Packages

Category Task Type Priority Severity Summary Status  desc Progress
AnyBug ReportHighCritical [zathura-ps] needs to be recompiled Closed
100%
Task Description

Description:
Since the update to 0.3.9 (or the update of girara to 0.2.9), zathura-pdf-poppler returns the following error:

error: Could not load plugin '/usr/lib/zathura/ps.so' (libgirara-gtk3.so.2: cannot open shared object file: No such file or directory).
AnyBug ReportHighCritical [links][elinks] segmentation fault after start by termi ...Closed
100%
Task Description

Description:

  • Segmentation fault after start by terminal emulator but elinks does not crash in console. After that, it prints characters when mouse buttons pressed so it can not copy its output.

Additional info:
* package version(s)

  • links 2.14-2
  • elinks 0.13-18

* config and/or log files etc.

  • gdb output for links 2.16:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4295e43 in strchrnul () from /usr/lib/libc.so.6
  • gdb output for elinks 0.13-18:
[New Thread 0x7ffff4dfb700 (LWP 8393)]
Thread 1 "elinks" received signal SIGSEGV, Segmentation fault.
0x00007ffff5fa3e43 in strchrnul () from /usr/lib/libc.so.6

Steps to reproduce:

  • Run links and elinks by terminal emulator
AnyBug ReportVery LowCritical [apache]: cannot start if NetworkManager is not started Closed
100%
Task Description

Description:

Apache web server shall be running with or without the external network, and without NetworkManager.

rc-service httpd start

will give the message that NetworkManager must be started first, and will not start apache web server. I cannot find in which file is that written.

Steps to reproduce:

1. Disconnect network. Start computer.

2. Try to start apache with above command.

That makes no sense, as Apache can run on local network without NetworkManager and it is not written in the description.

AnySecurity IssueVery HighCritical [schroedinger] unmaintained and unsupportable Closed
100%
Task Description

Description:

  • Remove Schrödinger in Hyperbola because it’s unmaintained and unsupportable. [0] [1]
  • Note: It requires [ffmpeg], [ffmpeg2.8] and [gst-plugins-bad] rebuilding

Additional info:

  • schroedinger 1.0.11-3
$ pacman -Si schroedinger
Repository      : extra
Name            : schroedinger
Version         : 1.0.11-3
Description     : An implemenation of the Dirac video codec in ANSI C code
Architecture    : x86_64
URL             : https://launchpad.net/schroedinger
Licenses        : GPL2  LGPL2.1  MPL  MIT
Groups          : None
Provides        : None
Depends On      : orc  gcc-libs
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 331.64 KiB
Installed Size  : 1676.00 KiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Sat 05 Dec 2015 12:28:01 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

  • Contains security holes.
AnySecurity IssueVery HighCritical [vlc] CVE-2017-17670 Closed
100%
Task Description

Description:

  • In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

Additional info:
* package version(s)

  • 2.2.6-1.hyperbola1

* config and/or log files etc.

  • None

Steps to reproduce:

  • Run VLC
AnySecurity IssueVery HighCritical [vlc] CVE-2018-11529 Closed
100%
Task Description

Description:

  • VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Additional info:
* package version(s)

  • 2.2.6-1.hyperbola1

* config and/or log files etc.

  • None

Steps to reproduce:

  • Run VLC
AnySecurity IssueHighCritical [octopi] uploads system logs to ptpb.pw without confirm ...Closed
100%
Task Description

Octopi 0.9.0 is uploading system logs to ptpb.pw without confirmation through :

Tools
→ SysInfo → ptpb.pw

I think it should be either disabled or add at least a patch to ask for a confirmation.
An other way could be to patch this :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
256:  return ptpb;

to :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **https://ptpb.pw/", tempFile->fileName());
256:  return ptpb;

This way, you can at least ask for log deletion with the help of log uuid as explained here : https://ptpb.pw/#id10

AnySecurity IssueVery HighCritical [qtpass] Insecure Password Generation prior to 1.2.1 Closed
100%
Task Description

Description:
As stated on the home page of the project (https://qtpass.org/):
<quote>
All passwords generated with QtPass’ built-in password generator prior to 1.2.1 are possibly predictable and enumerable by hackers.
</quote>

AnyFreedom IssueVery HighCritical [qtemu] package recommends installing non-free OSes Closed
100%
Task Description

When running QtEmu for the first time and running the new machine wizard, the software lists non-free operating systems and refers to GNU/Linux as Linux.

It would be nice to list LibertyBSD in the list of distros in this software in addition to GNU/Linux and GNU/Hurd (which are listed in aqemu).

AnySecurity IssueVery HighCritical [toxcore] Memory leak - Remote DDoS vunerability Closed
100%
Task Description

Description:

A memory leak bug was discovered in Toxcore that can be triggered remotely to exhaust one’s system memory, resulting in a denial of service attack... As a general reminder, if you are still using irungentoo’s toxcore, we strongly encourage you to switch to using TokTok c-toxcore instead as it’s a lot more actively developed and maintained. In fact, irungentoo’s toxcore is neither being developed nor maintained for some time now, aside from merging only the most critical fixes from TokTok c-toxcore from time to time, missing all other important fixes.

Additional info:
* package version(s): < 2.8

https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/

AnySecurity IssueVery HighCritical [libssh] CVE-2018-10933 Closed
100%
Task Description

Description:
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authentciate
without any credentials.

Additional info:
* package version(s) : extra/libssh 0.7.5-1

CVE

AnySecurity IssueVery HighCritical [openldap] 2.4.44 multiple security issues Closed
100%
Task Description

Description:
Changelog

2.4.46 is fixing a huge quantity of issues (TLS related & memory leak)

Additional info:
* package version(s) : 2.4.44

AnySecurity IssueVery HighCritical [php] CVE-2017-9120 Closed
100%
Task Description

Description:

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

Additional info:
* package version(s)

$ pacman -Si php
Repositorio               : extra
Nombre                    : php
Versión                   : 7.1.4-3.hyperbola3
Descripción               : A general-purpose scripting language that is especially suited to web development, without systemd support
Arquitectura              : x86_64
URL                       : http://www.php.net
Licencias                 : PHP
Grupos                    : Nada
Provee                    : php-ldap=7.1.4
Depende de                : libxml2  curl  libzip  pcre
Dependencias opcionales   : Nada
En conflicto con          : php-ldap
Remplaza a                : php-ldap
Tamaño de la descarga     : 3,02 MiB
Tamaño de la instalación  : 15,94 MiB
Encargado                 : André Silva <emulatorman@hyperbola.info>
Fecha de creación         : mié 27 dic 2017 19:15:03 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

Last update of php be v7.1.x is v7.1.23:

- https://secure.php.net/ChangeLog-7.php#7.1.23

Patch availabble from v7.1.5
https://bugs.php.net/bug.php?id=74544

Steps to reproduce:

- Install php

StableUpdate RequestHighCritical [system-config-printer] update to 1.5.11 Closed
100%
Task Description

Description:

this release is mostly bugfix, updated translations, removed some deprecated parts in code (abandoning libgnome-keyring and starting using libsecret) and in UI and added Till’s patches from Ubuntu (Thank you, Till!).

Additional info:
* package version(s)

# pacman -Si system-config-printer
Repositorio               : extra
Nombre                    : system-config-printer
Versión                   : 1.5.9-2
Descripción               : A CUPS printer configuration tool and status applet
Arquitectura              : x86_64
URL                       : https://github.com/zdohnal/system-config-printer
Licencias                 : GPL
Grupos                    : Nada
Provee                    : Nada
Depende de                : python-pycups  python-dbus  python-pycurl  libnotify  python-requests  python-gobject  gtk3  python-cairo
Dependencias opcionales   : python-pysmbc: SMB browser support
                            python-packagekit: to install drivers with PackageKit
                            cups-pk-helper: PolicyKit helper to configure cups with fine-grained privileges
En conflicto con          : Nada
Remplaza a                : Nada
Tamaño de la descarga     : 908,59 KiB
Tamaño de la instalación  : 7159,00 KiB
Encargado                 : Andreas Radke <andyrtr@archlinux.org>
Fecha de creación         : vie 27 ene 2017 04:18:24 -03
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

Steps to reproduce:

StableFreedom IssueVery HighCritical [cool-retro-term] update package to 1.0.1 and remove no ...Closed
100%
Task Description

In the latest version fixes several issues and font improvements[1], but unfortunately there is a major problem contained five three non-libre/free typefaces in the source code.

  • Apple II (1977): a licence forbids to sell and modify. Already removed
  • Commodore PET (1977): a licence forbids to sell and modify. Already removed
  • Atari 400/800 (1979): in the latest version, there is a vague term “freeware”[2] in documentation, but forbids to sell and modify.
  • Commercial 64 (1982): a licence forbids to sell. Already removed
  • Monaco (modern): proprietary from Apple.
$ rm -fr "./app/qml/fonts/{1977-*,1979-atari-400-800,1982-commodore64,modern-monaco}/";

Also, I attached three QML source code diff files down below, by removing and replacing strings.

[1]: https://github.com/Swordfish90/cool-retro-term/releases/tag/1.0.1/
[2]: https://www.gnu.org/philosophy/words-to-avoid#Freeware

StableFreedom IssueVery HighCritical [xorg-fonts-misc] contains non-libre/free Syriac typefa ...Closed
100%
Task Description

A Syriac typeface family series of Beth Mardutho’s Meltho is considered as non-libre/free because a licence forbids to modify[1], and should be removed immediately.

[1]: https://github.com/freedesktop/xorg-misc-meltho/raw/master/license.txt

AnyFreedom IssueVery HighCritical [python-pip][python2-pip] Pip recommends proprietary so ...Closed
100%
Task Description

Description:
pip allows the user to search and install packages from the PyPi repository, which contains proprietary software.

Additional info:
* example of proprietary package in PyPi repository: https://pypi.org/project/snaplogic * Trisquel’s solution was to remove python-pip: https://trisquel.info/en/issues/3741

Steps to reproduce:
$ sudo pacman -S python-pip
$ pip search snaplogic # prints information about proprietary package
$ pip install snaplogic # installs proprietary package

AnyFreedom IssueVery HighCritical [purple-skypeweb] Plugin only useful with Skype Closed
100%
Task Description

Please remove as plugin is only useful with Skype hosted by a single company on a single server as far as I can tell (unlike pidgin-sipe).

StableFreedom IssueVery HighCritical [gftp] Remove many other (old and dead) FTP site bookma ...Closed
100%
Task Description

Contains many other (old and dead) non-FSDG distro and software archive and repo FTP sites, and must remove carefully.

StableImplementation RequestMediumCritical [strongswan] add new package Closed
100%
Task Description

Description:

Package strongSwan is missing. Can it please be added to relevant repository? The package’s presence is critical for using IKEv2 in VPN.

Additional info:

* Source: Please see added link

Steps to reproduce:

N/A

AnyFreedom IssueVery HighCritical [man-pages] contains nonfree POSIX manual pages Closed
100%
Task Description

Description:

  • Arch distributes a version of man-pages with manual pages from the POSIX standard. The man-pages project is permitted to distribute them and Andries Brouwer assumes that re-distribution by vendors is permitted as well. However, modification is definitively not allowed, hence this contribution by The Institute of Electrical and Electronics Engineers and The Open Group render the entire man-pages package nonfree. The way to solve it is remove all nonfree POSIX manual pages from man-pages package.

Additional info:
* package version(s)

  • 4.11-1

* config and/or log files etc.

  • License file (POSIX-COPYRIGHT):
The Institute of Electrical and Electronics Engineers (IEEE) and
The Open Group, have given us permission to reprint portions of
their documentation.

In the following statement, the phrase ``this text'' refers to
portions of the system documentation.

Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1, 2013 Edition, Standard for Information Technology
-- Portable Operating System Interface (POSIX), The Open Group Base
Specifications Issue 7, Copyright (C) 2013 by the Institute of Electri-
cal and Electronics Engineers, Inc and The Open Group.  (This is
POSIX.1-2008 with the 2013 Technical Corrigendum 1 applied.) In the
event of any discrepancy between this version and the original IEEE and
The Open Group Standard, the original IEEE and The Open Group Standard
is the referee document.  The original Standard can be obtained online
at http://www.unix.org/online.html .

This notice shall appear on any product containing this material.

Redistribution of this material is permitted so long as this notice and
the corresponding notices within each POSIX manual page are retained on
any distribution, and the nroff source is included. Modifications to
the text are permitted so long as any conflicts with the standard
are clearly marked as such in the text.

Steps to reproduce:

  • See license in /usr/share/licenses/man-pages/POSIX-COPYRIGHT
AnyBug ReportVery HighCritical [linux-libre-lts] spinlock not released on kernel by i9 ...Closed
100%
Task Description

Description:

With the latest release of the kernel, xwindow does not start anymore. I had to revert to 4.9.143.

Additional info:
* package version(s): linux-libre-lts-4.9.150_gnu-0-x86_64.pkg.tar.xz

Steps to reproduce:

Upgrade to the following:
- linux-libre-lts-4.9.150_gnu-0-x86_64.pkg.tar.xz
- linux-libre-lts-headers-4.9.150_gnu-0-x86_64.pkg.tar.xz
- acpi_call-lts-1.1.0-42.hyperbola34.6-x86_64.pkg.tar.xz

And try to start xwindow

StableReplace RequestVery LowCritical [spamassassin] includes dependencies for systemd Closed
100%
Task Description

Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 3.4.1-7

StableReplace RequestVery LowCritical [opendkim] includes dependencies for systemd Closed
100%
Task Description

Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 2.10.3-4

AnySecurity IssueVery LowCritical [dokuwiki] CVEs Closed
100%
Task Description

Our current dokuwiki 20170219_b-1 has two serious CVE.

Error message attached after the first installation

AnySecurity IssueVery LowCritical [tcpreplay] CVEs Closed
100%
AnyBug ReportVery HighCritical [electrum] package no longer works Closed
100%
AnyBug ReportHighCritical [electrum] updated package still does not work Closed
100%
StableSecurity IssueVery HighCritical [exim] CVE-2019-10149 Closed
100%
AnyFreedom IssueVery HighCritical [supertuxkart] remove nonfree Ubuntu Font Family fonts Closed
100%
AnyFreedom IssueVery LowCritical [flatpak] Access to proprietary applications Closed
100%
TestingBug ReportMediumCritical [rsyslog] wrong reference to /usr/bin/rsyslog in /etc/l ...Closed
100%
AnyBug ReportVery HighCritical [cups] [cups-filters] ServerBin directory inconsistency Closed
100%
StableBug ReportMediumCritical [mkinitcpio] crc32c_generic module missing with regular ...Closed
100%
StableBug ReportMediumCritical [virt-manager] Failed to initialize a valid firewall ba ...Closed
100%
StableBug ReportMediumCritical [v4l-utils] Error in `dvbv5-scan': double free or corru ...Closed
100%
StableBug ReportMediumCritical [lynis] Unable to run audit on remote target because of ...Closed
100%
StableBug ReportHighCritical  [gufw] FileNotFoundError: [Errno 2] '/usr/sbin/ufw': ' ...Closed
100%
AnyFreedom IssueVery HighCritical [clementine] using non-free services and interfaces Closed
100%
AnyFreedom IssueVery HighCritical [gens] contains nonfree Starscream code Closed
100%
AnyFreedom IssueVery HighCritical [gens-gs] contains nonfree Starscream code and the Poor ...Closed
100%
AnyFreedom IssueVery HighCritical [dgen-sdl] contains nonfree CZ80, dZ80, DrZ80, Multi-Z8 ...Closed
100%
StableBug ReportMediumCritical [apache][modules][FHS] move external modules to new loc ...Closed
100%
StableBug ReportMediumCritical [roundcubemail-lts] not compatible with PHP 7.1 Closed
100%
AnySecurity IssueVery HighCritical [libarchive] CVE-2019-18408 Closed
100%
StableFreedom IssueHighCritical [smplayer] Removal of unfree "Chromecast"-plugin Closed
100%
StableBug ReportVery LowCritical [gtk-2] Severe problems with GTK2-applications Closed
100%
StableFreedom IssueVery LowCritical [keybase] Complete removal of tool Closed
100%
AnySecurity IssueVery HighCritical [grub2] UEFI SecureBoot vulnerability + multiple flaws  ...Closed
100%
TestingBug ReportVery LowCritical [Hyperbola GNU/Linux-libre 0.4] Installation issue for  ...Closed
100%
Showing tasks 451 - 500 of 1517 Page 10 of 31

Available keyboard shortcuts

Tasklist

Task Details

Task Editing