Description:

Please remove "mtab", "modules-load" and "swclock" init scripts.

"mtab" is a deprecated and unmaintained init script,
because filesystem contains a mtab soft link.

"modules-load" init script, is a systemd compatibility configuration
to load the kernel modules from the "/etc/modules-load" configuration
directory.
This init script is useless, because the "modules" init script exists
and it's a duplicated feature.
If you need a module to load a module, just configure "/etc/conf.d/modules"
and start the "modules" init script or add a module in
the "/etc/mkinitcpio.conf" and run mkinitcpio -p $yourkernel

"swclock" is an useless init script, because is a service
setting the local clock based on last shutdown time.
If a machine doesn't support "/etc/rtc", then disable "clock_hctosys" and
"clock_systohc" from "/etc/conf.d/hwclock" with or without
NTP server/client. For chroot environments,"osclock" init script is the way.

Additional info:

openrc 0.28-14

/etc/init.d/localmount

-use lvm modules mtab root
+use lvm modules root

/etc/init.d/modules

-    want modules-load

/etc/init.d/lm_sensors

-after modules-load

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Enable the unused init scripts

Description:

• Remove dangerous “local” init script, is a bad idea to use it, see:

“https://wiki.gentoo.org/wiki//etc/local.d”

Additional info:

• openrc 0.28-17

• remove:
  • “/etc/init.d/local”
  • “/etc/local.d/README”
  • “/etc/local.d/”

/etc/init.d/agetty
----
-        after local
+        after *

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-17
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 194.10 KiB
Installed Size  : 1727.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Thu 05 Jul 2018 01:37:37 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

• On boot.

Description:

Rename "chroot-nspawn" keyword to "chroot+unshare" one
because"chroot+unshare" subsystem (chroot and unshare command)
is more precise than "chroot-nspawn" (systemd-nspawn
compatibility script) subsystem.

The files with "chroot-nspawn" keyword are:
* /etc/init.d/binfmt
* /etc/init.d/bootmisc (as SYSTEMD-NSPAWN)
* /etc/init.d/consolefont
* /etc/init.d/devfs
* /etc/init.d/dmesg
* /etc/init.d/fsck
* /etc/init.d/hostname
* /etc/init.d/hwclock
* /etc/init.d/keymaps
* /etc/init.d/localmount
* /etc/init.d/loopback
* /etc/init.d/mtab
* /etc/init.d/modules
* /etc/init.d/modules-load
* /etc/init.d/mount-ro
* /etc/init.d/net-online
* /etc/init.d/netmount
* /etc/init.d/numlock
* /etc/init.d/procfs
* /etc/init.d/root
* /etc/init.d/swap
* /etc/init.d/swclock
* /etc/init.d/sysctl
* /etc/init.d/sysfs
* /etc/init.d/termencoding
* /etc/init.d/urandom

Note:
  chroot: run a command with special root directory
  unshare: isolate the command in a different "Linux namespace"

Additional info:

openrc 0.28-14

/etc/rc.conf

 # ""               - nothing special
 # "docker"         - Docker container manager (GNU/Linux)
 # "jail"           - Jail (DragonflyBSD or FreeBSD)
 # "lxc"            - Linux Containers
 # "openvz"         - Linux OpenVZ
 # "prefix"         - Prefix
 # "rkt"            - CoreOS container management system (GNU/Linux)
 # "subhurd"        - Hurd subhurds (to be checked)
-# "chroot-nspawn"  - Container created by chroot-nspawn
+# "chroot"         - Chroot container (to be checked)
+# "chroot+unshare" - Chroot container using unshare command (GNU/Linux)
 # "uml"            - Usermode Linux
 # "vserver"        - Linux vserver
-# "xen0"           - Xen0 Domain (GNU/Linux and NetBSD)
-# "xenU"           - XenU Domain (GNU/Linux and NetBSD)
+# "xen0"           - Xen0 Domain (GNU/HyperBK, GNU/Linux, FreeBSD and NetBSD)
+# "xenU"           - XenU Domain (GNU/Hurd, GNU/HyperBK, GNU/Linux, FreeBSD, NetBSD and OpenBSD)

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Run OpenRC init

Description:

Rename "procfs" init script to "binfmt_misc", it isn't a "procfs"

/etc/init.d/procfs → /etc/init.d/binfmt_misc

-description="Mounts misc filesystems in /proc."
+description="Mounts binfmt_misc filesystems in /proc."

/etc/init.d/binfmt

-        after clock procfs
+        after clock binfmt_misc

Additional info:

openrc 0.28-14

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

none

Description:

• “sysctl” initscript doesn’t set sysctl parameters on network interfaces.
• “sysctl” initscript needs run “sysctl” initscript after “net” initscript.

Additional info:

• openrc 0.28-18

/etc/init.d/sysctl

-        after clock
+        after clock net

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-18
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 193.18 KiB
Installed Size  : 1720.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Sun 08 Jul 2018 01:28:16 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

• Boot “openrc”

Description:

Set "devfs" init script to run before than any "logger" init script.

It fixes when any "logger" server is running with rc_logger activated
without the needed to add a "logger" init script on different runlevels.

Additional info:

openrc 0.28-14

/etc/init.d/devfs

-       before dev
+       before dev logger

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Add "devfs" and any "logger" init script to default runlevel

Description:

Some init scrips are forced to load in certain runlevels by default (eg. boot) when 
OpenRC is upgraded. It isn't good for virtualization environments like chroot that
doesn't require it to work.

Those scripts are:
* /etc/init.d/dmesg
* /etc/init.d/hwclock
* /etc/init.d/keymaps
* /etc/init.d/killprocs
* /etc/init.d/local
* /etc/init.d/loopback
* /etc/init.d/modules
* /etc/init.d/mount-ro
* /etc/init.d/swap
* /etc/init.d/sysctl

Note: "/etc/init.d/dmesg" should be loaded in "boot" runlevel instead of "sysinit" one at the first installation time.

Note: "/etc/init.d/local" should be loaded in "sysinit" runlevel instead of "default" and "nonetwork" one at the first installation time.

Additional info:

openrc 0.28-14

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Re-install and/or upgrade the OpenRC package.

Description:

Some init scrips are forced to load in certain runlevels by default (eg. boot) when 
OpenRC is upgraded. Also some of them are autoloaded by other init scripts.
It isn't good for virtualization environments like chroot that doesn't require it to
work.

These files need be removed:
* /etc/runlevels/boot/binfmt (optional)
* /etc/runlevels/boot/fsck (autoloaded from "root" init script)
* /etc/runlevels/boot/localmount (autoloaded from "bootmisc" init script)
* /etc/runlevels/boot/procfs (optional, mount "binfmt_misc" only)
* /etc/runlevels/boot/termencoding (autoloaded from "keymaps" init script)
* /etc/runlevels/default/netmount (optional)
* /etc/runlevels/shutdown/savecache (optional)
* /etc/runlevels/sysinit/devfs (autoload from "udev" init script)
* /etc/runlevels/sysinit/sysfs (autoload from "udev" init script)

Additional info:

openrc 0.28-14

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Re-install and/or upgrade the OpenRC package

Description:

Use procps-ng's "sysctl" by default instead of inetutils's "hostname" for
hostname support.

Since [inetutils] is an extra dependency for openrc, it
contains insecure commands like: ftp/rcp/rlogin/rsh/talk/telnet
For security reasons, procps-ng should be the tool to handle hostname
configuration through hostname init script because is a base package.

Additional info:

openrc 0.28-14

/etc/init.d/hostname

-       hostname "$h"
+       case $(uname -s) in
+               GNU/Linux|Linux)
+                       sysctl -qw kernel.hostname="$h"
+                       ;;
+               *)
+                       hostname "$h"
+                       ;;
+       esac

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Set and run hostname init script

Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

https://security-tracker.debian.org/tracker/CVE-2018-15473

Patch: https://salsa.debian.org/ssh-team/openssh/commit/4641c58a3279f6b118f9562babaa0ee050a38619

Technical analysis: https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/

Description:

During openrc boot, ‘net’ starts before ‘ovs-vswitchd’ and result to an error and not attributing IP to the openvswitch interface:

ERROR: interface vswitch does not exist
Ensure that you have loaded the correct kernel module for your hardware
ERROR: net.vswitch failed to start
/run/openvswitch: creating directory
Starting ovsdb-server ...
Starting ovs-vswitchd ..

Additional info:

As a workaround I have added
after modules ovs-vswitchd line #39 to /etc/init.d/net.lo and it solves the issue.

I think it would require an if statement to append ovs-vsitchd to line #39 in case openvswitch is installed and activated.

After my change, rc.log:

/run/openvswitch: creating directory
Starting ovsdb-server ...
Starting ovs-vswitchd ...
Bringing up interface vswitch
Caching network module dependencies
need dbus
10.XX.XX.XX/24 ...
Adding routes
default via 10.XX.XX.XX

Steps to reproduce:

osdbattery is (probably) useless and broken so Conky did compete because It is still unmaintained and unsupported over 14 years ago (last released version 1.4 on August 23, 2005), and should be removed per anti-abandonware rule at the packaging guidelines.

Also, the default config file contains non-libre/free Microsoft font Verdana as X11 font format property in font variable.

This morning while I was working on my X200, I noticed that my CPU was kept 100% busy for a long time by some process which was obvioulsy eating up the battery life. The culprit was pacman-key, triggered by logrotate.

To stop this, I did ‘chmod -x /etc/cron.daily/pacman-key’ and I rebooted.

Later on, it was impossible to install a new package as it was impossible to get over the step marked as “checking keys in keyring...”

So I tried to do again ‘pacman-key –refresh-keys’: the overall process took more than an hour—behind a fast and robust internet connection. I finally got three lines, saying that about 1,000 keys were updated but I never got the prompt back. So I hit Ctrl-C.

At the time of writing, I am still trying to refresh the keys—a quite desperate attempt, if I may say so.

Although I tagged this report as a “Feature request”, it is in my opinion of quite some importance. I understand very well the absolute necessity to always have the keys updated, but in this particular case, with so many keys and so frequent updates, I begin to wonder if losses are not beginning to prevail over benefits.

Unless I am doing something wrong or missing something I should do?

Any help would be strongly appreciated.

Robert

The man page of pacman says:

DESCRIPTION
        Pacman is a package management utility that tracks installed packages on a Linux
        system

And I propose to change “Linux system” to “GNU/Linux system”.

pam_unix2 was removed from Debian Jessie because it’s buggy and unmaintained [0]

It’s included inside pam package and should be removed since it doesn’t comes from official source. Also the original upstream FTP directory (ftp://ftp.suse.com/people/kukuk/pam/pam_unix2) has disappeared.

[0]:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628848

$ pacman -Si pam
Repository : core
Name : pam
Version : 1.3.0-1
Description : PAM (Pluggable Authentication Modules) library
Architecture : x86_64
URL : http://linux-pam.org Licenses : GPL2
Groups : None
Provides : None
Depends On : glibc cracklib libtirpc pambase
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 609.71 KiB
Installed Size : 2980.00 KiB
Packager : Tobias Powalowski tpowa@archlinux.org Build Date : Thu 09 Jun 2016 02:44:03 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ pacman -Ql pam > pam_fileslist.txt

Description:

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

Additional info:
* package version(s)

$ pacman -Si php
Repositorio               : extra
Nombre                    : php
Versión                   : 7.1.4-3.hyperbola3
Descripción               : A general-purpose scripting language that is especially suited to web development, without systemd support
Arquitectura              : x86_64
URL                       : http://www.php.net
Licencias                 : PHP
Grupos                    : Nada
Provee                    : php-ldap=7.1.4
Depende de                : libxml2  curl  libzip  pcre
Dependencias opcionales   : Nada
En conflicto con          : php-ldap
Remplaza a                : php-ldap
Tamaño de la descarga     : 3,02 MiB
Tamaño de la instalación  : 15,94 MiB
Encargado                 : André Silva <emulatorman@hyperbola.info>
Fecha de creación         : mié 27 dic 2017 19:15:03 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

Last update of php be v7.1.x is v7.1.23:

- https://secure.php.net/ChangeLog-7.php#7.1.23

Patch availabble from v7.1.5
https://bugs.php.net/bug.php?id=74544

Steps to reproduce:

- Install php

pm-utils is no longer maintained from a long time . Therefore, it should be removed from repos since Hyperbola contains an amendment about anti-abandonware through its packaging guidelines .

Description:
Postfix is a mess, first it failed to start (running ‘postfix start’) with the following:

  postfix: fatal: chdir(/usr/lib/postfix/bin): No such file or directory

Then, to solve this, I symlinked /usr/libexec/postfix to /usr/lib/postfix/bin, because there were the binaries, but then it came with the following:

  # postfix start
  /usr/lib/postfix/bin/postfix-script: line 89: /usr/bin/postconf: No such file or directory
  /usr/lib/postfix/bin/postfix-script: line 90: /usr/bin/postlog: No such file or directory

Because all the post* bins where now in /usr/sbin, so I symlinked them to /usr/bin, and it could finally run, but with many warnings

  # postfix start
  postfix/postfix-script: warning: symlink leaves directory: /usr/lib/postfix/./bin
  postfix/postfix-script: warning: not owned by group postdrop: /usr/bin/postqueue
  postfix/postfix-script: warning: not owned by group postdrop: /usr/bin/postdrop
  postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/bin/postqueue
  postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/bin/postdrop
  postfix/postfix-script: starting the Postfix mail system

Additional info:
* postfix 3.2.2-1.hyperbola6

Description:

community/purple-facebook 0.9.3-1
    Facebook protocol plugin for libpurple

It is up to maintainers to decide of course. IMHO I would remove this one as it uses proprietary network Facebook, exclusively, and even mentioning the word in the package.

See:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

A free system distribution must not steer users towards obtaining any nonfree information for practical use, or encourage them to do so.

Please remove as plugin is only useful with Skype hosted by a single company on a single server as far as I can tell (unlike pidgin-sipe).

Description:
Quoted from https://bugs.launchpad.net/ubuntu/+source/python-acme/+bug/1777205 Bug #1777205 reported by Brad Warren on 2018-06-16

[Impact]

Without this fix, on June 19, the library will start to fail when using Let’s Encrypt’s new ACMEv2 endpoint. We should avoid breaking this for users.

[Test Case]

On June 19, try to use Let’s Encrypt’s new ACMEv2 endpoint; it will error out, as described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866

[Regression Potential]

If the endpoint changes again, this will need another update, but the only potential regression I see is server-side, which needs patches on our end to adjust (like in this case).

[Original Bug Description]

I am the upstream maintainer of python-acme. This bug only affects python-acme in Ubuntu 18.04.

Starting on June 19th, this library will start failing when used with Let’s Encrypt’s new ACMEv2 endpoint. This is because the library does not recognize the changes described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 and will error out when it sees them.

To fix this, python-acme either needs to be upgraded to 0.25.1 (which came out two days ago) or the one line patch that originally landed upstream at https://github.com/certbot/certbot/commit/5940ee92ab5c9a9f05f7067974f6e15c9fa3205a applied. I think the latter is the safer option.

Please let me know what I can do to help get this resolved.

Additional info:
Solution is to upgrade the following packages

* certbot 0.23.0-1.hyperbola1.backports1
* python-acme 0.23.0-1.backports1

and any other that depends on certbot=0.23.0 and/or python-acme=0.23.0 (like the certbot plugins)

The other option is to patch certbot, as described in the launchpad’s issue

Steps to reproduce:

1) Install certbot
2) try anything related to the certificates (certonly, renew)
3) You may get an error like this:

Obtaining a new certificate
An unexpected error occurred:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 280, in fields_from_json
    fields[slot] = field.decode(value)
  File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 88, in decode
    return self.fdec(value)
  File "/usr/lib/python3.6/site-packages/acme/messages.py", line 123, in from_json
    '{0} not recognized'.format(cls.__name__))
josepy.errors.DeserializationError: Deserialization error: Status not recognized

During handling of the above exception, another exception occurred:

josepy.errors.DeserializationError: Deserialization error: Could not decode 'status' ('ready'): Deserialization error: Status not recognized
Please see the logfiles in /var/log/letsencrypt for more details.

Description:
pip allows the user to search and install packages from the PyPi repository, which contains proprietary software.

Additional info:
* example of proprietary package in PyPi repository: https://pypi.org/project/snaplogic * Trisquel’s solution was to remove python-pip: https://trisquel.info/en/issues/3741

Steps to reproduce:
$ sudo pacman -S python-pip
$ pip search snaplogic # prints information about proprietary package
$ pip install snaplogic # installs proprietary package

Since python-pip and python2-pip have been removed, I can’t install python2-reportlab because python2-pip is a dependency of this package.
.

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3→Malloc→Thread1→Free’s→Thread2-Re-uses-Free’d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.

https://security-tracker.debian.org/tracker/CVE-2018-1000030