|
Packages | Any | Security Issue | Very High | Critical | [libressl] add package as OpenSSL replacement and defau ... | Closed | |
Task Description
LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.
It was forked from the OpenSSL in April 2014 as a response by OpenBSD developers to the Heartbleed security vulnerability in OpenSSL, [4] [5] [6] [7] with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. [8]
As LibreSSL follow the same goals than Hyperbola Packaging Guidelines in stability and security concerns, it should be the default provider of SSL and TLS protocols for Hyperbola Project.
|
|
Packages | Any | Security Issue | Very High | Critical | [avahi] blacklist package since it's a zeroconf impleme ... | Closed | |
Task Description
Avahi is a zero-configuration networking implementation that contains critical security issues because mDNS operates under a different trust model than unicast DNS trusting the entire network rather than a designated DNS server, it is vulnerable to spoofing attacks by any system within the multicast IP range. Like SNMP and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines. [0]
Since it violates the Hyperbola Social Contract , Avahi should be blacklisted.
|
|
Packages | Any | Security Issue | High | Critical | [geth] possible denial of service attacks "DoS Attack" | Closed | |
Task Description
Geth 1.6.x contains possible denial of service attacks “DoS Attack”, however it has been solved in 1.7.2 [0] instead. Since 1.6.x needs many modifications spread across multiple files of the code and it is inefficient to be backported, the newer version (eg. 1.7.x) could replace the current version package as exception, but repackaged with the appropriate suffix “-backports”.
|
|
Packages | Any | Security Issue | Very High | Critical | [vlc] CVE-2017-17670 | Closed | |
Task Description
Description:
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Packages | Any | Security Issue | Very High | Critical | [vlc] CVE-2018-11529 | Closed | |
Task Description
Description:
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Packages | Any | Privacy Issue | Very High | Critical | [libreoffice*] contains Google API keys | Closed | |
Task Description
Libreoffice contains Google API keys which affects privacy.
|
|
Packages | Any | Privacy Issue | Very High | Critical | [cutegram] only useful with Telegram service | Closed | |
Task Description
Description: Cutegram is a Telegram client. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si cutegram
Repository : community
Name : cutegram
Version : 2.7.1-3
Description : A different telegram client from Aseman team
Architecture : x86_64
URL : http://aseman.co/en/products/cutegram/
Licenses : GPL
Groups : None
Provides : cutegram
Depends On : qt5-imageformats qt5-webkit telegramqml>=0.9.1 libqtelegram-ae>=3:6.1
Optional Deps : gst-plugins-bad: audio support
gst-plugins-good: audio and notification sound
Conflicts With : cutegram-git sigram-git sigram cutegram
Replaces : cutegram-cn
Download Size : 12.03 MiB
Installed Size : 17.07 MiB
Packager : Jiachen Yang <farseerfc@gmail.com>
Build Date : Mon 25 Jan 2016 05:59:04 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Privacy Issue | Very High | Critical | [libqtelegram-ae] only useful with Telegram service | Closed | |
Task Description
Description: libqtelegram-ae is Telegram library written in Qt based on telegram-cli code. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si libqtelegram-ae
Repository : community
Name : libqtelegram-ae
Version : 3:6.1-4
Description : Telegram library written in Qt based on telegram-cli code
Architecture : x86_64
URL : https://launchpad.net/libqtelegram
Licenses : GPL3
Groups : None
Provides : None
Depends On : qt5-base qt5-multimedia
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 431.27 KiB
Installed Size : 1999.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Wed 05 Apr 2017 07:16:39 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Privacy Issue | Very High | Critical | [telegram-qt] only useful with Telegram service | Closed | |
Task Description
Description: TelegramQt is a Telegram binding for Qt. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si telegram-qt
Repository : community
Name : telegram-qt
Version : 0.1.0-2
Description : Qt bindings for the Telegram protocol
Architecture : x86_64
URL : https://github.com/Kaffeine/telegram-qt
Licenses : GPL
Groups : None
Provides : None
Depends On : qt5-base
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 204.80 KiB
Installed Size : 747.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Sat 18 Feb 2017 06:49:55 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Privacy Issue | Very High | Critical | [telegramqml] only useful with Telegram service | Closed | |
Task Description
Description: TelegramQML are Telegram API tools for QtQml and Qml. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si telegramqml
Repository : community
Name : telegramqml
Version : 0.9.2-2
Description : Telegram API tools for QtQml and Qml
Architecture : x86_64
URL : https://github.com/Aseman-Land/TelegramQML
Licenses : GPL
Groups : None
Provides : None
Depends On : qt5-webkit qt5-imageformats qt5-graphicaleffects qt5-quickcontrols libqtelegram-ae
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 401.03 KiB
Installed Size : 1905.00 KiB
Packager : Jiachen Yang <farseerfc@gmail.com>
Build Date : Mon 25 Jan 2016 05:46:59 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Privacy Issue | Very High | Critical | [telepathy-morse] only useful with Telegram service | Closed | |
Task Description
Description: Telepathy-Morse is a Qt-based Telegram connection manager for the Telepathy framework. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si telepathy-morse
Repository : community
Name : telepathy-morse
Version : 0.1.0-1
Description : Telepathy Connection Manager for the Telegram network
Architecture : x86_64
URL : https://github.com/TelepathyQt/telepathy-morse
Licenses : GPL
Groups : None
Provides : None
Depends On : telepathy-qt5 telegram-qt
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 90.80 KiB
Installed Size : 351.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Fri 16 Sep 2016 11:49:33 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Privacy Issue | Very High | Critical | [telepathy-kde-accounts-kcm] recommends Telepathy-Morse ... | Closed | |
Task Description
Description: telepathy-kde-accounts-kcm contains the telepathy-morse package in its optdepends array. It should be removed since Telepathy-Morse provides support for Telegram, a nonfree server-side service that requires accounts tied to telephone numbers.
Additional info:
$ pacman -Si telepathy-kde-accounts-kcm
Repository : extra
Name : telepathy-kde-accounts-kcm
Version : 17.04.0-1
Description : KCM Module for configuring Telepathy Instant Messaging Accounts
Architecture : x86_64
URL : https://community.kde.org/Real-Time_Communication_and_Collaboration
Licenses : GPL
Groups : kde-applications kdenetwork telepathy-kde
Provides : None
Depends On : telepathy-qt kaccounts-providers
Optional Deps : telepathy-gabble: XMPP/Jabber accounts support
telepathy-haze: account types supported by Pidgin/libpurple
telepathy-morse: Telegram accounts support
telepathy-salut: link-local XMPP account support
Conflicts With : None
Replaces : None
Download Size : 334.86 KiB
Installed Size : 2111.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Sat 15 Apr 2017 06:47:59 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Implementation Request | Medium | Medium | [wine-stable] add package | Closed | |
Task Description
Add Wine stable version (2.x) as default Wine package.
|
|
Packages | Any | Implementation Request | Medium | Low | [hunspell-pt-br] add new package | Closed | |
Task Description
Description: Add Brazilian Portuguese grammar, spelling and hyphenation checker to hunspell.
|
|
Packages | Any | Implementation Request | Medium | Low | [hyphen-pt-br] add new package | Closed | |
Task Description
Description: Add Brazilian Portuguese hyphenation to hunspell.
|
|
Packages | Any | Freedom Issue | Very High | Critical | [warsow] contains Steam support | Closed | |
Task Description
Warsow contains a library called steamlib which is built from the source. It’s useful only for Steam support which is nonfree software.
|
|
Packages | Any | Freedom Issue | Medium | Low | [openssl] vague terminology "Open Source" in descriptio ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
core/openssl 1.1.0.e-1
The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
The Free Software toolkit for Secure Sockets Layer and Transport Layer Security
|
|
Packages | Any | Freedom Issue | Medium | Low | [aiksaurus] vague terminology "Open Source" in descript ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/aiksaurus 1.2.1-5
A cross-platform, open-source thesaurus
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A cross-platform, free-software thesaurus
|
|
Packages | Any | Freedom Issue | Medium | Low | [assimp] vague terminology "Open Source" in description ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/assimp 3.3.1-1
Portable Open Source library to import various well-known 3D model formats in an uniform manner
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Portable Free Software library to import various well-known 3D model formats in an uniform manner
|
|
Packages | Any | Freedom Issue | Medium | Low | [cmake] vague terminology "Open Source" in description ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/cmake 3.8.0-1
A cross-platform open-source make system
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A cross-platform free-software make system
|
|
Packages | Any | Freedom Issue | Medium | Low | [gstreamer] vague terminology "Open Source" in descript ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/gstreamer 1.12.0-1
GStreamer open-source multimedia framework core library
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
GStreamer free-software multimedia framework core library
|
|
Packages | Any | Freedom Issue | Medium | Low | [java-openjfx] vague terminology "Open Source" in descr ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/java-openjfx 8.u121-1
Java OpenJFX 8 client application platform (open-source implementation of JavaFX)
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Java OpenJFX 8 client application platform (free-software implementation of JavaFX)
|
|
Packages | Any | Freedom Issue | Medium | Low | [java-openjfx-doc] vague terminology "Open Source" in d ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/java-openjfx-doc 8.u121-1
Java OpenJFX 8 client application platform (open-source implementation of JavaFX) - documentation
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Java OpenJFX 8 client application platform (free-software implementation of JavaFX) - documentation
|
|
Packages | Any | Freedom Issue | Medium | Low | [java-openjfx-src] vague terminology "Open Source" in d ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/java-openjfx-src 8.u121-1
Java OpenJFX 8 client application platform (open-source implementation of JavaFX) - sources
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Java OpenJFX 8 client application platform (free-software implementation of JavaFX) - sources
|
|
Packages | Any | Freedom Issue | Medium | Low | [java-rhino] vague terminology "Open Source" in descrip ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/java-rhino 1.7.7.1-1.hyperbola1
Open-source implementation of JavaScript written entirely in Java - JAR
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Free-software implementation of JavaScript written entirely in Java - JAR
|
|
Packages | Any | Freedom Issue | Medium | Low | [kdegames-kigo] vague terminology "Open Source" in desc ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [libgdiplus] vague terminology "Open Source" in descrip ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [libical] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [liblouis] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [libofa] vague terminology "Open Source" in description ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [libomxil-bellagio] vague terminology "Open Source" in ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [libupnp] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [mlt] vague terminology "Open Source" in description of ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [mlt-python-bindings] vague terminology "Open Source" i ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [opencore-amr] vague terminology "Open Source" in descr ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [openjdk7-src] vague terminology "Open Source" in descr ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [openjdk8-src] vague terminology "Open Source" in descr ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [openjpeg] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [openjpeg2] vague terminology "Open Source" in descript ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [openslp] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [openssl-1.0] vague terminology "Open Source" in descri ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [rhino] vague terminology "Open Source" in description ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [rhino-javadoc] vague terminology "Open Source" in desc ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [sofia-sip] vague terminology "Open Source" in descript ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [swt] vague terminology "Open Source" in description of ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [tomcat7] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [tomcat8] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [unixodbc] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [wildmidi] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Packages | Any | Freedom Issue | Medium | Low | [x265] vague terminology "Open Source" in description o ... | Closed | |
|