All Projects

Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919

Description:
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authentciate
without any credentials.

Additional info:
* package version(s) : extra/libssh 0.7.5-1

CVE

Description:
From the author’s webpage gksu has been replaced.

Additional info:
* package version(s) : extra/gksu 2.0.2-5

http://www.nongnu.org/gksu/

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and the Power9-based Talos II promises to be a great architecture example for workstations and servers environments where Hyperbola is focused since is a fully free long-term support distribution.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the POWER architecture (power64le).

Description:

• Arch distributes a version of man-pages with manual pages from the POSIX standard. The man-pages project is permitted to distribute them and Andries Brouwer assumes that re-distribution by vendors is permitted as well. However, modification is definitively not allowed, hence this contribution by The Institute of Electrical and Electronics Engineers and The Open Group render the entire man-pages package nonfree. The way to solve it is remove all nonfree POSIX manual pages from man-pages package.

Additional info:
* package version(s)

• 4.11-1

* config and/or log files etc.

• License file (POSIX-COPYRIGHT):

The Institute of Electrical and Electronics Engineers (IEEE) and
The Open Group, have given us permission to reprint portions of
their documentation.

In the following statement, the phrase ``this text'' refers to
portions of the system documentation.

Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1, 2013 Edition, Standard for Information Technology
-- Portable Operating System Interface (POSIX), The Open Group Base
Specifications Issue 7, Copyright (C) 2013 by the Institute of Electri-
cal and Electronics Engineers, Inc and The Open Group.  (This is
POSIX.1-2008 with the 2013 Technical Corrigendum 1 applied.) In the
event of any discrepancy between this version and the original IEEE and
The Open Group Standard, the original IEEE and The Open Group Standard
is the referee document.  The original Standard can be obtained online
at http://www.unix.org/online.html .

This notice shall appear on any product containing this material.

Redistribution of this material is permitted so long as this notice and
the corresponding notices within each POSIX manual page are retained on
any distribution, and the nroff source is included. Modifications to
the text are permitted so long as any conflicts with the standard
are clearly marked as such in the text.

Steps to reproduce:

• See license in /usr/share/licenses/man-pages/POSIX-COPYRIGHT

As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore.
https://www.youtube.com/watch?v=v25Dy66AtNI

We also shouldn’t use the AppStore if it exists, due to non-free apps.

Known files:
> usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service
> etc/appstore.json

Octopi 0.9.0 is uploading system logs to ptpb.pw without confirmation through :

Tools
→ SysInfo → ptpb.pw

I think it should be either disabled or add at least a patch to ask for a confirmation.
An other way could be to patch this :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- https://ptpb.pw/?u=1", tempFile->fileName());
256:  return ptpb;

to :

src/globals.cpp
240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **https://ptpb.pw/", tempFile->fileName());
256:  return ptpb;

This way, you can at least ask for log deletion with the help of log uuid as explained here : https://ptpb.pw/#id10

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

Since python-pip and python2-pip have been removed, I can’t install python2-reportlab because python2-pip is a dependency of this package.
.

Description:

Package strongSwan is missing. Can it please be added to relevant repository? The package’s presence is critical for using IKEv2 in VPN.

Additional info:

* Source: Please see added link

Steps to reproduce:

N/A

I probably should’ve mentioned this before, but if it is set to suspend when lid is closed, it should automatically lock. if the security option: lock screen with system is set to sleep is tweaked on it doesn’t lock always.

This is word for word what I wrote in the forums, but yeah... it is a problem say if someone wants to use your laptop without your permission and can do so.

But it is also a problem if you set it to lock instead because it is more prone to overheating when your not using it, and it doesn’t suspend quickly enough.

I have tried this many times and the same story can be told, again and again.

I think this issue should be considered high or critical merely because of the privacy risk if someone gets their hands on your laptop while its on. Even if you have been away... :/

I wonder if anyone else has this issue... well you guys will tell me I am sure. if critical doesn’t match what you think I am sure you will change it. ;)

Our current dokuwiki 20170219_b-1 has two serious CVE.

Error message attached after the first installation

A huge number of CVEs have been fixed on 4.3.1 :

CVE-2018-20552
CVE-2018-20553
CVE-2018-18408
CVE-2018-18407
CVE-2018-17974
CVE-2018-17580
CVE-2018-17582
CVE-2018-13112

Current Hyperbola version is 4.2.6

With kodi 17.1-2.hyperbola1 “The Movie Database” scraper doesn’t work. The error message is :

"Unable to connect to remote server"

Install the base system again in a pc, but when installing some packages there is the error that I describe below. I would ask please correct this problem since you can not install several programs, example: emacs, volumeicon, etc

invalid or corrupted package (PGP signature)).
error: adwaita-icon-theme: signature from “scott sradms0@openmailbox.org” is unknown trust
:: File /var/cache/pacman/pkg/adwaita-icon-theme-3.24.0-1.hyperbola1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

Description:

• replace deprecated GNU Bazaar to Brezy for Canis Major

Additional info:

• bzr 2.7.0-2
• GNU Bazaar will be unmaintained (for now, there are only bug fixes)
• GNU Bazaar only supports Python 2.
• Python 2.7 is the end of the Python 2 line of development. [0]
• There never will be an official Python 2.8 release.
• Or use Tauthon (fork of Python 2.7) as dependency.

Note: It needs a provide: bazaar and brezy

Steps to reproduce:

• broken package

Description:

• replace deprecated Python 2 to Tauthon for Canis Major

Additional info:

• python 2.7.14-2.hyperbola1
• Python 2.7 is the end of the Python 2 line of development. [0]
• There never will be an official Python 2.8 release.

Steps to reproduce:

• Broken python2 packages.

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and RISC-V promises to be a great architecture example for low-power computers, laptops and embedded systems, also as ARM architecture replacement.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the RISC-V architecture (riscv64) with multilib support.

Description:

• The Arch version of TiMidity++ from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : extra
Name            : timidity++
Version         : 2.14.0-7
Description     : A MIDI to WAVE converter and player
Architecture    : x86_64
URL             : http://timidity.sourceforge.net
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : libao  jack
Optional Deps   : gtk2: for using the GTK+ interface
                  tk: for using the Tk interface
                  xaw3d: for using the Xaw interface
Conflicts With  : None
Replaces        : None
Download Size   : 530.60 KiB
Installed Size  : 1431.00 KiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Thu 10 Sep 2015 12:55:38 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/timidity.service is owned by timidity++ 2.14.0-7

Steps to reproduce:

• Install package.

Description:

• The Arch version of Sage-notebook from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required. OpenRC init script replacement isn’t possible here because Sage-notebook is using a systemd unit file adapted for users instead of system users.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : sage-notebook
Version         : 0.13-4
Description     : Browser-based notebook interface for SageMath
Architecture    : any
URL             : http://www.sagemath.org
Licenses        : GPL3
Groups          : None
Provides        : None
Depends On      : sagemath  python2-twisted  python2-flask-oldsessions  python2-flask-openid  python2-flask-autoindex  python2-flask-babel  mathjax
Optional Deps   : python2-pyopenssl: to use the notebook in secure mode
Conflicts With  : None
Replaces        : None
Download Size   : 1625.00 KiB
Installed Size  : 9154.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Thu 04 May 2017 06:12:28 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/user/sage.service is owned by sage-notebook 0.13-4

Steps to reproduce:

• Install package.

Description:

• The Arch version of Erlang (headless version) from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : erlang-nox
Version         : 19.3-3
Description     : General-purpose concurrent functional programming language developed by Ericsson (headless version)
Architecture    : x86_64
URL             : http://www.erlang.org/
Licenses        : Apache
Groups          : None
Provides        : None
Depends On      : ncurses  openssl
Optional Deps   : erlang-unixodbc: database support
                  java-environment: for Java support
                  lksctp-tools: for SCTP support
Conflicts With  : erlang
Replaces        : None
Download Size   : 39.01 MiB
Installed Size  : 106.73 MiB
Packager        : Jan de Groot <jgc@archlinux.org>
Build Date      : Fri 28 Apr 2017 08:44:33 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/epmd.service is owned by erlang-nox 19.3-3
/usr/lib/systemd/system/epmd.socket is owned by erlang-nox 19.3-3

Steps to reproduce:

• Install package.

Description:

• The Arch version of Motion from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : motion
Version         : 4.0.1-2
Description     : A software motion detector which grabs images from video4linux devices and/or from webcams
Architecture    : x86_64
URL             : http://www.lavrsen.dk/foswiki/bin/view/Motion/WebHome
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : libjpeg  v4l-utils  ffmpeg
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 235.61 KiB
Installed Size  : 923.00 KiB
Packager        : Sergej Pupykin <pupykin.s+arch@gmail.com>
Build Date      : Mon 14 Nov 2016 02:17:55 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/motion.service is owned by motion 4.0.1-2

Steps to reproduce:

• Install package.

Description:

• The Arch version of tinc from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : tinc
Version         : 1.0.31-2
Description     : VPN (Virtual Private Network) daemon
Architecture    : x86_64
URL             : http://www.tinc-vpn.org/
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : lzo  openssl  zlib
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 107.42 KiB
Installed Size  : 194.00 KiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Mon 13 Mar 2017 01:06:11 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/tinc.service is owned by tinc 1.0.31-2
/usr/lib/systemd/system/tinc@.service is owned by tinc 1.0.31-2

Steps to reproduce:

• Install package.

Description:

The Arch version of tinc from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repositorio               : community
Nombre                    : netdata
Versión                   : 1.6.0-3
Descripción               : Real-time performance monitoring, in the greatest possible detail, over the web.
Arquitectura              : x86_64
URL                       : https://github.com/firehol/netdata/wiki
Licencias                 : GPL
Grupos                    : Nada
Provee                    : Nada
Depende de                : libmnl  libnetfilter_acct  zlib
Dependencias opcionales   : nodejs: Webbox plugin
                            lm_sensors: sensors module
En conflicto con          : Nada
Remplaza a                : Nada
Tamaño de la descarga     : 1778,98 KiB
Tamaño de la instalación  : 6515,00 KiB
Encargado                 : Sven-Hendrik Haase <sh@lutzhaase.com>
Fecha de creación         : dom 23 abr 2017 16:24:38 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

community/netdata	/usr/lib/systemd/
community/netdata	/usr/lib/systemd/system/
community/netdata	/usr/lib/systemd/system/netdata.service

Steps to reproduce:

• Install package

Description:

Since Hyperbola follows the Init Freedom Campaign, systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)

community/backuppc 4.1.2-1 [installed]

   Enterprise-grade system for backing up Linux, Windows and MacOS PCs

* config and/or log files etc.

Additional info:

Steps to reproduce: install it

Since Hyperbola follows the Init Freedom Campaign, systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)

extra/gpsd 3.16-3 [installed]

   GPS daemon and library to support USB/serial GPS devices

* config and/or log files etc.

Additional info:

Steps to reproduce: install it

Description:

Hiawatha contains only systemd files.

It shall be removed and openrc shall be provided

Description:

• needs OpenRC init script and contains systemd files

Additional info:

• dovecot 2.2.29.1-1

dovecot /usr/lib/systemd/system/dovecot.service
dovecot /usr/lib/systemd/system/dovecot.socket
dovecot /usr/lib/tmpfiles.d/dovecot.conf

Steps to reproduce:

• none

Description:

• needs OpenRC init script

Additional info:

• onioncat 0.2.2.r578-1

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd file

Additional info:

• umurmur 0.2.16_a-6

umurmur /usr/lib/systemd/system/umurmur.service

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd files

Additional info:

• prosody 1:0.10.r7198+.2fd20f372cb1+-2

prosody /usr/lib/systemd/system/prosody.service
prosody /usr/lib/sysusers.d/prosody.conf
prosody /usr/lib/tmpfiles.d/prosody.conf

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd files

Additional info:

• unrealircd 4.0.11-2

unrealircd /usr/lib/systemd/system/unrealircd.service
unrealircd /usr/lib/tmpfiles.d/unrealircd.conf

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd file

Additional info:

• mcelog 1:148-1

mcelog /usr/lib/systemd/system/mcelog.service

Steps to reproduce:

• none

Description:

• needs OpenRC init script (bzr serve), like [git] (git-daemon) and [subversion] (svnserve)

Additional info:

• bzr 2.7.0-2

Note: needs a provide: bazaar

Steps to reproduce:

• none

Description:

• needs OpenRC init scripts (hg serve and chg server), like [git] (git-daemon) and [subversion] (svnserve)

Additional info:

• mercurial 4.2-1

Note: needs a provide: hg

Steps to reproduce:

• none

Description:

• Add new a Murmur package capable of working without a graphical user interface. It’s common on servers and embedded devices that requires only interfaces like network (eg. SSH) or serial port to handle services.

Additional info:

• based on murmur 1.2.19-5

Steps to reproduce:

• none

Description:

• Add an Asterisk package capable of working without a graphical user interface. It’s common on servers and embedded devices that requires only interfaces like network (eg. SSH) or serial port to handle services.

Additional info:

• based on asterisk 14.4.0-1

Steps to reproduce:

• none

Some forum display errors:

1. preview button with the orange border.

1. Error message when logging in gray color making it difficult to read

Cannot mix incompatible Qt library (version 0×50800) with this library (version 0×50904)
Aborted

./Nextcloud-2.3.3-x86_64.AppImage: /usr/lib/libQt5Core.so.5: version `Qt_5.9’ not found (required by /tmp/.mount_NextclpprMnG/usr/bin/../lib/libqt5keychain.so.1

These two packages are directly affected by an older qt5...

Could you update all the qt packages to the LTS version available?

The Knock patches for linux-libre maintained by you at https://git.hyperbola.info:50100/kernels/knock.git/ have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x

However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x

This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.

Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do.
https://github.com/copperhead/linux-hardened/releases

In the File postgresql.install

the output is:

    ==> requires datadir /var/lib/data
    ==> run as user postgres: 'initdb -D /var/lib/data'

when it should be:

    ==> requires datadir /var/lib/postgres/data
    ==> run as user postgres: 'initdb -D /var/lib/postgres/data'

It may be necessary to change:

local datadir = "/var/lib/data"

to

local datadir = "/var/lib/postgres/data"

The comand for default fails:

creating directory /var/lib/data... initdb: could not create directory "/var/lib/data": Permission denied

Develop HyperBK (Hyper Berkeley Kernel) based on LibertyBSD‘s kernel for Hyperbola GNU/HyperBK port.

TODO:

• Download LibertyBSD kernel source code from LibertyBSD site.

• Create a new project in Hyperbola Git called hyperbk.

• Push source to HyperBK’s project.

• Rebrand LibertyBSD kernel to HyperBK.

• Implement, develop or import new features such as Nouveau support.

• Package HyperBK.

PATCHING NOTE

When the check concerns kernel, we obviously want to match with HyperBK.

Example of triplet check:	hyperbk-gnu)
Example of uname check:		GNU/HyperBK)
Example of C macro check:	defined(__HyperBK__)

Develop GNU/HyperBK patchset for toolchain (Glibc, Binutils and GCC) and packages.

PATCHING NOTE

Make sure the definitions are not simply duplicated from GNU/Linux' because that will eventually result in
out-of-sync definitions that break for us.

Example of triplet check:	linux*-gnu | gnu* | hyperbk-gnu)
Example of uname check:		Linux|GNU|GNU/*)
Example of C macro check:	defined(__linux__) || defined(__GNU__) || defined(__GLIBC__)
				[note: GNU/Hurd defines __GNU__, and GNU/HyperBK define __GLIBC__ as hardcoded macro]
Example of makefile check:	ifneq (, $(filter Linux GNU GNU_%, $(shell uname -s)))
				[note1: findstring matches subwords, use filter instead]
				[note2: list must be the first parameter, otherwise matching fails]
				[note3: "%" is make's wildcard]

I’m encountering this bug when using latest Pale Moon (version 2.8.0.1).

https://forum.palemoon.org/viewtopic.php?f=37&t=19941&sid=3cd95f0870b5cef74c582eb9a3ea778a

The bug doesn’t only affect the preferences dialog - other windows are not rendered correctly either such as DownThemAll! add-on (see attached image).

The suggested fix is to update the intel driver (the about:config suggested change makes the preference dialog usable but other windows such as DownThemAll! still aren’t displayed correctly).

I’m using a T60 with intel graphics.

Description:
tp_smapi fails to load

Additional info:
* package version(s)
tp_smapi-lts 0.43-1.hyperbola29.5
linux-libre-lts 4.9.143_gnu-0

* config and/or log files etc.
From dmesg:
thinkpad_ec: Unknown symbol _GLOBAL_OFFSET_TABLE_ (err 0)
thinkpad_ec: Unknown symbol __x86_indirect_thunk (err 0)

Steps to reproduce:
1. Install tp_smapi and the most recent stable linux-libre-lts
2. Reboot
3. sudo modprobe tp_smapi

Description:

• Option to add NextCloud/OwnCloud accounts in ‘Online Accounts’ section of System Settings not appearing.

Additional info:
* package version(s)

• 17.04.0-1

* config and/or log files etc.

• N/A

Steps to reproduce:

• Run application
• Go to ‘Online Accounts’ section of System Settings

Description:

• Clicking to add an Jabber Account opens a dialog with no fields to enter information.

Additional info:
* package version(s)

• 17.04.0-3.hyperbola1

* config and/or log files etc.

• N/A

Steps to reproduce:

• Run Application
• Clicking to add an Jabber Account

Description:

I have tried all combinations, but despite “noauto” specified in /etc/fstab all devices get mounted at boot.

Who can help me, not to mount a device during boot?

Description:

glom cannot run without libgda, so it should depend on libgda package

Description:

I ran sensors-detect, it detected two modules :

coretemp
it87

Those have been added to /etc/sysconfig/lm_sensors :

# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
# be loaded/unloaded.
#
# The format of this file is a shell script that simply defines variables:
# HWMON_MODULES for hardware monitoring driver modules, and optionally
# BUS_MODULES for any required bus driver module (for example for I2C or SPI).

HWMON_MODULES="coretemp it87"

But only coretemp is loaded at boot.

I can manually load it87 module (modprobe it87) and get all sensors working but for some reason it87 module is not loaded at boot.