Packages

“npapi-sdk” (released in 2012) uses deprecated/unsecure NPAPI[0] api

$ pacman -Si npapi-sdk
Repository : extra
Name : npapi-sdk
Version : 0.27.2-1
Description : Netscape Plugin API (NPAPI)
Architecture : any
URL : https://bitbucket.org/mgorny/npapi-sdk Licenses : MPL
Groups : None
Provides : None
Depends On : None
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 15.77 KiB
Installed Size : 67.00 KiB
Packager : Ionut Biru ibiru@archlinux.org Build Date : Thu 25 Apr 2013 01:47:15 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

“npapi-vlc” uses deprecated/unsecure NPAPI[0] api

$ pacman -Si npapi-vlc
Repository : community
Name : npapi-vlc
Version : 2.2.5-1
Description : The modern VLC Mozilla (NPAPI) plugin
Architecture : x86_64
URL : https://code.videolan.org/videolan/npapi-vlc Licenses : GPL Groups : None
Provides : None
Depends On : gtk2 vlc
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 69.96 KiB
Installed Size : 287.00 KiB
Packager : Timothy Redaelli timothy.redaelli@gmail.com Build Date : Tue 14 Feb 2017 12:27:08 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

“nspluginwrapper” (released in 2011) uses deprecated/unsecure NPAPI[0] api

$ pacman -Si nspluginwrapper
Repository : multilib
Name : nspluginwrapper
Version : 1.4.4-3
Description : Cross-platform NPAPI compatible plugin viewer
Architecture : x86_64
URL : http://nspluginwrapper.davidben.net/ Licenses : GPL Groups : None
Provides : None
Depends On : curl libxt lib32-libxt gcc-libs lib32-gcc-libs gtk2 lib32-gtk2
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 146.14 KiB
Installed Size : 475.00 KiB
Packager : Felix Yan felixonmars@gmail.com Build Date : Sat 12 Jul 2014 02:40:45 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

“x2goplugin” uses deprecated/unsecure NPAPI[0] api

$ pacman -Si x2goplugin
Repository : extra
Name : x2goplugin
Version : 4.1.0.0-1
Description : provides X2Go Client as QtBrowser-based Mozilla plugin
Architecture : x86_64
URL : http://www.x2go.org Licenses : GPL2
Groups : None
Provides : None
Depends On : qt4 libcups nxproxy libssh libxpm
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 1250.54 KiB
Installed Size : 2761.00 KiB
Packager : Andreas Radke andyrtr@archlinux.org Build Date : Wed 22 Feb 2017 12:42:48 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

Remove “nsdejavu.so”, uses deprecated/unsecure NPAPI[0] api

$ sudo pacman -Si djview
Repository : community
Name : djview
Version : 4.10.6-1
Description : Portable DjVu viewer and browser plugin
Architecture : x86_64
URL : http://djvu.sourceforge.net/djview4.html Licenses : GPL Groups : None
Provides : djview4
Depends On : qt5-base djvulibre libxkbcommon-x11 libsm
Optional Deps : None
Conflicts With : djview4
Replaces : djview4
Download Size : 535.79 KiB
Installed Size : 1978.00 KiB
Packager : Gaetan Bisson bisson@archlinux.org Build Date : Wed 04 May 2016 08:53:23 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ sudo pacman -Ql djview
djview /usr/
djview /usr/bin/
djview /usr/bin/djview
djview /usr/bin/djview4
djview /usr/lib/
djview /usr/lib/mozilla/
djview /usr/lib/mozilla/plugins/
djview /usr/lib/mozilla/plugins/nsdejavu.so
djview /usr/share/
djview /usr/share/applications/
djview /usr/share/applications/djvulibre-djview4.desktop
djview /usr/share/djvu/
djview /usr/share/djvu/djview4/
djview /usr/share/djvu/djview4/djview_cs.qm
djview /usr/share/djvu/djview4/djview_de.qm
djview /usr/share/djvu/djview4/djview_es.qm
djview /usr/share/djvu/djview4/djview_fr.qm
djview /usr/share/djvu/djview4/djview_ru.qm
djview /usr/share/djvu/djview4/djview_uk.qm
djview /usr/share/djvu/djview4/djview_zh_cn.qm
djview /usr/share/djvu/djview4/djview_zh_tw.qm
djview /usr/share/icons/
djview /usr/share/icons/hicolor/
djview /usr/share/icons/hicolor/32×32/
djview /usr/share/icons/hicolor/32×32/mimetypes/
djview /usr/share/icons/hicolor/32×32/mimetypes/djvulibre-djview4.png
djview /usr/share/icons/hicolor/64×64/
djview /usr/share/icons/hicolor/64×64/mimetypes/
djview /usr/share/icons/hicolor/64×64/mimetypes/djvulibre-djview4.png
djview /usr/share/icons/hicolor/scalable/
djview /usr/share/icons/hicolor/scalable/mimetypes/
djview /usr/share/icons/hicolor/scalable/mimetypes/djvulibre-djview4.svgz
djview /usr/share/man/
djview /usr/share/man/man1/
djview /usr/share/man/man1/djview.1.gz
djview /usr/share/man/man1/nsdejavu.1.gz

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

Remove “IcedTeaPlugin.so”, it uses deprecated/unsecure NPAPI[0] apis

Note: this package contains “Java Web Start” and unsecured NPAPI plugin, it needs change package description and description on optional dependencies in “jre{7,8}-openjdk” packages.

$ pacman -Si icedtea-web
Repository : extra
Name : icedtea-web
Version : 1.6.2-2.hyperbola1
Description : Free web browser plugin to run applets written in Java and an implementation of Java Web Start, without nonfree firefox support
Architecture : x86_64
URL : http://icedtea.classpath.org/wiki/IcedTea-Web Licenses : GPL2
Groups : None
Provides : java-web-start
Depends On : java-runtime-openjdk desktop-file-utils
Optional Deps : rhino: for using proxy auto config files
Conflicts With : None
Replaces : icedtea-web-java7
Download Size : 1525.55 KiB
Installed Size : 2108.00 KiB
Packager : André Silva emulatorman@hyperbola.info Build Date : Fri 26 May 2017 06:13:18 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ pacman -Ql icedtea-web
icedtea-web /usr/
icedtea-web /usr/bin/
icedtea-web /usr/bin/itweb-settings
icedtea-web /usr/bin/javaws
icedtea-web /usr/bin/policyeditor
icedtea-web /usr/lib/
icedtea-web /usr/lib/mozilla/
icedtea-web /usr/lib/mozilla/plugins/
icedtea-web /usr/lib/mozilla/plugins/IcedTeaPlugin.so
icedtea-web /usr/share/
icedtea-web /usr/share/applications/
icedtea-web /usr/share/applications/itweb-settings.desktop
icedtea-web /usr/share/applications/javaws.desktop
icedtea-web /usr/share/icedtea-web/
icedtea-web /usr/share/icedtea-web/bin/
icedtea-web /usr/share/icedtea-web/bin/itweb-settings
icedtea-web /usr/share/icedtea-web/bin/javaws
icedtea-web /usr/share/icedtea-web/bin/policyeditor
icedtea-web /usr/share/icedtea-web/javaws_splash.png
icedtea-web /usr/share/icedtea-web/lib/
icedtea-web /usr/share/icedtea-web/lib/IcedTeaPlugin.so
icedtea-web /usr/share/icedtea-web/netx.jar
icedtea-web /usr/share/icedtea-web/plugin.jar
icedtea-web /usr/share/man/
icedtea-web /usr/share/man/man1/
icedtea-web /usr/share/man/man1/icedtea-web-plugin.1.gz
icedtea-web /usr/share/man/man1/icedtea-web.1.gz
icedtea-web /usr/share/man/man1/itweb-settings.1.gz
icedtea-web /usr/share/man/man1/javaws.1.gz
icedtea-web /usr/share/man/man1/policyeditor.1.gz
icedtea-web /usr/share/pixmaps/
icedtea-web /usr/share/pixmaps/javaws.png

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

“devtools” is not a “libretools” and “hyperiso” replacement.

$ pacman -Si devtools
Repository : extra
Name : devtools
Version : 20170320-2
Description : Tools for Arch Linux package maintainers
Architecture : any
URL : http://projects.archlinux.org/devtools.git/ Licenses : GPL Groups : None
Provides : None
Depends On : namcap openssh subversion rsync arch-install-scripts
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 21.81 KiB
Installed Size : 143.00 KiB
Packager : Evangelos Foutras evangelos@foutrelis.com Build Date : Thu 27 Apr 2017 01:32:21 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

Bug Report

Tratando proveedor ubicación `geoclue2'...
Usando el proveedor `geoclue2'.
Unable to connect to GeoClue.
Incapaz de obtener localización desde el proveedor.

Package information:

$ pacman -S redshift
Repositorio : community
Nombre : redshift
Versión : 1.11-4.hyperbola1
Descripción : Adjusts the color temperature of your screen according to your surroundings, without geoclue2 support
Arquitectura : x86_64
URL : http://jonls.dk/redshift/ Licencias : GPL3
Grupos : Nada
Provee : Nada
Depende de : libdrm libxcb libxxf86vm
Dependencias opcionales : python-gobject: for redshift-gtk python-xdg: for redshift-gtk librsvg: for redshift-gtk
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 107,66 KiB
Tamaño de la instalación : 1004,00 KiB
Encargado : André Silva emulatorman@hyperbola.info Fecha de creación : sáb 17 jun 2017 14:03:43 -05
Validado por : Suma MD5 Suma SHA-256 Firma

(in Spanish)
Copio lo que puse en irc:

<isacdaavid>: este parche de epiphany está removiendo cosas de más. Si te fijas aca verás que lo que ese código hace es proteger la privacidad contra google y facebook.

<isacdaavid>: https://git.parabola.nu/abslibre.git/tree/libre/epiphany/privacy.patch#n162 sólo está probando si el spyware está siendo removido efectivamente. Tampoco veo necesidad de mantener lo de la línea #122 (lo único que hace es cambiar el título de la ventana), ni lo de la línea #139 (sólo está probando que el parser de URLs funciona, no hace conexiones), y mucho menos quitar referencias a “google.com” en los comentarios.

<isacdaavid>: subiré mis cambios a parabola, por si te interesa usarlos.

systemd support should be removed from tlp. I understand that it should start automatically under OpenRC.

impossible to start sway as it relies on libsystemd.so.0

error:

sway: error while loading shared libraries: libsystemd.so.0: cannot open shared object file: No such file or directory

https://icepng.github.io/2017/04/21/PoDoFo-1/

https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference

http://www.securityfocus.com/bid/97296/info

Package information

Repositorio : community
Nombre : podofo
Versión : 0.9.5-2 Descripción : A C++ library to work with the PDF file format
Arquitectura : x86_64
URL : http://podofo.sourceforge.net Licencias : GPL Grupos : Nada
Provee : Nada
Depende de : lua openssl fontconfig libtiff libidn libjpeg-turbo
Dependencias opcionales : Nada
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 785,18 KiB
Tamaño de la instalación : 4492,00 KiB
Encargado : Antonio Rojas arojas@archlinux.org Fecha de creación : sáb 18 feb 2017 06:52:31 -05
Validado por : Suma MD5 Suma SHA-256 Firma

Debian just patched for v0.9.5-6

https://sources.debian.net/src/libpodofo/0.9.5-6/debian/patches/CVE-2017-738%5B0123%5D.patch/

https://sources.debian.net/src/libpodofo/0.9.5-6/debian/patches/

isync is currently on 1.2.1-3, the versions is 2 years old and a lot of security/features have been implemented to the version 1.3.0

isync needs be upgraded from 1.2.1 to 1.2.3 since it is a bugfix adapted for our current snapshot in Milky Way (2017-05-08) which is using isync 1.2.x series.

Package ssmtp is unmaintained:

ssmtp is unmaintained. Consider using something like msmtp instead. (source)

So it violates point 4 of our packaging guidelines “Anti-abandonware”, because it’s abandoned and has a replacement (msmtp)

Hello,

Would it be possible to add this package :

icedove-enigmail

to the repo ?

Thank you

Add “onioncat”[0][1] package

[0]:https://www.onioncat.org/ [1]:https://www.onioncat.org/download/ https://www.cypherpunk.at/ocat/download/Source/current/

Add Xen 4.8.x split packages (”xen” and “xen-docs”).

Package: https://www.hyperbola.info/packages/community/x86_64/busybox/

https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Patch: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8

gnome-disks doesn’t start, error :

gnome-disks: error while loading shared libraries: libsystemd.so.0: cannot open shared object file: No such file or directory

Thanks for your help

Remove /etc/crypttab file from the “filesystem”, due it’s useful only with systemd

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si aircrack-ng
Repository      : community
Name            : aircrack-ng
Version         : 1.2rc4-4
Description     : Key cracker for the 802.11 WEP and WPA-PSK protocols
Architecture    : x86_64
URL             : https://www.aircrack-ng.org
Licenses        : GPL2
Groups          : None
Provides        : aircrack-ng-scripts
Depends On      : openssl  sqlite  iw  net-tools  wireless_tools  ethtool
Optional Deps   : None
Conflicts With  : aircrack-ng-scripts
Replaces        : aircrack-ng-scripts
Download Size   : 375.88 KiB
Installed Size  : 1627.00 KiB
Packager        : Jonathan Steel <jsteel@archlinux.org>
Build Date      : Mon 27 Mar 2017 04:13:22 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si android-tools
Repository      : community
Name            : android-tools
Version         : 7.1.2_r6-1
Description     : Android platform tools
Architecture    : x86_64
URL             : http://tools.android.com/
Licenses        : Apache  MIT
Groups          : None
Provides        : None
Depends On      : openssl  pcre
Optional Deps   : python: for mkbootimg script
Conflicts With  : None
Replaces        : None
Download Size   : 202.90 KiB
Installed Size  : 611.00 KiB
Packager        : Anatol Pomozov <anatol.pomozov@gmail.com>
Build Date      : Mon 24 Apr 2017 11:39:51 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si apache
Repository      : extra
Name            : apache
Version         : 2.4.25-2.hyperbola2
Description     : A high performance Unix-based HTTP server, with OpenRC support
Architecture    : x86_64
URL             : https://www.apache.org/dist/httpd
Licenses        : APACHE
Groups          : None
Provides        : None
Depends On      : zlib  apr-util  pcre  libnghttp2  openssl
Optional Deps   : lua: for mod_lua module
                  libxml2: for mod_proxy_html, mod_xml2enc modules
                  lynx: apachectl status
Conflicts With  : None
Replaces        : None
Download Size   : 1436.89 KiB
Installed Size  : 5678.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Mon 25 Sep 2017 09:13:27 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si arch-audit
Repository      : community
Name            : arch-audit
Version         : 0.1.8-3
Description     : An utility like pkg-audit based on Arch CVE Monitoring Team data
Architecture    : x86_64
URL             : https://github.com/ilpianista/arch-audit
Licenses        : MIT
Groups          : None
Provides        : None
Depends On      : curl  openssl
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 584.06 KiB
Installed Size  : 1931.00 KiB
Packager        : Christian Rebischke <Chris.Rebischke@archlinux.org>
Build Date      : Thu 27 Apr 2017 12:43:21 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si argyllcms
Repository      : community
Name            : argyllcms
Version         : 1.9.2-1
Description     : An ICC compatible color management system with support for different colorimeter hardware
Architecture    : x86_64
URL             : http://www.argyllcms.com/
Licenses        : GPL  AGPL
Groups          : None
Provides        : None
Depends On      : libtiff  libxss  libxinerama  libxxf86vm  libxrandr  openssl
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 8.44 MiB
Installed Size  : 98.79 MiB
Packager        : Timothy Redaelli <timothy.redaelli@gmail.com>
Build Date      : Tue 25 Oct 2016 12:09:46 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature