|
Stable | Security Issue | Very Low | Critical | [lts-kernel][sec] filter /dev/mem access & restrict acc ... | Closed | |
Task Description
These two options could be enabled :
Kernel hacking → [*] Filter access to /dev/mem [*] Filter I/O access to /dev/mem
Security options → [*] Restrict unprivileged access to the kernel syslog
|
|
Any | Security Issue | Very Low | Critical | [opensmtpd] CVE-2020-8794 | Closed | |
Task Description
Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/
Qualys Security Advisory
LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)
Summary Analysis ... Acknowledgments
We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This vulnerability, an out-of-bounds read introduced in December 2015 (commit 80c6a60c, “when peer outputs a multi-line response ...”), is exploitable remotely and leads to the execution of arbitrary shell commands: either as root, after May 2018 (commit a8e22235, “switch smtpd to new grammar”); or as any non-root user, before May 2018.
Because this vulnerability resides in OpenSMTPD’s client-side code (which delivers mail to remote SMTP servers), we must consider two different scenarios:
- Client-side exploitation: This vulnerability is remotely exploitable
in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.
- Server-side exploitation: First, the attacker must connect to the
OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).
We developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the first vulnerable release), Debian 10 (stable), Debian 11 (testing), and Fedora 31.
The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”
|
|
Stable | Security Issue | Very Low | Medium | [git] Multiple CVEs | Closed | |
Task Description
CVE-2020-5260 has been fixed very recently in Debian, so I thought I would apply this patch. However, I found out that security patches have not been applied for quite a while (I could account for at least 6 CVEs).
Considering that the version in Debian stretch (2.11.0) is the nearest version with security patches released by Debian and that git project oldest supported version is 2.17, I have used patches from Debian stretch to apply on 2.12.2 currently in Milky Way.
But I have the following error on check():
| *** prove ***
|
| Test Summary Report
| -------------------
| t5570-git-daemon.sh (Wstat: 256 Tests: 20 Failed: 10)
| Failed tests: 3-7, 15-19
| Non-zero exit status: 1
| t5811-proto-disable-git.sh (Wstat: 256 Tests: 26 Failed: 16)
| Failed tests: 2-6, 9-11, 15-19, 21-23
| Non-zero exit status: 1
| Files=769, Tests=14137, 1101 wallclock secs ( 8.08 usr 1.12 sys + 144.48 cusr 63.42 csys = 217.10 CPU)
| Result: FAIL
| make[1]: *** [Makefile:45: prove] Error 1
| make[1]: Leaving directory '/build/git/src/git-2.12.2/t'
| make: *** [Makefile:2291: test] Error 2
| ==> ERROR: A failure occurred in check().
| Aborting...
This does not seem to be related to my change as the current version in Milky Way produces the same error (IOW the package currently in Milky Way is not rebuidable).
|
|
Any | Security Issue | Very Low | Medium | mount.davfs: unknown file system davfs due to paths cha ... | Closed | |
Task Description
This is same issue as on: https://bugzilla.redhat.com/show_bug.cgi?id=1151273
The paths changed and trying to mount davfs file system defined in /etc/fstab fails with error: unknown file system davfs
To remedy, I made symlink in /sbin to mount.davfs
The transition of paths had to take that in account as many mounted remote disks failed after upgrade.
|
|
Any | Replace Request | Very Low | Medium | [youtube-dl] replace avideo-lts with youtube-dl | Closed | |
Task Description
Please, replace avideo-lts with youtube-dl. avideo-lts haven’t seen any updates for almost a year and is probably abandoned. Also Stallman confirmed youtube-dl doesn’t execute any non-free JavaScript, so its inclusion doesn’t go against Social Contract.
|
|
Stable | Replace Request | Very Low | Low | [avideo] Replace with youtube-dl | Closed | |
Task Description
What do you think ? Avideo is not updated anymore, can’t we use regular youtube-dl instead as RMS himself say :
“youtube-dl is okay to be in the Directory because it does not actually execute nonfree JS as we first suspected.”
Source : https://directory.fsf.org/wiki/Youtube-dl Also : https://github.com/fent/node-ytdl-core/issues/222
|
|
Stable | Replace Request | Very Low | Medium | Package ossp has got systemd dependencies | Closed | |
Task Description
Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!
Additional info: * package version(s) 1.3.2-15
|
|
Testing | Replace Request | Very Low | Medium | replace request: NetworkManager with wpa_cute | Closed | |
Task Description
https://github.com/loh-tar/wpa-cute/releases
I know there are plans to remove NetworkManager. I wondered if we could replace it in 0.4 with Wpa_Cute. seen in the above link.
I haven’t been able to compile it, but it has been updated as recent as 2018 december (stable)
or 2019 january. :)
WPA_GUI doesn’t seem to work well for me, it runs into weird errors when I start it. Long story short, I run into this issue with wpa_supplicant when i do it manually:
https://wiki.archlinux.org/index.php/Wpa_supplicant:
Password-related problems
wpa_supplicant may not work properly if directly passed via stdin particularly long or complex passphrases which include special characters. This may lead to errors such as failed 4-way WPA handshake, PSK may be wrong when launching wpa_supplicant.
In order to solve this try using here strings wpa_passphrase <MYSSID> «< “<passphrase>” or passing a file to the -c flag instead:
# wpa_supplicant -i <interface> -c /etc/wpa_supplicant/example.conf
In some instances it was found that storing the passphrase cleartext in the psk key of the wpa_supplicant.conf network block gave positive results (see [2]). However, this approach is rather insecure. Using wpa_cli to create this file instead of manually writing it gives the best results most of the time and therefore is the recommended way to proceed. Problems with eduroam and other MSCHAPv2 connections
This is my issue with wpa_supplicant sadly... and I do not know how to workaround that without a GUI.
but Wpa_Supplicant_gui does not fix it either, it doesn’t even load properly on my other laptop.
It says it cannot get the status of wpa_supplicant when I load it.
This could be an issue if you get rid of NetworkManager for some users.
So yeah, please take a look at my request okay? Wait for 0.3 to be released to add this if possible. I know you guys are overworked, etc... and it doesn’t need to be done now anyhow. ;)
|
|
Any | Privacy Issue | Very Low | Medium | [avahi] avahi publishes the hostname by default | Closed | |
Task Description
By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.
|
|
Any | Privacy Issue | Very Low | Low | [purple-plugin-pack] Provides Napster support which is ... | Closed | |
Task Description
purple-plugin-pack provides access to Napster which is only useful with a single company and sever (as far as I could tell).
|
|
Any | Implementation Request | Low | Low | [codecrypt] add new package | Closed | |
Task Description
This is a GnuPG-like unix program for encryption and signing that uses only quantum-computer-resistant algorithms:
McEliece cryptosystem (compact QC-MDPC variant) for encryption
Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures
Codecrypt is free software. The code is licensed under terms of LGPL3 in a good hope that it will make combinations with other tools easier.
|
|
Any | Implementation Request | Very Low | Low | [fsearch] add package | Closed | |
Task Description
Could it be possible to add :
fsearch
https://github.com/cboxdoerfer/fsearch
License : GPL
|
|
Any | Implementation Request | Very Low | Low | [flowblade] add package | Closed | |
Task Description
Could it be possible to add :
flowblade
https://www.parabola.nu/packages/pcr/any/flowblade/
“a multitrack non-linear video editor for GNU/Linux”
License : GPL3
Thanks
|
|
Any | Implementation Request | Very Low | Low | [whipper] add package | Closed | |
Task Description
Could it be possible to add :
whipper
“A Unix CD ripper aiming for accuracy over speed – forked from morituri”
https://www.parabola.nu/packages/community/any/whipper/ https://github.com/JoeLametta/whipper
License : GPL3
Thanks
|
|
Any | Implementation Request | Very Low | Low | [sacd-extract] add package | Closed | |
Task Description
Could it be possible to add :
sacd-extract
“Extract DSD files from an SACD image”
https://www.parabola.nu/packages/pcr/x86_64/sacd-extract/ https://sourceforge.net/p/sacd-ripper/
License : GPL2
Thanks
|
|
Any | Implementation Request | Very Low | Low | [radiotray] add package | Closed | |
Task Description
Hello,
Could it be possible to add :
radiotray
“An online radio streaming player that runs on a Linux system tray.”
https://aur.archlinux.org/packages/radiotray/
License : GPL
Thanks
|
|
Any | Implementation Request | Very Low | Low | [ttf-font-awesome] add ttf-font-awesome font | Closed | |
Task Description
Could it be possible to add :
ttf-font-awesome
to the repo ?
https://www.parabola.nu/packages/community/any/ttf-font-awesome/ http://fontawesome.io/
Thanks
|
|
Any | Implementation Request | Very Low | Low | [awesome-terminal-fonts] add package | Closed | |
Task Description
Could it be possible to add :
awesome-terminal-fonts
to the repo please ?
https://www.parabola.nu/packages/community/any/awesome-terminal-fonts/ https://github.com/gabrielelana/awesome-terminal-fonts
Thanks
|
|
Any | Implementation Request | Very Low | Low | [w_scan] add package | Closed | |
Task Description
Hello,
Could it be possible to add this package :
w_scan
“Universal ATSC and DVB blind scanner”
https://aur.archlinux.org/packages/w_scan/
License : GPL
Thanks
|
|
Any | Implementation Request | Very Low | Low | [qpdfview] add package | Closed | |
Task Description
Hello,
Could it be possible to add this package :
qpdfview
“A tabbed PDF viewer using the poppler library.”
https://www.parabola.nu/packages/community/x86_64/qpdfview/
License : GPL2
Thanks
|
|
Any | Implementation Request | Very Low | Low | [menulibre] add package | Closed | |
Task Description
Hello,
Could it be possible to add this package :
menulibre
“An advanced menu editor that provides modern features in a clean, easy-to-use interface. All without GNOME dependencies”
https://aur.archlinux.org/packages/menulibre/
License : GPL3
Thanks
|
|
Any | Implementation Request | Very Low | Low | [crunch] add package | Closed | |
Task Description
Hello,
Could it be possible to add this package :
crunch
“A wordlist generator where you can specify a standard character set or a character set you specify and generate all possible combinations and permutations.”
https://aur.archlinux.org/packages/crunch/
License : GPL2
Thanks
|
|
Any | Implementation Request | Very Low | Low | [dmg2img] add package | Closed | |
Task Description
Hello,
Could it be possible to add this package :
dmg2img
“A CLI tool to uncompress Apple’s compressed DMG files to the HFS+ IMG format”
https://aur.archlinux.org/packages/dmg2img/
License : GPL2
Thanks
|
|
Any | Implementation Request | Very Low | Medium | [sway] needs OpenRC init script | Closed | |
Task Description
$ pacman -Si sway
Repository : community
Name : sway
Version : 0.15.1-1.hyperbola1
Description : i3 compatible window manager for Wayland, without systemd support
Architecture : x86_64
URL : http://swaywm.org
Licenses : MIT
Groups : None
Provides : None
Depends On : wlc xorg-server-xwayland json-c pango wayland gdk-pixbuf2
Optional Deps : rxvt-unicode: Default terminal emulator.
dmenu: Default for launching applications.
imagemagick: For taking screenshots.
ffmpeg: For recording screencasts.
i3status: To display system information with a bar.
Conflicts With : None
Replaces : None
Download Size : 4.79 MiB
Installed Size : 5.47 MiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Thu 01 Feb 2018 04:37:34 AM CET
Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Ql sway
sway /etc/
sway /etc/pam.d/
sway /etc/pam.d/swaylock
sway /etc/sway/
sway /etc/sway/config
sway /etc/sway/security.d/
sway /etc/sway/security.d/00-defaults
sway /usr/
sway /usr/bin/
sway /usr/bin/sway
sway /usr/bin/swaybar
sway /usr/bin/swaybg
sway /usr/bin/swaygrab
sway /usr/bin/swaylock
sway /usr/bin/swaymsg
sway /usr/share/
sway /usr/share/backgrounds/
sway /usr/share/backgrounds/sway/
sway /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1136x640.png
sway /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1136x640_Portrait.png
sway /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1366x768.png
sway /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1920x1080.png
sway /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_2048x1536.png
sway /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_2048x1536_Portrait.png
sway /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_768x1024.png
sway /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_768x1024_Portrait.png
sway /usr/share/licenses/
sway /usr/share/licenses/sway/
sway /usr/share/licenses/sway/LICENSE
sway /usr/share/man/
sway /usr/share/man/man1/
sway /usr/share/man/man1/sway.1.gz
sway /usr/share/man/man1/swaygrab.1.gz
sway /usr/share/man/man1/swaylock.1.gz
sway /usr/share/man/man1/swaymsg.1.gz
sway /usr/share/man/man5/
sway /usr/share/man/man5/sway-bar.5.gz
sway /usr/share/man/man5/sway-input.5.gz
sway /usr/share/man/man5/sway.5.gz
sway /usr/share/man/man7/
sway /usr/share/man/man7/sway-security.7.gz
sway /usr/share/wayland-sessions/
sway /usr/share/wayland-sessions/sway.desktop
|
|
Any | Implementation Request | Very Low | Low | [gcdemu] add package | Closed | |
Task Description
Hello,
Could it be possible to add this package :
gcdemu
“GNOME panel applet controlling cdemu-daemon”
https://aur.archlinux.org/packages/gcdemu
http://cdemu.sourceforge.net/
License : GPL2
Thanks
|
|
Any | Implementation Request | Very Low | Low | [python-cheat] add package | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [accuraterip-checksum] add package | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [pacpl] Add package | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [gmusicbrowser] Add package | Closed | |
|
|
Any | Implementation Request | Very Low | Medium | Qemu Documentation Request | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [quiterss] add package | Closed | |
|
|
Any | Implementation Request | Very Low | Medium | bitlbee plugins | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [wekan] add package | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [moloch] add package | Closed | |
|
|
Any | Implementation Request | Medium | Low | Scid vs. PC – PGN Reader/ChessBase | Closed | |
|
|
Any | Implementation Request | Medium | Low | Stockfish Chess Engine | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [powerpill] add package | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [flacon] add package | Closed | |
|
|
Any | Implementation Request | Very Low | Medium | [arm-linux-gnueabihf-gcc] add package | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [gogs] add package | Closed | |
|
|
Any | Implementation Request | Very Low | Medium | [etherpad-lite] add package | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [gimagereader] add package | Closed | |
|
|
Any | Implementation Request | Very Low | High | [glom]: should depend on libgda | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [exifread] add package | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [obmenu-generator] add package | Closed | |
|
|
Stable | Implementation Request | Very Low | Low | BitWarden, a free & open source password manager | Closed | |
|
|
Any | Implementation Request | Very Low | Low | [sayonara] add package | Closed | |
|
|
Any | Implementation Request | Low | Low | [i2p] add new package | Closed | |
|
|
Any | Implementation Request | Very High | Medium | [coturn] add new package | Closed | |
|
|
Any | Implementation Request | Very High | Medium | [mediagoblin] add GNU MediaGoblin package | Closed | |
|