE-2017-11464 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-22 13:18:53 -0500 |
| Modified | 2020-07-22 13:18:53 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/librsvg |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2017-11464 |
## Description
> A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in
> GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file,
> because of incorrect protection against division by zero.
https://gitlab.gnome.org/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/360user/nextcloud-client: multiple vulnerabilities2023-01-05T19:15:44ZEmilyuser/nextcloud-client: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 360 |
| Alias(es) | CVE-2020-8189, CVE-2020-8224, CVE-2020-8227 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-10-26 01:02:58 -0500 |
| Modified | 2020-10-2...| | |
| --- | --- |
| Bugzilla ID | 360 |
| Alias(es) | CVE-2020-8189, CVE-2020-8224, CVE-2020-8227 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-10-26 01:02:58 -0500 |
| Modified | 2020-10-26 01:02:58 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/nextcloud-client |
## Description
CVE-2020-8227: https://nvd.nist.gov/vuln/detail/CVE-2020-8227
> Missing sanitization of a server response in Nextcloud Desktop Client
> 2.6.4 for Linux allowed a malicious Nextcloud Server to store files
> outside of the dedicated sync directory.
CVE-2020-8224: https://nvd.nist.gov/vuln/detail/CVE-2020-8224
> A code injection in Nextcloud Desktop Client 2.6.4 allowed to load
> arbitrary code when placing a malicious OpenSSL config into a fixed
> directory.
CVE-2020-8189: https://nvd.nist.gov/vuln/detail/CVE-2020-8189
> A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed
> to present any html (including local links) when responding with
> invalid data on the login attempt.
All fixed in >= 2.6.51.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/370system/openrc: CVE-2018-21269: checkpath symlink attack in non-terminal path ...2022-11-12T22:39:08ZEmilysystem/openrc: CVE-2018-21269: checkpath symlink attack in non-terminal path components| | |
| --- | --- |
| Bugzilla ID | 370 |
| Alias(es) | CVE-2018-21269 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-19 21:08:28 -0600 |
| Modified | 2020-11-24 17:40:00 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 370 |
| Alias(es) | CVE-2018-21269 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-19 21:08:28 -0600 |
| Modified | 2020-11-24 17:40:00 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/openrc |
## Description
No official fix yet https://github.com/OpenRC/openrc/issues/2011.0-RELEASEA. WilcoxA. Wilcoxhttps://git.adelielinux.org/adelie/packages/-/issues/373user/py3-cryptography: CVE-2020-25659: RSA decryption timing oracle attack2022-11-13T00:32:58ZEmilyuser/py3-cryptography: CVE-2020-25659: RSA decryption timing oracle attack| | |
| --- | --- |
| Bugzilla ID | 373 |
| Alias(es) | CVE-2020-25659 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:28:06 -0600 |
| Modified | 2020-11-21 22:28:06 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 373 |
| Alias(es) | CVE-2020-25659 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:28:06 -0600 |
| Modified | 2020-11-21 22:28:06 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/py3-cryptography |
## Description
Fixed in >= 3.2 https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d4941.0-RC2A. WilcoxA. Wilcoxhttps://git.adelielinux.org/adelie/packages/-/issues/383user/avahi: group avahi's gid conflicts with qmail2023-01-05T19:21:09ZEmilyuser/avahi: group avahi's gid conflicts with qmail| | |
| --- | --- |
| Bugzilla ID | 383 |
| Reporter | Lee Starnes |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-11-22 00:23:37 -0600 |
| Modified | 2020-11-22 00:24:57 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| H...| | |
| --- | --- |
| Bugzilla ID | 383 |
| Reporter | Lee Starnes |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-11-22 00:23:37 -0600 |
| Modified | 2020-11-22 00:24:57 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/avahi |
## Description
The avahi package tries to install a group with gid 201, which is already taken by the qmail group. This causes avahi's pre-install script to fail to create the groups and users, which also prevents avahi-daemon from working.1.0-RC2https://git.adelielinux.org/adelie/image/-/issues/384Black bars on G5 with GeForce 7800 GT2021-05-12T03:59:19ZEmilyBlack bars on G5 with GeForce 7800 GT| | |
| --- | --- |
| Bugzilla ID | 384 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-25 16:42:59 -0600 |
| Modified | 2020-11-25 16:45:22 -0600 |
| Status | CONFIRMED |
| Version | 1.0-R...| | |
| --- | --- |
| Bugzilla ID | 384 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-25 16:42:59 -0600 |
| Modified | 2020-11-25 16:45:22 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / PowerPC (64-bit) |
| Importance | --- / normal |
## Description
This doesn't appear to be a marco compositing issue - reporter tried re-logging in with compositing disabled and the issue persisted (unless it is a separate bug from the artifacts produced by sddm).
The menus in mate-panel are still usable when clicked, but obscured by the black bar.
Could be a nouveau or mesa issue.1.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/387user/xdg-utils: CVE-2020-27748: mailto:?attach=... considered harmful2021-11-04T03:59:43ZEmilyuser/xdg-utils: CVE-2020-27748: mailto:?attach=... considered harmful| | |
| --- | --- |
| Bugzilla ID | 387 |
| Alias(es) | CVE-2020-27748 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-28 17:06:15 -0600 |
| Modified | 2020-11-28 17:06:15 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 387 |
| Alias(es) | CVE-2020-27748 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-28 17:06:15 -0600 |
| Modified | 2020-11-28 17:06:15 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/xdg-utils |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-27748 |
## Description
No fix yet https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/1771.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/389user/x11vnc: CVE-2020-29074: world-r/w shmget created2021-11-04T04:07:52ZEmilyuser/x11vnc: CVE-2020-29074: world-r/w shmget created| | |
| --- | --- |
| Bugzilla ID | 389 |
| Alias(es) | CVE-2020-29074 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-01 12:09:05 -0600 |
| Modified | 2020-12-01 12:09:05 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 389 |
| Alias(es) | CVE-2020-29074 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-01 12:09:05 -0600 |
| Modified | 2020-12-01 12:09:05 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/x11vnc |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-29074 |
## Description
Unreleased fix https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/390user/xorg-server: multiple vulnerabilities2021-05-12T03:24:39ZEmilyuser/xorg-server: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 390 |
| Alias(es) | CVE-2020-14360, CVE-2020-25712 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-01 12:19:16 -0600 |
| Modified | 2020-12-01 12:19:16 -0...| | |
| --- | --- |
| Bugzilla ID | 390 |
| Alias(es) | CVE-2020-14360, CVE-2020-25712 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-01 12:19:16 -0600 |
| Modified | 2020-12-01 12:19:16 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
| Package(s) | user/xorg-server |
| URL | https://www.openwall.com/lists/oss-security/2020/12/01/3 |
## Description
> These issues can lead to privileges elevations for authorized clients
> on systems where the X server is running privileged.
>
> * CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access
>
> Insufficient checks on the lengths of the XkbSetMap request can lead to
> out of bounds memory accesses in the X server.
Fixed in >= 1.20.10 https://gitlab.freedesktop.org/xorg/xserver/-/commit/06d1a032ee491547f7037c3ff042065dc2aeaa99
> * CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow
>
> Insufficient checks on input of the XkbSetDeviceInfo request can lead
> to a buffer overflow on the head in the X server.
Fixed in >= 1.20.10 https://gitlab.freedesktop.org/xorg/xserver/-/commit/7ccb3b0eabb4658daf0ecb2c78a53609ae2c263b1.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/392user/telegram: multiple vulnerabilities2023-01-06T00:27:01ZEmilyuser/telegram: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 392 |
| Alias(es) | CVE-2020-12474, CVE-2020-17448 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-03 23:34:25 -0600 |
| Modified | 2020-12-03 23:34:25 -0...| | |
| --- | --- |
| Bugzilla ID | 392 |
| Alias(es) | CVE-2020-12474, CVE-2020-17448 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-03 23:34:25 -0600 |
| Modified | 2020-12-03 23:34:25 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/telegram |
## Description
CVE-2020-12474: Fixed in >~ 2.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12474
CVE-2020-17448: Fixed in >~ 2.2 https://nvd.nist.gov/vuln/detail/CVE-2020-174481.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/395user/gdk-pixbuf: CVE-2020-29385: lzw_decoder_feed infinite loop2021-11-04T04:14:02ZEmilyuser/gdk-pixbuf: CVE-2020-29385: lzw_decoder_feed infinite loop| | |
| --- | --- |
| Bugzilla ID | 395 |
| Alias(es) | CVE-2020-29385 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-09 17:42:40 -0600 |
| Modified | 2020-12-09 17:42:40 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 395 |
| Alias(es) | CVE-2020-29385 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-09 17:42:40 -0600 |
| Modified | 2020-12-09 17:42:40 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/gdk-pixbuf |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-29385 |
## Description
CVE-2020-29385: Fixed in >= 2.42.2 https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bdd3acbd48a575d418ba6bf1b32d7bda2fae1c811.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/396system/easy-kernel: Enable CONFIG_MOUSE_PS2_ELANTECH2023-01-05T19:23:40ZEmilysystem/easy-kernel: Enable CONFIG_MOUSE_PS2_ELANTECH| | |
| --- | --- |
| Bugzilla ID | 396 |
| Reporter | Bobby Bingham |
| Assignee | Horst Burkhardt (mc68030) |
| Reported | 2020-12-20 15:21:54 -0600 |
| Modified | 2020-12-20 15:21:54 -0600 |
| Status | CONFIRMED |
| Version | 1.0-R...| | |
| --- | --- |
| Bugzilla ID | 396 |
| Reporter | Bobby Bingham |
| Assignee | Horst Burkhardt (mc68030) |
| Reported | 2020-12-20 15:21:54 -0600 |
| Modified | 2020-12-20 15:21:54 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / enhancement |
## Description
Can a future version of easy-kernel enable CONFIG_MOUSE_PS2_ELANTECH?
It's required for some of the features on my laptop's touchpad.1.0-RC2A. WilcoxA. Wilcoxhttps://git.adelielinux.org/adelie/packages/-/issues/399[meta] Cinnamon2023-11-15T23:52:49ZSíle Ekaterin Liszka[meta] CinnamonPackage the Cinnamon desktop.Package the Cinnamon desktop.Post 1.0Síle Ekaterin LiszkaSíle Ekaterin Liszkahttps://git.adelielinux.org/adelie/packages/-/issues/400[meta] Pantheon2023-11-15T23:52:44ZSíle Ekaterin Liszka[meta] PantheonPackage the Pantheon desktop (produced by ElementaryOS).Package the Pantheon desktop (produced by ElementaryOS).Post 1.0Síle Ekaterin LiszkaSíle Ekaterin Liszkahttps://git.adelielinux.org/adelie/packages/-/issues/402user/kdenlive: hangs on live medium2023-01-05T19:25:56Zdimitsosuser/kdenlive: hangs on live mediumWhen trying to open kdenlive from live medium, it hangs on the splash screen. Output from Konsole:
```
live on adelie-live ~ % kdenlive
Using modified system locale without group separator for numbers
LC_NUMERIC reset to C
NEW LC_ALL C....When trying to open kdenlive from live medium, it hangs on the splash screen. Output from Konsole:
```
live on adelie-live ~ % kdenlive
Using modified system locale without group separator for numbers
LC_NUMERIC reset to C
NEW LC_ALL C.UTF-8;C;C;C;C;C
Metadata for "avcolour_space" is invalid.
WARNING : Fails to parse "avcolour_space"
Metadata for "avcolor_space" is invalid.
WARNING : Fails to parse "avcolor_space"
Metadata for "avdeinterlace" is invalid.
WARNING : Fails to parse "avdeinterlace"
Metadata for "swscale" is invalid.
WARNING : Fails to parse "swscale"
"avfilter.abench" is blacklisted
"avfilter.acompressor" is blacklisted
"avfilter.adelay" is blacklisted
"avfilter.aecho" is blacklisted
"avfilter.aemphasis" is blacklisted
"avfilter.aeval" is blacklisted
"avfilter.afade" is blacklisted
"avfilter.afftfilt" is blacklisted
"avfilter.agate" is blacklisted
"avfilter.ametadata" is blacklisted
"avfilter.arealtime" is blacklisted
"avfilter.ashowinfo" is blacklisted
"avfilter.channelmap" is blacklisted
"avfilter.chorus" is blacklisted
"avfilter.earwax" is blacklisted
"avfilter.volume" is blacklisted
"avfilter.volumedetect" is blacklisted
"avfilter.atadenoise" is blacklisted
"avfilter.avgblur" is blacklisted
"avfilter.bbox" is blacklisted
"avfilter.bench" is blacklisted
"avfilter.blackdetect" is blacklisted
"avfilter.blackframe" is blacklisted
"avfilter.boxblur" is blacklisted
"avfilter.bwdif" is blacklisted
"avfilter.chromakey" is blacklisted
"avfilter.colorkey" is blacklisted
"avfilter.colormatrix" is blacklisted
"avfilter.colorspace" is blacklisted
"avfilter.convolution" is blacklisted
"avfilter.crop" is blacklisted
"avfilter.cropdetect" is blacklisted
"avfilter.curves" is blacklisted
"avfilter.datascope" is blacklisted
"avfilter.dctdnoiz" is blacklisted
"avfilter.deband" is blacklisted
"avfilter.deflate" is blacklisted
"avfilter.deinterlace_vaapi" is blacklisted
"avfilter.deshake" is blacklisted
"avfilter.despill" is blacklisted
"avfilter.doubleweave" is blacklisted
"avfilter.drawbox" is blacklisted
"avfilter.drawgraph" is blacklisted
"avfilter.drawgrid" is blacklisted
"avfilter.drawtext" is blacklisted
"avfilter.elbg" is blacklisted
"avfilter.eq" is blacklisted
"avfilter.fade" is blacklisted
"avfilter.field" is blacklisted
"avfilter.fieldhint" is blacklisted
"avfilter.fieldorder" is blacklisted
"avfilter.find_rect" is blacklisted
"avfilter.floodfill" is blacklisted
"avfilter.fspp" is blacklisted
"avfilter.gblur" is blacklisted
"avfilter.geq" is blacklisted
"avfilter.hflip" is blacklisted
"avfilter.hqdn3d" is blacklisted
"avfilter.hqx" is blacklisted
"avfilter.hue" is blacklisted
"avfilter.hwdownload" is blacklisted
"avfilter.idet" is blacklisted
"avfilter.il" is blacklisted
"avfilter.lenscorrection" is blacklisted
"avfilter.loop" is blacklisted
"avfilter.lumakey" is blacklisted
"avfilter.lut" is blacklisted
"avfilter.lutrgb" is blacklisted
"avfilter.lutyuv" is blacklisted
"avfilter.mcdeint" is blacklisted
"avfilter.metadata" is blacklisted
"avfilter.negate" is blacklisted
"avfilter.nlmeans" is blacklisted
"avfilter.nnedi" is blacklisted
"avfilter.owdenoise" is blacklisted
"avfilter.pad" is blacklisted
"avfilter.perspective" is blacklisted
"avfilter.phase" is blacklisted
"avfilter.pixscope" is blacklisted
"avfilter.pp" is blacklisted
"avfilter.pp7" is blacklisted
"avfilter.prewitt" is blacklisted
"avfilter.realtime" is blacklisted
"avfilter.removegrain" is blacklisted
"avfilter.removelogo" is blacklisted
"avfilter.roberts" is blacklisted
"avfilter.rotate" is blacklisted
"avfilter.scale_vaapi" is blacklisted
"avfilter.showinfo" is blacklisted
"avfilter.shuffleframes" is blacklisted
"avfilter.sidedata" is blacklisted
"avfilter.signalstats" is blacklisted
"avfilter.sobel" is blacklisted
"avfilter.stereo3d" is blacklisted
"avfilter.super2xsai" is blacklisted
"avfilter.swapuv" is blacklisted
"avfilter.tblend" is blacklisted
"avfilter.tlut2" is blacklisted
"avfilter.tonemap" is blacklisted
"avfilter.transpose" is blacklisted
"avfilter.vectorscope" is blacklisted
"avfilter.vflip" is blacklisted
"avfilter.vignette" is blacklisted
"avfilter.vmafmotion" is blacklisted
"avfilter.w3fdif" is blacklisted
"avfilter.xbr" is blacklisted
"avfilter.yadif" is blacklisted
"avfilter.zoompan" is blacklisted
Metadata for "swresample" is invalid.
WARNING : Fails to parse "swresample"
Metadata for "audiochannels" is invalid.
WARNING : Fails to parse "audiochannels"
Metadata for "audioconvert" is invalid.
WARNING : Fails to parse "audioconvert"
```