|
Any | Security Issue | Very High | Critical | [networkmanager] CVE-2018-1111: DHCP client script code ... | Closed | |
Task Description
A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.
|
|
Stable | Security Issue | Very High | Critical | [iceweasel-uxp] Issue with HTTPS websites | Closed | |
Task Description
With latest iceweasel-uxp, I can’t connect to some HTTPS websites :
For example :
https://pkgs.fedoraproject.org/ is an example
SEC_ERROR_UNKNOWN_ISSUER
|
|
Any | Implementation Request | Very High | Medium | [coturn] add new package | Closed | |
Task Description
Description:
Additional info:
Steps to reproduce:
|
|
Any | Implementation Request | Very High | Medium | [mediagoblin] add GNU MediaGoblin package | Closed | |
Task Description
Description:
Additional info:
Steps to reproduce:
|
|
Any | Freedom Issue | Very High | Critical | [aarch64-linux-gnu-linux-api-headers] compiles using b ... | Closed | |
Task Description
The aarch64-linux-gnu-linux-api-headers package from [community] compiles using the blobbed Linux kernel source[0], at Parabola it has been replaced with aarch64-linux-gnu-linux-libre-api-headers[1], since this issue is exactly the same as with linux-api-headers.
The solution is to simply compile using Linux-libre sources.
[0] https://git.archlinux.org/svntogit/community.git/plain/aarch64-linux-gnu-linux-api-headers/trunk/PKGBUILD
[1] https://git.parabola.nu/abslibre.git/commit/?id=acaa4ba9c0bc77deb6b77e4dad815f66c673d662
|
|
Any | Feature Request | Very High | High | [kmod] add init file to load kernel modules from /etc f ... | Closed | |
Task Description
Add init file to load kernel modules in system configuration
Examples:
/etc/modules.conf
----
btrfs
/etc/modules.d/*.conf
----
/etc/modules.d/nouveau.conf
----
nouveau
/etc/init.d/modules
----
#!/usr/bin/openrc-run
command="/usr/bin/modprobe"
command_args="$(cat /etc/modules.{,d/*}conf)"
/etc/runlevels/boot/modules
|
|
Any | Feature Request | Very High | High | [procps-ng] add init file to load sysctl configuration ... | Closed | |
Task Description
Add init file to load sysctl configuration files
Examples:
/etc/init.d/sysctl
----
#!/usr/bin/openrc-run
command="/usr/bin/sysctl"
command_args="--system"
----
/etc/runlevels/boot/sysctl
|
|
Any | Backport Request | Very High | High | [gegl] update package to 0.4.2 backport | Closed | |
Task Description
Description:
Update package to 0.4.2 backport version
Note: Is needed by GIMP 2.10.2 backport or update [gegl] to 0.3.34
Update the [babl] package
https://issues.hyperbola.info/index.php?do=details&task_id=1051
https://issues.hyperbola.info/index.php?do=details&task_id=1052
https://issues.hyperbola.info/index.php?do=details&task_id=1054
Additional info:
gegl 0.3.26-2.hyperbola1
$ pacman -Si gegl
Repository : extra
Name : gegl
Version : 0.3.26-2.hyperbola1
Description : Graph based image processing framework
Architecture : x86_64
URL : http://www.gegl.org/
Licenses : GPL3 LGPL3
Groups : None
Provides : None
Depends On : babl libspiro json-glib
Optional Deps : libraw: raw plugin
openexr: openexr plugin
ffmpeg: ffmpeg plugin
suitesparse: matting-levin plugin
librsvg: svg plugin
jasper: jasper plugin
libtiff: tiff plugin
lua: lua plugin
lensfun: lens-correct plugin
Conflicts With : gegl02
Replaces : gegl02
Download Size : 1347.15 KiB
Installed Size : 6823.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 31 Dec 2017 05:37:41 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
none
|
|
Any | Backport Request | Very High | High | [gimp] update package to 2.10.2 backport | Closed | |
Task Description
Description:
Update package to 2.10.2 backport version
Note: Needs [gegl] 0.4.2 and [babl] 0.1.50
or update [gegl] 0.3.34 only
Update the [babl] package
https://issues.hyperbola.info/index.php?do=details&task_id=1051
https://issues.hyperbola.info/index.php?do=details&task_id=1052
https://issues.hyperbola.info/index.php?do=details&task_id=1053
Additional info:
gimp 2.8.22-1.hyperbola1
Repository : extra
Name : gimp
Version : 2.8.22-1.hyperbola1
Description : GNU Image Manipulation Program, with gegl and libxslt support
Architecture : x86_64
URL : https://www.gimp.org/
Licenses : GPL LGPL
Groups : None
Provides : None
Depends On : pygtk lcms libxpm libwmf libxmu librsvg libmng dbus-glib libexif gegl jasper desktop-file-utils hicolor-icon-theme babl openexr
libgudev
Optional Deps : gutenprint: for sophisticated printing only as gimp has built-in cups print support
poppler-glib: for pdf support
alsa-lib: for MIDI event controller module
curl: for URI support
ghostscript: for postscript support
Conflicts With : gimp-devel
Replaces : None
Download Size : 12.12 MiB
Installed Size : 67.73 MiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 31 Dec 2017 08:42:46 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
none
|
|
Any | Feature Request | Very High | High | [erlang-nox] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of Erlang (headless version) from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info: * package version(s) * config and/or log files etc.
Repository : community
Name : erlang-nox
Version : 19.3-3
Description : General-purpose concurrent functional programming language developed by Ericsson (headless version)
Architecture : x86_64
URL : http://www.erlang.org/
Licenses : Apache
Groups : None
Provides : None
Depends On : ncurses openssl
Optional Deps : erlang-unixodbc: database support
java-environment: for Java support
lksctp-tools: for SCTP support
Conflicts With : erlang
Replaces : None
Download Size : 39.01 MiB
Installed Size : 106.73 MiB
Packager : Jan de Groot <jgc@archlinux.org>
Build Date : Fri 28 Apr 2017 08:44:33 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/epmd.service is owned by erlang-nox 19.3-3
/usr/lib/systemd/system/epmd.socket is owned by erlang-nox 19.3-3
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [dovecot] needs OpenRC init script and contains systemd ... | Closed | |
Task Description
Description:
Additional info:
dovecot /usr/lib/systemd/system/dovecot.service
dovecot /usr/lib/systemd/system/dovecot.socket
dovecot /usr/lib/tmpfiles.d/dovecot.conf
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [onioncat] needs OpenRC init script | Closed | |
Task Description
Description:
Additional info:
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [prosody] needs OpenRC init script and contains systemd ... | Closed | |
Task Description
Description:
Additional info:
prosody /usr/lib/systemd/system/prosody.service
prosody /usr/lib/sysusers.d/prosody.conf
prosody /usr/lib/tmpfiles.d/prosody.conf
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [unrealircd] needs OpenRC init script and contains syst ... | Closed | |
Task Description
Description:
Additional info:
unrealircd /usr/lib/systemd/system/unrealircd.service
unrealircd /usr/lib/tmpfiles.d/unrealircd.conf
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [mcelog] needs OpenRC init script and contains systemd ... | Closed | |
Task Description
Description:
Additional info:
mcelog /usr/lib/systemd/system/mcelog.service
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [mercurial] needs OpenRC init scripts (hg serve and chg ... | Closed | |
Task Description
Description:
Additional info:
Note: needs a provide: hg
Steps to reproduce:
|
|
Any | Freedom Issue | Very High | Critical | [cmake-fedora] useful only for non-FSDG distros | Closed | |
Task Description
$ pacman -Si cmake-fedora Repository : community Name : cmake-fedora Version : 2.7.1-3 Description : CMake helper modules for fedora developers Architecture : any URL : https://pagure.io/cmake-fedora Licenses : custom:BSD Groups : None Provides : None Depends On : cmake Optional Deps : None Conflicts With : None Replaces : None Download Size : 90.94 KiB Installed Size : 422.00 KiB Packager : Felix Yan felixonmars@archlinux.org Build Date : Mon 17 Apr 2017 06:39:49 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | Very High | High | [phpldapadmin] needs OpenRC init script | Closed | |
Task Description
pacman -Qi phpldapadmin Name : phpldapadmin Version : 1.2.3-8 Description : A PHP and hence web-based tool to administrate LDAP over
the WWW
Architecture : any URL : http://phpldapadmin.sourceforge.net/ Licenses : GPL Groups : None Provides : None Depends On : libldap php php-ldap Optional Deps : None Required By : None Optional For : None Conflicts With : None Replaces : None Installed Size : 3.03 MiB Packager : Sergej Pupykin <pupykin.s+arch@gmail.com> Build Date : Thu 02 Feb 2017 06:04:00 PM CET Install Date : Tue 10 Jul 2018 10:52:31 AM CEST Install Reason : Explicitly installed Install Script : No Validated By : Signature
|
|
Any | Feature Request | Very High | High | [backuppc]: contains systemd files | Closed | |
Task Description
Description:
Since Hyperbola follows the Init Freedom Campaign, systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info: * package version(s)
community/backuppc 4.1.2-1 [installed]
Enterprise-grade system for backing up Linux, Windows and MacOS PCs
* config and/or log files etc.
Additional info:
Steps to reproduce: install it
|
|
Any | Implementation Request | Very High | Critical | [linux-libre-lts-server] add "Linux-libre" kernel adapt ... | Closed | |
Task Description
Description:
Additional info:
Steps to reproduce:
|
|
Any | Bug Report | Very High | Critical | [python-acme] to start crashing on June 19th | Closed | |
Task Description
Description: Quoted from https://bugs.launchpad.net/ubuntu/+source/python-acme/+bug/1777205 Bug #1777205 reported by Brad Warren on 2018-06-16
[Impact]
Without this fix, on June 19, the library will start to fail when using Let’s Encrypt’s new ACMEv2 endpoint. We should avoid breaking this for users.
[Test Case]
On June 19, try to use Let’s Encrypt’s new ACMEv2 endpoint; it will error out, as described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866
[Regression Potential]
If the endpoint changes again, this will need another update, but the only potential regression I see is server-side, which needs patches on our end to adjust (like in this case).
[Original Bug Description]
I am the upstream maintainer of python-acme. This bug only affects python-acme in Ubuntu 18.04.
Starting on June 19th, this library will start failing when used with Let’s Encrypt’s new ACMEv2 endpoint. This is because the library does not recognize the changes described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 and will error out when it sees them.
To fix this, python-acme either needs to be upgraded to 0.25.1 (which came out two days ago) or the one line patch that originally landed upstream at https://github.com/certbot/certbot/commit/5940ee92ab5c9a9f05f7067974f6e15c9fa3205a applied. I think the latter is the safer option.
Please let me know what I can do to help get this resolved.
Additional info: Solution is to upgrade the following packages
* certbot 0.23.0-1.hyperbola1.backports1 * python-acme 0.23.0-1.backports1
and any other that depends on certbot=0.23.0 and/or python-acme=0.23.0 (like the certbot plugins)
The other option is to patch certbot, as described in the launchpad’s issue
Steps to reproduce:
1) Install certbot 2) try anything related to the certificates (certonly, renew) 3) You may get an error like this:
Obtaining a new certificate
An unexpected error occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 280, in fields_from_json
fields[slot] = field.decode(value)
File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 88, in decode
return self.fdec(value)
File "/usr/lib/python3.6/site-packages/acme/messages.py", line 123, in from_json
'{0} not recognized'.format(cls.__name__))
josepy.errors.DeserializationError: Deserialization error: Status not recognized
During handling of the above exception, another exception occurred:
josepy.errors.DeserializationError: Deserialization error: Could not decode 'status' ('ready'): Deserialization error: Status not recognized
Please see the logfiles in /var/log/letsencrypt for more details.
|
|
Stable | Bug Report | Very High | Critical | [iceweasel-uxp] Broken addons with latest update | Closed | |
Task Description
Some addons are currently broken with latest iceweasel-uxp (iceweasel-uxp 52.9.20190926-1)
DownThemAll Save to Wayback Machine Self-Destructing Cookies (and probably others)
g4jc suggested to drop PGO as it could be the culprit.
https://forums.hyperbola.info/viewtopic.php?pid=1149#p1149
Regarding addons, I'm fairly certain flipping the switch on PGO (which makes the browser faster at the expense of wrecking code) is the culprit. We were warned not to use it, and this is planned to be rolled back.
However, Hyperbot has to be scheduled to rebuild the packages and I do not set it's schedule. Will advise.
|
|
Any | Bug Report | Very High | Critical | [ath9k-htc-firmware]: not work | Closed | |
Task Description
Description:
Ath9k wifi device not working, possibly bad compilation or issues with gcc
Additional info: * package version(s)
- gcc-8.4.0-2 - ath9k-htc-firmware-1.4.0-8
* config and/or log files etc.
[ 8.302952] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 8.303011] usbcore: registered new interface driver ath9k_htc
[ 8.303067] usb 1-1: Direct firmware load for ath9k_htc/htc_9271-1.4.0.fw failed with error -2
[ 8.303073] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[ 8.623141] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51008
[ 9.683657] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 9.683672] ath9k_htc: Failed to initialize the device
Steps to reproduce:
- Add wifi device with ath9k firmware, for example: TL-WN722N - pacman -S ath9k-htc-firmware
References:
- https://bugzilla.kernel.org/show_bug.cgi?id=208251
|
|
Any | Security Issue | Very High | Critical | [gnome-mplayer] [gecko-mediaplayer] [gmtk] remove unsec ... | Closed | |
Task Description
Remove “gnome-mplayer”, “gecko-mediaplayer” and “gmtk” are unsecured/abandonware packages(released in 2014) “gecko-mediaplayer” uses deprecated/unsecured NPAPI[0] and XULRunner[1][2] apis
$ pacman -Si gnome-mplayer Repository : community Name : gnome-mplayer Version : 1.0.9-4 Description : A simple MPlayer GUI. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gnomemplayer Licenses : GPL Groups : None Provides : None Depends On : mplayer dbus-glib libnotify gmtk Optional Deps : None Conflicts With : None Replaces : None Download Size : 343.29 KiB Installed Size : 1461.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:45:38 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Si gecko-mediaplayer Repository : community Name : gecko-mediaplayer Version : 1.0.9-3 Description : Browser plugin that uses gnome-mplayer to play media in a web browser. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gecko-mediaplayer Licenses : GPL Groups : None Provides : None Depends On : gnome-mplayer>=1.0.9 dbus-glib gmtk curl Optional Deps : None Conflicts With : None Replaces : None Download Size : 80.92 KiB Installed Size : 598.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:36:31 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Si gmtk Repository : community Name : gmtk Version : 1.0.9-3 Description : Common functions for gnome-mplayer and gecko-mediaplayer. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gmtk Licenses : GPL Groups : None Provides : None Depends On : glib2 gtk3 dconf Optional Deps : None Conflicts With : None Replaces : None Download Size : 73.85 KiB Installed Size : 246.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:50:49 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [freewrl] remove unsecure "libFreeWRLplugin.so" | Closed | |
Task Description
Remove “libFreeWRLplugin.so”, uses deprecated/unsecure NPAPI[0] and XULRunner[1][2] apis
$ pacman -Si freewrl Repository : community Name : freewrl Version : 1:2.3.3-1 Description : VRML viewer Architecture : x86_64 URL : http://freewrl.sourceforge.net/ Licenses : GPL Groups : None Provides : None Depends On : java-runtime libxaw glew freeglut curl freetype2 imlib2 sox unzip imagemagick libxml2 ttf-bitstream-vera lesstif js185 glu openal
freealut
Optional Deps : None Conflicts With : None Replaces : None Download Size : 583.49 KiB Installed Size : 2060.00 KiB Packager : Sergej Pupykin <pupykin.s+arch@gmail.com> Build Date : Mon 19 Dec 2016 10:31:49 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ sudo pacman -Ql freewrl freewrl /usr/ freewrl /usr/bin/ freewrl /usr/bin/freewrl freewrl /usr/bin/freewrl_msg freewrl /usr/bin/freewrl_snd freewrl /usr/include/ freewrl /usr/include/FreeWRLEAI/ freewrl /usr/include/FreeWRLEAI/EAIHeaders.h freewrl /usr/include/FreeWRLEAI/EAI_C.h freewrl /usr/include/FreeWRLEAI/GeneratedHeaders.h freewrl /usr/include/FreeWRLEAI/X3DNode.h freewrl /usr/include/libFreeWRL.h freewrl /usr/lib/ freewrl /usr/lib/libFreeWRL.so freewrl /usr/lib/libFreeWRL.so.2 freewrl /usr/lib/libFreeWRL.so.2.3.3 freewrl /usr/lib/libFreeWRLEAI.so freewrl /usr/lib/libFreeWRLEAI.so.2 freewrl /usr/lib/libFreeWRLEAI.so.2.3.3 freewrl /usr/lib/mozilla/ freewrl /usr/lib/mozilla/plugins/ freewrl /usr/lib/mozilla/plugins/libFreeWRLplugin.so freewrl /usr/lib/pkgconfig/ freewrl /usr/lib/pkgconfig/libFreeWRL.pc freewrl /usr/lib/pkgconfig/libFreeWRLEAI.pc freewrl /usr/share/ freewrl /usr/share/applications/ freewrl /usr/share/applications/freewrl.desktop freewrl /usr/share/man/ freewrl /usr/share/man/man1/ freewrl /usr/share/man/man1/freewrl.1.gz freewrl /usr/share/pixmaps/ freewrl /usr/share/pixmaps/freewrl.png
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [xulrunner] unmaintained and unsupportable | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [cataclysm-dda] uses CC BY-SA for software | Closed | |
|
|
Any | Security Issue | Very High | Critical | [midori] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [w3m] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [pam] pam_unix2 is orphaned and dead upstream | Closed | |
|
|
Any | Security Issue | Very High | Critical | [wpa_supplicant] vulnerable to KRAK attack | Closed | |
|
|
Any | Security Issue | Very High | Critical | [dillo] enable IPv6, SSL/TLS and threaded DNS support | Closed | |
|
|
Testing | Privacy Issue | Very High | Critical | [abiword] remove AltaVista's Babel Fish translator supp ... | Closed | |
|
|
Any | Feature Request | Very High | High | [linux-libre-*] add missing installed kernel configurat ... | Closed | |
|
|
Any | Privacy Issue | Very High | Critical | [libreoffice*] contains Google API keys | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [aarch64-linux-gnu-linux-api-headers] compiles using b ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [linux-libre-lts*] Meltdown & Spectre Vulnerability | Closed | |
|
|
Any | Security Issue | Very High | Critical | [libressl] add package as OpenSSL replacement and defau ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [electrum] JSONRPC vulnerability | Closed | |
|
|
Any | Privacy Issue | Very High | Critical | [openrc] Google in init.d and conf.d configuration (ne ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [mupdf] multiple security issues | Closed | |
|
|
Any | Replace Request | Very High | Critical | [dnscrypt-proxy] update package to 2.x following backpo ... | Closed | |
|
|
Any | Replace Request | Very High | Critical | [kernel-firmware] split out firmware projects from linu ... | Closed | |
|
|
Any | Feature Request | Very High | High | [kmod] when dummy.ko is loaded, dummy0 interface is loa ... | Closed | |
|
|
Any | Bug Report | Very High | Low | [filesystem] the hyperbola manual (/usr/share/man/man7/ ... | Closed | |
|
|
Any | Update Request | Very High | Critical | [certbot] update package to support ACMEv2 and Wildcard | Closed | |
|
|
Any | Bug Report | Very High | Critical | [warsow] the package is not compiled from source | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [warsow-data] the package contains nonfree assets (CC B ... | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [torcs-data] contains nonfree car models | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [vdrift-data] contains nonfree car and track models | Closed | |
|