|
Any | Feature Request | Very High | Critical | [openrc] please remove "mtab", "modules-load" and "swcl ... | Closed | |
Task Description
Description:
Please remove "mtab", "modules-load" and "swclock" init scripts.
"mtab" is a deprecated and unmaintained init script,
because filesystem contains a mtab soft link.
"modules-load" init script, is a systemd compatibility configuration
to load the kernel modules from the "/etc/modules-load" configuration
directory.
This init script is useless, because the "modules" init script exists
and it's a duplicated feature.
If you need a module to load a module, just configure "/etc/conf.d/modules"
and start the "modules" init script or add a module in
the "/etc/mkinitcpio.conf" and run mkinitcpio -p $yourkernel
"swclock" is an useless init script, because is a service
setting the local clock based on last shutdown time.
If a machine doesn't support "/etc/rtc", then disable "clock_hctosys" and
"clock_systohc" from "/etc/conf.d/hwclock" with or without
NTP server/client. For chroot environments,"osclock" init script is the way.
Additional info:
openrc 0.28-14
/etc/init.d/localmount
-use lvm modules mtab root
+use lvm modules root
/etc/init.d/modules
- want modules-load
/etc/init.d/lm_sensors
-after modules-load
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Enable the unused init scripts
|
|
Any | Security Issue | Very High | Critical | [openrc] remove dangerous "local" init script | Closed | |
Task Description
Description:
“https://wiki.gentoo.org/wiki//etc/local.d”
Additional info:
remove:
“/etc/init.d/local”
“/etc/local.d/README”
“/etc/local.d/”
/etc/init.d/agetty
----
- after local
+ after *
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-17
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 194.10 KiB
Installed Size : 1727.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Thu 05 Jul 2018 01:37:37 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Bug Report | Very High | Critical | [openrc] rename "chroot-nspawn" keyword to "chroot+unsh ... | Closed | |
Task Description
Description:
Rename "chroot-nspawn" keyword to "chroot+unshare" one
because"chroot+unshare" subsystem (chroot and unshare command)
is more precise than "chroot-nspawn" (systemd-nspawn
compatibility script) subsystem.
The files with "chroot-nspawn" keyword are:
* /etc/init.d/binfmt
* /etc/init.d/bootmisc (as SYSTEMD-NSPAWN)
* /etc/init.d/consolefont
* /etc/init.d/devfs
* /etc/init.d/dmesg
* /etc/init.d/fsck
* /etc/init.d/hostname
* /etc/init.d/hwclock
* /etc/init.d/keymaps
* /etc/init.d/localmount
* /etc/init.d/loopback
* /etc/init.d/mtab
* /etc/init.d/modules
* /etc/init.d/modules-load
* /etc/init.d/mount-ro
* /etc/init.d/net-online
* /etc/init.d/netmount
* /etc/init.d/numlock
* /etc/init.d/procfs
* /etc/init.d/root
* /etc/init.d/swap
* /etc/init.d/swclock
* /etc/init.d/sysctl
* /etc/init.d/sysfs
* /etc/init.d/termencoding
* /etc/init.d/urandom
Note:
chroot: run a command with special root directory
unshare: isolate the command in a different "Linux namespace"
Additional info:
openrc 0.28-14
/etc/rc.conf
# "" - nothing special
# "docker" - Docker container manager (GNU/Linux)
# "jail" - Jail (DragonflyBSD or FreeBSD)
# "lxc" - Linux Containers
# "openvz" - Linux OpenVZ
# "prefix" - Prefix
# "rkt" - CoreOS container management system (GNU/Linux)
# "subhurd" - Hurd subhurds (to be checked)
-# "chroot-nspawn" - Container created by chroot-nspawn
+# "chroot" - Chroot container (to be checked)
+# "chroot+unshare" - Chroot container using unshare command (GNU/Linux)
# "uml" - Usermode Linux
# "vserver" - Linux vserver
-# "xen0" - Xen0 Domain (GNU/Linux and NetBSD)
-# "xenU" - XenU Domain (GNU/Linux and NetBSD)
+# "xen0" - Xen0 Domain (GNU/HyperBK, GNU/Linux, FreeBSD and NetBSD)
+# "xenU" - XenU Domain (GNU/Hurd, GNU/HyperBK, GNU/Linux, FreeBSD, NetBSD and OpenBSD)
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Run OpenRC init
|
|
Any | Bug Report | Very High | Critical | [openrc] rename "procfs" init script to "binfmt_misc", ... | Closed | |
Task Description
Description:
Rename "procfs" init script to "binfmt_misc", it isn't a "procfs"
/etc/init.d/procfs → /etc/init.d/binfmt_misc
-description="Mounts misc filesystems in /proc."
+description="Mounts binfmt_misc filesystems in /proc."
/etc/init.d/binfmt
- after clock procfs
+ after clock binfmt_misc
Additional info:
openrc 0.28-14
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
none
|
|
Any | Bug Report | Very High | Critical | [openrc] run "sysctl" initscript after "net" initscript | Closed | |
Task Description
Description:
Additional info:
/etc/init.d/sysctl
- after clock
+ after clock net
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-18
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 193.18 KiB
Installed Size : 1720.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 08 Jul 2018 01:28:16 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Bug Report | Very High | Critical | [openrc] set "devfs" init script to run before than any ... | Closed | |
Task Description
Description:
Set "devfs" init script to run before than any "logger" init script.
It fixes when any "logger" server is running with rc_logger activated
without the needed to add a "logger" init script on different runlevels.
Additional info:
openrc 0.28-14
/etc/init.d/devfs
- before dev
+ before dev logger
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Add "devfs" and any "logger" init script to default runlevel
|
|
Any | Feature Request | Very High | Critical | [openrc] some init scripts are forced to load in certai ... | Closed | |
Task Description
Description:
Some init scrips are forced to load in certain runlevels by default (eg. boot) when
OpenRC is upgraded. It isn't good for virtualization environments like chroot that
doesn't require it to work.
Those scripts are:
* /etc/init.d/dmesg
* /etc/init.d/hwclock
* /etc/init.d/keymaps
* /etc/init.d/killprocs
* /etc/init.d/local
* /etc/init.d/loopback
* /etc/init.d/modules
* /etc/init.d/mount-ro
* /etc/init.d/swap
* /etc/init.d/sysctl
Note: "/etc/init.d/dmesg" should be loaded in "boot" runlevel instead of "sysinit" one at the first installation time.
Note: "/etc/init.d/local" should be loaded in "sysinit" runlevel instead of "default" and "nonetwork" one at the first installation time.
Additional info:
openrc 0.28-14
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Re-install and/or upgrade the OpenRC package.
|
|
Any | Feature Request | Very High | Critical | [openrc] some init scripts are forced to load in certai ... | Closed | |
Task Description
Description:
Some init scrips are forced to load in certain runlevels by default (eg. boot) when
OpenRC is upgraded. Also some of them are autoloaded by other init scripts.
It isn't good for virtualization environments like chroot that doesn't require it to
work.
These files need be removed:
* /etc/runlevels/boot/binfmt (optional)
* /etc/runlevels/boot/fsck (autoloaded from "root" init script)
* /etc/runlevels/boot/localmount (autoloaded from "bootmisc" init script)
* /etc/runlevels/boot/procfs (optional, mount "binfmt_misc" only)
* /etc/runlevels/boot/termencoding (autoloaded from "keymaps" init script)
* /etc/runlevels/default/netmount (optional)
* /etc/runlevels/shutdown/savecache (optional)
* /etc/runlevels/sysinit/devfs (autoload from "udev" init script)
* /etc/runlevels/sysinit/sysfs (autoload from "udev" init script)
Additional info:
openrc 0.28-14
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Re-install and/or upgrade the OpenRC package
|
|
Any | Security Issue | Very High | Critical | [openrc] use procps-ng's "sysctl" by default instead of ... | Closed | |
Task Description
Description:
Use procps-ng's "sysctl" by default instead of inetutils's "hostname" for
hostname support.
Since [inetutils] is an extra dependency for openrc, it
contains insecure commands like: ftp/rcp/rlogin/rsh/talk/telnet
For security reasons, procps-ng should be the tool to handle hostname
configuration through hostname init script because is a base package.
Additional info:
openrc 0.28-14
/etc/init.d/hostname
- hostname "$h"
+ case $(uname -s) in
+ GNU/Linux|Linux)
+ sysctl -qw kernel.hostname="$h"
+ ;;
+ *)
+ hostname "$h"
+ ;;
+ esac
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Set and run hostname init script
|
|
Any | Security Issue | Very Low | Critical | [opensmtpd] CVE-2020-8794 | Closed | |
Task Description
Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/
Qualys Security Advisory
LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)
Summary Analysis ... Acknowledgments
We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This vulnerability, an out-of-bounds read introduced in December 2015 (commit 80c6a60c, “when peer outputs a multi-line response ...”), is exploitable remotely and leads to the execution of arbitrary shell commands: either as root, after May 2018 (commit a8e22235, “switch smtpd to new grammar”); or as any non-root user, before May 2018.
Because this vulnerability resides in OpenSMTPD’s client-side code (which delivers mail to remote SMTP servers), we must consider two different scenarios:
- Client-side exploitation: This vulnerability is remotely exploitable
in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.
- Server-side exploitation: First, the attacker must connect to the
OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).
We developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the first vulnerable release), Debian 10 (stable), Debian 11 (testing), and Fedora 31.
The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”
|
|
Any | Security Issue | Very High | Critical | [openssh] CVE-2018-15473 | Closed | |
Task Description
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
https://security-tracker.debian.org/tracker/CVE-2018-15473
Patch: https://salsa.debian.org/ssh-team/openssh/commit/4641c58a3279f6b118f9562babaa0ee050a38619
Technical analysis: https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/
|
|
Any | Bug Report | Low | Critical | [openvswitch-lts] netifrc fails to start openvwitch int ... | Closed | |
Task Description
Description:
During openrc boot, ‘net’ starts before ‘ovs-vswitchd’ and result to an error and not attributing IP to the openvswitch interface:
ERROR: interface vswitch does not exist Ensure that you have loaded the correct kernel module for your hardware ERROR: net.vswitch failed to start /run/openvswitch: creating directory Starting ovsdb-server ... Starting ovs-vswitchd ..
Additional info:
As a workaround I have added after modules ovs-vswitchd line #39 to /etc/init.d/net.lo and it solves the issue.
I think it would require an if statement to append ovs-vsitchd to line #39 in case openvswitch is installed and activated.
After my change, rc.log:
/run/openvswitch: creating directory Starting ovsdb-server ... Starting ovs-vswitchd ... Bringing up interface vswitch Caching network module dependencies need dbus 10.XX.XX.XX/24 ... Adding routes default via 10.XX.XX.XX
Steps to reproduce:
|
|
Stable | Drop Request | Very Low | Critical | [osdbattery] Unmaintained and unsupportable | Closed | |
Task Description
osdbattery is (probably) useless and broken so Conky did compete because It is still unmaintained and unsupported over 14 years ago (last released version 1.4 on August 23, 2005), and should be removed per anti-abandonware rule at the packaging guidelines.
Also, the default config file contains non-libre/free Microsoft font Verdana as X11 font format property in font variable.
|
|
Any | Feature Request | High | Critical | [pacman-key][cronie][fcron] eating up hardware resource ... | Closed | |
Task Description
This morning while I was working on my X200, I noticed that my CPU was kept 100% busy for a long time by some process which was obvioulsy eating up the battery life. The culprit was pacman-key, triggered by logrotate.
To stop this, I did ‘chmod -x /etc/cron.daily/pacman-key’ and I rebooted.
Later on, it was impossible to install a new package as it was impossible to get over the step marked as “checking keys in keyring...”
So I tried to do again ‘pacman-key –refresh-keys’: the overall process took more than an hour—behind a fast and robust internet connection. I finally got three lines, saying that about 1,000 keys were updated but I never got the prompt back. So I hit Ctrl-C.
At the time of writing, I am still trying to refresh the keys—a quite desperate attempt, if I may say so.
Although I tagged this report as a “Feature request”, it is in my opinion of quite some importance. I understand very well the absolute necessity to always have the keys updated, but in this particular case, with so many keys and so frequent updates, I begin to wonder if losses are not beginning to prevail over benefits.
Unless I am doing something wrong or missing something I should do?
Any help would be strongly appreciated.
Robert
|
|
Any | Freedom Issue | Very High | Critical | [pacman] uses "Linux" term instead of "GNU/Linux" in it ... | Closed | |
Task Description
The man page of pacman says:
DESCRIPTION
Pacman is a package management utility that tracks installed packages on a Linux
system
And I propose to change “Linux system” to “GNU/Linux system”.
|
|
Any | Security Issue | Very High | Critical | [pam] pam_unix2 is orphaned and dead upstream | Closed | |
Task Description
pam_unix2 was removed from Debian Jessie because it’s buggy and unmaintained [0]
It’s included inside pam package and should be removed since it doesn’t comes from official source. Also the original upstream FTP directory (ftp://ftp.suse.com/people/kukuk/pam/pam_unix2) has disappeared.
[0]:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628848
$ pacman -Si pam Repository : core Name : pam Version : 1.3.0-1 Description : PAM (Pluggable Authentication Modules) library Architecture : x86_64 URL : http://linux-pam.org Licenses : GPL2 Groups : None Provides : None Depends On : glibc cracklib libtirpc pambase Optional Deps : None Conflicts With : None Replaces : None Download Size : 609.71 KiB Installed Size : 2980.00 KiB Packager : Tobias Powalowski tpowa@archlinux.org Build Date : Thu 09 Jun 2016 02:44:03 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Ql pam > pam_fileslist.txt
|
|
Any | Security Issue | Very High | Critical | [php] CVE-2017-9120 | Closed | |
Task Description
Description:
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
Additional info: * package version(s)
$ pacman -Si php
Repositorio : extra
Nombre : php
Versión : 7.1.4-3.hyperbola3
Descripción : A general-purpose scripting language that is especially suited to web development, without systemd support
Arquitectura : x86_64
URL : http://www.php.net
Licencias : PHP
Grupos : Nada
Provee : php-ldap=7.1.4
Depende de : libxml2 curl libzip pcre
Dependencias opcionales : Nada
En conflicto con : php-ldap
Remplaza a : php-ldap
Tamaño de la descarga : 3,02 MiB
Tamaño de la instalación : 15,94 MiB
Encargado : André Silva <emulatorman@hyperbola.info>
Fecha de creación : mié 27 dic 2017 19:15:03 -05
Validado por : Suma MD5 Suma SHA-256 Firma
* config and/or log files etc.
Last update of php be v7.1.x is v7.1.23:
- https://secure.php.net/ChangeLog-7.php#7.1.23
Patch availabble from v7.1.5 https://bugs.php.net/bug.php?id=74544
Steps to reproduce:
- Install php
|
|
Any | Drop Request | Very High | Critical | [pm-utils] unmaintained and unsupportable | Closed | |
Task Description
pm-utils is no longer maintained from a long time . Therefore, it should be removed from repos since Hyperbola contains an amendment about anti-abandonware through its packaging guidelines .
|
|
Stable | Bug Report | High | Critical | [postfix][FHS] multiple issues, need rebuilding | Closed | |
Task Description
Description: Postfix is a mess, first it failed to start (running ‘postfix start’) with the following:
postfix: fatal: chdir(/usr/lib/postfix/bin): No such file or directory
Then, to solve this, I symlinked /usr/libexec/postfix to /usr/lib/postfix/bin, because there were the binaries, but then it came with the following:
# postfix start
/usr/lib/postfix/bin/postfix-script: line 89: /usr/bin/postconf: No such file or directory
/usr/lib/postfix/bin/postfix-script: line 90: /usr/bin/postlog: No such file or directory
Because all the post* bins where now in /usr/sbin, so I symlinked them to /usr/bin, and it could finally run, but with many warnings
# postfix start
postfix/postfix-script: warning: symlink leaves directory: /usr/lib/postfix/./bin
postfix/postfix-script: warning: not owned by group postdrop: /usr/bin/postqueue
postfix/postfix-script: warning: not owned by group postdrop: /usr/bin/postdrop
postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/bin/postqueue
postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/bin/postdrop
postfix/postfix-script: starting the Postfix mail system
Additional info: * postfix 3.2.2-1.hyperbola6
|
|
Any | Privacy Issue | Very High | Critical | [purple-facebook] only useful with Facebook service | Closed | |
Task Description
Description:
community/purple-facebook 0.9.3-1
Facebook protocol plugin for libpurple
It is up to maintainers to decide of course. IMHO I would remove this one as it uses proprietary network Facebook, exclusively, and even mentioning the word in the package.
See: https://www.gnu.org/distros/free-system-distribution-guidelines.html
A free system distribution must not steer users towards obtaining any nonfree information for practical use, or encourage them to do so.
|
|
Any | Freedom Issue | Very High | Critical | [purple-skypeweb] Plugin only useful with Skype | Closed | |
Task Description
Please remove as plugin is only useful with Skype hosted by a single company on a single server as far as I can tell (unlike pidgin-sipe).
|
|
Any | Bug Report | Very High | Critical | [python-acme] to start crashing on June 19th | Closed | |
Task Description
Description: Quoted from https://bugs.launchpad.net/ubuntu/+source/python-acme/+bug/1777205 Bug #1777205 reported by Brad Warren on 2018-06-16
[Impact]
Without this fix, on June 19, the library will start to fail when using Let’s Encrypt’s new ACMEv2 endpoint. We should avoid breaking this for users.
[Test Case]
On June 19, try to use Let’s Encrypt’s new ACMEv2 endpoint; it will error out, as described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866
[Regression Potential]
If the endpoint changes again, this will need another update, but the only potential regression I see is server-side, which needs patches on our end to adjust (like in this case).
[Original Bug Description]
I am the upstream maintainer of python-acme. This bug only affects python-acme in Ubuntu 18.04.
Starting on June 19th, this library will start failing when used with Let’s Encrypt’s new ACMEv2 endpoint. This is because the library does not recognize the changes described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 and will error out when it sees them.
To fix this, python-acme either needs to be upgraded to 0.25.1 (which came out two days ago) or the one line patch that originally landed upstream at https://github.com/certbot/certbot/commit/5940ee92ab5c9a9f05f7067974f6e15c9fa3205a applied. I think the latter is the safer option.
Please let me know what I can do to help get this resolved.
Additional info: Solution is to upgrade the following packages
* certbot 0.23.0-1.hyperbola1.backports1 * python-acme 0.23.0-1.backports1
and any other that depends on certbot=0.23.0 and/or python-acme=0.23.0 (like the certbot plugins)
The other option is to patch certbot, as described in the launchpad’s issue
Steps to reproduce:
1) Install certbot 2) try anything related to the certificates (certonly, renew) 3) You may get an error like this:
Obtaining a new certificate
An unexpected error occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 280, in fields_from_json
fields[slot] = field.decode(value)
File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 88, in decode
return self.fdec(value)
File "/usr/lib/python3.6/site-packages/acme/messages.py", line 123, in from_json
'{0} not recognized'.format(cls.__name__))
josepy.errors.DeserializationError: Deserialization error: Status not recognized
During handling of the above exception, another exception occurred:
josepy.errors.DeserializationError: Deserialization error: Could not decode 'status' ('ready'): Deserialization error: Status not recognized
Please see the logfiles in /var/log/letsencrypt for more details.
|
|
Any | Freedom Issue | Very High | Critical | [python-pip][python2-pip] Pip recommends proprietary so ... | Closed | |
Task Description
Description: pip allows the user to search and install packages from the PyPi repository, which contains proprietary software.
Additional info: * example of proprietary package in PyPi repository: https://pypi.org/project/snaplogic * Trisquel’s solution was to remove python-pip: https://trisquel.info/en/issues/3741
Steps to reproduce: $ sudo pacman -S python-pip $ pip search snaplogic # prints information about proprietary package $ pip install snaplogic # installs proprietary package
|
|
Stable | Bug Report | Very Low | Critical | [python2-reportlab] python2-pip dependency | Closed | |
Task Description
Since python-pip and python2-pip have been removed, I can’t install python2-reportlab because python2-pip is a dependency of this package. .
|
|
Any | Security Issue | High | Critical | [python2] heap-overflow vulnerability CVE-2018-1000030 | Closed | |
Task Description
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3→Malloc→Thread1→Free’s→Thread2-Re-uses-Free’d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.
https://security-tracker.debian.org/tracker/CVE-2018-1000030
|
|
Any | Replace Request | High | Critical | [python2] replace deprecated Python 2 to Tauthon | Closed | |
|
|
Stable | Update Request | Very Low | Critical | [qt5] request for upgrade | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [qtemu] package recommends installing non-free OSes | Closed | |
|
|
Any | Security Issue | Very High | Critical | [qtpass] Insecure Password Generation prior to 1.2.1 | Closed | |
|
|
Stable | Bug Report | Medium | Critical | [roundcubemail-lts] not compatible with PHP 7.1 | Closed | |
|
|
Testing | Bug Report | Medium | Critical | [rsyslog] wrong reference to /usr/bin/rsyslog in /etc/l ... | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [rust][cargo] trademark agreement affects user freedom | Closed | |
|
|
Any | Security Issue | Very High | Critical | [schroedinger] unmaintained and unsupportable | Closed | |
|
|
Stable | Bug Report | Very Low | Critical | [smartmontools] update-smart-drivedb fails to update | Closed | |
|
|
Stable | Freedom Issue | High | Critical | [smplayer] Removal of unfree "Chromecast"-plugin | Closed | |
|
|
Stable | Replace Request | Very Low | Critical | [spamassassin] includes dependencies for systemd | Closed | |
|
|
Stable | Implementation Request | Medium | Critical | [strongswan] add new package | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [supertuxkart] remove nonfree Ubuntu Font Family fonts | Closed | |
|
|
Any | Bug Report | Very Low | Critical | [system-config-printer] Impossible to print some pdfs ( ... | Closed | |
|
|
Stable | Update Request | High | Critical | [system-config-printer] update to 1.5.11 | Closed | |
|
|
Any | Security Issue | Very Low | Critical | [tcpreplay] CVEs | Closed | |
|
|
Any | Privacy Issue | Very High | Critical | [telegram-qt] only useful with Telegram service | Closed | |
|
|
Any | Privacy Issue | Very High | Critical | [telegramqml] only useful with Telegram service | Closed | |
|
|
Any | Privacy Issue | Very High | Critical | [telepathy-kde-accounts-kcm] recommends Telepathy-Morse ... | Closed | |
|
|
Any | Privacy Issue | Very High | Critical | [telepathy-morse] only useful with Telegram service | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [torcs-data] contains nonfree car models | Closed | |
|
|
Stable | Bug Report | Medium | Critical | [torsocks] which: no getcap | Closed | |
|
|
Any | Security Issue | Very High | Critical | [toxcore] Memory leak - Remote DDoS vunerability | Closed | |
|
|
Any | Security Issue | Very Low | Critical | [toxcore] Memory leak bug | Closed | |
|
|
Any | Security Issue | Very Low | Critical | [unbound] Multiple CVEs | Closed | |
|