~ncopa

Recent activity

Re: Package update a month ago

From Natanael Copa to ~alpine/users

On Sat, 20 Aug 2022 19:22:24 +0200
Fabien <box@fgautreau.net> wrote:

> Hi,
> 
> I have a question relative to alpine package management
> 
> When a package is updated on main/community branch is it only security 
> update or could be feature update too ?

If you use edge repository it may be feature updates too.

For latest stable branch, currently v3.16, we do security fixes and bug
fixes for both main and community.

Re: Origin of /etc/periodic in Alpine a month ago

From Natanael Copa to ~alpine/users

Hi,

On Sat, 20 Aug 2022 12:45:24 -0500
Jordan Christiansen <xordspar0@gmail.com> wrote:

> Does anyone know the history of /etc/periodic in Alpine? As far as I 
> know, periodic was invented by FreeBSD[1], and I haven't found any 
> other systems that support it, not even other BSDs. I think the 
> implementation of periodic in Alpine[2] is very simple and elegant. 
> FreeBSD's implementation may have a couple extra features, but it's 
> also a standalone program with an associated config file. In Alpine, 5 
> lines in the default crontab are enough to give us 95% of the features.
> 
> Whose idea was this? Does any other Linux distro support periodic?

Alpine 3.13.12, 3.14.8 and 3.15.6 released a month ago

From Natanael Copa to ~alpine/announce

The Alpine Linux project is pleased to announce the immediate
availability of new stable releases:

- [3.13.12](https://git.alpinelinux.org/aports/log/?h=v3.13.12)
- [3.14.8](https://git.alpinelinux.org/aports/log/?h=v3.14.8)
- [3.15.6](https://git.alpinelinux.org/aports/log/?h=v3.15.6)
- [3.16.2](https://git.alpinelinux.org/aports/log/?h=v3.16.2)

Those releases fixes zlib
[CVE-2022-37434](https://security.alpinelinux.org/vuln/CVE-2022-37434).

-nc

OpenSSL 3 pushed to git master a month ago

From Natanael Copa to ~alpine/devel

Hi!

I have pushed openssl3 to git master.

Majority of the main and community packages built fine in my x86_64 LXC.

I was able to build approx half of the testing packages as well, but
not all.

There might be some packages that needs fixes still and it might take
another day before community repo is done.

Sorry for the inconvenience.

Alpine 3.16.1 released 2 months ago

From Natanael Copa to ~alpine/announce

The Alpine Linux project is pleased to announce the immediate
availability of version 3.16.1 of its Alpine Linux operating system.

This release includes various security fixes, including:

- busybox: https://security.alpinelinux.org/vuln/CVE-2022-30065
- openssl: https://security.alpinelinux.org/vuln/CVE-2022-2097

The full lists of changes can be found in the git log[1]

[1]: http://git.alpinelinux.org/aports/log/?h=v3.16.1

Git Shortlog
------------

Alpine 3.13.11, 3.14.7 and 3.15.5 released 2 months ago

From Natanael Copa to ~alpine/announce

The Alpine Linux project is pleased to announce the immediate
availability of new stable releases:

- [3.13.11](https://git.alpinelinux.org/aports/log/?h=v3.13.11)
- [3.14.7](https://git.alpinelinux.org/aports/log/?h=v3.14.7)
- [3.15.5](https://git.alpinelinux.org/aports/log/?h=v3.15.5)

Those releases fixes:

- busybox [CVE-2022-30065](https://security.alpinelinux.org/vuln/CVE-2022-28391)
- openssl [CVE-2022-2097](https://security.alpinelinux.org/vuln/CVE-2022-2097)

Re: Microsoft acquires SystemD 2 months ago

From Natanael Copa to ~alpine/devel

On Fri, 08 Jul 2022 09:52:52 +0000
Jakub Panek <me@panekj.dev> wrote:

> > >> ok not quite...  
> > >  
> > >> https://www.phoronix.com/scan.php?page=news_item&px=Systemd-Creator-Microsoft  
> > >  
> > >> Even more the reason to opt out of that whole mess though  
> >  
> > > Hi,  
> >  
> > > How is that of any relevance to Alpine Linux project?  
> >  
> > > Cheers, Jakub  

Re: Fixing shell script libraries like /lib/libalpine.sh 3 months ago

From Natanael Copa to ~alpine/devel

On Thu, 30 Jun 2022 02:16:49 -0400
"Daniel F. Dickinson" <dfdpublic@wildtechgarden.ca> wrote:

> Hello,
> 
> I've noticed some issues with the Alpine shell script libraries (one
> example below)[1]
> 
> I'm new to Alpine but not to Linux, *BSD, or (way back) Ultrix, and have
> not (yet) dug into the Alpine code base and infrastructure. (Although I
> have my 'notes-to-self' documentation[2] that I intend (RSN...) to
> integrate into the Wiki and have published on my website).
> 
> My questions with respect to the issues mentioned are:

Re: Security problem in how you manage users in package installations 3 months ago

From Natanael Copa to ~alpine/devel

On Wed, 22 Jun 2022 14:14:59 +0200
Paul Zillmann <p.zillmann@h6g.de> wrote:

> Hello Markus,
> 
> I've read thru the entire conversation - the problem you are drawing 
> isn't one.
> 
> 1. The passwd calls have an adduser call right above them, creating a 
> system user with that name.
> That fails if the user already exists and would return a non-zero return 
> code. Thereby the package installation fails.

That is actually not true.
[message trimmed]

Re: Security problem in how you manage users in package installations 3 months ago

From Natanael Copa to ~alpine/devel

On Wed, 22 Jun 2022 03:06:41 +0000
Markus Kolb <alpinelinux+develml@tower-net.de> wrote:

> Am 21. Juni 2022 18:18:39 UTC schrieb Ariadne Conill <ariadne@dereferenced.org>:
> >Hi,
> >
> >On Tue, 21 Jun 2022, Markus Kolb wrote:
> >  
> >> Am 19.06.2022 19:23, schrieb Jakub Jirutka:  
> >>>> There is the possibility to allow an unintended (remote) login
> >>>> or local privilege expansion by unlocking users in apk-executed
> >>>> scripts.  
...