Parabola Issue Tracker: Issueshttps://labs.parabola.nu/https://labs.parabola.nu/favicon.ico?15367742552016-02-14T18:49:31ZParabola Issue Tracker
Redmine Packages - Bug #933 (open): Outdated mirrors security issue.https://labs.parabola.nu/issues/9332016-02-14T18:49:31ZGNUtooGNUtoo@cyberdimension.org
<p>Hi,</p>
We had this mirror in /etc/pacman.d/mirrorlist as the first(default) mirror:<br /><pre>http://parabolagnulinux.mirrors.linux.ro/$repo/os/$arch</pre><br />The issue is that it stopped being up to date.<br />/etc/pacman.d/mirrorlist comes from libre/pacman-mirrorlist.<br />Here we assume that the user kept the default configuration.<br />When that mirror stopped being up to date, pacman still used it to check for updates, and will still do for as long as that mirror is still online.<br />It only uses that mirror since it's available online and it's the first/default one.<br />Computers still using that mirror do not have an up to date system.<br />They will continue to do so, until the user finds the lack of update suspicous enough to bother checking what happened, unless we:
<ul>
<li>Warn the users.</li>
<li>Fix Parabola to prevent such issue from happening again.</li>
</ul>
<p>Here the mirror is not necessarily malicious. It could just have had an issue and stop syncing.<br />Parabola should be resilient to that, either automatically, or with the help of people like its developers or community.</p>
We should prevent systems from not learning about new updates:
<ul>
<li>First by addressing that concern assuming that the mirrors are not malicious, that also assume possible MITM.</li>
<li>Then by addressing the malicious mirrors concerns.</li>
</ul>
<p>As parabola infrastructure was down when I found that issue, I sent a mail to the [DEV] mailing list, but the mail delivery was delayed due to the infrastructure being down.<br />Its subject is "[Dev] Mirrors vulnerability issue, Many outdated installs in the wild"</p> Packages - Packaging Request #918 (fixed): [PCR] wordwarvihttps://labs.parabola.nu/issues/9182016-01-17T22:52:40ZGNUtooGNUtoo@cyberdimension.org
<p>Hi,</p>
<p>wordwarvi is a fun game <a class="external" href="https://aur.archlinux.org/packages/wordwarvi/">https://aur.archlinux.org/packages/wordwarvi/</a></p>
<p>COPYING has the GPLv2 and sounds/Attribution.txt has CC-BY and CC-BY-SA sound files<br />The above was checked on git HEAD.</p>
<p>Denis.</p> Servers - Bug #912 (fixed): https://labs.parabola.nu/ still uses ca-cert.https://labs.parabola.nu/issues/9122016-01-09T00:00:25ZGNUtooGNUtoo@cyberdimension.org
<p>ca-cert is not in some browsers, like the tor-browser.</p>
<p>Someone suggested on IRC to use letsencrypt instead, so I bugreport because that person didn't want to register.</p>
<p>Denis.</p> Packages - Packaging Request #911 (fixed): [check-pacman-mtree] add package for PCRhttps://labs.parabola.nu/issues/9112016-01-08T20:52:49ZGNUtooGNUtoo@cyberdimension.org
<p>This permits to check the integrity of installed packages</p>
<p>Its source code and a PKGBUILD is available at: <a class="external" href="https://aur.archlinux.org/check-pacman-mtree.git">https://aur.archlinux.org/check-pacman-mtree.git</a></p>
<p>Denis.</p> Packages - Bug #887 (not-a-bug): "Any" architecturehttps://labs.parabola.nu/issues/8872015-12-10T12:04:26ZGNUtooGNUtoo@cyberdimension.org
<p>Hi,</p>
<p>it seems that arch has an architecture named "any" for architecture-independant packages.<br /><a class="external" href="https://www.archlinux.org/packages/?arch=any">https://www.archlinux.org/packages/?arch=any</a><br />We don't.</p>
<p>Is it an issue? Or is it me that uses stable repositories instead of the -testing ones?</p>
<p>Denis.</p> Packages - Bug #882 (fixed): [handbrake][handbrake-cli] recompile against libvpx 1.5.0https://labs.parabola.nu/issues/8822015-12-05T00:15:39ZGNUtooGNUtoo@cyberdimension.org
<p>ghb needs to be recompiled on i686 and x86_64:<br />% ghb <br />ghb: error while loading shared libraries: libvpx.so.2: cannot open shared object file: No such file or directory</p> Documentation - Bug #872 (fixed): Duplicated standalone installation instructions need to be mergedhttps://labs.parabola.nu/issues/8722015-11-22T18:06:11ZGNUtooGNUtoo@cyberdimension.org
<p>Move <a class="external" href="https://wiki.parabola.nu/User:Isacdaavid/Sandbox">https://wiki.parabola.nu/User:Isacdaavid/Sandbox</a> the the main namespace, like <a class="external" href="https://wiki.parabola.nu/Parabola_ARM_installation">https://wiki.parabola.nu/Parabola_ARM_installation</a></p> Packages - Bug #805 (not-a-bug): Empty ca-certificates packageshttps://labs.parabola.nu/issues/8052015-09-18T09:44:37ZGNUtooGNUtoo@cyberdimension.org
<p>At the time of writing, It's not empty in arch: <a class="external" href="https://www.archlinux.org/packages/core/any/ca-certificates/files/">https://www.archlinux.org/packages/core/any/ca-certificates/files/</a><br />I guess they have a newer version.</p>
<p>This breaks some software, it's also visible when installing mono:<br />(1/1) reinstalling mono [##########################################] 100%<br />Unknown option or file not found '{0}'.<br />Linux Cert Store Sync - version 4.0.4.0<br />Synchronize local certs with certs from local Linux trust store.<br />Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.</p>
<p>Usage: cert-sync [--quiet] system-ca-bundle.crt<br />Where system-ca-bundle.crt is in PEM format<br />error: command failed to execute correctly</p> Packages - Packaging Request #785 (fixed): Package gwshttps://labs.parabola.nu/issues/7852015-08-17T18:53:26ZGNUtooGNUtoo@cyberdimension.org
<p>gws is a tool that can help manage a big number of local git repositories.</p>
<p>There is a PKGBUILD here: <a class="external" href="https://aur4.archlinux.org/packages/gws/">https://aur4.archlinux.org/packages/gws/</a></p>
<p>Denis.</p> Packages - Packaging Request #759 (fixed): Package navit in PCRhttps://labs.parabola.nu/issues/7592015-07-16T14:43:36ZGNUtooGNUtoo@cyberdimension.org
<p>hi,</p>
<p>There is a pkgconfig (and a patch inside the comments) there: <a class="external" href="https://aur.archlinux.org/packages/navit/">https://aur.archlinux.org/packages/navit/</a></p>
<p>Denis.</p> Packages - Bug #741 (fixed): [kicad-bzr] package a more recent one in PCRhttps://labs.parabola.nu/issues/7412015-06-14T19:03:09ZGNUtooGNUtoo@cyberdimension.org
<ul>
<li>The Kicad project strongly advise to use a recent version.</li>
<li>Some important libraries for the PCB and the footprints are not compatible with the old version</li>
</ul>
<p>A pkgbuild is available here:<br /><a class="external" href="https://aur.archlinux.org/packages/kicad-bzr/">https://aur.archlinux.org/packages/kicad-bzr/</a></p> Packages - Bug #713 (fixed): x86, x86_64: libre/handbrake-svn, libre/handbrake-cli-svn: still lin...https://labs.parabola.nu/issues/7132015-05-06T21:55:40ZGNUtooGNUtoo@cyberdimension.org
<p>They have to be recompiled:</p>
<p>% ghb<br />ghb: error while loading shared libraries: libx264.so.142: cannot open shared object file: No such file or directory</p>
<p>% HandBrakeCLI <br />HandBrakeCLI: error while loading shared libraries: libx264.so.142: cannot open shared object file: No such file or directory</p>
<p>Denis.</p> Packages - Packaging Request #711 (fixed): xf86-video-qxlhttps://labs.parabola.nu/issues/7112015-05-03T16:13:51ZGNUtooGNUtoo@cyberdimension.org
<p>This will make parabola graphics way faster in a vm:<br /> <a class="external" href="https://aur.archlinux.org/packages/xf86-video-qxl/">https://aur.archlinux.org/packages/xf86-video-qxl/</a></p>
<p>Trisquel already has xf86-video-qxl.</p>
<p>Denis.</p> Packages - Bug #533 (fixed): handbrake-svn (and maybe handbrake-cli-svn) needs to be recompiledhttps://labs.parabola.nu/issues/5332014-05-30T20:30:54ZGNUtooGNUtoo@cyberdimension.org
<p>[gnutoo@T60 ~]$ ghb <br />ghb: error while loading shared libraries: libx264.so.138: cannot open shared object file: No such file or directory<br />[gnutoo@T60 ~]$ uname -m<br />i686</p> Packages - Bug #275 (not-a-bug): vlc+totem (/usr/lib/libdvdnav.so.4) segfault while opening a dvd.https://labs.parabola.nu/issues/2752012-12-12T13:03:04ZGNUtooGNUtoo@cyberdimension.org
<p>gdb on totem gives that as the last functions in the stack:<br />#0 0xac3206ec in dvdnav_describe_title_chapters () from /usr/lib/libdvdnav.so.4<br /><a class="issue tracker-1 status-2 priority-5 priority-high3 closed" title="Bug: [bugs/labs] Migrate bug tracker (fixed)" href="https://labs.parabola.nu/issues/1">#1</a> 0xac35e156 in ?? () from /usr/lib/gstreamer-1.0/libgstresindvd.so</p>
<p>I've libdvdread, libdvdnav and libdvdcss...</p>
<p>Denis</p>