|
Packages | Any | Privacy Issue | Very High | Critical | [libreoffice*] contains Google API keys | Closed | |
Task Description
Libreoffice contains Google API keys which affects privacy.
|
|
Packages | Any | Security Issue | Very High | Critical | [libressl] add package as OpenSSL replacement and defau ... | Closed | |
Task Description
LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.
It was forked from the OpenSSL in April 2014 as a response by OpenBSD developers to the Heartbleed security vulnerability in OpenSSL, [4] [5] [6] [7] with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. [8]
As LibreSSL follow the same goals than Hyperbola Packaging Guidelines in stability and security concerns, it should be the default provider of SSL and TLS protocols for Hyperbola Project.
|
|
Packages | Any | Security Issue | Very High | Critical | [avahi] blacklist package since it's a zeroconf impleme ... | Closed | |
Task Description
Avahi is a zero-configuration networking implementation that contains critical security issues because mDNS operates under a different trust model than unicast DNS trusting the entire network rather than a designated DNS server, it is vulnerable to spoofing attacks by any system within the multicast IP range. Like SNMP and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines. [0]
Since it violates the Hyperbola Social Contract , Avahi should be blacklisted.
|
|
Packages | Any | Freedom Issue | Very High | Critical | [warsow] contains Steam support | Closed | |
Task Description
Warsow contains a library called steamlib which is built from the source. It’s useful only for Steam support which is nonfree software.
|
|
Packages | Any | Drop Request | Very High | Critical | [cgmanager] unmaintained and unsupportable | Closed | |
Task Description
The CGManager project has been deprecated in favor of using the kernel’s CGroup Namespace or lxcfs’ simulated cgroupfs.
See https://s3hh.wordpress.com/2016/06/18/whither-cgmanager/ for details.
|
|
Packages | Any | Drop Request | Very High | Critical | [pm-utils] unmaintained and unsupportable | Closed | |
Task Description
pm-utils is no longer maintained from a long time . Therefore, it should be removed from repos since Hyperbola contains an amendment about anti-abandonware through its packaging guidelines .
|
|
Software Development | HyperBK | Implementation Request | Very High | Critical | Develop a BSD descendant kernel for HyperbolaBSD | In Progress | |
Task Description
Develop HyperBK (Hyper Berkeley Kernel), a BSD descendant kernel with GPL-compatible licenses preserved, non-compatible ones removed, and new code written under GPL-3 for HyperbolaBSD.
TODO:
Download OpenBSD kernel source code from OpenBSD site → DONE
Download LibertyBSD scripts to deblob and rebrand kernel from their scripts. → DONE
Remove files under non GPL-compatible licenses → DONE
Import code from another BSD systems under GPL-compatible licenses → IN PROGRESS
Write new code under GPL-3 → IN PROGRESS
PATCHING NOTE
When the check concerns kernel, we obviously want to match with HyperbolaBSD.
Example of triplet check: hyperbolabsd)
Example of uname -s check: HyperbolaBSD)
Example of uname -r check: 0.1)
Example of C macro check: defined(__HyperbolaBSD__)
|
|
Packages | Any | Privacy Issue | Very High | Critical | [cutegram] only useful with Telegram service | Closed | |
Task Description
Description: Cutegram is a Telegram client. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si cutegram
Repository : community
Name : cutegram
Version : 2.7.1-3
Description : A different telegram client from Aseman team
Architecture : x86_64
URL : http://aseman.co/en/products/cutegram/
Licenses : GPL
Groups : None
Provides : cutegram
Depends On : qt5-imageformats qt5-webkit telegramqml>=0.9.1 libqtelegram-ae>=3:6.1
Optional Deps : gst-plugins-bad: audio support
gst-plugins-good: audio and notification sound
Conflicts With : cutegram-git sigram-git sigram cutegram
Replaces : cutegram-cn
Download Size : 12.03 MiB
Installed Size : 17.07 MiB
Packager : Jiachen Yang <farseerfc@gmail.com>
Build Date : Mon 25 Jan 2016 05:59:04 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Privacy Issue | Very High | Critical | [libqtelegram-ae] only useful with Telegram service | Closed | |
Task Description
Description: libqtelegram-ae is Telegram library written in Qt based on telegram-cli code. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si libqtelegram-ae
Repository : community
Name : libqtelegram-ae
Version : 3:6.1-4
Description : Telegram library written in Qt based on telegram-cli code
Architecture : x86_64
URL : https://launchpad.net/libqtelegram
Licenses : GPL3
Groups : None
Provides : None
Depends On : qt5-base qt5-multimedia
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 431.27 KiB
Installed Size : 1999.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Wed 05 Apr 2017 07:16:39 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Privacy Issue | Very High | Critical | [telegram-qt] only useful with Telegram service | Closed | |
Task Description
Description: TelegramQt is a Telegram binding for Qt. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si telegram-qt
Repository : community
Name : telegram-qt
Version : 0.1.0-2
Description : Qt bindings for the Telegram protocol
Architecture : x86_64
URL : https://github.com/Kaffeine/telegram-qt
Licenses : GPL
Groups : None
Provides : None
Depends On : qt5-base
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 204.80 KiB
Installed Size : 747.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Sat 18 Feb 2017 06:49:55 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Privacy Issue | Very High | Critical | [telegramqml] only useful with Telegram service | Closed | |
Task Description
Description: TelegramQML are Telegram API tools for QtQml and Qml. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si telegramqml
Repository : community
Name : telegramqml
Version : 0.9.2-2
Description : Telegram API tools for QtQml and Qml
Architecture : x86_64
URL : https://github.com/Aseman-Land/TelegramQML
Licenses : GPL
Groups : None
Provides : None
Depends On : qt5-webkit qt5-imageformats qt5-graphicaleffects qt5-quickcontrols libqtelegram-ae
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 401.03 KiB
Installed Size : 1905.00 KiB
Packager : Jiachen Yang <farseerfc@gmail.com>
Build Date : Mon 25 Jan 2016 05:46:59 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Privacy Issue | Very High | Critical | [telepathy-morse] only useful with Telegram service | Closed | |
Task Description
Description: Telepathy-Morse is a Qt-based Telegram connection manager for the Telepathy framework. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si telepathy-morse
Repository : community
Name : telepathy-morse
Version : 0.1.0-1
Description : Telepathy Connection Manager for the Telegram network
Architecture : x86_64
URL : https://github.com/TelepathyQt/telepathy-morse
Licenses : GPL
Groups : None
Provides : None
Depends On : telepathy-qt5 telegram-qt
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 90.80 KiB
Installed Size : 351.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Fri 16 Sep 2016 11:49:33 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Privacy Issue | Very High | Critical | [telepathy-kde-accounts-kcm] recommends Telepathy-Morse ... | Closed | |
Task Description
Description: telepathy-kde-accounts-kcm contains the telepathy-morse package in its optdepends array. It should be removed since Telepathy-Morse provides support for Telegram, a nonfree server-side service that requires accounts tied to telephone numbers.
Additional info:
$ pacman -Si telepathy-kde-accounts-kcm
Repository : extra
Name : telepathy-kde-accounts-kcm
Version : 17.04.0-1
Description : KCM Module for configuring Telepathy Instant Messaging Accounts
Architecture : x86_64
URL : https://community.kde.org/Real-Time_Communication_and_Collaboration
Licenses : GPL
Groups : kde-applications kdenetwork telepathy-kde
Provides : None
Depends On : telepathy-qt kaccounts-providers
Optional Deps : telepathy-gabble: XMPP/Jabber accounts support
telepathy-haze: account types supported by Pidgin/libpurple
telepathy-morse: Telegram accounts support
telepathy-salut: link-local XMPP account support
Conflicts With : None
Replaces : None
Download Size : 334.86 KiB
Installed Size : 2111.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Sat 15 Apr 2017 06:47:59 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Packages | Any | Security Issue | Very High | Critical | [vlc] CVE-2017-17670 | Closed | |
Task Description
Description:
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Packages | Any | Security Issue | Very High | Critical | [vlc] CVE-2018-11529 | Closed | |
Task Description
Description:
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Software Development | General | Implementation Request | Very High | Critical | POWER (ppc64le) porting | Closed | |
Task Description
The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .
Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.
For the future of free computing, we need support architectures that do not come with such malware pre-installed, and the Power9-based Talos II promises to be a great architecture example for workstations and servers environments where Hyperbola is focused since is a fully free long-term support distribution.
Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the POWER architecture (power64le).
NOTE: POWER porting is focused only for Hyperbola GNU/Linux-libre .
|
|
Packages | Any | Freedom Issue | Very High | Critical | [man-pages] contains nonfree POSIX manual pages | Closed | |
Task Description
Description:
Arch distributes a version of man-pages with manual pages from the POSIX standard. The man-pages project is permitted to distribute them and Andries Brouwer assumes that re-distribution by vendors is permitted as well. However, modification is definitively not allowed, hence this contribution by The Institute of Electrical and Electronics Engineers and The Open Group render the entire man-pages package nonfree. The way to solve it is remove all nonfree POSIX manual pages from man-pages package.
Additional info: * package version(s)
* config and/or log files etc.
The Institute of Electrical and Electronics Engineers (IEEE) and
The Open Group, have given us permission to reprint portions of
their documentation.
In the following statement, the phrase ``this text'' refers to
portions of the system documentation.
Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1, 2013 Edition, Standard for Information Technology
-- Portable Operating System Interface (POSIX), The Open Group Base
Specifications Issue 7, Copyright (C) 2013 by the Institute of Electri-
cal and Electronics Engineers, Inc and The Open Group. (This is
POSIX.1-2008 with the 2013 Technical Corrigendum 1 applied.) In the
event of any discrepancy between this version and the original IEEE and
The Open Group Standard, the original IEEE and The Open Group Standard
is the referee document. The original Standard can be obtained online
at http://www.unix.org/online.html .
This notice shall appear on any product containing this material.
Redistribution of this material is permitted so long as this notice and
the corresponding notices within each POSIX manual page are retained on
any distribution, and the nroff source is included. Modifications to
the text are permitted so long as any conflicts with the standard
are clearly marked as such in the text.
Steps to reproduce:
|
|
Packages | Any | Security Issue | High | Critical | [geth] possible denial of service attacks "DoS Attack" | Closed | |
Task Description
Geth 1.6.x contains possible denial of service attacks “DoS Attack”, however it has been solved in 1.7.2 [0] instead. Since 1.6.x needs many modifications spread across multiple files of the code and it is inefficient to be backported, the newer version (eg. 1.7.x) could replace the current version package as exception, but repackaged with the appropriate suffix “-backports”.
|
|
Packages | Any | Bug Report | High | Critical | [links][elinks] segmentation fault after start by termi ... | Closed | |
Task Description
Description:
Additional info: * package version(s)
links 2.14-2
elinks 0.13-18
* config and/or log files etc.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4295e43 in strchrnul () from /usr/lib/libc.so.6
[New Thread 0x7ffff4dfb700 (LWP 8393)]
Thread 1 "elinks" received signal SIGSEGV, Segmentation fault.
0x00007ffff5fa3e43 in strchrnul () from /usr/lib/libc.so.6
Steps to reproduce:
|
|
Software Development | General | Implementation Request | Defer | Critical | RISC-V (riscv64) porting + multilib support | Closed | |
Task Description
The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .
Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.
For the future of free computing, we need support architectures that do not come with such malware pre-installed, and RISC-V promises to be a great architecture example for low-power computers, laptops and embedded systems, also as ARM architecture replacement.
Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the RISC-V architecture (riscv64) with multilib support.
NOTE: RISC-V porting is focused only for Hyperbola GNU/Linux-libre .
|
|
Packages | Any | Feature Request | Very High | High | [amule] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of aMule from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info: * package version(s) * config and/or log files etc.
Repository : extra
Name : amule
Version : 10983-2
Description : An eMule-like client for ed2k p2p network
Architecture : x86_64
URL : http://www.amule.org
Licenses : GPL
Groups : None
Provides : None
Depends On : wxgtk gd geoip libupnp crypto++ boost-libs
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 4.84 MiB
Installed Size : 22.65 MiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Mon 23 Jan 2017 08:36:47 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/amuled.service is owned by amule 10983-2
/usr/lib/systemd/system/amuleweb.service is owned by amule 10983-2
Steps to reproduce:
|
|
Packages | Any | Feature Request | Very High | High | [deluge] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of Deluge from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info: * package version(s) * config and/or log files etc.
Repository : extra
Name : deluge
Version : 1.3.14-1
Description : A BitTorrent client with multiple user interfaces in a client/server model
Architecture : any
URL : http://deluge-torrent.org/
Licenses : GPL3
Groups : None
Provides : None
Depends On : python2-xdg libtorrent-rasterbar python2-twisted python2-pyopenssl python2-chardet python2-setuptools
Optional Deps : python2-notify: libnotify notifications
pygtk: needed for gtk ui
librsvg: needed for gtk ui
python2-mako: needed for web ui
Conflicts With : None
Replaces : None
Download Size : 2.26 MiB
Installed Size : 12.20 MiB
Packager : Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Build Date : Tue 07 Mar 2017 12:26:40 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/deluged.service is owned by deluge 1.3.14-1
/usr/lib/systemd/system/deluge-web.service is owned by deluge 1.3.14-1
Steps to reproduce:
|
|
Packages | Any | Feature Request | Very High | High | [gnunet] contains systemd unit file | Closed | |
Task Description
Description:
The Arch version of GNUnet from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info: * package version(s) * config and/or log files etc.
Repository : community
Name : gnunet
Version : 0.10.1-9
Description : A framework for secure peer-to-peer networking
Architecture : x86_64
URL : http://gnunet.org
Licenses : GPL
Groups : None
Provides : None
Depends On : gmp libgcrypt libextractor sqlite gnurl libmicrohttpd libunistring libidn
Optional Deps : bluez-libs
python
glpk
libpulse
opus
Conflicts With : None
Replaces : None
Download Size : 1744.61 KiB
Installed Size : 7046.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Mon 04 Apr 2016 02:33:05 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/gnunet.service is owned by gnunet 0.10.1-9
Steps to reproduce:
|
|
Packages | Any | Feature Request | Very High | High | [mldonkey] contains systemd unit files | Closed | |
Task Description
Description:
The Arch version of MLdonkey from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info: * package version(s) * config and/or log files etc.
Repository : community
Name : mldonkey
Version : 3.1.6-1
Description : A multi-network P2P client
Architecture : x86_64
URL : http://mldonkey.sourceforge.net/
Licenses : GPL
Groups : None
Provides : None
Depends On : file gd miniupnpc libnatpmp
Optional Deps : librsvg: GUI support
gtk2: GUI support
Conflicts With : None
Replaces : None
Download Size : 4.01 MiB
Installed Size : 21.11 MiB
Packager : Anatol Pomozov <anatol.pomozov@gmail.com>
Build Date : Wed 25 Jan 2017 04:13:10 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/mldonkey.service is owned by mldonkey 3.1.6-1
/usr/lib/sysusers.d/mldonkey.conf is owned by mldonkey 3.1.6-1
/usr/lib/tmpfiles.d/mldonkey.conf is owned by mldonkey 3.1.6-1
Steps to reproduce:
|
|
Packages | Any | Feature Request | Very High | High | [timidity++] contains systemd unit file | Closed | |
Task Description
Description:
The Arch version of TiMidity++ from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info: * package version(s) * config and/or log files etc.
Repository : extra
Name : timidity++
Version : 2.14.0-7
Description : A MIDI to WAVE converter and player
Architecture : x86_64
URL : http://timidity.sourceforge.net
Licenses : GPL
Groups : None
Provides : None
Depends On : libao jack
Optional Deps : gtk2: for using the GTK+ interface
tk: for using the Tk interface
xaw3d: for using the Xaw interface
Conflicts With : None
Replaces : None
Download Size : 530.60 KiB
Installed Size : 1431.00 KiB
Packager : Evangelos Foutras <evangelos@foutrelis.com>
Build Date : Thu 10 Sep 2015 12:55:38 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
/usr/lib/systemd/system/timidity.service is owned by timidity++ 2.14.0-7
Steps to reproduce:
|
|
Packages | Any | Feature Request | Very High | High | [wesnoth] contains systemd unit files | Closed | |
|
|
Packages | Any | Feature Request | Very High | High | [sage-notebook] contains systemd unit file | Closed | |
|
|
Packages | Any | Feature Request | Very High | High | [system-config-printer] contains systemd unit file | Closed | |
|
|
Packages | Any | Feature Request | Very High | High | [erlang-nox] contains systemd unit files | Closed | |
|
|
Packages | Any | Feature Request | Very High | High | [motion] contains systemd unit file | Closed | |
|
|
Packages | Any | Feature Request | Very High | High | [pkgfile] contains systemd unit files | Closed | |
|
|
Packages | Any | Feature Request | Very High | High | [tinc] contains systemd unit files | Closed | |
|
|
Software Development | General | Implementation Request | Very High | High | Port Icedove to UXP platform | Closed | |
|
|
Software Development | General | Implementation Request | Very High | High | Port Iceape to UXP platform | Closed | |
|
|
Packages | Any | Feature Request | Very High | High | [pkgfile] contains systemd unit files | Closed | |
|
|
Packages | Any | Feature Request | High | High | [aircrack-ng] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [android-tools] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [apache] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [arch-audit] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [argyllcms] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [axel] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [badvpn] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [bigloo] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [bind] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [bind-tools] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [bip] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [bitcoin-tx] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [boinctui] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [borg] rebuild package against libressl | Closed | |
|
|
Packages | Any | Feature Request | High | High | [cgit] rebuild package against libressl | Closed | |
|