Packages

This morning while I was working on my X200, I noticed that my CPU was kept 100% busy for a long time by some process which was obvioulsy eating up the battery life. The culprit was pacman-key, triggered by logrotate.

To stop this, I did ‘chmod -x /etc/cron.daily/pacman-key’ and I rebooted.

Later on, it was impossible to install a new package as it was impossible to get over the step marked as “checking keys in keyring...”

So I tried to do again ‘pacman-key –refresh-keys’: the overall process took more than an hour—behind a fast and robust internet connection. I finally got three lines, saying that about 1,000 keys were updated but I never got the prompt back. So I hit Ctrl-C.

At the time of writing, I am still trying to refresh the keys—a quite desperate attempt, if I may say so.

Although I tagged this report as a “Feature request”, it is in my opinion of quite some importance. I understand very well the absolute necessity to always have the keys updated, but in this particular case, with so many keys and so frequent updates, I begin to wonder if losses are not beginning to prevail over benefits.

Unless I am doing something wrong or missing something I should do?

Any help would be strongly appreciated.

Robert

Geth 1.6.x contains possible denial of service attacks “DoS Attack”, however it has been solved in 1.7.2 [0] instead. Since 1.6.x needs many modifications spread across multiple files of the code and it is inefficient to be backported, the newer version (eg. 1.7.x) could replace the current version package as exception, but repackaged with the appropriate suffix “-backports”.

As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore.
https://www.youtube.com/watch?v=v25Dy66AtNI

We also shouldn’t use the AppStore if it exists, due to non-free apps.

Known files:
> usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service
> etc/appstore.json

Description:
The light-locker package returns error while tries load shared library libsystemd.so.0.

Additional info:
* package version(s): light-locker-1.6.0-3

Steps to reproduce:

1. Install the package:

  $ sudo pacman -S light-locker
  

1. Run it:

  $ light-locker
  

1. Then, you get the following message:

  light-locker: error while loading shared libraries: libsystemd.so.0: cannot open shared object file: No such file or directory
  

I get this error when trying to run it:

$ utox
utox: error while loading shared libraries: libtoxencryptsave.so.1: cannot open shared object file: No such file or directory

Description:
Since the update to 0.3.9 (or the update of girara to 0.2.9), zathura-pdf-poppler returns the following error:

error: Could not load plugin '/usr/lib/zathura/ps.so' (libgirara-gtk3.so.2: cannot open shared object file: No such file or directory).

Description:

• Segmentation fault after start by terminal emulator but elinks does not crash in console. After that, it prints characters when mouse buttons pressed so it can not copy its output.

Additional info:
* package version(s)

• links 2.14-2
• elinks 0.13-18

* config and/or log files etc.

• gdb output for links 2.16:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4295e43 in strchrnul () from /usr/lib/libc.so.6

• gdb output for elinks 0.13-18:

[New Thread 0x7ffff4dfb700 (LWP 8393)]
Thread 1 "elinks" received signal SIGSEGV, Segmentation fault.
0x00007ffff5fa3e43 in strchrnul () from /usr/lib/libc.so.6

Steps to reproduce:

• Run links and elinks by terminal emulator

Octopi 0.9.0 is uploading system logs to ptpb.pw without confirmation through :

Tools
→ SysInfo → ptpb.pw

I think it should be either disabled or add at least a patch to ask for a confirmation.
An other way could be to patch this :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
256:  return ptpb;

to :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **https://ptpb.pw/", tempFile->fileName());
256:  return ptpb;

This way, you can at least ask for log deletion with the help of log uuid as explained here : https://ptpb.pw/#id10

Description:

this release is mostly bugfix, updated translations, removed some deprecated parts in code (abandoning libgnome-keyring and starting using libsecret) and in UI and added Till’s patches from Ubuntu (Thank you, Till!).

Additional info:
* package version(s)

# pacman -Si system-config-printer
Repositorio               : extra
Nombre                    : system-config-printer
Versión                   : 1.5.9-2
Descripción               : A CUPS printer configuration tool and status applet
Arquitectura              : x86_64
URL                       : https://github.com/zdohnal/system-config-printer
Licencias                 : GPL
Grupos                    : Nada
Provee                    : Nada
Depende de                : python-pycups  python-dbus  python-pycurl  libnotify  python-requests  python-gobject  gtk3  python-cairo
Dependencias opcionales   : python-pysmbc: SMB browser support
                            python-packagekit: to install drivers with PackageKit
                            cups-pk-helper: PolicyKit helper to configure cups with fine-grained privileges
En conflicto con          : Nada
Remplaza a                : Nada
Tamaño de la descarga     : 908,59 KiB
Tamaño de la instalación  : 7159,00 KiB
Encargado                 : Andreas Radke <andyrtr@archlinux.org>
Fecha de creación         : vie 27 ene 2017 04:18:24 -03
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

Steps to reproduce:

Here is the terminal output:

$ electrum
Error: No module named ‘aiorpcx’. Try ‘sudo python3 -m pip install <module-name>

I think a newer python version (e.g. 3.7) might be needed in order to get it to work as well as even after installing missing modules via pip locally the package does not run.

gufw 17.04.1-3

Impossible to start application, error message :

FileNotFoundError: [Errno 2] Aucun fichier ou dossier de ce type: '/usr/sbin/ufw': '/usr/sbin/ufw'

Description:
Postfix is a mess, first it failed to start (running ‘postfix start’) with the following:

  postfix: fatal: chdir(/usr/lib/postfix/bin): No such file or directory

Then, to solve this, I symlinked /usr/libexec/postfix to /usr/lib/postfix/bin, because there were the binaries, but then it came with the following:

  # postfix start
  /usr/lib/postfix/bin/postfix-script: line 89: /usr/bin/postconf: No such file or directory
  /usr/lib/postfix/bin/postfix-script: line 90: /usr/bin/postlog: No such file or directory

Because all the post* bins where now in /usr/sbin, so I symlinked them to /usr/bin, and it could finally run, but with many warnings

  # postfix start
  postfix/postfix-script: warning: symlink leaves directory: /usr/lib/postfix/./bin
  postfix/postfix-script: warning: not owned by group postdrop: /usr/bin/postqueue
  postfix/postfix-script: warning: not owned by group postdrop: /usr/bin/postdrop
  postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/bin/postqueue
  postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/bin/postdrop
  postfix/postfix-script: starting the Postfix mail system

Additional info:
* postfix 3.2.2-1.hyperbola6

Within the current version of smplayer in the repositories a proprietary interface to Chromecast is activated and therefore a risk for privacy of the users as this hardware is the complete opposite of freedom.

https://security-tracker.debian.org/tracker/CVE-2018-1088

http://openwall.com/lists/oss-security/2018/04/18/1

https://bugs.debian.org/896128

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

Upstream patches: https://review.gluster.org/#/c/19899/1..2

Fixed in: https://github.com/gluster/glusterfs/releases/tag/v4.0.2

Description:

In External Linkhttps://git.hyperbola.info:50100/packages/community.git/tree/hostapd/config an option is missing to support 802.11r:

Adding “CONFIG_IEEE80211R=y”

Additional info:
* hostapd 2.6

Description:

I have tried to upgrade hyperbola.

Critical upgrades cannot be installed when wesnoth is installed, there are conflicting files

Steps to reproduce:

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 arch-keyring-201808...  1605.2 KiB   617K/s 00:03 [#########] 100%
 hyperbola-keyring-2...   215.9 KiB   635K/s 00:00 [#########] 100%
 linux-libre-lts-4.9...    59.6 MiB   749K/s 01:22 [#########] 100%
 openvpn-2.4.6-1.hyp...   402.2 KiB  1149K/s 00:00 [#########] 100%
 iceweasel-uxp-52.9....    39.8 MiB   839K/s 00:49 [#########] 100%
 libgdm-3.24.1-1.hyp...    57.3 KiB  1912K/s 00:00 [#########] 100%
 ntp-4.2.8.p11-2.hyp...  1798.4 KiB   833K/s 00:02 [#########] 100%
 sddm-0.14.0-2.hyper...     3.2 MiB   770K/s 00:04 [#########] 100%
 lxdm-0.5.3-4.hyperb...    98.4 KiB   984K/s 00:00 [#########] 100%
 tp_smapi-lts-0.43-1...    26.6 KiB  2.60M/s 00:00 [#########] 100%
 wesnoth-data-1.14.4...   395.1 MiB   745K/s 09:03 [#########] 100%
 wesnoth-1.14.4-1.hy...     5.5 MiB   616K/s 00:09 [#########] 100%
(12/12) checking keys in keyring                   [#########] 100%
(12/12) checking package integrity                 [#########] 100%
(12/12) loading package files                      [#########] 100%
(12/12) checking for file conflicts                [#########] 100%
error: failed to commit transaction (conflicting files)
/usr/share/icons/hicolor/128x128/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/icons/hicolor/16x16/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/icons/hicolor/256x256/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/icons/hicolor/32x32/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/icons/hicolor/512x512/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/icons/hicolor/64x64/apps/wesnoth-icon.png exists in both 'wesnoth-data' and 'wesnoth'
/usr/share/metainfo/wesnoth.appdata.xml exists in both 'wesnoth-data' and 'wesnoth'
Errors occurred, no packages were upgraded.

Description:

Package strongSwan is missing. Can it please be added to relevant repository? The package’s presence is critical for using IKEv2 in VPN.

Additional info:

* Source: Please see added link

Steps to reproduce:

N/A

In `/etc/logrotate.d/rsyslog`, line 5:

/usr/bin/killall -HUP /usr/bin/rsyslogd

should now read as follows:

/usr/bin/killall -HUP /usr/sbin/rsyslogd

With latest 0.3 hyperbola, with the (simple) following partitioning :

/ (ext4)
/swap

The standard HOOK in /etc/mkinitcpio.conf

"HOOKS="base udev autodetect modconf block filesystems keyboard fsck"

fails to include crc32c_generic module, resulting in non bootable system.

The generated fallback initramfs include it though.

The issue was not present with 0.2.9, with the exact same partitioning.

[virt-manager] Failed to initialize a valid firewall backend

I cannot start any virtual machine with current virt-manager.
The error message is the following :

Failed to initialize a valid firewall backend

My username is in “kvm” group.

The only modification to the libvirt config files I made are in /etc/libvirt/qemu.conf

[...]
# Some examples of valid values are:
#
#       user = "qemu"   # A user named "qemu"
#       user = "+0"     # Super user (uid=0)
#       user = "100"    # A user named "100" or a user with uid=100
# 
#user = "root"
user = "david"
[...]

The libvirtd service is enabled (and start without error)
Also, the optional dependencies are correctly installed :

ebtables: required for default NAT networking [installed]
dnsmasq: required for default NAT/DHCP for guests [installed]
bridge-utils: for bridged networking [installed]

This was working fine previously (with 0.2.9) so I don’t know why this isn’t working anymore. As said previously, my config hasn’t changed.

With : v4l-utils 1.12.3-1.hyperbola1

dvb5-scan utility currently segfaults with rtl2832

*** Error in `dvbv5-scan': double free or corruption (fasttop): 0x000000000090be90 ***
======= Backtrace: =========
/lib/libc.so.6(+0x727ad)[0x7f4f9a9657ad]
/lib/libc.so.6(+0x78e6f)[0x7f4f9a96be6f]
/lib/libc.so.6(+0x796ce)[0x7f4f9a96c6ce]
/usr/lib/libdvbv5.so.0(free_dvb_dev+0x13)[0x7f4f9acafa53]
/usr/lib/libdvbv5.so.0(dvb_dev_free_devices+0x28)[0x7f4f9acafaf8]
/usr/lib/libdvbv5.so.0(dvb_dev_free+0x4e)[0x7f4f9acafe2e]
dvbv5-scan[0x401729]
/lib/libc.so.6(__libc_start_main+0xf1)[0x7f4f9a9135a1]
dvbv5-scan[0x4019fa]

This seems to have been fixed, see :

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859008

I don’t know if a patch is available for it though..

With lynis 2.4.8-1.hyperbola2

sudo lynis audit system remote 192.168.0.100

fails because dmidecode is not installed to /usr/sbin/ :

/usr/share/lynis/include/functions: line 1359: /usr/sbin/dmidecode: No such file or directory

With hyperbola 0.3 :

which dmidecode
/usr/bin/dmidecode

Current torsocks version is broken.
It returns the following error when attempting to torify application :

which: no getcap

Description:
The apache pkg has a symlink in /etc/httpd/modules which points to /usr/lib/httpd/modules, and it’s wrong because modules are now located at /usr/libexec/httpd/modules

Also, packages that have apache modules, like:

• extra/php-apache
• community/mod_wsgi
• community/mod_wsgi2

have them in the old location, so they need to be rebuilt.

Additional info:

• apache 2.4.38-1.hyperbola2

Description:
After replacing roundcubemail with roundcubemail-lts, I got the following error:

  PHP Warning:  session_start(): Failed to read session data: user (path: ) in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube_session.php on line 117

And going back to the non-lts version solved it

Additional info:
It looks like it is a problem of roundcube-lts not being fully compatible with PHP 7.1, maybe a backport could fix the issue

Steps to reproduce:
1) Install roundcube
2) open it in a web browser
3) Check /var/log/roundcubemail/errors