All Projects

Project Category Task Type  desc Priority Severity Summary Status Progress
PackagesAnySecurity IssueVery HighCritical [libressl] add package as OpenSSL replacement and defau ...Closed
100%
Task Description

LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.

It was forked from the OpenSSL in April 2014 as a response by OpenBSD developers to the Heartbleed security vulnerability in OpenSSL, [4] [5] [6] [7] with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. [8]

As LibreSSL follow the same goals than Hyperbola Packaging Guidelines in stability and security concerns, it should be the default provider of SSL and TLS protocols for Hyperbola Project.

PackagesAnySecurity IssueVery HighCritical [avahi] blacklist package since it's a zeroconf impleme ...Closed
100%
Task Description

Avahi is a zero-configuration networking implementation that contains critical security issues because mDNS operates under a different trust model than unicast DNS trusting the entire network rather than a designated DNS server, it is vulnerable to spoofing attacks by any system within the multicast IP range. Like SNMP and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines. [0]

Since it violates the Hyperbola Social Contract , Avahi should be blacklisted.

PackagesAnySecurity IssueHighCritical [geth] possible denial of service attacks "DoS Attack" Closed
100%
Task Description

Geth 1.6.x contains possible denial of service attacks “DoS Attack”, however it has been solved in 1.7.2 [0] instead. Since 1.6.x needs many modifications spread across multiple files of the code and it is inefficient to be backported, the newer version (eg. 1.7.x) could replace the current version package as exception, but repackaged with the appropriate suffix “-backports”.

PackagesAnySecurity IssueVery HighCritical [vlc] CVE-2017-17670 Closed
100%
Task Description

Description:

  • In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

Additional info:
* package version(s)

  • 2.2.6-1.hyperbola1

* config and/or log files etc.

  • None

Steps to reproduce:

  • Run VLC
PackagesAnySecurity IssueVery HighCritical [vlc] CVE-2018-11529 Closed
100%
Task Description

Description:

  • VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Additional info:
* package version(s)

  • 2.2.6-1.hyperbola1

* config and/or log files etc.

  • None

Steps to reproduce:

  • Run VLC
PackagesAnyPrivacy IssueVery HighCritical [libreoffice*] contains Google API keys Closed
100%
Task Description

Libreoffice contains Google API keys which affects privacy.

PackagesAnyPrivacy IssueVery HighCritical [cutegram] only useful with Telegram service Closed
100%
Task Description

Description:
Cutegram is a Telegram client. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si cutegram
Repository      : community
Name            : cutegram
Version         : 2.7.1-3
Description     : A different telegram client from Aseman team
Architecture    : x86_64
URL             : http://aseman.co/en/products/cutegram/
Licenses        : GPL
Groups          : None
Provides        : cutegram
Depends On      : qt5-imageformats  qt5-webkit  telegramqml>=0.9.1  libqtelegram-ae>=3:6.1
Optional Deps   : gst-plugins-bad: audio support
                  gst-plugins-good: audio and notification sound
Conflicts With  : cutegram-git  sigram-git  sigram  cutegram
Replaces        : cutegram-cn
Download Size   : 12.03 MiB
Installed Size  : 17.07 MiB
Packager        : Jiachen Yang <farseerfc@gmail.com>
Build Date      : Mon 25 Jan 2016 05:59:04 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyPrivacy IssueVery HighCritical [libqtelegram-ae] only useful with Telegram service Closed
100%
Task Description

Description:
libqtelegram-ae is Telegram library written in Qt based on telegram-cli code. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si libqtelegram-ae
Repository      : community
Name            : libqtelegram-ae
Version         : 3:6.1-4
Description     : Telegram library written in Qt based on telegram-cli code
Architecture    : x86_64
URL             : https://launchpad.net/libqtelegram
Licenses        : GPL3
Groups          : None
Provides        : None
Depends On      : qt5-base  qt5-multimedia
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 431.27 KiB
Installed Size  : 1999.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Wed 05 Apr 2017 07:16:39 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyPrivacy IssueVery HighCritical [telegram-qt] only useful with Telegram service Closed
100%
Task Description

Description:
TelegramQt is a Telegram binding for Qt. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si telegram-qt
Repository      : community
Name            : telegram-qt
Version         : 0.1.0-2
Description     : Qt bindings for the Telegram protocol
Architecture    : x86_64
URL             : https://github.com/Kaffeine/telegram-qt
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : qt5-base
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 204.80 KiB
Installed Size  : 747.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Sat 18 Feb 2017 06:49:55 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyPrivacy IssueVery HighCritical [telegramqml] only useful with Telegram service Closed
100%
Task Description

Description:
TelegramQML are Telegram API tools for QtQml and Qml. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si telegramqml
Repository      : community
Name            : telegramqml
Version         : 0.9.2-2
Description     : Telegram API tools for QtQml and Qml
Architecture    : x86_64
URL             : https://github.com/Aseman-Land/TelegramQML
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : qt5-webkit  qt5-imageformats  qt5-graphicaleffects  qt5-quickcontrols  libqtelegram-ae
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 401.03 KiB
Installed Size  : 1905.00 KiB
Packager        : Jiachen Yang <farseerfc@gmail.com>
Build Date      : Mon 25 Jan 2016 05:46:59 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyPrivacy IssueVery HighCritical [telepathy-morse] only useful with Telegram service Closed
100%
Task Description

Description:
Telepathy-Morse is a Qt-based Telegram connection manager for the Telepathy framework. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si telepathy-morse
Repository      : community
Name            : telepathy-morse
Version         : 0.1.0-1
Description     : Telepathy Connection Manager for the Telegram network
Architecture    : x86_64
URL             : https://github.com/TelepathyQt/telepathy-morse
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : telepathy-qt5  telegram-qt
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 90.80 KiB
Installed Size  : 351.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Fri 16 Sep 2016 11:49:33 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnyPrivacy IssueVery HighCritical [telepathy-kde-accounts-kcm] recommends Telepathy-Morse ...Closed
100%
Task Description

Description:
telepathy-kde-accounts-kcm contains the telepathy-morse package in its optdepends array. It should be removed since Telepathy-Morse provides support for Telegram, a nonfree server-side service that requires accounts tied to telephone numbers.

Additional info:

$ pacman -Si telepathy-kde-accounts-kcm
Repository      : extra
Name            : telepathy-kde-accounts-kcm
Version         : 17.04.0-1
Description     : KCM Module for configuring Telepathy Instant Messaging Accounts
Architecture    : x86_64
URL             : https://community.kde.org/Real-Time_Communication_and_Collaboration
Licenses        : GPL
Groups          : kde-applications  kdenetwork  telepathy-kde
Provides        : None
Depends On      : telepathy-qt  kaccounts-providers
Optional Deps   : telepathy-gabble: XMPP/Jabber accounts support
                  telepathy-haze: account types supported by Pidgin/libpurple
                  telepathy-morse: Telegram accounts support
                  telepathy-salut: link-local XMPP account support
Conflicts With  : None
Replaces        : None
Download Size   : 334.86 KiB
Installed Size  : 2111.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Sat 15 Apr 2017 06:47:59 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
Software DevelopmentHyperBKImplementation RequestVery HighCriticalDevelop a BSD descendant kernel for HyperbolaBSDIn Progress
30%
Task Description

Develop HyperBK (Hyper Berkeley Kernel), a BSD descendant kernel with GPL-compatible licenses preserved, non-compatible ones removed, and new code written under GPL-3 for HyperbolaBSD.

TODO:

  • Download OpenBSD kernel source code from OpenBSD siteDONE
  • Download LibertyBSD scripts to deblob and rebrand kernel from their scripts. → DONE
  • Push source to HyperBK’s project. → DONE
  • Rebrand OpenBSD kernel to HyperbolaBSD with LibertyBSD scripts. → DONE
  • Rebrand entire code (functions, variable, pointers, etc) under HyperbolaBSD → DONE
  • Remove files under non GPL-compatible licenses → DONE
  • Import code from another BSD systems under GPL-compatible licenses → IN PROGRESS
  • Write new code under GPL-3 → IN PROGRESS
  • Package HyperBK for HyperbolaBSD.

PATCHING NOTE

When the check concerns kernel, we obviously want to match with HyperbolaBSD.

Example of triplet check:	hyperbolabsd)
Example of uname -s check:	HyperbolaBSD)
Example of uname -r check:	0.1)
Example of C macro check:	defined(__HyperbolaBSD__)
Software DevelopmentGeneralImplementation RequestVery HighCritical POWER (ppc64le) porting Closed
100%
Task Description

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and the Power9-based Talos II promises to be a great architecture example for workstations and servers environments where Hyperbola is focused since is a fully free long-term support distribution.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the POWER architecture (power64le).

NOTE: POWER porting is focused only for Hyperbola GNU/Linux-libre .

Software DevelopmentGeneralImplementation RequestDeferCritical RISC-V (riscv64) porting + multilib support Closed
100%
Task Description

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and RISC-V promises to be a great architecture example for low-power computers, laptops and embedded systems, also as ARM architecture replacement.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the RISC-V architecture (riscv64) with multilib support.

NOTE: RISC-V porting is focused only for Hyperbola GNU/Linux-libre .

Software DevelopmentGeneralImplementation RequestMediumHigh Develop GNU/HyperBK patchset Closed
100%
Task Description

Develop GNU/HyperBK patchset for toolchain (Glibc, Binutils and GCC) and packages.

PATCHING NOTE

Make sure the definitions are not simply duplicated from GNU/Linux' because that will eventually result in
out-of-sync definitions that break for us.

Example of triplet check:	linux*-gnu | gnu* | hyperbk-gnu)
Example of uname check:		Linux|GNU|GNU/*)
Example of C macro check:	defined(__linux__) || defined(__GNU__) || defined(__GLIBC__)
				[note: GNU/Hurd defines __GNU__, and GNU/HyperBK define __GLIBC__ as hardcoded macro]
Example of makefile check:	ifneq (, $(filter Linux GNU GNU_%, $(shell uname -s)))
				[note1: findstring matches subwords, use filter instead]
				[note2: list must be the first parameter, otherwise matching fails]
				[note3: "%" is make's wildcard]
Software DevelopmentGeneralImplementation RequestVery HighHigh Port Icedove to UXP platform Closed
100%
Task Description

Description:
Historically, Icedove was a re-branding of Mozilla Thunderbird by the Debian project, with minimal modifications, in order to resolve branding disputes. Debian since discontinued Icedove after reaching an agreement with Mozilla over the use of it’s trademark.

Otherwise, new Thunderbird will use Quantum, a platform that contains numerous privacy, freedom, and trademark issues, in addition to an ever expanding Google Chromium code base which breaks compatibility with previous versions. Therefore, i suggest port our current Icedove from the deprecated XUL platform to UXP one like our Iceweasel-UXP.

TODO list:

  • Remove SSL Error Reporting telemetry from installer/package-manifest.in. [0]
  • Add missing emoji browser/fonts/”TwemojiMozilla.ttf” library to UXP sources
  • Change Icedove-UXP logo typeface from the non-free “Libertad Book” to free “DejaVU Sans”.
  • Rename Icedove to Icedove-UXP in logo typeface.
  • Check “Thunderbird” remaining references.
  • Fix/adapt confvars.sh to UXP-based applications. (eg. MOZ_APP_VERSION=52.9.`date –utc ‘+%Y%m%d’`)
Software DevelopmentGeneralImplementation RequestVery HighHigh Port Iceape to UXP platform  Closed
100%
Task Description

Description:
Historically, Iceape was a re-branding of Seamonkey by the Debian project, with minimal modifications, in order to resolve branding disputes.

As of December 2013 , Iceape was no longer being maintained by the Debian project and users were encouraged to migrate to other alternatives for security patches.

However, since Seamonkey is being maintained from Thunderbird source and Hyperbola is porting Icedove to UXP platform , it could be built on the UXP platform which contains multiple security and privacy improvements.

TODO list:

  • Change Iceape-UXP logo typeface from the non-free “Libertad Book” to free “DejaVU Sans”.
  • Rename Iceape to Iceape-UXP in logo typeface.
  • Check “Seamonkey” remaining references.
  • Fix/adapt confvars.sh to UXP-based applications. (eg. MOZ_APP_VERSION=52.9.`date –utc ‘+%Y%m%d’`)
ServicesFlyspray BrandingImplementation RequestMediumMedium Add Hyperbola branding to HyperTask Closed
100%
Task Description

Add Hyperbola branding to HyperTask such as HyperWiki and HyperForum for prolixity reasons.

PackagesAnyImplementation RequestMediumMedium [wine-stable] add package Closed
100%
Task Description

Add Wine stable version (2.x) as default Wine package.

Software DevelopmentIceweasel-UXPImplementation RequestDeferLow Swiftweasel-UXP theme for Iceweasel-UXP Closed
100%
Task Description

Description:
Historically, Swiftweasel was a Firefox-based application built on XUL platform around 2007 and abandoned in 2010. It was optimized for several architectures using the following methods such as the Profile-Guided Optimization (PGO) and binary code optimization for computers with limited resources.

Since there are users encouraging us develop a Palemoon-based application , and Swiftweasel contains non-trademarked graphics and logos, we could port Swiftweasel to UXP platform as theme for Iceweasel-UXP.

Software DevelopmentIcedove-UXPImplementation RequestDeferLow Swiftdove-UXP theme for Icedove-UXP Closed
100%
Task Description

Description:
Historically, Swiftdove was a Thunderbird-based application built on XUL platform around 2007 and abandoned in 2010. It was optimized for several architectures using the following methods such as the Profile-Guided Optimization (PGO) and binary code optimization for computers with limited resources.

Since FossaMail may potentially be revived on UXP in the future [0] and Swiftdove contains non-trademarked graphics and logos, we could port Swiftdove to UXP platform as theme for Icedove-UXP.

PackagesAnyImplementation RequestMediumLow [hunspell-pt-br] add new package Closed
100%
Task Description

Description:
Add Brazilian Portuguese grammar, spelling and hyphenation checker to hunspell.

PackagesAnyImplementation RequestMediumLow [hyphen-pt-br] add new package Closed
100%
Task Description

Description:
Add Brazilian Portuguese hyphenation to hunspell.

PackagesAnyFreedom IssueVery HighCritical [warsow] contains Steam support Closed
100%
Task Description

Warsow contains a library called steamlib which is built from the source. It’s useful only for Steam support which is nonfree software.

PackagesAnyFreedom IssueVery HighCritical [man-pages] contains nonfree POSIX manual pages Closed
100%
PackagesAnyFreedom IssueMediumLow [openssl] vague terminology "Open Source" in descriptio ...Closed
100%
PackagesAnyFreedom IssueMediumLow [aiksaurus] vague terminology "Open Source" in descript ...Closed
100%
PackagesAnyFreedom IssueMediumLow [assimp] vague terminology "Open Source" in description ...Closed
100%
PackagesAnyFreedom IssueMediumLow [cmake] vague terminology "Open Source" in description  ...Closed
100%
PackagesAnyFreedom IssueMediumLow [gstreamer] vague terminology "Open Source" in descript ...Closed
100%
PackagesAnyFreedom IssueMediumLow [java-openjfx] vague terminology "Open Source" in descr ...Closed
100%
PackagesAnyFreedom IssueMediumLow [java-openjfx-doc] vague terminology "Open Source" in d ...Closed
100%
PackagesAnyFreedom IssueMediumLow [java-openjfx-src] vague terminology "Open Source" in d ...Closed
100%
PackagesAnyFreedom IssueMediumLow [java-rhino] vague terminology "Open Source" in descrip ...Closed
100%
PackagesAnyFreedom IssueMediumLow [kdegames-kigo] vague terminology "Open Source" in desc ...Closed
100%
PackagesAnyFreedom IssueMediumLow [libgdiplus] vague terminology "Open Source" in descrip ...Closed
100%
PackagesAnyFreedom IssueMediumLow [libical] vague terminology "Open Source" in descriptio ...Closed
100%
PackagesAnyFreedom IssueMediumLow [liblouis] vague terminology "Open Source" in descripti ...Closed
100%
PackagesAnyFreedom IssueMediumLow [libofa] vague terminology "Open Source" in description ...Closed
100%
PackagesAnyFreedom IssueMediumLow [libomxil-bellagio] vague terminology "Open Source" in  ...Closed
100%
PackagesAnyFreedom IssueMediumLow [libupnp] vague terminology "Open Source" in descriptio ...Closed
100%
PackagesAnyFreedom IssueMediumLow [mlt] vague terminology "Open Source" in description of ...Closed
100%
PackagesAnyFreedom IssueMediumLow [mlt-python-bindings] vague terminology "Open Source" i ...Closed
100%
PackagesAnyFreedom IssueMediumLow [opencore-amr] vague terminology "Open Source" in descr ...Closed
100%
PackagesAnyFreedom IssueMediumLow [openjdk7-src] vague terminology "Open Source" in descr ...Closed
100%
PackagesAnyFreedom IssueMediumLow [openjdk8-src] vague terminology "Open Source" in descr ...Closed
100%
PackagesAnyFreedom IssueMediumLow [openjpeg] vague terminology "Open Source" in descripti ...Closed
100%
PackagesAnyFreedom IssueMediumLow [openjpeg2] vague terminology "Open Source" in descript ...Closed
100%
PackagesAnyFreedom IssueMediumLow [openslp] vague terminology "Open Source" in descriptio ...Closed
100%
Showing tasks 1 - 50 of 705 Page 1 of 15

Available keyboard shortcuts

Tasklist

Task Details

Task Editing