|
Any | Security Issue | Very High | Critical | [libssh] CVE-2018-10933 | Closed | |
Task Description
Description: libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.
Additional info: * package version(s) : extra/libssh 0.7.5-1
CVE
|
|
Any | Security Issue | Very High | Critical | [openldap] 2.4.44 multiple security issues | Closed | |
Task Description
Description: Changelog
2.4.46 is fixing a huge quantity of issues (TLS related & memory leak)
Additional info: * package version(s) : 2.4.44
|
|
Any | Security Issue | Very High | Critical | [php] CVE-2017-9120 | Closed | |
Task Description
Description:
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
Additional info: * package version(s)
$ pacman -Si php
Repositorio : extra
Nombre : php
Versión : 7.1.4-3.hyperbola3
Descripción : A general-purpose scripting language that is especially suited to web development, without systemd support
Arquitectura : x86_64
URL : http://www.php.net
Licencias : PHP
Grupos : Nada
Provee : php-ldap=7.1.4
Depende de : libxml2 curl libzip pcre
Dependencias opcionales : Nada
En conflicto con : php-ldap
Remplaza a : php-ldap
Tamaño de la descarga : 3,02 MiB
Tamaño de la instalación : 15,94 MiB
Encargado : André Silva <emulatorman@hyperbola.info>
Fecha de creación : mié 27 dic 2017 19:15:03 -05
Validado por : Suma MD5 Suma SHA-256 Firma
* config and/or log files etc.
Last update of php be v7.1.x is v7.1.23:
- https://secure.php.net/ChangeLog-7.php#7.1.23
Patch availabble from v7.1.5 https://bugs.php.net/bug.php?id=74544
Steps to reproduce:
- Install php
|
|
Stable | Update Request | High | Critical | [system-config-printer] update to 1.5.11 | Closed | |
Task Description
Description:
this release is mostly bugfix, updated translations, removed some deprecated parts in code (abandoning libgnome-keyring and starting using libsecret) and in UI and added Till’s patches from Ubuntu (Thank you, Till!).
Additional info: * package version(s)
# pacman -Si system-config-printer
Repositorio : extra
Nombre : system-config-printer
Versión : 1.5.9-2
Descripción : A CUPS printer configuration tool and status applet
Arquitectura : x86_64
URL : https://github.com/zdohnal/system-config-printer
Licencias : GPL
Grupos : Nada
Provee : Nada
Depende de : python-pycups python-dbus python-pycurl libnotify python-requests python-gobject gtk3 python-cairo
Dependencias opcionales : python-pysmbc: SMB browser support
python-packagekit: to install drivers with PackageKit
cups-pk-helper: PolicyKit helper to configure cups with fine-grained privileges
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 908,59 KiB
Tamaño de la instalación : 7159,00 KiB
Encargado : Andreas Radke <andyrtr@archlinux.org>
Fecha de creación : vie 27 ene 2017 04:18:24 -03
Validado por : Suma MD5 Suma SHA-256 Firma
* config and/or log files etc.
Steps to reproduce:
|
|
Stable | Freedom Issue | Very High | Critical | [cool-retro-term] update package to 1.0.1 and remove no ... | Closed | |
Task Description
In the latest version fixes several issues and font improvements[1], but unfortunately there is a major problem contained five three non-libre/free typefaces in the source code.
Apple II (1977): a licence forbids to sell and modify. Already removed
Commodore PET (1977): a licence forbids to sell and modify. Already removed
Atari 400/800 (1979): in the latest version, there is a vague term “freeware”[2] in documentation, but forbids to sell and modify.
Commercial 64 (1982): a licence forbids to sell. Already removed
Monaco (modern): proprietary from Apple.
$ rm -fr "./app/qml/fonts/{1977-*,1979-atari-400-800,1982-commodore64,modern-monaco}/";
Also, I attached three QML source code diff files down below, by removing and replacing strings.
[1]: https://github.com/Swordfish90/cool-retro-term/releases/tag/1.0.1/ [2]: https://www.gnu.org/philosophy/words-to-avoid#Freeware
|
|
Stable | Freedom Issue | Very High | Critical | [xorg-fonts-misc] contains non-libre/free Syriac typefa ... | Closed | |
Task Description
A Syriac typeface family series of Beth Mardutho’s Meltho is considered as non-libre/free because a licence forbids to modify[1], and should be removed immediately.
[1]: https://github.com/freedesktop/xorg-misc-meltho/raw/master/license.txt
|
|
Any | Freedom Issue | Very High | Critical | [python-pip][python2-pip] Pip recommends proprietary so ... | Closed | |
Task Description
Description: pip allows the user to search and install packages from the PyPi repository, which contains proprietary software.
Additional info: * example of proprietary package in PyPi repository: https://pypi.org/project/snaplogic * Trisquel’s solution was to remove python-pip: https://trisquel.info/en/issues/3741
Steps to reproduce: $ sudo pacman -S python-pip $ pip search snaplogic # prints information about proprietary package $ pip install snaplogic # installs proprietary package
|
|
Any | Freedom Issue | Very High | Critical | [purple-skypeweb] Plugin only useful with Skype | Closed | |
Task Description
Please remove as plugin is only useful with Skype hosted by a single company on a single server as far as I can tell (unlike pidgin-sipe).
|
|
Stable | Freedom Issue | Very High | Critical | [gftp] Remove many other (old and dead) FTP site bookma ... | Closed | |
Task Description
Contains many other (old and dead) non-FSDG distro and software archive and repo FTP sites, and must remove carefully.
|
|
Stable | Implementation Request | Medium | Critical | [strongswan] add new package | Closed | |
Task Description
Description:
Package strongSwan is missing. Can it please be added to relevant repository? The package’s presence is critical for using IKEv2 in VPN.
Additional info:
* Source: Please see added link
Steps to reproduce:
N/A
|
|
Any | Freedom Issue | Very High | Critical | [man-pages] contains nonfree POSIX manual pages | Closed | |
Task Description
Description:
Arch distributes a version of man-pages with manual pages from the POSIX standard. The man-pages project is permitted to distribute them and Andries Brouwer assumes that re-distribution by vendors is permitted as well. However, modification is definitively not allowed, hence this contribution by The Institute of Electrical and Electronics Engineers and The Open Group render the entire man-pages package nonfree. The way to solve it is remove all nonfree POSIX manual pages from man-pages package.
Additional info: * package version(s)
* config and/or log files etc.
The Institute of Electrical and Electronics Engineers (IEEE) and
The Open Group, have given us permission to reprint portions of
their documentation.
In the following statement, the phrase ``this text'' refers to
portions of the system documentation.
Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1, 2013 Edition, Standard for Information Technology
-- Portable Operating System Interface (POSIX), The Open Group Base
Specifications Issue 7, Copyright (C) 2013 by the Institute of Electri-
cal and Electronics Engineers, Inc and The Open Group. (This is
POSIX.1-2008 with the 2013 Technical Corrigendum 1 applied.) In the
event of any discrepancy between this version and the original IEEE and
The Open Group Standard, the original IEEE and The Open Group Standard
is the referee document. The original Standard can be obtained online
at http://www.unix.org/online.html .
This notice shall appear on any product containing this material.
Redistribution of this material is permitted so long as this notice and
the corresponding notices within each POSIX manual page are retained on
any distribution, and the nroff source is included. Modifications to
the text are permitted so long as any conflicts with the standard
are clearly marked as such in the text.
Steps to reproduce:
|
|
Any | Bug Report | Very High | Critical | [linux-libre-lts] spinlock not released on kernel by i9 ... | Closed | |
Task Description
Description:
With the latest release of the kernel, xwindow does not start anymore. I had to revert to 4.9.143.
Additional info: * package version(s): linux-libre-lts-4.9.150_gnu-0-x86_64.pkg.tar.xz
Steps to reproduce:
Upgrade to the following: - linux-libre-lts-4.9.150_gnu-0-x86_64.pkg.tar.xz - linux-libre-lts-headers-4.9.150_gnu-0-x86_64.pkg.tar.xz - acpi_call-lts-1.1.0-42.hyperbola34.6-x86_64.pkg.tar.xz
And try to start xwindow
|
|
Stable | Replace Request | Very Low | Critical | [spamassassin] includes dependencies for systemd | Closed | |
Task Description
Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd
Additional info: * package version(s) 3.4.1-7
|
|
Stable | Replace Request | Very Low | Critical | [opendkim] includes dependencies for systemd | Closed | |
Task Description
Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd
Additional info: * package version(s) 2.10.3-4
|
|
Any | Security Issue | Very Low | Critical | [dokuwiki] CVEs | Closed | |
Task Description
Our current dokuwiki 20170219_b-1 has two serious CVE.
Error message attached after the first installation
|
|
Any | Security Issue | Very Low | Critical | [tcpreplay] CVEs | Closed | |
Task Description
A huge number of CVEs have been fixed on 4.3.1 :
CVE-2018-20552 CVE-2018-20553 CVE-2018-18408 CVE-2018-18407 CVE-2018-17974 CVE-2018-17580 CVE-2018-17582 CVE-2018-13112
Current Hyperbola version is 4.2.6
|
|
Any | Bug Report | Very High | Critical | [electrum] package no longer works | Closed | |
Task Description
Old clients (like the one packages by Hyperbola) no longer work due to changes in Electrum:
https://github.com/kyuupichan/electrumx/pull/760
The fix is to use a newer version.
|
|
Any | Bug Report | High | Critical | [electrum] updated package still does not work | Closed | |
Task Description
Here is the terminal output:
$ electrum Error: No module named ‘aiorpcx’. Try ‘sudo python3 -m pip install <module-name>
I think a newer python version (e.g. 3.7) might be needed in order to get it to work as well as even after installing missing modules via pip locally the package does not run.
|
|
Stable | Security Issue | Very High | Critical | [exim] CVE-2019-10149 | Closed | |
Task Description
Description: There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner.
https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
https://www.openwall.com/lists/oss-security/2019/06/06/1
|
|
Any | Freedom Issue | Very High | Critical | [supertuxkart] remove nonfree Ubuntu Font Family fonts | Closed | |
Task Description
In version 0.9.3 and 1.0, there are several added and changed (new or existing) features and functions, and fixed bug, crash and other issues.
But the critical part is contains non-libre/free Ubuntu font files over licensing issue, according to the issue: https://github.com/supertuxkart/stk-code/issues/2570
See those two sections in the version history releases for more details: https://github.com/supertuxkart/stk-code/blob/master/CHANGELOG.md
|
|
Any | Freedom Issue | Very Low | Critical | [flatpak] Access to proprietary applications | Closed | |
Task Description
Description:
Additional info: * 0.9.10-2.hyperbola2
Steps to reproduce: Flatpak gives access to interesting features for the deployment of applications, but in fact it also gives access to proprietary applications like Skype (https://flathub.org/apps/details/com.skype.Client), Steam (https://flathub.org/apps/details/com.valvesoftware.Steam) and many more. So it should be checked if this should be part of the repositories within an open, libre distribution. In my point of view this violates the freedom of users, because there can be not tolerance about intolerance even regarding this.
|
|
Testing | Bug Report | Medium | Critical | [rsyslog] wrong reference to /usr/bin/rsyslog in /etc/l ... | Closed | |
Task Description
In `/etc/logrotate.d/rsyslog`, line 5:
/usr/bin/killall -HUP /usr/bin/rsyslogd
should now read as follows:
/usr/bin/killall -HUP /usr/sbin/rsyslogd
|
|
Any | Bug Report | Very High | Critical | [cups] [cups-filters] ServerBin directory inconsistency | Closed | |
Task Description
As the default path of the ServerBin directory is now /usr/libexec/bin: 1. cups-files.conf should be modified/adapted accordingly. 2. The contents of /usr/lib/cups which is currently owned by cups-filters, cups-pdf foomatic-db-engine and smbclient should be moved to /usr/libexec/cups.
As it is, cups doesn’t work in v0.3.
|
|
Stable | Bug Report | Medium | Critical | [mkinitcpio] crc32c_generic module missing with regular ... | Closed | |
Task Description
With latest 0.3 hyperbola, with the (simple) following partitioning :
/ (ext4)
/swap
The standard HOOK in /etc/mkinitcpio.conf
"HOOKS="base udev autodetect modconf block filesystems keyboard fsck"
fails to include crc32c_generic module, resulting in non bootable system.
The generated fallback initramfs include it though.
The issue was not present with 0.2.9, with the exact same partitioning.
|
|
Stable | Bug Report | Medium | Critical | [virt-manager] Failed to initialize a valid firewall ba ... | Closed | |
Task Description
[virt-manager] Failed to initialize a valid firewall backend
I cannot start any virtual machine with current virt-manager. The error message is the following :
Failed to initialize a valid firewall backend
My username is in “kvm” group.
The only modification to the libvirt config files I made are in /etc/libvirt/qemu.conf
[...]
# Some examples of valid values are:
#
# user = "qemu" # A user named "qemu"
# user = "+0" # Super user (uid=0)
# user = "100" # A user named "100" or a user with uid=100
#
#user = "root"
user = "david"
[...]
The libvirtd service is enabled (and start without error) Also, the optional dependencies are correctly installed :
ebtables: required for default NAT networking [installed]
dnsmasq: required for default NAT/DHCP for guests [installed]
bridge-utils: for bridged networking [installed]
This was working fine previously (with 0.2.9) so I don’t know why this isn’t working anymore. As said previously, my config hasn’t changed.
|
|
Stable | Bug Report | Medium | Critical | [v4l-utils] Error in `dvbv5-scan': double free or corru ... | Closed | |
|
|
Stable | Bug Report | Medium | Critical | [lynis] Unable to run audit on remote target because of ... | Closed | |
|
|
Stable | Bug Report | High | Critical | [gufw] FileNotFoundError: [Errno 2] '/usr/sbin/ufw': ' ... | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [clementine] using non-free services and interfaces | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [gens] contains nonfree Starscream code | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [gens-gs] contains nonfree Starscream code and the Poor ... | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [dgen-sdl] contains nonfree CZ80, dZ80, DrZ80, Multi-Z8 ... | Closed | |
|
|
Stable | Bug Report | Medium | Critical | [apache][modules][FHS] move external modules to new loc ... | Closed | |
|
|
Stable | Bug Report | Medium | Critical | [roundcubemail-lts] not compatible with PHP 7.1 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [libarchive] CVE-2019-18408 | Closed | |
|
|
Stable | Freedom Issue | High | Critical | [smplayer] Removal of unfree "Chromecast"-plugin | Closed | |
|
|
Stable | Bug Report | Very Low | Critical | [gtk-2] Severe problems with GTK2-applications | Closed | |
|
|
Stable | Freedom Issue | Very Low | Critical | [keybase] Complete removal of tool | Closed | |
|
|
Any | Security Issue | Very High | Critical | [grub2] UEFI SecureBoot vulnerability + multiple flaws ... | Closed | |
|
|
Testing | Bug Report | Very Low | Critical | [Hyperbola GNU/Linux-libre 0.4] Installation issue for ... | Closed | |
|
|
Testing | Bug Report | High | Critical | [Hyperbola GNU/Linux-libre 0.4] Installation for syslin ... | Closed | |
|
|
Testing | Bug Report | High | Critical | [wpa_supplicant]: wireless connection does not work | Closed | |
|
|
Testing | Bug Report | Very High | Critical | [Hyperbola GNU/Linux 0.4] QtSSL is not working | Closed | |
|
|
Any | Implementation Request | Very High | Critical | [linux-libre-lts-server] add "Linux-libre" kernel adapt ... | Closed | |
|
|
Any | Bug Report | Very High | Critical | [python-acme] to start crashing on June 19th | Closed | |
|
|
Stable | Bug Report | Very High | Critical | [iceweasel-uxp] Broken addons with latest update | Closed | |
|
|
Stable | Bug Report | Medium | Critical | [torsocks] which: no getcap | Closed | |
|
|
Any | Freedom Issue | Very Low | Critical | [conky] Some serious issues | Closed | |
|
|
Any | Privacy Issue | Very Low | Critical | [bleachbit] needs to be adapted to UXP applications | Closed | |
|
|
Stable | Bug Report | Very Low | Critical | [smartmontools] update-smart-drivedb fails to update | Closed | |
|