All Projects

ProjectCategoryTask TypePrioritySeveritySummaryStatusProgress  desc
PackagesStableBug ReportMediumHighopensmtpd: permission problemsIn Progress
0%
Task Description

Description:

cat msg | /usr/sbin/sendmail – sendmail: No such file or directorycannot create temporary file /var/spool/smtpd/offline/1572544775.XXXXIqNsFX

Additional info:
* package version: 6.4.2p1-1.hyperbola2.backports1

It is same problem as here:
https://github.com/OpenSMTPD/OpenSMTPD/issues/839

I could solve it with:

sudo chmod g+s /usr/sbin/smtpctl
sudo chmod g+s /usr/sbin/smtpctl

and then

sudo rc-service smtpd start

Even though I think I should not need to start it to use only sendmail.

PackagesStableFreedom IssueVery LowCritical[elementary-icon-theme] Contains non-FSDG compliant dis...Assigned
0%
Task Description

About that distro, Elementary OS is semi-libre/free, Ubuntu based, long term support, but does not comply with the GNU Free System Distributibution Guidelines (FSDG). To either rebrand or remove existing non-FSDG compliant distro icon files.

The following affected files are present in this list:

  • /usr/share/icons/elementary/places/16/distributor-logo.svg
  • /usr/share/icons/elementary/places/24/distributor-logo.svg
  • /usr/share/icons/elementary/places/32/distributor-logo.svg
  • /usr/share/icons/elementary/places/48/distributor-logo.svg
  • /usr/share/icons/elementary/places/64/distributor-logo.svg
  • /usr/share/icons/elementary/places/128/distributor-logo.svg
  • /usr/share/icons/elementary/places/symbolic/distributor-logo-symbolic.svg
PackagesStableBug ReportVery LowLow[autofs]: default configuration is /etc/auto.master ins...Unconfirmed
0%
Task Description

Description:

default configuration is /etc/auto.master instead of /etc/autofs/auto.master

admin→ sudo /usr/bin/automount -v -f -p /run/autofs.pid
Starting automounter version 5.1.2, master map /etc/auto.master
using kernel protocol version 5.02
lookup(file): file map /etc/auto.master missing or not readable
no mounts in table

PackagesAnyImplementation RequestVery LowLow[emacs-exwm] add packageAssigned
0%
Task Description

Some users use emacs as a tiling window manager. Please add EXWM[0]

[0]: https://github.com/ch11ng/exwm

PackagesStableDrop RequestVery LowCritical[osdbattery] Unmaintained and unsupportableUnconfirmed
0%
Task Description

osdbattery is (probably) useless and broken so Conky did compete because It is still unmaintained and unsupported over 14 years ago (last released version 1.4 on August 23, 2005), and should be removed per anti-abandonware rule at the packaging guidelines.

Also, the default config file contains non-libre/free Microsoft font Verdana as X11 font format property in font variable.

PackagesAnyImplementation RequestVery LowLow[SafeEyes] add new packageAssigned
0%
Task Description

Safe Eyes is a program to manage breaks in front of the computer. It has many features that help us adapt it to our needs.

PackagesStableImplementation RequestVery LowMedium[gcc] Renew to version 8 or 9, including multilibDeferred
0%
Task Description

As even the support for GCC 7 is now ending with the release of version 7.5 (https://gcc.gnu.org/ml/gcc/2019-11/msg00099.html) I’d like to propose a renewal of the building-stack - which I think is also needed in time. Also a renewal of the glibc would be good at all!

PackagesAnySecurity IssueMediumCritical[libjpeg-turbo] CVE-2019-2201Researching
0%
Task Description

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation

https://security-tracker.debian.org/tracker/CVE-2019-2201

Patch: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388

PackagesAnyUpdate RequestVery LowHigh[mpv] request for package bumpUnconfirmed
0%
Task Description

Hello,

Would it be possible to get a package bump for mpv ?

Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use.
0.29.* requires a ffmpeg to 4.x series as well.

Thanks.

PackagesStableImplementation RequestVery LowLow[codelite] Adding new packageUnconfirmed
0%
Task Description

The IDE codelite is an excellent development environment, continuously updated, has a clear vision and active support.
Would be nice to have this one within the repositories in upcoming releases, perhaps 0.5?

PackagesAnyFreedom IssueVery LowLow[gnome] Complete remval of desktop-environmentUnconfirmed
0%
Task Description

Description: As Gnome has decided against following libre, free principles the desktop-environment has becoming a risk for the privacy and freedom for users. Meaning that the desktop-environment with all basic packages should be removed. Of course the final decision is up to the community and the development-team. Followed up are more reasons for the insights:

* Bloated with questionable dependencies (including mandatory systemd)
* Using proprietary services as high risk for freedom and privacy for users (https://i.stack.imgur.com/yZcyV.png)
* Coming up with questionable and vague principles, against software-freedom in a whole (inclusion of flatpak and flathub as so-called standardization for distributions, discussions about proprietary software included within the software-center)

Additional info for packages:

gnome-backgrounds
gnome-calculator
gnome-contacts
gnome-control-center
gnome-dictionary
gnome-disk-utility
gnome-font-viewer
gnome-keyring
gnome-screenshot
gnome-session
gnome-settings-daemon
gnome-shell
gnome-shell-extensions
gnome-system-monitor
gnome-terminal
gnome-themes-standard
gnome-user-docs
gnome-user-share
grilo-plugins

PackagesAnySecurity IssueVery LowMediumDownload debian-fixes instead of relying on external so...Unconfirmed
0%
Task Description

It happened already with minetest and again with prosody: When trying to build own packages with makepkg there are patches downloaded from the Debian-project. But the given HTTP(S)-sources are no longer available, concrete example within prosody to be found: https://deb.debian.org/debian/pool/main/p/prosody/prosody_0.10.2-1~bpo9+1.debian.tar.xz (not available)

Please don’t rely on those external sources when creating PKGBUILD-files or just give users the possibility for a secure and granted download. Therefore I cannot build prosody on my own now!

PackagesAnyPrivacy IssueVery LowCritical[bleachbit] needs to be adapted to UXP applicationsAssigned
0%
Task Description

The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.

PackagesAnySecurity IssueVery LowCritical[unbound] Multiple CVEsAssigned
0%
Task Description

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/

[Critical] https://security-tracker.debian.org/tracker/CVE-2019-18934

PackagesStableBug ReportVery LowMediumlinphonec error (cli version)Unconfirmed
0%
Task Description

Description:
linphonec is unusable because a error produce a continuous log

Additional info:
linphone 3.11.1-1.hyperbola1

Steps to reproduce:
linphonec

Log:
linphonec> 2019-12-15 19:25:58:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:03:012 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:08:018 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:13:013 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:18:016 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:23:014 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:28:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:33:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:38:012 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:43:015 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:48:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:53:010 ortp-error-Error in connect: Network is unreachable

PackagesAnyBug ReportVery LowLowXenocara xbacklight bugUnconfirmed
0%
Task Description

When i try to set the brightness on my screen, with xbacklight -set 100,

it does this:

No outputs have backlight property

and it doesn’t really matter if I set it lower than 100 or what it currently is at.

Fix when you can please!

PackagesStableUpdate RequestVery LowLow[icewm] Upgrade package versionUnconfirmed
0%
Task Description

The current version of the package icewm within the Hyperbola-repositories is 1.3.8. The latest version is 1.6.3!
An update would be helpful as this window-manager follows absolutely the principles of the distribution Hyperbola itself, being simple and fast.

PackagesAnyBug ReportVery LowLowlightdm/lxdm bugUnconfirmed
0%
Task Description

It appears when I plug in my libreboot laptop x200 in, it appears to dim the screen and when its unplugged, the screen is bright again. Something peculiar is at work, I wondered if this could be fixed.

My assumption is it is related to lxdm or lightdm. Any thoughts?

I am currently using 0.4, so I don’t expect this to be a fast process, just when you get a chance okay?

PackagesStableBug ReportVery LowCritical[smartmontools] update-smart-drivedb fails to updateAssigned
0%
Task Description

smartmontools 6.5-1.hyperbola1

Error while trying to update smart-drivedb :

anon@test[~] update-smart-drivedb

External Link/usr/bin/update-smart-drivedb: download from branches/RELEASE_6_5_DRIVEDB failed (curl: exit 23) /usr/bin/update-smart-drivedb: download from trunk failed (curl: exit 23)

PackagesStableSecurity IssueVery LowCritical[lts-kernel][sec] filter /dev/mem access & restrict acc...Unconfirmed
0%
Task Description

These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

PackagesAnyFreedom IssueVery LowLow[hedgewars] Crash when starting a new singleplayer-camp...Unconfirmed
0%
Task Description

When trying to start a new campaign the complete game-engine is crashing with the following message:

Object::disconnect: Unexpected null parameter
QCoreApplication::postEvent: Unexpected null receiver

As ghc and fpc should be removed in the near future it would be good to validate this or otherwise remove the game-package itself also.

PackagesStableBug ReportVery LowLow[dhcpcd-ui] Adding icons from "Network-Manager Applet"Unconfirmed
0%
Task Description

When using the package for wireless connections no further icon is displayed without having the package [b]network-manager-applet[/b] installed.

PackagesAnySecurity IssueVery LowHigh[tigervnc] Multiple CVEResearching
0%
Task Description

https://www.openwall.com/lists/oss-security/2019/12/20/2

“This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side.”

PackagesAnySecurity IssueVery LowCritical[opensmtpd] CVE-2020-8794Unconfirmed
0%
Task Description

Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

Contents

Summary
Analysis
...
Acknowledgments

Summary

We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This
vulnerability, an out-of-bounds read introduced in December 2015 (commit
80c6a60c, “when peer outputs a multi-line response ...”), is exploitable
remotely and leads to the execution of arbitrary shell commands: either
as root, after May 2018 (commit a8e22235, “switch smtpd to new
grammar”); or as any non-root user, before May 2018.

Because this vulnerability resides in OpenSMTPD’s client-side code
(which delivers mail to remote SMTP servers), we must consider two
different scenarios:

- Client-side exploitation: This vulnerability is remotely exploitable

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

- Server-side exploitation: First, the attacker must connect to the

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

We developed a simple exploit for this vulnerability and successfully
tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the
first vulnerable release), Debian 10 (stable), Debian 11 (testing), and
Fedora 31.

The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”

PackagesAnyImplementation RequestVery LowMedium[chdkptp] please add package to control Canon camerasUnconfirmed
0%
Task Description

CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.

Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.

Code is available via svn:

$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp

Copy chdkptp.sh and config.mk files to source tree then compile via make. chdkptp requires root privileges to connect to a camera.

PackagesAnyImplementation RequestVery LowLow[chdkptp] please add package to reposUnconfirmed
0%
Task Description

CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.

Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.

Code is available via svn:

$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp

Copy chdkptp.sh and config.mk files to source tree then compile via make. Requires root privileges to connect to a camera.

PackagesStableSecurity IssueVery LowMedium[git] Multiple CVEsUnconfirmed
0%
Task Description

CVE-2020-5260 has been fixed very recently in Debian, so I thought I would apply this patch. However, I found out that security patches have not been applied for quite a while (I could account for at least 6 CVEs).

Considering that the version in Debian stretch (2.11.0) is the nearest version with security patches released by Debian and that git project oldest supported version is 2.17, I have used patches from Debian stretch to apply on 2.12.2 currently in Milky Way.

But I have the following error on check():

 |  *** prove ***
 |
 |  Test Summary Report
 |  -------------------
 |  t5570-git-daemon.sh                              (Wstat: 256 Tests: 20 Failed: 10)
 |    Failed tests:  3-7, 15-19
 |    Non-zero exit status: 1
 |  t5811-proto-disable-git.sh                       (Wstat: 256 Tests: 26 Failed: 16)
 |    Failed tests:  2-6, 9-11, 15-19, 21-23
 |    Non-zero exit status: 1
 |  Files=769, Tests=14137, 1101 wallclock secs ( 8.08 usr  1.12 sys + 144.48 cusr 63.42 csys = 217.10 CPU)
 |  Result: FAIL
 |  make[1]: *** [Makefile:45: prove] Error 1
 |  make[1]: Leaving directory '/build/git/src/git-2.12.2/t'
 |  make: *** [Makefile:2291: test] Error 2
 |  ==> ERROR: A failure occurred in check().
 |      Aborting...

This does not seem to be related to my change as the current version in Milky Way produces the same error (IOW the package currently in Milky Way is not rebuidable).

PackagesStableBug ReportVery LowCritical[gtk-2] Severe problems with GTK2-applicationsUnconfirmed
0%
Task Description

Description: Since the migration to xenocara there seems to be a bug with applications using GTK-2. From time to time there are crashes with assertion `!xcb_xlib_threads_sequence_lost’.

Looking into this a little bit more deep there are also other distributions affected and this is an upstream-bug. But the concrete situation is not that easy, while it could be also part of the library libX11 itself. Looking therefore here: https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1782984

Affected are for example LXDE in general, icedove, iceweasel and many more!

PackagesStableFreedom IssueVery LowCritical[keybase] Complete removal of toolUnconfirmed
0%
Task Description

There is only the source code of the client available and since years nothing more happened. With keybase joining “Zoom” nothing more seems to happen. Look also here in the forum: https://forums.hyperbola.info/viewtopic.php?id=368

PackagesAnyUpdate RequestMediumHigh[php] is out of date/supportUnconfirmed
0%
Task Description

Description:

From official PHP page, our php 7.1 is out of support and security

Our package :
https://www.hyperbola.info/packages/extra/x86_64/php/

PHP page :
https://www.php.net/supported-versions.php

PackagesAnyFreedom IssueVery LowHighSynergy en teclado en español no tiene tildes ni ñUnconfirmed
0%
Task Description

Description:
Share a single mouse and keyboard between multiple computers, with libressl and OpenRC support

Issue:
Synergy no es capas de trasmitir tildes ni eñes y demás caracteres del español españa

Additional info:
* package version(s): community/synergy 1.8.8-2.hyperbola1
* config and/or log files etc.

Steps to reproduce:
instalarar synergy en 2 PCs con hyperbola 0.3, he intentar escribir tildes, no funcionará...

PackagesAnyFeature RequestDeferLow[php-imagick] add packageUnconfirmed
0%
Task Description

php-imagick is an optdepends for many PHP webapps like Nextcloud and Wordpress, would be good to have itin Hyperbola, Arch added it last year

PackagesAnySecurity IssueVery HighCritical[grub2] UEFI SecureBoot vulnerability + multiple flaws ...Unconfirmed
0%
Task Description

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/

https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now

PackagesAnyBackport RequestVery LowLow elogind packageUnconfirmed
0%
Task Description

Description:
Was wondering if there is any issue in terms of freedom andor privacy for the inclusion of elogind? Feedback will be apreciated Cheers.

this was recently implemented in gentoo.

source:
https://libregit.org/i3_relativism/elogind

references:
https://blogs.gentoo.org/leio/2019/03/26/gnome-3-30/#comment-9555 https://forums.gentoo.org/viewtopic-t-1094796.html

contact gentoo developer for help in implementation:
https://wiki.gentoo.org/wiki/User:Leio/TODO

PackagesAnySecurity IssueVery LowMediummount.davfs: unknown file system davfs due to paths cha...Unconfirmed
0%
Task Description

This is same issue as on:
https://bugzilla.redhat.com/show_bug.cgi?id=1151273

The paths changed and trying to mount davfs file system defined in /etc/fstab fails with error: unknown file system davfs

To remedy, I made symlink in /sbin to mount.davfs

The transition of paths had to take that in account as many mounted remote disks failed after upgrade.

PackagesStableBug ReportVery LowMediumUntrsuted gpg keyUnconfirmed
0%
Task Description

Description:
There is an issue with Christian Rebischke key, i’ve tried to delete /etc/pacman.d/gnupg/ and repopulate it but it doesn’t fix the issue.

error: ascii: signature from “Christian Rebischke (Arch Linux Security Team-Member) Chris.Rebischke@archlinux.org” is unknown trust
File /var/cache/pacman/pkg/ascii-3.15-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

Steps to reproduce:

sudo pacman -S ascii

InstallationGeneralFeature RequestVery LowLow[calamares] add graphical installer with FDE supportResearching
0%
Task Description

Package Request: https://github.com/calamares/calamares

Original Bug Report:
— I would also like to test the beta isos when they are ready through qemu. If it looks good I plan to fully install them onto my laptop. My libreboot x200.

I don’t know if I should make a separate feature for this, but xfce is a good stable desktop environment for such a choice. that and lxde.

Though lxde is going to die...

InstallationGeneralImplementation RequestVery LowLowTo make installation instructions and get use of live I...Unconfirmed
0%
Task Description

I have installed multiple times Hyperbola, 4 times on 4 different notebooks.

What I have noticed is that the live ISO is quite huge in relation to the task that should be done. Namely. the live ISO shall at least contain some first packages, so that they do not need to be downloaded online.

Best would be if the live ISO can be copied straight and that system can run from ISO/DVD without having Internet. At least one simple graphical environment shall be included.

Further, I have noticed that there is only network instructions as HTML file.

I would rather call it installation-instructions.html to make it clear for people what it is. Or simply: INSTALL.html so that people understand what it is.

It says just network.html if I remember well.

Then there is absolutely no point or link or reference to the installation instructions.

Each time I got a network I had to go to either duckduckgo search engine or to hyperbola.info website and then I tried with lynx to find installation instructions.

It is not straight, not quite clearly in open, it is in Wiki, but that is quite hard to find.

We have to put ourselves in the shoes of those in need of free software. Millions of people need free software.

Many of us live in a developed western countries.

Yet millions of people in need of this software live in South America, Africa, Asia, Eastern Europe.

There are millions of students that could advance their study, and that could progress faster with free software.

In those countries Internet is often non-existent, universities may be located in poor network areas, Internet is being fetched by using mobile phones.

So if there is a live distribution, such shall at least contain basic software, which really can fit onto any DVD, and that as such can be copied on the computer without using Internet. Upgrades could be fetched by using Internet.

And there shall be clear reference, link or file about installation. There shall be no need to go to Internet to install the software.

InstallationGeneralFeature RequestVery LowLow[FAQ]Please note that not all RAR archives are supporte...Unconfirmed
0%
Task Description

I tried to extract a RAR v5 archive using unar that works fine when using the non-free unrar.

Here is the log (with the file name altered)

$ unar file.part1.rar
file.part1.rar: RAR 5

file.mp4  (-2144860915 B)... Failed! (Attempted to read more data than was available)

Extraction to current directory failed! (1 file failed.)

Please add in the FAQ that newer RAR archives (version 5) may not work when using unar.

InstallationGeneralFreedom IssueVery LowHigh[openbox] provides nonfree software support in the menuUnconfirmed
0%
Task Description

my recommended fix, make it reflect the applications that are actually installed on the system after removing non-free software support.

InstallationGeneralFreedom IssueVery LowLow[jwm] provides nonfree software support in the menu Unconfirmed
0%
Task Description

my recommended fix, make it reflect the applications that are actually installed on the system after removing non-free software support.

InstallationGeneralFreedom IssueVery LowHighFS#1445 - [fluxbox] provides nonfree software support i...Unconfirmed
0%
Task Description

recommended fix, remove non-free software entries in menu and replace them with applications that actually exist.

Showing tasks 451 - 492 of 492 Page 10 of 10<<First - 6 - 7 - 8 - 9 - 10

Available keyboard shortcuts

Tasklist

Task Details

Task Editing