|
Any | Replace Request | High | Critical | [python2] replace deprecated Python 2 to Tauthon | Closed | |
Task Description
Description:
replace deprecated Python 2 to Tauthon for Canis Major
Additional info:
Steps to reproduce:
|
|
Any | Bug Report | High | Critical | [zathura-ps] needs to be recompiled | Closed | |
Task Description
Description: Since the update to 0.3.9 (or the update of girara to 0.2.9), zathura-pdf-poppler returns the following error:
error: Could not load plugin '/usr/lib/zathura/ps.so' (libgirara-gtk3.so.2: cannot open shared object file: No such file or directory).
|
|
Any | Bug Report | High | Critical | [links][elinks] segmentation fault after start by termi ... | Closed | |
Task Description
Description:
Additional info: * package version(s)
links 2.14-2
elinks 0.13-18
* config and/or log files etc.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4295e43 in strchrnul () from /usr/lib/libc.so.6
[New Thread 0x7ffff4dfb700 (LWP 8393)]
Thread 1 "elinks" received signal SIGSEGV, Segmentation fault.
0x00007ffff5fa3e43 in strchrnul () from /usr/lib/libc.so.6
Steps to reproduce:
|
|
Any | Bug Report | Medium | Medium | [iceweasel-uxp] animated webp files stop playing after ... | Closed | |
Task Description
I converted a gif file to webp using gif2webp. The file plays back using vwebp but stops playing back after a few seconds when run in Iceweasel-UXP.
Here is a file you can test (made from Sintel): https://coinsh.red/p/sintel.webp
|
|
Any | Bug Report | Very Low | Critical | [apache]: cannot start if NetworkManager is not started | Closed | |
Task Description
Description:
Apache web server shall be running with or without the external network, and without NetworkManager.
rc-service httpd start
will give the message that NetworkManager must be started first, and will not start apache web server. I cannot find in which file is that written.
Steps to reproduce:
1. Disconnect network. Start computer.
2. Try to start apache with above command.
That makes no sense, as Apache can run on local network without NetworkManager and it is not written in the description.
|
|
Any | Bug Report | Low | Low | [emacs-nox] uses "nox" suffix | Closed | |
Task Description
Description:
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Any | Security Issue | Very High | Critical | [schroedinger] unmaintained and unsupportable | Closed | |
Task Description
Description:
Remove Schrödinger in Hyperbola because it’s unmaintained and unsupportable. [0] [1]
Additional info:
$ pacman -Si schroedinger
Repository : extra
Name : schroedinger
Version : 1.0.11-3
Description : An implemenation of the Dirac video codec in ANSI C code
Architecture : x86_64
URL : https://launchpad.net/schroedinger
Licenses : GPL2 LGPL2.1 MPL MIT
Groups : None
Provides : None
Depends On : orc gcc-libs
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 331.64 KiB
Installed Size : 1676.00 KiB
Packager : Evangelos Foutras <evangelos@foutrelis.com>
Build Date : Sat 05 Dec 2015 12:28:01 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Security Issue | Very High | Critical | [vlc] CVE-2017-17670 | Closed | |
Task Description
Description:
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Any | Security Issue | Very High | Critical | [vlc] CVE-2018-11529 | Closed | |
Task Description
Description:
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Any | Security Issue | High | Critical | [octopi] uploads system logs to ptpb.pw without confirm ... | Closed | |
Task Description
Octopi 0.9.0 is uploading system logs to ptpb.pw without confirmation through :
Tools → SysInfo → ptpb.pw
I think it should be either disabled or add at least a patch to ask for a confirmation. An other way could be to patch this :
src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255: QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
256: return ptpb;
to :
src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255: QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **https://ptpb.pw/", tempFile->fileName());
256: return ptpb;
This way, you can at least ask for log deletion with the help of log uuid as explained here : https://ptpb.pw/#id10
|
|
Any | Security Issue | Very High | Critical | [qtpass] Insecure Password Generation prior to 1.2.1 | Closed | |
Task Description
Description: As stated on the home page of the project (https://qtpass.org/): <quote> All passwords generated with QtPass’ built-in password generator prior to 1.2.1 are possibly predictable and enumerable by hackers. </quote>
|
|
Any | Bug Report | Very Low | High | [nginx]: cannot start if NetworkManager is not started | Closed | |
Task Description
Description:
Nginx web server shall be running with or without the external network, and without NetworkManager.
rc-service nginx start
Additional info:
$ pacman -Si nginx
Repositorio : extra
Nombre : nginx
Versión : 1.12.2-2.hyperbola4
Descripción : Lightweight HTTP server and IMAP/POP3 proxy server, with logger recommendation and OpenRC support
Arquitectura : x86_64
URL : https://nginx.org
Licencias : custom
Grupos : Nada
Provee : Nada
Depende de : pcre zlib openssl geoip
Dependencias opcionales : logger: message logging support
En conflicto con : nginx-mainline
Remplaza a : nginx-mainline
Tamaño de la descarga : 478,89 KiB
Tamaño de la instalación : 1598,00 KiB
Encargado : André Silva <emulatorman@hyperbola.info>
Fecha de creación : lun 11 jun 2018 18:20:12 -05
Validado por : Suma MD5 Suma SHA-256 Firma
$ pacman -Ql nginx
nginx /etc/
nginx /etc/conf.d/
nginx /etc/conf.d/nginx
nginx /etc/init.d/
nginx /etc/init.d/nginx
nginx /etc/logrotate.d/
nginx /etc/logrotate.d/nginx
nginx /etc/nginx/
nginx /etc/nginx/fastcgi.conf
nginx /etc/nginx/fastcgi_params
nginx /etc/nginx/koi-utf
nginx /etc/nginx/koi-win
nginx /etc/nginx/mime.types
nginx /etc/nginx/nginx.conf
nginx /etc/nginx/scgi_params
nginx /etc/nginx/uwsgi_params
nginx /etc/nginx/win-utf
nginx /usr/
nginx /usr/bin/
nginx /usr/bin/nginx
nginx /usr/share/
nginx /usr/share/licenses/
nginx /usr/share/licenses/nginx/
nginx /usr/share/licenses/nginx/LICENSE
nginx /usr/share/man/
nginx /usr/share/man/man8/
nginx /usr/share/man/man8/nginx.8.gz
nginx /usr/share/nginx/
nginx /usr/share/nginx/html/
nginx /usr/share/nginx/html/50x.html
nginx /usr/share/nginx/html/index.html
nginx /usr/share/vim/
nginx /usr/share/vim/vimfiles/
nginx /usr/share/vim/vimfiles/ftdetect/
nginx /usr/share/vim/vimfiles/ftdetect/nginx.vim
nginx /usr/share/vim/vimfiles/indent/
nginx /usr/share/vim/vimfiles/indent/nginx.vim
nginx /usr/share/vim/vimfiles/syntax/
nginx /usr/share/vim/vimfiles/syntax/nginx.vim
nginx /var/
nginx /var/lib/
nginx /var/lib/nginx/
nginx /var/lib/nginx/proxy/
nginx /var/log/
nginx /var/log/nginx/
Steps to reproduce:
1. Disconnect network. Start computer.
2. Try to start nginx with above command.
|
|
Any | Freedom Issue | Very High | Critical | [qtemu] package recommends installing non-free OSes | Closed | |
Task Description
When running QtEmu for the first time and running the new machine wizard, the software lists non-free operating systems and refers to GNU/Linux as Linux.
It would be nice to list LibertyBSD in the list of distros in this software in addition to GNU/Linux and GNU/Hurd (which are listed in aqemu).
|
|
Any | Bug Report | High | High | [filesystem] contains systemd references and files | Closed | |
Task Description
Description:
Additional info: * package version(s) * config and/or log files etc.
diff --git hyperbola.7.txt hyperbola.7.txt.new
index 842e532..927cf6a 100644
--- hyperbola.7.txt
+++ hyperbola.7.txt.new
@@ -24,14 +24,12 @@ To view available services, use 'rc-status --all'.
HOSTNAME[[H]]
-------------
-The hostname of the machine can be set using 'hostnamectl set-hostname <hostname>'.
+The hostname of the machine can be set using 'hostname <hostname>' or 'sysctl -w kernel.hostname=<hostname>'.
It will then be written to /etc/hostname.
LOCALIZATION[[L]]
-----------------
Various locales may be enabled in /etc/locale.gen and are generated by 'locale-gen'.
-The system-wide locale to be used can be configured in /etc/locale.conf.
-These settings can be overridden on a per-user basis by keeping a user-specific locale.conf in $HOME/.config/locale.conf.
The user-specific file will take precedence if it exists.
VIRTUAL CONSOLE[[V]]
@@ -72,15 +70,16 @@ Syslinux is configured in /boot/syslinux/syslinux.cfg.
MODULES[[M]]
------------
Most modules should be loaded on-demand.
-Modules to be unconditionally loaded at boot can be specified in /etc/modules-load.d/,
+Modules to be unconditionally loaded at boot can be specified in /etc/conf.d/modules,
and modules to be blacklisted from automatically loading can be configured in /etc/modprobe.d/.
SEE ALSO
--------
-*hostname*(5), *locale.conf*(5), *timezone*(3), *hwclock*(8),
-*fstab*(5), *crypttab*(5), *mkinitcpio*(8), *pacman*(8), *pacman.conf*(5),
-*grub-mkconfig*(8), *syslinux*(1), *modules-load.d*(5), *modprobe.d*(5)
+*hostname*(5), *timezone*(3), *hwclock*(8),
+*fstab*(5), *cryptsetup*(8), *mkinitcpio*(8), *pacman*(8), *pacman.conf*(5),
+*grub-mkconfig*(8), *syslinux*(1), *modprobe.d*(5),
+*openrc*(8), *rc-service*(8), *rc-status*(8), *rc-update*(8)
AUTHORS
-------
Steps to reproduce:
* Run:
~ man hyperbola
|
|
Any | Feature Request | High | High | [acpi_call-lts] adapt package in accordance with the Hy ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Feature Request | High | High | [bbswitch-lts] adapt package in accordance with the Hyp ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Feature Request | High | High | [bbswitch-dkms-lts] adapt package in accordance with th ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Feature Request | High | High | [tp_smapi-lts] adapt package in accordance with the Hyp ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Feature Request | High | High | [vhba-module-lts] adapt package in accordance with the ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Security Issue | Very High | Critical | [toxcore] Memory leak - Remote DDoS vunerability | Closed | |
Task Description
Description:
A memory leak bug was discovered in Toxcore that can be triggered remotely to exhaust one’s system memory, resulting in a denial of service attack... As a general reminder, if you are still using irungentoo’s toxcore, we strongly encourage you to switch to using TokTok c-toxcore instead as it’s a lot more actively developed and maintained. In fact, irungentoo’s toxcore is neither being developed nor maintained for some time now, aside from merging only the most critical fixes from TokTok c-toxcore from time to time, missing all other important fixes.
Additional info: * package version(s): < 2.8
https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/
|
|
Any | Security Issue | Very High | Critical | [libssh] CVE-2018-10933 | Closed | |
Task Description
Description: libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.
Additional info: * package version(s) : extra/libssh 0.7.5-1
CVE
|
|
Any | Security Issue | Very High | Critical | [openldap] 2.4.44 multiple security issues | Closed | |
Task Description
Description: Changelog
2.4.46 is fixing a huge quantity of issues (TLS related & memory leak)
Additional info: * package version(s) : 2.4.44
|
|
Any | Security Issue | High | High | [certbot] version 0.23 is not giving the option to keep ... | Closed | |
Task Description
Description:
Common use case is to have a reverse proxy managing the certificates from let’s encrypt. If a backend server (behind the reverse proxy) needs to use SSL certificates, this requires to use certbot on the reverse proxy, generate the certificate and to move private key from the reverse proxy to the backend server.
There is another way: sharing NFS drive between servers but this breaks all the security best practices!
Today the “best” way is to SCP the private keys from a the reverse proxy to the backend server, this is not the best way and this needs to be repeated every 3 months before let’s encrypt certificate expires, moving the private key is not a best practice either.
version 0.24 brings a new function --reuse-key to reuse the same private key to renew the certificate, so this private key can stay to the backend server and no need to copy the new private key from the reverse proxy to the backend server because it was not changed during the renew.
|
|
Any | Bug Report | Very High | High | [mkinitcpio] consolefont and keymap hooks is adapted to ... | Closed | |
Task Description
Description:
Additional info:
/usr/lib/initcpio/install/consolefont
---
- [[ -s /etc/vconsole.conf ]] && . /etc/vconsole.conf
+ [[ -s /etc/conf.d/consolefont ]] && . /etc/conf.d/consolefont
- if [[ $FONT ]]; then
- for file in "/usr/share/kbd/consolefonts/$FONT".@(fnt|psf?(u))?(.gz); do
+ if [[ $consolefont ]]; then
+ for file in "/usr/share/kbd/consolefonts/$consolefont".@(fnt|psf?(u))?(.gz); do
- error "consolefont: requested font not found: \`%s'" "$FONT"
+ error "consolefont: requested font not found: \`%s'" "$consolefont"
-This hook loads consolefont specified in vconsole.conf during early
-userspace.
+This hook loads consolefont specified in /etc/conf.d/consolefont during
+early userspace.
/usr/lib/initcpio/install/keymap
---
- for cfg in /etc/{vconsole,locale}.conf; do
+ for cfg in /etc/{conf.d/keymaps,locale}.conf; do
- loadkeys -q $uc ${KEYMAP:-us} -b > "$BUILDROOT/keymap.bin"
+ loadkeys -q $uc ${keymap:-us} -b > "$BUILDROOT/keymap.bin"
-This hook loads keymap(s) specified in vconsole.conf during early
-userspace.
+This hook loads keymap(s) specified in /etc/conf.d/keymaps during
+early userspace.
Repository : core
Name : mkinitcpio
Version : 23-1.hyperbola3.1
Description : Modular initramfs image creation utility, with eudev support
Architecture : any
URL : https://projects.archlinux.org/mkinitcpio.git/
Licenses : GPL
Groups : None
Provides : None
Depends On : awk mkinitcpio-busybox>=1.19.4-2 kmod util-linux>=2.23 libarchive coreutils bash findutils grep filesystem>=2011.10-1 gzip eudev
Optional Deps : xz: Use lzma or xz compression for the initramfs image
bzip2: Use bzip2 compression for the initramfs image
lzop: Use lzo compression for the initramfs image
lz4: Use lz4 compression for the initramfs image
mkinitcpio-nfs-utils: Support for root filesystem on NFS
Conflicts With : None
Replaces : None
Download Size : 38.40 KiB
Installed Size : 186.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Fri 05 Oct 2018 03:28:32 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Security Issue | Very High | Critical | [php] CVE-2017-9120 | Closed | |
Task Description
Description:
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
Additional info: * package version(s)
$ pacman -Si php
Repositorio : extra
Nombre : php
Versión : 7.1.4-3.hyperbola3
Descripción : A general-purpose scripting language that is especially suited to web development, without systemd support
Arquitectura : x86_64
URL : http://www.php.net
Licencias : PHP
Grupos : Nada
Provee : php-ldap=7.1.4
Depende de : libxml2 curl libzip pcre
Dependencias opcionales : Nada
En conflicto con : php-ldap
Remplaza a : php-ldap
Tamaño de la descarga : 3,02 MiB
Tamaño de la instalación : 15,94 MiB
Encargado : André Silva <emulatorman@hyperbola.info>
Fecha de creación : mié 27 dic 2017 19:15:03 -05
Validado por : Suma MD5 Suma SHA-256 Firma
* config and/or log files etc.
Last update of php be v7.1.x is v7.1.23:
- https://secure.php.net/ChangeLog-7.php#7.1.23
Patch availabble from v7.1.5 https://bugs.php.net/bug.php?id=74544
Steps to reproduce:
- Install php
|
|
Any | Feature Request | High | High | [lib32-glibc] adapt package in accordance with the Hype ... | Closed | |
|
|
Any | Feature Request | High | High | [gcc-multilib] adapt package in accordance with the Hyp ... | Closed | |
|
|
Any | Feature Request | High | High | [gcc-libs-multilib] adapt package in accordance with th ... | Closed | |
|
|
Any | Feature Request | High | High | [lib32-gcc-libs] adapt package in accordance with the H ... | Closed | |
|
|
Any | Feature Request | High | High | [gcc-fortran-multilib] adapt package in accordance with ... | Closed | |
|
|
Any | Feature Request | High | High | [gcc-objc-multilib] adapt package in accordance with th ... | Closed | |
|
|
Any | Feature Request | High | High | [gcc-ada-multilib] adapt package in accordance with the ... | Closed | |
|
|
Any | Feature Request | High | High | [gcc-go-multilib] adapt package in accordance with the ... | Closed | |
|
|
Any | Feature Request | High | High | [quilt] adapt package in accordance with the Hyperbola ... | Closed | |
|
|
Any | Feature Request | High | High | [arm-unknown-linux-gnueabi-binutils] adapt package in a ... | Closed | |
|
|
Any | Feature Request | High | High | [arm-unknown-linux-gnueabi-gcc] adapt package in accord ... | Closed | |
|
|
Any | Feature Request | High | High | [sh-unknown-elf-binutils] adapt package in accordance w ... | Closed | |
|
|
Any | Feature Request | High | High | [sh-unknown-elf-gcc] adapt package in accordance with t ... | Closed | |
|
|
Any | Feature Request | High | High | [sh-unknown-elf-newlib] adapt package in accordance wit ... | Closed | |
|
|
Any | Feature Request | High | High | [dsp56k-lts-firmware] adapt package in accordance with ... | Closed | |
|
|
Any | Feature Request | High | High | [ihex2fw-lts] adapt package in accordance with the Hype ... | Closed | |
|
|
Any | Feature Request | High | High | [isci-lts-firmware] adapt package in accordance with th ... | Closed | |
|
|
Any | Feature Request | High | High | [keyspan-pda-lts-firmware] adapt package in accordance ... | Closed | |
|
|
Any | Feature Request | High | High | [usbduxd-lts-firmware] adapt package in accordance with ... | Closed | |
|
|
Any | Feature Request | High | High | [usbduxfast-lts-firmware] adapt package in accordance w ... | Closed | |
|
|
Any | Feature Request | High | High | [usbduxsigma-lts-firmware] adapt package in accordance ... | Closed | |
|
|
Any | Feature Request | High | High | [3c574-cs-firmware] adapt package in accordance with th ... | Closed | |
|
|
Any | Feature Request | High | High | [3c589-cs-firmware] adapt package in accordance with th ... | Closed | |
|
|
Any | Feature Request | High | High | [cis-tools] adapt package in accordance with the Hyperb ... | Closed | |
|
|
Any | Feature Request | High | High | [pcnet-cs-firmware] adapt package in accordance with th ... | Closed | |
|