Packages

Description:

• replace deprecated Python 2 to Tauthon for Canis Major

Additional info:

• python 2.7.14-2.hyperbola1
• Python 2.7 is the end of the Python 2 line of development. [0]
• There never will be an official Python 2.8 release.

Steps to reproduce:

• Broken python2 packages.

Description:
Since the update to 0.3.9 (or the update of girara to 0.2.9), zathura-pdf-poppler returns the following error:

error: Could not load plugin '/usr/lib/zathura/ps.so' (libgirara-gtk3.so.2: cannot open shared object file: No such file or directory).

Description:

• Segmentation fault after start by terminal emulator but elinks does not crash in console. After that, it prints characters when mouse buttons pressed so it can not copy its output.

Additional info:
* package version(s)

• links 2.14-2
• elinks 0.13-18

* config and/or log files etc.

• gdb output for links 2.16:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4295e43 in strchrnul () from /usr/lib/libc.so.6

• gdb output for elinks 0.13-18:

[New Thread 0x7ffff4dfb700 (LWP 8393)]
Thread 1 "elinks" received signal SIGSEGV, Segmentation fault.
0x00007ffff5fa3e43 in strchrnul () from /usr/lib/libc.so.6

Steps to reproduce:

• Run links and elinks by terminal emulator

I converted a gif file to webp using gif2webp. The file plays back using vwebp but stops playing back after a few seconds when run in Iceweasel-UXP.

Here is a file you can test (made from Sintel):
https://coinsh.red/p/sintel.webp

Description:

Apache web server shall be running with or without the external network, and without NetworkManager.

rc-service httpd start

will give the message that NetworkManager must be started first, and will not start apache web server. I cannot find in which file is that written.

Steps to reproduce:

1. Disconnect network. Start computer.

2. Try to start apache with above command.

That makes no sense, as Apache can run on local network without NetworkManager and it is not written in the description.

Description:

• Fix package name to emacs-headless that is the correct name for packages without graphical user interface support. nox suffix is incorrect because Hyperbola supports Wayland too, not only X.Org.

Additional info:
* package version(s)

• 25.2-1

* config and/or log files etc.

Steps to reproduce:

• None

Description:

• Remove Schrödinger in Hyperbola because it’s unmaintained and unsupportable. [0] [1]

• Note: It requires [ffmpeg], [ffmpeg2.8] and [gst-plugins-bad] rebuilding

Additional info:

• schroedinger 1.0.11-3

$ pacman -Si schroedinger
Repository      : extra
Name            : schroedinger
Version         : 1.0.11-3
Description     : An implemenation of the Dirac video codec in ANSI C code
Architecture    : x86_64
URL             : https://launchpad.net/schroedinger
Licenses        : GPL2  LGPL2.1  MPL  MIT
Groups          : None
Provides        : None
Depends On      : orc  gcc-libs
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 331.64 KiB
Installed Size  : 1676.00 KiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Sat 05 Dec 2015 12:28:01 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

• Contains security holes.

Description:

• In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

Additional info:
* package version(s)

• 2.2.6-1.hyperbola1

* config and/or log files etc.

• None

Steps to reproduce:

• Run VLC

Description:

• VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Additional info:
* package version(s)

• 2.2.6-1.hyperbola1

* config and/or log files etc.

• None

Steps to reproduce:

• Run VLC

Octopi 0.9.0 is uploading system logs to ptpb.pw without confirmation through :

Tools
→ SysInfo → ptpb.pw

I think it should be either disabled or add at least a patch to ask for a confirmation.
An other way could be to patch this :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
256:  return ptpb;

to :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **https://ptpb.pw/", tempFile->fileName());
256:  return ptpb;

This way, you can at least ask for log deletion with the help of log uuid as explained here : https://ptpb.pw/#id10

Description:
As stated on the home page of the project (https://qtpass.org/):
<quote>
All passwords generated with QtPass’ built-in password generator prior to 1.2.1 are possibly predictable and enumerable by hackers.
</quote>

Description:

Nginx web server shall be running with or without the external network, and without NetworkManager.

rc-service nginx start

Additional info:

$ pacman -Si nginx
Repositorio               : extra
Nombre                    : nginx
Versión                   : 1.12.2-2.hyperbola4
Descripción               : Lightweight HTTP server and IMAP/POP3 proxy server, with logger recommendation and OpenRC support
Arquitectura              : x86_64
URL                       : https://nginx.org
Licencias                 : custom
Grupos                    : Nada
Provee                    : Nada
Depende de                : pcre  zlib  openssl  geoip
Dependencias opcionales   : logger: message logging support
En conflicto con          : nginx-mainline
Remplaza a                : nginx-mainline
Tamaño de la descarga     : 478,89 KiB
Tamaño de la instalación  : 1598,00 KiB
Encargado                 : André Silva <emulatorman@hyperbola.info>
Fecha de creación         : lun 11 jun 2018 18:20:12 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

$ pacman -Ql nginx
nginx /etc/
nginx /etc/conf.d/
nginx /etc/conf.d/nginx
nginx /etc/init.d/
nginx /etc/init.d/nginx
nginx /etc/logrotate.d/
nginx /etc/logrotate.d/nginx
nginx /etc/nginx/
nginx /etc/nginx/fastcgi.conf
nginx /etc/nginx/fastcgi_params
nginx /etc/nginx/koi-utf
nginx /etc/nginx/koi-win
nginx /etc/nginx/mime.types
nginx /etc/nginx/nginx.conf
nginx /etc/nginx/scgi_params
nginx /etc/nginx/uwsgi_params
nginx /etc/nginx/win-utf
nginx /usr/
nginx /usr/bin/
nginx /usr/bin/nginx
nginx /usr/share/
nginx /usr/share/licenses/
nginx /usr/share/licenses/nginx/
nginx /usr/share/licenses/nginx/LICENSE
nginx /usr/share/man/
nginx /usr/share/man/man8/
nginx /usr/share/man/man8/nginx.8.gz
nginx /usr/share/nginx/
nginx /usr/share/nginx/html/
nginx /usr/share/nginx/html/50x.html
nginx /usr/share/nginx/html/index.html
nginx /usr/share/vim/
nginx /usr/share/vim/vimfiles/
nginx /usr/share/vim/vimfiles/ftdetect/
nginx /usr/share/vim/vimfiles/ftdetect/nginx.vim
nginx /usr/share/vim/vimfiles/indent/
nginx /usr/share/vim/vimfiles/indent/nginx.vim
nginx /usr/share/vim/vimfiles/syntax/
nginx /usr/share/vim/vimfiles/syntax/nginx.vim
nginx /var/
nginx /var/lib/
nginx /var/lib/nginx/
nginx /var/lib/nginx/proxy/
nginx /var/log/
nginx /var/log/nginx/

Steps to reproduce:

1. Disconnect network. Start computer.

2. Try to start nginx with above command.

When running QtEmu for the first time and running the new machine wizard, the software lists non-free operating systems and refers to GNU/Linux as Linux.

It would be nice to list LibertyBSD in the list of distros in this software in addition to GNU/Linux and GNU/Hurd (which are listed in aqemu).

Description:

• The filesystem package contains systemd files (/etc/profile.d/locale.sh and /usr/share/factory/) and references in /usr/share/man/man7/hyperbola.7.gz

Additional info:
* package version(s)
* config and/or log files etc.

• Proposal patch to fix the Hyperbola basic configuration man page:

diff --git hyperbola.7.txt hyperbola.7.txt.new
index 842e532..927cf6a 100644
--- hyperbola.7.txt
+++ hyperbola.7.txt.new
@@ -24,14 +24,12 @@ To view available services, use 'rc-status --all'.
 
 HOSTNAME[[H]]
 -------------
-The hostname of the machine can be set using 'hostnamectl set-hostname <hostname>'.
+The hostname of the machine can be set using 'hostname <hostname>' or 'sysctl -w kernel.hostname=<hostname>'.
 It will then be written to /etc/hostname.
 
 LOCALIZATION[[L]]
 -----------------
 Various locales may be enabled in /etc/locale.gen and are generated by 'locale-gen'.
-The system-wide locale to be used can be configured in /etc/locale.conf.
-These settings can be overridden on a per-user basis by keeping a user-specific locale.conf in $HOME/.config/locale.conf.
 The user-specific file will take precedence if it exists.
 
 VIRTUAL CONSOLE[[V]]
@@ -72,15 +70,16 @@ Syslinux is configured in /boot/syslinux/syslinux.cfg.
 MODULES[[M]]
 ------------
 Most modules should be loaded on-demand.
-Modules to be unconditionally loaded at boot can be specified in /etc/modules-load.d/,
+Modules to be unconditionally loaded at boot can be specified in /etc/conf.d/modules,
 and modules to be blacklisted from automatically loading can be configured in /etc/modprobe.d/.
 
 SEE ALSO
 --------
 
-*hostname*(5), *locale.conf*(5), *timezone*(3), *hwclock*(8),
-*fstab*(5), *crypttab*(5), *mkinitcpio*(8), *pacman*(8), *pacman.conf*(5),
-*grub-mkconfig*(8), *syslinux*(1), *modules-load.d*(5), *modprobe.d*(5)
+*hostname*(5), *timezone*(3), *hwclock*(8),
+*fstab*(5), *cryptsetup*(8), *mkinitcpio*(8), *pacman*(8), *pacman.conf*(5),
+*grub-mkconfig*(8), *syslinux*(1), *modprobe.d*(5),
+*openrc*(8), *rc-service*(8), *rc-status*(8), *rc-update*(8)
 
 AUTHORS
 -------

Steps to reproduce:

* Run:

~ man hyperbola

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Description:

A memory leak bug was discovered in Toxcore that can be triggered remotely to exhaust one’s system memory, resulting in a denial of service attack... As a general reminder, if you are still using irungentoo’s toxcore, we strongly encourage you to switch to using TokTok c-toxcore instead as it’s a lot more actively developed and maintained. In fact, irungentoo’s toxcore is neither being developed nor maintained for some time now, aside from merging only the most critical fixes from TokTok c-toxcore from time to time, missing all other important fixes.

Additional info:
* package version(s): < 2.8

https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/

Description:
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authentciate
without any credentials.

Additional info:
* package version(s) : extra/libssh 0.7.5-1

CVE

Description:
Changelog

2.4.46 is fixing a huge quantity of issues (TLS related & memory leak)

Additional info:
* package version(s) : 2.4.44

Description:

Common use case is to have a reverse proxy managing the certificates from let’s encrypt.
If a backend server (behind the reverse proxy) needs to use SSL certificates, this requires to use certbot on the reverse proxy, generate the certificate and to move private key from the reverse proxy to the backend server.

There is another way: sharing NFS drive between servers but this breaks all the security best practices!

Today the “best” way is to SCP the private keys from a the reverse proxy to the backend server, this is not the best way and this needs to be repeated every 3 months before let’s encrypt certificate expires, moving the private key is not a best practice either.

version 0.24 brings a new function --reuse-key to reuse the same private key to renew the certificate, so this private key can stay to the backend server and no need to copy the new private key from the reverse proxy to the backend server because it was not changed during the renew.

Description:

• “consolefont” and “keymap” hooks is adapted to systemd using /etc/vconsole.conf file, those hooks are needed to adapt to [openrc] with /etc/conf.d/consolefont and /etc/conf.d/keymaps

Additional info:

• mkinitcpio 23-1.hyperbola3.1

/usr/lib/initcpio/install/consolefont
---
-        [[ -s /etc/vconsole.conf ]] && . /etc/vconsole.conf
+        [[ -s /etc/conf.d/consolefont ]] && . /etc/conf.d/consolefont

-        if [[ $FONT ]]; then
-            for file in "/usr/share/kbd/consolefonts/$FONT".@(fnt|psf?(u))?(.gz); do
+        if [[ $consolefont ]]; then
+            for file in "/usr/share/kbd/consolefonts/$consolefont".@(fnt|psf?(u))?(.gz); do

-            error "consolefont: requested font not found: \`%s'" "$FONT"
+            error "consolefont: requested font not found: \`%s'" "$consolefont"

-This hook loads consolefont specified in vconsole.conf during early 
-userspace.
+This hook loads consolefont specified in /etc/conf.d/consolefont during 
+early userspace.

/usr/lib/initcpio/install/keymap
---
-        for cfg in /etc/{vconsole,locale}.conf; do
+        for cfg in /etc/{conf.d/keymaps,locale}.conf; do

-        loadkeys -q $uc ${KEYMAP:-us} -b > "$BUILDROOT/keymap.bin"
+        loadkeys -q $uc ${keymap:-us} -b > "$BUILDROOT/keymap.bin"

-This hook loads keymap(s) specified in vconsole.conf during early 
-userspace.
+This hook loads keymap(s) specified in /etc/conf.d/keymaps during 
+early userspace.

Repository      : core
Name            : mkinitcpio
Version         : 23-1.hyperbola3.1
Description     : Modular initramfs image creation utility, with eudev support
Architecture    : any
URL             : https://projects.archlinux.org/mkinitcpio.git/
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : awk  mkinitcpio-busybox>=1.19.4-2  kmod  util-linux>=2.23  libarchive  coreutils  bash  findutils  grep  filesystem>=2011.10-1  gzip  eudev
Optional Deps   : xz: Use lzma or xz compression for the initramfs image
                  bzip2: Use bzip2 compression for the initramfs image
                  lzop: Use lzo compression for the initramfs image
                  lz4: Use lz4 compression for the initramfs image
                  mkinitcpio-nfs-utils: Support for root filesystem on NFS
Conflicts With  : None
Replaces        : None
Download Size   : 38.40 KiB
Installed Size  : 186.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Fri 05 Oct 2018 03:28:32 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

• Use “consolefont” and “keymap” hooks from mkinitcpio

Description:

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

Additional info:
* package version(s)

$ pacman -Si php
Repositorio               : extra
Nombre                    : php
Versión                   : 7.1.4-3.hyperbola3
Descripción               : A general-purpose scripting language that is especially suited to web development, without systemd support
Arquitectura              : x86_64
URL                       : http://www.php.net
Licencias                 : PHP
Grupos                    : Nada
Provee                    : php-ldap=7.1.4
Depende de                : libxml2  curl  libzip  pcre
Dependencias opcionales   : Nada
En conflicto con          : php-ldap
Remplaza a                : php-ldap
Tamaño de la descarga     : 3,02 MiB
Tamaño de la instalación  : 15,94 MiB
Encargado                 : André Silva <emulatorman@hyperbola.info>
Fecha de creación         : mié 27 dic 2017 19:15:03 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

Last update of php be v7.1.x is v7.1.23:

- https://secure.php.net/ChangeLog-7.php#7.1.23

Patch availabble from v7.1.5
https://bugs.php.net/bug.php?id=74544

Steps to reproduce:

- Install php