All Projects

ProjectCategoryTask Type  descPrioritySeveritySummaryStatusProgress
PackagesStableUpdate RequestHighHigh[qt5] upgrade Qt project to the 5.6 LTS version, requir...Deferred
0%
Task Description

Cannot mix incompatible Qt library (version 0×50800) with this library (version 0×50904)
Aborted

./Nextcloud-2.3.3-x86_64.AppImage: /usr/lib/libQt5Core.so.5: version `Qt_5.9’ not found (required by /tmp/.mount_NextclpprMnG/usr/bin/../lib/libqt5keychain.so.1

These two packages are directly affected by an older qt5...

Could you update all the qt packages to the LTS version available?

PackagesAnyUpdate RequestMediumHighMake Knock patch for Linux-libre 4.14 LTSUnconfirmed
0%
Task Description

The Knock patches for linux-libre maintained by you at https://git.hyperbola.info:50100/kernels/knock.git/ have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x

However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x

This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.

Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do.
https://github.com/copperhead/linux-hardened/releases

PackagesAnyUpdate RequestVery LowHighufw update/ufw bugUnconfirmed
0%
Task Description

There appears to be a bug with the current version of ufw, 0.35-2

Dunno if updating it would fix it, but it is kind of annoying and possibly security issue.

it says ufw is inactive when I reboot despite it being installed in the runlevel.

PackagesAnyUpdate RequestVery LowHigh[proj]: please update to latest versionUnconfirmed
0%
Task Description

Description:

https://proj4.org/index.html

This package have valuable geodetic applications, and I intend to present Hyperbola GNU/Linux-libre soon in universities and schools in East Africa.

The coordinate system there is not WGS84 and this package only in new version is providing the conversion from East African geographic coordinates to WGS84, and will be very usable in many industrial and private applications.

PackagesAnyUpdate RequestMediumMedium[cups] update requestAssigned
0%
Task Description

New versión v2.2.7

References:

PackagesStableUpdate RequestVery LowMedium[xfe] update package to 1.43.1Researching
0%
Task Description

In the latest version fixes several minor bugs and search file function issue[1].

[1]: http://roland65.free.fr/xfe/ (see 1.43 and 1.43.1 in the news section)

PackagesStableUpdate RequestVery LowMedium[grafx2] update package to 2.6Unconfirmed
0%
Task Description

In the latest version was released on 11th of January 2019, with several new features, improvements and fixes[1].

[1]: http://grafx2.chez.com/index.php?article9/2010s (see version 2.6 for more details in update log)

PackagesAnySecurity IssueVery HighCritical[openssh] CVE-2018-15919Researching
0%
Task Description

Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919

PackagesAnySecurity IssueVery LowCritical[octopi] requires suUnconfirmed
0%
Task Description

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

PackagesAnySecurity IssueHighCritical[octopi] uploads system logs to ptpb.pw without confirm...In Progress
0%
Task Description

Octopi 0.9.0 is uploading system logs to ptpb.pw without confirmation through :

Tools
→ SysInfo → ptpb.pw

I think it should be either disabled or add at least a patch to ask for a confirmation.
An other way could be to patch this :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
256:  return ptpb;

to :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **https://ptpb.pw/", tempFile->fileName());
256:  return ptpb;

This way, you can at least ask for log deletion with the help of log uuid as explained here : https://ptpb.pw/#id10

PackagesAnySecurity IssueVery HighCritical[libssh] CVE-2018-10933Researching
0%
Task Description

Description:
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authentciate
without any credentials.

Additional info:
* package version(s) : extra/libssh 0.7.5-1

CVE

PackagesAnySecurity IssueVery LowCritical[dokuwiki] CVEsUnconfirmed
0%
Task Description

Our current dokuwiki 20170219_b-1 has two serious CVE.

Error message attached after the first installation

PackagesAnySecurity IssueVery LowCritical[tcpreplay] CVEsUnconfirmed
0%
Task Description

A huge number of CVEs have been fixed on 4.3.1 :

CVE-2018-20552
CVE-2018-20553
CVE-2018-18408
CVE-2018-18407
CVE-2018-17974
CVE-2018-17580
CVE-2018-17582
CVE-2018-13112

Current Hyperbola version is 4.2.6

PackagesAnySecurity IssueMediumMedium[cinepaint] unmaintained and unsupportableIn Progress
50%
Task Description

Remove “cinepaint” package since it’s unmaintained and unsupportable. Also, it doesn’t contains any file format support in the latest version (previous version supported multiple file formats).

I suggest use Krita (or Gimp 2.10) to edit 16bit and 32bit file formats or convert with imagemagick/graphicsmagick.

$ pacman -Si cinepaint
Repository      : community
Name            : cinepaint
Version         : 1:1.0.4-5
Description     : Sophisticated graphics manipulation programm supporting > 8bit pictures
Architecture    : x86_64
URL             : http://www.cinepaint.org
Licenses        : LGPL  GPL  MIT
Groups          : None
Provides        : None
Depends On      : gtk2  openexr  lcms  libxpm  fltk  ftgl  libxxf86vm
Optional Deps   : python2: for python plug-ins
                  gutenprint: for print plug-ins
                  ghostscript: for pdf plug-ins
Conflicts With  : None
Replaces        : None
Download Size   : 3.75 MiB
Installed Size  : 13.91 MiB
Packager        : Christian Hesse <arch@eworm.de>
Build Date      : Thu 28 Apr 2016 05:17:05 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnySecurity IssueVery LowMedium[patch] CVE-2018-6951 - NULL pointer DoSUnconfirmed
0%
Task Description

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.

https://security-tracker.debian.org/tracker/CVE-2018-6951

PackagesAnySecurity IssueVery LowMedium[qemu] Multiple CVEUnconfirmed
0%
Task Description

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug
https://www.openwall.com/lists/oss-security/2018/12/13/4

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem
manipulation in Media Transfer Protocol (MTP)
https://www.openwall.com/lists/oss-security/2018/12/13/11

Patches included at above URLs.

PackagesAnyReplace RequestDeferCritical[bzr] replace deprecated GNU Bazaar to BrezyDeferred
0%
Task Description

Description:

  • replace deprecated GNU Bazaar to Brezy for Canis Major

Additional info:

Note: It needs a provide: bazaar and brezy

Steps to reproduce:

  • broken package
PackagesAnyReplace RequestDeferCritical[python2] replace deprecated Python 2 to TauthonDeferred
0%
Task Description

Description:

  • replace deprecated Python 2 to Tauthon for Canis Major

Additional info:

Steps to reproduce:

  • Broken python2 packages.
PackagesStableReplace RequestVery LowCriticalPackage spamassassin includes dependencies for systemdUnconfirmed
0%
Task Description

Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 3.4.1-7

PackagesStableReplace RequestVery LowCriticalPackage opendkim includes dependencies for systemdUnconfirmed
0%
Task Description

Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 2.10.3-4

PackagesStableReplace RequestVery LowMediumPackage ossp has got systemd dependenciesUnconfirmed
0%
Task Description

Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!

Additional info:
* package version(s) 1.3.2-15

PackagesAnyReplace RequestLowLow[appmenu-qt4] replace with appmenu-qt (qt5)Deferred
0%
Task Description

“appmenu-qt4”[0][2] is a deprecated package (release in 2012)[1] and use qt4 unsupported/non-lts software[3], but “appmenu-qt5” not contains any release source code[2]

$ pacman -Si appmenu-qt4
Repository : community
Name : appmenu-qt4
Version : 0.2.6-1
Description : Export Qt4 applications menus over D-Bus
Architecture : x86_64
URL : https://launchpad.net/appmenu-qt Licenses : GPL Groups : None
Provides : None
Depends On : libdbusmenu-qt4
Optional Deps : None
Conflicts With : appmenu-qt
Replaces : appmenu-qt
Download Size : 16.55 KiB
Installed Size : 48.00 KiB
Packager : Antonio Rojas arojas@archlinux.org Build Date : Tue 28 Feb 2017 05:59:31 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://launchpad.net/appmenu-qt (qt4)
[1]:https://launchpad.net/appmenu-qt/+download [2]:https://launchpad.net/appmenu-qt5 [3]:https://en.wikipedia.org/wiki/Qt_5.6_LTS

PackagesAnyPrivacy IssueHighCritical[deepin-desktop-base] Check for CNZZ SpywareIn Progress
60%
Task Description

As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore.
https://www.youtube.com/watch?v=v25Dy66AtNI

We also shouldn’t use the AppStore if it exists, due to non-free apps.

Known files:
> usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service
> etc/appstore.json

PackagesAnyPrivacy IssueVery LowMedium[avahi] avahi publishes the hostname by defaultUnconfirmed
0%
Task Description

By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.

PackagesAnyPrivacy IssueVery LowLow[purple-plugin-pack] Provides Napster support which is ...Unconfirmed
0%
Task Description

purple-plugin-pack provides access to Napster which is only useful with a single company and sever (as far as I could tell).

PackagesAnyPrivacy IssueVery LowLow[github] check github-related packagesResearching
0%
Task Description

We should check if the following packages run any non-free JS (like youtube-dl) or access a proprietary API:

- hub
- python-pygithub
- python2-pygithub

I haven’t check them, but they look fishy. Take it as a reminder, this is far from being urgent IMO.

Software DevelopmentGeneralImplementation RequestVery HighCriticalPOWER (ppc64le) portingIn Progress
10%
Task Description

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and the Power9-based Talos II promises to be a great architecture example for workstations and servers environments where Hyperbola is focused since is a fully free long-term support distribution.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the POWER architecture (power64le).

Software DevelopmentGeneralImplementation RequestDeferCriticalRISC-V (riscv64) porting + multilib supportDeferred
0%
Task Description

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and RISC-V promises to be a great architecture example for low-power computers, laptops and embedded systems, also as ARM architecture replacement.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the RISC-V architecture (riscv64) with multilib support.

PackagesStableImplementation RequestVery LowCritical[strongswan] add new packageUnconfirmed
0%
Task Description

Description:

Package strongSwan is missing. Can it please be added to relevant repository? The package’s presence is critical for using IKEv2 in VPN.

Additional info:

* Source: Please see added link

Steps to reproduce:

N/A

Software DevelopmentHyperBKImplementation RequestMediumHighDevelop HyperBK based on LibertyBSD kernelDeferred
0%
Task Description

Develop HyperBK (Hyper Berkeley Kernel) based on LibertyBSD‘s kernel for Hyperbola GNU/HyperBK port.

TODO:

  • Push source to HyperBK’s project.
  • Rebrand LibertyBSD kernel to HyperBK.
  • Implement, develop or import new features such as Nouveau support.
  • Package HyperBK.

PATCHING NOTE

When the check concerns kernel, we obviously want to match with HyperBK.

Example of triplet check:	hyperbk-gnu)
Example of uname check:		GNU/HyperBK)
Example of C macro check:	defined(__HyperBK__)
Software DevelopmentGeneralImplementation RequestMediumHighDevelop GNU/HyperBK patchsetUnconfirmed
0%
Task Description

Develop GNU/HyperBK patchset for toolchain (Glibc, Binutils and GCC) and packages.

PATCHING NOTE

Make sure the definitions are not simply duplicated from GNU/Linux' because that will eventually result in
out-of-sync definitions that break for us.

Example of triplet check:	linux*-gnu | gnu* | hyperbk-gnu)
Example of uname check:		Linux|GNU|GNU/*)
Example of C macro check:	defined(__linux__) || defined(__GNU__) || defined(__GLIBC__)
				[note: GNU/Hurd defines __GNU__, and GNU/HyperBK define __GLIBC__ as hardcoded macro]
Example of makefile check:	ifneq (, $(filter Linux GNU GNU_%, $(shell uname -s)))
				[note1: findstring matches subwords, use filter instead]
				[note2: list must be the first parameter, otherwise matching fails]
				[note3: "%" is make's wildcard]
PackagesAnyImplementation RequestVery LowHigh[glom]: should depend on libgdaUnconfirmed
0%
Task Description

Description:

glom cannot run without libgda, so it should depend on libgda package

PackagesAnyImplementation RequestVery LowHigh[epson-inkjet-printer-escpr] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add :

epson-inkjet-printer-escpr

“Epson Inkjet Printer Driver (ESC/P-R) for Linux”

License : GPL2

https://aur.archlinux.org/packages/epson-inkjet-printer-escpr/ https://packages.debian.org/stretch/printer-driver-escpr

In my case, it was needed to use an Epson printer & scanner.

PackagesAnyImplementation RequestVery HighHigh[murmur-headless] add a Murmur package capable of worki...In Progress
0%
Task Description

Description:

  • Add new a Murmur package capable of working without a graphical user interface. It’s common on servers and embedded devices that requires only interfaces like network (eg. SSH) or serial port to handle services.

Additional info:

  • based on murmur 1.2.19-5

Steps to reproduce:

  • none
PackagesAnyImplementation RequestVery HighHigh[asterisk-headless] add an Asterisk package capable of ...In Progress
0%
Task Description

Description:

  • Add an Asterisk package capable of working without a graphical user interface. It’s common on servers and embedded devices that requires only interfaces like network (eg. SSH) or serial port to handle services.

Additional info:

  • based on asterisk 14.4.0-1

Steps to reproduce:

  • none
PackagesAnyImplementation RequestMediumMedium[uzem][uzebox] add uzem emulator and uzebox firmware pa...Assigned
0%
Task Description

Add “uzem” emulator and “uzebox” firmware packages[0][1].

It’s a emulator and firmware for fully free 8bit game console.

[0]:http://belogic.com/uzebox/index.asp (no https found)
[1]:https://github.com/Uzebox/uzebox

PackagesAnyImplementation RequestMediumMedium[ncdu] add new packageDeferred
0%
Task Description

PKGBUILD

# $Id: PKGBUILD 187611 2016-08-26 15:44:01Z bisson $
# Contributor: lp76 <l.peduto@gmail.com>
# Contributor: Daenyth <Daenyth+Arch AT gmail DOT com>
# Maintainer: Gaetan Bisson <bisson@archlinux.org>

pkgname=ncdu
pkgver=1.12
pkgrel=1.hyperbola1
pkgdesc='Disk usage analyzer with an ncurses interface'
url='https://dev.yorhel.nl/ncdu'
license=('custom:MIT')
depends=('ncurses')
arch=('i686' 'x86_64')
validpgpkeys=('74460D32B80810EBA9AFA2E962394C698C2739FA')
source=("https://dev.yorhel.nl/download/${pkgname}-${pkgver}.tar.gz"{,.asc})
sha512sums=('20620dd79d2af878442769e097f13806f64f23875dcb85ebccd573a3de43aba5663d496049b64015d13f9a79d624298032c008ef61dfb6f61d8b12902b8dca12'
            'SKIP')

build() {
    cd "${srcdir}/${pkgname}-${pkgver}"
    ./configure --prefix=/usr
    make
}

package() {
    cd "${srcdir}/${pkgname}-${pkgver}"
    make DESTDIR="${pkgdir}" install
    install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}
PackagesAnyImplementation RequestMediumMedium[searx] add new packageDeferred
0%
Task Description

Hi André, you could make an init for the searx search engine, it happens that
I want to launch it from local to avoid being in searx.me or
searx.riseup.net.

I have seen that there is a PKGBUILD in AUR [0]. I think it is necessary to make one with the init Openrc

[0]: https://aur.archlinux.org/packages/searx-py3/

PackagesTestingImplementation RequestVery LowMedium[yaics] add packageDeferred
0%
Task Description

Yaics is a simple GNU social client written in C++ and Qt and licensed under the GNU GPL 3.0 (or later).

Please implement yaics as an optional package.

https://stigatle.no/yaics/

https://gitlab.com/stigatle/yaics

ServicesFlyspray BrandingImplementation RequestMediumMediumAdd Hyperbola branding to HyperTaskIn Progress
40%
Task Description

Add Hyperbola branding to HyperTask such as HyperWiki and HyperForum for prolixity reasons.

PackagesTestingImplementation RequestLowMedium[spacefm] add new packageIn Progress
0%
Task Description

Add SpaceFM File Manager for Hyperbola

Aur Package: spacefm Debian Package: spacefm

ServicesHyperWiki/DokuWikiImplementation RequestMediumMediumLibreboot hardening grub guideUnconfirmed
0%
Task Description

I don’t know if this is the best place for this, but I get stuck on the hardening the grub guide from libreboot,

https://libreboot.org/docs/gnulinux/grub_hardening.html

I wondered if there is anything different that needs to be done to get this part done:

gpg –homedir keys –detach-sign my.initramfs
gpg –homedir keys –detach-sign my.kernel
gpg –homedir keys –detach-sign libreboot_grub.cfg
gpg –homedir keys –detach-sign my.grubtest.cfg

it gives me a bunch of weird errors

ServicesWiki Page IssueImplementation RequestVery LowMediumAdd notification/subscription capabilities when a page ...Unconfirmed
0%
Task Description

After talking to Emulatorman, we think this would be a nice feature to add to our Hyperwiki to be able to subscribe to the original page in English to help tracking changing to the translated pages.
This implies to add the email notifications to the dokuwiki system

PackagesAnyImplementation RequestVery LowMedium[arm-linux-gnueabihf-gcc] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

arm-linux-gnueabihf-gcc

“The GNU Compiler Collection (arm-linux-gnueabihf)”

Also requires :

arm-linux-gnueabihf-binutils (A set of programs to assemble and manipulate binary and object files)
arm-linux-gnueabihf-glibc (GNU C Library)

https://aur.archlinux.org/packages/arm-linux-gnueabihf-gcc/

License : GPL

Thanks

PackagesAnyImplementation RequestVery LowMedium[etherpad-lite] add packageUnconfirmed
0%
Task Description

Hi,

Would be nice to add etherpad-lite to our pacman.

https://github.com/ether/etherpad-lite

https://aur.archlinux.org/packages/etherpad-lite/

PackagesAnyImplementation RequestVery LowMedium[gitea] self-hosted git service Unconfirmed
0%
Task Description

Description:

A nice Git service would be welcomed in our pacman.

https://github.com/go-gitea/gitea https://aur.archlinux.org/packages/gitea/

PackagesAnyImplementation RequestVery HighMedium[coturn] add new packageUnconfirmed
0%
Task Description

Description:

  • add new package

Additional info:

Steps to reproduce:

  • none
PackagesAnyImplementation RequestVery HighMedium[mediagoblin] add GNU MediaGoblin packageUnconfirmed
0%
Task Description

Description:

  • add GNU MediaGoblin package

Additional info:

  • none

Steps to reproduce:

  • none
PackagesAnyImplementation RequestVery LowMedium[foxtrotgps] please add package to reposUnconfirmed
0%
Task Description

Unlike other mapping software (gnome-maps, emerillon) it does not depend on geoclue/geoclue2 (or on kde packages like marble). The package was added to Arch’s official repos over a year ago. Their PKGBUILD builds fine.

PackagesAnyImplementation RequestVery LowMedium[peertube] Add new PackageUnconfirmed
0%
Task Description

Description:

Hi guys. Could they add PeerTube to Hyperbola?

It’s on AUR.

Under the AGPLv3 license

Additional info:

I see that the PeerTube help configuration with an init.d

Showing tasks 1 - 50 of 622 Page 1 of 131 - 2 - 3 - 4 - 5 - Last >>

Available keyboard shortcuts

Tasklist

Task Details

Task Editing