All Projects

Project  ascCategoryTask TypePrioritySeveritySummaryStatusProgress
InstallationGeneralImplementation RequestVery LowLowTo make installation instructions and get use of live I...Unconfirmed
Task Description

I have installed multiple times Hyperbola, 4 times on 4 different notebooks.

What I have noticed is that the live ISO is quite huge in relation to the task that should be done. Namely. the live ISO shall at least contain some first packages, so that they do not need to be downloaded online.

Best would be if the live ISO can be copied straight and that system can run from ISO/DVD without having Internet. At least one simple graphical environment shall be included.

Further, I have noticed that there is only network instructions as HTML file.

I would rather call it installation-instructions.html to make it clear for people what it is. Or simply: INSTALL.html so that people understand what it is.

It says just network.html if I remember well.

Then there is absolutely no point or link or reference to the installation instructions.

Each time I got a network I had to go to either duckduckgo search engine or to website and then I tried with lynx to find installation instructions.

It is not straight, not quite clearly in open, it is in Wiki, but that is quite hard to find.

We have to put ourselves in the shoes of those in need of free software. Millions of people need free software.

Many of us live in a developed western countries.

Yet millions of people in need of this software live in South America, Africa, Asia, Eastern Europe.

There are millions of students that could advance their study, and that could progress faster with free software.

In those countries Internet is often non-existent, universities may be located in poor network areas, Internet is being fetched by using mobile phones.

So if there is a live distribution, such shall at least contain basic software, which really can fit onto any DVD, and that as such can be copied on the computer without using Internet. Upgrades could be fetched by using Internet.

And there shall be clear reference, link or file about installation. There shall be no need to go to Internet to install the software.

InstallationGeneralFreedom IssueVery LowHigh[openbox] provides nonfree software support in the menuUnconfirmed
Task Description

my recommended fix, make it reflect the applications that are actually installed on the system after removing non-free software support.

InstallationGeneralFreedom IssueVery LowLow[jwm] provides nonfree software support in the menu Unconfirmed
Task Description

my recommended fix, make it reflect the applications that are actually installed on the system after removing non-free software support.

InstallationGeneralFreedom IssueVery LowHighFS#1445 - [fluxbox] provides nonfree software support i...Unconfirmed
Task Description

recommended fix, remove non-free software entries in menu and replace them with applications that actually exist.

InstallationGeneralFeature RequestVery LowLow[calamares] add graphical installer with FDE supportResearching
Task Description

Package Request:

Original Bug Report:
— I would also like to test the beta isos when they are ready through qemu. If it looks good I plan to fully install them onto my laptop. My libreboot x200.

I don’t know if I should make a separate feature for this, but xfce is a good stable desktop environment for such a choice. that and lxde.

Though lxde is going to die...

InstallationGeneralFeature RequestVery LowLow[FAQ]Please note that not all RAR archives are supporte...Unconfirmed
Task Description

I tried to extract a RAR v5 archive using unar that works fine when using the non-free unrar.

Here is the log (with the file name altered)

$ unar file.part1.rar
file.part1.rar: RAR 5

file.mp4  (-2144860915 B)... Failed! (Attempted to read more data than was available)

Extraction to current directory failed! (1 file failed.)

Please add in the FAQ that newer RAR archives (version 5) may not work when using unar.

PackagesStableUpdate RequestHighHigh[qt5] upgrade Qt project to the 5.6 LTS version, requir...Deferred
Task Description

Cannot mix incompatible Qt library (version 0×50800) with this library (version 0×50904)

./Nextcloud-2.3.3-x86_64.AppImage: /usr/lib/ version `Qt_5.9’ not found (required by /tmp/.mount_NextclpprMnG/usr/bin/../lib/

These two packages are directly affected by an older qt5...

Could you update all the qt packages to the LTS version available?

PackagesAnyUpdate RequestMediumHighMake Knock patch for Linux-libre 4.14 LTSUnconfirmed
Task Description

The Knock patches for linux-libre maintained by you at have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x

However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x

This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.

Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do.

PackagesAnyUpdate RequestMediumMedium[cups] update requestAssigned
Task Description

New versión v2.2.7


PackagesAnyUpdate RequestVery LowHigh[proj]: please update to latest versionUnconfirmed
Task Description


This package have valuable geodetic applications, and I intend to present Hyperbola GNU/Linux-libre soon in universities and schools in East Africa.

The coordinate system there is not WGS84 and this package only in new version is providing the conversion from East African geographic coordinates to WGS84, and will be very usable in many industrial and private applications.

PackagesStableUpdate RequestVery LowMedium[cantarell-fonts] update package version to 0.111Unconfirmed
Task Description

Prior version 0.0.25 and below are outdated.

Since version 0.100 and later, there are some changes being redesigned from scratch, added three new weights (including extra bold, light and thin) but not italic or oblique styles, AppStream metadata translations from contributors, and more.

See the version history releases for more details:

PackagesAnyUpdate RequestVery LowMedium[lmms] update package version to 1.2.0Unconfirmed
Task Description

In the latest version, it has many more changes with new and improvement features, and fixes function issues since released as preview stage in every eight times per three years ago[1]. And also it is possible to rebuild package with sndio.

[1]: (see all sections below from 1.2.0-RC1 to 1.2.0 in the version history releases)

PackagesAnyUpdate RequestVery LowHigh[mpv] request for package bumpUnconfirmed
Task Description


Would it be possible to get a package bump for mpv ?

Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use.
0.29.* requires a ffmpeg to 4.x series as well.


PackagesStableUpdate RequestVery LowLow[icewm] Upgrade package versionUnconfirmed
Task Description

The current version of the package icewm within the Hyperbola-repositories is 1.3.8. The latest version is 1.6.3!
An update would be helpful as this window-manager follows absolutely the principles of the distribution Hyperbola itself, being simple and fast.

PackagesAnyUpdate RequestMediumHigh[php] is out of date/supportUnconfirmed
Task Description


From official PHP page, our php 7.1 is out of support and security

Our package :

PHP page :

PackagesStableUpdate RequestVery LowMedium[varnish] Missing init scriptUnconfirmed
Task Description


Init script is missing for this package.

I think has some systemd dependecies.

/tmp/alpm_sYmHUS/.INSTALL: line 7: systemd-sysusers: command not found
error: command failed to execute correctly

package version: varnish-5.1.2-1

PackagesAnySecurity IssueMediumMedium[cinepaint] unmaintained and unsupportableIn Progress
Task Description

Remove “cinepaint” package since it’s unmaintained and unsupportable. Also, it doesn’t contains any file format support in the latest version (previous version supported multiple file formats).

I suggest use Krita (or Gimp 2.10) to edit 16bit and 32bit file formats or convert with imagemagick/graphicsmagick.

$ pacman -Si cinepaint
Repository      : community
Name            : cinepaint
Version         : 1:1.0.4-5
Description     : Sophisticated graphics manipulation programm supporting > 8bit pictures
Architecture    : x86_64
URL             :
Licenses        : LGPL  GPL  MIT
Groups          : None
Provides        : None
Depends On      : gtk2  openexr  lcms  libxpm  fltk  ftgl  libxxf86vm
Optional Deps   : python2: for python plug-ins
                  gutenprint: for print plug-ins
                  ghostscript: for pdf plug-ins
Conflicts With  : None
Replaces        : None
Download Size   : 3.75 MiB
Installed Size  : 13.91 MiB
Packager        : Christian Hesse <>
Build Date      : Thu 28 Apr 2016 05:17:05 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnySecurity IssueMediumMedium[openssh] CVE-2018-15919Researching
Task Description

Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’

PackagesAnySecurity IssueVery LowHigh[octopi] requires suUnconfirmed
Task Description

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

PackagesAnySecurity IssueVery LowMedium[patch] CVE-2018-6951 - NULL pointer DoSAssigned
Task Description

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.

PackagesAnySecurity IssueVery LowMedium[qemu] Multiple CVEUnconfirmed
Task Description

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem
manipulation in Media Transfer Protocol (MTP)

Patches included at above URLs.

PackagesAnySecurity IssueMediumCritical[libjpeg-turbo] CVE-2019-2201Researching
Task Description

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation


PackagesAnySecurity IssueVery LowMediumDownload debian-fixes instead of relying on external so...Unconfirmed
Task Description

It happened already with minetest and again with prosody: When trying to build own packages with makepkg there are patches downloaded from the Debian-project. But the given HTTP(S)-sources are no longer available, concrete example within prosody to be found: (not available)

Please don’t rely on those external sources when creating PKGBUILD-files or just give users the possibility for a secure and granted download. Therefore I cannot build prosody on my own now!

PackagesAnySecurity IssueVery LowCritical[unbound] Multiple CVEsAssigned
Task Description


PackagesStableSecurity IssueVery LowCritical[lts-kernel][sec] filter /dev/mem access & restrict acc...Unconfirmed
Task Description

These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

PackagesAnySecurity IssueVery LowHigh[tigervnc] Multiple CVEResearching
Task Description

“This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side.”

PackagesAnySecurity IssueVery LowCritical[opensmtpd] CVE-2020-8794Unconfirmed
Task Description


Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)




We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This
vulnerability, an out-of-bounds read introduced in December 2015 (commit
80c6a60c, “when peer outputs a multi-line response ...”), is exploitable
remotely and leads to the execution of arbitrary shell commands: either
as root, after May 2018 (commit a8e22235, “switch smtpd to new
grammar”); or as any non-root user, before May 2018.

Because this vulnerability resides in OpenSMTPD’s client-side code
(which delivers mail to remote SMTP servers), we must consider two
different scenarios:

- Client-side exploitation: This vulnerability is remotely exploitable

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

- Server-side exploitation: First, the attacker must connect to the

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

We developed a simple exploit for this vulnerability and successfully
tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the
first vulnerable release), Debian 10 (stable), Debian 11 (testing), and
Fedora 31.

The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”

PackagesStableSecurity IssueVery LowMedium[git] Multiple CVEsUnconfirmed
Task Description

CVE-2020-5260 has been fixed very recently in Debian, so I thought I would apply this patch. However, I found out that security patches have not been applied for quite a while (I could account for at least 6 CVEs).

Considering that the version in Debian stretch (2.11.0) is the nearest version with security patches released by Debian and that git project oldest supported version is 2.17, I have used patches from Debian stretch to apply on 2.12.2 currently in Milky Way.

But I have the following error on check():

 |  *** prove ***
 |  Test Summary Report
 |  -------------------
 |                              (Wstat: 256 Tests: 20 Failed: 10)
 |    Failed tests:  3-7, 15-19
 |    Non-zero exit status: 1
 |                       (Wstat: 256 Tests: 26 Failed: 16)
 |    Failed tests:  2-6, 9-11, 15-19, 21-23
 |    Non-zero exit status: 1
 |  Files=769, Tests=14137, 1101 wallclock secs ( 8.08 usr  1.12 sys + 144.48 cusr 63.42 csys = 217.10 CPU)
 |  Result: FAIL
 |  make[1]: *** [Makefile:45: prove] Error 1
 |  make[1]: Leaving directory '/build/git/src/git-2.12.2/t'
 |  make: *** [Makefile:2291: test] Error 2
 |  ==> ERROR: A failure occurred in check().
 |      Aborting...

This does not seem to be related to my change as the current version in Milky Way produces the same error (IOW the package currently in Milky Way is not rebuidable).

PackagesAnySecurity IssueVery HighCritical[grub2] UEFI SecureBoot vulnerability + multiple flaws ...Unconfirmed
Task Description

PackagesAnySecurity IssueVery LowMediummount.davfs: unknown file system davfs due to paths cha...Unconfirmed
Task Description

This is same issue as on:

The paths changed and trying to mount davfs file system defined in /etc/fstab fails with error: unknown file system davfs

To remedy, I made symlink in /sbin to mount.davfs

The transition of paths had to take that in account as many mounted remote disks failed after upgrade.

PackagesAnyReplace RequestLowLow[appmenu-qt4] replace with appmenu-qt (qt5)Deferred
Task Description

“appmenu-qt4”[0][2] is a deprecated package (release in 2012)[1] and use qt4 unsupported/non-lts software[3], but “appmenu-qt5” not contains any release source code[2]

$ pacman -Si appmenu-qt4
Repository : community
Name : appmenu-qt4
Version : 0.2.6-1
Description : Export Qt4 applications menus over D-Bus
Architecture : x86_64
URL : Licenses : GPL Groups : None
Provides : None
Depends On : libdbusmenu-qt4
Optional Deps : None
Conflicts With : appmenu-qt
Replaces : appmenu-qt
Download Size : 16.55 KiB
Installed Size : 48.00 KiB
Packager : Antonio Rojas Build Date : Tue 28 Feb 2017 05:59:31 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]: (qt4)
[1]: [2]: [3]:

PackagesAnyReplace RequestDeferCritical[bzr] replace deprecated GNU Bazaar to BrezyDeferred
Task Description


  • replace deprecated GNU Bazaar to Brezy for Canis Major

Additional info:

Note: It needs a provide: bazaar and brezy

Steps to reproduce:

  • broken package
PackagesStableReplace RequestVery LowMediumPackage ossp has got systemd dependenciesUnconfirmed
Task Description

Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!

Additional info:
* package version(s) 1.3.2-15

PackagesTestingReplace RequestVery LowMedium replace request: NetworkManager with wpa_cuteUnconfirmed
Task Description

I know there are plans to remove NetworkManager. I wondered if we could replace it in 0.4 with Wpa_Cute. seen in the above link.

I haven’t been able to compile it, but it has been updated as recent as 2018 december (stable)

or 2019 january. :)

WPA_GUI doesn’t seem to work well for me, it runs into weird errors when I start it. Long story short, I run into this issue with wpa_supplicant when i do it manually:

Password-related problems

wpa_supplicant may not work properly if directly passed via stdin particularly long or complex passphrases which include special characters. This may lead to errors such as failed 4-way WPA handshake, PSK may be wrong when launching wpa_supplicant.

In order to solve this try using here strings wpa_passphrase <MYSSID> «< “<passphrase>” or passing a file to the -c flag instead:

# wpa_supplicant -i <interface> -c /etc/wpa_supplicant/example.conf

In some instances it was found that storing the passphrase cleartext in the psk key of the wpa_supplicant.conf network block gave positive results (see [2]). However, this approach is rather insecure. Using wpa_cli to create this file instead of manually writing it gives the best results most of the time and therefore is the recommended way to proceed.
Problems with eduroam and other MSCHAPv2 connections

This is my issue with wpa_supplicant sadly... and I do not know how to workaround that without a GUI.

but Wpa_Supplicant_gui does not fix it either, it doesn’t even load properly on my other laptop.

It says it cannot get the status of wpa_supplicant when I load it.

This could be an issue if you get rid of NetworkManager for some users.

So yeah, please take a look at my request okay? Wait for 0.3 to be released to add this if possible. I know you guys are overworked, etc... and it doesn’t need to be done now anyhow. ;)

PackagesAnyPrivacy IssueVery LowMedium[avahi] avahi publishes the hostname by defaultUnconfirmed
Task Description

By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.

PackagesAnyPrivacy IssueVery LowLow[purple-plugin-pack] Provides Napster support which is ...Unconfirmed
Task Description

purple-plugin-pack provides access to Napster which is only useful with a single company and sever (as far as I could tell).

PackagesAnyPrivacy IssueVery LowLow[github] check github-related packagesResearching
Task Description

We should check if the following packages run any non-free JS (like youtube-dl) or access a proprietary API:

- hub
- python-pygithub
- python2-pygithub

I haven’t check them, but they look fishy. Take it as a reminder, this is far from being urgent IMO.

PackagesAnyPrivacy IssueVery LowCritical[bleachbit] needs to be adapted to UXP applicationsAssigned
Task Description

The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.

PackagesAnyImplementation RequestVery LowLow[3proxy] add package since it's useful for tor on ftp p...Deferred
Task Description

Add “3proxy”[0] package

Useful for tor on ftp proxy[1]

[0]: [1]:

PackagesAnyImplementation RequestMediumMedium[uzem][uzebox] add uzem emulator and uzebox firmware pa...Assigned
Task Description

Add “uzem” emulator and “uzebox” firmware packages[0][1].

It’s a emulator and firmware for fully free 8bit game console.

[0]: (no https found)

PackagesAnyImplementation RequestMediumMedium[ncdu] add new packageDeferred
Task Description


# $Id: PKGBUILD 187611 2016-08-26 15:44:01Z bisson $
# Contributor: lp76 <>
# Contributor: Daenyth <Daenyth+Arch AT gmail DOT com>
# Maintainer: Gaetan Bisson <>

pkgdesc='Disk usage analyzer with an ncurses interface'
arch=('i686' 'x86_64')

build() {
    cd "${srcdir}/${pkgname}-${pkgver}"
    ./configure --prefix=/usr

package() {
    cd "${srcdir}/${pkgname}-${pkgver}"
    make DESTDIR="${pkgdir}" install
    install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
PackagesAnyImplementation RequestMediumMedium[searx] add new packageDeferred
Task Description

Hi André, you could make an init for the searx search engine, it happens that
I want to launch it from local to avoid being in or

I have seen that there is a PKGBUILD in AUR [0]. I think it is necessary to make one with the init Openrc


PackagesAnyImplementation RequestVery LowLow[plymouth] add packageDeferred
Task Description

Plymouth is an application that runs very early in the boot process (even before the root filesystem is mounted!) that provides a graphical boot animation while the boot process happens in the background.

Please implement plymouth as an optional package.

PackagesTestingImplementation RequestVery LowMedium[yaics] add packageDeferred
Task Description

Yaics is a simple GNU social client written in C++ and Qt and licensed under the GNU GPL 3.0 (or later).

Please implement yaics as an optional package.

PackagesTestingImplementation RequestVery LowLow[sirikata] add packageDeferred
Task Description

Sirikata a platform for virtual worlds.

Sirikata is a platform for virtual worlds. We provide a set of libraries and protocols which can be used to deploy a virtual world, as well as fully featured sample implementations of services for hosting and deploying these worlds.

Please implement sirikata as an optional package.

PackagesAnyImplementation RequestVery LowLow[multipath-tools] add packageDeferred
Task Description


Could it be possible to add this package :


“Multipath tools for Linux (including kpartx)”

License : GPL2

to the repo ?

Thank you

PackagesAnyImplementation RequestVery LowLow[thinkfan] add packageDeferred
Task Description

Could it be possible to add this package :


“A minimalist fan control program. Supports the sysfs hwmon interface and thinkpad_acpi”

License : GPL

to the repo ?


PackagesAnyImplementation RequestLowLow[nut] add Network UPS Tools 2.7.x packageAssigned
Task Description

Add “nut” package.

Useful for uninterruptible power supplies, power distribution units, solar controllers and servers power supply units.

PackagesTestingImplementation RequestLowMedium[spacefm] add new packageIn Progress
Task Description

Add SpaceFM File Manager for Hyperbola

Aur Package: spacefm Debian Package: spacefm

PackagesAnyImplementation RequestLowLow[codecrypt] add new packageUnconfirmed
Task Description

This is a GnuPG-like unix program for encryption and signing that uses only quantum-computer-resistant algorithms:

  McEliece cryptosystem (compact QC-MDPC variant) for encryption
  Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures

Codecrypt is free software. The code is licensed under terms of LGPL3 in a good hope that it will make combinations with other tools easier.

Showing tasks 1 - 50 of 520 Page 1 of 111 - 2 - 3 - 4 - 5 - Last >>

Available keyboard shortcuts


Task Details

Task Editing