|
Packages | Any | Replace Request | Defer | Critical | [bzr] replace deprecated GNU Bazaar to Brezy | Deferred | |
Task Description
Description:
replace deprecated GNU Bazaar to Brezy for Canis Major
Additional info:
bzr 2.7.0-2
GNU Bazaar will be unmaintained (for now, there are only bug fixes)
GNU Bazaar only supports Python 2.
-
-
-
Note: It needs a provide: bazaar and brezy
Steps to reproduce:
|
|
Packages | Any | Replace Request | Defer | Critical | [python2] replace deprecated Python 2 to Tauthon | Deferred | |
Task Description
Description:
replace deprecated Python 2 to Tauthon for Canis Major
Additional info:
Steps to reproduce:
|
|
Packages | Stable | Replace Request | Very Low | Critical | Package spamassassin includes dependencies for systemd | Unconfirmed | |
Task Description
Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd
Additional info: * package version(s) 3.4.1-7
|
|
Packages | Stable | Replace Request | Very Low | Critical | Package opendkim includes dependencies for systemd | Unconfirmed | |
Task Description
Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd
Additional info: * package version(s) 2.10.3-4
|
|
Packages | Stable | Replace Request | Very Low | Medium | Package ossp has got systemd dependencies | Unconfirmed | |
Task Description
Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!
Additional info: * package version(s) 1.3.2-15
|
|
Packages | Any | Replace Request | Low | Low | [appmenu-qt4] replace with appmenu-qt (qt5) | Deferred | |
Task Description
“appmenu-qt4”[0][2] is a deprecated package (release in 2012)[1] and use qt4 unsupported/non-lts software[3], but “appmenu-qt5” not contains any release source code[2]
$ pacman -Si appmenu-qt4 Repository : community Name : appmenu-qt4 Version : 0.2.6-1 Description : Export Qt4 applications menus over D-Bus Architecture : x86_64 URL : https://launchpad.net/appmenu-qt Licenses : GPL Groups : None Provides : None Depends On : libdbusmenu-qt4 Optional Deps : None Conflicts With : appmenu-qt Replaces : appmenu-qt Download Size : 16.55 KiB Installed Size : 48.00 KiB Packager : Antonio Rojas arojas@archlinux.org Build Date : Tue 28 Feb 2017 05:59:31 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://launchpad.net/appmenu-qt (qt4) [1]:https://launchpad.net/appmenu-qt/+download [2]:https://launchpad.net/appmenu-qt5 [3]:https://en.wikipedia.org/wiki/Qt_5.6_LTS
|
|
Packages | Any | Security Issue | Very High | Critical | [openssh] CVE-2018-15919 | Researching | |
Task Description
Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919
|
|
Packages | Any | Security Issue | Very Low | Critical | [octopi] requires su | Unconfirmed | |
Task Description
would it be possible to make it use sudo instead?
From what I know, sudo is safer. Let me know if you agree this is a problem.
|
|
Packages | Any | Security Issue | High | Critical | [octopi] uploads system logs to ptpb.pw without confirm... | In Progress | |
Task Description
Octopi 0.9.0 is uploading system logs to ptpb.pw without confirmation through :
Tools → SysInfo → ptpb.pw
I think it should be either disabled or add at least a patch to ask for a confirmation. An other way could be to patch this :
src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255: QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
256: return ptpb;
to :
src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255: QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **https://ptpb.pw/", tempFile->fileName());
256: return ptpb;
This way, you can at least ask for log deletion with the help of log uuid as explained here : https://ptpb.pw/#id10
|
|
Packages | Any | Security Issue | Very High | Critical | [libssh] CVE-2018-10933 | Researching | |
Task Description
Description: libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.
Additional info: * package version(s) : extra/libssh 0.7.5-1
CVE
|
|
Packages | Any | Security Issue | Very Low | Critical | [dokuwiki] CVEs | Unconfirmed | |
Task Description
Our current dokuwiki 20170219_b-1 has two serious CVE.
Error message attached after the first installation
|
|
Packages | Any | Security Issue | Very Low | Critical | [tcpreplay] CVEs | Unconfirmed | |
Task Description
A huge number of CVEs have been fixed on 4.3.1 :
CVE-2018-20552 CVE-2018-20553 CVE-2018-18408 CVE-2018-18407 CVE-2018-17974 CVE-2018-17580 CVE-2018-17582 CVE-2018-13112
Current Hyperbola version is 4.2.6
|
|
Packages | Any | Security Issue | Medium | Medium | [cinepaint] unmaintained and unsupportable | In Progress | |
Task Description
Remove “cinepaint” package since it’s unmaintained and unsupportable. Also, it doesn’t contains any file format support in the latest version (previous version supported multiple file formats).
I suggest use Krita (or Gimp 2.10) to edit 16bit and 32bit file formats or convert with imagemagick/graphicsmagick.
$ pacman -Si cinepaint
Repository : community
Name : cinepaint
Version : 1:1.0.4-5
Description : Sophisticated graphics manipulation programm supporting > 8bit pictures
Architecture : x86_64
URL : http://www.cinepaint.org
Licenses : LGPL GPL MIT
Groups : None
Provides : None
Depends On : gtk2 openexr lcms libxpm fltk ftgl libxxf86vm
Optional Deps : python2: for python plug-ins
gutenprint: for print plug-ins
ghostscript: for pdf plug-ins
Conflicts With : None
Replaces : None
Download Size : 3.75 MiB
Installed Size : 13.91 MiB
Packager : Christian Hesse <arch@eworm.de>
Build Date : Thu 28 Apr 2016 05:17:05 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Security Issue | Very Low | Medium | [patch] CVE-2018-6951 - NULL pointer DoS | Unconfirmed | |
Task Description
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.
https://security-tracker.debian.org/tracker/CVE-2018-6951
|
|
Packages | Any | Security Issue | Very Low | Medium | [qemu] Multiple CVE | Unconfirmed | |
Task Description
CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug https://www.openwall.com/lists/oss-security/2018/12/13/4
CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) https://www.openwall.com/lists/oss-security/2018/12/13/11
Patches included at above URLs.
|
|
Packages | Stable | Update Request | High | High | [qt5] upgrade Qt project to the 5.6 LTS version, requir... | Deferred | |
Task Description
Cannot mix incompatible Qt library (version 0×50800) with this library (version 0×50904) Aborted
./Nextcloud-2.3.3-x86_64.AppImage: /usr/lib/libQt5Core.so.5: version `Qt_5.9’ not found (required by /tmp/.mount_NextclpprMnG/usr/bin/../lib/libqt5keychain.so.1
These two packages are directly affected by an older qt5...
Could you update all the qt packages to the LTS version available?
|
|
Packages | Any | Update Request | Medium | High | Make Knock patch for Linux-libre 4.14 LTS | Unconfirmed | |
Task Description
The Knock patches for linux-libre maintained by you at https://git.hyperbola.info:50100/kernels/knock.git/ have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x
However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x
This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.
Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do. https://github.com/copperhead/linux-hardened/releases
|
|
Packages | Any | Update Request | Very Low | High | ufw update/ufw bug | Unconfirmed | |
Task Description
There appears to be a bug with the current version of ufw, 0.35-2
Dunno if updating it would fix it, but it is kind of annoying and possibly security issue.
it says ufw is inactive when I reboot despite it being installed in the runlevel.
|
|
Packages | Any | Update Request | Very Low | High | [proj]: please update to latest version | Unconfirmed | |
Task Description
Description:
https://proj4.org/index.html
This package have valuable geodetic applications, and I intend to present Hyperbola GNU/Linux-libre soon in universities and schools in East Africa.
The coordinate system there is not WGS84 and this package only in new version is providing the conversion from East African geographic coordinates to WGS84, and will be very usable in many industrial and private applications.
|
|
Packages | Any | Update Request | Medium | Medium | [cups] update request | Assigned | |
Task Description
New versión v2.2.7
References:
|
|
Packages | Stable | Update Request | Very Low | Medium | [xfe] update package to 1.43.1 | Researching | |
Task Description
In the latest version fixes several minor bugs and search file function issue[1].
[1]: http://roland65.free.fr/xfe/ (see 1.43 and 1.43.1 in the news section)
|
|
Packages | Stable | Update Request | Very Low | Medium | [grafx2] update package to 2.6 | Unconfirmed | |
Task Description
In the latest version was released on 11th of January 2019, with several new features, improvements and fixes[1].
[1]: http://grafx2.chez.com/index.php?article9/2010s (see version 2.6 for more details in update log)
|