Received: from mail-oo1-xc30.google.com (mail-oo1-xc30.google.com [IPv6:2607:f8b0:4864:20::c30]) by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 539AE225892 for <~alpine/users@lists.alpinelinux.org>; Mon, 1 Apr 2024 00:08:53 +0000 (UTC) Received: by mail-oo1-xc30.google.com with SMTP id 006d021491bc7-5a53d5aaaa4so2050545eaf.2 for <~alpine/users@lists.alpinelinux.org>; Sun, 31 Mar 2024 17:08:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711930132; x=1712534932; darn=lists.alpinelinux.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :reply-to:in-reply-to:references:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Ry8vsLBg6RQ7fRIubuOP0C6I58F8Kvvq2Fj0IUo635Y=; b=WNbCWQ+TE7JT0mdRQraMl+T6HXB07CTFlSdzVrcyM/lFFN5PgbfMmKVYdv4VXdq6vj 3yLRHnJpDOXsZnhTt6kslGurjqNBKTruBQvnT+fmbGZqz/67PYbC5VD9PkpQyRB3ffvd JzIKZmUGMdL2MrXD0igdCCyP5WqwrrLAeH/6wLfwpIKO00rWU0b0/cFq6ikSwaO7tlC4 EyMET8/qUrzvgMYXZKyY+yuapp5VtfeVfZT6twAuNZjbXR0zlNGrBiTmCLDFi500Fllo Xdy2/WTXU3x9nKNxRbyMnI12563YPmMjLs8u15exai0Dn1N4aeR+ZJSCo+mNwsMSaB0P zyfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711930132; x=1712534932; h=content-transfer-encoding:cc:to:subject:message-id:date:from :reply-to:in-reply-to:references:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Ry8vsLBg6RQ7fRIubuOP0C6I58F8Kvvq2Fj0IUo635Y=; b=o8h41/lnyfFpDmAKvZyxtLwg0HFwpEg1f07+ARXM9Tl+5BKITzsRsF4Yqoe3/ozzSn 2r7eA9fjKd9MdnsDyQ8+Yio2RWSHZ5jotRCSSdIftv0IC5nUptbxK712IPcG+zxVHoin oof6q0IrvikmO5/FzL7qtcfjSOuu+K9Lzvvg9mCJ4rUYDTCb1cKF8htFGhG1zWg2xB3s a8ySWkn2ETP4azurocOdatXE9ar0iDbH815Guq/xZa0mKcByafHvNGf/7nbv1ieSv41A AGxt7JjwXRbvanDbC5Bpf+25BRpR35X50rDKmfE56+XtoWJkFMDgXqSlJ0dHtT4aK/Me 3xJQ== X-Gm-Message-State: AOJu0YxjxQx7ATA/aqTO7/kAj9rlHDxyr/Zub9JmHja9X1cEXGvkxQYx pp/jUKngNdwDt0V/yQ1kbURv31Y/wcvjgjBVKlfLm2rGd5wX04VOD10zxt8A1dDwKixYXWU9TAp cAragIr8fNnKb9s9buDQzRD4tQiORvuPto9s= X-Google-Smtp-Source: AGHT+IH/0kMUC+SEX5VrZ55M83LiH4jFkllcqLhrf5hriNiiUmcYhSowvHGlDSGoajLvtfvHsAv5gl3LrDN25IUdWA8= X-Received: by 2002:a4a:ec46:0:b0:5a4:f5b6:4ed4 with SMTP id q6-20020a4aec46000000b005a4f5b64ed4mr8181563ooj.8.1711930132086; Sun, 31 Mar 2024 17:08:52 -0700 (PDT) MIME-Version: 1.0 References: <1c614505-92f2-42b4-ba46-b227777e0d5b@lodispoto.com> In-Reply-To: Reply-To: noloader@gmail.com From: Jeffrey Walton Date: Sun, 31 Mar 2024 20:08:41 -0400 Message-ID: Subject: Re: XZ force downgrade led to removal of many packages To: Mike Lodispoto Cc: ~alpine/users@lists.alpinelinux.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, Mar 31, 2024 at 8:08=E2=80=AFPM Jeffrey Walton = wrote: > > On Sat, Mar 30, 2024 at 1:18=E2=80=AFAM Mike Lodispoto wrote: > > > > I was attempting to downgrade XZ because of the SSH backdoor in it. > > > > I'm not the most familiar with Alpine, so this might have been user ine= xperience that screwed me, but I did > > > > apk add xz-libs=3D5.4.6 --force > > > > I had tried it without force before, but it had said something along th= e lines of xz-libs is required by world. > > > > This ended up with a bunch of essential packages removed. > > > > certbot-nginx-pyc certbot-nginx certbot-pyc certbot py3-configargparse-= pyc py3-configargparse py3-distro-pyc py3-distro py3-distutils-extra-pyc py= 3-distutils-extra py3-parsedatetime-pyc py3 > > -parsedatetime py3-future-pyc py3-future py3-acme-pyc py3-acme py3-jose= py-pyc py3-josepy py3-pyrfc3339-pyc py3-pyrfc3339 py3-tz-pyc py3-tz py3-ope= nssl-pyc py3-openssl py3-cryptography-pyc p > > y3-cryptography py3-cffi-pyc py3-cffi py3-cparser-pyc py3-cparser cloud= -init-openrc cloud-init-doc cloud-init-pyc cloud-init cloud-utils-growpart = partx sfdisk py3-configobj-pyc py3-configob > > j py3-six-pyc py3-six py3-jinja2-doc py3-jinja2-pyc py3-jinja2 py3-mark= upsafe-pyc py3-markupsafe py3-jsonpatch-pyc py3-jsonpatch py3-jsonpointer-p= yc py3-jsonpointer py3-jsonschema-pyc py3-j > > sonschema py3-jsonschema-specifications-pyc py3-jsonschema-specificatio= ns py3-referencing-pyc py3-referencing py3-attrs-pyc py3-attrs py3-rpds-py-= pyc py3-rpds-py py3-requests-pyc py3-reques > > ts py3-certifi-pyc py3-certifi py3-charset-normalizer-pyc py3-charset-n= ormalizer py3-idna-pyc py3-idna py3-urllib3-pyc py3-urllib3 py3-yaml-pyc py= 3-yaml shadow-doc shadow tzdata-doc tzdata > > eudev-doc eudev-openrc eudev udev-init-scripts-openrc udev-init-scripts= eudev-libs gdbm-doc grub-bios grub-doc grub ifupdown-ng-iproute2 iproute2-= minimal iotop-pyc iotop-doc iotop json-c-do > > c kmod-doc libelf libfdisk libsmartcols libxml2-doc libzip-doc linux-pa= m-doc linux-virt mariadb-doc mariadb-openrc mkinitfs-doc mkinitfs kmod lddt= ree mpdecimal-doc mysql mariadb php7-cgi ph > > p7-fpm php7-simplexml php7-soap php7-xmlreader php7-dom php7-xmlrpc php= 7-xml php7-zip php81-doc php81 php81-common py3-packaging-pyc py3-parsing-p= yc py3-pip-pyc py3-pip-doc py3-pip py3-setu > > ptools-pyc py3-setuptools py3-packaging py3-parsing python3-doc python3= -pyc python3-pycache-pyc0 pyc yaml python3 kmod-libs libzip libxml2 xz-libs= cryptsetup-libs argon2-libs gdbm json-c li > > bpanelw linux-pam mpdecimal > > > > In my mind, force would have had it told me what packages were going to= be changed before applying them, so I could approve it like normal. > > > > Am I just completely screwed? I can do a clean install if needed, but I= 'd like to salvage my system. Whoops, sorry about the empty reply. Here's an important comment from oss-security mailing list message, : commit f9cf4c05edd14dedfe63833f8ccbe41b55823b00 (HEAD -> master, origin/master, origin/HEAD) Author: Lasse Collin Date: Sat Mar 30 14:36:28 2024 +0200 CMake: Fix sabotaged Landlock sandbox check. It never enabled it.