Packages

$ pacman -Si wine
Repository      : multilib
Name            : wine
Version         : 2.7-1
Description     : A compatibility layer for running Windows programs
Architecture    : x86_64
URL             : http://www.winehq.com
Licenses        : LGPL
Groups          : None
Provides        : bin32-wine=2.7  wine-wow64=2.7
Depends On      : fontconfig  lib32-fontconfig  lcms2  lib32-lcms2  libxml2  lib32-libxml2  libxcursor  lib32-libxcursor  libxrandr  lib32-libxrandr  libxdamag
e  lib32-libxdamage  libxi  lib32-libxi  gettext  lib32-gettext  freetype2  lib32-freetype2  glu  lib32-glu  libsm  lib32-libsm  gcc-libs  lib32-gcc-libs  libp
cap  lib32-libpcap  desktop-file-utils
Optional Deps   : giflib
                  lib32-giflib
                  libpng
                  lib32-libpng
                  libldap
                  lib32-libldap
                  gnutls
                  lib32-gnutls
                  mpg123
                  lib32-mpg123
                  openal
                  lib32-openal
                  v4l-utils
                  lib32-v4l-utils
                  libpulse
                  lib32-libpulse
                  alsa-plugins
                  lib32-alsa-plugins
                  alsa-lib
                  lib32-alsa-lib
                  libjpeg-turbo
                  lib32-libjpeg-turbo
                  libxcomposite
                  lib32-libxcomposite
                  libxinerama
                  lib32-libxinerama
                  ncurses
                  lib32-ncurses
                  opencl-icd-loader
                  lib32-opencl-icd-loader
                  libxslt
                  lib32-libxslt
                  gst-plugins-base-libs
                  lib32-gst-plugins-base-libs
                  cups
                  samba
                  dosbox
Conflicts With  : bin32-wine  wine-wow64
Replaces        : bin32-wine
Download Size   : 48.95 MiB
Installed Size  : 387.66 MiB
Packager        : Sven-Hendrik Haase <sh@lutzhaase.com>
Build Date      : Sun 30 Apr 2017 09:09:05 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

$ pacman -Si wine-staging
Repository      : multilib
Name            : wine-staging
Version         : 2.7-1
Description     : A compatibility layer for running Windows programs - Staging branch
Architecture    : x86_64
URL             : http://www.wine-staging.com
Licenses        : LGPL
Groups          : None
Provides        : wine=2.7  wine-wow64=2.7
Depends On      : attr  lib32-attr  fontconfig  lib32-fontconfig  lcms2  lib32-lcms2  libxml2  lib32-libxml2  libxcursor  lib32-libxcursor  libxrandr  lib32-libxrandr  libxdamage  lib32-libxdamage  libxi  lib32-libxi  gettext  lib32-gettext  freetype2  lib32-freetype2  glu  lib32-glu  libsm  lib32-libsm  gcc-libs  lib32-gcc-libs  libpcap  lib32-libpcap  desktop-file-utils
Optional Deps   : giflib
                  lib32-giflib
                  libpng
                  lib32-libpng
                  libldap
                  lib32-libldap
                  gnutls
                  lib32-gnutls
                  mpg123
                  lib32-mpg123
                  openal
                  lib32-openal
                  v4l-utils
                  lib32-v4l-utils
                  libpulse
                  lib32-libpulse
                  alsa-plugins
                  lib32-alsa-plugins
                  alsa-lib
                  lib32-alsa-lib
                  libjpeg-turbo
                  lib32-libjpeg-turbo
                  libxcomposite
                  lib32-libxcomposite
                  libxinerama
                  lib32-libxinerama
                  ncurses
                  lib32-ncurses
                  opencl-icd-loader
                  lib32-opencl-icd-loader
                  libxslt
                  lib32-libxslt
                  libva
                  lib32-libva
                  gtk3
                  lib32-gtk3
                  gst-plugins-base-libs
                  lib32-gst-plugins-base-libs
                  vulkan-icd-loader
                  lib32-vulkan-icd-loader
                  cups
                  samba
                  dosbox
Conflicts With  : wine  wine-wow64
Replaces        : None
Download Size   : 42.36 MiB
Installed Size  : 404.19 MiB
Packager        : Felix Yan <felixonmars@archlinux.org>
Build Date      : Thu 04 May 2017 02:16:56 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

$ pacman -Ss wine-staging-nine
Repository      : multilib
Name            : wine-staging-nine
Version         : 2.7-1
Description     : A compatibility layer for running Windows programs - Staging branch with the gallium-nine patches
Architecture    : x86_64
URL             : http://www.wine-staging.com
Licenses        : LGPL
Groups          : None
Provides        : wine=2.7  wine-wow64=2.7  wine-staging=2.7
Depends On      : attr  lib32-attr  fontconfig  lib32-fontconfig  lcms2  lib32-lcms2  libxml2  lib32-libxml2  libxcursor  lib32-libxcursor  libxrandr  lib32-libxrandr  libxdamage  lib32-libxdamage  libxi  lib32-libxi  gettext  lib32-gettext  freetype2  lib32-freetype2  glu  lib32-glu  libsm  lib32-libsm  gcc-libs  lib32-gcc-libs  libpcap  lib32-libpcap  desktop-file-utils
Optional Deps   : giflib
                  lib32-giflib
                  libpng
                  lib32-libpng
                  libldap
                  lib32-libldap
                  gnutls
                  lib32-gnutls
                  mpg123
                  lib32-mpg123
                  openal
                  lib32-openal
                  v4l-utils
                  lib32-v4l-utils
                  libpulse
                  lib32-libpulse
                  alsa-plugins
                  lib32-alsa-plugins
                  alsa-lib
                  lib32-alsa-lib
                  libjpeg-turbo
                  lib32-libjpeg-turbo
                  libxcomposite
                  lib32-libxcomposite
                  libxinerama
                  lib32-libxinerama
                  ncurses
                  lib32-ncurses
                  opencl-icd-loader
                  lib32-opencl-icd-loader
                  libxslt
                  lib32-libxslt
                  libva
                  lib32-libva
                  gtk3
                  lib32-gtk3
                  gst-plugins-base-libs
                  lib32-gst-plugins-base-libs
                  vulkan-icd-loader
                  lib32-vulkan-icd-loader
                  cups
                  samba
                  dosbox
Conflicts With  : wine  wine-wow64  wine-staging
Replaces        : None
Download Size   : 42.42 MiB
Installed Size  : 404.60 MiB
Packager        : Laurent Carlier <lordheavym@gmail.com>
Build Date      : Thu 04 May 2017 04:46:19 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

An external attacker is able to inject arbitrary cookie values cookie jar file,
adding new or replacing existing cookie values.
http://openwall.com/lists/oss-security/2018/05/06/1

Fixed in GNU Wget 1.19.5 or later.

Description:

I have tried to upgrade hyperbola.

Critical upgrades cannot be installed when wesnoth is installed, there are conflicting files

Steps to reproduce:

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 arch-keyring-201808...  1605.2 KiB   617K/s 00:03 [#########] 100%
 hyperbola-keyring-2...   215.9 KiB   635K/s 00:00 [#########] 100%
 linux-libre-lts-4.9...    59.6 MiB   749K/s 01:22 [#########] 100%
 openvpn-2.4.6-1.hyp...   402.2 KiB  1149K/s 00:00 [#########] 100%
 iceweasel-uxp-52.9....    39.8 MiB   839K/s 00:49 [#########] 100%
 libgdm-3.24.1-1.hyp...    57.3 KiB  1912K/s 00:00 [#########] 100%
 ntp-4.2.8.p11-2.hyp...  1798.4 KiB   833K/s 00:02 [#########] 100%
 sddm-0.14.0-2.hyper...     3.2 MiB   770K/s 00:04 [#########] 100%
 lxdm-0.5.3-4.hyperb...    98.4 KiB   984K/s 00:00 [#########] 100%
 tp_smapi-lts-0.43-1...    26.6 KiB  2.60M/s 00:00 [#########] 100%
 wesnoth-data-1.14.4...   395.1 MiB   745K/s 09:03 [#########] 100%
 wesnoth-1.14.4-1.hy...     5.5 MiB   616K/s 00:09 [#########] 100%
(12/12) checking keys in keyring                   [#########] 100%
(12/12) checking package integrity                 [#########] 100%
(12/12) loading package files                      [#########] 100%
(12/12) checking for file conflicts                [#########] 100%
error: failed to commit transaction (conflicting files)
/usr/share/icons/hicolor/128x128/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/icons/hicolor/16x16/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/icons/hicolor/256x256/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/icons/hicolor/32x32/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/icons/hicolor/512x512/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/icons/hicolor/64x64/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/metainfo/wesnoth.appdata.xml exists in both 'wesnoth-data' and 'wesnoth'
Errors occurred, no packages were upgraded.

Description:

• The Arch version of Wesnoth from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : wesnoth
Version         : 1.12.6-4
Description     : A turn-based strategy game on a fantasy world
Architecture    : x86_64
URL             : http://www.wesnoth.org/
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : sdl_ttf  sdl_net  sdl_mixer  sdl_image  fribidi  boost-libs  pango  lua52  wesnoth-data  dbus  python2
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 4.97 MiB
Installed Size  : 22.86 MiB
Packager        : Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
Build Date      : Mon 02 Jan 2017 07:52:21 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/wesnothd.service is owned by wesnoth 1.12.6-4
/usr/lib/tmpfiles.d/wesnothd.conf is owned by wesnoth 1.12.6-4

Steps to reproduce:

• Install package.

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.

https://security-tracker.debian.org/tracker/CVE-2018-1999023

Upstream patch: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318

The package is not compiled from source

Warsow contains a library called steamlib which is built from the source. It’s useful only for Steam support which is nonfree software.

The package contains nonfree assets:
data0_000_nonfree_21.pk3
data0_000_nonfree_21pure.pk3
tex_000_nonfree.pk3

w3m is an unmaintained and unsuportable software, the latest release was 0.5.3 (2011)[0][1][2][3]

$ pacman -Qi w3m
Name : w3m
Version : 0.5.3.git20170102-2
Description : Text-based Web browser, as well as pager
Architecture : x86_64
URL : http://w3m.sourceforge.net/ Licenses : custom
Groups : None
Provides : None
Depends On : openssl gc ncurses gpm
Optional Deps : imlib2: for graphics support [installed]
Required By : None
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 1784.00 KiB
Packager : Jan de Groot jgc@archlinux.org Build Date : Sat 04 Mar 2017 07:12:38 PM -03
Install Date : Tue 12 Sep 2017 03:43:25 AM -03
Install Reason : Explicitly installed
Install Script : No
Validated By : Signature

[0]:https://sourceforge.net/projects/w3m/files/w3m/ [1]:https://security.archlinux.org/package/w3m [2]:https://tracker.debian.org/pkg/w3m [3]:https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/w3m

Description:

• VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Additional info:
* package version(s)

• 2.2.6-1.hyperbola1

* config and/or log files etc.

• None

Steps to reproduce:

• Run VLC

Description:

• In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

Additional info:
* package version(s)

• 2.2.6-1.hyperbola1

* config and/or log files etc.

• None

Steps to reproduce:

• Run VLC

[virt-manager] Failed to initialize a valid firewall backend

I cannot start any virtual machine with current virt-manager.
The error message is the following :

Failed to initialize a valid firewall backend

My username is in “kvm” group.

The only modification to the libvirt config files I made are in /etc/libvirt/qemu.conf

[...]
# Some examples of valid values are:
#
#       user = "qemu"   # A user named "qemu"
#       user = "+0"     # Super user (uid=0)
#       user = "100"    # A user named "100" or a user with uid=100
# 
#user = "root"
user = "david"
[...]

The libvirtd service is enabled (and start without error)
Also, the optional dependencies are correctly installed :

ebtables: required for default NAT networking [installed]
dnsmasq: required for default NAT/DHCP for guests [installed]
bridge-utils: for bridged networking [installed]

This was working fine previously (with 0.2.9) so I don’t know why this isn’t working anymore. As said previously, my config hasn’t changed.

Description:

• The Arch version of Vino from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required. OpenRC init script replacement isn’t possible here because Vino is using a systemd unit file adapted for users instead of system users.

Additional info:

• vino 3.22.0-1.hyperbola1

$ pacman -Si vino
Repository      : extra
Name            : vino
Version         : 3.22.0-1.hyperbola1
Description     : A VNC server for the GNOME desktop
Architecture    : x86_64
URL             : https://wiki.gnome.org/Projects/Vino
Licenses        : GPL
Groups          : gnome
Provides        : None
Depends On      : libnotify  libxtst  libsm  telepathy-glib  gtk3  libsecret  avahi  gnutls
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 368.24 KiB
Installed Size  : 2723.00 KiB
Packager        : Scott Adams <haricot@hyperbola.info>
Build Date      : Fri 09 Jun 2017 02:01:33 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/user/vino-server.service is owned by vino 3.22.0-1.hyperbola1

Steps to reproduce:

• Install package.

filename:       /lib/modules/4.9.77-gnu-1-lts/extramodules/vhba.ko
license:        GPL
description:    Virtual SCSI HBA
version:        20161009
author:         Chia-I Wu
srcversion:     E5A3E6F70DFD436A6B1C8D6
depends:        scsi_mod
vermagic:       4.9.27-gnu-1-lts SMP mod_unload modversions

Can’t insert module vhba

Error :

modprobe: ERROR: could not insert ‘vhba’: Exec format error

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

The package contains nonfree car and track models

With : v4l-utils 1.12.3-1.hyperbola1

dvb5-scan utility currently segfaults with rtl2832

*** Error in `dvbv5-scan': double free or corruption (fasttop): 0x000000000090be90 ***
======= Backtrace: =========
/lib/libc.so.6(+0x727ad)[0x7f4f9a9657ad]
/lib/libc.so.6(+0x78e6f)[0x7f4f9a96be6f]
/lib/libc.so.6(+0x796ce)[0x7f4f9a96c6ce]
/usr/lib/libdvbv5.so.0(free_dvb_dev+0x13)[0x7f4f9acafa53]
/usr/lib/libdvbv5.so.0(dvb_dev_free_devices+0x28)[0x7f4f9acafaf8]
/usr/lib/libdvbv5.so.0(dvb_dev_free+0x4e)[0x7f4f9acafe2e]
dvbv5-scan[0x401729]
/lib/libc.so.6(__libc_start_main+0xf1)[0x7f4f9a9135a1]
dvbv5-scan[0x4019fa]

This seems to have been fixed, see :

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859008

I don’t know if a patch is available for it though..

I get this error when trying to run it:

$ utox
utox: error while loading shared libraries: libtoxencryptsave.so.1: cannot open shared object file: No such file or directory

core/util-linux 2.29.2-2.hyperbola2 (base base-devel) [installed]
     Miscellaneous system utilities for Linux, with eudev and libeudev support

See:
https://www.gnu.org/philosophy/words-to-avoid.html#Linux

Description is referring to operating system, and not to the kernel itself (Linux). It shall be amended.

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Description:
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

$ pacman -Si usbmuxd
Repository : extra
Name : usbmuxd
Version : 1.1.0-2
Description : USB Multiplex Daemon
Architecture : x86_64
URL : http://marcansoft.com/blog/iphonelinux/usbmuxd/ Licenses : GPL2 GPL3
Groups : None
Provides : None
Depends On : libimobiledevice
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 28.93 KiB
Installed Size : 70.00 KiB
Packager : Jan de Groot jgc@archlinux.org Build Date : Tue 03 Mar 2015 06:35:18 AM -02
Validated By : MD5 Sum SHA-256 Sum Signature

$ pacman -Ql usbmuxd
usbmuxd /usr/
usbmuxd /usr/bin/
usbmuxd /usr/bin/usbmuxd
usbmuxd /usr/lib/
usbmuxd /usr/lib/systemd/
usbmuxd /usr/lib/systemd/system/
usbmuxd /usr/lib/systemd/system/usbmuxd.service
usbmuxd /usr/lib/udev/
usbmuxd /usr/lib/udev/rules.d/
usbmuxd /usr/lib/udev/rules.d/39-usbmuxd.rules
usbmuxd /usr/share/
usbmuxd /usr/share/man/
usbmuxd /usr/share/man/man1/
usbmuxd /usr/share/man/man1/usbmuxd.1.gz