|
Stable | Bug Report | High | High | [qemu] add missing libseccomp dependency | Closed | |
Task Description
I cannot start qemu (2.9.0-1) on latest hyperbola stable release.
Error message : qemu-system-x86_64: error while loading shared libraries: libseccomp.so.2
Thanks for your help
|
|
Any | Security Issue | Very Low | Medium | [qemu] Multiple CVE | Closed | |
Task Description
CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug https://www.openwall.com/lists/oss-security/2018/12/13/4
CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) https://www.openwall.com/lists/oss-security/2018/12/13/11
Patches included at above URLs.
|
|
Any | Bug Report | Low | Low | [qbittorrent-nox] uses "nox" suffix | Closed | |
Task Description
Description:
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Any | Implementation Request | Very Low | Low | [qarte] add package | Closed | |
Task Description
Request for :
qarte
“Allow you to browse into the archive of arte+7 & arteLiveWeb sites and to record your prefered videos.”
https://aur.archlinux.org/packages/qarte
License : GPL3
|
|
Any | Feature Request | High | High | [python] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si python
Repository : extra
Name : python
Version : 3.6.1-1
Description : Next generation of the python high-level scripting language
Architecture : x86_64
URL : http://www.python.org/
Licenses : custom
Groups : None
Provides : python3
Depends On : expat bzip2 gdbm openssl libffi zlib
Optional Deps : python-setuptools
python-pip
sqlite
mpdecimal: for decimal
xz: for lzma
tk: for tkinter
Conflicts With : None
Replaces : python3
Download Size : 33.19 MiB
Installed Size : 124.78 MiB
Packager : Felix Yan <felixonmars@archlinux.org>
Build Date : Sun 26 Mar 2017 01:29:51 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Replace Request | High | Critical | [python2] replace deprecated Python 2 to Tauthon | Closed | |
Task Description
Description:
replace deprecated Python 2 to Tauthon for Canis Major
Additional info:
Steps to reproduce:
|
|
Any | Feature Request | High | High | [python2] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si python2
Repository : extra
Name : python2
Version : 2.7.13-2
Description : A high-level scripting language
Architecture : x86_64
URL : http://www.python.org/
Licenses : PSF
Groups : None
Provides : None
Depends On : bzip2 gdbm openssl zlib expat sqlite libffi
Optional Deps : tk: for IDLE
python2-setuptools
python2-pip
Conflicts With : python<3
Replaces : None
Download Size : 10.81 MiB
Installed Size : 71.38 MiB
Packager : Pierre Schmitz <pierre@archlinux.de>
Build Date : Sat 11 Feb 2017 08:29:35 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Security Issue | High | Critical | [python2] heap-overflow vulnerability CVE-2018-1000030 | Closed | |
Task Description
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3→Malloc→Thread1→Free’s→Thread2-Re-uses-Free’d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.
https://security-tracker.debian.org/tracker/CVE-2018-1000030
|
|
Any | Freedom Issue | Medium | Low | [python2-tornado] vague terminology "Open Source" in de ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
community/python2-tornado 4.5.1-1 [installed]
open source version of the scalable, non-blocking web server and tools
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
free software version of the scalable, non-blocking web server and tools
|
|
Any | Freedom Issue | Medium | Low | [python2-scipy] vague terminology "Open Source" in desc ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
community/python2-scipy 0.19.0-1 [installed]
SciPy is open-source software for mathematics, science, and engineering.
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
SciPy is free software for mathematics, science, and engineering.
|
|
Stable | Bug Report | Very Low | Critical | [python2-reportlab] python2-pip dependency | Closed | |
Task Description
Since python-pip and python2-pip have been removed, I can’t install python2-reportlab because python2-pip is a dependency of this package. .
|
|
Any | Feature Request | High | High | [python2-pyopenssl] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si python2-pyopenssl
Repository : extra
Name : python2-pyopenssl
Version : 17.0.0-1
Description : Python2 wrapper module around the OpenSSL library
Architecture : any
URL : http://pypi.python.org/pypi/pyOpenSSL
Licenses : LGPL2.1
Groups : None
Provides : None
Depends On : openssl python2-six python2-cryptography
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 69.85 KiB
Installed Size : 556.00 KiB
Packager : Felix Yan <felixonmars@archlinux.org>
Build Date : Sat 22 Apr 2017 02:17:19 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Freedom Issue | Very Low | Low | [python2-pyinotify]: using kernel name instead of opera ... | Closed | |
Task Description
Description:
community/python2-pyinotify 0.9.6-3 [installed]
Python module used for monitoring filesystems events on Linux platforms with inotify.
community/qlandkartegt 1.8.1-8
See: https://www.gnu.org/philosophy/words-to-avoid.html#Linux
|
|
Any | Freedom Issue | Very Low | Low | [python2-pam]: using kernel name instead of operating s ... | Closed | |
Task Description
Description:
community/python2-pam 0.1.4-3 [installed]
Module that provides an authenticate function that allows the caller to authenticate a given username / password against the PAM sy stem on Linux.
See: https://www.gnu.org/philosophy/words-to-avoid.html#Linux
|
|
Any | Feature Request | High | High | [python2-m2crypto] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl-1.0.
$ pacman -Si python2-m2crypto
Repository : community
Name : python2-m2crypto
Version : 0.24.0-3
Description : A crypto and SSL toolkit for Python
Architecture : x86_64
URL : https://pypi.python.org/pypi/M2Crypto
Licenses : BSD
Groups : None
Provides : None
Depends On : python2 openssl-1.0
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 197.71 KiB
Installed Size : 1298.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Wed 05 Apr 2017 08:08:30 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [python2-gpgme] adapt package in accordance with the Hy ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Freedom Issue | Medium | Low | [python2-biopython]: using vague "freely available" ter ... | Closed | |
Task Description
community/python2-biopython 1.69-1
Freely available Python tools for computational molecular biology
See: https://www.gnu.org/philosophy/words-to-avoid.html#FreelyAvailable
Don’t use “freely available software” as a synonym for “free software.” The terms are not equivalent. Software is “freely available” if anyone can easily get a copy. “Free software” is defined in terms of the freedom of users that have a copy of it. These are answers to different questions.
|
|
Any | Freedom Issue | Medium | Low | [python-tornado] vague terminology "Open Source" in des ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
community/python-tornado 4.5.1-1 [installed]
open source version of the scalable, non-blocking web server and tools
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
free software version of the scalable, non-blocking web server and tools
|
|
Any | Freedom Issue | Medium | Low | [python-scipy] vague terminology "Open Source" in descr ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
community/python-scipy 0.19.0-1
SciPy is open-source software for mathematics, science, and engineering.
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
SciPy is free software for mathematics, science, and engineering.
|
|
Any | Feature Request | High | High | [python-pyopenssl] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si python-pyopenssl
Repository : extra
Name : python-pyopenssl
Version : 17.0.0-1
Description : Python3 wrapper module around the OpenSSL library
Architecture : any
URL : http://pypi.python.org/pypi/pyOpenSSL
Licenses : LGPL2.1
Groups : None
Provides : pyopenssl
Depends On : openssl python-six python-cryptography
Optional Deps : None
Conflicts With : pyopenssl
Replaces : pyopenssl
Download Size : 71.49 KiB
Installed Size : 507.00 KiB
Packager : Felix Yan <felixonmars@archlinux.org>
Build Date : Sat 22 Apr 2017 02:17:19 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Freedom Issue | Very Low | Low | [python-pyinotify]: using kernel name instead of operat ... | Closed | |
Task Description
Description:
community/python-pyinotify 0.9.6-3
Python module used for monitoring filesystems events on Linux platforms with inotify.
See: https://www.gnu.org/philosophy/words-to-avoid.html#Linux
|
|
Any | Freedom Issue | Very High | Critical | [python-pip][python2-pip] Pip recommends proprietary so ... | Closed | |
Task Description
Description: pip allows the user to search and install packages from the PyPi repository, which contains proprietary software.
Additional info: * example of proprietary package in PyPi repository: https://pypi.org/project/snaplogic * Trisquel’s solution was to remove python-pip: https://trisquel.info/en/issues/3741
Steps to reproduce: $ sudo pacman -S python-pip $ pip search snaplogic # prints information about proprietary package $ pip install snaplogic # installs proprietary package
|
|
Any | Bug Report | Very Low | Medium | [python-pafy] Like/dislike ratio and category not displ ... | Closed | |
Task Description
Tried browsing videos in other YouTube client(s) such as mps-youtube. Minor problems, like/dislike ratio and category aren’t displaying of video metadata.
|
|
Any | Feature Request | High | High | [python-gpgme] adapt package in accordance with the Hyp ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Implementation Request | Very Low | Low | [python-cheat] add package | Closed | |
Task Description
Hello,
Could it be possible to add this package :
python-cheat
“Cheat allows you to create and view interactive cheatsheets on the command-line.”
https://aur.archlinux.org/packages/python-cheat/
https://github.com/chrisallenlane/cheat
License : GPL3
Thanks
|
|
Any | Freedom Issue | Medium | Low | [python-biopython]: using vague "freely" term in descri ... | Closed | |
|
|
Any | Bug Report | Very High | Critical | [python-acme] to start crashing on June 19th | Closed | |
|
|
Any | Feature Request | High | High | [pyrit] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [pypy] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [pyopenssl] rebuild package against libressl | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [pymol] vague terminology "Open Source" in description ... | Closed | |
|
|
Any | Feature Request | Medium | Medium | [pybitmessage] Package Request | Closed | |
|
|
Any | Feature Request | High | High | [pwsafe] rebuild package against libressl | Closed | |
|
|
Any | Freedom Issue | Very High | Critical | [purple-skypeweb] Plugin only useful with Skype | Closed | |
|
|
Any | Privacy Issue | Very Low | Low | [purple-plugin-pack] Provides Napster support which is ... | Closed | |
|
|
Any | Implementation Request | Very Low | Medium | [purple-matrix] Please add package | Closed | |
|
|
Any | Privacy Issue | Very High | Critical | [purple-facebook] only useful with Facebook service | Closed | |
|
|
Any | Feature Request | High | High | [pulseaudio] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [pulseaudio-zeroconf] rebuild package against libressl | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [publicsuffix-list] vague terminology "Vendor" in descr ... | Closed | |
|
|
Any | Feature Request | High | High | [pth] adapt package in accordance with the Hyperbola Pa ... | Closed | |
|
|
Any | Feature Request | High | High | [psmisc] adapt package in accordance with the Hyperbola ... | Closed | |
|
|
Any | Feature Request | High | High | [proxytunnel] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [prosody] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | Very High | High | [prosody] needs OpenRC init script and contains systemd ... | Closed | |
|
|
Any | Update Request | Very Low | High | [proj]: please update to latest version | Closed | |
|
|
Any | Feature Request | Very High | High | [procps-ng] add init file to load sysctl configuration ... | Closed | |
|
|
Any | Feature Request | High | High | [procps-ng] adapt package in accordance with the Hyperb ... | Closed | |
|
|
Any | Feature Request | High | High | [procinfo-ng] adapt package in accordance with the Hype ... | Closed | |
|
|
Testing | Feature Request | Medium | Medium | [ppp] needs OpenRC init script | Closed | |
|