Packages

Category Task Type Priority Severity Summary Status Progress
AnyFeature RequestVery HighCritical [openrc] please remove "mtab", "modules-load" and "swcl ...Closed
100%
Task Description

Description:

Please remove "mtab", "modules-load" and "swclock" init scripts.

"mtab" is a deprecated and unmaintained init script,
because filesystem contains a mtab soft link.

"modules-load" init script, is a systemd compatibility configuration
to load the kernel modules from the "/etc/modules-load" configuration
directory.
This init script is useless, because the "modules" init script exists
and it's a duplicated feature.
If you need a module to load a module, just configure "/etc/conf.d/modules"
and start the "modules" init script or add a module in
the "/etc/mkinitcpio.conf" and run mkinitcpio -p $yourkernel

"swclock" is an useless init script, because is a service
setting the local clock based on last shutdown time.
If a machine doesn't support "/etc/rtc", then disable "clock_hctosys" and
"clock_systohc" from "/etc/conf.d/hwclock" with or without
NTP server/client. For chroot environments,"osclock" init script is the way.

Additional info:

openrc 0.28-14

/etc/init.d/localmount


-use lvm modules mtab root
+use lvm modules root

/etc/init.d/modules


-    want modules-load

/etc/init.d/lm_sensors


-after modules-load

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Enable the unused init scripts
AnySecurity IssueVery HighCritical [openrc] use procps-ng's "sysctl" by default instead of ...Closed
100%
Task Description

Description:

Use procps-ng's "sysctl" by default instead of inetutils's "hostname" for
hostname support.

Since [inetutils] is an extra dependency for openrc, it
contains insecure commands like: ftp/rcp/rlogin/rsh/talk/telnet
For security reasons, procps-ng should be the tool to handle hostname
configuration through hostname init script because is a base package.

Additional info:

openrc 0.28-14

/etc/init.d/hostname


-       hostname "$h"
+       case $(uname -s) in
+               GNU/Linux|Linux)
+                       sysctl -qw kernel.hostname="$h"
+                       ;;
+               *)
+                       hostname "$h"
+                       ;;
+       esac

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Set and run hostname init script
AnyBug ReportVery HighCritical [openrc] set "devfs" init script to run before than any ...Closed
100%
Task Description

Description:

Set "devfs" init script to run before than any "logger" init script.

It fixes when any "logger" server is running with rc_logger activated
without the needed to add a "logger" init script on different runlevels.

Additional info:

openrc 0.28-14

/etc/init.d/devfs


-       before dev
+       before dev logger

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Add "devfs" and any "logger" init script to default runlevel
AnyFeature RequestVery HighCritical [openrc] some init scripts are forced to load in certai ...Closed
100%
Task Description

Description:

Some init scrips are forced to load in certain runlevels by default (eg. boot) when 
OpenRC is upgraded. It isn't good for virtualization environments like chroot that
doesn't require it to work.

Those scripts are:
* /etc/init.d/dmesg
* /etc/init.d/hwclock
* /etc/init.d/keymaps
* /etc/init.d/killprocs
* /etc/init.d/local
* /etc/init.d/loopback
* /etc/init.d/modules
* /etc/init.d/mount-ro
* /etc/init.d/swap
* /etc/init.d/sysctl

Note: "/etc/init.d/dmesg" should be loaded in "boot" runlevel instead of "sysinit" one at the first installation time.
Note: "/etc/init.d/local" should be loaded in "sysinit" runlevel instead of "default" and "nonetwork" one at the first installation time.

Additional info:

openrc 0.28-14
$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Re-install and/or upgrade the OpenRC package.
AnyFeature RequestVery HighCritical [openrc] some init scripts are forced to load in certai ...Closed
100%
Task Description

Description:

Some init scrips are forced to load in certain runlevels by default (eg. boot) when 
OpenRC is upgraded. Also some of them are autoloaded by other init scripts.
It isn't good for virtualization environments like chroot that doesn't require it to
work.
These files need be removed:
* /etc/runlevels/boot/binfmt (optional)
* /etc/runlevels/boot/fsck (autoloaded from "root" init script)
* /etc/runlevels/boot/localmount (autoloaded from "bootmisc" init script)
* /etc/runlevels/boot/procfs (optional, mount "binfmt_misc" only)
* /etc/runlevels/boot/termencoding (autoloaded from "keymaps" init script)
* /etc/runlevels/default/netmount (optional)
* /etc/runlevels/shutdown/savecache (optional)
* /etc/runlevels/sysinit/devfs (autoload from "udev" init script)
* /etc/runlevels/sysinit/sysfs (autoload from "udev" init script)

Additional info:

openrc 0.28-14
$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

Re-install and/or upgrade the OpenRC package
AnyFeature RequestVery HighCritical [openrc] add "newinstance" mount parameter in "devpts"  ...Closed
100%
Task Description

Description:

Add "newinstance" mount parameter in "devpts" (in "devfs" init script)

Additional info:

openrc 0.28-14

/etc/init.d/devfs


- “devpts /dev/pts 0755 ,gid=5,mode=0620 devpts” \
+ “devpts /dev/pts 0755 ,gid=5,mode=0620,newinstance devpts” \


$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:
Run “devfs” init script

AnyFeature RequestVery HighCritical [openrc] add hidepid support in /proc filesystem. Closed
100%
Task Description

Description:

  • Add hidepid in /proc filesystem, needed for chroot with namespaces.
  • Revert FS#1082, but as “gid=proc,hidepid=2”, not “hidepid=2,gid=proc”.

Additional info:

  • openrc 0.28-18

/usr/lib/rc/sh/init.sh


-                mount -n -t proc -o noexec,nosuid,nodev proc /proc
+                mount -n -t proc -o noexec,nosuid,nodev,gid=proc,hidepid=2 proc /proc

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-18
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 193.18 KiB
Installed Size  : 1720.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Sun 08 Jul 2018 01:28:16 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

  • On boot “openrc” on ‘chroot’ with ‘linux namespaces’ (unshare).
  • On boot “openrc” on any ‘kernel based virtual machines’ (without /proc premounted).
  • On boot the kernel without any image (initramfs-linux-libre-lts*.img).
AnyFeature RequestVery HighCritical [netifrc] add net_macsec and net_veth init scripts Closed
100%
Task Description

Description:

Add net_macsec and net_veth init scripts

Additional info:

netifrc 0.5.1-3
Repository      : core
Name            : netifrc
Version         : 0.5.1-3
Description     : Network interface management scripts
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Netifrc
Licenses        : BSD2
Groups          : base
Provides        : None
Depends On      : eudev
Optional Deps   : iproute2: for interface handler, VPN, bridging and tunneling support (recommended)
                  net-tools: for interface handler support
                  bridge-utils: for bridging support
                  linux-atm: for CLIP and RFC 2684 bridge support
                  wpa_supplicant: for wireless networking support (recommended)
                  wireless_tools: for wireless networking support
                  dhcpcd: for DHCP support (recommended)
                  dhclient: for DHCP support
                  busybox: for DHCP support
                  iputils: for APIPA support
                  ifenslave: for bonding interfaces
                  ppp: for PPP and ADSL support (recommended)
                  rp-pppoe: for ADSL support
                  macchanger: for changing MAC addresses
                  ifplugd: for cable in/out detection
Conflicts With  : None
Replaces        : None
Download Size   : 62.75 KiB
Installed Size  : 349.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Wed 24 Jan 2018 09:05:24 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

none
AnyFeature RequestVery HighCritical [openrc] add chroot init config and script files Closed
100%
Task Description

Description:

Add chroot init script
Note: chroot1 and chroot2 are examples.

Additional info:

openrc 0.28-14
$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

none
AnyBug ReportVery HighCritical [openrc] rename "procfs" init script to "binfmt_misc",  ...Closed
100%
Task Description

Description:

Rename "procfs" init script to "binfmt_misc", it isn't a "procfs"

/etc/init.d/procfs → /etc/init.d/binfmt_misc


-description="Mounts misc filesystems in /proc."
+description="Mounts binfmt_misc filesystems in /proc."

/etc/init.d/binfmt


-        after clock procfs
+        after clock binfmt_misc

Additional info:

openrc 0.28-14
$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

none
AnyBug ReportVery HighCritical [eudev][openrc] rename "dev-mount" to "devfs" in "udev" ...Closed
100%
Task Description

Description:
Rename “dev-mount” to “devfs” in “udev” init script

/etc/init.d/udev (eudev package)


-        need sysfs dev-mount
+        need sysfs devfs

/etc/init.d/devfs (openrc package)


 -        provide dev-mount

Additional info:

openrc 0.28-14
$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-14
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 196.71 KiB
Installed Size  : 1767.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 07 May 2018 03:54:42 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

none
AnyBackport RequestVery HighCritical [netifrc] update package to 0.6.0 backport Closed
100%
Task Description

Description:

[netifrc] update package to 0.6.0 backport version

Fix security errors:

Fix errors:

Changes:

Features:



Note: Please add a extra hotfix patch from git:

Additional info:

netifrc 0.5.1-3
$ pacman -Si netifrc
Repository      : core
Name            : netifrc
Version         : 0.5.1-3
Description     : Network interface management scripts
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Netifrc
Licenses        : BSD2
Groups          : base
Provides        : None
Depends On      : eudev
Optional Deps   : iproute2: for interface handler, VPN, bridging and tunneling support (recommended)
                  net-tools: for interface handler support
                  bridge-utils: for bridging support
                  linux-atm: for CLIP and RFC 2684 bridge support
                  wpa_supplicant: for wireless networking support (recommended)
                  wireless_tools: for wireless networking support
                  dhcpcd: for DHCP support (recommended)
                  dhclient: for DHCP support
                  busybox: for DHCP support
                  iputils: for APIPA support
                  ifenslave: for bonding interfaces
                  ppp: for PPP and ADSL support (recommended)
                  rp-pppoe: for ADSL support
                  macchanger: for changing MAC addresses
                  ifplugd: for cable in/out detection
Conflicts With  : None
Replaces        : None
Download Size   : 62.75 KiB
Installed Size  : 349.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Wed 24 Jan 2018 09:05:24 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

contains errors in 0.5.1 version
AnyImplementation RequestVery HighCritical [linux-libre-lts-server] add "Linux-libre" kernel adapt ...Closed
100%
Task Description

Description:

Additional info:

  • none.

Steps to reproduce:

  • none.
AnySecurity IssueVery HighCritical [openrc] remove dangerous "local" init script Closed
100%
Task Description

Description:

  • Remove dangerous “local” init script, is a bad idea to use it, see:

https://wiki.gentoo.org/wiki//etc/local.d

Additional info:

  • openrc 0.28-17
  • remove:
    • “/etc/init.d/local”
    • “/etc/local.d/README”
    • “/etc/local.d/”
/etc/init.d/agetty
----
-        after local
+        after *
$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-17
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 194.10 KiB
Installed Size  : 1727.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Thu 05 Jul 2018 01:37:37 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

  • On boot.
AnyBug ReportVery HighCritical [python-acme] to start crashing on June 19th  Closed
100%
Task Description

Description:
Quoted from https://bugs.launchpad.net/ubuntu/+source/python-acme/+bug/1777205 Bug #1777205 reported by Brad Warren on 2018-06-16


[Impact]

Without this fix, on June 19, the library will start to fail when using Let’s Encrypt’s new ACMEv2 endpoint. We should avoid breaking this for users.

[Test Case]

On June 19, try to use Let’s Encrypt’s new ACMEv2 endpoint; it will error out, as described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866

[Regression Potential]

If the endpoint changes again, this will need another update, but the only potential regression I see is server-side, which needs patches on our end to adjust (like in this case).

[Original Bug Description]

I am the upstream maintainer of python-acme. This bug only affects python-acme in Ubuntu 18.04.

Starting on June 19th, this library will start failing when used with Let’s Encrypt’s new ACMEv2 endpoint. This is because the library does not recognize the changes described in https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 and will error out when it sees them.

To fix this, python-acme either needs to be upgraded to 0.25.1 (which came out two days ago) or the one line patch that originally landed upstream at https://github.com/certbot/certbot/commit/5940ee92ab5c9a9f05f7067974f6e15c9fa3205a applied. I think the latter is the safer option.

Please let me know what I can do to help get this resolved.


Additional info:
Solution is to upgrade the following packages

* certbot 0.23.0-1.hyperbola1.backports1
* python-acme 0.23.0-1.backports1

and any other that depends on certbot=0.23.0 and/or python-acme=0.23.0 (like the certbot plugins)

The other option is to patch certbot, as described in the launchpad’s issue

Steps to reproduce:

1) Install certbot
2) try anything related to the certificates (certonly, renew)
3) You may get an error like this:

Obtaining a new certificate
An unexpected error occurred:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 280, in fields_from_json
    fields[slot] = field.decode(value)
  File "/usr/lib/python3.6/site-packages/josepy/json_util.py", line 88, in decode
    return self.fdec(value)
  File "/usr/lib/python3.6/site-packages/acme/messages.py", line 123, in from_json
    '{0} not recognized'.format(cls.__name__))
josepy.errors.DeserializationError: Deserialization error: Status not recognized

During handling of the above exception, another exception occurred:

josepy.errors.DeserializationError: Deserialization error: Could not decode 'status' ('ready'): Deserialization error: Status not recognized
Please see the logfiles in /var/log/letsencrypt for more details.
AnySecurity IssueVery HighCritical [znc] CVE-2018-14055: privilege escalation & CVE-2018-1 ...Closed
100%
Task Description

Severity: high

Versions affected:
1.6.0 through 1.7.0
Potentially, all earlier versions too, but there is no known way to
trigger this before 1.6.0

Mitigation:
upgrade to 1.7.1

Description:
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming
from the network, allowing a non-admin user to escalate privilege,
inject rogue values into znc.conf, and gain shell access.

Upstream patches:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d

Severity: medium

Versions affected:
0.045 through 1.7.0

Mitigation:
upgrade to 1.7.1, or disable HTTP via `/msg *status AddPort`, `/msg
*status DelPort` commands.

Description:
ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user
can set web skin name to ../ to access files outside of the intended
skins directories and to cause DoS.

Upstream patch:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773

AnySecurity IssueVery HighCritical [wesnoth] CVE-2018-1999023 - Code Injection vulnerabili ...Closed
100%
Task Description

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.

https://security-tracker.debian.org/tracker/CVE-2018-1999023

Upstream patch: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318

StableSecurity IssueVery HighCritical [iceweasel-uxp] Issue with HTTPS websites Closed
100%
Task Description

With latest iceweasel-uxp, I can’t connect to some HTTPS websites :

For example :

https://pkgs.fedoraproject.org/ is an example

SEC_ERROR_UNKNOWN_ISSUER

AnyBug ReportVery HighCritical [openrc] fix "chroot" initscript Closed
100%
Task Description

Description:

  • “chroot” initscript contains some errors on “chroot” initscript.

Additional info:

  • openrc 0.28-18

/etc/conf.d/chroot


 # initial command
 CR_COMD=/sbin/openrc-init
-# network interfaces
-CR_NINF="veth_guest ethernet"
-# wifi interfaces
-CR_WINF="wifi"
-# service dependecies
-CR_DEPS="net_veth.interface_host
-         chroot.name net.interface_ethernet net.interface_wifi"
+# network interfaces, example: CR_NINF="veh0 eth0"
+CR_NINF=""
+# wifi interfaces, example: CR_WINF="wlan0"
+CR_WINF=""
+# service dependecies, example: CR_DEPS="net.veh0 chroot.dns chroot.ntp net.eth0 net.wlan0"
+CR_DEPS=""
 # wait in seconds to run CR_COMD
 CR_CDWT=1
-# wait in seconds to start the sercice
+# wait in seconds to start the service
 CR_STWT=7
 # wait in seconds to stop the service
 CR_SPWT=7

/etc/init.d/chroot


 depend() {
-        need $CR_NDEP
+        need $CR_DEPS
         after modules bootmisc localmount net netmount
         keyword -jail -prefix -vserver
         provide oslv
 }

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-18
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 193.18 KiB
Installed Size  : 1720.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Sun 08 Jul 2018 01:28:16 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

  • On boot “openrc” and/or start “chroot” initscripts.
AnyBug ReportVery HighCritical [netifrc] fix "net_veth" and "net_macsec" initscripts Closed
100%
Task Description

Description:

  • “net_veth” and “net_macsec” initscripts contains some issues.

Additional info:

  • netifrc 0.6.0-2.backports1

/etc/conf.d/net_veth


-# Source Interface (host)
-IFSRC=interface_host
+# Source Interface (host), example: IFSRC=veh0
+IFSRC=veh0
 # Set custom parameters on Source Interface
 IFCTS=
-# Destination Interface (guest)
-IFDST=interface_guest
+# Destination Interface (guest), example: IFDST=veg0
+IFDST=veg0
 # Set custom parameters on Destination Interface
 IFCTD=

/etc/conf.d/net_macsec


-# Source Interface (host)
-IFSRC=interface_host
-# Network init service dependency from Source Interface
-#IFDEP=net.interface_host
-# Destination Interface (macsec/guest)
-IFDST=interface_macsec
+# Source Interface (host), example: IFSRC=eth0
+IFSRC=eth0
+# Network init service dependency from Source Interface, example: IFDEP=net.eth0
+IFDEP=
+# Destination Interface (macsec/guest), example: IFDST=macsec0
+IFDST=macsec0
 # Set custom parameters on MACsec Interface
 IFCTD=

---

 IFPAR="cipher gcm-aes-128
        icvlen 16
        encrypt on
        protect off
        replay off
        send_sci on
-       validate strict"
+       validate disabled"

---

-# Add receive channels and/or receive association keys (RXSC), examples:
-#
-# [sci_<0..ffffffffffffffff(hex)>|port_<1..65535(dec)>_address_<00:00:00:00:00:00..ff:ff:ff:ff:ff:ff(hex)>][_<on/off>]
-#
-# sci_0
-# sci_ffffffffffffffff_on
-# port_1_address_00:00:00:00:00:00
-# port_2_address_ff:ff:ff:ff:ff:ff_off
-#
-# [sci_<0..ffffffffffffffff(hex)>_|port_<1..65535(dec)>_address_<00:00:00:00:00:00..ff:ff:ff:ff:ff:ff(hex)>_]sa_<0..3(dec)>_[pn_<1..4294967295(dec)>_][<on/off>_]key_<00..ff(hex)>_<00000000000000000000000000000000..ffffffffffffffffffffffffffffffff(hex)>
-#
-# sa_0_key_00_00000000000000000000000000000000
-# sa_1_key_pn_1_01_f00f00f00f00f00f00f00f00f00f00f0
-# sa_2_key_on_32_de_de00de00de00de00de00de00de00de00
-# sa_3_key_pn_16345_off_a1_fca1fca1fca1fca1fca1fca1fca1fca1
-# sci_0_sa_0_key_00_00000000000000000000000000000000
-# sci_32_sa_1_key_pn_1_01_f00f00f00f00f00f00f00f00f00f00f0
-# sci_451_sa_2_key_on_32_de_de00de00de00de00de00de00de00de00
-# sci_7438f_sa_3_key_pn_16345_off_a1_fca1fca1fca1fca1fca1fca1fca1fca1
-# port_1_address_00:00:00:00:00:00_sa_0_key_00_00000000000000000000000000000000
-# port_2_address_ff:ff:ff:ff:ff:ff_sa_1_key_pn_1_01_f00f00f00f00f00f00f00f00f00f00f0
-# port_3_address_00:00:00:ff:ff:ff_sa_2_key_on_32_de_de00de00de00de00de00de00de00de00
-# port_4_address_ff:ff:ff:00:00:00_sa_3_key_pn_16345_off_a1_fca1fca1fca1fca1fca1fca1fca1fca1
+# Add receive channels and/or receive association keys (RXSC), examples:
+#
+# "[sci <0..ffffffffffffffff(hex)>|port <1..65535(dec)> address <00:00:00:00:00:00..ff:ff:ff:ff:ff:ff(hex)>][ <on/off>]"
+#
+# "sci 0"
+# "sci ffffffffffffffff on"
+# "port 1 address 00:00:00:00:00:00"
+# "port 2 address ff:ff:ff:ff:ff:ff off"
+#
+# "[sci <0..ffffffffffffffff(hex)> |port <1..65535(dec)> address <00:00:00:00:00:00..ff:ff:ff:ff:ff:ff(hex)> ]sa <0..3(dec)> [pn <1..4294967295(dec)> ][<on/off> ]key <00..ff(hex)> <00000000000000000000000000000000..ffffffffffffffffffffffffffffffff(hex)>"
+#
+# "sci 0 sa 0 key 00 00000000000000000000000000000000"
+# "sci 32 sa 1 pn 1 key 01 f00f00f00f00f00f00f00f00f00f00f0"
+# "sci 451 sa 2 on key de de00de00de00de00de00de00de00de00"
+# "sci 7438f sa 3 pn 16345 off key a1 fca1fca1fca1fca1fca1fca1fca1fca1"
+# "port 1 address 00:00:00:00:00:00 sa 0 key 00 00000000000000000000000000000000"
+# "port 2 address ff:ff:ff:ff:ff:ff sa 1 pn 1 key 01 f00f00f00f00f00f00f00f00f00f00f0"
+# "port 3 address 00:00:00:ff:ff:ff sa 2 on key de de00de00de00de00de00de00de00de00"
+# "port 4 address ff:ff:ff:00:00:00 sa 3 pn 16345 off key a1 fca1fca1fca1fca1fca1fca1fca1fca1"
+#
+# IFRSC=("port 1 address 00:00:00:00:00:00 on"
+#        "port 1 address 00:00:00:00:00:00 sa 0 pn 1 on key 00 00000000000000000000000000000000"
+#        "sci ffffffffffff0001 on"
+#        "sci ffffffffffff0001 sa 0 pn 1 on key 00 ffffffffffffffffffffffffffffffff")
 IFRSC=()

-# Add trasmition association keys (TXSC) , examples:
-# sa_<0..3(dec)>_[pn_<1..4294967295(dec)>_][<on/off>_]key_<00..ff(hex)>_<00000000000000000000000000000000..ffffffffffffffffffffffffffffffff(hex)>
-#
-# sa_0_key_00_00000000000000000000000000000000
-# sa_1_key_pn_1_01_f00f00f00f00f00f00f00f00f00f00f0
-# sa_2_key_on_32_de_de00de00de00de00de00de00de00de00
-# sa_3_key_pn_16345_off_a1_fca1fca1fca1fca1fca1fca1fca1fca1
+# Add trasmition association keys (TXSC) , examples:
+# "sa <0..3(dec)> [pn <1..4294967295(dec)> ][<on/off> ]key <00..ff(hex)> <00000000000000000000000000000000..ffffffffffffffffffffffffffffffff(hex)>"
+#
+# "sa 0 key 00 00000000000000000000000000000000"
+# "sa 1 pn 1 key 01 f00f00f00f00f00f00f00f00f00f00f0"
+# "sa 2 on key de de00de00de00de00de00de00de00de00"
+# "sa 3 pn 16345 off key a1 fca1fca1fca1fca1fca1fca1fca1fca1"
+#
+# IFTSC=("sa 0 pn 1 on key 00 00000000000000000000000000000000")
 IFTSC=()

/etc/init.d/net_macsec


                         if [[ $IFRSC ]]; then
-                                for mac_rxsc in ${IFRSC[@]}; do
-                                        ip macsec add $IFDST rx ${mac_rxsc/_/ }
+                                for mac_rxsc in "${IFRSC[@]}"; do
+                                        ip macsec add $IFDST rx $mac_rxsc
                                 done
                         fi
                         if [[ $IFTSC ]]; then
-                                for mac_txsc in ${IFTSC[@]}; do
-                                        ip macsec add $IFDST tx ${mac_txsc/_/ }
+                                for mac_txsc in "${IFTSC[@]}"; do
+                                        ip macsec add $IFDST tx $mac_txsc
                                 done
                         fi

$ pacman -Si netifrc
Repository      : core
Name            : netifrc
Version         : 0.6.0-2.backports1
Description     : Network interface management scripts
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Netifrc
Licenses        : BSD2
Groups          : base
Provides        : None
Depends On      : eudev
Optional Deps   : iproute2: for interface handler, VPN, bridging and tunneling support (recommended)
                  net-tools: for interface handler support
                  bridge-utils: for bridging support
                  linux-atm: for CLIP and RFC 2684 bridge support
                  wpa_supplicant: for wireless networking support (recommended)
                  wireless_tools: for wireless networking support
                  dhcpcd: for DHCP support (recommended)
                  dhclient: for DHCP support
                  busybox: for DHCP support
                  iputils: for APIPA support
                  ifenslave: for bonding interfaces
                  ppp: for PPP and ADSL support (recommended)
                  rp-pppoe: for ADSL support
                  macchanger: for changing MAC addresses
                  ifplugd: for cable in/out detection
Conflicts With  : None
Replaces        : None
Download Size   : 66.18 KiB
Installed Size  : 373.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Tue 03 Jul 2018 12:16:13 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

  • Boot “openrc” and/or start “net_{veth,macsec}” initscripts.
AnyBug ReportVery HighCritical [netifrc] "net.lo" initscript is forced to load in "boo ...Closed
100%
Task Description

Description:

  • “net.lo” initscript is forced to load in “boot” runlevel by default.
  • “loopback” interface doesn’t need changes.
  • “net.lo” initscript conflicts with another network services, like: NetworkManager.
  • “net.lo” initscript takes extra processor and memory resources when is useless.

Additional info:

  • netifrc 0.6.0-2.backports1
This file needs be removed:
* /etc/runlevels/boot/net.lo
$ pacman -Si netifrc
Repository      : core
Name            : netifrc
Version         : 0.6.0-2.backports1
Description     : Network interface management scripts
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Netifrc
Licenses        : BSD2
Groups          : base
Provides        : None
Depends On      : eudev
Optional Deps   : iproute2: for interface handler, VPN, bridging and tunneling support (recommended)
                  net-tools: for interface handler support
                  bridge-utils: for bridging support
                  linux-atm: for CLIP and RFC 2684 bridge support
                  wpa_supplicant: for wireless networking support (recommended)
                  wireless_tools: for wireless networking support
                  dhcpcd: for DHCP support (recommended)
                  dhclient: for DHCP support
                  busybox: for DHCP support
                  iputils: for APIPA support
                  ifenslave: for bonding interfaces
                  ppp: for PPP and ADSL support (recommended)
                  rp-pppoe: for ADSL support
                  macchanger: for changing MAC addresses
                  ifplugd: for cable in/out detection
Conflicts With  : None
Replaces        : None
Download Size   : 66.18 KiB
Installed Size  : 373.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Tue 03 Jul 2018 12:16:13 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

  • Boot “openrc”.
  • Install and update [netifrc] package.
AnyBug ReportVery HighCritical [eudev] "udev" and "udev-trigger" initscripts are force ...Closed
100%
Task Description

Description:

  • “udev” initscript is loaded by “udev-trigger”.
  • “udev-trigger” is needed load on “boot” runlevel, not”sysinit” one.
  • “udev-trigger” initscript is forced to be added in the sysinit runlevel through upgrading package process
  • It avoids use “eudev” side-by-side with “vdev”.

Additional info:

  • eudev 3.2.5-2
This file need be removed:
* /etc/runlevels/sysinit/udev
This file needs to be changed in "boot" runlevel, not "sysinit" runlevel;
This file needs be included only in the installing process not updating one.
- /etc/runlevels/sysinit/udev-trigger
+ /etc/runlevels/boot/udev-trigger
$ pacman -Si eudev
Repository      : core
Name            : eudev
Version         : 3.2.5-2
Description     : The userspace dev tools (udev) forked by Gentoo, with OpenRC support
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:Eudev
Licenses        : GPL
Groups          : None
Provides        : udev
Depends On      : libeudev  kbd  kmod  hwids  util-linux
Optional Deps   : None
Conflicts With  : udev
Replaces        : udev
Download Size   : 931.20 KiB
Installed Size  : 7072.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Sun 01 Jul 2018 01:26:17 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

  • Boot “openrc”.
  • Install and update [eudev] package.
AnyBug ReportVery HighCritical [openrc] run "sysctl" initscript after "net" initscript Closed
100%
Task Description

Description:

  • “sysctl” initscript doesn’t set sysctl parameters on network interfaces.
  • “sysctl” initscript needs run “sysctl” initscript after “net” initscript.

Additional info:

  • openrc 0.28-18

/etc/init.d/sysctl


-        after clock
+        after clock net

$ pacman -Si openrc
Repository      : core
Name            : openrc
Version         : 0.28-18
Description     : A dependency based init system that works with the system provided init program
Architecture    : x86_64
URL             : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses        : BSD2
Groups          : None
Provides        : None
Depends On      : psmisc  pam
Optional Deps   : netifrc: network interface management scripts
                  networkmanager: network connection manager and user applications
Conflicts With  : None
Replaces        : None
Download Size   : 193.18 KiB
Installed Size  : 1720.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Sun 08 Jul 2018 01:28:16 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

  • Boot “openrc”
AnySecurity IssueVery HighCritical [openssh] CVE-2018-15473 Closed
100%
Task Description

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

https://security-tracker.debian.org/tracker/CVE-2018-15473

Patch: https://salsa.debian.org/ssh-team/openssh/commit/4641c58a3279f6b118f9562babaa0ee050a38619

Technical analysis: https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/

AnySecurity IssueVery HighCritical [dropbear] CVE-2018-15599 Closed
100%
Task Description

User enumeration in Dropbear 2018.76 and earlier
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html

Patch: https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00

AnySecurity IssueVery HighCritical [mutt] CVE-2018-14354 Closed
100%
AnySecurity IssueVery HighCritical [iceweasel-uxp-noscript] Zero-day bypass and script exe ...Closed
100%
AnySecurity IssueVery HighCritical [util-linux] CVE-2018-7738 Closed
100%
AnySecurity IssueVery HighCritical [schroedinger] unmaintained and unsupportable Closed
100%
AnySecurity IssueVery HighCritical [vlc] CVE-2017-17670 Closed
100%
AnySecurity IssueVery HighCritical [vlc] CVE-2018-11529 Closed
100%
AnySecurity IssueVery HighCritical [qtpass] Insecure Password Generation prior to 1.2.1 Closed
100%
AnyFreedom IssueVery HighCritical [qtemu] package recommends installing non-free OSes Closed
100%
AnySecurity IssueVery HighCritical [toxcore] Memory leak - Remote DDoS vunerability Closed
100%
AnySecurity IssueVery HighCritical [libssh] CVE-2018-10933 Closed
100%
AnySecurity IssueVery HighCritical [openldap] 2.4.44 multiple security issues Closed
100%
AnySecurity IssueVery HighCritical [php] CVE-2017-9120 Closed
100%
StableFreedom IssueVery HighCritical [cool-retro-term] update package to 1.0.1 and remove no ...Closed
100%
StableFreedom IssueVery HighCritical [xorg-fonts-misc] contains non-libre/free Syriac typefa ...Closed
100%
AnyFreedom IssueVery HighCritical [python-pip][python2-pip] Pip recommends proprietary so ...Closed
100%
AnyFreedom IssueVery HighCritical [purple-skypeweb] Plugin only useful with Skype Closed
100%
StableFreedom IssueVery HighCritical [gftp] Remove many other (old and dead) FTP site bookma ...Closed
100%
AnyFreedom IssueVery HighCritical [man-pages] contains nonfree POSIX manual pages Closed
100%
AnyBug ReportVery HighCritical [linux-libre-lts] spinlock not released on kernel by i9 ...Closed
100%
AnyBug ReportVery HighCritical [electrum] package no longer works Closed
100%
StableSecurity IssueVery HighCritical [exim] CVE-2019-10149 Closed
100%
AnyFreedom IssueVery HighCritical [supertuxkart] remove nonfree Ubuntu Font Family fonts Closed
100%
AnyBug ReportVery HighCritical [cups] [cups-filters] ServerBin directory inconsistency Closed
100%
StableBug ReportVery HighCritical [iceweasel-uxp] Broken addons with latest update Closed
100%
AnyFreedom IssueVery HighCritical [clementine] using non-free services and interfaces Closed
100%
Showing tasks 51 - 100 of 1513 Page 2 of 31

Available keyboard shortcuts

Tasklist

Task Details

Task Editing