|
Any | Security Issue | High | High | [npapi-sdk] remove unsecure/deprecated package | Closed | |
Task Description
“npapi-sdk” (released in 2012) uses deprecated/unsecure NPAPI[0] api
$ pacman -Si npapi-sdk Repository : extra Name : npapi-sdk Version : 0.27.2-1 Description : Netscape Plugin API (NPAPI) Architecture : any URL : https://bitbucket.org/mgorny/npapi-sdk Licenses : MPL Groups : None Provides : None Depends On : None Optional Deps : None Conflicts With : None Replaces : None Download Size : 15.77 KiB Installed Size : 67.00 KiB Packager : Ionut Biru ibiru@archlinux.org Build Date : Thu 25 Apr 2013 01:47:15 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [npapi-vlc] remove unsecured package | Closed | |
Task Description
“npapi-vlc” uses deprecated/unsecure NPAPI[0] api
$ pacman -Si npapi-vlc Repository : community Name : npapi-vlc Version : 2.2.5-1 Description : The modern VLC Mozilla (NPAPI) plugin Architecture : x86_64 URL : https://code.videolan.org/videolan/npapi-vlc Licenses : GPL Groups : None Provides : None Depends On : gtk2 vlc Optional Deps : None Conflicts With : None Replaces : None Download Size : 69.96 KiB Installed Size : 287.00 KiB Packager : Timothy Redaelli timothy.redaelli@gmail.com Build Date : Tue 14 Feb 2017 12:27:08 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [nspluginwrapper] remove unsecure/deprecated package | Closed | |
Task Description
“nspluginwrapper” (released in 2011) uses deprecated/unsecure NPAPI[0] api
$ pacman -Si nspluginwrapper Repository : multilib Name : nspluginwrapper Version : 1.4.4-3 Description : Cross-platform NPAPI compatible plugin viewer Architecture : x86_64 URL : http://nspluginwrapper.davidben.net/ Licenses : GPL Groups : None Provides : None Depends On : curl libxt lib32-libxt gcc-libs lib32-gcc-libs gtk2 lib32-gtk2 Optional Deps : None Conflicts With : None Replaces : None Download Size : 146.14 KiB Installed Size : 475.00 KiB Packager : Felix Yan felixonmars@gmail.com Build Date : Sat 12 Jul 2014 02:40:45 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [x2goplugin] remove unsecure package | Closed | |
Task Description
“x2goplugin” uses deprecated/unsecure NPAPI[0] api
$ pacman -Si x2goplugin Repository : extra Name : x2goplugin Version : 4.1.0.0-1 Description : provides X2Go Client as QtBrowser-based Mozilla plugin Architecture : x86_64 URL : http://www.x2go.org Licenses : GPL2 Groups : None Provides : None Depends On : qt4 libcups nxproxy libssh libxpm Optional Deps : None Conflicts With : None Replaces : None Download Size : 1250.54 KiB Installed Size : 2761.00 KiB Packager : Andreas Radke andyrtr@archlinux.org Build Date : Wed 22 Feb 2017 12:42:48 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [djview] remove unsecure "nsdejavu.so" | Closed | |
Task Description
Remove “nsdejavu.so”, uses deprecated/unsecure NPAPI[0] api
$ sudo pacman -Si djview Repository : community Name : djview Version : 4.10.6-1 Description : Portable DjVu viewer and browser plugin Architecture : x86_64 URL : http://djvu.sourceforge.net/djview4.html Licenses : GPL Groups : None Provides : djview4 Depends On : qt5-base djvulibre libxkbcommon-x11 libsm Optional Deps : None Conflicts With : djview4 Replaces : djview4 Download Size : 535.79 KiB Installed Size : 1978.00 KiB Packager : Gaetan Bisson bisson@archlinux.org Build Date : Wed 04 May 2016 08:53:23 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ sudo pacman -Ql djview djview /usr/ djview /usr/bin/ djview /usr/bin/djview djview /usr/bin/djview4 djview /usr/lib/ djview /usr/lib/mozilla/ djview /usr/lib/mozilla/plugins/ djview /usr/lib/mozilla/plugins/nsdejavu.so djview /usr/share/ djview /usr/share/applications/ djview /usr/share/applications/djvulibre-djview4.desktop djview /usr/share/djvu/ djview /usr/share/djvu/djview4/ djview /usr/share/djvu/djview4/djview_cs.qm djview /usr/share/djvu/djview4/djview_de.qm djview /usr/share/djvu/djview4/djview_es.qm djview /usr/share/djvu/djview4/djview_fr.qm djview /usr/share/djvu/djview4/djview_ru.qm djview /usr/share/djvu/djview4/djview_uk.qm djview /usr/share/djvu/djview4/djview_zh_cn.qm djview /usr/share/djvu/djview4/djview_zh_tw.qm djview /usr/share/icons/ djview /usr/share/icons/hicolor/ djview /usr/share/icons/hicolor/32×32/ djview /usr/share/icons/hicolor/32×32/mimetypes/ djview /usr/share/icons/hicolor/32×32/mimetypes/djvulibre-djview4.png djview /usr/share/icons/hicolor/64×64/ djview /usr/share/icons/hicolor/64×64/mimetypes/ djview /usr/share/icons/hicolor/64×64/mimetypes/djvulibre-djview4.png djview /usr/share/icons/hicolor/scalable/ djview /usr/share/icons/hicolor/scalable/mimetypes/ djview /usr/share/icons/hicolor/scalable/mimetypes/djvulibre-djview4.svgz djview /usr/share/man/ djview /usr/share/man/man1/ djview /usr/share/man/man1/djview.1.gz djview /usr/share/man/man1/nsdejavu.1.gz
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [icedtea-web] remove unsecure "IcedTeaPlugin.so" | Closed | |
Task Description
Remove “IcedTeaPlugin.so”, it uses deprecated/unsecure NPAPI[0] apis
Note: this package contains “Java Web Start” and unsecured NPAPI plugin, it needs change package description and description on optional dependencies in “jre{7,8}-openjdk” packages.
$ pacman -Si icedtea-web Repository : extra Name : icedtea-web Version : 1.6.2-2.hyperbola1 Description : Free web browser plugin to run applets written in Java and an implementation of Java Web Start, without nonfree firefox support Architecture : x86_64 URL : http://icedtea.classpath.org/wiki/IcedTea-Web Licenses : GPL2 Groups : None Provides : java-web-start Depends On : java-runtime-openjdk desktop-file-utils Optional Deps : rhino: for using proxy auto config files Conflicts With : None Replaces : icedtea-web-java7 Download Size : 1525.55 KiB Installed Size : 2108.00 KiB Packager : André Silva emulatorman@hyperbola.info Build Date : Fri 26 May 2017 06:13:18 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Ql icedtea-web icedtea-web /usr/ icedtea-web /usr/bin/ icedtea-web /usr/bin/itweb-settings icedtea-web /usr/bin/javaws icedtea-web /usr/bin/policyeditor icedtea-web /usr/lib/ icedtea-web /usr/lib/mozilla/ icedtea-web /usr/lib/mozilla/plugins/ icedtea-web /usr/lib/mozilla/plugins/IcedTeaPlugin.so icedtea-web /usr/share/ icedtea-web /usr/share/applications/ icedtea-web /usr/share/applications/itweb-settings.desktop icedtea-web /usr/share/applications/javaws.desktop icedtea-web /usr/share/icedtea-web/ icedtea-web /usr/share/icedtea-web/bin/ icedtea-web /usr/share/icedtea-web/bin/itweb-settings icedtea-web /usr/share/icedtea-web/bin/javaws icedtea-web /usr/share/icedtea-web/bin/policyeditor icedtea-web /usr/share/icedtea-web/javaws_splash.png icedtea-web /usr/share/icedtea-web/lib/ icedtea-web /usr/share/icedtea-web/lib/IcedTeaPlugin.so icedtea-web /usr/share/icedtea-web/netx.jar icedtea-web /usr/share/icedtea-web/plugin.jar icedtea-web /usr/share/man/ icedtea-web /usr/share/man/man1/ icedtea-web /usr/share/man/man1/icedtea-web-plugin.1.gz icedtea-web /usr/share/man/man1/icedtea-web.1.gz icedtea-web /usr/share/man/man1/itweb-settings.1.gz icedtea-web /usr/share/man/man1/javaws.1.gz icedtea-web /usr/share/man/man1/policyeditor.1.gz icedtea-web /usr/share/pixmaps/ icedtea-web /usr/share/pixmaps/javaws.png
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Drop Request | High | High | [devtools] remove this package | Closed | |
Task Description
“devtools” is not a “libretools” and “hyperiso” replacement.
$ pacman -Si devtools Repository : extra Name : devtools Version : 20170320-2 Description : Tools for Arch Linux package maintainers Architecture : any URL : http://projects.archlinux.org/devtools.git/ Licenses : GPL Groups : None Provides : None Depends On : namcap openssh subversion rsync arch-install-scripts Optional Deps : None Conflicts With : None Replaces : None Download Size : 21.81 KiB Installed Size : 143.00 KiB Packager : Evangelos Foutras evangelos@foutrelis.com Build Date : Thu 27 Apr 2017 01:32:21 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Privacy Issue | High | High | [redshift] remove geoclue2 support | Closed | |
Task Description
Bug Report
Tratando proveedor ubicación `geoclue2'...
Usando el proveedor `geoclue2'.
Unable to connect to GeoClue.
Incapaz de obtener localización desde el proveedor.
Package information:
$ pacman -S redshift Repositorio : community Nombre : redshift Versión : 1.11-4.hyperbola1 Descripción : Adjusts the color temperature of your screen according to your surroundings, without geoclue2 support Arquitectura : x86_64 URL : http://jonls.dk/redshift/ Licencias : GPL3 Grupos : Nada Provee : Nada Depende de : libdrm libxcb libxxf86vm Dependencias opcionales : python-gobject: for redshift-gtk python-xdg: for redshift-gtk librsvg: for redshift-gtk En conflicto con : Nada Remplaza a : Nada Tamaño de la descarga : 107,66 KiB Tamaño de la instalación : 1004,00 KiB Encargado : André Silva emulatorman@hyperbola.info Fecha de creación : sáb 17 jun 2017 14:03:43 -05 Validado por : Suma MD5 Suma SHA-256 Firma
|
|
Any | Privacy Issue | High | High | [epiphany] would be more private if not for Hyperbola p ... | Closed | |
Task Description
(in Spanish) Copio lo que puse en irc:
<isacdaavid>: este parche de epiphany está removiendo cosas de más. Si te fijas aca verás que lo que ese código hace es proteger la privacidad contra google y facebook.
<isacdaavid>: https://git.parabola.nu/abslibre.git/tree/libre/epiphany/privacy.patch#n162 sólo está probando si el spyware está siendo removido efectivamente. Tampoco veo necesidad de mantener lo de la línea #122 (lo único que hace es cambiar el título de la ventana), ni lo de la línea #139 (sólo está probando que el parser de URLs funciona, no hace conexiones), y mucho menos quitar referencias a “google.com” en los comentarios.
<isacdaavid>: subiré mis cambios a parabola, por si te interesa usarlos.
|
|
Any | Bug Report | High | High | [tlp] remove systemd support | Closed | |
Task Description
systemd support should be removed from tlp. I understand that it should start automatically under OpenRC.
|
|
Any | Bug Report | High | High | [sway] relies on systemd libraries | Closed | |
Task Description
impossible to start sway as it relies on libsystemd.so.0
error:
sway: error while loading shared libraries: libsystemd.so.0: cannot open shared object file: No such file or directory
|
|
Any | Security Issue | High | High | [podofo] vulnerable allows remote attackers to cause a ... | Closed | |
Task Description
https://icepng.github.io/2017/04/21/PoDoFo-1/
https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference
http://www.securityfocus.com/bid/97296/info
Package information
Repositorio : community Nombre : podofo Versión : 0.9.5-2 Descripción : A C++ library to work with the PDF file format Arquitectura : x86_64 URL : http://podofo.sourceforge.net Licencias : GPL Grupos : Nada Provee : Nada Depende de : lua openssl fontconfig libtiff libidn libjpeg-turbo Dependencias opcionales : Nada En conflicto con : Nada Remplaza a : Nada Tamaño de la descarga : 785,18 KiB Tamaño de la instalación : 4492,00 KiB Encargado : Antonio Rojas arojas@archlinux.org Fecha de creación : sáb 18 feb 2017 06:52:31 -05 Validado por : Suma MD5 Suma SHA-256 Firma
Debian just patched for v0.9.5-6
https://sources.debian.net/src/libpodofo/0.9.5-6/debian/patches/CVE-2017-738%5B0123%5D.patch/
https://sources.debian.net/src/libpodofo/0.9.5-6/debian/patches/
|
|
Any | Security Issue | High | High | [isync] needs update | Closed | |
Task Description
isync is currently on 1.2.1-3, the versions is 2 years old and a lot of security/features have been implemented to the version 1.3.0
isync needs be upgraded from 1.2.1 to 1.2.3 since it is a bugfix adapted for our current snapshot in Milky Way (2017-05-08) which is using isync 1.2.x series.
|
|
Any | Drop Request | High | High | [ssmtp] remove obsolete package | Closed | |
Task Description
Package ssmtp is unmaintained:
ssmtp is unmaintained. Consider using something like msmtp instead. (source)
So it violates point 4 of our packaging guidelines “Anti-abandonware”, because it’s abandoned and has a replacement (msmtp)
|
|
Any | Feature Request | High | High | [icedove-enigmail] add package | Closed | |
Task Description
Hello,
Would it be possible to add this package :
icedove-enigmail
to the repo ?
Thank you
|
|
Any | Implementation Request | High | High | [onioncat]: add package | Closed | |
Task Description
Add “onioncat”[0][1] package
[0]:https://www.onioncat.org/ [1]:https://www.onioncat.org/download/ https://www.cypherpunk.at/ocat/download/Source/current/
|
|
Any | Implementation Request | High | High | [xen] add Xen 4.8.x split packages | Closed | |
Task Description
Add Xen 4.8.x split packages (”xen” and “xen-docs”).
|
|
Any | Security Issue | High | High | [busybox] CVE-2017-16544: autocompletion vulnerability | Closed | |
Task Description
Package: https://www.hyperbola.info/packages/community/x86_64/busybox/
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
Patch: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
|
|
Any | Bug Report | High | High | [gnome-disk-utility] error while loading shared librari ... | Closed | |
Task Description
gnome-disks doesn’t start, error :
gnome-disks: error while loading shared libraries: libsystemd.so.0: cannot open shared object file: No such file or directory
Thanks for your help
|
|
Any | Bug Report | High | High | [filesystem] remove /etc/crypttab file | Closed | |
Task Description
Remove /etc/crypttab file from the “filesystem”, due it’s useful only with systemd
|
|
Any | Feature Request | High | High | [aircrack-ng] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si aircrack-ng
Repository : community
Name : aircrack-ng
Version : 1.2rc4-4
Description : Key cracker for the 802.11 WEP and WPA-PSK protocols
Architecture : x86_64
URL : https://www.aircrack-ng.org
Licenses : GPL2
Groups : None
Provides : aircrack-ng-scripts
Depends On : openssl sqlite iw net-tools wireless_tools ethtool
Optional Deps : None
Conflicts With : aircrack-ng-scripts
Replaces : aircrack-ng-scripts
Download Size : 375.88 KiB
Installed Size : 1627.00 KiB
Packager : Jonathan Steel <jsteel@archlinux.org>
Build Date : Mon 27 Mar 2017 04:13:22 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [android-tools] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si android-tools
Repository : community
Name : android-tools
Version : 7.1.2_r6-1
Description : Android platform tools
Architecture : x86_64
URL : http://tools.android.com/
Licenses : Apache MIT
Groups : None
Provides : None
Depends On : openssl pcre
Optional Deps : python: for mkbootimg script
Conflicts With : None
Replaces : None
Download Size : 202.90 KiB
Installed Size : 611.00 KiB
Packager : Anatol Pomozov <anatol.pomozov@gmail.com>
Build Date : Mon 24 Apr 2017 11:39:51 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [apache] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si apache
Repository : extra
Name : apache
Version : 2.4.25-2.hyperbola2
Description : A high performance Unix-based HTTP server, with OpenRC support
Architecture : x86_64
URL : https://www.apache.org/dist/httpd
Licenses : APACHE
Groups : None
Provides : None
Depends On : zlib apr-util pcre libnghttp2 openssl
Optional Deps : lua: for mod_lua module
libxml2: for mod_proxy_html, mod_xml2enc modules
lynx: apachectl status
Conflicts With : None
Replaces : None
Download Size : 1436.89 KiB
Installed Size : 5678.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 25 Sep 2017 09:13:27 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [arch-audit] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si arch-audit
Repository : community
Name : arch-audit
Version : 0.1.8-3
Description : An utility like pkg-audit based on Arch CVE Monitoring Team data
Architecture : x86_64
URL : https://github.com/ilpianista/arch-audit
Licenses : MIT
Groups : None
Provides : None
Depends On : curl openssl
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 584.06 KiB
Installed Size : 1931.00 KiB
Packager : Christian Rebischke <Chris.Rebischke@archlinux.org>
Build Date : Thu 27 Apr 2017 12:43:21 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [argyllcms] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si argyllcms
Repository : community
Name : argyllcms
Version : 1.9.2-1
Description : An ICC compatible color management system with support for different colorimeter hardware
Architecture : x86_64
URL : http://www.argyllcms.com/
Licenses : GPL AGPL
Groups : None
Provides : None
Depends On : libtiff libxss libxinerama libxxf86vm libxrandr openssl
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 8.44 MiB
Installed Size : 98.79 MiB
Packager : Timothy Redaelli <timothy.redaelli@gmail.com>
Build Date : Tue 25 Oct 2016 12:09:46 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [axel] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [badvpn] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bigloo] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bind] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bind-tools] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bip] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bitcoin-tx] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [boinctui] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [borg] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [cgit] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [coreutils] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [couchdb] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [cowpatty] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [curl] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [dillo] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [dovecot] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [dsniff] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [dspam] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [easy-rsa] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [efitools] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [ejabberd] rebuild package against libressl | Closed | |
|
|
Any | Bug Report | High | High | [dhcp]: /etc/init.d/dhcpd failed to run | Closed | |
|
|
Any | Feature Request | High | High | [elinks] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [encfs] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [epic4] rebuild package against libressl | Closed | |
|