|
Any | Security Issue | Very High | Critical | [wpa_supplicant] vulnerable to KRAK attack | Closed | |
Task Description
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
https://w1.fi/security/2017-1/
Arch just patched: https://www.archlinux.org/packages/core/i686/wpa_supplicant/
|
|
Any | Security Issue | High | High | [podofo] vulnerable allows remote attackers to cause a ... | Closed | |
Task Description
https://icepng.github.io/2017/04/21/PoDoFo-1/
https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference
http://www.securityfocus.com/bid/97296/info
Package information
Repositorio : community Nombre : podofo Versión : 0.9.5-2 Descripción : A C++ library to work with the PDF file format Arquitectura : x86_64 URL : http://podofo.sourceforge.net Licencias : GPL Grupos : Nada Provee : Nada Depende de : lua openssl fontconfig libtiff libidn libjpeg-turbo Dependencias opcionales : Nada En conflicto con : Nada Remplaza a : Nada Tamaño de la descarga : 785,18 KiB Tamaño de la instalación : 4492,00 KiB Encargado : Antonio Rojas arojas@archlinux.org Fecha de creación : sáb 18 feb 2017 06:52:31 -05 Validado por : Suma MD5 Suma SHA-256 Firma
Debian just patched for v0.9.5-6
https://sources.debian.net/src/libpodofo/0.9.5-6/debian/patches/CVE-2017-738%5B0123%5D.patch/
https://sources.debian.net/src/libpodofo/0.9.5-6/debian/patches/
|
|
Any | Security Issue | High | High | [isync] needs update | Closed | |
Task Description
isync is currently on 1.2.1-3, the versions is 2 years old and a lot of security/features have been implemented to the version 1.3.0
isync needs be upgraded from 1.2.1 to 1.2.3 since it is a bugfix adapted for our current snapshot in Milky Way (2017-05-08) which is using isync 1.2.x series.
|
|
Any | Drop Request | High | High | [ssmtp] remove obsolete package | Closed | |
Task Description
Package ssmtp is unmaintained:
ssmtp is unmaintained. Consider using something like msmtp instead. (source)
So it violates point 4 of our packaging guidelines “Anti-abandonware”, because it’s abandoned and has a replacement (msmtp)
|
|
Any | Feature Request | Medium | Medium | [pcsclite] needs OpenRC init script | Closed | |
Task Description
$ pacman -Si pcsclite Repository : community Name : pcsclite Version : 1.8.20-1.hyperbola1 Description : PC/SC Architecture smartcard middleware library, without systemd support Architecture : x86_64 URL : https://alioth.debian.org/projects/pcsclite/ Licenses : BSD Groups : None Provides : None Depends On : python2 Optional Deps : None Conflicts With : None Replaces : None Download Size : 91.46 KiB Installed Size : 362.00 KiB Packager : André Silva emulatorman@hyperbola.info Build Date : Tue 29 Aug 2017 03:18:32 PM CEST Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Ql pcsclite pcsclite /usr/ pcsclite /usr/bin/ pcsclite /usr/bin/pcsc-spy pcsclite /usr/bin/pcscd pcsclite /usr/include/ pcsclite /usr/include/PCSC/ pcsclite /usr/include/PCSC/debuglog.h pcsclite /usr/include/PCSC/ifdhandler.h pcsclite /usr/include/PCSC/pcsclite.h pcsclite /usr/include/PCSC/reader.h pcsclite /usr/include/PCSC/winscard.h pcsclite /usr/include/PCSC/wintypes.h pcsclite /usr/lib/ pcsclite /usr/lib/libpcsclite.so pcsclite /usr/lib/libpcsclite.so.1 pcsclite /usr/lib/libpcsclite.so.1.0.0 pcsclite /usr/lib/libpcscspy.so pcsclite /usr/lib/libpcscspy.so.0 pcsclite /usr/lib/libpcscspy.so.0.0.0 pcsclite /usr/lib/pcsc/ pcsclite /usr/lib/pcsc/drivers/ pcsclite /usr/lib/pkgconfig/ pcsclite /usr/lib/pkgconfig/libpcsclite.pc pcsclite /usr/lib/systemd/ pcsclite /usr/lib/systemd/system/ pcsclite /usr/lib/systemd/system/pcscd.service pcsclite /usr/lib/systemd/system/pcscd.socket pcsclite /usr/share/ pcsclite /usr/share/licenses/ pcsclite /usr/share/licenses/pcsclite/ pcsclite /usr/share/licenses/pcsclite/LICENSE pcsclite /usr/share/man/ pcsclite /usr/share/man/man1/ pcsclite /usr/share/man/man1/pcsc-spy.1.gz pcsclite /usr/share/man/man5/ pcsclite /usr/share/man/man5/reader.conf.5.gz pcsclite /usr/share/man/man8/ pcsclite /usr/share/man/man8/pcscd.8.gz
|
|
Any | Feature Request | High | High | [icedove-enigmail] add package | Closed | |
Task Description
Hello,
Would it be possible to add this package :
icedove-enigmail
to the repo ?
Thank you
|
|
Any | Bug Report | Medium | High | [brasero] could not establish a connection to Tracker | Closed | |
Task Description
# Bug
(brasero:1402): WARNING : Could not establish a connection to Tracker: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.Tracker1 was not provided by any .service files Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
# Package information
$ sudo pacman -Si brasero
[sudo] password for heckyel:
Repositorio : extra
Nombre : brasero
Versión : 3.12.1-2.hyperbola1
Descripción : CD/DVD mastering tool
Arquitectura : x86_64
URL : https://wiki.gnome.org/Apps/Brasero
Licencias : GPL
Grupos : gnome-extra
Provee : Nada
Depende de : gtk3 gst-plugins-good totem-plparser cdrkit cdrdao
shared-mime-info libcanberra dvd+rw-tools dconf libsm
libtracker-sparql libnotify gvfs
Dependencias opcionales : libburn: alternative back-end
libisofs: libburn back-end
dvdauthor: video project
vcdimager: video project
En conflicto con : Nada
Remplaza a : nautilus-cd-burner
Tamaño de la descarga : 2,58 MiB
Tamaño de la instalación : 14,46 MiB
Encargado : Scott Adams <haricot@hyperbola.info>
Fecha de creación : lun 29 may 2017 00:24:19 -05
Validado por : Suma MD5 Suma SHA-256 Firma
# File attached pacman -Ql brasero > brasero.txt
|
|
Any | Bug Report | Medium | Medium | [minicom][openrc] error: failed to commit transaction ( ... | Closed | |
Task Description
minicom conflicts against openrc package since both contains a file with the same name (/usr/bin/runscript)
# pacman -S minicom
resolving dependencies...
looking for conflicting packages...
Packages (1) minicom-2.7.1-1
Total Download Size: 0.18 MiB
Total Installed Size: 0.71 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
minicom-2.7.1-1-x86_64 186.7 KiB 170K/s 00:01 [########################################################] 100%
(1/1) checking keys in keyring [########################################################] 100%
(1/1) checking package integrity [########################################################] 100%
(1/1) loading package files [########################################################] 100%
(1/1) checking for file conflicts [########################################################] 100%
error: failed to commit transaction (conflicting files)
minicom: /usr/bin/runscript exists in filesystem
Errors occurred, no packages were upgraded.
$ pacman -Qo /usr/bin/runscript
/usr/bin/runscript is owned by openrc 0.28-8
|
|
Any | Bug Report | Medium | Medium | [cdemu-daemon] error: failed to prepare transaction (co ... | Closed | |
Task Description
cdemu-daemon requires a specific version of vhba-module. Since we are using vhba-module-lts with vhba-module in provides array but without a specific version, it generates the issue. Removing that specific version solves it.
# pacman -S cdemu-daemon
resolving dependencies...
warning: cannot resolve "vhba-module>=20140629", a dependency of "cdemu-daemon"
:: The following package cannot be upgraded due to unresolvable dependencies:
cdemu-daemon
:: Do you want to skip the above package for this upgrade? [y/N]
error: failed to prepare transaction (could not satisfy dependencies)
:: cdemu-daemon: requires vhba-module>=20140629
|
|
Any | Bug Report | Medium | High | [mutt] error message: mailbox closed | Closed | |
Task Description
Mutt is unstable. While in Mutt, the message ‘mailbox closed’ emerges.
|
|
Any | Security Issue | Medium | High | [blender] error invalid PGP keys | Closed | |
Task Description
$ sudo pacman -S blender
resolviendo dependencias…
buscando conflictos entre paquetes…
Paquetes (20) alembic-1.7.1-1 blender-common-2.78.c-1.hyperbola4 blosc-1.11.3-1 ilmbase-2.2.0-2 intel-tbb-2017_20170226-1 libraw-0.18.2-1 libspnav-0.2.3-1 llvm-4.0.0-2
log4cplus-1.2.0-3 opencollada-1.6.45-1.hyperbola1 opencolorio-1.0.9-5 openexr-2.2.0-3.hyperbola2 openimageio-1.6.18-1.hyperbola1 openshadinglanguage-1.7.5-1.hyperbola1
opensubdiv-3.1.1-1 openvdb-3.2.0-2 ptex-2.1.28-1.hyperbola1 valgrind-3.12.0-2 zstd-1.1.4-1 blender-2.78.c-1.hyperbola4
Tamaño total de la descarga: 0,33 MiB
Tamaño total de la instalación: 567,26 MiB
:: ¿Continuar con la instalación? [S/n] s
:: Recibiendo los paquetes…
libspnav-0.2.3-1-x86_64 8,5 KiB 849K/s 00:00 [######################################################################] 100%
zstd-1.1.4-1-x86_64 283,3 KiB 199K/s 00:01 [######################################################################] 100%
blosc-1.11.3-1-x86_64 43,0 KiB 331K/s 00:00 [######################################################################] 100%
(20/20) comprobando las claves del depósito [######################################################################] 100%
(20/20) verificando la integridad de los paquetes [######################################################################] 100%
error: libspnav: signature from "Andrea Scarpino <me@andreascarpino.it>" is marginal trust
:: El archivo /var/cache/pacman/pkg/libspnav-0.2.3-1-x86_64.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n] s
error: zstd: signature from "Andrzej Giniewicz (giniu) <gginiu@gmail.com>" is marginal trust
:: El archivo /var/cache/pacman/pkg/zstd-1.1.4-1-x86_64.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n] s
error: blosc: signature from "Andrzej Giniewicz (giniu) <gginiu@gmail.com>" is marginal trust
:: El archivo /var/cache/pacman/pkg/blosc-1.11.3-1-x86_64.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n] s
error: no se pudo realizar la operación (paquete no válido o dañado)
Ocurrieron errores, por lo que no se actualizaron los paquetes
|
|
Stable | Feature Request | Medium | Medium | [aqemu] add package | Closed | |
Task Description
This package makes virtualization very simple for newbies. It would be nice to have it in the near future.
|
|
Stable | Bug Report | High | High | [elogind] /usr/lib/udev/rules.d/73-seat-late.rules not ... | Closed | |
Task Description
dmesg was showing errors about this Apparently it is not needed and can be deleted. (No errors on my side after deletion (and reboot) and no more errors message)
See this thread : https://forum.manjaro.org/t/openrc-and-73-seat-late-rules-why-deleting-it-was-a-good-thing/24599
|
|
Any | Implementation Request | Very Low | Low | [thinkfan] add package | Closed | |
Task Description
Could it be possible to add this package :
thinkfan
“A minimalist fan control program. Supports the sysfs hwmon interface and thinkpad_acpi”
License : GPL
to the repo ?
Thanks
|
|
Any | Implementation Request | High | High | [onioncat]: add package | Closed | |
Task Description
Add “onioncat”[0][1] package
[0]:https://www.onioncat.org/ [1]:https://www.onioncat.org/download/ https://www.cypherpunk.at/ocat/download/Source/current/
|
|
Stable | Bug Report | High | High | [qemu] add missing libseccomp dependency | Closed | |
Task Description
I cannot start qemu (2.9.0-1) on latest hyperbola stable release.
Error message : qemu-system-x86_64: error while loading shared libraries: libseccomp.so.2
Thanks for your help
|
|
Any | Implementation Request | High | High | [xen] add Xen 4.8.x split packages | Closed | |
Task Description
Add Xen 4.8.x split packages (”xen” and “xen-docs”).
|
|
Any | Security Issue | Very High | Critical | [dillo] enable IPv6, SSL/TLS and threaded DNS support | Closed | |
Task Description
Please move dillo to blacklist. Please enable IPv6, SSL/TLS and threaded DNS support.
1- Arch PKGBUILD problems:
a- not obtain source via https
b- not compiled with support --enable-ipv6 --enable-threaded-dns --enable-ssl
My correction is committed in NAB-packages-community
|
|
Testing | Privacy Issue | Very High | Critical | [abiword] remove AltaVista's Babel Fish translator supp ... | Closed | |
Task Description
Abiword supports the defunct AltaVista’s Babel Fish translator which queries are redirected to the main Yahoo! page.
...
build() {
cd $pkgname-$pkgver
./configure --prefix=/usr \
--enable-shared \
--disable-static \
--enable-clipart \
--enable-templates \
--enable-plugins="aiksaurus applix **babelfish** bmp clarisworks collab docbook \
eml epub freetranslation garble gdict gimp goffice grammar \
hancom hrtext iscii kword latex loadbindings mathview mht \
mif mswrite opendocument openwriter openxml opml ots paint \
passepartout pdb pdf presentation psion s5 sdw t602 urldict \
wikipedia wmf wml wordperfect wpg xslfo" \
--enable-introspection
sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
make
}
...
|
|
Any | Security Issue | High | High | [busybox] CVE-2017-16544: autocompletion vulnerability | Closed | |
Task Description
Package: https://www.hyperbola.info/packages/community/x86_64/busybox/
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
Patch: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
|
|
Any | Feature Request | Very High | High | [linux-libre-*] add missing installed kernel configurat ... | Closed | |
Task Description
Add missing /boot/config-linux-libre-* useful for applications such as Xen.
|
|
Any | Implementation Request | Very Low | Low | [mat] add package | Closed | |
Task Description
Could it be possible to add this package :
mat (a.k.a Metadata anonymisation toolkit)
https://mat.boum.org
License : GPL2
to the repo ?
Thanks
|
|
Stable | Bug Report | Medium | High | [lightdm-gtk-greeter-settings] pam_authenticate failed: ... | Closed | |
Task Description
Hello,
When running lightdm-gtk-greeter-settings-pkexec as user.
lightdm-gtk-greeter-settings-pkexec
==== AUTHENTICATING FOR com.ubuntu.pkexec.lightdm-gtk-greeter-settings ===
Authentication is required to run Settings editor for LightDM GTK+ Greeter
Authenticating as: root
polkit-agent-helper-1: pam_authenticate failed: Permission denied
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized
This incident has been reported.
Am I missing something ? Thanks for your help
groups for my username : sys disk wheel network video audio optical storage libvirt kvm users
|
|
Any | Bug Report | High | High | [gnome-disk-utility] error while loading shared librari ... | Closed | |
Task Description
gnome-disks doesn’t start, error :
gnome-disks: error while loading shared libraries: libsystemd.so.0: cannot open shared object file: No such file or directory
Thanks for your help
|
|
Stable | Bug Report | Medium | High | [gparted] gparted_polkit doesn't work | Closed | |
Task Description
Hello,
gparted_polkit doesn’t work, error message (polkit is installed on my system)
Error executing command as another user: No authentication agent found.
If using :
sudo gparted
or
gksu gparted
It works. By default with xfce, the gparted launcher uses gparted_polkit though.
Thanks for your help
|
|
Any | Feature Request | Medium | Medium | [gdm] needs OpenRC init script | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [mednaffe] add package | Closed | |
|
|
Stable | Bug Report | High | High | [opencollada][openimageio][openshadinglanguage][ptex] s ... | Closed | |
|
|
Any | Bug Report | High | High | [filesystem] remove /etc/crypttab file | Closed | |
|
|
Stable | Feature Request | Medium | Medium | [laptop-mode-tools] add package | Closed | |
|
|
Any | Feature Request | Medium | Medium | [openconnect] needs OpenRC init scripts | Closed | |
|
|
Any | Bug Report | Medium | Medium | [wine] doesn't allow sound. + all wine versions =2.7 | Closed | |
|
|
Any | Drop Request | Low | Low | [wine*] remove unstable and staging packages | Closed | |
|
|
Any | Implementation Request | Medium | Medium | [wine-stable] add package | Closed | |
|
|
Any | Privacy Issue | Very High | Critical | [libreoffice*] contains Google API keys | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [aarch64-linux-gnu-linux-api-headers] compiles using b ... | Closed | |
|
|
Stable | Bug Report | High | High | [php-fpm] service: No such file or directory | Closed | |
|
|
Any | Bug Report | Low | High | [php-fpm] service fails to start | Closed | |
|
|
Stable | Implementation Request | High | Medium | [nitrokey-app] add package | Closed | |
|
|
Any | Update Request | Medium | Medium | [youtube-viewer] update request to v3.7.9 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [linux-libre-lts*] Meltdown & Spectre Vulnerability | Closed | |
|
|
Any | Bug Report | Medium | Low | firejail: mpv.profile fails to work | Closed | |
|
|
Any | Security Issue | Very High | Critical | [libressl] add package as OpenSSL replacement and defau ... | Closed | |
|
|
Any | Feature Request | High | High | [apache] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bigloo] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bind] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bind-tools] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [coreutils] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [curl] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [efitools] rebuild package against libressl | Closed | |
|