Adélie Linux issueshttps://git.adelielinux.org/groups/adelie/-/issues2022-10-17T06:45:22Zhttps://git.adelielinux.org/adelie/gcompat/-/issues/349`fopen("/proc/self/exe", ...)` opens the dynamic linker instead of the expect...2022-10-17T06:45:22ZS. Zeid`fopen("/proc/self/exe", ...)` opens the dynamic linker instead of the expected targetCalling `fopen("/proc/self/exe", "rb")` should return a stream for the file being executed. Instead, it returns a stream for the dynamic linker, e.g. `/lib/ld-musl-x86_64.so.1` on Alpine Linux edge x86_64 with gcompat-1.0.0-r4.
This le...Calling `fopen("/proc/self/exe", "rb")` should return a stream for the file being executed. Instead, it returns a stream for the dynamic linker, e.g. `/lib/ld-musl-x86_64.so.1` on Alpine Linux edge x86_64 with gcompat-1.0.0-r4.
This leads to AppImages failing to run with [the error message "This doesn't look like a squashfs image." from squashfuse](https://github.com/vasi/squashfuse/blob/e51978cd6bb5c4d16fae9eee43d0b258f570bb0f/util.c#L81-L82), since squashfuse is attempting to read the linker instead of the AppImage itself.
See <https://github.com/AppImage/AppImageKit/pull/1168>. However, that fix would only affect newly built AppImages. Existing AppImages would still have this problem.
Test case: [proc-self-exe-test.c](/uploads/c4863752016def85f2a79c9568b29f94/proc-self-exe-test.c)
Sample output: [proc-self-exe-test.out.txt](/uploads/26ed181d2883684000c5676c8aa10d6d/proc-self-exe-test.out.txt)https://git.adelielinux.org/adelie/horizon/-/issues/325Doesn't detect Network Connection on PPC KDE image2023-10-21T06:15:28ZAditya TulahalliDoesn't detect Network Connection on PPC KDE imageThis may be 2/3 separate issues, but I'll document the whole thing here anyway.
So first of all, ethernet connection doesn't work out of the box on a 1.5 ghz Powerbook, may have something to do with wpa_supplicant not starting somehow t...This may be 2/3 separate issues, but I'll document the whole thing here anyway.
So first of all, ethernet connection doesn't work out of the box on a 1.5 ghz Powerbook, may have something to do with wpa_supplicant not starting somehow triggering dhcpcd to not start. I originally created the eth0 service as documented [here](https://help.adelielinux.org/html/admin/networking.html), enabled it, and started it. Which seemed to connect me to the internet (ping worked, package management in the form of apk add and apk update/upgrade worked where it hadn't worked before)
But when I went to complete the install via horizon, it still got stuck at the part where I need to connect to the internet. the dhcpcd logs didn't exist either. I then started dhcpcd in the terminal (by simply typing dhcpcd) and tried again. Starting dhcpcd seemed to succeed, but Horizon still got stuck at the part where I supposedly needed to connect to the internet (I selected automatic connection) and once again, there were no logs for horizon to speak of.
So firstly, ethernet doesn't work out of the box on the ppc live image on what I think is a powerbook 5,4. Secondly, Horizon doesn't seem to properly detect when I've connected to the internet. And Thirdly, there are no dhcpcd logs for Horizon in the place indicated by Horizon (clicking the button leads to a blank page, and looking via the terminal at the file location reveals that it doesn't exist).0.9.9https://git.adelielinux.org/adelie/bootstrap/-/issues/3New admistrator-user is not added to the 'sudoers' list (KDE)2024-01-20T16:01:35ZRoland RenierNew admistrator-user is not added to the 'sudoers' list (KDE)If a new user account is created from KDE preferences and the 'administrator' option is selected, the user is not automatically added to the sudoers list (trying to use sudo gives an error message about that). In other distros with the '...If a new user account is created from KDE preferences and the 'administrator' option is selected, the user is not automatically added to the sudoers list (trying to use sudo gives an error message about that). In other distros with the 'administrator' option a new user can normally use sudo automatically.
Test environment: Adelie 1.0-Beta5 and AmigaOne X5040. 'Sudo' command has been installed.https://git.adelielinux.org/adelie/bootstrap/-/issues/2Netsurf 3.10 exits if preferences are opened (KDE only)2024-01-20T16:01:16ZRoland RenierNetsurf 3.10 exits if preferences are opened (KDE only)Netsurf 3.10 exits if the program's preferences are opened. This happens only if KDE is used. With MATE desktop this issue is not shown, and the prefs can be edited normally.
```
% netsurf-gtk3
(netsurf-gtk3:4253): GLib-ERROR **: 20:17...Netsurf 3.10 exits if the program's preferences are opened. This happens only if KDE is used. With MATE desktop this issue is not shown, and the prefs can be edited normally.
```
% netsurf-gtk3
(netsurf-gtk3:4253): GLib-ERROR **: 20:17:12.774: ../glib/gmem.c:205: failed to allocate 2147483648 bytes
zsh: trace trap netsurf-gtk3
```
Test environment: Adelie 1.0-Beta5 PPC (32-bit) and AmigaOne X5040.https://git.adelielinux.org/adelie/packages/-/issues/1161user/minizip: CVE-2023-45853: MiniZip in zlib through 1.3 has an integer over...2024-03-19T22:02:05ZZach van Rijnuser/minizip: CVE-2023-45853: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64As of writing, we are at `1.2.13` in `1.0-BETA5`. Latest is `1.3` but still has a vulnerability:
| Name | Description ...As of writing, we are at `1.2.13` in `1.0-BETA5`. Latest is `1.3` but still has a vulnerability:
| Name | Description |
|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2023-45853 | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. |
Upstream patch:
* https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c.patchhttps://git.adelielinux.org/adelie/packages/-/issues/1160user/aspell: multiple vulnerabilities2024-01-09T13:37:37ZZach van Rijnuser/aspell: multiple vulnerabilitiesWe are at `0.60.8` as of the `1.0-BETA5` tag. Latest available is `0.60.8.1`:
| Name | Description ...We are at `0.60.8` as of the `1.0-BETA5` tag. Latest available is `0.60.8.1`:
| Name | Description |
|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2019-25051 | objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). |
| CVE-2019-20433 | libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. |
| CVE-2019-17544 | libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. |
The release notes look like there's a typo (`0.68.8` vs. `0.60.8`):
```
From: Kevin Atkinson
Date: Tue, 19 Dec 2023
Subject: Aspell 0.60.8.1 Now Available
GNU Aspell 0.60.8.1 is now available at:
ftp://ftp.gnu.org/gnu/aspell/aspell-0.60.8.1.tar.gz
Changes from 0.68.8 to 0.68.8.1:
* Fix memory leak in suggestion code introduced in 0.60.8.
* Various documentation fixes.
* Fix various warnings when compiling with -Wall.
* Fix two buffer overflows found by Google’s OSS-Fuzz.
* Other minor updates.
```https://git.adelielinux.org/adelie/packages/-/issues/1159user/apr-util: CVE-2022-25147: Integer Overflow or Wraparound vulnerability i...2024-01-09T13:37:37ZZach van Rijnuser/apr-util: CVE-2022-25147: Integer Overflow or Wraparound vulnerability in apr_base64 functionsWe are at `1.6.1` as of the `1.0-BETA5` tag, latest is `1.6.3`:
| Name | Description |
|----------------|------------------------------------------------------------------...We are at `1.6.1` as of the `1.0-BETA5` tag, latest is `1.6.3`:
| Name | Description |
|----------------|--------------------------------------------------------------------|
| CVE-2022-25147 | Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. |
Reference: https://downloads.apache.org/apr/CHANGES-APR-UTIL-1.6
```
Changes with APR-util 1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
```https://git.adelielinux.org/adelie/packages/-/issues/1158user/apr: multiple vulnerabilities2024-01-09T13:37:37ZZach van Rijnuser/apr: multiple vulnerabilitiesWe are at `1.7.0` as of `1.0-BETA5` tag. Latest available is `1.7.4`.
| Name | Description ...We are at `1.7.0` as of `1.0-BETA5` tag. Latest available is `1.7.4`.
| Name | Description |
|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2022-24963 | Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. |
| CVE-2021-35940 | An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. |
The third CVE is Windows-specific.
Reference: https://downloads.apache.org/apr/CHANGES-APR-1.7
```
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
```https://git.adelielinux.org/adelie/packages/-/issues/1157user/apache-httpd: multiple vulnerabilities2024-01-09T13:37:37ZZach van Rijnuser/apache-httpd: multiple vulnerabilitiesReference: https://downloads.apache.org/httpd/CHANGES_2.4.58
```
Changes with Apache 2.4.58
*) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream
memory not reclaimed right away on RST (cve.mitre.org)
When a HTTP/2...Reference: https://downloads.apache.org/httpd/CHANGES_2.4.58
```
Changes with Apache 2.4.58
*) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream
memory not reclaimed right away on RST (cve.mitre.org)
When a HTTP/2 stream was reset (RST frame) by a client, there
was a time window were the request's memory resources were not
reclaimed immediately. Instead, de-allocation was deferred to
connection close. A client could send new requests and resets,
keeping the connection busy and open and causing the memory
footprint to keep on growing. On connection close, all resources
were reclaimed, but the process might run out of memory before
that.
This was found by the reporter during testing of CVE-2023-44487
(HTTP/2 Rapid Reset Exploit) with their own test client. During
"normal" HTTP/2 use, the probability to hit this bug is very
low. The kept memory would not become noticeable before the
connection closes or times out.
Users are recommended to upgrade to version 2.4.58, which fixes
the issue.
Credits: Will Dormann of Vul Labs
*) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with
initial windows size 0 (cve.mitre.org)
An attacker, opening a HTTP/2 connection with an initial window
size of 0, was able to block handling of that connection
indefinitely in Apache HTTP Server. This could be used to
exhaust worker resources in the server, similar to the well
known "slow loris" attack pattern.
This has been fixed in version 2.4.58, so that such connection
are terminated properly after the configured connection timeout.
This issue affects Apache HTTP Server: from 2.4.55 through
2.4.57.
Users are recommended to upgrade to version 2.4.58, which fixes
the issue.
Credits: Prof. Sven Dietrich (City University of New York)
*) SECURITY: CVE-2023-31122: mod_macro buffer over-read
(cve.mitre.org)
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP
Server.This issue affects Apache HTTP Server: through 2.4.57.
Credits: David Shoon (github/davidshoon)
```https://git.adelielinux.org/adelie/packages/-/issues/1155user/hyfetch: add package2023-12-05T04:53:38ZZach van Rijnuser/hyfetch: add package@mc680x0 added support for Adélie to Hyfetch, a fork of Neofetch:
* https://github.com/hykilpikonna/hyfetch/pull/218
This was merged and released with `1.4.11`
So let's package it.@mc680x0 added support for Adélie to Hyfetch, a fork of Neofetch:
* https://github.com/hykilpikonna/hyfetch/pull/218
This was merged and released with `1.4.11`
So let's package it.https://git.adelielinux.org/adelie/packages/-/issues/1154user/adelie-wallpapers: new default images need more crop margin for KDE (pos...2023-12-04T04:45:49ZZach van Rijnuser/adelie-wallpapers: new default images need more crop margin for KDE (possibly others)![Screenshot_vm1_2023-12-03_21_32_17](/uploads/2d5f9c788023cbced13addffe95ade66/Screenshot_vm1_2023-12-03_21_32_17.png)![Screenshot_vm1_2023-12-03_21_32_17](/uploads/2d5f9c788023cbced13addffe95ade66/Screenshot_vm1_2023-12-03_21_32_17.png)https://git.adelielinux.org/adelie/packages/-/issues/1153user/adelie-wallpapers: metadata not showing up in KDE2023-12-04T04:46:29ZZach van Rijnuser/adelie-wallpapers: metadata not showing up in KDESeeing these weird repeating entries, and no name/author information.
![Screenshot_vm1_2023-12-03_20_49_28](/uploads/e6048a644c8a1345c11465cc503354d7/Screenshot_vm1_2023-12-03_20_49_28.png)Seeing these weird repeating entries, and no name/author information.
![Screenshot_vm1_2023-12-03_20_49_28](/uploads/e6048a644c8a1345c11465cc503354d7/Screenshot_vm1_2023-12-03_20_49_28.png)https://git.adelielinux.org/adelie/packages/-/issues/1152user/gtkmm+3.0: FTBFS: ERROR: unable to select packages: cmd:xsltproc (virtual):2023-12-05T15:45:56ZZach van Rijnuser/gtkmm+3.0: FTBFS: ERROR: unable to select packages: cmd:xsltproc (virtual):```
ERROR: unable to select packages:
.makedepends-gtkmm+3.0-20231202.215518:
masked in: cache
satisfies: world[.makedepends-gtkmm+3.0=20231202.215518]
cmd:xsltproc (virtual):
note: please select one of the 'provided by'
...```
ERROR: unable to select packages:
.makedepends-gtkmm+3.0-20231202.215518:
masked in: cache
satisfies: world[.makedepends-gtkmm+3.0=20231202.215518]
cmd:xsltproc (virtual):
note: please select one of the 'provided by'
packages explicitly
provided by: libxslt
required by: .makedepends-gtkmm+3.0-20231202.215518[cmd:xsltproc]
>>> ERROR: gtkmm+3.0: builddeps failed
```https://git.adelielinux.org/adelie/packages/-/issues/1151user/pangomm: FTBFS: ERROR: unable to select packages: cmd:xsltproc (virtual):2023-12-05T15:45:56ZZach van Rijnuser/pangomm: FTBFS: ERROR: unable to select packages: cmd:xsltproc (virtual):```
ERROR: unable to select packages:
.makedepends-pangomm-20231202.203009:
masked in: cache
satisfies: world[.makedepends-pangomm=20231202.203009]
cmd:xsltproc (virtual):
note: please select one of the 'provided by'
...```
ERROR: unable to select packages:
.makedepends-pangomm-20231202.203009:
masked in: cache
satisfies: world[.makedepends-pangomm=20231202.203009]
cmd:xsltproc (virtual):
note: please select one of the 'provided by'
packages explicitly
provided by: libxslt
required by: .makedepends-pangomm-20231202.203009[cmd:xsltproc]
>>> ERROR: pangomm: builddeps failed
```https://git.adelielinux.org/adelie/packages/-/issues/1150user/cairomm: FTBFS: ERROR: unable to select packages: cmd:xsltproc (virtual):2023-12-05T15:45:56ZZach van Rijnuser/cairomm: FTBFS: ERROR: unable to select packages: cmd:xsltproc (virtual):```
ERROR: unable to select packages:
.makedepends-cairomm-20231202.201622:
masked in: cache
satisfies: world[.makedepends-cairomm=20231202.201622]
cmd:xsltproc (virtual):
note: please select one of the 'provided by'
...```
ERROR: unable to select packages:
.makedepends-cairomm-20231202.201622:
masked in: cache
satisfies: world[.makedepends-cairomm=20231202.201622]
cmd:xsltproc (virtual):
note: please select one of the 'provided by'
packages explicitly
provided by: libxslt
required by: .makedepends-cairomm-20231202.201622[cmd:xsltproc]
>>> ERROR: cairomm: builddeps failed
```https://git.adelielinux.org/adelie/packages/-/issues/1149user/atkmm: FTBFS: ERROR: unable to select packages: cmd:xsltproc (virtual):2023-12-05T15:45:56ZZach van Rijnuser/atkmm: FTBFS: ERROR: unable to select packages: cmd:xsltproc (virtual):```
ERROR: unable to select packages:
.makedepends-atkmm-20231202.194208:
masked in: cache
satisfies: world[.makedepends-atkmm=20231202.194208]
cmd:xsltproc (virtual):
note: please select one of the 'provided by'
...```
ERROR: unable to select packages:
.makedepends-atkmm-20231202.194208:
masked in: cache
satisfies: world[.makedepends-atkmm=20231202.194208]
cmd:xsltproc (virtual):
note: please select one of the 'provided by'
packages explicitly
provided by: libxslt
required by: .makedepends-atkmm-20231202.194208[cmd:xsltproc]
>>> ERROR: atkmm: builddeps failed
```https://git.adelielinux.org/adelie/packages/-/issues/1148user/glibmm: ERROR: unable to select packages: cmd:xsltproc (virtual):2023-12-05T15:45:56ZZach van Rijnuser/glibmm: ERROR: unable to select packages: cmd:xsltproc (virtual):```
ERROR: unable to select packages:
.makedepends-glibmm-20231202.192712:
masked in: cache
satisfies: world[.makedepends-glibmm=20231202.192712]
cmd:xsltproc (virtual):
note: please select one of the 'provided by'
...```
ERROR: unable to select packages:
.makedepends-glibmm-20231202.192712:
masked in: cache
satisfies: world[.makedepends-glibmm=20231202.192712]
cmd:xsltproc (virtual):
note: please select one of the 'provided by'
packages explicitly
provided by: libxslt
required by: .makedepends-glibmm-20231202.192712[cmd:xsltproc]
>>> ERROR: glibmm: builddeps failed
```https://git.adelielinux.org/adelie/packages/-/issues/1147user/opengfx: FTBFS: ERROR: unable to select packages: cmd:unix2dos (virtual):2023-12-05T15:45:56ZZach van Rijnuser/opengfx: FTBFS: ERROR: unable to select packages: cmd:unix2dos (virtual):```
ERROR: unable to select packages:
.makedepends-opengfx-20231202.183859:
masked in: cache
satisfies: world[.makedepends-opengfx=20231202.183859]
cmd:unix2dos (virtual):
note: please select one of the 'provided by'
...```
ERROR: unable to select packages:
.makedepends-opengfx-20231202.183859:
masked in: cache
satisfies: world[.makedepends-opengfx=20231202.183859]
cmd:unix2dos (virtual):
note: please select one of the 'provided by'
packages explicitly
provided by: dos2unix
required by: .makedepends-opengfx-20231202.183859[cmd:unix2dos]
>>> ERROR: opengfx: builddeps failed
```https://git.adelielinux.org/adelie/packages/-/issues/1146user/perl-dbd-pg: FTBFS: ERROR: unable to select packages: cmd:locale (virtual):2023-12-05T15:45:56ZZach van Rijnuser/perl-dbd-pg: FTBFS: ERROR: unable to select packages: cmd:locale (virtual):```
ERROR: unable to select packages:
.makedepends-perl-dbd-pg-20231202.182938:
masked in: cache
satisfies: world[.makedepends-perl-dbd-pg=20231202.182938]
cmd:locale (virtual):
note: please select one of the 'provided by...```
ERROR: unable to select packages:
.makedepends-perl-dbd-pg-20231202.182938:
masked in: cache
satisfies: world[.makedepends-perl-dbd-pg=20231202.182938]
cmd:locale (virtual):
note: please select one of the 'provided by'
packages explicitly
provided by: musl-locales
required by: .makedepends-perl-dbd-pg-20231202.182938[cmd:locale]
>>> ERROR: perl-dbd-pg: builddeps failed
```https://git.adelielinux.org/adelie/packages/-/issues/1145[meta] find and fix packages that cannot resolve single virtual dependency2023-12-03T14:08:41ZZach van Rijn[meta] find and fix packages that cannot resolve single virtual dependencySome packages fail to build with:
```
ERROR: unable to select packages:
.makedepends-recode-20231201.134540:
masked in: cache
satisfies: world[.makedepends-recode=20231201.134540]
cmd:lex (virtual):
note: please select o...Some packages fail to build with:
```
ERROR: unable to select packages:
.makedepends-recode-20231201.134540:
masked in: cache
satisfies: world[.makedepends-recode=20231201.134540]
cmd:lex (virtual):
note: please select one of the 'provided by'
packages explicitly
provided by: flex
required by: .makedepends-recode-20231201.134540[cmd:lex]
>>> ERROR: recode: builddeps failed
```
See also:
* apk-tools@3b013f458225c2ad8a0d96ec3eb3dde2533e0312
* https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10810
* 64e35b236419b9b654122da04a616d76d6270f7f