Packages

Category Task Type Priority Severity Summary Status Progress  desc
StableSecurity IssueVery HighCritical [exim] CVE-2019-10149 Closed
100%
Task Description

Description: There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner.

https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability

https://www.openwall.com/lists/oss-security/2019/06/06/1

AnyFreedom IssueVery HighCritical [supertuxkart] remove nonfree Ubuntu Font Family fonts Closed
100%
Task Description

In version 0.9.3 and 1.0, there are several added and changed (new or existing) features and functions, and fixed bug, crash and other issues.

But the critical part is contains non-libre/free Ubuntu font files over licensing issue, according to the issue: https://github.com/supertuxkart/stk-code/issues/2570

See those two sections in the version history releases for more details: https://github.com/supertuxkart/stk-code/blob/master/CHANGELOG.md

AnyBug ReportVery HighCritical [cups] [cups-filters] ServerBin directory inconsistency Closed
100%
Task Description

As the default path of the ServerBin directory is now /usr/libexec/bin:
1. cups-files.conf should be modified/adapted accordingly.
2. The contents of /usr/lib/cups which is currently owned by cups-filters, cups-pdf foomatic-db-engine and smbclient should be moved to /usr/libexec/cups.

As it is, cups doesn’t work in v0.3.

StableBug ReportVery HighCritical [iceweasel-uxp] Broken addons with latest update Closed
100%
Task Description

Some addons are currently broken with latest iceweasel-uxp (iceweasel-uxp 52.9.20190926-1)

DownThemAll
Save to Wayback Machine
Self-Destructing Cookies
(and probably others)

g4jc suggested to drop PGO as it could be the culprit.

https://forums.hyperbola.info/viewtopic.php?pid=1149#p1149

Regarding addons, I'm fairly certain flipping the switch on PGO (which makes the browser faster at the expense of wrecking code) is the culprit. We were warned not to use it, and this is planned to be rolled back.

However, Hyperbot has to be scheduled to rebuild the packages and I do not set it's schedule. Will advise.
AnyFreedom IssueVery HighCritical [clementine] using non-free services and interfaces Closed
100%
Task Description

The audioplayer clementine uses interfaces for non-free services like Dropbox, Google Drive, OneDrive, Subsonic and VK.com regarding storage and accessing files. So of course the software is licensed under the GPL, therefore Copyleft and free, libre software in the first place, but is also using anti-features with those interfaces to mentioned unfree services later on.

So the proposal would be: Creating a fork with removing those interfaces or otherwise removal of the whole package.

AnyFreedom IssueVery HighCritical [gens] contains nonfree Starscream code Closed
100%
Task Description

Gens contains nonfree Starscream code

$ pacman -Si gens
Repository      : multilib
Name            : gens
Version         : 2.15.5-10
Description     : A Sega Genesis / Sega CD / Sega 32X emulator
Architecture    : x86_64
URL             : http://gens.sourceforge.net
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : lib32-gtk2  lib32-sdl
Optional Deps   : lib32-alsa-plugins: Sound support for PulseAudio
                  lib32-libpulse: Sound support for PulseAudio
Conflicts With  : None
Replaces        : None
Download Size   : 359.08 KiB
Installed Size  : 1948.00 KiB
Packager        : Maxime Gauduin <alucryd@gmail.com>
Build Date      : Wed 21 Aug 2013 03:24:58 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Starscream License:

-----------------------------------------------------------------------------
Starscream 680x0 emulation library                      Custom version S0.26d
Copyright 1997, 1998, 1999 Neill Corlett
Modified by Stéphane Dallongeville
Used for the sub 68000 CPU emulation in Gens.
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
0.  Terms of Use
-----------------------------------------------------------------------------

"Starscream" refers to the following files:
*  STAR.C
*  STARCPU.H
*  CPUDEBUG.C
*  CPUDEBUG.H
*  STARDOC.TXT
*  any object file or executable compiled from the above
*  any source code generated from STAR.C, or object file assembled from such
   code

Starscream may be distributed freely in unmodified form, as long as this
documentation is included.

No money, goods, or services may be charged or solicited for Starscream, or
any emulator or other program which includes Starscream, in whole or in part.
Using Starscream in a shareware or commercial application is forbidden.
Contact Neill Corlett (corlett@elwha.nrrc.ncsu.edu) if you'd like to license
Starscream for commercial use.

Any program which uses Starscream must include the following credit text, in
its documentation or in the program itself:

"Starscream 680x0 emulation library by Neill Corlett
 (corlett@elwha.nrrc.ncsu.edu)"
AnyFreedom IssueVery HighCritical [gens-gs] contains nonfree Starscream code and the Poor ...Closed
100%
Task Description

Gens/GS contains nonfree:
* Starscream code
* The Poorman’s Sega 32x BIOS files (on the source code)

$ pacman -Si gens-gs
Repository      : multilib
Name            : gens-gs
Version         : 2.16.7-6
Description     : An emulator of Sega Genesis, Sega CD and 32X, combining features from various forks of Gens
Architecture    : x86_64
URL             : http://segaretro.org/Gens/GS
Licenses        : GPL
Groups          : None
Provides        : gens
Depends On      : lib32-gtk2  lib32-sdl
Optional Deps   : lib32-alsa-plugins: ALSA sound support
                  lib32-libcanberra: Hide a silly warning
                  lib32-libpulse: PulseAudio sound support
Conflicts With  : gens
Replaces        : None
Download Size   : 2047.36 KiB
Installed Size  : 4815.00 KiB
Packager        : Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
Build Date      : Mon 07 Dec 2015 10:23:49 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Starscream License:

-----------------------------------------------------------------------------
Starscream 680x0 emulation library                      Custom version M0.26d
Copyright 1997, 1998, 1999 Neill Corlett
Modified by Stéphane Dallongeville
Used for the main 68000 CPU emulation in Gens.
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
0.  Terms of Use
-----------------------------------------------------------------------------

"Starscream" refers to the following files:
*  STAR.C
*  STARCPU.H
*  CPUDEBUG.C
*  CPUDEBUG.H
*  STARDOC.TXT
*  any object file or executable compiled from the above
*  any source code generated from STAR.C, or object file assembled from such
   code

Starscream may be distributed freely in unmodified form, as long as this
documentation is included.

No money, goods, or services may be charged or solicited for Starscream, or
any emulator or other program which includes Starscream, in whole or in part.
Using Starscream in a shareware or commercial application is forbidden.
Contact Neill Corlett (corlett@elwha.nrrc.ncsu.edu) if you'd like to license
Starscream for commercial use.

Any program which uses Starscream must include the following credit text, in
its documentation or in the program itself:

"Starscream 680x0 emulation library by Neill Corlett
 (corlett@elwha.nrrc.ncsu.edu)"

The Poorman’s Sega 32x BIOS License:

The Poorman's Sega 32x BIOS files
	By Devster (Joseph Norman)
		http://devster.retrodev.com/

Exclaimer
---------
; Feel free to use this code, recompile the code, redistribute the unmodified code,
; modify it with your own name on it and redistribute it as yours if you
; so wish to do so without getting caught looking stupid, but you may not sell it for
; cash monies, or for in exchange of hot prostitutes, nor include it with any other
; redistributable software packages without consent from DevSter. This code is IS AS,
; which is latin for jibber jabber, to DevSter and the holder of this code, means
; there are no other further attatchments, absolutely no guarantees in it "working",
; comes with no lifetime waranty, et al, and you will gain nothing more than to play
; your super cool Sega Genesis 32X (names reserved to their rightful owners) without
; having to resort to using the actual copyrighted bios files. Let it further be noted
; that the use of the word "code" in this exclaimer refers to both the source code, and
; the pre-compiled code that was distributed.
AnyFreedom IssueVery HighCritical [dgen-sdl] contains nonfree CZ80, dZ80, DrZ80, Multi-Z8 ...Closed
100%
Task Description

DGen/SDL contains nonfree:
* CZ80
* dZ80
* DrZ80
* Multi-Z80
* Musashi v3.3
* Starscream

$ pacman -Si dgen-sdl
Repository      : community
Name            : dgen-sdl
Version         : 1.33-2
Description     : An emulator for Sega Genesis/Mega Drive systems ported to SDL
Architecture    : x86_64
URL             : http://dgen.sourceforge.net
Licenses        : BSD
Groups          : None
Provides        : None
Depends On      : sdl  libgl  libarchive
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 420.95 KiB
Installed Size  : 2000.00 KiB
Packager        : Allan McRae <allan@archlinux.org>
Build Date      : Sun 06 Dec 2015 12:19:03 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

CZ80 License:

************************************************
*                                              *
*     CZ80 (Z80 CPU emulator) version 0.91     *
*          Compiled with Dev-C++               *
*  Copyright 2004-2005 Stéphane Dallongeville  *
*                                              *
************************************************

CZ80 is a Z80 CPU emulator, priorities were given to :
- code size
- speed
- accuracy
- portablity

It supports almost all undocumented opcodes and flags.

The emulator can be freely distribued and used for any non commercial
project as long you don't forget to credit me somewhere :)
If you want some support about the CZ80, you can contact me on
the Gens forum (http://gens.consolemul.com then go to the forum).

dZ80 License:

dZ80 Version 2.0 Source Code

                       Copyright 1996-2002 Mark Incley.

                           E-mail: dz80@inkland.org
                            http://www.inkland.org


Serious Bit
-----------

I have made this source code available so that it may be compiled on platforms
other than MS-DOS and Windows. You may compile it and distribute the resulting
executable only if no monies are charged for it.

      ** YOU ARE NOT ALLOWED TO DISTRIBUTE THIS SOFTWARE COMMERICIALLY **


Not So Serious Bit
------------------

If you make any feature modifications to the dZ80 source code, please let me
know, so that I can make them to my source too. I didn't intend for dZ80 to
grow into an all singing and dancin' disassembler, but, if features are added,
I would like to add them to my base version too.

DrZ80 License:

___________________________________________________________________________

  DrZ80 (c) Copyright 2004 Reesy.   Free for non-commercial use

  Reesy's e-mail: drsms_reesy(atsymbol)yahoo.co.uk
  Replace (atsymbol) with @
  
___________________________________________________________________________

Multi-Z80 License:

Multi-Z80 32 Bit emulator
Copyright 1996, 1997, 1998, 1999, 2000 - Neil Bradley, All rights reserved

			    MZ80 License agreement
			    -----------------------

(MZ80 Refers to both the assembly code emitted by makez80.c and makez80.c
itself)

MZ80 May be distributed in unmodified form to any medium.

MZ80 May not be sold, or sold as a part of a commercial package without
the express written permission of Neil Bradley (neil@synthcom.com). This
includes shareware.

Modified versions of MZ80 may not be publicly redistributed without author
approval (neil@synthcom.com). This includes distributing via a publicly
accessible LAN. You may make your own source modifications and distribute
MZ80 in source or object form, but if you make modifications to MZ80
then it should be noted in the top as a comment in makez80.c.

MZ80 Licensing for commercial applications is available. Please email
neil@synthcom.com for details.

Synthcom Systems, Inc, and Neil Bradley will not be held responsible for
any damage done by the use of MZ80. It is purely "as-is".

If you use MZ80 in a freeware application, credit in the following text:

"Multi-Z80 CPU emulator by Neil Bradley (neil@synthcom.com)"

must accompany the freeware application within the application itself or
in the documentation.

Legal stuff aside:

If you find problems with MZ80, please email the author so they can get
resolved. If you find a bug and fix it, please also email the author so
that those bug fixes can be propogated to the installed base of MZ80
users. If you find performance improvements or problems with MZ80, please
email the author with your changes/suggestions and they will be rolled in
with subsequent releases of MZ80.

The whole idea of this emulator is to have the fastest available 32 bit
Multi-Z80 emulator for the x86, giving maximum performance.

Musashi v3.3 License:

                                    MUSASHI
                                    =======

                                  Version 3.3

             A portable Motorola M680x0 processor emulation engine.
            Copyright 1998-2001 Karl Stenerud.  All rights reserved.

LICENSE AND COPYRIGHT:
---------------------

The Musashi M680x0 emulator is copyright 1998-2001 Karl Stenerud.

The source code included in this archive is provided AS-IS, free for any
non-commercial purpose.

If you build a program using this core, please give credit to the author.

If you wish to use this core in a commercial environment, please contact
the author to discuss commercial licensing.

Starscream License:

-----------------------------------------------------------------------------
Starscream 680x0 emulation library                              version 0.26d
Copyright 1997, 1998, 1999 Neill Corlett
Modified by Stéphane Dallongeville
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
0.  Terms of Use
-----------------------------------------------------------------------------

"Starscream" refers to the following files:
*  STAR.C
*  STARCPU.H
*  CPUDEBUG.C
*  CPUDEBUG.H
*  STARDOC.TXT
*  any object file or executable compiled from the above
*  any source code generated from STAR.C, or object file assembled from such
   code

Starscream may be distributed freely in unmodified form, as long as this
documentation is included.

No money, goods, or services may be charged or solicited for Starscream, or
any emulator or other program which includes Starscream, in whole or in part.
Using Starscream in a shareware or commercial application is forbidden.
Contact Neill Corlett (corlett@elwha.nrrc.ncsu.edu) if you'd like to license
Starscream for commercial use.

Any program which uses Starscream must include the following credit text, in
its documentation or in the program itself:

"Starscream 680x0 emulation library by Neill Corlett
 (corlett@elwha.nrrc.ncsu.edu)"
AnySecurity IssueVery HighCritical [libarchive] CVE-2019-18408 Closed
100%
Task Description

https://www.zdnet.com/article/libarchive-vulnerability-can-lead-to-code-execution-on-linux-freebsd-netbsd/

https://security-tracker.debian.org/tracker/CVE-2019-18408

AnySecurity IssueVery HighCritical [grub2] UEFI SecureBoot vulnerability + multiple flaws  ...Closed
100%
Task Description

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/

https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now

AnyBug ReportVery HighCritical [ath9k-htc-firmware]: not work Closed
100%
Task Description

Description:

Ath9k wifi device not working, possibly bad compilation or issues with gcc

Additional info:
* package version(s)

- gcc-8.4.0-2
- ath9k-htc-firmware-1.4.0-8

* config and/or log files etc.

[    8.302952] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[    8.303011] usbcore: registered new interface driver ath9k_htc
[    8.303067] usb 1-1: Direct firmware load for ath9k_htc/htc_9271-1.4.0.fw failed with error -2
[    8.303073] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[    8.623141] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51008
[    9.683657] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[    9.683672] ath9k_htc: Failed to initialize the device

Steps to reproduce:

- Add wifi device with ath9k firmware, for example: TL-WN722N
- pacman -S ath9k-htc-firmware

References:

- https://bugzilla.kernel.org/show_bug.cgi?id=208251

TestingBug ReportVery HighCritical [Hyperbola GNU/Linux 0.4] QtSSL is not working Closed
100%
Task Description

Description: Tried with new compiled version of mumble no open and secured with SSL-certificate is reachable. Log within console:

qt.network.ssl: QSslSocket: cannot resolve SSL_CTX_set_options
qt.network.ssl: QSslSocket: cannot resolve SSL_session_reused
qt.network.ssl: QSslSocket: cannot resolve SSL_set_options
qt.network.ssl: QSslSocket: cannot resolve BN_is_word
qt.network.ssl: QSslSocket: cannot resolve SSL_in_init

<W>2021-08-23 01:00:18.814 QSslSocket: cannot call unresolved function sk_num

<W>2021-08-23 01:00:20.270 QSslSocket: cannot call unresolved function SSL_CTX_set_options

StableBug ReportVery LowVery Low[spamassassin] has different directory permissions than...Deferred
0%
Task Description

Description:
The /usr/sbin directory in spamassassin has permissions 755
https://git.hyperbola.info:50100/packages/extra.git/tree/spamassassin/PKGBUILD#n88

And ‘filesystem’ sets it to 750
https://git.hyperbola.info:50100/packages/core.git/tree/filesystem/PKGBUILD#n135

So when installing spamassassin, pacman throws a warning

warning: directory permissions differ on /usr/sbin/
filesystem: 750  package: 755

Additional info:
* spamassassin 3.4.2-1.hyperbola2

StableBug ReportVery LowVery Low[postfix] has different directory permissions than 'fil...Deferred
0%
Task Description

Description:
The /usr/sbin directory in postfix has permissions 755
https://git.hyperbola.info:50100/packages/extra.git/tree/postfix/PKGBUILD#n115

And ‘filesystem’ sets it to 750
https://git.hyperbola.info:50100/packages/core.git/tree/filesystem/PKGBUILD#n135

So when installing postfix, pacman throws a warning

warning: directory permissions differ on /usr/sbin/
filesystem: 750  package: 755

Additional info:
* postfix-3.2.2-1.hyperbola6

StableBug ReportVery LowVery Low[fail2ban] update dovecot failregex to support verbose ...Unconfirmed
0%
Task Description

Description:
The /etc/fail2ban/filter.d/dovecot.conf file has a failregex with the following:

^%(__prefix_line)s(?:auth|auth-worker\(\d+\)): (?:pam|passwd-file)\(\S+,<HOST>\): unknown user\s*$

and works with things like:

Month day time hostname dovecot: auth: passwd-file(user@domain.com,IP): unknown user

but with verbosity enabled in Dovecot, this output looks like this:

Month day time hostname dovecot: auth: passwd-file(user@domain.com,IP): unknown user (given password: password)

and in this case it doesn’t work, but it does if we fix the failregex if we replace it with:

^%(__prefix_line)s(?:auth|auth-worker\(\d+\)): (?:pam|passwd-file)\(\S+,<HOST>\): unknown user( \(given password: \S*\))?\s*$

with this new expression, it works with and without verbosity

And regarding postfix, to make it work correctly I “backported” some pieces from newest failregex:

/etc/fail2ban/postfixr-rbl.conf:

^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: [45]54 [45]\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$

/etc/fail2ban/postfix.conf: (second failregex)

^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 45[04] 4\.7\.1 Client host rejected: cannot find your (reverse )?hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$

I can create a patch if you want. Note that I haven’t tested all filters, some others may also need some rework

Additional info:
* fail2ban-0.9.6-2.hyperbola3

AnyBug ReportLowMedium[cryptsetup] when dmcrypt start, the "/" filesystem, m...Assigned
0%
Task Description

When dmcrypt service start, the “/” filesystem is remounted, mtab is updated and bootmisc is recording the login users, by waiting time scheduling:

* root: waiting for dmcrypt (50 seconds)
* root: timed out waiting for dmcrypt
* Remounting root filesystem read/write ...
* Remounting filesystems ...
* mtab: waiting for dmcrypt (50 seconds)
* mtab: timed out waiting for dmcrypt
* Updating /etc/mtab ...
* Creating mtab symbolic link
* bootmisc: waiting to dmcrypt (50 seconds)
* bootmisc: timed out waiting for dmcrypt
* Creating user login records ...

These features on dmcrypt service are useless and these lines print above filesystem passphrase order (the printed line), those ones break printed console and print the pressed keyboard digit when I’m setting up password.
Sometimes this breaks services startup, and I need press “enter” consecutively to allow run the services.

AnyFreedom IssueMediumMedium[filesystem] Review of permissionsUnconfirmed
0%
Task Description

Description: Packages leaves warnings about installation being within difference of the filesystem. So the package filesystem should get another review in time and warnings get therefore a solution.

Showing tasks 1501 - 1517 of 1517 Page 31 of 31

Available keyboard shortcuts

Tasklist

Task Details

Task Editing