|
Any | Feature Request | Very High | High | [amule] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of aMule from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info:
* package version(s)
* config and/or log files etc.
Repository : extra
Name : amule
Version : 10983-2
Description : An eMule-like client for ed2k p2p network
Architecture : x86_64
URL : http://www.amule.org
Licenses : GPL
Groups : None
Provides : None
Depends On : wxgtk gd geoip libupnp crypto++ boost-libs
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 4.84 MiB
Installed Size : 22.65 MiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Mon 23 Jan 2017 08:36:47 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/amuled.service is owned by amule 10983-2
/usr/lib/systemd/system/amuleweb.service is owned by amule 10983-2
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [deluge] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of Deluge from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info:
* package version(s)
* config and/or log files etc.
Repository : extra
Name : deluge
Version : 1.3.14-1
Description : A BitTorrent client with multiple user interfaces in a client/server model
Architecture : any
URL : http://deluge-torrent.org/
Licenses : GPL3
Groups : None
Provides : None
Depends On : python2-xdg libtorrent-rasterbar python2-twisted python2-pyopenssl python2-chardet python2-setuptools
Optional Deps : python2-notify: libnotify notifications
pygtk: needed for gtk ui
librsvg: needed for gtk ui
python2-mako: needed for web ui
Conflicts With : None
Replaces : None
Download Size : 2.26 MiB
Installed Size : 12.20 MiB
Packager : Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Build Date : Tue 07 Mar 2017 12:26:40 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/deluged.service is owned by deluge 1.3.14-1
/usr/lib/systemd/system/deluge-web.service is owned by deluge 1.3.14-1
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [gnunet] contains systemd unit file | Closed | |
Task Description
Description:
The Arch version of GNUnet from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info:
* package version(s)
* config and/or log files etc.
Repository : community
Name : gnunet
Version : 0.10.1-9
Description : A framework for secure peer-to-peer networking
Architecture : x86_64
URL : http://gnunet.org
Licenses : GPL
Groups : None
Provides : None
Depends On : gmp libgcrypt libextractor sqlite gnurl libmicrohttpd libunistring libidn
Optional Deps : bluez-libs
python
glpk
libpulse
opus
Conflicts With : None
Replaces : None
Download Size : 1744.61 KiB
Installed Size : 7046.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Mon 04 Apr 2016 02:33:05 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/gnunet.service is owned by gnunet 0.10.1-9
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [mldonkey] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of MLdonkey from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info:
* package version(s)
* config and/or log files etc.
Repository : community
Name : mldonkey
Version : 3.1.6-1
Description : A multi-network P2P client
Architecture : x86_64
URL : http://mldonkey.sourceforge.net/
Licenses : GPL
Groups : None
Provides : None
Depends On : file gd miniupnpc libnatpmp
Optional Deps : librsvg: GUI support
gtk2: GUI support
Conflicts With : None
Replaces : None
Download Size : 4.01 MiB
Installed Size : 21.11 MiB
Packager : Anatol Pomozov <anatol.pomozov@gmail.com>
Build Date : Wed 25 Jan 2017 04:13:10 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/mldonkey.service is owned by mldonkey 3.1.6-1
/usr/lib/sysusers.d/mldonkey.conf is owned by mldonkey 3.1.6-1
/usr/lib/tmpfiles.d/mldonkey.conf is owned by mldonkey 3.1.6-1
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [timidity++] contains systemd unit file | Closed | |
Task Description
Description:
The Arch version of TiMidity++ from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info:
* package version(s)
* config and/or log files etc.
Repository : extra
Name : timidity++
Version : 2.14.0-7
Description : A MIDI to WAVE converter and player
Architecture : x86_64
URL : http://timidity.sourceforge.net
Licenses : GPL
Groups : None
Provides : None
Depends On : libao jack
Optional Deps : gtk2: for using the GTK+ interface
tk: for using the Tk interface
xaw3d: for using the Xaw interface
Conflicts With : None
Replaces : None
Download Size : 530.60 KiB
Installed Size : 1431.00 KiB
Packager : Evangelos Foutras <evangelos@foutrelis.com>
Build Date : Thu 10 Sep 2015 12:55:38 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/timidity.service is owned by timidity++ 2.14.0-7
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [wesnoth] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of Wesnoth from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info:
* package version(s)
* config and/or log files etc.
Repository : community
Name : wesnoth
Version : 1.12.6-4
Description : A turn-based strategy game on a fantasy world
Architecture : x86_64
URL : http://www.wesnoth.org/
Licenses : GPL
Groups : None
Provides : None
Depends On : sdl_ttf sdl_net sdl_mixer sdl_image fribidi boost-libs pango lua52 wesnoth-data dbus python2
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 4.97 MiB
Installed Size : 22.86 MiB
Packager : Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
Build Date : Mon 02 Jan 2017 07:52:21 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/wesnothd.service is owned by wesnoth 1.12.6-4
/usr/lib/tmpfiles.d/wesnothd.conf is owned by wesnoth 1.12.6-4
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [evolution-data-server] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of Evolution from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required. OpenRC init script replacement isn’t possible here because Evolution is using a systemd unit file adapted for users instead of system users.
Additional info:
$ pacman -Si evolution-data-server
Repository : extra
Name : evolution-data-server
Version : 3.24.1-3.hyperbola1
Description : Centralized access to appointments and contacts, without libgdata support
Architecture : x86_64
URL : https://wiki.gnome.org/Apps/Evolution
Licenses : GPL
Groups : None
Provides : None
Depends On : gnome-online-accounts nss krb5 libgweather libical db libphonenumber
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 3.56 MiB
Installed Size : 33.38 MiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Fri 12 May 2017 06:28:24 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/user/evolution-addressbook-factory.service is owned by evolution-data-server 3.24.1-3.hyperbola1
/usr/lib/systemd/user/evolution-calendar-factory.service is owned by evolution-data-server 3.24.1-3.hyperbola1
/usr/lib/systemd/user/evolution-source-registry.service is owned by evolution-data-server 3.24.1-3.hyperbola1
/usr/lib/systemd/user/evolution-user-prompter.service is owned by evolution-data-server 3.24.1-3.hyperbola1
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [gnome-terminal] contains systemd unit file | Closed | |
Task Description
Description:
The Arch version of GNOME Terminal Emulator from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required. OpenRC init script replacement isn’t possible here because GNOME Terminal Emulator is using a systemd unit file adapted for users instead of system users.
Additional info:
$ pacman -Si gnome-terminal
Repository : extra
Name : gnome-terminal
Version : 3.24.1-1.hyperbola1
Description : The GNOME Terminal Emulator
Architecture : x86_64
URL : https://wiki.gnome.org/Apps/Terminal
Licenses : GPL
Groups : gnome
Provides : None
Depends On : vte3 gsettings-desktop-schemas dconf
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 1012.67 KiB
Installed Size : 7811.00 KiB
Packager : Scott Adams <haricot@hyperbola.info>
Build Date : Tue 06 Jun 2017 01:36:13 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/user/gnome-terminal-server.service is owned by gnome-terminal 3.24.1-1.hyperbola1
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [tracker] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of Tracker from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required. OpenRC init script replacement isn’t possible here because Tracker is using a systemd unit file adapted for users instead of system users.
Additional info:
$ pacman -Si tracker
Repository : extra
Name : tracker
Version : 1.12.0-2.hyperbola1
Description : Desktop-neutral user information store, search tool and indexer
Architecture : x86_64
URL : https://wiki.gnome.org/Projects/Tracker
Licenses : GPL
Groups : gnome
Provides : None
Depends On : libtracker-sparql=1.12.0-2.hyperbola1 libsecret upower libexif exempi poppler-glib libgsf enca libiptcdata libcue libosinfo libnm-glib
gtk3 libgxps taglib flac libvorbis totem-plparser gst-plugins-base-libs giflib libgrss gvfs
Optional Deps : nautilus: edit files' tracker tags
Conflicts With : None
Replaces : None
Download Size : 1142.60 KiB
Installed Size : 8459.00 KiB
Packager : Scott Adams <haricot@hyperbola.info>
Build Date : Thu 08 Jun 2017 03:57:24 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/user/tracker-extract.service is owned by tracker 1.12.0-2.hyperbola1
/usr/lib/systemd/user/tracker-miner-apps.service is owned by tracker 1.12.0-2.hyperbola1
/usr/lib/systemd/user/tracker-miner-fs.service is owned by tracker 1.12.0-2.hyperbola1
/usr/lib/systemd/user/tracker-miner-rss.service is owned by tracker 1.12.0-2.hyperbola1
/usr/lib/systemd/user/tracker-store.service is owned by tracker 1.12.0-2.hyperbola1
/usr/lib/systemd/user/tracker-writeback.service is owned by tracker 1.12.0-2.hyperbola1
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [vino] contains systemd unit file | Closed | |
Task Description
Description:
The Arch version of Vino from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required. OpenRC init script replacement isn’t possible here because Vino is using a systemd unit file adapted for users instead of system users.
Additional info:
$ pacman -Si vino
Repository : extra
Name : vino
Version : 3.22.0-1.hyperbola1
Description : A VNC server for the GNOME desktop
Architecture : x86_64
URL : https://wiki.gnome.org/Projects/Vino
Licenses : GPL
Groups : gnome
Provides : None
Depends On : libnotify libxtst libsm telepathy-glib gtk3 libsecret avahi gnutls
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 368.24 KiB
Installed Size : 2723.00 KiB
Packager : Scott Adams <haricot@hyperbola.info>
Build Date : Fri 09 Jun 2017 02:01:33 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/user/vino-server.service is owned by vino 3.22.0-1.hyperbola1
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [mkinitcpio] enable "hidepid" support in /proc filesyst ... | Closed | |
Task Description
Description:
Additional info:
/usr/lib/initcpio/init_functions
----
mount_setup() {
mount -t proc proc /proc -o nosuid,noexec,nodev
+ mount /proc -o remount,gid=26,hidepid=2
mount -t sysfs sys /sys -o nosuid,noexec,nodev
mount -t devtmpfs dev /dev -o mode=0755,nosuid
mount -t tmpfs run /run -o nosuid,nodev,mode=0755
mkdir -m755 /run/initramfs
$ pacman -Si mkinitcpio
Repository : core
Name : mkinitcpio
Version : 23-1.hyperbola2
Description : Modular initramfs image creation utility, with eudev support
Architecture : any
URL : https://projects.archlinux.org/mkinitcpio.git/
Licenses : GPL
Groups : None
Provides : None
Depends On : awk mkinitcpio-busybox>=1.19.4-2 kmod util-linux>=2.23 libarchive coreutils bash findutils grep filesystem>=2011.10-1 gzip eudev
Optional Deps : xz: Use lzma or xz compression for the initramfs image
bzip2: Use bzip2 compression for the initramfs image
lzop: Use lzo compression for the initramfs image
lz4: Use lz4 compression for the initramfs image
mkinitcpio-nfs-utils: Support for root filesystem on NFS
Conflicts With : None
Replaces : None
Download Size : 38.60 KiB
Installed Size : 194.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Tue 27 Feb 2018 12:00:17 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Security Issue | Very High | Critical | [openrc] remove dangerous "local" init script | Closed | |
Task Description
Description:
“https://wiki.gentoo.org/wiki//etc/local.d”
Additional info:
remove:
“/etc/init.d/local”
“/etc/local.d/README”
“/etc/local.d/”
/etc/init.d/agetty
----
- after local
+ after *
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-17
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 194.10 KiB
Installed Size : 1727.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Thu 05 Jul 2018 01:37:37 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [openrc] minor fix in /proc mount option | Closed | |
Task Description
Description:
Change the “/proc” filesystem option, reverting FS#1038 .
Additional info:
/usr/lib/rc/sh/init.sh
----
- mount -n -t proc -o noexec,nosuid,nodev,hidepid=2,gid=proc proc /proc
+ mount -n -t proc -o noexec,nosuid,nodev,gid=26,hidepid=2 proc /proc
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-17
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 194.10 KiB
Installed Size : 1727.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Thu 05 Jul 2018 01:37:37 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [system-config-printer] contains systemd unit file | Closed | |
Task Description
Description:
The Arch version of system-config-printer from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info:
* package version(s)
* config and/or log files etc.
Repository : extra
Name : system-config-printer
Version : 1.5.9-2
Description : A CUPS printer configuration tool and status applet
Architecture : x86_64
URL : https://github.com/zdohnal/system-config-printer
Licenses : GPL
Groups : None
Provides : None
Depends On : python-pycups python-dbus python-pycurl libnotify python-requests python-gobject gtk3 python-cairo
Optional Deps : python-pysmbc: SMB browser support
python-packagekit: to install drivers with PackageKit
cups-pk-helper: PolicyKit helper to configure cups with fine-grained privileges
Conflicts With : None
Replaces : None
Download Size : 908.59 KiB
Installed Size : 7159.00 KiB
Packager : Andreas Radke <andyrtr@archlinux.org>
Build Date : Fri 27 Jan 2017 04:18:24 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/configure-printer@.service is owned by system-config-printer 1.5.9-2
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [pkgfile] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of pkgfile from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info:
* package version(s)
* config and/or log files etc.
Repository : extra
Name : pkgfile
Version : 17-1
Description : a pacman .files metadata explorer
Architecture : x86_64
URL : http://github.com/falconindy/pkgfile
Licenses : MIT
Groups : None
Provides : None
Depends On : libarchive curl pcre pacman
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 23.16 KiB
Installed Size : 47.00 KiB
Packager : Dave Reisner <dreisner@archlinux.org>
Build Date : Tue 18 Apr 2017 05:30:59 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/pkgfile-update.service is owned by pkgfile 17-1
/usr/lib/systemd/system/pkgfile-update.timer is owned by pkgfile 17-1
Steps to reproduce:
|
|
Any | Security Issue | Very High | Critical | [znc] CVE-2018-14055: privilege escalation & CVE-2018-1 ... | Closed | |
Task Description
Severity: high
Versions affected:
1.6.0 through 1.7.0
Potentially, all earlier versions too, but there is no known way to
trigger this before 1.6.0
Mitigation:
upgrade to 1.7.1
Description:
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming
from the network, allowing a non-admin user to escalate privilege,
inject rogue values into znc.conf, and gain shell access.
Upstream patches:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
—
Severity: medium
Versions affected:
0.045 through 1.7.0
Mitigation:
upgrade to 1.7.1, or disable HTTP via `/msg *status AddPort`, `/msg
*status DelPort` commands.
Description:
ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user
can set web skin name to ../ to access files outside of the intended
skins directories and to cause DoS.
Upstream patch:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
|
|
Any | Security Issue | Very High | Critical | [wesnoth] CVE-2018-1999023 - Code Injection vulnerabili ... | Closed | |
Task Description
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.
https://security-tracker.debian.org/tracker/CVE-2018-1999023
Upstream patch: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318
|
|
Any | Feature Request | Very High | High | [pkgfile] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of pkgfile from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or create a cron job (scheduled task) to replace it.
Additional info:
* package version(s)
* config and/or log files etc.
Repository : extra
Name : pkgfile
Version : 17-1
Description : a pacman .files metadata explorer
Architecture : x86_64
URL : http://github.com/falconindy/pkgfile
Licenses : MIT
Groups : None
Provides : None
Depends On : libarchive curl pcre pacman
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 23.16 KiB
Installed Size : 47.00 KiB
Packager : Dave Reisner <dreisner@archlinux.org>
Build Date : Tue 18 Apr 2017 05:30:59 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/pkgfile-update.service is owned by pkgfile 17-1
/usr/lib/systemd/system/pkgfile-update.timer is owned by pkgfile 17-1
Steps to reproduce:
|
|
Any | Bug Report | Very High | Critical | [openrc] fix "chroot" initscript | Closed | |
Task Description
Description:
Additional info:
/etc/conf.d/chroot
# initial command
CR_COMD=/sbin/openrc-init
-# network interfaces
-CR_NINF="veth_guest ethernet"
-# wifi interfaces
-CR_WINF="wifi"
-# service dependecies
-CR_DEPS="net_veth.interface_host
- chroot.name net.interface_ethernet net.interface_wifi"
+# network interfaces, example: CR_NINF="veh0 eth0"
+CR_NINF=""
+# wifi interfaces, example: CR_WINF="wlan0"
+CR_WINF=""
+# service dependecies, example: CR_DEPS="net.veh0 chroot.dns chroot.ntp net.eth0 net.wlan0"
+CR_DEPS=""
# wait in seconds to run CR_COMD
CR_CDWT=1
-# wait in seconds to start the sercice
+# wait in seconds to start the service
CR_STWT=7
# wait in seconds to stop the service
CR_SPWT=7
/etc/init.d/chroot
depend() {
- need $CR_NDEP
+ need $CR_DEPS
after modules bootmisc localmount net netmount
keyword -jail -prefix -vserver
provide oslv
}
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-18
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 193.18 KiB
Installed Size : 1720.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 08 Jul 2018 01:28:16 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Bug Report | Very High | Critical | [netifrc] fix "net_veth" and "net_macsec" initscripts | Closed | |
Task Description
Description:
Additional info:
/etc/conf.d/net_veth
-# Source Interface (host)
-IFSRC=interface_host
+# Source Interface (host), example: IFSRC=veh0
+IFSRC=veh0
# Set custom parameters on Source Interface
IFCTS=
-# Destination Interface (guest)
-IFDST=interface_guest
+# Destination Interface (guest), example: IFDST=veg0
+IFDST=veg0
# Set custom parameters on Destination Interface
IFCTD=
/etc/conf.d/net_macsec
-# Source Interface (host)
-IFSRC=interface_host
-# Network init service dependency from Source Interface
-#IFDEP=net.interface_host
-# Destination Interface (macsec/guest)
-IFDST=interface_macsec
+# Source Interface (host), example: IFSRC=eth0
+IFSRC=eth0
+# Network init service dependency from Source Interface, example: IFDEP=net.eth0
+IFDEP=
+# Destination Interface (macsec/guest), example: IFDST=macsec0
+IFDST=macsec0
# Set custom parameters on MACsec Interface
IFCTD=
---
IFPAR="cipher gcm-aes-128
icvlen 16
encrypt on
protect off
replay off
send_sci on
- validate strict"
+ validate disabled"
---
-# Add receive channels and/or receive association keys (RXSC), examples:
-#
-# [sci_<0..ffffffffffffffff(hex)>|port_<1..65535(dec)>_address_<00:00:00:00:00:00..ff:ff:ff:ff:ff:ff(hex)>][_<on/off>]
-#
-# sci_0
-# sci_ffffffffffffffff_on
-# port_1_address_00:00:00:00:00:00
-# port_2_address_ff:ff:ff:ff:ff:ff_off
-#
-# [sci_<0..ffffffffffffffff(hex)>_|port_<1..65535(dec)>_address_<00:00:00:00:00:00..ff:ff:ff:ff:ff:ff(hex)>_]sa_<0..3(dec)>_[pn_<1..4294967295(dec)>_][<on/off>_]key_<00..ff(hex)>_<00000000000000000000000000000000..ffffffffffffffffffffffffffffffff(hex)>
-#
-# sa_0_key_00_00000000000000000000000000000000
-# sa_1_key_pn_1_01_f00f00f00f00f00f00f00f00f00f00f0
-# sa_2_key_on_32_de_de00de00de00de00de00de00de00de00
-# sa_3_key_pn_16345_off_a1_fca1fca1fca1fca1fca1fca1fca1fca1
-# sci_0_sa_0_key_00_00000000000000000000000000000000
-# sci_32_sa_1_key_pn_1_01_f00f00f00f00f00f00f00f00f00f00f0
-# sci_451_sa_2_key_on_32_de_de00de00de00de00de00de00de00de00
-# sci_7438f_sa_3_key_pn_16345_off_a1_fca1fca1fca1fca1fca1fca1fca1fca1
-# port_1_address_00:00:00:00:00:00_sa_0_key_00_00000000000000000000000000000000
-# port_2_address_ff:ff:ff:ff:ff:ff_sa_1_key_pn_1_01_f00f00f00f00f00f00f00f00f00f00f0
-# port_3_address_00:00:00:ff:ff:ff_sa_2_key_on_32_de_de00de00de00de00de00de00de00de00
-# port_4_address_ff:ff:ff:00:00:00_sa_3_key_pn_16345_off_a1_fca1fca1fca1fca1fca1fca1fca1fca1
+# Add receive channels and/or receive association keys (RXSC), examples:
+#
+# "[sci <0..ffffffffffffffff(hex)>|port <1..65535(dec)> address <00:00:00:00:00:00..ff:ff:ff:ff:ff:ff(hex)>][ <on/off>]"
+#
+# "sci 0"
+# "sci ffffffffffffffff on"
+# "port 1 address 00:00:00:00:00:00"
+# "port 2 address ff:ff:ff:ff:ff:ff off"
+#
+# "[sci <0..ffffffffffffffff(hex)> |port <1..65535(dec)> address <00:00:00:00:00:00..ff:ff:ff:ff:ff:ff(hex)> ]sa <0..3(dec)> [pn <1..4294967295(dec)> ][<on/off> ]key <00..ff(hex)> <00000000000000000000000000000000..ffffffffffffffffffffffffffffffff(hex)>"
+#
+# "sci 0 sa 0 key 00 00000000000000000000000000000000"
+# "sci 32 sa 1 pn 1 key 01 f00f00f00f00f00f00f00f00f00f00f0"
+# "sci 451 sa 2 on key de de00de00de00de00de00de00de00de00"
+# "sci 7438f sa 3 pn 16345 off key a1 fca1fca1fca1fca1fca1fca1fca1fca1"
+# "port 1 address 00:00:00:00:00:00 sa 0 key 00 00000000000000000000000000000000"
+# "port 2 address ff:ff:ff:ff:ff:ff sa 1 pn 1 key 01 f00f00f00f00f00f00f00f00f00f00f0"
+# "port 3 address 00:00:00:ff:ff:ff sa 2 on key de de00de00de00de00de00de00de00de00"
+# "port 4 address ff:ff:ff:00:00:00 sa 3 pn 16345 off key a1 fca1fca1fca1fca1fca1fca1fca1fca1"
+#
+# IFRSC=("port 1 address 00:00:00:00:00:00 on"
+# "port 1 address 00:00:00:00:00:00 sa 0 pn 1 on key 00 00000000000000000000000000000000"
+# "sci ffffffffffff0001 on"
+# "sci ffffffffffff0001 sa 0 pn 1 on key 00 ffffffffffffffffffffffffffffffff")
IFRSC=()
-# Add trasmition association keys (TXSC) , examples:
-# sa_<0..3(dec)>_[pn_<1..4294967295(dec)>_][<on/off>_]key_<00..ff(hex)>_<00000000000000000000000000000000..ffffffffffffffffffffffffffffffff(hex)>
-#
-# sa_0_key_00_00000000000000000000000000000000
-# sa_1_key_pn_1_01_f00f00f00f00f00f00f00f00f00f00f0
-# sa_2_key_on_32_de_de00de00de00de00de00de00de00de00
-# sa_3_key_pn_16345_off_a1_fca1fca1fca1fca1fca1fca1fca1fca1
+# Add trasmition association keys (TXSC) , examples:
+# "sa <0..3(dec)> [pn <1..4294967295(dec)> ][<on/off> ]key <00..ff(hex)> <00000000000000000000000000000000..ffffffffffffffffffffffffffffffff(hex)>"
+#
+# "sa 0 key 00 00000000000000000000000000000000"
+# "sa 1 pn 1 key 01 f00f00f00f00f00f00f00f00f00f00f0"
+# "sa 2 on key de de00de00de00de00de00de00de00de00"
+# "sa 3 pn 16345 off key a1 fca1fca1fca1fca1fca1fca1fca1fca1"
+#
+# IFTSC=("sa 0 pn 1 on key 00 00000000000000000000000000000000")
IFTSC=()
/etc/init.d/net_macsec
if [[ $IFRSC ]]; then
- for mac_rxsc in ${IFRSC[@]}; do
- ip macsec add $IFDST rx ${mac_rxsc/_/ }
+ for mac_rxsc in "${IFRSC[@]}"; do
+ ip macsec add $IFDST rx $mac_rxsc
done
fi
if [[ $IFTSC ]]; then
- for mac_txsc in ${IFTSC[@]}; do
- ip macsec add $IFDST tx ${mac_txsc/_/ }
+ for mac_txsc in "${IFTSC[@]}"; do
+ ip macsec add $IFDST tx $mac_txsc
done
fi
$ pacman -Si netifrc
Repository : core
Name : netifrc
Version : 0.6.0-2.backports1
Description : Network interface management scripts
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Netifrc
Licenses : BSD2
Groups : base
Provides : None
Depends On : eudev
Optional Deps : iproute2: for interface handler, VPN, bridging and tunneling support (recommended)
net-tools: for interface handler support
bridge-utils: for bridging support
linux-atm: for CLIP and RFC 2684 bridge support
wpa_supplicant: for wireless networking support (recommended)
wireless_tools: for wireless networking support
dhcpcd: for DHCP support (recommended)
dhclient: for DHCP support
busybox: for DHCP support
iputils: for APIPA support
ifenslave: for bonding interfaces
ppp: for PPP and ADSL support (recommended)
rp-pppoe: for ADSL support
macchanger: for changing MAC addresses
ifplugd: for cable in/out detection
Conflicts With : None
Replaces : None
Download Size : 66.18 KiB
Installed Size : 373.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Tue 03 Jul 2018 12:16:13 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Bug Report | Very High | Critical | [netifrc] "net.lo" initscript is forced to load in "boo ... | Closed | |
Task Description
Description:
“net.lo” initscript is forced to load in “boot” runlevel by default.
“loopback” interface doesn’t need changes.
“net.lo” initscript conflicts with another network services, like: NetworkManager.
“net.lo” initscript takes extra processor and memory resources when is useless.
Additional info:
This file needs be removed:
* /etc/runlevels/boot/net.lo
$ pacman -Si netifrc
Repository : core
Name : netifrc
Version : 0.6.0-2.backports1
Description : Network interface management scripts
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Netifrc
Licenses : BSD2
Groups : base
Provides : None
Depends On : eudev
Optional Deps : iproute2: for interface handler, VPN, bridging and tunneling support (recommended)
net-tools: for interface handler support
bridge-utils: for bridging support
linux-atm: for CLIP and RFC 2684 bridge support
wpa_supplicant: for wireless networking support (recommended)
wireless_tools: for wireless networking support
dhcpcd: for DHCP support (recommended)
dhclient: for DHCP support
busybox: for DHCP support
iputils: for APIPA support
ifenslave: for bonding interfaces
ppp: for PPP and ADSL support (recommended)
rp-pppoe: for ADSL support
macchanger: for changing MAC addresses
ifplugd: for cable in/out detection
Conflicts With : None
Replaces : None
Download Size : 66.18 KiB
Installed Size : 373.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Tue 03 Jul 2018 12:16:13 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Bug Report | Very High | Critical | [eudev] "udev" and "udev-trigger" initscripts are force ... | Closed | |
Task Description
Description:
“udev” initscript is loaded by “udev-trigger”.
“udev-trigger” is needed load on “boot” runlevel, not”sysinit” one.
“udev-trigger” initscript is forced to be added in the sysinit runlevel through upgrading package process
It avoids use “eudev” side-by-side with “vdev”.
Additional info:
This file need be removed:
* /etc/runlevels/sysinit/udev
This file needs to be changed in "boot" runlevel, not "sysinit" runlevel;
This file needs be included only in the installing process not updating one.
- /etc/runlevels/sysinit/udev-trigger
+ /etc/runlevels/boot/udev-trigger
$ pacman -Si eudev
Repository : core
Name : eudev
Version : 3.2.5-2
Description : The userspace dev tools (udev) forked by Gentoo, with OpenRC support
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:Eudev
Licenses : GPL
Groups : None
Provides : udev
Depends On : libeudev kbd kmod hwids util-linux
Optional Deps : None
Conflicts With : udev
Replaces : udev
Download Size : 931.20 KiB
Installed Size : 7072.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 01 Jul 2018 01:26:17 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Bug Report | Very High | Critical | [openrc] run "sysctl" initscript after "net" initscript | Closed | |
Task Description
Description:
Additional info:
/etc/init.d/sysctl
- after clock
+ after clock net
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-18
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 193.18 KiB
Installed Size : 1720.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 08 Jul 2018 01:28:16 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Backport Request | Very High | High | [nodejs] backporting to nodejs LTS 8.11.3 | Closed | |
Task Description
Description:
Hi dear developers of Hyperbola. I work in the field of web development. I use a lot of javascript and nodejs to compile.
Could they do the nodejs update?. I also mention this because Hyperbola works with LTS packages.
Additional info:
* package version(s)
$ sudo pacman -Si nodejs
Repositorio : community
Nombre : nodejs
Versión : 7.10.0-1
Descripción : Evented I/O for V8 javascript
Arquitectura : x86_64
URL : http://nodejs.org/
Licencias : MIT
Grupos : Nada
Provee : Nada
Depende de : openssl-1.0 zlib icu libuv http-parser c-ares
Dependencias opcionales : npm: nodejs package manager
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 4,55 MiB
Tamaño de la instalación : 18,49 MiB
Encargado : Felix Yan <felixonmars@archlinux.org>
Fecha de creación : mié 03 may 2017 09:50:26 -05
Validado por : Suma MD5 Suma SHA-256 Firma
$ sudo pacman -Si npm
Repositorio : community
Nombre : npm
Versión : 4.5.0-1
Descripción : A package manager for javascript
Arquitectura : any
URL : https://www.npmjs.com/
Licencias : custom:Artistic
Grupos : Nada
Provee : nodejs-node-gyp
Depende de : nodejs semver
Dependencias opcionales : python2: for node-gyp
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 2,72 MiB
Tamaño de la instalación : 13,98 MiB
Encargado : Felix Yan <felixonmars@archlinux.org>
Fecha de creación : mié 12 abr 2017 22:08:06 -05
Validado por : Suma MD5 Suma SHA-256 Firma
- NodeJS LTS (includes npm 5.6.0):
* https://nodejs.org/dist/v8.11.3/node-v8.11.3.tar.gz
* https://nodejs.org/dist/v8.11.3/SHASUMS256.txt.asc
Some errors that I suffer when compiling:
- https://stackoverflow.com/questions/46476741/nodejs-util-promisify-is-not-a-function
|
|
Any | Security Issue | Very High | Critical | [openssh] CVE-2018-15473 | Closed | |
Task Description
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
https://security-tracker.debian.org/tracker/CVE-2018-15473
Patch: https://salsa.debian.org/ssh-team/openssh/commit/4641c58a3279f6b118f9562babaa0ee050a38619
Technical analysis: https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/
|
|
Any | Feature Request | Very High | High | [gpsd]: contains systemd files | Closed | |
|
|
Any | Security Issue | Very High | Critical | [dropbear] CVE-2018-15599 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [mutt] CVE-2018-14354 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [iceweasel-uxp-noscript] Zero-day bypass and script exe ... | Closed | |
|
|
Stable | Feature Request | Very High | High | [hiawatha]: remove systemd files, provide openrc | Closed | |
|
|
Any | Security Issue | Very High | Critical | [util-linux] CVE-2018-7738 | Closed | |
|
|
Any | Feature Request | Very High | High | [umurmur] needs OpenRC init script and contains systemd ... | Closed | |
|
|
Any | Bug Report | Very High | High | [openrc] needs a minor fix | Closed | |
|
|
Any | Security Issue | Very High | Critical | [schroedinger] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [vlc] CVE-2017-17670 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [vlc] CVE-2018-11529 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [qtpass] Insecure Password Generation prior to 1.2.1 | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [qtemu] package recommends installing non-free OSes | Closed | |
|
|
Any | Security Issue | Very High | Critical | [toxcore] Memory leak - Remote DDoS vunerability | Closed | |
|
|
Any | Security Issue | Very High | Critical | [libssh] CVE-2018-10933 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [openldap] 2.4.44 multiple security issues | Closed | |
|
|
Any | Bug Report | Very High | High | [mkinitcpio] consolefont and keymap hooks is adapted to ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [php] CVE-2017-9120 | Closed | |
|
|
Stable | Freedom Issue | Very High | Critical | [cool-retro-term] update package to 1.0.1 and remove no ... | Closed | |
|
|
Stable | Freedom Issue | Very High | Critical | [xorg-fonts-misc] contains non-libre/free Syriac typefa ... | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [python-pip][python2-pip] Pip recommends proprietary so ... | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [purple-skypeweb] Plugin only useful with Skype | Closed | |
|
|
Stable | Freedom Issue | Very High | Critical | [gftp] Remove many other (old and dead) FTP site bookma ... | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [man-pages] contains nonfree POSIX manual pages | Closed | |
|
|
Any | Bug Report | Very High | Critical | [linux-libre-lts] spinlock not released on kernel by i9 ... | Closed | |
|
