|
Testing | Pull Request | Very Low | High | [Hyperbola GNU/Linux-libre 0.4] [midori] Apply updating ... | Closed | |
Task Description
Here are few changes in the third package build release of Midori, according to the commit[1][2]:
A SearX instance[3] now replaces three default search engines that are non-free network services; because of freedom issues, they were all expunged.
Fix key buttons on the key bindings to avoid frustration.
Plug-in seems now disabled by default.
Reference(s):
|
|
Any | Replace Request | Low | Low | [appmenu-qt4] replace with appmenu-qt (qt5) | Closed | |
Task Description
“appmenu-qt4”[0][2] is a deprecated package (release in 2012)[1] and use qt4 unsupported/non-lts software[3], but “appmenu-qt5” not contains any release source code[2]
$ pacman -Si appmenu-qt4 Repository : community Name : appmenu-qt4 Version : 0.2.6-1 Description : Export Qt4 applications menus over D-Bus Architecture : x86_64 URL : https://launchpad.net/appmenu-qt Licenses : GPL Groups : None Provides : None Depends On : libdbusmenu-qt4 Optional Deps : None Conflicts With : appmenu-qt Replaces : appmenu-qt Download Size : 16.55 KiB Installed Size : 48.00 KiB Packager : Antonio Rojas arojas@archlinux.org Build Date : Tue 28 Feb 2017 05:59:31 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://launchpad.net/appmenu-qt (qt4) [1]:https://launchpad.net/appmenu-qt/+download [2]:https://launchpad.net/appmenu-qt5 [3]:https://en.wikipedia.org/wiki/Qt_5.6_LTS
|
|
Any | Replace Request | Low | Low | [botan*] remove unstable "botan" and rename ''botan1.10 ... | Closed | |
Task Description
Remove unstable “botan” and rename “botan1.10” to “botan-old-stable”[0]
$ pacman -Si botan
Repository : community
Name : botan
Version : 2.1.0-1
Description : Crypto library written in C++
Architecture : x86_64
URL : https://botan.randombit.net/
Licenses : BSD
Groups : None
Provides : None
Depends On : gcc-libs sh
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 1816.44 KiB
Installed Size : 7040.00 KiB
Packager : Alexander Rødseth <rodseth@gmail.com>
Build Date : Fri 21 Apr 2017 09:19:27 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Si botan1.10
Repository : community
Name : botan1.10
Version : 1.10.13-1
Description : Crypto library written in C++ - old stable branch
Architecture : x86_64
URL : http://botan.randombit.net/
Licenses : BSD
Groups : None
Provides : None
Depends On : gcc-libs sh
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 1014.98 KiB
Installed Size : 3734.00 KiB
Packager : Felix Yan <felixonmars@archlinux.org>
Build Date : Fri 06 Jan 2017 06:48:59 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://botan.randombit.net/
|
|
Testing | Replace Request | Medium | Medium | [devtools] use artools as devtools replacement | Closed | |
Task Description
Replace “devtools” to “artools”[0][1]
[0]:https://github.com/artix-linux/artools [1]:https://git.archlinux.org/devtools.git
Notes: "artools" replaces "devtools" and "archiso"
without "systemd", but it is not a "libretools" replacement.
For now, "libretools" needs a "chroot" wrapper to use it.
|
|
Any | Replace Request | Very High | Critical | [dnscrypt-proxy] update package to 2.x following backpo ... | Closed | |
Task Description
Since DNSCrypt-Proxy project has been abandoned [0] , DNSCrypt-Proxy 2 [1] should be used as its source replacement, however DNSCrypt-Proxy 2 contains support for unsafe and dangerous for privacy protocols such as Google. [2] [3] [4] Also, it contains Google recommendation and support through its parental control servers and public resolvers lists [5] [6]
Therefore DNSCrypt-Proxy 2 requires be re-forked by us first to follow our social contract.
|
|
Any | Replace Request | Very High | Critical | [kernel-firmware] split out firmware projects from linu ... | Closed | |
Task Description
Since Linux 4.14, the in-tree kernel firmware was dropped[0][1], and Hyperbola uses linux-libre-lts-firmware from 4.9 which still supports that firmware.
However, I’d like to request upgrading to the new libre replacement of linux-firmware.git: linux-libre-firmware[2][3].
This version has no LTS releases (well, firmwares commonly don’t have LTS versions and the in-tree firmware was always the same in post-4.9 generations), but it has the same firmwares as Linux-libre-lts plus some others.
This is the list of firmware files in linux-libre-lts-firmware and its dependencies:
linux-libre-lts-firmware
---
/usr/lib/firmware/av7110/bootcode.bin
/usr/lib/firmware/dsp56k/bootstrap.bin
/usr/lib/firmware/keyspan_pda/keyspan_pda.fw
/usr/lib/firmware/keyspan_pda/xircom_pgs.fw
ath9k-htc-firmware
---
/usr/lib/firmware/htc_7010.fw
/usr/lib/firmware/htc_9271.fw
openfwwf
---
/usr/lib/firmware/b43-open/b0g0bsinitvals5.fw
/usr/lib/firmware/b43-open/b0g0initvals5.fw
/usr/lib/firmware/b43-open/ucode5.fw
And here are the firmware files of the new linux-libre-firmware:
linux-libre-firmware
---
/usr/lib/firmware/av7110/bootcode.bin
/usr/lib/firmware/b43-open/b0g0bsinitvals5.fw
/usr/lib/firmware/b43-open/b0g0initvals5.fw
/usr/lib/firmware/b43-open/ucode5.fw
/usr/lib/firmware/carl9170-1.fw
/usr/lib/firmware/cis/3CCFEM556.cis
/usr/lib/firmware/cis/3CXEM556.cis
/usr/lib/firmware/cis/COMpad2.cis
/usr/lib/firmware/cis/COMpad4.cis
/usr/lib/firmware/cis/DP83903.cis
/usr/lib/firmware/cis/LA-PCM.cis
/usr/lib/firmware/cis/MT5634ZLX.cis
/usr/lib/firmware/cis/NE2K.cis
/usr/lib/firmware/cis/PCMLM28.cis
/usr/lib/firmware/cis/PE-200.cis
/usr/lib/firmware/cis/PE520.cis
/usr/lib/firmware/cis/RS-COM-2P.cis
/usr/lib/firmware/cis/SW_555_SER.cis
/usr/lib/firmware/cis/SW_7xx_SER.cis
/usr/lib/firmware/cis/SW_8xx_SER.cis
/usr/lib/firmware/cis/tamarack.cis
/usr/lib/firmware/dsp56k/bootstrap.bin
/usr/lib/firmware/htc_7010.fw
/usr/lib/firmware/htc_9271.fw
/usr/lib/firmware/isci/isci_firmware.bin
/usr/lib/firmware/keyspan_pda/keyspan_pda.fw
/usr/lib/firmware/keyspan_pda/xircom_pgs.fw
/usr/lib/firmware/usbdux_firmware.bin
/usr/lib/firmware/usbduxfast_firmware.bin
/usr/lib/firmware/usbduxsigma_firmware.bin
It has openfwwf and ath9k-htc-firmware included, plus some others. If actual versions of Hyperbola don’t get the update at least consider it for future releases. You can get the new PKGBUILD[4] and its new build dependencies at Parabola’s abslibre.git libre tree[5]
The new dependencies are:
Sources:
[0] https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.14-Migrates-Out-FW [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b38923a068c10fc36ca8f596d650d095ce390b85 [2] https://jxself.org/firmware/ [3] https://jxself.org/git/?p=linux-libre-firmware.git [4] https://git.parabola.nu/abslibre.git/tree/libre/linux-libre-firmware [5] https://git.parabola.nu/abslibre.git/tree/libre
Updated Note:
Since Linux-libre-firmware contains a lot of independent firmware, tools and assembly projects, it should be built from its official tarball separately and create a group called kernel-firmware to follow the our packaging guidelines. Tools and assembly projects shouldn’t be included in kernel-firmware since those ones are firmware dependencies.
|
|
Any | Replace Request | Very Low | Medium | [youtube-dl] replace avideo-lts with youtube-dl | Closed | |
Task Description
Please, replace avideo-lts with youtube-dl. avideo-lts haven’t seen any updates for almost a year and is probably abandoned. Also Stallman confirmed youtube-dl doesn’t execute any non-free JavaScript, so its inclusion doesn’t go against Social Contract.
|
|
Any | Replace Request | Defer | Critical | [bzr] replace deprecated GNU Bazaar to Brezy | Closed | |
Task Description
Description:
replace deprecated GNU Bazaar to Brezy for Canis Major
Additional info:
bzr 2.7.0-2
GNU Bazaar will be unmaintained (for now, there are only bug fixes)
GNU Bazaar only supports Python 2.
-
-
-
Note: It needs a provide: bazaar and brezy
Steps to reproduce:
|
|
Any | Replace Request | High | Critical | [python2] replace deprecated Python 2 to Tauthon | Closed | |
Task Description
Description:
replace deprecated Python 2 to Tauthon for Canis Major
Additional info:
Steps to reproduce:
|
|
Stable | Replace Request | Very Low | Low | [avideo] Replace with youtube-dl | Closed | |
Task Description
What do you think ? Avideo is not updated anymore, can’t we use regular youtube-dl instead as RMS himself say :
“youtube-dl is okay to be in the Directory because it does not actually execute nonfree JS as we first suspected.”
Source : https://directory.fsf.org/wiki/Youtube-dl Also : https://github.com/fent/node-ytdl-core/issues/222
|
|
Stable | Replace Request | Very Low | Medium | Package ossp has got systemd dependencies | Closed | |
Task Description
Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!
Additional info: * package version(s) 1.3.2-15
|
|
Stable | Replace Request | Very Low | Critical | [spamassassin] includes dependencies for systemd | Closed | |
Task Description
Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd
Additional info: * package version(s) 3.4.1-7
|
|
Stable | Replace Request | Very Low | Critical | [opendkim] includes dependencies for systemd | Closed | |
Task Description
Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd
Additional info: * package version(s) 2.10.3-4
|
|
Any | Replace Request | Medium | Medium | [hypervideo] stop the development of Hypervideo | Closed | |
Task Description
Description:
I used to be under the impression that youtube-dl executes proprietary JavaScript, but I now understand that it only *parses* the JavaScript to find the URL for some videos. It doesn’t actually run the JavaScript, so it’s not a freedom issue.
Youtube-dl only executes regular expressions [0][1][2]
you also remove the files that are just for testing [3][4][5][6][7] and when compiling the program with libretools the test files are not placed[8]
I have consulted with other programmers and we have reached the same conclusion. Youtube-dl does not execute JS non-free, it only extracts the JS to read through python the URL‘s of some videos.[9][10]
The issues that I see with youtube-dl are rather in their form of development because it changes at every moment
Additional info:
- [0]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L12
- [1]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L132
- [2]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/swfinterp.py#L391
- [3]: https://github.com/ytdl-org/youtube-dl/tree/master/test/swftests/
- [4]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_iqiyi_sdk_interpreter.py
- [5]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_jsinterp.py
- [6]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_swfinterp.py
- [7]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_youtube_signature.py
- [8]:
$ tree -d
.
├── bin
├── lib
│ └── python3.6
│ └── site-packages
│ ├── youtube_dl
│ │ ├── downloader
│ │ │ └── __pycache__
│ │ ├── extractor
│ │ │ └── __pycache__
│ │ ├── postprocessor
│ │ │ └── __pycache__
│ │ └── __pycache__
│ └── youtube_dl-2019.5.11-py3.6.egg-info
└── share
├── bash-completion
│ └── completions
├── doc
│ └── youtube_dl
├── fish
│ └── completions
├── licenses
│ └── youtube-dl
├── man
│ └── man1
└── zsh
└── site-functions
26 directories
- [9]: https://directory.fsf.org/wiki/Youtube-dl - [10]: https://github.com/fent/node-ytdl-core/issues/222
|
|
Any | Replace Request | Medium | High | [firejail] use firejail LTS | Closed | |
Task Description
Description:
Firejail developers since October 2018 have started building LTS versions of firejail[0], according to Packaging Guidelines we must use LTS versions of the packages if they are available.
Links:
[0]: https://github.com/netblue30/firejail/tree/LTSbase
|
|
Testing | Replace Request | Very Low | Medium | replace request: NetworkManager with wpa_cute | Closed | |
Task Description
https://github.com/loh-tar/wpa-cute/releases
I know there are plans to remove NetworkManager. I wondered if we could replace it in 0.4 with Wpa_Cute. seen in the above link.
I haven’t been able to compile it, but it has been updated as recent as 2018 december (stable)
or 2019 january. :)
WPA_GUI doesn’t seem to work well for me, it runs into weird errors when I start it. Long story short, I run into this issue with wpa_supplicant when i do it manually:
https://wiki.archlinux.org/index.php/Wpa_supplicant:
Password-related problems
wpa_supplicant may not work properly if directly passed via stdin particularly long or complex passphrases which include special characters. This may lead to errors such as failed 4-way WPA handshake, PSK may be wrong when launching wpa_supplicant.
In order to solve this try using here strings wpa_passphrase <MYSSID> «< “<passphrase>” or passing a file to the -c flag instead:
# wpa_supplicant -i <interface> -c /etc/wpa_supplicant/example.conf
In some instances it was found that storing the passphrase cleartext in the psk key of the wpa_supplicant.conf network block gave positive results (see [2]). However, this approach is rather insecure. Using wpa_cli to create this file instead of manually writing it gives the best results most of the time and therefore is the recommended way to proceed. Problems with eduroam and other MSCHAPv2 connections
This is my issue with wpa_supplicant sadly... and I do not know how to workaround that without a GUI.
but Wpa_Supplicant_gui does not fix it either, it doesn’t even load properly on my other laptop.
It says it cannot get the status of wpa_supplicant when I load it.
This could be an issue if you get rid of NetworkManager for some users.
So yeah, please take a look at my request okay? Wait for 0.3 to be released to add this if possible. I know you guys are overworked, etc... and it doesn’t need to be done now anyhow. ;)
|
|
Any | Security Issue | Very High | Critical | [gnome-mplayer] [gecko-mediaplayer] [gmtk] remove unsec ... | Closed | |
Task Description
Remove “gnome-mplayer”, “gecko-mediaplayer” and “gmtk” are unsecured/abandonware packages(released in 2014) “gecko-mediaplayer” uses deprecated/unsecured NPAPI[0] and XULRunner[1][2] apis
$ pacman -Si gnome-mplayer Repository : community Name : gnome-mplayer Version : 1.0.9-4 Description : A simple MPlayer GUI. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gnomemplayer Licenses : GPL Groups : None Provides : None Depends On : mplayer dbus-glib libnotify gmtk Optional Deps : None Conflicts With : None Replaces : None Download Size : 343.29 KiB Installed Size : 1461.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:45:38 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Si gecko-mediaplayer Repository : community Name : gecko-mediaplayer Version : 1.0.9-3 Description : Browser plugin that uses gnome-mplayer to play media in a web browser. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gecko-mediaplayer Licenses : GPL Groups : None Provides : None Depends On : gnome-mplayer>=1.0.9 dbus-glib gmtk curl Optional Deps : None Conflicts With : None Replaces : None Download Size : 80.92 KiB Installed Size : 598.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:36:31 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Si gmtk Repository : community Name : gmtk Version : 1.0.9-3 Description : Common functions for gnome-mplayer and gecko-mediaplayer. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gmtk Licenses : GPL Groups : None Provides : None Depends On : glib2 gtk3 dconf Optional Deps : None Conflicts With : None Replaces : None Download Size : 73.85 KiB Installed Size : 246.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:50:49 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [freewrl] remove unsecure "libFreeWRLplugin.so" | Closed | |
Task Description
Remove “libFreeWRLplugin.so”, uses deprecated/unsecure NPAPI[0] and XULRunner[1][2] apis
$ pacman -Si freewrl Repository : community Name : freewrl Version : 1:2.3.3-1 Description : VRML viewer Architecture : x86_64 URL : http://freewrl.sourceforge.net/ Licenses : GPL Groups : None Provides : None Depends On : java-runtime libxaw glew freeglut curl freetype2 imlib2 sox unzip imagemagick libxml2 ttf-bitstream-vera lesstif js185 glu openal
freealut
Optional Deps : None Conflicts With : None Replaces : None Download Size : 583.49 KiB Installed Size : 2060.00 KiB Packager : Sergej Pupykin <pupykin.s+arch@gmail.com> Build Date : Mon 19 Dec 2016 10:31:49 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ sudo pacman -Ql freewrl freewrl /usr/ freewrl /usr/bin/ freewrl /usr/bin/freewrl freewrl /usr/bin/freewrl_msg freewrl /usr/bin/freewrl_snd freewrl /usr/include/ freewrl /usr/include/FreeWRLEAI/ freewrl /usr/include/FreeWRLEAI/EAIHeaders.h freewrl /usr/include/FreeWRLEAI/EAI_C.h freewrl /usr/include/FreeWRLEAI/GeneratedHeaders.h freewrl /usr/include/FreeWRLEAI/X3DNode.h freewrl /usr/include/libFreeWRL.h freewrl /usr/lib/ freewrl /usr/lib/libFreeWRL.so freewrl /usr/lib/libFreeWRL.so.2 freewrl /usr/lib/libFreeWRL.so.2.3.3 freewrl /usr/lib/libFreeWRLEAI.so freewrl /usr/lib/libFreeWRLEAI.so.2 freewrl /usr/lib/libFreeWRLEAI.so.2.3.3 freewrl /usr/lib/mozilla/ freewrl /usr/lib/mozilla/plugins/ freewrl /usr/lib/mozilla/plugins/libFreeWRLplugin.so freewrl /usr/lib/pkgconfig/ freewrl /usr/lib/pkgconfig/libFreeWRL.pc freewrl /usr/lib/pkgconfig/libFreeWRLEAI.pc freewrl /usr/share/ freewrl /usr/share/applications/ freewrl /usr/share/applications/freewrl.desktop freewrl /usr/share/man/ freewrl /usr/share/man/man1/ freewrl /usr/share/man/man1/freewrl.1.gz freewrl /usr/share/pixmaps/ freewrl /usr/share/pixmaps/freewrl.png
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [xulrunner] unmaintained and unsupportable | Closed | |
Task Description
Remove “xulrunner”[0][1] is unsecure/abandonware package
$ pacman -Si xulrunner Repository : community Name : xulrunner Version : 41.0.2-10 Description : Mozilla Runtime Environment Architecture : x86_64 URL : http://wiki.mozilla.org/XUL:Xul_Runner Licenses : MPL GPL LGPL Groups : None Provides : None Depends On : gtk2 mozilla-common nss>3.18 libxt hunspell startup-notification mime-types dbus-glib libpulse libevent libvpx icu python2 Optional Deps : None Conflicts With : None Replaces : xulrunner-oss Download Size : 47.38 MiB Installed Size : 171.99 MiB Packager : Evangelos Foutras evangelos@foutrelis.com Build Date : Wed 26 Apr 2017 03:10:07 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [1]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | High | High | [npapi-sdk] remove unsecure/deprecated package | Closed | |
Task Description
“npapi-sdk” (released in 2012) uses deprecated/unsecure NPAPI[0] api
$ pacman -Si npapi-sdk Repository : extra Name : npapi-sdk Version : 0.27.2-1 Description : Netscape Plugin API (NPAPI) Architecture : any URL : https://bitbucket.org/mgorny/npapi-sdk Licenses : MPL Groups : None Provides : None Depends On : None Optional Deps : None Conflicts With : None Replaces : None Download Size : 15.77 KiB Installed Size : 67.00 KiB Packager : Ionut Biru ibiru@archlinux.org Build Date : Thu 25 Apr 2013 01:47:15 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [npapi-vlc] remove unsecured package | Closed | |
Task Description
“npapi-vlc” uses deprecated/unsecure NPAPI[0] api
$ pacman -Si npapi-vlc Repository : community Name : npapi-vlc Version : 2.2.5-1 Description : The modern VLC Mozilla (NPAPI) plugin Architecture : x86_64 URL : https://code.videolan.org/videolan/npapi-vlc Licenses : GPL Groups : None Provides : None Depends On : gtk2 vlc Optional Deps : None Conflicts With : None Replaces : None Download Size : 69.96 KiB Installed Size : 287.00 KiB Packager : Timothy Redaelli timothy.redaelli@gmail.com Build Date : Tue 14 Feb 2017 12:27:08 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [nspluginwrapper] remove unsecure/deprecated package | Closed | |
Task Description
“nspluginwrapper” (released in 2011) uses deprecated/unsecure NPAPI[0] api
$ pacman -Si nspluginwrapper Repository : multilib Name : nspluginwrapper Version : 1.4.4-3 Description : Cross-platform NPAPI compatible plugin viewer Architecture : x86_64 URL : http://nspluginwrapper.davidben.net/ Licenses : GPL Groups : None Provides : None Depends On : curl libxt lib32-libxt gcc-libs lib32-gcc-libs gtk2 lib32-gtk2 Optional Deps : None Conflicts With : None Replaces : None Download Size : 146.14 KiB Installed Size : 475.00 KiB Packager : Felix Yan felixonmars@gmail.com Build Date : Sat 12 Jul 2014 02:40:45 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [x2goplugin] remove unsecure package | Closed | |
Task Description
“x2goplugin” uses deprecated/unsecure NPAPI[0] api
$ pacman -Si x2goplugin Repository : extra Name : x2goplugin Version : 4.1.0.0-1 Description : provides X2Go Client as QtBrowser-based Mozilla plugin Architecture : x86_64 URL : http://www.x2go.org Licenses : GPL2 Groups : None Provides : None Depends On : qt4 libcups nxproxy libssh libxpm Optional Deps : None Conflicts With : None Replaces : None Download Size : 1250.54 KiB Installed Size : 2761.00 KiB Packager : Andreas Radke andyrtr@archlinux.org Build Date : Wed 22 Feb 2017 12:42:48 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [djview] remove unsecure "nsdejavu.so" | Closed | |
Task Description
Remove “nsdejavu.so”, uses deprecated/unsecure NPAPI[0] api
$ sudo pacman -Si djview Repository : community Name : djview Version : 4.10.6-1 Description : Portable DjVu viewer and browser plugin Architecture : x86_64 URL : http://djvu.sourceforge.net/djview4.html Licenses : GPL Groups : None Provides : djview4 Depends On : qt5-base djvulibre libxkbcommon-x11 libsm Optional Deps : None Conflicts With : djview4 Replaces : djview4 Download Size : 535.79 KiB Installed Size : 1978.00 KiB Packager : Gaetan Bisson bisson@archlinux.org Build Date : Wed 04 May 2016 08:53:23 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ sudo pacman -Ql djview djview /usr/ djview /usr/bin/ djview /usr/bin/djview djview /usr/bin/djview4 djview /usr/lib/ djview /usr/lib/mozilla/ djview /usr/lib/mozilla/plugins/ djview /usr/lib/mozilla/plugins/nsdejavu.so djview /usr/share/ djview /usr/share/applications/ djview /usr/share/applications/djvulibre-djview4.desktop djview /usr/share/djvu/ djview /usr/share/djvu/djview4/ djview /usr/share/djvu/djview4/djview_cs.qm djview /usr/share/djvu/djview4/djview_de.qm djview /usr/share/djvu/djview4/djview_es.qm djview /usr/share/djvu/djview4/djview_fr.qm djview /usr/share/djvu/djview4/djview_ru.qm djview /usr/share/djvu/djview4/djview_uk.qm djview /usr/share/djvu/djview4/djview_zh_cn.qm djview /usr/share/djvu/djview4/djview_zh_tw.qm djview /usr/share/icons/ djview /usr/share/icons/hicolor/ djview /usr/share/icons/hicolor/32×32/ djview /usr/share/icons/hicolor/32×32/mimetypes/ djview /usr/share/icons/hicolor/32×32/mimetypes/djvulibre-djview4.png djview /usr/share/icons/hicolor/64×64/ djview /usr/share/icons/hicolor/64×64/mimetypes/ djview /usr/share/icons/hicolor/64×64/mimetypes/djvulibre-djview4.png djview /usr/share/icons/hicolor/scalable/ djview /usr/share/icons/hicolor/scalable/mimetypes/ djview /usr/share/icons/hicolor/scalable/mimetypes/djvulibre-djview4.svgz djview /usr/share/man/ djview /usr/share/man/man1/ djview /usr/share/man/man1/djview.1.gz djview /usr/share/man/man1/nsdejavu.1.gz
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [icedtea-web] remove unsecure "IcedTeaPlugin.so" | Closed | |
Task Description
Remove “IcedTeaPlugin.so”, it uses deprecated/unsecure NPAPI[0] apis
Note: this package contains “Java Web Start” and unsecured NPAPI plugin, it needs change package description and description on optional dependencies in “jre{7,8}-openjdk” packages.
$ pacman -Si icedtea-web Repository : extra Name : icedtea-web Version : 1.6.2-2.hyperbola1 Description : Free web browser plugin to run applets written in Java and an implementation of Java Web Start, without nonfree firefox support Architecture : x86_64 URL : http://icedtea.classpath.org/wiki/IcedTea-Web Licenses : GPL2 Groups : None Provides : java-web-start Depends On : java-runtime-openjdk desktop-file-utils Optional Deps : rhino: for using proxy auto config files Conflicts With : None Replaces : icedtea-web-java7 Download Size : 1525.55 KiB Installed Size : 2108.00 KiB Packager : André Silva emulatorman@hyperbola.info Build Date : Fri 26 May 2017 06:13:18 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Ql icedtea-web icedtea-web /usr/ icedtea-web /usr/bin/ icedtea-web /usr/bin/itweb-settings icedtea-web /usr/bin/javaws icedtea-web /usr/bin/policyeditor icedtea-web /usr/lib/ icedtea-web /usr/lib/mozilla/ icedtea-web /usr/lib/mozilla/plugins/ icedtea-web /usr/lib/mozilla/plugins/IcedTeaPlugin.so icedtea-web /usr/share/ icedtea-web /usr/share/applications/ icedtea-web /usr/share/applications/itweb-settings.desktop icedtea-web /usr/share/applications/javaws.desktop icedtea-web /usr/share/icedtea-web/ icedtea-web /usr/share/icedtea-web/bin/ icedtea-web /usr/share/icedtea-web/bin/itweb-settings icedtea-web /usr/share/icedtea-web/bin/javaws icedtea-web /usr/share/icedtea-web/bin/policyeditor icedtea-web /usr/share/icedtea-web/javaws_splash.png icedtea-web /usr/share/icedtea-web/lib/ icedtea-web /usr/share/icedtea-web/lib/IcedTeaPlugin.so icedtea-web /usr/share/icedtea-web/netx.jar icedtea-web /usr/share/icedtea-web/plugin.jar icedtea-web /usr/share/man/ icedtea-web /usr/share/man/man1/ icedtea-web /usr/share/man/man1/icedtea-web-plugin.1.gz icedtea-web /usr/share/man/man1/icedtea-web.1.gz icedtea-web /usr/share/man/man1/itweb-settings.1.gz icedtea-web /usr/share/man/man1/javaws.1.gz icedtea-web /usr/share/man/man1/policyeditor.1.gz icedtea-web /usr/share/pixmaps/ icedtea-web /usr/share/pixmaps/javaws.png
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | Medium | Medium | [cinepaint] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [midori] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [w3m] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [pam] pam_unix2 is orphaned and dead upstream | Closed | |
|
|
Any | Security Issue | Very High | Critical | [wpa_supplicant] vulnerable to KRAK attack | Closed | |
|
|
Any | Security Issue | High | High | [podofo] vulnerable allows remote attackers to cause a ... | Closed | |
|
|
Any | Security Issue | High | High | [isync] needs update | Closed | |
|
|
Any | Security Issue | Medium | High | [blender] error invalid PGP keys | Closed | |
|
|
Any | Security Issue | Very High | Critical | [dillo] enable IPv6, SSL/TLS and threaded DNS support | Closed | |
|
|
Any | Security Issue | High | High | [busybox] CVE-2017-16544: autocompletion vulnerability | Closed | |
|
|
Any | Security Issue | Very High | Critical | [linux-libre-lts*] Meltdown & Spectre Vulnerability | Closed | |
|
|
Any | Security Issue | Very High | Critical | [libressl] add package as OpenSSL replacement and defau ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [avahi] blacklist package since it's a zeroconf impleme ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [electrum] JSONRPC vulnerability | Closed | |
|
|
Any | Security Issue | High | Critical | [irssi] IRSSI-SA-2018-02 Irssi Security Advisory | Closed | |
|
|
Any | Security Issue | High | Critical | [python2] heap-overflow vulnerability CVE-2018-1000030 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [mupdf] multiple security issues | Closed | |
|
|
Any | Security Issue | High | Critical | [geth] possible denial of service attacks "DoS Attack" | Closed | |
|
|
Any | Security Issue | Very Low | High | Iceweasel ESR request, | Closed | |
|
|
Any | Security Issue | Very High | Critical | [xen] multiple security issues: CVE-2018-10472, CVE-201 ... | Closed | |
|
|
Any | Security Issue | Medium | Critical | [glusterfs] CVE-2018-1088: Privilege escalation via gl ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [wget] - GNU Wget Cookie Injection CVE-2018-0494 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [networkmanager] CVE-2018-1111: DHCP client script code ... | Closed | |
|
|
Any | Security Issue | Very Low | Low | [gnupg-stable]: shall be upgraded to mitigate risks wit ... | Closed | |
|
|
Any | Security Issue | Very High | High | [gnupg] CVE-2018-12020 | Closed | |
|