Packages

A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.

With latest iceweasel-uxp, I can’t connect to some HTTPS websites :

For example :

https://pkgs.fedoraproject.org/ is an example

SEC_ERROR_UNKNOWN_ISSUER

Description:

• add new package

Additional info:

• https://github.com/coturn/coturn

Steps to reproduce:

• none

Description:

• add GNU MediaGoblin package

Additional info:

• none

Steps to reproduce:

• none

The aarch64-linux-gnu-linux-api-headers package from [community] compiles using the blobbed Linux kernel source[0], at Parabola it has been replaced with aarch64-linux-gnu-linux-libre-api-headers[1], since this issue is exactly the same as with linux-api-headers.

The solution is to simply compile using Linux-libre sources.

[0] https://git.archlinux.org/svntogit/community.git/plain/aarch64-linux-gnu-linux-api-headers/trunk/PKGBUILD

[1] https://git.parabola.nu/abslibre.git/commit/?id=acaa4ba9c0bc77deb6b77e4dad815f66c673d662

Add init file to load kernel modules in system configuration

Examples:

/etc/modules.conf
----
btrfs

/etc/modules.d/*.conf
----

/etc/modules.d/nouveau.conf
----
nouveau

/etc/init.d/modules
----
#!/usr/bin/openrc-run
command="/usr/bin/modprobe"
command_args="$(cat /etc/modules.{,d/*}conf)"

/etc/runlevels/boot/modules

Add init file to load sysctl configuration files

Examples:

/etc/init.d/sysctl
----
#!/usr/bin/openrc-run
command="/usr/bin/sysctl"
command_args="--system"
----
/etc/runlevels/boot/sysctl

Description:

Update package to 0.4.2 backport version

Note: Is needed by GIMP 2.10.2 backport or update [gegl] to 0.3.34
      Update the [babl] package
      https://issues.hyperbola.info/index.php?do=details&task_id=1051
      https://issues.hyperbola.info/index.php?do=details&task_id=1052
      https://issues.hyperbola.info/index.php?do=details&task_id=1054

Additional info:

gegl 0.3.26-2.hyperbola1

$ pacman -Si gegl
Repository      : extra
Name            : gegl
Version         : 0.3.26-2.hyperbola1
Description     : Graph based image processing framework
Architecture    : x86_64
URL             : http://www.gegl.org/
Licenses        : GPL3  LGPL3
Groups          : None
Provides        : None
Depends On      : babl  libspiro  json-glib
Optional Deps   : libraw: raw plugin
                  openexr: openexr plugin
                  ffmpeg: ffmpeg plugin
                  suitesparse: matting-levin plugin
                  librsvg: svg plugin
                  jasper: jasper plugin
                  libtiff: tiff plugin
                  lua: lua plugin
                  lensfun: lens-correct plugin
Conflicts With  : gegl02
Replaces        : gegl02
Download Size   : 1347.15 KiB
Installed Size  : 6823.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Sun 31 Dec 2017 05:37:41 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

none

Description:

Update package to 2.10.2 backport version

Note: Needs [gegl] 0.4.2 and [babl] 0.1.50
      or update [gegl] 0.3.34 only
      Update the [babl] package
      https://issues.hyperbola.info/index.php?do=details&task_id=1051
      https://issues.hyperbola.info/index.php?do=details&task_id=1052
      https://issues.hyperbola.info/index.php?do=details&task_id=1053

Additional info:

gimp 2.8.22-1.hyperbola1

Repository      : extra
Name            : gimp
Version         : 2.8.22-1.hyperbola1
Description     : GNU Image Manipulation Program, with gegl and libxslt support
Architecture    : x86_64
URL             : https://www.gimp.org/
Licenses        : GPL  LGPL
Groups          : None
Provides        : None
Depends On      : pygtk  lcms  libxpm  libwmf  libxmu  librsvg  libmng  dbus-glib  libexif  gegl  jasper  desktop-file-utils  hicolor-icon-theme  babl  openexr
                  libgudev
Optional Deps   : gutenprint: for sophisticated printing only as gimp has built-in cups print support
                  poppler-glib: for pdf support
                  alsa-lib: for MIDI event controller module
                  curl: for URI support
                  ghostscript: for postscript support
Conflicts With  : gimp-devel
Replaces        : None
Download Size   : 12.12 MiB
Installed Size  : 67.73 MiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Sun 31 Dec 2017 08:42:46 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

none

Description:

• The Arch version of Erlang (headless version) from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : erlang-nox
Version         : 19.3-3
Description     : General-purpose concurrent functional programming language developed by Ericsson (headless version)
Architecture    : x86_64
URL             : http://www.erlang.org/
Licenses        : Apache
Groups          : None
Provides        : None
Depends On      : ncurses  openssl
Optional Deps   : erlang-unixodbc: database support
                  java-environment: for Java support
                  lksctp-tools: for SCTP support
Conflicts With  : erlang
Replaces        : None
Download Size   : 39.01 MiB
Installed Size  : 106.73 MiB
Packager        : Jan de Groot <jgc@archlinux.org>
Build Date      : Fri 28 Apr 2017 08:44:33 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/epmd.service is owned by erlang-nox 19.3-3
/usr/lib/systemd/system/epmd.socket is owned by erlang-nox 19.3-3

Steps to reproduce:

• Install package.

Description:

• needs OpenRC init script and contains systemd files

Additional info:

• dovecot 2.2.29.1-1

dovecot /usr/lib/systemd/system/dovecot.service
dovecot /usr/lib/systemd/system/dovecot.socket
dovecot /usr/lib/tmpfiles.d/dovecot.conf

Steps to reproduce:

• none

Description:

• needs OpenRC init script

Additional info:

• onioncat 0.2.2.r578-1

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd files

Additional info:

• prosody 1:0.10.r7198+.2fd20f372cb1+-2

prosody /usr/lib/systemd/system/prosody.service
prosody /usr/lib/sysusers.d/prosody.conf
prosody /usr/lib/tmpfiles.d/prosody.conf

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd files

Additional info:

• unrealircd 4.0.11-2

unrealircd /usr/lib/systemd/system/unrealircd.service
unrealircd /usr/lib/tmpfiles.d/unrealircd.conf

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd file

Additional info:

• mcelog 1:148-1

mcelog /usr/lib/systemd/system/mcelog.service

Steps to reproduce:

• none

Description:

• needs OpenRC init scripts (hg serve and chg server), like [git] (git-daemon) and [subversion] (svnserve)

Additional info:

• mercurial 4.2-1

Note: needs a provide: hg

Steps to reproduce:

• none

$ pacman -Si cmake-fedora
Repository : community
Name : cmake-fedora
Version : 2.7.1-3
Description : CMake helper modules for fedora developers
Architecture : any
URL : https://pagure.io/cmake-fedora Licenses : custom:BSD
Groups : None
Provides : None
Depends On : cmake
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 90.94 KiB
Installed Size : 422.00 KiB
Packager : Felix Yan felixonmars@archlinux.org Build Date : Mon 17 Apr 2017 06:39:49 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

pacman -Qi phpldapadmin
Name : phpldapadmin
Version : 1.2.3-8
Description : A PHP and hence web-based tool to administrate LDAP over

                the WWW

Architecture : any
URL : http://phpldapadmin.sourceforge.net/ Licenses : GPL Groups : None
Provides : None
Depends On : libldap php php-ldap
Optional Deps : None
Required By : None
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 3.03 MiB
Packager : Sergej Pupykin <pupykin.s+arch@gmail.com>
Build Date : Thu 02 Feb 2017 06:04:00 PM CET
Install Date : Tue 10 Jul 2018 10:52:31 AM CEST
Install Reason : Explicitly installed
Install Script : No
Validated By : Signature

Description:

Since Hyperbola follows the Init Freedom Campaign, systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)

community/backuppc 4.1.2-1 [installed]

   Enterprise-grade system for backing up Linux, Windows and MacOS PCs

* config and/or log files etc.

Additional info:

Steps to reproduce: install it

Description:

• Add Linux-libre kernel adapted for servers:
  • Disable "Loadable kernel modules"
  • Adapt config for servers

Additional info:

• none.

Steps to reproduce:

• none.

Description:
Quoted from https://bugs.launchpad.net/ubuntu/+source/python-acme/+bug/1777205 Bug #1777205 reported by Brad Warren on 2018-06-16

[Impact]

Without this fix, on June 19, the library will start to fail when using Let’s Encrypt’s new ACMEv2 endpoint. We should avoid breaking this for users.

[Test Case]

On June 19, try to use Let’s Encrypt’s new ACMEv2 endpoint; it will error out, as described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866

[Regression Potential]

If the endpoint changes again, this will need another update, but the only potential regression I see is server-side, which needs patches on our end to adjust (like in this case).

[Original Bug Description]

I am the upstream maintainer of python-acme. This bug only affects python-acme in Ubuntu 18.04.

Starting on June 19th, this library will start failing when used with Let’s Encrypt’s new ACMEv2 endpoint. This is because the library does not recognize the changes described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 and will error out when it sees them.

To fix this, python-acme either needs to be upgraded to 0.25.1 (which came out two days ago) or the one line patch that originally landed upstream at https://github.com/certbot/certbot/commit/5940ee92ab5c9a9f05f7067974f6e15c9fa3205a applied. I think the latter is the safer option.

Please let me know what I can do to help get this resolved.

Additional info:
Solution is to upgrade the following packages

* certbot 0.23.0-1.hyperbola1.backports1
* python-acme 0.23.0-1.backports1

and any other that depends on certbot=0.23.0 and/or python-acme=0.23.0 (like the certbot plugins)

The other option is to patch certbot, as described in the launchpad’s issue

Steps to reproduce:

1) Install certbot
2) try anything related to the certificates (certonly, renew)
3) You may get an error like this:

Obtaining a new certificate
An unexpected error occurred:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 280, in fields_from_json
    fields[slot] = field.decode(value)
  File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 88, in decode
    return self.fdec(value)
  File "/usr/lib/python3.6/site-packages/acme/messages.py", line 123, in from_json
    '{0} not recognized'.format(cls.__name__))
josepy.errors.DeserializationError: Deserialization error: Status not recognized

During handling of the above exception, another exception occurred:

josepy.errors.DeserializationError: Deserialization error: Could not decode 'status' ('ready'): Deserialization error: Status not recognized
Please see the logfiles in /var/log/letsencrypt for more details.

Some addons are currently broken with latest iceweasel-uxp (iceweasel-uxp 52.9.20190926-1)

DownThemAll
Save to Wayback Machine
Self-Destructing Cookies
(and probably others)

g4jc suggested to drop PGO as it could be the culprit.

https://forums.hyperbola.info/viewtopic.php?pid=1149#p1149

Regarding addons, I'm fairly certain flipping the switch on PGO (which makes the browser faster at the expense of wrecking code) is the culprit. We were warned not to use it, and this is planned to be rolled back.

However, Hyperbot has to be scheduled to rebuild the packages and I do not set it's schedule. Will advise.

Description:

Ath9k wifi device not working, possibly bad compilation or issues with gcc

Additional info:
* package version(s)

- gcc-8.4.0-2
- ath9k-htc-firmware-1.4.0-8

* config and/or log files etc.

[    8.302952] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[    8.303011] usbcore: registered new interface driver ath9k_htc
[    8.303067] usb 1-1: Direct firmware load for ath9k_htc/htc_9271-1.4.0.fw failed with error -2
[    8.303073] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[    8.623141] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51008
[    9.683657] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[    9.683672] ath9k_htc: Failed to initialize the device

Steps to reproduce:

- Add wifi device with ath9k firmware, for example: TL-WN722N
- pacman -S ath9k-htc-firmware

References:

- https://bugzilla.kernel.org/show_bug.cgi?id=208251

Remove “gnome-mplayer”, “gecko-mediaplayer” and “gmtk” are unsecured/abandonware packages(released in 2014)
“gecko-mediaplayer” uses deprecated/unsecured NPAPI[0] and XULRunner[1][2] apis

$ pacman -Si gnome-mplayer
Repository : community
Name : gnome-mplayer
Version : 1.0.9-4
Description : A simple MPlayer GUI.
Architecture : x86_64
URL : https://sites.google.com/site/kdekorte2/gnomemplayer Licenses : GPL Groups : None
Provides : None
Depends On : mplayer dbus-glib libnotify gmtk
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 343.29 KiB
Installed Size : 1461.00 KiB
Packager : Balló György <ballogyor+arch@gmail.com>
Build Date : Sun 22 Jan 2017 04:45:38 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ pacman -Si gecko-mediaplayer
Repository : community
Name : gecko-mediaplayer
Version : 1.0.9-3
Description : Browser plugin that uses gnome-mplayer to play media in a web browser.
Architecture : x86_64
URL : https://sites.google.com/site/kdekorte2/gecko-mediaplayer Licenses : GPL Groups : None
Provides : None
Depends On : gnome-mplayer>=1.0.9 dbus-glib gmtk curl
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 80.92 KiB
Installed Size : 598.00 KiB
Packager : Balló György <ballogyor+arch@gmail.com>
Build Date : Sun 22 Jan 2017 04:36:31 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ pacman -Si gmtk
Repository : community
Name : gmtk
Version : 1.0.9-3
Description : Common functions for gnome-mplayer and gecko-mediaplayer.
Architecture : x86_64
URL : https://sites.google.com/site/kdekorte2/gmtk Licenses : GPL Groups : None
Provides : None
Depends On : glib2 gtk3 dconf
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 73.85 KiB
Installed Size : 246.00 KiB
Packager : Balló György <ballogyor+arch@gmail.com>
Build Date : Sun 22 Jan 2017 04:50:49 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner

Remove “libFreeWRLplugin.so”, uses deprecated/unsecure NPAPI[0] and XULRunner[1][2] apis

$ pacman -Si freewrl
Repository : community
Name : freewrl
Version : 1:2.3.3-1
Description : VRML viewer
Architecture : x86_64
URL : http://freewrl.sourceforge.net/ Licenses : GPL Groups : None
Provides : None
Depends On : java-runtime libxaw glew freeglut curl freetype2 imlib2 sox unzip imagemagick libxml2 ttf-bitstream-vera lesstif js185 glu openal

                freealut

Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 583.49 KiB
Installed Size : 2060.00 KiB
Packager : Sergej Pupykin <pupykin.s+arch@gmail.com>
Build Date : Mon 19 Dec 2016 10:31:49 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ sudo pacman -Ql freewrl
freewrl /usr/
freewrl /usr/bin/
freewrl /usr/bin/freewrl
freewrl /usr/bin/freewrl_msg
freewrl /usr/bin/freewrl_snd
freewrl /usr/include/
freewrl /usr/include/FreeWRLEAI/
freewrl /usr/include/FreeWRLEAI/EAIHeaders.h
freewrl /usr/include/FreeWRLEAI/EAI_C.h
freewrl /usr/include/FreeWRLEAI/GeneratedHeaders.h
freewrl /usr/include/FreeWRLEAI/X3DNode.h
freewrl /usr/include/libFreeWRL.h
freewrl /usr/lib/
freewrl /usr/lib/libFreeWRL.so
freewrl /usr/lib/libFreeWRL.so.2
freewrl /usr/lib/libFreeWRL.so.2.3.3
freewrl /usr/lib/libFreeWRLEAI.so
freewrl /usr/lib/libFreeWRLEAI.so.2
freewrl /usr/lib/libFreeWRLEAI.so.2.3.3
freewrl /usr/lib/mozilla/
freewrl /usr/lib/mozilla/plugins/
freewrl /usr/lib/mozilla/plugins/libFreeWRLplugin.so
freewrl /usr/lib/pkgconfig/
freewrl /usr/lib/pkgconfig/libFreeWRL.pc
freewrl /usr/lib/pkgconfig/libFreeWRLEAI.pc
freewrl /usr/share/
freewrl /usr/share/applications/
freewrl /usr/share/applications/freewrl.desktop
freewrl /usr/share/man/
freewrl /usr/share/man/man1/
freewrl /usr/share/man/man1/freewrl.1.gz
freewrl /usr/share/pixmaps/
freewrl /usr/share/pixmaps/freewrl.png

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner