|
Packages | Any | Replace Request | Defer | Critical | [bzr] replace deprecated GNU Bazaar to Brezy | Deferred | |
Task Description
Description:
replace deprecated GNU Bazaar to Brezy for Canis Major
Additional info:
bzr 2.7.0-2
GNU Bazaar will be unmaintained (for now, there are only bug fixes)
GNU Bazaar only supports Python 2.
-
-
-
Note: It needs a provide: bazaar and brezy
Steps to reproduce:
|
|
Software Development | Iceweasel-UXP | Implementation Request | Defer | Low | Swiftweasel-UXP theme for Iceweasel-UXP | Unconfirmed | |
Task Description
Description: Historically, Swiftweasel was a Firefox-based application built on XUL platform around 2007 and abandoned in 2010. It was optimized for several architectures using the following methods such as the Profile-Guided Optimization (PGO) and binary code optimization for computers with limited resources.
Since there are users encouraging us develop a Palemoon-based application , and Swiftweasel contains non-trademarked graphics and logos, we could port Swiftweasel to UXP platform as theme for Iceweasel-UXP.
|
|
Software Development | Icedove-UXP | Implementation Request | Defer | Low | Swiftdove-UXP theme for Icedove-UXP | Unconfirmed | |
Task Description
Description: Historically, Swiftdove was a Thunderbird-based application built on XUL platform around 2007 and abandoned in 2010. It was optimized for several architectures using the following methods such as the Profile-Guided Optimization (PGO) and binary code optimization for computers with limited resources.
Since FossaMail may potentially be revived on UXP in the future [0] and Swiftdove contains non-trademarked graphics and logos, we could port Swiftdove to UXP platform as theme for Icedove-UXP.
|
|
Software Development | General | Implementation Request | Defer | Critical | RISC-V (riscv64) porting + multilib support | Deferred | |
Task Description
The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .
Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.
For the future of free computing, we need support architectures that do not come with such malware pre-installed, and RISC-V promises to be a great architecture example for low-power computers, laptops and embedded systems, also as ARM architecture replacement.
Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the RISC-V architecture (riscv64) with multilib support.
NOTE: RISC-V porting is focused only for Hyperbola GNU/Linux-libre .
|
|
Packages | Any | Feature Request | Defer | Medium | [aqemu] libertybsd is missing from installation list | Deferred | |
Task Description
aqemu only lists GNU/Linux and GNU/Hurd. Since LibertyBSD is also free it should also be added.
|
|
Packages | Any | Feature Request | Defer | Low | [php-imagick] add package | Unconfirmed | |
Task Description
php-imagick is an optdepends for many PHP webapps like Nextcloud and Wordpress, would be good to have itin Hyperbola, Arch added it last year
|
|
Packages | Any | Bug Report | Defer | High | [texlive-most] cannot export LaTeX - input csr10' fail... | Deferred | |
Task Description
I was using GNU Emacs, and tried to export LaTeX file or make a PDF. It seems that texlive package is broken, some fonts are missing.
The group named texlive-most cannot be properly installed.
admin→ pacsearch texlive
extra/texlive-bibtexextra 2016.43765-1 (texlive-most)
TeX Live - Additional BibTeX styles and bibliography databases
extra/texlive-bin 2016.41290-12.hyperbola1 [installed]
TeX Live binaries (Hyperbola rebranded)
extra/texlive-core 2016.43757-1.hyperbola2 (texlive-most) [installed]
TeX Live core distribution, without nonfree add-on packages (Hyperbola rebranded)
extra/texlive-fontsextra 2016.43763-1.hyperbola2 (texlive-most) [installed]
TeX Live - all sorts of extra fonts, without nonfree add-on packages
extra/texlive-formatsextra 2016.41438-3 (texlive-most) [installed]
TeX Live - collection of extra TeX 'formats'
extra/texlive-games 2016.43415-1 (texlive-most)
TeX Live - Setups for typesetting various board games, including chess
extra/texlive-genericextra 2016.43605-1 (texlive-most) [installed]
TeX Live - mixed bag of generic macro packages and fonts
extra/texlive-htmlxml 2016.43769-1 (texlive-most)
TeX Live - Packages to convert LaTeX to XML/HTML, and typeset XML/SGML
extra/texlive-humanities 2016.43711-1 (texlive-most)
TeX Live - LaTeX packages for law, linguistics, social sciences, and humanities
extra/texlive-langchinese 2016.43669-1 (texlive-lang)
TeX Live - Fonts and macro packages to typeset Chinese texts
extra/texlive-langcjk 2014.0-1
TeX Live - CJK (Chinese, Japanese, Korean) metapackage
extra/texlive-langcyrillic 2016.43417-1 (texlive-lang)
TeX Live - Fonts and macro packages to typeset Cyrillic texts
extra/texlive-langextra 2016.43739-1 (texlive-lang)
TeX Live - Bundle of all extra language support
extra/texlive-langgreek 2016.43222-1 (texlive-lang)
TeX Live - Fonts and support for typesetting Greek
extra/texlive-langjapanese 2016.43741-1 (texlive-lang)
TeX Live - Fonts and macro packages to typeset Japanese texts
extra/texlive-langkorean 2016.43130-1 (texlive-lang)
TeX Live - Fonts and macro packages to typeset Korean texts
extra/texlive-latexextra 2016.43768-1.hyperbola2 (texlive-most) [installed]
TeX Live - Large collection of add-on packages for LaTeX, without nonfree add-on packages
extra/texlive-music 2016.43375-1 (texlive-most)
TeX Live - Music typesetting packages
extra/texlive-pictures 2016.43767-1 (texlive-most) [installed]
TeX Live - Packages for drawings graphics
extra/texlive-plainextra 2016.43137-1 (texlive-most) [installed]
TeX Live - A collection of add-on packages and macros for plain TeX
extra/texlive-pstricks 2016.43710-1 (texlive-most) [installed]
TeX Live - Additional PSTricks packages
extra/texlive-publishers 2016.43764-1 (texlive-most)
TeX Live - LaTeX classes and packages for specific publishers
extra/texlive-science 2016.43747-1 (texlive-most)
TeX Live - Typesetting for mathematics, natural and computer sciences
[~] admin→ sudo pacman -S texlive-most
:: There are 15 members in group texlive-most:
:: Repository extra
1) texlive-bibtexextra 2) texlive-core 3) texlive-fontsextra 4) texlive-formatsextra 5) texlive-games 6) texlive-genericextra
7) texlive-htmlxml 8) texlive-humanities 9) texlive-latexextra 10) texlive-music 11) texlive-pictures 12) texlive-plainextra
13) texlive-pstricks 14) texlive-publishers 15) texlive-science
Enter a selection (default=all):
warning: texlive-core-2016.43757-1.hyperbola2 is up to date -- reinstalling
warning: texlive-fontsextra-2016.43763-1.hyperbola2 is up to date -- reinstalling
warning: texlive-formatsextra-2016.41438-3 is up to date -- reinstalling
warning: texlive-genericextra-2016.43605-1 is up to date -- reinstalling
warning: texlive-latexextra-2016.43768-1.hyperbola2 is up to date -- reinstalling
warning: texlive-pictures-2016.43767-1 is up to date -- reinstalling
warning: texlive-plainextra-2016.43137-1 is up to date -- reinstalling
warning: texlive-pstricks-2016.43710-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (15) texlive-bibtexextra-2016.43765-1 texlive-core-2016.43757-1.hyperbola2 texlive-fontsextra-2016.43763-1.hyperbola2
texlive-formatsextra-2016.41438-3 texlive-games-2016.43415-1 texlive-genericextra-2016.43605-1
texlive-htmlxml-2016.43769-1 texlive-humanities-2016.43711-1 texlive-latexextra-2016.43768-1.hyperbola2
texlive-music-2016.43375-1 texlive-pictures-2016.43767-1 texlive-plainextra-2016.43137-1 texlive-pstricks-2016.43710-1
texlive-publishers-2016.43764-1 texlive-science-2016.43747-1
Total Download Size: 27.66 MiB
Total Installed Size: 1300.90 MiB
Net Upgrade Size: 110.88 MiB
:: Proceed with installation? [Y/n] y
:: Retrieving packages...
texlive-bibtexextra-2016.43765-1-any 1541.4 KiB 275K/s 00:06 [###############################################] 100%
texlive-games-2016.43415-1-any 416.5 KiB 356K/s 00:01 [###############################################] 100%
texlive-htmlxml-2016.43769-1-any 1197.6 KiB 300K/s 00:04 [###############################################] 100%
texlive-humanities-2016.43711-1-any 299.0 KiB 664K/s 00:00 [###############################################] 100%
texlive-music-2016.43375-1-any 12.2 MiB 398K/s 00:31 [###############################################] 100%
texlive-publishers-2016.43764-1-any 9.2 MiB 471K/s 00:20 [###############################################] 100%
texlive-science-2016.43747-1-any 2.9 MiB 376K/s 00:08 [###############################################] 100%
(15/15) checking keys in keyring [###############################################] 100%
(15/15) checking package integrity [###############################################] 100%
(15/15) loading package files [###############################################] 100%
(15/15) checking for file conflicts [###############################################] 100%
(15/15) checking available disk space [###############################################] 100%
:: Processing package changes...
( 1/15) reinstalling texlive-core [###############################################] 100%
>>> updmap custom entries should go into /etc/texmf/web2c/updmap-local.cfg
>>> fmtutil custom entries should go into /etc/texmf/web2c/fmtutil-local.cnf
( 2/15) installing texlive-bibtexextra [###############################################] 100%
( 3/15) reinstalling texlive-fontsextra [###############################################] 100%
( 4/15) reinstalling texlive-formatsextra [###############################################] 100%
( 5/15) installing texlive-games [###############################################] 100%
( 6/15) reinstalling texlive-genericextra [###############################################] 100%
( 7/15) installing texlive-htmlxml [###############################################] 100%
( 8/15) reinstalling texlive-latexextra [###############################################] 100%
( 9/15) installing texlive-humanities [###############################################] 100%
Optional dependencies for texlive-humanities
texlive-pictures: for package qtree [installed]
(10/15) installing texlive-music [###############################################] 100%
Optional dependencies for texlive-music
python2: for scripts from the lilyglyphs packages [installed]
(11/15) reinstalling texlive-pictures [###############################################] 100%
(12/15) reinstalling texlive-plainextra [###############################################] 100%
(13/15) reinstalling texlive-pstricks [###############################################] 100%
(14/15) installing texlive-publishers [###############################################] 100%
(15/15) installing texlive-science [###############################################] 100%
Optional dependencies for texlive-science
python2-pygments: for pygmentex
:: Running post-transaction hooks...
(1/3) Updating TeXLive filename database...
(2/3) Updating TeXLive format files...
kpathsea: Running mktextfm csr10
mktextfm: Running mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode; input csr10
This is METAFONT, Version 2.7182818 (TeX Live 2016/Hyperbola) (preloaded base=mf)
kpathsea: Running mktexmf csr10
! I can't find file `csr10'.
<*> ...e:=ljfour; mag:=1; nonstopmode; input csr10
Please type another input file name
! Emergency stop.
<*> ...e:=ljfour; mag:=1; nonstopmode; input csr10
Transcript written on mfput.log.
grep: csr10.log: No such file or directory
mktextfm: `mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode; input csr10' failed to make csr10.tfm.
kpathsea: Appending font creation commands to missfont.log.
kpathsea: Running mktextfm ecrm1000
mktextfm: Running mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode; input ecrm1000
This is METAFONT, Version 2.7182818 (TeX Live 2016/Hyperbola) (preloaded base=mf)
kpathsea: Running mktexmf ecrm1000
! I can't find file `ecrm1000'.
<*> ...ljfour; mag:=1; nonstopmode; input ecrm1000
Please type another input file name
! Emergency stop.
<*> ...ljfour; mag:=1; nonstopmode; input ecrm1000
Transcript written on mfput.log.
grep: ecrm1000.log: No such file or directory
mktextfm: `mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode; input ecrm1000' failed to make ecrm1000.tfm.
kpathsea: Appending font creation commands to missfont.log.
kpathsea: Running mktextfm ecrm1000
mktextfm: Running mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode; input ecrm1000
This is METAFONT, Version 2.7182818 (TeX Live 2016/Hyperbola) (preloaded base=mf)
kpathsea: Running mktexmf ecrm1000
! I can't find file `ecrm1000'.
<*> ...ljfour; mag:=1; nonstopmode; input ecrm1000
Please type another input file name
! Emergency stop.
<*> ...ljfour; mag:=1; nonstopmode; input ecrm1000
Transcript written on mfput.log.
grep: ecrm1000.log: No such file or directory
mktextfm: `mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode; input ecrm1000' failed to make ecrm1000.tfm.
kpathsea: Appending font creation commands to missfont.log.
kpathsea: Running mktextfm csr10
mktextfm: Running mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode; input csr10
This is METAFONT, Version 2.7182818 (TeX Live 2016/Hyperbola) (preloaded base=mf)
kpathsea: Running mktexmf csr10
! I can't find file `csr10'.
<*> ...e:=ljfour; mag:=1; nonstopmode; input csr10
Please type another input file name
! Emergency stop.
<*> ...e:=ljfour; mag:=1; nonstopmode; input csr10
Transcript written on mfput.log.
grep: csr10.log: No such file or directory
mktextfm: `mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode; input csr10' failed to make csr10.tfm.
kpathsea: Appending font creation commands to missfont.log.
kpathsea: Running mktextfm csr10
mktextfm: Running mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode; input csr10
This is METAFONT, Version 2.7182818 (TeX Live 2016/Hyperbola) (preloaded base=mf)
kpathsea: Running mktexmf csr10
! I can't find file `csr10'.
<*> ...e:=ljfour; mag:=1; nonstopmode; input csr10
Please type another input file name
! Emergency stop.
<*> ...e:=ljfour; mag:=1; nonstopmode; input csr10
Transcript written on mfput.log.
grep: csr10.log: No such file or directory
mktextfm: `mf-nowin -progname=mf \mode:=ljfour; mag:=1; nonstopmode; input csr10' failed to make csr10.tfm.
kpathsea: Appending font creation commands to missfont.log.
fmtutil [ERROR]: running `pdftex -ini -jobname=utf8mex -progname=utf8mex -enc *utf8mex.ini </dev/null' return status 1
fmtutil [ERROR]: return error due to options --strict
fmtutil [WARNING]: inifile pdfmex.ini for pdfmex/pdftex not found.
fmtutil [ERROR]: running `pdftex -ini -jobname=csplain -progname=csplain -etex -enc csplain-utf8.ini </dev/null' return status 1
fmtutil [ERROR]: return error due to options --strict
fmtutil [ERROR]: running `pdftex -ini -jobname=pdfjadetex -progname=pdfjadetex *pdfjadetex.ini </dev/null' return status 1
fmtutil [ERROR]: return error due to options --strict
fmtutil [ERROR]: running `pdftex -ini -jobname=jadetex -progname=jadetex *jadetex.ini </dev/null' return status 1
fmtutil [ERROR]: return error due to options --strict
fmtutil [WARNING]: inifile mex.ini for mex/pdftex not found.
fmtutil [ERROR]: running `xetex -ini -jobname=pdfcsplain -progname=pdfcsplain -etex csplain.ini </dev/null' return status 1
fmtutil [ERROR]: return error due to options --strict
fmtutil [ERROR]: running `pdftex -ini -jobname=pdfcsplain -progname=pdfcsplain -etex -enc csplain-utf8.ini </dev/null' return status 1
fmtutil [ERROR]: return error due to options --strict
fmtutil [ERROR]: running `luatex -ini -jobname=pdfcsplain -progname=pdfcsplain -etex csplain.ini </dev/null' return status 1
fmtutil [ERROR]: return error due to options --strict
error: command failed to execute correctly
(3/3) Updating TeXLive font maps...
[~]
a
|
|
Packages | Any | Bug Report | Defer | Low | [texlive-most] Cannot remove from system | Deferred | |
Task Description
admin-> sudo pacman -R texlive-most
checking dependencies...
:: ghostscript optionally requires texlive-core: needed for dvipdf
:: inkscape optionally requires texlive-core: latex formulas
Packages (15) texlive-bibtexextra-2016.43765-1 texlive-core-2016.43757-1.hyperbola2 texlive-fontsextra-2016.43763-1.hyperbola2 texlive-formatsextra-2016.41438-3 texlive-games-2016.43415-1
texlive-genericextra-2016.43605-1 texlive-htmlxml-2016.43769-1 texlive-humanities-2016.43711-1 texlive-latexextra-2016.43768-1.hyperbola2 texlive-music-2016.43375-1
texlive-pictures-2016.43767-1 texlive-plainextra-2016.43137-1 texlive-pstricks-2016.43710-1 texlive-publishers-2016.43764-1 texlive-science-2016.43747-1
Total Removed Size: 1300.90 MiB
:: Do you want to remove these packages? [Y/n] y
:: Processing package changes...
( 1/15) removing texlive-science [######################################################################] 100%
( 2/15) removing texlive-publishers [######################################################################] 100%
( 3/15) removing texlive-pstricks [######################################################################] 100%
( 4/15) removing texlive-plainextra [######################################################################] 100%
( 5/15) removing texlive-pictures [######################################################################] 100%
( 6/15) removing texlive-music [######################################################################] 100%
( 7/15) removing texlive-humanities [######################################################################] 100%
( 8/15) removing texlive-latexextra [######################################################################] 100%
( 9/15) removing texlive-htmlxml [######################################################################] 100%
(10/15) removing texlive-genericextra [######################################################################] 100%
(11/15) removing texlive-games [######################################################################] 100%
(12/15) removing texlive-formatsextra [######################################################################] 100%
(13/15) removing texlive-fontsextra [######################################################################] 100%
(14/15) removing texlive-bibtexextra [######################################################################] 100%
(15/15) removing texlive-core [######################################################################] 100%
warning: /etc/texmf/web2c/fmtutil.cnf saved as /etc/texmf/web2c/fmtutil.cnf.pacsave
:: Running post-transaction hooks...
(1/3) Updating TeXLive filename database...
warning: kpathsea: configuration file texmf.cnf not found in these directories: /usr/bin:/usr/bin/share/texmf-local/web2c:/usr/bin/share/texmf-dist/web2c:/usr/bin/share/texmf/web2c:/usr/bin/texmf-local/web2c:/usr/bin/texmf-dist/web2c:/usr/bin/texmf/web2c:/usr:/usr/share/texmf-local/web2c:/usr/share/texmf-dist/web2c:/usr/share/texmf/web2c:/usr/texmf-local/web2c:/usr/texmf-dist/web2c:/usr/texmf/web2c://texmf-local/web2c:/://share/texmf-local/web2c://share/texmf-dist/web2c://share/texmf/web2c://texmf-local/web2c://texmf-dist/web2c://texmf/web2c.
/usr/share/libalpm/scripts/mktexlsr: line 4: /usr/bin/mtxrun: No such file or directory
(2/3) Updating TeXLive format files...
cp: cannot stat 'usr/share/texmf-dist/web2c/fmtutil-hdr.cnf': No such file or directory
cat: 'var/lib/texmf/arch/installedpkgs/*.fmts': No such file or directory
/usr/share/libalpm/scripts/texlive-fmtutil: line 18: /usr/bin/fmtutil-sys: No such file or directory
error: command failed to execute correctly
(3/3) Updating TeXLive font maps...
cp: cannot stat 'usr/share/texmf-dist/web2c/updmap-hdr.cfg': No such file or directory
cat: 'var/lib/texmf/arch/installedpkgs/*.maps': No such file or directory
/usr/share/libalpm/scripts/texlive-updmap: line 12: /usr/bin/updmap-sys: No such file or directory
error: command failed to execute correctly
[~]
|
|
Packages | Any | Update Request | Very Low | High | [proj]: please update to latest version | Unconfirmed | |
Task Description
Description:
https://proj4.org/index.html
This package have valuable geodetic applications, and I intend to present Hyperbola GNU/Linux-libre soon in universities and schools in East Africa.
The coordinate system there is not WGS84 and this package only in new version is providing the conversion from East African geographic coordinates to WGS84, and will be very usable in many industrial and private applications.
|
|
Packages | Stable | Update Request | Very Low | Medium | [cantarell-fonts] update package version to 0.111 | Unconfirmed | |
Task Description
Prior version 0.0.25 and below are outdated.
Since version 0.100 and later, there are some changes being redesigned from scratch, added three new weights (including extra bold, light and thin) but not italic or oblique styles, AppStream metadata translations from contributors, and more.
See the version history releases for more details: https://gitlab.gnome.org/GNOME/cantarell-fonts/raw/master/NEWS
|
|
Packages | Any | Update Request | Very Low | Medium | [lmms] update package version to 1.2.0 | Unconfirmed | |
Task Description
In the latest version, it has many more changes with new and improvement features, and fixes function issues since released as preview stage in every eight times per three years ago[1]. And also it is possible to rebuild package with sndio.
[1]: https://github.com/LMMS/lmms/releases/ (see all sections below from 1.2.0-RC1 to 1.2.0 in the version history releases)
|
|
Packages | Any | Update Request | Very Low | High | [mpv] request for package bump | Unconfirmed | |
Task Description
Hello,
Would it be possible to get a package bump for mpv ?
Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use. 0.29.* requires a ffmpeg to 4.x series as well.
Thanks.
|
|
Packages | Stable | Update Request | Very Low | Low | [icewm] Upgrade package version | Unconfirmed | |
Task Description
The current version of the package icewm within the Hyperbola-repositories is 1.3.8. The latest version is 1.6.3! An update would be helpful as this window-manager follows absolutely the principles of the distribution Hyperbola itself, being simple and fast.
|
|
Packages | Stable | Update Request | Very Low | Medium | [varnish] Missing init script | Unconfirmed | |
Task Description
Description:
Init script is missing for this package.
I think has some systemd dependecies.
/tmp/alpm_sYmHUS/.INSTALL: line 7: systemd-sysusers: command not found error: command failed to execute correctly
package version: varnish-5.1.2-1
|
|
Packages | Any | Security Issue | Very Low | High | [octopi] requires su | Unconfirmed | |
Task Description
would it be possible to make it use sudo instead?
From what I know, sudo is safer. Let me know if you agree this is a problem.
|
|
Packages | Any | Security Issue | Very Low | Medium | [patch] CVE-2018-6951 - NULL pointer DoS | Assigned | |
Task Description
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.
https://security-tracker.debian.org/tracker/CVE-2018-6951
|
|
Packages | Any | Security Issue | Very Low | Medium | [qemu] Multiple CVE | Unconfirmed | |
Task Description
CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug https://www.openwall.com/lists/oss-security/2018/12/13/4
CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) https://www.openwall.com/lists/oss-security/2018/12/13/11
Patches included at above URLs.
|
|
Packages | Any | Security Issue | Very Low | Medium | Download debian-fixes instead of relying on external so... | Unconfirmed | |
Task Description
It happened already with minetest and again with prosody: When trying to build own packages with makepkg there are patches downloaded from the Debian-project. But the given HTTP(S)-sources are no longer available, concrete example within prosody to be found: https://deb.debian.org/debian/pool/main/p/prosody/prosody_0.10.2-1~bpo9+1.debian.tar.xz (not available)
Please don’t rely on those external sources when creating PKGBUILD-files or just give users the possibility for a secure and granted download. Therefore I cannot build prosody on my own now!
|
|
Packages | Any | Security Issue | Very Low | Critical | [unbound] Multiple CVEs | Assigned | |
Task Description
https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
[Critical] https://security-tracker.debian.org/tracker/CVE-2019-18934
|
|
Packages | Stable | Security Issue | Very Low | Critical | [lts-kernel][sec] filter /dev/mem access & restrict acc... | Unconfirmed | |
Task Description
These two options could be enabled :
Kernel hacking → [*] Filter access to /dev/mem [*] Filter I/O access to /dev/mem
Security options → [*] Restrict unprivileged access to the kernel syslog
|
|
Packages | Any | Security Issue | Very Low | High | [tigervnc] Multiple CVE | Researching | |
Task Description
https://www.openwall.com/lists/oss-security/2019/12/20/2
“This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side.”
|
|
Packages | Any | Security Issue | Very Low | Critical | [opensmtpd] CVE-2020-8794 | Unconfirmed | |
Task Description
Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/
Qualys Security Advisory
LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)
Summary Analysis ... Acknowledgments
We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This vulnerability, an out-of-bounds read introduced in December 2015 (commit 80c6a60c, “when peer outputs a multi-line response ...”), is exploitable remotely and leads to the execution of arbitrary shell commands: either as root, after May 2018 (commit a8e22235, “switch smtpd to new grammar”); or as any non-root user, before May 2018.
Because this vulnerability resides in OpenSMTPD’s client-side code (which delivers mail to remote SMTP servers), we must consider two different scenarios:
- Client-side exploitation: This vulnerability is remotely exploitable
in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.
- Server-side exploitation: First, the attacker must connect to the
OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).
We developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the first vulnerable release), Debian 10 (stable), Debian 11 (testing), and Fedora 31.
The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”
|
|
Packages | Stable | Security Issue | Very Low | Medium | [git] Multiple CVEs | Unconfirmed | |
Task Description
CVE-2020-5260 has been fixed very recently in Debian, so I thought I would apply this patch. However, I found out that security patches have not been applied for quite a while (I could account for at least 6 CVEs).
Considering that the version in Debian stretch (2.11.0) is the nearest version with security patches released by Debian and that git project oldest supported version is 2.17, I have used patches from Debian stretch to apply on 2.12.2 currently in Milky Way.
But I have the following error on check():
| *** prove ***
|
| Test Summary Report
| -------------------
| t5570-git-daemon.sh (Wstat: 256 Tests: 20 Failed: 10)
| Failed tests: 3-7, 15-19
| Non-zero exit status: 1
| t5811-proto-disable-git.sh (Wstat: 256 Tests: 26 Failed: 16)
| Failed tests: 2-6, 9-11, 15-19, 21-23
| Non-zero exit status: 1
| Files=769, Tests=14137, 1101 wallclock secs ( 8.08 usr 1.12 sys + 144.48 cusr 63.42 csys = 217.10 CPU)
| Result: FAIL
| make[1]: *** [Makefile:45: prove] Error 1
| make[1]: Leaving directory '/build/git/src/git-2.12.2/t'
| make: *** [Makefile:2291: test] Error 2
| ==> ERROR: A failure occurred in check().
| Aborting...
This does not seem to be related to my change as the current version in Milky Way produces the same error (IOW the package currently in Milky Way is not rebuidable).
|
|
Services | Mail Service Issue | Security Issue | Very Low | High | Please "support" TLS 1.2 instead of requiring it for em... | Unconfirmed | |
Task Description
The requirement for TLS 1.2 in email effectively isolated us from internet, and yelling for change isn’t working even in communications with other free/libre system distributions and mailing lists related to free/libre software (both for software and for discussions related to the movement itself). :)
Many mailing lists at gnu.org, fsf.org, fsfla.org, libreplanet.org, and also in other free/libre system distributions aren’t accessible (e.g.: Trisquel).
|
|
Services | Flyspray Issue | Security Issue | Very Low | Low | After account confirmation, crypt: No salt parameter wa... | Unconfirmed | |
Task Description
After confirming the newly created account (typing the confirmation code, the passwoard and its confirmation, and clicking the button to continue), the following error appears:
Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /srv/http/flyspray/includes/class.flyspray.php on line 656
The account login seems to work normaly.
|
|
Packages | Any | Security Issue | Very Low | Medium | mount.davfs: unknown file system davfs due to paths cha... | Unconfirmed | |
Task Description
This is same issue as on: https://bugzilla.redhat.com/show_bug.cgi?id=1151273
The paths changed and trying to mount davfs file system defined in /etc/fstab fails with error: unknown file system davfs
To remedy, I made symlink in /sbin to mount.davfs
The transition of paths had to take that in account as many mounted remote disks failed after upgrade.
|
|
Packages | Stable | Replace Request | Very Low | Medium | Package ossp has got systemd dependencies | Unconfirmed | |
Task Description
Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!
Additional info: * package version(s) 1.3.2-15
|
|
Packages | Testing | Replace Request | Very Low | Medium | replace request: NetworkManager with wpa_cute | Unconfirmed | |
Task Description
https://github.com/loh-tar/wpa-cute/releases
I know there are plans to remove NetworkManager. I wondered if we could replace it in 0.4 with Wpa_Cute. seen in the above link.
I haven’t been able to compile it, but it has been updated as recent as 2018 december (stable)
or 2019 january. :)
WPA_GUI doesn’t seem to work well for me, it runs into weird errors when I start it. Long story short, I run into this issue with wpa_supplicant when i do it manually:
https://wiki.archlinux.org/index.php/Wpa_supplicant:
Password-related problems
wpa_supplicant may not work properly if directly passed via stdin particularly long or complex passphrases which include special characters. This may lead to errors such as failed 4-way WPA handshake, PSK may be wrong when launching wpa_supplicant.
In order to solve this try using here strings wpa_passphrase <MYSSID> «< “<passphrase>” or passing a file to the -c flag instead:
# wpa_supplicant -i <interface> -c /etc/wpa_supplicant/example.conf
In some instances it was found that storing the passphrase cleartext in the psk key of the wpa_supplicant.conf network block gave positive results (see [2]). However, this approach is rather insecure. Using wpa_cli to create this file instead of manually writing it gives the best results most of the time and therefore is the recommended way to proceed. Problems with eduroam and other MSCHAPv2 connections
This is my issue with wpa_supplicant sadly... and I do not know how to workaround that without a GUI.
but Wpa_Supplicant_gui does not fix it either, it doesn’t even load properly on my other laptop.
It says it cannot get the status of wpa_supplicant when I load it.
This could be an issue if you get rid of NetworkManager for some users.
So yeah, please take a look at my request okay? Wait for 0.3 to be released to add this if possible. I know you guys are overworked, etc... and it doesn’t need to be done now anyhow. ;)
|
|
Packages | Any | Privacy Issue | Very Low | Medium | [avahi] avahi publishes the hostname by default | Unconfirmed | |
Task Description
By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.
|
|
Packages | Any | Privacy Issue | Very Low | Low | [purple-plugin-pack] Provides Napster support which is ... | Unconfirmed | |
Task Description
purple-plugin-pack provides access to Napster which is only useful with a single company and sever (as far as I could tell).
|
|
Packages | Any | Privacy Issue | Very Low | Low | [github] check github-related packages | Researching | |
Task Description
We should check if the following packages run any non-free JS (like youtube-dl) or access a proprietary API:
- hub - python-pygithub - python2-pygithub
I haven’t check them, but they look fishy. Take it as a reminder, this is far from being urgent IMO.
|
|
Packages | Any | Privacy Issue | Very Low | Critical | [bleachbit] needs to be adapted to UXP applications | Assigned | |
Task Description
The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.
|
|
Packages | Any | Implementation Request | Very Low | Low | [3proxy] add package since it's useful for tor on ftp p... | Deferred | |
Task Description
Add “3proxy”[0] package
Useful for tor on ftp proxy[1]
[0]:https://github.com/z3APA3A/3proxy [1]:https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/FTP
|
|
Packages | Any | Implementation Request | Very Low | Low | [plymouth] add package | Deferred | |
Task Description
Plymouth is an application that runs very early in the boot process (even before the root filesystem is mounted!) that provides a graphical boot animation while the boot process happens in the background.
Please implement plymouth as an optional package.
|
|
Packages | Testing | Implementation Request | Very Low | Medium | [yaics] add package | Deferred | |
Task Description
Yaics is a simple GNU social client written in C++ and Qt and licensed under the GNU GPL 3.0 (or later).
Please implement yaics as an optional package.
https://stigatle.no/yaics/
https://gitlab.com/stigatle/yaics
|
|
Packages | Testing | Implementation Request | Very Low | Low | [sirikata] add package | Deferred | |
Task Description
Sirikata a platform for virtual worlds.
Sirikata is a platform for virtual worlds. We provide a set of libraries and protocols which can be used to deploy a virtual world, as well as fully featured sample implementations of services for hosting and deploying these worlds.
Please implement sirikata as an optional package.
|
|
Packages | Any | Implementation Request | Very Low | Low | [multipath-tools] add package | Deferred | |
Task Description
Hello,
Could it be possible to add this package :
multipath-tools
“Multipath tools for Linux (including kpartx)”
License : GPL2
to the repo ?
Thank you
|
|
Packages | Any | Implementation Request | Very Low | Low | [thinkfan] add package | Deferred | |
Task Description
Could it be possible to add this package :
thinkfan
“A minimalist fan control program. Supports the sysfs hwmon interface and thinkpad_acpi”
License : GPL
to the repo ?
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [fsearch] add package | Unconfirmed | |
Task Description
Could it be possible to add :
fsearch
https://github.com/cboxdoerfer/fsearch
License : GPL
|
|
Packages | Any | Implementation Request | Very Low | Low | [flowblade] add package | Unconfirmed | |
Task Description
Could it be possible to add :
flowblade
https://www.parabola.nu/packages/pcr/any/flowblade/
“a multitrack non-linear video editor for GNU/Linux”
License : GPL3
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [whipper] add package | Unconfirmed | |
Task Description
Could it be possible to add :
whipper
“A Unix CD ripper aiming for accuracy over speed – forked from morituri”
https://www.parabola.nu/packages/community/any/whipper/ https://github.com/JoeLametta/whipper
License : GPL3
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [sacd-extract] add package | Unconfirmed | |
Task Description
Could it be possible to add :
sacd-extract
“Extract DSD files from an SACD image”
https://www.parabola.nu/packages/pcr/x86_64/sacd-extract/ https://sourceforge.net/p/sacd-ripper/
License : GPL2
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [radiotray] add package | Unconfirmed | |
Task Description
Hello,
Could it be possible to add :
radiotray
“An online radio streaming player that runs on a Linux system tray.”
https://aur.archlinux.org/packages/radiotray/
License : GPL
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [ttf-font-awesome] add ttf-font-awesome font | Unconfirmed | |
Task Description
Could it be possible to add :
ttf-font-awesome
to the repo ?
https://www.parabola.nu/packages/community/any/ttf-font-awesome/ http://fontawesome.io/
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [awesome-terminal-fonts] add package | Unconfirmed | |
Task Description
Could it be possible to add :
awesome-terminal-fonts
to the repo please ?
https://www.parabola.nu/packages/community/any/awesome-terminal-fonts/ https://github.com/gabrielelana/awesome-terminal-fonts
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [w_scan] add package | Unconfirmed | |
Task Description
Hello,
Could it be possible to add this package :
w_scan
“Universal ATSC and DVB blind scanner”
https://aur.archlinux.org/packages/w_scan/
License : GPL
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [qpdfview] add package | Unconfirmed | |
Task Description
Hello,
Could it be possible to add this package :
qpdfview
“A tabbed PDF viewer using the poppler library.”
https://www.parabola.nu/packages/community/x86_64/qpdfview/
License : GPL2
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [menulibre] add package | Unconfirmed | |
Task Description
Hello,
Could it be possible to add this package :
menulibre
“An advanced menu editor that provides modern features in a clean, easy-to-use interface. All without GNOME dependencies”
https://aur.archlinux.org/packages/menulibre/
License : GPL3
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [crunch] add package | Unconfirmed | |
Task Description
Hello,
Could it be possible to add this package :
crunch
“A wordlist generator where you can specify a standard character set or a character set you specify and generate all possible combinations and permutations.”
https://aur.archlinux.org/packages/crunch/
License : GPL2
Thanks
|
|
Packages | Any | Implementation Request | Very Low | Low | [dmg2img] add package | Unconfirmed | |
Task Description
Hello,
Could it be possible to add this package :
dmg2img
“A CLI tool to uncompress Apple’s compressed DMG files to the HFS+ IMG format”
https://aur.archlinux.org/packages/dmg2img/
License : GPL2
Thanks
|