All Projects

Description:

community/webfs 1.21-13
    Simple and instant http server for mostly static content.

Description is vague because of the word “content”. Why not simply say “files” instead and be more specific.

Even empty files without data inside can be served.

See:
https://www.gnu.org/philosophy/words-to-avoid.html#Content

Description:

community/openstreetmap-map-icons-svn 31588-1 [installed]
    A set of public domain licensed map icons for general OSM use

It is questionable if it is “Licensed” or dedicated.

See the file:
/usr/share/licenses/openstreetmap-map-icons/svg-twotone/LICENSE.txt

it does not matter if the file is named “LICENSE”, it could be also named anyhow else.

There must be reason why the organization Creative Commons is not using the word “License” in that text, and that is why I propose to simply say in description:

    A set of public domain map icons for general OSM use

community/autoconf-archive 1:2017.03.21-1
    A collection of freely re-usable Autoconf macros

See:
https://www.gnu.org/philosophy/words-to-avoid.html#FreelyAvailable

Don’t use “freely available software” as a synonym for “free software.” The terms are not equivalent. Software is “freely available” if anyone can easily get a copy. “Free software” is defined in terms of the freedom of users that have a copy of it. These are answers to different questions.

community/python-biopython 1.69-1
    Freely available Python tools for computational molecular biology

See:
https://www.gnu.org/philosophy/words-to-avoid.html#FreelyAvailable

Don’t use “freely available software” as a synonym for “free software.” The terms are not equivalent. Software is “freely available” if anyone can easily get a copy. “Free software” is defined in terms of the freedom of users that have a copy of it. These are answers to different questions.

community/python2-biopython 1.69-1
    Freely available Python tools for computational molecular biology

See:
https://www.gnu.org/philosophy/words-to-avoid.html#FreelyAvailable

Don’t use “freely available software” as a synonym for “free software.” The terms are not equivalent. Software is “freely available” if anyone can easily get a copy. “Free software” is defined in terms of the freedom of users that have a copy of it. These are answers to different questions.

Description:

community/man-pages-de 1.22-1
     German Linux man pages

See:
https://www.gnu.org/philosophy/words-to-avoid.html#Linux

Description:

community/man-pages-ru 4.08_2329_2272_20170321-2
     Russian Linux man pages

See:
https://www.gnu.org/philosophy/words-to-avoid.html#Linux

Description:

community/man-pages-zh_cn 1.6.3.1-1
     Simplified Chinese Linux man pages

See:
https://www.gnu.org/philosophy/words-to-avoid.html#Linux

Description:

community/man-pages-zh_tw 1.6.3.1-1
     Traditional Chinese Linux man pages

See:
https://www.gnu.org/philosophy/words-to-avoid.html#Linux

Rebuilt version (using PKGBUILD from Arch) works fine. Same is true for lxmusic-gtk3 (which the PKGBUILD also builds).

https://git.archlinux.org/svntogit/community.git/tree/trunk?h=packages/lxmusic

Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919

Description:
From the author’s webpage gksu has been replaced.

Additional info:
* package version(s) : extra/gksu 2.0.2-5

http://www.nongnu.org/gksu/

Description: Per a user request and to better secure the kernel, we can embed the cryptsetup and ciphers in the kernel. This would mean rather than exposed modules, they are built-in to the kernel and ready to use even without an intramfs.

To be embedded: ciphers aes, twofish, serpent; sha256, sha512 - and the necessary modules (don’t forget the block modes xts, lvm and cryptsetup ...)

Additionally, we could include USB Guard and any other features that meet our social contract and security outlook.

Description:
notmuch-mutt fails to compile without perl-mail-message which is missing in Hyperbola

Steps to reproduce:
Install notmuch-mutt and try `notmuch-mutt` at the command line. Then install `perl-mail-message` from Arch and try again.

The Arch version of “supervisor” from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the a global ruleset for INIT-freedom, systemd unit files removal is required and adding support for other init-systems (preferred OpenRC for now) to replace it.

Description:

cat msg | /usr/sbin/sendmail – sendmail: No such file or directorycannot create temporary file /var/spool/smtpd/offline/1572544775.XXXXIqNsFX

Additional info:
* package version: 6.4.2p1-1.hyperbola2.backports1

It is same problem as here:
https://github.com/OpenSMTPD/OpenSMTPD/issues/839

I could solve it with:

sudo chmod g+s /usr/sbin/smtpctl
sudo chmod g+s /usr/sbin/smtpctl

and then

sudo rc-service smtpd start

Even though I think I should not need to start it to use only sendmail.

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation

https://security-tracker.debian.org/tracker/CVE-2019-2201

Patch: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388

Description:

From official PHP page, our php 7.1 is out of support and security

Our package :
https://www.hyperbola.info/packages/extra/x86_64/php/

PHP page :
https://www.php.net/supported-versions.php

Some forum display errors:

1. preview button with the orange border.

1. Error message when logging in gray color making it difficult to read

Cannot mix incompatible Qt library (version 0×50800) with this library (version 0×50904)
Aborted

./Nextcloud-2.3.3-x86_64.AppImage: /usr/lib/libQt5Core.so.5: version `Qt_5.9’ not found (required by /tmp/.mount_NextclpprMnG/usr/bin/../lib/libqt5keychain.so.1

These two packages are directly affected by an older qt5...

Could you update all the qt packages to the LTS version available?

Develop HyperBK (Hyper Berkeley Kernel), a BSD descendant kernel with GPL-compatible licenses preserved, non-compatible ones removed, and new code written under GPL-3 for HyperbolaBSD.

TODO:

• Download OpenBSD kernel source code from OpenBSD site → DONE

• Download LibertyBSD scripts to deblob and rebrand kernel from their scripts. → DONE

• Create a new project in Hyperbola Git called hyperbk. → DONE

• Push source to HyperBK’s project. → DONE

• Rebrand OpenBSD kernel to HyperbolaBSD with LibertyBSD scripts. → DONE

• Rebrand entire code (functions, variable, pointers, etc) under HyperbolaBSD → DONE

• Remove files under non GPL-compatible licenses → DONE

• Import code from another BSD systems under GPL-compatible licenses → IN PROGRESS

• Remove remaining nonfree files don't found from LibertyBSD scripts → IN PROGRESS

• Write new code under GPL-3 → IN PROGRESS

• Package HyperBK for HyperbolaBSD.

PATCHING NOTE

When the check concerns kernel, we obviously want to match with HyperbolaBSD.

Example of triplet check:	hyperbolabsd)
Example of uname -s check:	HyperbolaBSD)
Example of uname -r check:	0.1)
Example of C macro check:	defined(__HyperbolaBSD__)

Description:

• The Arch version of Sage-notebook from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required. OpenRC init script replacement isn’t possible here because Sage-notebook is using a systemd unit file adapted for users instead of system users.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : sage-notebook
Version         : 0.13-4
Description     : Browser-based notebook interface for SageMath
Architecture    : any
URL             : http://www.sagemath.org
Licenses        : GPL3
Groups          : None
Provides        : None
Depends On      : sagemath  python2-twisted  python2-flask-oldsessions  python2-flask-openid  python2-flask-autoindex  python2-flask-babel  mathjax
Optional Deps   : python2-pyopenssl: to use the notebook in secure mode
Conflicts With  : None
Replaces        : None
Download Size   : 1625.00 KiB
Installed Size  : 9154.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Thu 04 May 2017 06:12:28 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/user/sage.service is owned by sage-notebook 0.13-4

Steps to reproduce:

• Install package.

Avahi is a zero-configuration networking implementation that contains critical security issues because mDNS operates under a different trust model than unicast DNS trusting the entire network rather than a designated DNS server, it is vulnerable to spoofing attacks by any system within the multicast IP range. Like SNMP and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines. [0]

Since it violates the Hyperbola Social Contract , Avahi should be blacklisted.

Description:

• The Arch version of Erlang (headless version) from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : erlang-nox
Version         : 19.3-3
Description     : General-purpose concurrent functional programming language developed by Ericsson (headless version)
Architecture    : x86_64
URL             : http://www.erlang.org/
Licenses        : Apache
Groups          : None
Provides        : None
Depends On      : ncurses  openssl
Optional Deps   : erlang-unixodbc: database support
                  java-environment: for Java support
                  lksctp-tools: for SCTP support
Conflicts With  : erlang
Replaces        : None
Download Size   : 39.01 MiB
Installed Size  : 106.73 MiB
Packager        : Jan de Groot <jgc@archlinux.org>
Build Date      : Fri 28 Apr 2017 08:44:33 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/epmd.service is owned by erlang-nox 19.3-3
/usr/lib/systemd/system/epmd.socket is owned by erlang-nox 19.3-3

Steps to reproduce:

• Install package.

Description:

• The Arch version of Motion from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : motion
Version         : 4.0.1-2
Description     : A software motion detector which grabs images from video4linux devices and/or from webcams
Architecture    : x86_64
URL             : http://www.lavrsen.dk/foswiki/bin/view/Motion/WebHome
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : libjpeg  v4l-utils  ffmpeg
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 235.61 KiB
Installed Size  : 923.00 KiB
Packager        : Sergej Pupykin <pupykin.s+arch@gmail.com>
Build Date      : Mon 14 Nov 2016 02:17:55 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/motion.service is owned by motion 4.0.1-2

Steps to reproduce:

• Install package.

Description:

• The Arch version of tinc from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : tinc
Version         : 1.0.31-2
Description     : VPN (Virtual Private Network) daemon
Architecture    : x86_64
URL             : http://www.tinc-vpn.org/
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : lzo  openssl  zlib
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 107.42 KiB
Installed Size  : 194.00 KiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Mon 13 Mar 2017 01:06:11 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/tinc.service is owned by tinc 1.0.31-2
/usr/lib/systemd/system/tinc@.service is owned by tinc 1.0.31-2

Steps to reproduce:

• Install package.

Description:

The Arch version of tinc from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repositorio               : community
Nombre                    : netdata
Versión                   : 1.6.0-3
Descripción               : Real-time performance monitoring, in the greatest possible detail, over the web.
Arquitectura              : x86_64
URL                       : https://github.com/firehol/netdata/wiki
Licencias                 : GPL
Grupos                    : Nada
Provee                    : Nada
Depende de                : libmnl  libnetfilter_acct  zlib
Dependencias opcionales   : nodejs: Webbox plugin
                            lm_sensors: sensors module
En conflicto con          : Nada
Remplaza a                : Nada
Tamaño de la descarga     : 1778,98 KiB
Tamaño de la instalación  : 6515,00 KiB
Encargado                 : Sven-Hendrik Haase <sh@lutzhaase.com>
Fecha de creación         : dom 23 abr 2017 16:24:38 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

community/netdata	/usr/lib/systemd/
community/netdata	/usr/lib/systemd/system/
community/netdata	/usr/lib/systemd/system/netdata.service

Steps to reproduce:

• Install package

Description:

Since Hyperbola follows the Init Freedom Campaign, systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)

community/backuppc 4.1.2-1 [installed]

   Enterprise-grade system for backing up Linux, Windows and MacOS PCs

* config and/or log files etc.

Additional info:

Steps to reproduce: install it

Since Hyperbola follows the Init Freedom Campaign, systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)

extra/gpsd 3.16-3 [installed]

   GPS daemon and library to support USB/serial GPS devices

* config and/or log files etc.

Additional info:

Steps to reproduce: install it

Description:

Hiawatha contains only systemd files.

It shall be removed and openrc shall be provided

Description:

• needs OpenRC init script

Additional info:

• onioncat 0.2.2.r578-1

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd file

Additional info:

• umurmur 0.2.16_a-6

umurmur /usr/lib/systemd/system/umurmur.service

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd files

Additional info:

• prosody 1:0.10.r7198+.2fd20f372cb1+-2

prosody /usr/lib/systemd/system/prosody.service
prosody /usr/lib/sysusers.d/prosody.conf
prosody /usr/lib/tmpfiles.d/prosody.conf

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd files

Additional info:

• unrealircd 4.0.11-2

unrealircd /usr/lib/systemd/system/unrealircd.service
unrealircd /usr/lib/tmpfiles.d/unrealircd.conf

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd file

Additional info:

• mcelog 1:148-1

mcelog /usr/lib/systemd/system/mcelog.service

Steps to reproduce:

• none

Description:

• needs OpenRC init script (bzr serve), like [git] (git-daemon) and [subversion] (svnserve)

Additional info:

• bzr 2.7.0-2

Note: needs a provide: bazaar

Steps to reproduce:

• none

Description:

• needs OpenRC init scripts (hg serve and chg server), like [git] (git-daemon) and [subversion] (svnserve)

Additional info:

• mercurial 4.2-1

Note: needs a provide: hg

Steps to reproduce:

• none

Description:

• Add new a Murmur package capable of working without a graphical user interface. It’s common on servers and embedded devices that requires only interfaces like network (eg. SSH) or serial port to handle services.

Additional info:

• based on murmur 1.2.19-5

Steps to reproduce:

• none

Description:

• Add an Asterisk package capable of working without a graphical user interface. It’s common on servers and embedded devices that requires only interfaces like network (eg. SSH) or serial port to handle services.

Additional info:

• based on asterisk 14.4.0-1

Steps to reproduce:

• none

Description:

• add new package

Additional info:

• https://github.com/coturn/coturn

Steps to reproduce:

• none

Description:

• add GNU MediaGoblin package

Additional info:

• none

Steps to reproduce:

• none

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and the Power9-based Talos II promises to be a great architecture example for workstations and servers environments where Hyperbola is focused since is a fully free long-term support distribution.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the POWER architecture (power64le).

NOTE: POWER porting is focused only for Hyperbola GNU/Linux-libre .

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and ARM A7/A53 promises to be a great architecture example for low-power computers, laptops and embedded systems.

NOTE: ARM porting is focused only for HyperbolaBSD .

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/

https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now