All Projects

ProjectCategoryTask Type  ascPrioritySeveritySummaryStatusProgress
PackagesAnySecurity IssueVery LowCritical[octopi] requires suUnconfirmed
0%
Task Description

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

PackagesAnySecurity IssueHighCritical[octopi] uploads system logs to ptpb.pw without confirm...In Progress
0%
Task Description

Octopi 0.9.0 is uploading system logs to ptpb.pw without confirmation through :

Tools
→ SysInfo → ptpb.pw

I think it should be either disabled or add at least a patch to ask for a confirmation.
An other way could be to patch this :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
256:  return ptpb;

to :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **https://ptpb.pw/", tempFile->fileName());
256:  return ptpb;

This way, you can at least ask for log deletion with the help of log uuid as explained here : https://ptpb.pw/#id10

PackagesAnySecurity IssueVery HighCritical[libssh] CVE-2018-10933Researching
0%
Task Description

Description:
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authentciate
without any credentials.

Additional info:
* package version(s) : extra/libssh 0.7.5-1

CVE

PackagesAnySecurity IssueMediumMedium[cinepaint] unmaintained and unsupportableIn Progress
50%
Task Description

Remove “cinepaint” package since it’s unmaintained and unsupportable. Also, it doesn’t contains any file format support in the latest version (previous version supported multiple file formats).

I suggest use Krita (or Gimp 2.10) to edit 16bit and 32bit file formats or convert with imagemagick/graphicsmagick.

$ pacman -Si cinepaint
Repository      : community
Name            : cinepaint
Version         : 1:1.0.4-5
Description     : Sophisticated graphics manipulation programm supporting > 8bit pictures
Architecture    : x86_64
URL             : http://www.cinepaint.org
Licenses        : LGPL  GPL  MIT
Groups          : None
Provides        : None
Depends On      : gtk2  openexr  lcms  libxpm  fltk  ftgl  libxxf86vm
Optional Deps   : python2: for python plug-ins
                  gutenprint: for print plug-ins
                  ghostscript: for pdf plug-ins
Conflicts With  : None
Replaces        : None
Download Size   : 3.75 MiB
Installed Size  : 13.91 MiB
Packager        : Christian Hesse <arch@eworm.de>
Build Date      : Thu 28 Apr 2016 05:17:05 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnySecurity IssueVery LowMedium[patch] CVE-2018-6951 - NULL pointer DoSUnconfirmed
0%
Task Description

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.

https://security-tracker.debian.org/tracker/CVE-2018-6951

PackagesAnySecurity IssueVery LowMedium[qemu] Multiple CVEUnconfirmed
0%
Task Description

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug
https://www.openwall.com/lists/oss-security/2018/12/13/4

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem
manipulation in Media Transfer Protocol (MTP)
https://www.openwall.com/lists/oss-security/2018/12/13/11

Patches included at above URLs.

PackagesStableUpdate RequestHighHigh[qt5] upgrade Qt project to the 5.6 LTS version, requir...Deferred
0%
Task Description

Cannot mix incompatible Qt library (version 0×50800) with this library (version 0×50904)
Aborted

./Nextcloud-2.3.3-x86_64.AppImage: /usr/lib/libQt5Core.so.5: version `Qt_5.9’ not found (required by /tmp/.mount_NextclpprMnG/usr/bin/../lib/libqt5keychain.so.1

These two packages are directly affected by an older qt5...

Could you update all the qt packages to the LTS version available?

PackagesAnyUpdate RequestMediumHighMake Knock patch for Linux-libre 4.14 LTSUnconfirmed
0%
Task Description

The Knock patches for linux-libre maintained by you at https://git.hyperbola.info:50100/kernels/knock.git/ have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x

However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x

This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.

Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do.
https://github.com/copperhead/linux-hardened/releases

PackagesAnyUpdate RequestVery LowHighufw update/ufw bugUnconfirmed
0%
Task Description

There appears to be a bug with the current version of ufw, 0.35-2

Dunno if updating it would fix it, but it is kind of annoying and possibly security issue.

it says ufw is inactive when I reboot despite it being installed in the runlevel.

PackagesAnyUpdate RequestVery LowHigh[proj]: please update to latest versionUnconfirmed
0%
Task Description

Description:

https://proj4.org/index.html

This package have valuable geodetic applications, and I intend to present Hyperbola GNU/Linux-libre soon in universities and schools in East Africa.

The coordinate system there is not WGS84 and this package only in new version is providing the conversion from East African geographic coordinates to WGS84, and will be very usable in many industrial and private applications.

PackagesAnyUpdate RequestMediumMedium[cups] update requestAssigned
0%
Task Description

New versiĆ³n v2.2.7

References:

PackagesStableUpdate RequestVery LowMedium[xfe] update package to 1.43.1Researching
0%
Task Description

In the latest version fixes several minor bugs and search file function issue[1].

[1]: http://roland65.free.fr/xfe/ (see 1.43 and 1.43.1 in the news section)

PackagesStableUpdate RequestVery LowMedium[grafx2] update package to 2.6Unconfirmed
0%
Task Description

In the latest version was released on 11th of January 2019, with several new features, improvements and fixes[1].

[1]: http://grafx2.chez.com/index.php?article9/2010s (see version 2.6 for more details in update log)

Showing tasks 601 - 613 of 613 Page 13 of 13<<First - 9 - 10 - 11 - 12 - 13

Available keyboard shortcuts

Tasklist

Task Details

Task Editing