|
Any | Bug Report | Very High | Critical | [warsow] the package is not compiled from source | Closed | |
Task Description
The package is not compiled from source
|
|
Any | Security Issue | Very High | Critical | [wesnoth] CVE-2018-1999023 - Code Injection vulnerabili ... | Closed | |
Task Description
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.
https://security-tracker.debian.org/tracker/CVE-2018-1999023
Upstream patch: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318
|
|
Any | Feature Request | Very High | High | [wesnoth] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of Wesnoth from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info: * package version(s) * config and/or log files etc.
Repository : community
Name : wesnoth
Version : 1.12.6-4
Description : A turn-based strategy game on a fantasy world
Architecture : x86_64
URL : http://www.wesnoth.org/
Licenses : GPL
Groups : None
Provides : None
Depends On : sdl_ttf sdl_net sdl_mixer sdl_image fribidi boost-libs pango lua52 wesnoth-data dbus python2
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 4.97 MiB
Installed Size : 22.86 MiB
Packager : Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
Build Date : Mon 02 Jan 2017 07:52:21 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/wesnothd.service is owned by wesnoth 1.12.6-4
/usr/lib/tmpfiles.d/wesnothd.conf is owned by wesnoth 1.12.6-4
Steps to reproduce:
|
|
Any | Security Issue | Very High | Critical | [wget] - GNU Wget Cookie Injection CVE-2018-0494 | Closed | |
Task Description
An external attacker is able to inject arbitrary cookie values cookie jar file, adding new or replacing existing cookie values. http://openwall.com/lists/oss-security/2018/05/06/1
Fixed in GNU Wget 1.19.5 or later.
|
|
Any | Security Issue | Very High | Critical | [wpa_supplicant] vulnerable to KRAK attack | Closed | |
Task Description
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
https://w1.fi/security/2017-1/
Arch just patched: https://www.archlinux.org/packages/core/i686/wpa_supplicant/
|
|
Any | Security Issue | Very High | Critical | [xen] multiple security issues: CVE-2018-10472, CVE-201 ... | Closed | |
Task Description
http://openwall.com/lists/oss-security/2018/04/30/1 http://openwall.com/lists/oss-security/2018/04/30/1 An attacker supplying a crafted CDROM image can read any file (or device node) on the dom0 filesystem with the permissions of the qemu devicemodel process. (The virtual CDROM device is read-only, so no data can be written.)
http://openwall.com/lists/oss-security/2018/04/30/2 A malicious or buggy guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host.
http://openwall.com/lists/oss-security/2018/05/11/1 A malicious unprivileged device model can cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time.
http://openwall.com/lists/oss-security/2018/05/11/2
[critical] A malicious or buggy HVM guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host. Privilege escalation, or information leaks, cannot be excluded.
Patches provided by upstream.
|
|
Any | Freedom Issue | Very High | Critical | [xmind] is probably directing users to proprietary soft ... | Closed | |
Task Description
xmind when installed is showing that “this version is not licensed”, so that cannot be right. Even though there is GPL license on Github, that vague information in the software can and is wrongly understood:
Further it is asking for license key to get the “Pro” version.
Thus xmind is pointing to proprietary software.
That means xmind shall be removed from Hyperbola immediately as such as it is now cannot be in the fully free GNU distribution.
|
|
Stable | Freedom Issue | Very High | Critical | [xorg-fonts-misc] contains non-libre/free Syriac typefa ... | Closed | |
Task Description
A Syriac typeface family series of Beth Mardutho’s Meltho is considered as non-libre/free because a licence forbids to modify[1], and should be removed immediately.
[1]: https://github.com/freedesktop/xorg-misc-meltho/raw/master/license.txt
|
|
Any | Security Issue | Very High | Critical | [xulrunner] unmaintained and unsupportable | Closed | |
Task Description
Remove “xulrunner”[0][1] is unsecure/abandonware package
$ pacman -Si xulrunner Repository : community Name : xulrunner Version : 41.0.2-10 Description : Mozilla Runtime Environment Architecture : x86_64 URL : http://wiki.mozilla.org/XUL:Xul_Runner Licenses : MPL GPL LGPL Groups : None Provides : None Depends On : gtk2 mozilla-common nss>3.18 libxt hunspell startup-notification mime-types dbus-glib libpulse libevent libvpx icu python2 Optional Deps : None Conflicts With : None Replaces : xulrunner-oss Download Size : 47.38 MiB Installed Size : 171.99 MiB Packager : Evangelos Foutras evangelos@foutrelis.com Build Date : Wed 26 Apr 2017 03:10:07 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [1]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [znc] CVE-2018-14055: privilege escalation & CVE-2018-1 ... | Closed | |
Task Description
Severity: high
Versions affected: 1.6.0 through 1.7.0 Potentially, all earlier versions too, but there is no known way to trigger this before 1.6.0
Mitigation: upgrade to 1.7.1
Description: ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate privilege, inject rogue values into znc.conf, and gain shell access.
Upstream patches: https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
—
Severity: medium
Versions affected: 0.045 through 1.7.0
Mitigation: upgrade to 1.7.1, or disable HTTP via `/msg *status AddPort`, `/msg *status DelPort` commands.
Description: ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user can set web skin name to ../ to access files outside of the intended skins directories and to cause DoS.
Upstream patch: https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
|
|
Stable | Bug Report | High | Critical | [gufw] FileNotFoundError: [Errno 2] '/usr/sbin/ufw': ' ... | Closed | |
Task Description
gufw 17.04.1-3
Impossible to start application, error message :
FileNotFoundError: [Errno 2] Aucun fichier ou dossier de ce type: '/usr/sbin/ufw': '/usr/sbin/ufw'
|
|
Testing | Bug Report | High | Critical | Runit errors, | Closed | |
Task Description
/sbin/openrc-run: bad interpreter: No such file or directory
I get this error whenever I try to start dhcpcd with sv /etc/runit/
And for sndiod I get this doing the same guide,
warning: sndiod: unable to open supervise/ok: file does not exist
Although rather ironically, If I type sndiod or dhcpcd into root, it works just fine.
Maybe its an FHS issue or possibly, I am screwing up? I am not sure. Feedback is welcome.
This is what I did:
=⇒ Add a service:
ln -s /etc/sv/<service> /var/service
==> Start/stop/restart a service:
sv <start/stop/restart> <service>
more or less, I used this guide.
|
|
Any | Feature Request | High | High | [3c574-cs-firmware] adapt package in accordance with th ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Feature Request | High | High | [3c589-cs-firmware] adapt package in accordance with th ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Testing | Bug Report | High | Critical | [Hyperbola GNU/Linux-libre 0.4] Installation for syslin ... | Closed | |
Task Description
Description: Configuration file “syslinux.cfg” under /boot/syslinux/ has to be adjusted. Problem with kernel-images loaded and the concurrent booting device is per default configured to /dev/sda3. Kernel-images are named as “linux-libre” not “linux-libre-lts”.
|
|
Testing | Bug Report | High | Critical | [Hyperbola GNU/Linux-libre 0.4] Problems with sndio fai ... | Closed | |
Task Description
There are issues with the current sndio-package as it seems not possible to get this to work with ALSA.
|
|
Any | Feature Request | High | High | [a56] adapt package in accordance with the Hyperbola Pa ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Feature Request | High | High | [acl] adapt package in accordance with the Hyperbola Pa ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Feature Request | High | High | [acpi_call-lts] adapt package in accordance with the Hy ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Feature Request | High | High | [acpi_call-lts] adapt package in accordance with the Hy ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Feature Request | High | High | [aircrack-ng] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si aircrack-ng
Repository : community
Name : aircrack-ng
Version : 1.2rc4-4
Description : Key cracker for the 802.11 WEP and WPA-PSK protocols
Architecture : x86_64
URL : https://www.aircrack-ng.org
Licenses : GPL2
Groups : None
Provides : aircrack-ng-scripts
Depends On : openssl sqlite iw net-tools wireless_tools ethtool
Optional Deps : None
Conflicts With : aircrack-ng-scripts
Replaces : aircrack-ng-scripts
Download Size : 375.88 KiB
Installed Size : 1627.00 KiB
Packager : Jonathan Steel <jsteel@archlinux.org>
Build Date : Mon 27 Mar 2017 04:13:22 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Stable | Bug Report | High | Critical | [alsa-tools] create missing firmware folder since firmw ... | Closed | |
Task Description
### Some context ###
I use hdajackretask on my G41M-ES2L motherboard (Libreboot)
Alsamixer doesn’t offer automute feature so every time I plug my headphones, the sound is playing by my speakers. So to work around this, I use hdajackretask from alsa-tools package.
It allows to install a boot override to solve the issue.
Yesterday, I reinstalled Hyperbola on my system and the boot override because of missing /lib/firmware directory. (Although it was present before, something changed ?)
The error message was (I translate)
/mv: can't move '/tmp/hda-jack-retask-VH3KIZ/hda-jack-retask.fw' to /lib/firmware/hda-jack-retask.fw' No file or folder of this type
So I created a folder “firmware” in /lib/ and copied hda-jack-retask.fw in it.
Then I rebooted, 100% working.
I don’t know if the fix should apply to the PKGBUILD of alsa-tools (to create a /lib/firmware directory) or something else ?
|
|
Any | Feature Request | High | High | [android-tools] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si android-tools
Repository : community
Name : android-tools
Version : 7.1.2_r6-1
Description : Android platform tools
Architecture : x86_64
URL : http://tools.android.com/
Licenses : Apache MIT
Groups : None
Provides : None
Depends On : openssl pcre
Optional Deps : python: for mkbootimg script
Conflicts With : None
Replaces : None
Download Size : 202.90 KiB
Installed Size : 611.00 KiB
Packager : Anatol Pomozov <anatol.pomozov@gmail.com>
Build Date : Mon 24 Apr 2017 11:39:51 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [apache] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si apache
Repository : extra
Name : apache
Version : 2.4.25-2.hyperbola2
Description : A high performance Unix-based HTTP server, with OpenRC support
Architecture : x86_64
URL : https://www.apache.org/dist/httpd
Licenses : APACHE
Groups : None
Provides : None
Depends On : zlib apr-util pcre libnghttp2 openssl
Optional Deps : lua: for mod_lua module
libxml2: for mod_proxy_html, mod_xml2enc modules
lynx: apachectl status
Conflicts With : None
Replaces : None
Download Size : 1436.89 KiB
Installed Size : 5678.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 25 Sep 2017 09:13:27 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [apr-util] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it optdepends and makedepends on openssl.
$ pacman -Si apr-util
Repository : extra
Name : apr-util
Version : 1.5.4-3
Description : The Apache Portable Runtime
Architecture : x86_64
URL : http://apr.apache.org/
Licenses : APACHE
Groups : None
Provides : None
Depends On : apr expat
Optional Deps : gdbm: enable gdbm support
libldap: enable ldap support
unixodbc: enable odbc support
libmariadbclient: enable mysql/mariadb support
postgresql-libs: enable postgres support
db: enable berkley db support
sqlite: enable sqlite support
nss: enable nss crypto support
openssl: enable openssl crypto support
Conflicts With : None
Replaces : None
Download Size : 153.32 KiB
Installed Size : 609.00 KiB
Packager : Jan de Groot <jgc@archlinux.org>
Build Date : Thu 02 Mar 2017 07:29:09 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [arch-audit] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [arch-keyring] adapt package in accordance with the Hyp ... | Closed | |
|
|
Any | Feature Request | High | High | [argon2] adapt package in accordance with the Hyperbola ... | Closed | |
|
|
Any | Feature Request | High | High | [argyllcms] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [arm-unknown-linux-gnueabi-binutils] adapt package in a ... | Closed | |
|
|
Any | Feature Request | High | High | [arm-unknown-linux-gnueabi-gcc] adapt package in accord ... | Closed | |
|
|
Any | Feature Request | High | High | [as31] adapt package in accordance with the Hyperbola P ... | Closed | |
|
|
Any | Feature Request | High | High | [ath9k-htc-firmware] adapt package in accordance with t ... | Closed | |
|
|
Any | Feature Request | High | High | [attr] adapt package in accordance with the Hyperbola P ... | Closed | |
|
|
Any | Feature Request | High | High | [autoconf] adapt package in accordance with the Hyperbo ... | Closed | |
|
|
Any | Feature Request | High | High | [automake] adapt package in accordance with the Hyperbo ... | Closed | |
|
|
Any | Feature Request | High | High | [axel] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [b43-tools] adapt package in accordance with the Hyperb ... | Closed | |
|
|
Any | Feature Request | High | High | [badvpn] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bash] adapt package in accordance with the Hyperbola P ... | Closed | |
|
|
Any | Feature Request | High | High | [bbswitch-dkms-lts] adapt package in accordance with th ... | Closed | |
|
|
Any | Feature Request | High | High | [bbswitch-dkms-lts] adapt package in accordance with th ... | Closed | |
|
|
Any | Feature Request | High | High | [bbswitch-lts] adapt package in accordance with the Hyp ... | Closed | |
|
|
Any | Feature Request | High | High | [bbswitch-lts] adapt package in accordance with the Hyp ... | Closed | |
|
|
Any | Feature Request | High | High | [bigloo] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bind-tools] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bind] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [binutils] adapt package in accordance with the Hyperbo ... | Closed | |
|
|
Any | Feature Request | High | High | [bip] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bison] adapt package in accordance with the Hyperbola ... | Closed | |
|