|
Any | Update Request | Medium | Medium | [cups] update request | Closed | |
Task Description
New versión v2.2.7
References:
|
|
Any | Update Request | Very Low | High | [mpv] request for package bump | Closed | |
Task Description
Hello,
Would it be possible to get a package bump for mpv ?
Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use. 0.29.* requires a ffmpeg to 4.x series as well.
Thanks.
|
|
Any | Update Request | Medium | High | [php] is out of date/support | Closed | |
Task Description
Description:
From official PHP page, our php 7.1 is out of support and security
Our package : https://www.hyperbola.info/packages/extra/x86_64/php/
PHP page : https://www.php.net/supported-versions.php
|
|
Any | Security Issue | Medium | Medium | [openssh] CVE-2018-15919 | Closed | |
Task Description
Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919
|
|
Any | Security Issue | Very Low | Medium | [patch] CVE-2018-6951 - NULL pointer DoS | Closed | |
Task Description
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.
https://security-tracker.debian.org/tracker/CVE-2018-6951
|
|
Any | Security Issue | Very Low | Critical | [opensmtpd] CVE-2020-8794 | Closed | |
Task Description
Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/
Qualys Security Advisory
LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)
Summary Analysis ... Acknowledgments
We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This vulnerability, an out-of-bounds read introduced in December 2015 (commit 80c6a60c, “when peer outputs a multi-line response ...”), is exploitable remotely and leads to the execution of arbitrary shell commands: either as root, after May 2018 (commit a8e22235, “switch smtpd to new grammar”); or as any non-root user, before May 2018.
Because this vulnerability resides in OpenSMTPD’s client-side code (which delivers mail to remote SMTP servers), we must consider two different scenarios:
- Client-side exploitation: This vulnerability is remotely exploitable
in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.
- Server-side exploitation: First, the attacker must connect to the
OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).
We developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the first vulnerable release), Debian 10 (stable), Debian 11 (testing), and Fedora 31.
The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”
|
|
Any | Security Issue | Very High | Critical | [grub2] UEFI SecureBoot vulnerability + multiple flaws ... | Closed | |
Task Description
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/
https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now
|
|
Any | Replace Request | High | Critical | [python2] replace deprecated Python 2 to Tauthon | Closed | |
Task Description
Description:
replace deprecated Python 2 to Tauthon for Canis Major
Additional info:
Steps to reproduce:
|
|
Any | Privacy Issue | Very Low | Critical | [bleachbit] needs to be adapted to UXP applications | Closed | |
Task Description
The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.
|
|
Any | Privacy Issue | Medium | High | midori new Support for cross-browser web extensions | Closed | |
Task Description
Description: idk what to do with it i add the PKGBUILD but this new extension needs to be checked left or patched, https://git.hyperbola.info:50100/~team/packages/extra.git/plain/midori/PKGBUILD?h=rachad
Additional info: * package version(9.0)
important links to check: * https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions * https://github.com/midori-browser/core/issues/244
|
|
Any | Implementation Request | Medium | Medium | [ncdu] add new package | Closed | |
Task Description
PKGBUILD
# $Id: PKGBUILD 187611 2016-08-26 15:44:01Z bisson $
# Contributor: lp76 <l.peduto@gmail.com>
# Contributor: Daenyth <Daenyth+Arch AT gmail DOT com>
# Maintainer: Gaetan Bisson <bisson@archlinux.org>
pkgname=ncdu
pkgver=1.12
pkgrel=1.hyperbola1
pkgdesc='Disk usage analyzer with an ncurses interface'
url='https://dev.yorhel.nl/ncdu'
license=('custom:MIT')
depends=('ncurses')
arch=('i686' 'x86_64')
validpgpkeys=('74460D32B80810EBA9AFA2E962394C698C2739FA')
source=("https://dev.yorhel.nl/download/${pkgname}-${pkgver}.tar.gz"{,.asc})
sha512sums=('20620dd79d2af878442769e097f13806f64f23875dcb85ebccd573a3de43aba5663d496049b64015d13f9a79d624298032c008ef61dfb6f61d8b12902b8dca12'
'SKIP')
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
./configure --prefix=/usr
make
}
package() {
cd "${srcdir}/${pkgname}-${pkgver}"
make DESTDIR="${pkgdir}" install
install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}
|
|
Any | Freedom Issue | Very Low | Low | [wireshark*] mentions non-free OSes in pacman descripti ... | Closed | |
Task Description
community/wireshark-cli 2.2.6-1
a free network protocol analyzer for Unix/Linux and Windows - CLI version
community/wireshark-common 2.2.6-1
Common files used by wireshark-gtk and wireshark-qt
community/wireshark-gtk 2.2.6-1
a free network protocol analyzer for Unix/Linux and Windows - GTK frontend
community/wireshark-qt 2.2.6-1
a free network protocol analyzer for Unix/Linux and Windows - Qt frontend
It’s better to change to a more neutral description such as “a cross-platform network protocol analyzer - CLI/GTK/Qt version”.
|
|
Any | Freedom Issue | Medium | Low | [aiksaurus] vague terminology "Open Source" in descript ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/aiksaurus 1.2.1-5
A cross-platform, open-source thesaurus
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A cross-platform, free-software thesaurus
|
|
Any | Freedom Issue | Medium | Low | [assimp] vague terminology "Open Source" in description ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/assimp 3.3.1-1
Portable Open Source library to import various well-known 3D model formats in an uniform manner
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Portable Free Software library to import various well-known 3D model formats in an uniform manner
|
|
Any | Freedom Issue | Medium | Low | [cmake] vague terminology "Open Source" in description ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/cmake 3.8.0-1
A cross-platform open-source make system
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A cross-platform free-software make system
|
|
Any | Freedom Issue | Medium | Low | [gstreamer] vague terminology "Open Source" in descript ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/gstreamer 1.12.0-1
GStreamer open-source multimedia framework core library
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
GStreamer free-software multimedia framework core library
|
|
Any | Freedom Issue | Medium | Low | [java-openjfx] vague terminology "Open Source" in descr ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/java-openjfx 8.u121-1
Java OpenJFX 8 client application platform (open-source implementation of JavaFX)
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Java OpenJFX 8 client application platform (free-software implementation of JavaFX)
|
|
Any | Freedom Issue | Medium | Low | [java-openjfx-doc] vague terminology "Open Source" in d ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/java-openjfx-doc 8.u121-1
Java OpenJFX 8 client application platform (open-source implementation of JavaFX) - documentation
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Java OpenJFX 8 client application platform (free-software implementation of JavaFX) - documentation
|
|
Any | Freedom Issue | Medium | Low | [java-openjfx-src] vague terminology "Open Source" in d ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/java-openjfx-src 8.u121-1
Java OpenJFX 8 client application platform (open-source implementation of JavaFX) - sources
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Java OpenJFX 8 client application platform (free-software implementation of JavaFX) - sources
|
|
Any | Freedom Issue | Medium | Low | [kdegames-kigo] vague terminology "Open Source" in desc ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/kdegames-kigo 17.04.0-1 (kde-applications kdegames)
An open-source implementation of the popular Go game
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A free-software implementation of the popular Go game
|
|
Any | Freedom Issue | Medium | Low | [libgdiplus] vague terminology "Open Source" in descrip ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/libgdiplus 4.2-1
An Open Source Implementation of the GDI+ API
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A Free Software Implementation of the GDI+ API
|
|
Any | Freedom Issue | Medium | Low | [libical] vague terminology "Open Source" in descriptio ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/libical 2.0.0-2
An open source reference implementation of the icalendar data type and serialization format
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A free software reference implementation of the icalendar data type and serialization format
|
|
Any | Freedom Issue | Medium | Low | [liblouis] vague terminology "Open Source" in descripti ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/liblouis 3.0.0-2
Open-source braille translator and back-translator
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Free-software braille translator and back-translator
|
|
Any | Freedom Issue | Medium | Low | [libofa] vague terminology "Open Source" in description ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/libofa 0.9.3-6
An open-source audio fingerprint by MusicIP
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A free-software audio fingerprint by MusicIP
|
|
Any | Freedom Issue | Medium | Low | [libomxil-bellagio] vague terminology "Open Source" in ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/libomxil-bellagio 0.9.3-1
An opensource implementation of the OpenMAX Integration Layer API
According to: https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here: https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A free software implementation of the OpenMAX Integration Layer API
|
|
Any | Freedom Issue | Medium | Low | [libupnp] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [mlt] vague terminology "Open Source" in description of ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [mlt-python-bindings] vague terminology "Open Source" i ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [opencore-amr] vague terminology "Open Source" in descr ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [openjpeg] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [openjpeg2] vague terminology "Open Source" in descript ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [rhino] vague terminology "Open Source" in description ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [sofia-sip] vague terminology "Open Source" in descript ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [swt] vague terminology "Open Source" in description of ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [tomcat7] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [tomcat8] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [unixodbc] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [wildmidi] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [x265] vague terminology "Open Source" in description o ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [xapian-core] vague terminology "Open Source" in descri ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [xsd] vague terminology "Open Source" in description of ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [xvidcore] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [ode] vague terminology "Open Source" in description of ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [libspnav] vague terminology "Alternative" in descripti ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [kdb] vague terminology "Vendor" in description of pack ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [publicsuffix-list] vague terminology "Vendor" in descr ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | [qpdf]: using "Content" in description | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | [webkitgtk]: using "content" in description | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | [antiword]: referring to kernel name, when it should to ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | [clamtk]: referring to kernel name, instead of operatin ... | Closed | |
|