Packages

Rebuild package against libressl, since it depends on openssl-1.0.

$ pacman -Si qt4
Repository      : extra
Name            : qt4
Version         : 4.8.7-19
Description     : A cross-platform application and UI framework
Architecture    : x86_64
URL             : http://www.qt.io
Licenses        : GPL3  LGPL  FDL  custom
Groups          : None
Provides        : None
Depends On      : sqlite  ca-certificates  fontconfig  libgl  libxrandr  libxv  libxi  alsa-lib  xdg-utils  hicolor-icon-theme  desktop-file-utils  libmng
                  dbus  openssl-1.0
Optional Deps   : postgresql-libs: PostgreSQL driver
                  libmariadbclient: MariaDB driver
                  unixodbc: ODBC driver
                  libfbclient: Firebird/iBase driver
                  libxinerama: Xinerama support
                  libxcursor: Xcursor support
                  libxfixes: Xfixes support
                  icu: Unicode support
                  sni-qt: StatusNotifierItem (AppIndicators) support
Conflicts With  : qt
Replaces        : qt<=4.8.4
Download Size   : 20.89 MiB
Installed Size  : 84.71 MiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Tue 25 Apr 2017 12:53:54 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Hello,

Could it be possible to add this package :

qpdfview

“A tabbed PDF viewer using the poppler library.”

https://www.parabola.nu/packages/community/x86_64/qpdfview/

License : GPL2

Thanks

Description:

extra/qpdf 6.0.0-2
    QPDF: A Content-Preserving PDF Transformation System

The description is vague.

See:
https://www.gnu.org/philosophy/words-to-avoid.html#Content

Description:

community/qlandkartegt 1.8.1-8
     Use your GPS with Linux

See:
https://www.gnu.org/philosophy/words-to-avoid.html#Linux

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

I cannot start qemu (2.9.0-1) on latest hyperbola stable release.

Error message : qemu-system-x86_64: error while loading shared libraries: libseccomp.so.2

Thanks for your help

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug
https://www.openwall.com/lists/oss-security/2018/12/13/4

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem
manipulation in Media Transfer Protocol (MTP)
https://www.openwall.com/lists/oss-security/2018/12/13/11

Patches included at above URLs.

Description:

• Fix package name to qbittorrent-headless that is the correct name for packages without graphical user interface support. nox suffix is incorrect because Hyperbola supports Wayland too, not only X.Org.

Additional info:
* package version(s)

• 3.3.11-1

* config and/or log files etc.

Steps to reproduce:

• None

Request for :

qarte

“Allow you to browse into the archive of arte+7 & arteLiveWeb sites and to record your prefered videos.”

https://aur.archlinux.org/packages/qarte

License : GPL3

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si python
Repository      : extra
Name            : python
Version         : 3.6.1-1
Description     : Next generation of the python high-level scripting language
Architecture    : x86_64
URL             : http://www.python.org/
Licenses        : custom
Groups          : None
Provides        : python3
Depends On      : expat  bzip2  gdbm  openssl  libffi  zlib
Optional Deps   : python-setuptools
                  python-pip
                  sqlite
                  mpdecimal: for decimal
                  xz: for lzma
                  tk: for tkinter
Conflicts With  : None
Replaces        : python3
Download Size   : 33.19 MiB
Installed Size  : 124.78 MiB
Packager        : Felix Yan <felixonmars@archlinux.org>
Build Date      : Sun 26 Mar 2017 01:29:51 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Description:

• replace deprecated Python 2 to Tauthon for Canis Major

Additional info:

• python 2.7.14-2.hyperbola1
• Python 2.7 is the end of the Python 2 line of development. [0]
• There never will be an official Python 2.8 release.

Steps to reproduce:

• Broken python2 packages.

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si python2
Repository      : extra
Name            : python2
Version         : 2.7.13-2
Description     : A high-level scripting language
Architecture    : x86_64
URL             : http://www.python.org/
Licenses        : PSF
Groups          : None
Provides        : None
Depends On      : bzip2  gdbm  openssl  zlib  expat  sqlite  libffi
Optional Deps   : tk: for IDLE
                  python2-setuptools
                  python2-pip
Conflicts With  : python<3
Replaces        : None
Download Size   : 10.81 MiB
Installed Size  : 71.38 MiB
Packager        : Pierre Schmitz <pierre@archlinux.de>
Build Date      : Sat 11 Feb 2017 08:29:35 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3→Malloc→Thread1→Free’s→Thread2-Re-uses-Free’d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.

https://security-tracker.debian.org/tracker/CVE-2018-1000030

This package contains vague terminology “Open Source”:

community/python2-tornado 4.5.1-1 [installed]
    open source version of the scalable, non-blocking web server and tools

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

free software version of the scalable, non-blocking web server and tools

This package contains vague terminology “Open Source”:

community/python2-scipy 0.19.0-1 [installed]
    SciPy is open-source software for mathematics, science, and engineering.

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

SciPy is free software for mathematics, science, and engineering.

Since python-pip and python2-pip have been removed, I can’t install python2-reportlab because python2-pip is a dependency of this package.
.

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si python2-pyopenssl
Repository      : extra
Name            : python2-pyopenssl
Version         : 17.0.0-1
Description     : Python2 wrapper module around the OpenSSL library
Architecture    : any
URL             : http://pypi.python.org/pypi/pyOpenSSL
Licenses        : LGPL2.1
Groups          : None
Provides        : None
Depends On      : openssl  python2-six  python2-cryptography
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 69.85 KiB
Installed Size  : 556.00 KiB
Packager        : Felix Yan <felixonmars@archlinux.org>
Build Date      : Sat 22 Apr 2017 02:17:19 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Description:

community/python2-pyinotify 0.9.6-3 [installed]
     Python module used for monitoring filesystems events on Linux platforms with inotify.
 community/qlandkartegt 1.8.1-8

See:
https://www.gnu.org/philosophy/words-to-avoid.html#Linux

Description:

community/python2-pam 0.1.4-3 [installed]
     Module that provides an authenticate function that allows the caller to authenticate a given username / password against the PAM sy stem on Linux.

See:
https://www.gnu.org/philosophy/words-to-avoid.html#Linux

Rebuild package against libressl, since it depends on openssl-1.0.

$ pacman -Si python2-m2crypto
Repository      : community
Name            : python2-m2crypto
Version         : 0.24.0-3
Description     : A crypto and SSL toolkit for Python
Architecture    : x86_64
URL             : https://pypi.python.org/pypi/M2Crypto
Licenses        : BSD
Groups          : None
Provides        : None
Depends On      : python2  openssl-1.0
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 197.71 KiB
Installed Size  : 1298.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Wed 05 Apr 2017 08:08:30 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

community/python2-biopython 1.69-1
    Freely available Python tools for computational molecular biology

See:
https://www.gnu.org/philosophy/words-to-avoid.html#FreelyAvailable

Don’t use “freely available software” as a synonym for “free software.” The terms are not equivalent. Software is “freely available” if anyone can easily get a copy. “Free software” is defined in terms of the freedom of users that have a copy of it. These are answers to different questions.

This package contains vague terminology “Open Source”:

community/python-tornado 4.5.1-1 [installed]
    open source version of the scalable, non-blocking web server and tools

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

free software version of the scalable, non-blocking web server and tools

This package contains vague terminology “Open Source”:

community/python-scipy 0.19.0-1
    SciPy is open-source software for mathematics, science, and engineering.

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

SciPy is free software for mathematics, science, and engineering.

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si python-pyopenssl
Repository      : extra
Name            : python-pyopenssl
Version         : 17.0.0-1
Description     : Python3 wrapper module around the OpenSSL library
Architecture    : any
URL             : http://pypi.python.org/pypi/pyOpenSSL
Licenses        : LGPL2.1
Groups          : None
Provides        : pyopenssl
Depends On      : openssl  python-six  python-cryptography
Optional Deps   : None
Conflicts With  : pyopenssl
Replaces        : pyopenssl
Download Size   : 71.49 KiB
Installed Size  : 507.00 KiB
Packager        : Felix Yan <felixonmars@archlinux.org>
Build Date      : Sat 22 Apr 2017 02:17:19 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature