2026-04-02 14:18:08 I just emailed an awall security bug to security@lists.alpinelinux.org, but it was rejected. Was hoping to keep it private and not on a public mailing list 2026-04-02 14:19:06 anthumchris: security@alpinelinux.org 2026-04-02 14:19:21 thanks, will resend 2026-04-02 14:19:42 You can also create a confidential issue directly in the awall project 2026-04-02 14:29:00 done — thanks ikke 2026-04-02 14:30:02 Oh, I had created it for you as well :D 2026-04-02 14:30:08 I'll close that one 2026-04-03 07:38:15 https://lists.gnu.org/archive/html/info-gnu/2025-12/msg00006.html 2026-04-03 07:39:36 does that make the inetutils-syslogd 2.7 upgrade worthy of being called a security upgrade and should patches/upgrades be backported to stable releases? 2026-04-03 07:39:57 !95357 2026-04-04 03:57:47 "love" your enemies "sanction" your allies - emmy awards to us,uk,russia 2026-04-09 10:17:45 !100429 2026-04-09 10:18:01 https://cryptography.io/en/46.0.7/changelog/ 2026-04-09 10:18:30 should we backport upgrades or patches to stable branches? 2026-04-09 10:30:26 Both 45.0.0 and 46.0.0 have backwards incompatible changes 2026-04-09 10:33:14 So I suppose patching if possible 2026-04-09 10:36:28 4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context 2026-04-09 10:37:53 not all the backwards incompatible changes are relevant, like dropping python 3.7 support, but yeah 2026-04-09 10:41:59 Yeah, not those, but others are 2026-04-09 19:22:28 hi all, apologies if this has been discussed already, but there's a patch for musl that fixes potential remote DoS attacks against services using musl's iconv() function: https://mastodon.social/@musl@treehouse.systems/116338660226165501 2026-04-09 19:23:17 i'm happy to open and test a MR myself, but with it being such a core package, and me being inexperienced with packaging in alpine, i figure i should ask at least 2026-04-09 19:54:09 MRs are always welcome and then someone will decide if it can be merged 2026-04-09 19:54:30 and this is the right channel for the topic 2026-04-09 20:18:53 bdprom: well, seems like achill went ahead and did that =) 2026-04-09 20:33:36 ah nice :3 2026-04-09 22:49:20 ideas on !98913 and !98982 ? 2026-04-09 22:49:31 failing tests on x86* 2026-04-09 22:58:08 let's see with !100484 !100486 2026-04-09 22:58:32 (cherry-picked from the others) 2026-04-09 23:41:42 MASTER THE ART OF HACKING 🕹ī¸... (full message at ) 2026-04-10 06:58:49 x86_64 OOMs it seems, perhaps 32-bit needs more RAM as well? 2026-04-10 07:04:04 I doubt that it's the changes in 3.12.13 vs 3.12.12 causing this: https://github.com/python/cpython/compare/v3.12.12...v3.12.13 2026-04-10 21:35:41 is irc dead now? 2026-04-10 21:40:14 havent used irc since about 1998 2026-04-11 12:24:49 !100576 !100577 !100578 2026-04-11 12:27:27 these are bigger version jumps (from 2.76, 2.71 and 2.70), would just want some extra eyes to assess there are no regressions 2026-04-11 15:03:24 the armv7 bus error is interesting. I wonder why that happens 2026-04-11 15:03:32 thanks for following up those! 2026-04-11 15:10:54 ncopa: tests are disabled on armv7 from 3.22 and onwards, I added that part to the 3.21 and 3.20 MRs 2026-04-11 15:19:42 oh.. ok 2026-04-11 15:20:11 we should probably fix it? 2026-04-11 16:34:58 I'm curious wether this is just an armv7 CI issue and, regardless, why 2026-04-15 18:48:09 ncopa: !100827 2026-04-16 03:52:39 CVE-2026-2219 should not affect our dpkg since we didn't enable libzstd support. do i still need to mention this CVE in APKBUILD? 2026-04-16 04:37:13 qaqland: We can mention it under version 0 2026-04-20 04:32:32 hi