New versión v2.2.7

References:

• https://github.com/apple/cups/releases/tag/v2.2.7
• https://security-tracker.debian.org/tracker/source-package/cups
• https://debian.simnet.is/debian/pool/main/c/cups/cups_2.2.7-3.debian.tar.xz

Hello,

Would it be possible to get a package bump for mpv ?

Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use.
0.29.* requires a ffmpeg to 4.x series as well.

Thanks.

Description:

From official PHP page, our php 7.1 is out of support and security

Our package :
https://www.hyperbola.info/packages/extra/x86_64/php/

PHP page :
https://www.php.net/supported-versions.php

Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.

https://security-tracker.debian.org/tracker/CVE-2018-6951

Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/

https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now

Description:

• replace deprecated Python 2 to Tauthon for Canis Major

Additional info:

• python 2.7.14-2.hyperbola1
• Python 2.7 is the end of the Python 2 line of development. [0]
• There never will be an official Python 2.8 release.

Steps to reproduce:

• Broken python2 packages.

The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.

Description:
idk what to do with it i add the PKGBUILD but this new extension needs to be checked left or patched,
https://git.hyperbola.info:50100/~team/packages/extra.git/plain/midori/PKGBUILD?h=rachad

Additional info:
* package version(9.0)

important links to check:
* https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions * https://github.com/midori-browser/core/issues/244

PKGBUILD

# $Id: PKGBUILD 187611 2016-08-26 15:44:01Z bisson $
# Contributor: lp76 <l.peduto@gmail.com>
# Contributor: Daenyth <Daenyth+Arch AT gmail DOT com>
# Maintainer: Gaetan Bisson <bisson@archlinux.org>

pkgname=ncdu
pkgver=1.12
pkgrel=1.hyperbola1
pkgdesc='Disk usage analyzer with an ncurses interface'
url='https://dev.yorhel.nl/ncdu'
license=('custom:MIT')
depends=('ncurses')
arch=('i686' 'x86_64')
validpgpkeys=('74460D32B80810EBA9AFA2E962394C698C2739FA')
source=("https://dev.yorhel.nl/download/${pkgname}-${pkgver}.tar.gz"{,.asc})
sha512sums=('20620dd79d2af878442769e097f13806f64f23875dcb85ebccd573a3de43aba5663d496049b64015d13f9a79d624298032c008ef61dfb6f61d8b12902b8dca12'
            'SKIP')

build() {
    cd "${srcdir}/${pkgname}-${pkgver}"
    ./configure --prefix=/usr
    make
}

package() {
    cd "${srcdir}/${pkgname}-${pkgver}"
    make DESTDIR="${pkgdir}" install
    install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}

community/wireshark-cli 2.2.6-1
    a free network protocol analyzer for Unix/Linux and Windows - CLI version
community/wireshark-common 2.2.6-1
    Common files used by wireshark-gtk and wireshark-qt
community/wireshark-gtk 2.2.6-1
    a free network protocol analyzer for Unix/Linux and Windows - GTK frontend
community/wireshark-qt 2.2.6-1
    a free network protocol analyzer for Unix/Linux and Windows - Qt frontend

It’s better to change to a more neutral description such as “a cross-platform network protocol analyzer - CLI/GTK/Qt version”.

This package contains vague terminology “Open Source”:

extra/aiksaurus 1.2.1-5
    A cross-platform, open-source thesaurus

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

A cross-platform, free-software thesaurus

This package contains vague terminology “Open Source”:

extra/assimp 3.3.1-1
    Portable Open Source library to import various well-known 3D model formats in an uniform manner

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

Portable Free Software library to import various well-known 3D model formats in an uniform manner

This package contains vague terminology “Open Source”:

extra/cmake 3.8.0-1
    A cross-platform open-source make system

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

A cross-platform free-software make system

This package contains vague terminology “Open Source”:

extra/gstreamer 1.12.0-1
    GStreamer open-source multimedia framework core library

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

GStreamer free-software multimedia framework core library

This package contains vague terminology “Open Source”:

extra/java-openjfx 8.u121-1
    Java OpenJFX 8 client application platform (open-source implementation of JavaFX)

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

Java OpenJFX 8 client application platform (free-software implementation of JavaFX)

This package contains vague terminology “Open Source”:

extra/java-openjfx-doc 8.u121-1
    Java OpenJFX 8 client application platform (open-source implementation of JavaFX) - documentation

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

Java OpenJFX 8 client application platform (free-software implementation of JavaFX) - documentation

This package contains vague terminology “Open Source”:

extra/java-openjfx-src 8.u121-1
    Java OpenJFX 8 client application platform (open-source implementation of JavaFX) - sources

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

Java OpenJFX 8 client application platform (free-software implementation of JavaFX) - sources

This package contains vague terminology “Open Source”:

extra/kdegames-kigo 17.04.0-1 (kde-applications kdegames)
    An open-source implementation of the popular Go game

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

A free-software implementation of the popular Go game

This package contains vague terminology “Open Source”:

extra/libgdiplus 4.2-1
    An Open Source Implementation of the GDI+ API

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

A Free Software Implementation of the GDI+ API

This package contains vague terminology “Open Source”:

extra/libical 2.0.0-2
    An open source reference implementation of the icalendar data type and serialization format

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

A free software reference implementation of the icalendar data type and serialization format

This package contains vague terminology “Open Source”:

extra/liblouis 3.0.0-2
    Open-source braille translator and back-translator

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

Free-software braille translator and back-translator

This package contains vague terminology “Open Source”:

extra/libofa 0.9.3-6
    An open-source audio fingerprint by MusicIP

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

A free-software audio fingerprint by MusicIP

This package contains vague terminology “Open Source”:

extra/libomxil-bellagio 0.9.3-1
    An opensource implementation of the OpenMAX Integration Layer API

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

A free software implementation of the OpenMAX Integration Layer API