Packages

Description:

• Remove the “placeholder” entry in /etc/grub.d/20_linux_xen since it has been removed from Linux kernel.

Additional info:

• grub 2:2.02-1.hyperbola3

/etc/grub.d/20_linux_xen
----
-       module  ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args}
+       module  ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
----

$ pacman -Si grub
Repository      : core
Name            : grub
Version         : 2:2.02-1.hyperbola3
Description     : GNU GRand Unified Bootloader (2), (Hyperbola rebranded)
Architecture    : x86_64
URL             : https://www.gnu.org/software/grub/
Licenses        : GPL3
Groups          : None
Provides        : grub-common  grub-bios  grub-emu  grub-efi-x86_64
Depends On      : sh  xz  gettext  device-mapper
Optional Deps   : freetype2: For grub-mkfont usage
                  fuse: For grub-mount usage
                  dosfstools: For grub-mkrescue FAT FS and EFI support
                  efibootmgr: For grub-install EFI support
                  libisoburn: Provides xorriso for generating grub rescue iso using grub-mkrescue
                  os-prober: To detect other OSes when generating grub.cfg in BIOS systems
                  mtools: For grub-mkrescue FAT FS and EFI support
                  xen: For Xen Dom0 support
                  xen-docs: For Xen documentation
Conflicts With  : grub-common  grub-bios  grub-emu  grub-efi-x86_64  grub-legacy
Replaces        : grub-common  grub-bios  grub-emu  grub-efi-x86_64
Download Size   : 6.17 MiB
Installed Size  : 39.31 MiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 20 Nov 2017 06:35:41 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

• Turn on machine and then check Linux-libre kernel booting

Description: Since the migration to xenocara there seems to be a bug with applications using GTK-2. From time to time there are crashes with assertion `!xcb_xlib_threads_sequence_lost’.

Looking into this a little bit more deep there are also other distributions affected and this is an upstream-bug. But the concrete situation is not that easy, while it could be also part of the library libX11 itself. Looking therefore here: https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1782984

Affected are for example LXDE in general, icedove, iceweasel and many more!

Description:

In External Linkhttps://git.hyperbola.info:50100/packages/community.git/tree/hostapd/config an option is missing to support 802.11r:

Adding “CONFIG_IEEE80211R=y”

Additional info:
* hostapd 2.6

Hostapd is failing at boot with :

Starting hostapd ...
Configuration file: /etc/hostapd/hostapd.conf
ovs-vsctl: unix:/run/openvswitch/db.sock: database connection failed (No such file or directory)

Hostapd should start “after ovs-vswitchd”

If I add it to /etc/init.d/hostapd, I don’t have the issue anymore

With the recent update to hypervideo, my workflow is broken as I can’t archive several youtube channels with hypervideo, the error is always the following :

WARNING: unable to extract html5 player; please report this issue on https://issues.hyperbola.info/ . Make sure you are using the latest version; type 'pacman -Sy hypervideo' as root. Be sure to call hypervideo with the --verbose flag and include its complete output.
[youtube] {22} signature length 44.40, html5 player None
ERROR: Signature extraction failed: Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
    video_id, player_url, s
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
    raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL
 (caused by ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL",)); please report this issue on https://issues.hyperbola.info/ . Make sure you are using the latest version; type 'pacman -Sy hypervideo' as root. Be sure to call hypervideo with the --verbose flag and include its complete output.
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
    video_id, player_url, s
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
    raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
    video_id, player_url, s
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
    raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/hypervideo/YoutubeDL.py", line 792, in extract_info
    ie_result = ie.extract(url)
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/common.py", line 508, in extract
    ie_result = self._real_extract(url)
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1806, in _real_extract
    encrypted_sig, video_id, player_url, age_gate)
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1204, in _decrypt_signature
    'Signature extraction failed: ' + tb, cause=e)
hypervideo.utils.ExtractorError: Signature extraction failed: Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
    video_id, player_url, s
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
    raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL
 (caused by ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL",)); please report this issue on https://issues.hyperbola.info/ . Make sure you are using the latest version; type 'pacman -Sy hypervideo' as root. Be sure to call hypervideo with the --verbose flag and include its complete output.

Description:

NoScript zero-day allows script execution even with scripts blocked by default.

https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/

https://twitter.com/ma1/status/1039163003034324992

Additional info:
* package version(s) < 5.1.8.7

Steps to reproduce:
Set the Content-Type of your html/js page to “text/html;json” and enjoy full JS pwnage”

I can’t update filters or update with iceweasel-uxp-ublock-origin.
When I toggle the additional filters list, it is empty.

Some addons are currently broken with latest iceweasel-uxp (iceweasel-uxp 52.9.20190926-1)

DownThemAll
Save to Wayback Machine
Self-Destructing Cookies
(and probably others)

g4jc suggested to drop PGO as it could be the culprit.

https://forums.hyperbola.info/viewtopic.php?pid=1149#p1149

Regarding addons, I'm fairly certain flipping the switch on PGO (which makes the browser faster at the expense of wrecking code) is the culprit. We were warned not to use it, and this is planned to be rolled back.

However, Hyperbot has to be scheduled to rebuild the packages and I do not set it's schedule. Will advise.

With latest iceweasel-uxp, I can’t connect to some HTTPS websites :

For example :

https://pkgs.fedoraproject.org/ is an example

SEC_ERROR_UNKNOWN_ISSUER

Hello,

I can’t manually install some extensions I was using successfully with iceweasel-esr (52.9.x) previously.
Notably :

https-everywhere https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/ watch-with-mpv https://addons.mozilla.org/en-US/firefox/addon/watch-with-mpv/ tampermonkey https://addons.mozilla.org/en-US/firefox/addon/tampermonkey/ Save URL to Wayback Machine https://addons.mozilla.org/en-US/firefox/addon/save-url-to-wayback-machine

How to install them with iceweasel-uxp ?

Multiple vulnerabilities have been located in Irssi.

Access remote: yes

References links:

• https://irssi.org/security/irssi_sa_2018_02.txt

Since Linux 4.14, the in-tree kernel firmware was dropped[0][1], and Hyperbola uses linux-libre-lts-firmware from 4.9 which still supports that firmware.

However, I’d like to request upgrading to the new libre replacement of linux-firmware.git: linux-libre-firmware[2][3].

This version has no LTS releases (well, firmwares commonly don’t have LTS versions and the in-tree firmware was always the same in post-4.9 generations), but it has the same firmwares as Linux-libre-lts plus some others.

This is the list of firmware files in linux-libre-lts-firmware and its dependencies:

linux-libre-lts-firmware
---
/usr/lib/firmware/av7110/bootcode.bin
/usr/lib/firmware/dsp56k/bootstrap.bin
/usr/lib/firmware/keyspan_pda/keyspan_pda.fw
/usr/lib/firmware/keyspan_pda/xircom_pgs.fw

ath9k-htc-firmware
---
/usr/lib/firmware/htc_7010.fw
/usr/lib/firmware/htc_9271.fw

openfwwf
---
/usr/lib/firmware/b43-open/b0g0bsinitvals5.fw
/usr/lib/firmware/b43-open/b0g0initvals5.fw
/usr/lib/firmware/b43-open/ucode5.fw

And here are the firmware files of the new linux-libre-firmware:

linux-libre-firmware
---
/usr/lib/firmware/av7110/bootcode.bin
/usr/lib/firmware/b43-open/b0g0bsinitvals5.fw
/usr/lib/firmware/b43-open/b0g0initvals5.fw
/usr/lib/firmware/b43-open/ucode5.fw
/usr/lib/firmware/carl9170-1.fw
/usr/lib/firmware/cis/3CCFEM556.cis
/usr/lib/firmware/cis/3CXEM556.cis
/usr/lib/firmware/cis/COMpad2.cis
/usr/lib/firmware/cis/COMpad4.cis
/usr/lib/firmware/cis/DP83903.cis
/usr/lib/firmware/cis/LA-PCM.cis
/usr/lib/firmware/cis/MT5634ZLX.cis
/usr/lib/firmware/cis/NE2K.cis
/usr/lib/firmware/cis/PCMLM28.cis
/usr/lib/firmware/cis/PE-200.cis
/usr/lib/firmware/cis/PE520.cis
/usr/lib/firmware/cis/RS-COM-2P.cis
/usr/lib/firmware/cis/SW_555_SER.cis
/usr/lib/firmware/cis/SW_7xx_SER.cis
/usr/lib/firmware/cis/SW_8xx_SER.cis
/usr/lib/firmware/cis/tamarack.cis
/usr/lib/firmware/dsp56k/bootstrap.bin
/usr/lib/firmware/htc_7010.fw
/usr/lib/firmware/htc_9271.fw
/usr/lib/firmware/isci/isci_firmware.bin
/usr/lib/firmware/keyspan_pda/keyspan_pda.fw
/usr/lib/firmware/keyspan_pda/xircom_pgs.fw
/usr/lib/firmware/usbdux_firmware.bin
/usr/lib/firmware/usbduxfast_firmware.bin
/usr/lib/firmware/usbduxsigma_firmware.bin

It has openfwwf and ath9k-htc-firmware included, plus some others. If actual versions of Hyperbola don’t get the update at least consider it for future releases. You can get the new PKGBUILD[4] and its new build dependencies at Parabola’s abslibre.git libre tree[5]

The new dependencies are:

• sh-elf-gcc (which depends on sh-elf-binutils)

• sh-elf-newlib

• arm-linux-gnueabi-gcc (which depends on arm-linux-gnueabi-binutils)

• xtensa-unknown-elf-gcc (already at Hyperbola)

Sources:

[0] https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.14-Migrates-Out-FW
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b38923a068c10fc36ca8f596d650d095ce390b85
[2] https://jxself.org/firmware/
[3] https://jxself.org/git/?p=linux-libre-firmware.git
[4] https://git.parabola.nu/abslibre.git/tree/libre/linux-libre-firmware
[5] https://git.parabola.nu/abslibre.git/tree/libre

Updated Note:

Since Linux-libre-firmware contains a lot of independent firmware, tools and assembly projects, it should be built from its official tarball separately and create a group called kernel-firmware to follow the our packaging guidelines. Tools and assembly projects shouldn’t be included in kernel-firmware since those ones are firmware dependencies.

There is only the source code of the client available and since years nothing more happened. With keybase joining “Zoom” nothing more seems to happen. Look also here in the forum: https://forums.hyperbola.info/viewtopic.php?id=368

Please replace by avideo, preferably by a release which receives updates so that it can still function within kodi (the non-LTS version).

Replace by LTS version of avideo to follow Hyperbola Packaging Guidelines.

https://www.zdnet.com/article/libarchive-vulnerability-can-lead-to-code-execution-on-linux-freebsd-netbsd/

https://security-tracker.debian.org/tracker/CVE-2019-18408

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation

https://security-tracker.debian.org/tracker/CVE-2019-2201

Patch: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388

Description:
libqtelegram-ae is Telegram library written in Qt based on telegram-cli code. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si libqtelegram-ae
Repository      : community
Name            : libqtelegram-ae
Version         : 3:6.1-4
Description     : Telegram library written in Qt based on telegram-cli code
Architecture    : x86_64
URL             : https://launchpad.net/libqtelegram
Licenses        : GPL3
Groups          : None
Provides        : None
Depends On      : qt5-base  qt5-multimedia
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 431.27 KiB
Installed Size  : 1999.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Wed 05 Apr 2017 07:16:39 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Libreoffice contains Google API keys which affects privacy.

LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.

It was forked from the OpenSSL in April 2014 as a response by OpenBSD developers to the Heartbleed security vulnerability in OpenSSL, [4] [5] [6] [7] with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. [8]

As LibreSSL follow the same goals than Hyperbola Packaging Guidelines in stability and security concerns, it should be the default provider of SSL and TLS protocols for Hyperbola Project.

Description:
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authentciate
without any credentials.

Additional info:
* package version(s) : extra/libssh 0.7.5-1

CVE

Description:
The light-locker package returns error while tries load shared library libsystemd.so.0.

Additional info:
* package version(s): light-locker-1.6.0-3

Steps to reproduce:

1. Install the package:

  $ sudo pacman -S light-locker
  

1. Run it:

  $ light-locker
  

1. Then, you get the following message:

  light-locker: error while loading shared libraries: libsystemd.so.0: cannot open shared object file: No such file or directory
  

Description:

• Segmentation fault after start by terminal emulator but elinks does not crash in console. After that, it prints characters when mouse buttons pressed so it can not copy its output.

Additional info:
* package version(s)

• links 2.14-2
• elinks 0.13-18

* config and/or log files etc.

• gdb output for links 2.16:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4295e43 in strchrnul () from /usr/lib/libc.so.6

• gdb output for elinks 0.13-18:

[New Thread 0x7ffff4dfb700 (LWP 8393)]
Thread 1 "elinks" received signal SIGSEGV, Segmentation fault.
0x00007ffff5fa3e43 in strchrnul () from /usr/lib/libc.so.6

Steps to reproduce:

• Run links and elinks by terminal emulator

Multiple CVEs. Unprivileged programs can gain access to a hardware bug in the CPU, and thereby initiate memory dumps and other low-level attacks.

Description:

• Add Linux-libre kernel adapted for servers:
  • Disable "Loadable kernel modules"
  • Adapt config for servers

Additional info:

• none.

Steps to reproduce:

• none.

Description:

With the latest release of the kernel, xwindow does not start anymore. I had to revert to 4.9.143.

Additional info:
* package version(s): linux-libre-lts-4.9.150_gnu-0-x86_64.pkg.tar.xz

Steps to reproduce:

Upgrade to the following:
- linux-libre-lts-4.9.150_gnu-0-x86_64.pkg.tar.xz
- linux-libre-lts-headers-4.9.150_gnu-0-x86_64.pkg.tar.xz
- acpi_call-lts-1.1.0-42.hyperbola34.6-x86_64.pkg.tar.xz

And try to start xwindow