Packages

Gens contains nonfree Starscream code

$ pacman -Si gens
Repository      : multilib
Name            : gens
Version         : 2.15.5-10
Description     : A Sega Genesis / Sega CD / Sega 32X emulator
Architecture    : x86_64
URL             : http://gens.sourceforge.net
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : lib32-gtk2  lib32-sdl
Optional Deps   : lib32-alsa-plugins: Sound support for PulseAudio
                  lib32-libpulse: Sound support for PulseAudio
Conflicts With  : None
Replaces        : None
Download Size   : 359.08 KiB
Installed Size  : 1948.00 KiB
Packager        : Maxime Gauduin <alucryd@gmail.com>
Build Date      : Wed 21 Aug 2013 03:24:58 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Starscream License:

-----------------------------------------------------------------------------
Starscream 680x0 emulation library                      Custom version S0.26d
Copyright 1997, 1998, 1999 Neill Corlett
Modified by Stéphane Dallongeville
Used for the sub 68000 CPU emulation in Gens.
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
0.  Terms of Use
-----------------------------------------------------------------------------

"Starscream" refers to the following files:
*  STAR.C
*  STARCPU.H
*  CPUDEBUG.C
*  CPUDEBUG.H
*  STARDOC.TXT
*  any object file or executable compiled from the above
*  any source code generated from STAR.C, or object file assembled from such
   code

Starscream may be distributed freely in unmodified form, as long as this
documentation is included.

No money, goods, or services may be charged or solicited for Starscream, or
any emulator or other program which includes Starscream, in whole or in part.
Using Starscream in a shareware or commercial application is forbidden.
Contact Neill Corlett (corlett@elwha.nrrc.ncsu.edu) if you'd like to license
Starscream for commercial use.

Any program which uses Starscream must include the following credit text, in
its documentation or in the program itself:

"Starscream 680x0 emulation library by Neill Corlett
 (corlett@elwha.nrrc.ncsu.edu)"

Gens/GS contains nonfree:
* Starscream code
* The Poorman’s Sega 32x BIOS files (on the source code)

$ pacman -Si gens-gs
Repository      : multilib
Name            : gens-gs
Version         : 2.16.7-6
Description     : An emulator of Sega Genesis, Sega CD and 32X, combining features from various forks of Gens
Architecture    : x86_64
URL             : http://segaretro.org/Gens/GS
Licenses        : GPL
Groups          : None
Provides        : gens
Depends On      : lib32-gtk2  lib32-sdl
Optional Deps   : lib32-alsa-plugins: ALSA sound support
                  lib32-libcanberra: Hide a silly warning
                  lib32-libpulse: PulseAudio sound support
Conflicts With  : gens
Replaces        : None
Download Size   : 2047.36 KiB
Installed Size  : 4815.00 KiB
Packager        : Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
Build Date      : Mon 07 Dec 2015 10:23:49 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Starscream License:

-----------------------------------------------------------------------------
Starscream 680x0 emulation library                      Custom version M0.26d
Copyright 1997, 1998, 1999 Neill Corlett
Modified by Stéphane Dallongeville
Used for the main 68000 CPU emulation in Gens.
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
0.  Terms of Use
-----------------------------------------------------------------------------

"Starscream" refers to the following files:
*  STAR.C
*  STARCPU.H
*  CPUDEBUG.C
*  CPUDEBUG.H
*  STARDOC.TXT
*  any object file or executable compiled from the above
*  any source code generated from STAR.C, or object file assembled from such
   code

Starscream may be distributed freely in unmodified form, as long as this
documentation is included.

No money, goods, or services may be charged or solicited for Starscream, or
any emulator or other program which includes Starscream, in whole or in part.
Using Starscream in a shareware or commercial application is forbidden.
Contact Neill Corlett (corlett@elwha.nrrc.ncsu.edu) if you'd like to license
Starscream for commercial use.

Any program which uses Starscream must include the following credit text, in
its documentation or in the program itself:

"Starscream 680x0 emulation library by Neill Corlett
 (corlett@elwha.nrrc.ncsu.edu)"

The Poorman’s Sega 32x BIOS License:

The Poorman's Sega 32x BIOS files
	By Devster (Joseph Norman)
		http://devster.retrodev.com/

Exclaimer
---------
; Feel free to use this code, recompile the code, redistribute the unmodified code,
; modify it with your own name on it and redistribute it as yours if you
; so wish to do so without getting caught looking stupid, but you may not sell it for
; cash monies, or for in exchange of hot prostitutes, nor include it with any other
; redistributable software packages without consent from DevSter. This code is IS AS,
; which is latin for jibber jabber, to DevSter and the holder of this code, means
; there are no other further attatchments, absolutely no guarantees in it "working",
; comes with no lifetime waranty, et al, and you will gain nothing more than to play
; your super cool Sega Genesis 32X (names reserved to their rightful owners) without
; having to resort to using the actual copyrighted bios files. Let it further be noted
; that the use of the word "code" in this exclaimer refers to both the source code, and
; the pre-compiled code that was distributed.

DGen/SDL contains nonfree:
* CZ80
* dZ80
* DrZ80
* Multi-Z80
* Musashi v3.3
* Starscream

$ pacman -Si dgen-sdl
Repository      : community
Name            : dgen-sdl
Version         : 1.33-2
Description     : An emulator for Sega Genesis/Mega Drive systems ported to SDL
Architecture    : x86_64
URL             : http://dgen.sourceforge.net
Licenses        : BSD
Groups          : None
Provides        : None
Depends On      : sdl  libgl  libarchive
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 420.95 KiB
Installed Size  : 2000.00 KiB
Packager        : Allan McRae <allan@archlinux.org>
Build Date      : Sun 06 Dec 2015 12:19:03 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

CZ80 License:

************************************************
*                                              *
*     CZ80 (Z80 CPU emulator) version 0.91     *
*          Compiled with Dev-C++               *
*  Copyright 2004-2005 Stéphane Dallongeville  *
*                                              *
************************************************

CZ80 is a Z80 CPU emulator, priorities were given to :
- code size
- speed
- accuracy
- portablity

It supports almost all undocumented opcodes and flags.

The emulator can be freely distribued and used for any non commercial
project as long you don't forget to credit me somewhere :)
If you want some support about the CZ80, you can contact me on
the Gens forum (http://gens.consolemul.com then go to the forum).

dZ80 License:

dZ80 Version 2.0 Source Code

                       Copyright 1996-2002 Mark Incley.

                           E-mail: dz80@inkland.org
                            http://www.inkland.org


Serious Bit
-----------

I have made this source code available so that it may be compiled on platforms
other than MS-DOS and Windows. You may compile it and distribute the resulting
executable only if no monies are charged for it.

      ** YOU ARE NOT ALLOWED TO DISTRIBUTE THIS SOFTWARE COMMERICIALLY **


Not So Serious Bit
------------------

If you make any feature modifications to the dZ80 source code, please let me
know, so that I can make them to my source too. I didn't intend for dZ80 to
grow into an all singing and dancin' disassembler, but, if features are added,
I would like to add them to my base version too.

DrZ80 License:

___________________________________________________________________________

  DrZ80 (c) Copyright 2004 Reesy.   Free for non-commercial use

  Reesy's e-mail: drsms_reesy(atsymbol)yahoo.co.uk
  Replace (atsymbol) with @
  
___________________________________________________________________________

Multi-Z80 License:

Multi-Z80 32 Bit emulator
Copyright 1996, 1997, 1998, 1999, 2000 - Neil Bradley, All rights reserved

			    MZ80 License agreement
			    -----------------------

(MZ80 Refers to both the assembly code emitted by makez80.c and makez80.c
itself)

MZ80 May be distributed in unmodified form to any medium.

MZ80 May not be sold, or sold as a part of a commercial package without
the express written permission of Neil Bradley (neil@synthcom.com). This
includes shareware.

Modified versions of MZ80 may not be publicly redistributed without author
approval (neil@synthcom.com). This includes distributing via a publicly
accessible LAN. You may make your own source modifications and distribute
MZ80 in source or object form, but if you make modifications to MZ80
then it should be noted in the top as a comment in makez80.c.

MZ80 Licensing for commercial applications is available. Please email
neil@synthcom.com for details.

Synthcom Systems, Inc, and Neil Bradley will not be held responsible for
any damage done by the use of MZ80. It is purely "as-is".

If you use MZ80 in a freeware application, credit in the following text:

"Multi-Z80 CPU emulator by Neil Bradley (neil@synthcom.com)"

must accompany the freeware application within the application itself or
in the documentation.

Legal stuff aside:

If you find problems with MZ80, please email the author so they can get
resolved. If you find a bug and fix it, please also email the author so
that those bug fixes can be propogated to the installed base of MZ80
users. If you find performance improvements or problems with MZ80, please
email the author with your changes/suggestions and they will be rolled in
with subsequent releases of MZ80.

The whole idea of this emulator is to have the fastest available 32 bit
Multi-Z80 emulator for the x86, giving maximum performance.

Musashi v3.3 License:

                                    MUSASHI
                                    =======

                                  Version 3.3

             A portable Motorola M680x0 processor emulation engine.
            Copyright 1998-2001 Karl Stenerud.  All rights reserved.

LICENSE AND COPYRIGHT:
---------------------

The Musashi M680x0 emulator is copyright 1998-2001 Karl Stenerud.

The source code included in this archive is provided AS-IS, free for any
non-commercial purpose.

If you build a program using this core, please give credit to the author.

If you wish to use this core in a commercial environment, please contact
the author to discuss commercial licensing.

Starscream License:

-----------------------------------------------------------------------------
Starscream 680x0 emulation library                              version 0.26d
Copyright 1997, 1998, 1999 Neill Corlett
Modified by Stéphane Dallongeville
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
0.  Terms of Use
-----------------------------------------------------------------------------

"Starscream" refers to the following files:
*  STAR.C
*  STARCPU.H
*  CPUDEBUG.C
*  CPUDEBUG.H
*  STARDOC.TXT
*  any object file or executable compiled from the above
*  any source code generated from STAR.C, or object file assembled from such
   code

Starscream may be distributed freely in unmodified form, as long as this
documentation is included.

No money, goods, or services may be charged or solicited for Starscream, or
any emulator or other program which includes Starscream, in whole or in part.
Using Starscream in a shareware or commercial application is forbidden.
Contact Neill Corlett (corlett@elwha.nrrc.ncsu.edu) if you'd like to license
Starscream for commercial use.

Any program which uses Starscream must include the following credit text, in
its documentation or in the program itself:

"Starscream 680x0 emulation library by Neill Corlett
 (corlett@elwha.nrrc.ncsu.edu)"

https://www.zdnet.com/article/libarchive-vulnerability-can-lead-to-code-execution-on-linux-freebsd-netbsd/

https://security-tracker.debian.org/tracker/CVE-2019-18408

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/

https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now

Description:

Ath9k wifi device not working, possibly bad compilation or issues with gcc

Additional info:
* package version(s)

- gcc-8.4.0-2
- ath9k-htc-firmware-1.4.0-8

* config and/or log files etc.

[    8.302952] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[    8.303011] usbcore: registered new interface driver ath9k_htc
[    8.303067] usb 1-1: Direct firmware load for ath9k_htc/htc_9271-1.4.0.fw failed with error -2
[    8.303073] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[    8.623141] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51008
[    9.683657] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[    9.683672] ath9k_htc: Failed to initialize the device

Steps to reproduce:

- Add wifi device with ath9k firmware, for example: TL-WN722N
- pacman -S ath9k-htc-firmware

References:

- https://bugzilla.kernel.org/show_bug.cgi?id=208251

Description: Tried with new compiled version of mumble no open and secured with SSL-certificate is reachable. Log within console:

qt.network.ssl: QSslSocket: cannot resolve SSL_CTX_set_options
qt.network.ssl: QSslSocket: cannot resolve SSL_session_reused
qt.network.ssl: QSslSocket: cannot resolve SSL_set_options
qt.network.ssl: QSslSocket: cannot resolve BN_is_word
qt.network.ssl: QSslSocket: cannot resolve SSL_in_init

<W>2021-08-23 01:00:18.814 QSslSocket: cannot call unresolved function sk_num

<W>2021-08-23 01:00:20.270 QSslSocket: cannot call unresolved function SSL_CTX_set_options

filename:       /lib/modules/4.9.77-gnu-1-lts/extramodules/vhba.ko
license:        GPL
description:    Virtual SCSI HBA
version:        20161009
author:         Chia-I Wu
srcversion:     E5A3E6F70DFD436A6B1C8D6
depends:        scsi_mod
vermagic:       4.9.27-gnu-1-lts SMP mod_unload modversions

Can’t insert module vhba

Error :

modprobe: ERROR: could not insert ‘vhba’: Exec format error

Multiple vulnerabilities have been located in Irssi.

Access remote: yes

References links:

• https://irssi.org/security/irssi_sa_2018_02.txt

This morning while I was working on my X200, I noticed that my CPU was kept 100% busy for a long time by some process which was obvioulsy eating up the battery life. The culprit was pacman-key, triggered by logrotate.

To stop this, I did ‘chmod -x /etc/cron.daily/pacman-key’ and I rebooted.

Later on, it was impossible to install a new package as it was impossible to get over the step marked as “checking keys in keyring...”

So I tried to do again ‘pacman-key –refresh-keys’: the overall process took more than an hour—behind a fast and robust internet connection. I finally got three lines, saying that about 1,000 keys were updated but I never got the prompt back. So I hit Ctrl-C.

At the time of writing, I am still trying to refresh the keys—a quite desperate attempt, if I may say so.

Although I tagged this report as a “Feature request”, it is in my opinion of quite some importance. I understand very well the absolute necessity to always have the keys updated, but in this particular case, with so many keys and so frequent updates, I begin to wonder if losses are not beginning to prevail over benefits.

Unless I am doing something wrong or missing something I should do?

Any help would be strongly appreciated.

Robert

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3→Malloc→Thread1→Free’s→Thread2-Re-uses-Free’d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.

https://security-tracker.debian.org/tracker/CVE-2018-1000030

Geth 1.6.x contains possible denial of service attacks “DoS Attack”, however it has been solved in 1.7.2 [0] instead. Since 1.6.x needs many modifications spread across multiple files of the code and it is inefficient to be backported, the newer version (eg. 1.7.x) could replace the current version package as exception, but repackaged with the appropriate suffix “-backports”.

As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore.
https://www.youtube.com/watch?v=v25Dy66AtNI

We also shouldn’t use the AppStore if it exists, due to non-free apps.

Known files:
> usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service
> etc/appstore.json

### Some context ###

I use hdajackretask on my G41M-ES2L motherboard (Libreboot)

Alsamixer doesn’t offer automute feature so every time I plug my headphones, the sound is playing by my speakers.
So to work around this, I use hdajackretask from alsa-tools package.

It allows to install a boot override to solve the issue.

Yesterday, I reinstalled Hyperbola on my system and the boot override because of missing /lib/firmware directory. (Although it was present before, something changed ?)

The error message was (I translate)

/mv: can't move '/tmp/hda-jack-retask-VH3KIZ/hda-jack-retask.fw' to /lib/firmware/hda-jack-retask.fw' No file or folder of this type

So I created a folder “firmware” in /lib/
and copied hda-jack-retask.fw in it.

Then I rebooted, 100% working.

I don’t know if the fix should apply to the PKGBUILD of alsa-tools (to create a /lib/firmware directory) or something else ?

Description:
The light-locker package returns error while tries load shared library libsystemd.so.0.

Additional info:
* package version(s): light-locker-1.6.0-3

Steps to reproduce:

1. Install the package:

  $ sudo pacman -S light-locker
  

1. Run it:

  $ light-locker
  

1. Then, you get the following message:

  light-locker: error while loading shared libraries: libsystemd.so.0: cannot open shared object file: No such file or directory
  

I get this error when trying to run it:

$ utox
utox: error while loading shared libraries: libtoxencryptsave.so.1: cannot open shared object file: No such file or directory

Description:

• replace deprecated Python 2 to Tauthon for Canis Major

Additional info:

• python 2.7.14-2.hyperbola1
• Python 2.7 is the end of the Python 2 line of development. [0]
• There never will be an official Python 2.8 release.

Steps to reproduce:

• Broken python2 packages.

Description:
Since the update to 0.3.9 (or the update of girara to 0.2.9), zathura-pdf-poppler returns the following error:

error: Could not load plugin '/usr/lib/zathura/ps.so' (libgirara-gtk3.so.2: cannot open shared object file: No such file or directory).

Description:

• Segmentation fault after start by terminal emulator but elinks does not crash in console. After that, it prints characters when mouse buttons pressed so it can not copy its output.

Additional info:
* package version(s)

• links 2.14-2
• elinks 0.13-18

* config and/or log files etc.

• gdb output for links 2.16:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4295e43 in strchrnul () from /usr/lib/libc.so.6

• gdb output for elinks 0.13-18:

[New Thread 0x7ffff4dfb700 (LWP 8393)]
Thread 1 "elinks" received signal SIGSEGV, Segmentation fault.
0x00007ffff5fa3e43 in strchrnul () from /usr/lib/libc.so.6

Steps to reproduce:

• Run links and elinks by terminal emulator

Octopi 0.9.0 is uploading system logs to ptpb.pw without confirmation through :

Tools
→ SysInfo → ptpb.pw

I think it should be either disabled or add at least a patch to ask for a confirmation.
An other way could be to patch this :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
256:  return ptpb;

to :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **https://ptpb.pw/", tempFile->fileName());
256:  return ptpb;

This way, you can at least ask for log deletion with the help of log uuid as explained here : https://ptpb.pw/#id10

Description:

this release is mostly bugfix, updated translations, removed some deprecated parts in code (abandoning libgnome-keyring and starting using libsecret) and in UI and added Till’s patches from Ubuntu (Thank you, Till!).

Additional info:
* package version(s)

# pacman -Si system-config-printer
Repositorio               : extra
Nombre                    : system-config-printer
Versión                   : 1.5.9-2
Descripción               : A CUPS printer configuration tool and status applet
Arquitectura              : x86_64
URL                       : https://github.com/zdohnal/system-config-printer
Licencias                 : GPL
Grupos                    : Nada
Provee                    : Nada
Depende de                : python-pycups  python-dbus  python-pycurl  libnotify  python-requests  python-gobject  gtk3  python-cairo
Dependencias opcionales   : python-pysmbc: SMB browser support
                            python-packagekit: to install drivers with PackageKit
                            cups-pk-helper: PolicyKit helper to configure cups with fine-grained privileges
En conflicto con          : Nada
Remplaza a                : Nada
Tamaño de la descarga     : 908,59 KiB
Tamaño de la instalación  : 7159,00 KiB
Encargado                 : Andreas Radke <andyrtr@archlinux.org>
Fecha de creación         : vie 27 ene 2017 04:18:24 -03
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

Steps to reproduce:

Here is the terminal output:

$ electrum
Error: No module named ‘aiorpcx’. Try ‘sudo python3 -m pip install <module-name>

I think a newer python version (e.g. 3.7) might be needed in order to get it to work as well as even after installing missing modules via pip locally the package does not run.

gufw 17.04.1-3

Impossible to start application, error message :

FileNotFoundError: [Errno 2] Aucun fichier ou dossier de ce type: '/usr/sbin/ufw': '/usr/sbin/ufw'

Description:
Postfix is a mess, first it failed to start (running ‘postfix start’) with the following:

  postfix: fatal: chdir(/usr/lib/postfix/bin): No such file or directory

Then, to solve this, I symlinked /usr/libexec/postfix to /usr/lib/postfix/bin, because there were the binaries, but then it came with the following:

  # postfix start
  /usr/lib/postfix/bin/postfix-script: line 89: /usr/bin/postconf: No such file or directory
  /usr/lib/postfix/bin/postfix-script: line 90: /usr/bin/postlog: No such file or directory

Because all the post* bins where now in /usr/sbin, so I symlinked them to /usr/bin, and it could finally run, but with many warnings

  # postfix start
  postfix/postfix-script: warning: symlink leaves directory: /usr/lib/postfix/./bin
  postfix/postfix-script: warning: not owned by group postdrop: /usr/bin/postqueue
  postfix/postfix-script: warning: not owned by group postdrop: /usr/bin/postdrop
  postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/bin/postqueue
  postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/bin/postdrop
  postfix/postfix-script: starting the Postfix mail system

Additional info:
* postfix 3.2.2-1.hyperbola6

Within the current version of smplayer in the repositories a proprietary interface to Chromecast is activated and therefore a risk for privacy of the users as this hardware is the complete opposite of freedom.