All Projects

ProjectCategoryTask Type  ascPrioritySeveritySummaryStatusProgress
Software DevelopmentGeneralImplementation RequestVery LowLowARMv7 (armv7h) portingUnconfirmed
Task Description

I know you have misgivings about that arm laptop, I mentioned, and arm as a whole, but people will be buying it no doubt.

I think you won’t stop that from happening whether you support it or not. the same is said with other arm laptops such as the MNT Reform Laptop and even the chromebook c201 asus which is questionable but can be run with mostly free software, except for 3D and wifi. (use wifi adapter)

Those are just a few arm laptops that need your support. You may know of others, but yeah, I want you to support as many of the ones that can run mostly on free software, as possible.

But yeah, we don’t know when two of those are coming out, so I understand completely if you want to wait till a more opportune time. But yeah, when you find a chance in the future to support them, please do so.

PackagesAnyImplementation RequestVery LowLow[qarte] add packageUnconfirmed
Task Description

Request for :


“Allow you to browse into the archive of arte+7 & arteLiveWeb sites and to record your prefered videos.”

License : GPL3

Software DevelopmentUXP applicationsImplementation RequestVery LowVery Lowa libre version of Navigator, Unconfirmed
Task Description

unlike Navigator though, it needs two things: compatibility with seamonkey addons, (the ones that effect web browsing, not the mail email parts)

and to be based off of the latest version of seamonkey, only obviously just the navigator part. I understand this might be hard to implement now, so I can wait if need be, Just thought I would show this to you.

PS, if you ever make HyperBK, port it to that too, but until then, just the os that I mentioned.

Also, last thing, any seamonkey addons that I have already asked for seamonkey, again that aren’t email/mail based, implement them for this too. :)

I will put the severity at very low if that’s okay, just until you have actual time/whatever...

Let me know if this is even remotely possible with this build.

PackagesAnyPrivacy IssueHighCritical[deepin-desktop-base] Check for CNZZ SpywareIn Progress
Task Description

As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore.

We also shouldn’t use the AppStore if it exists, due to non-free apps.

Known files:
> usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service
> etc/appstore.json

PackagesAnyPrivacy IssueVery LowMedium[avahi] avahi publishes the hostname by defaultUnconfirmed
Task Description

By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.

PackagesAnyPrivacy IssueVery LowLow[purple-plugin-pack] Provides Napster support which is ...Unconfirmed
Task Description

purple-plugin-pack provides access to Napster which is only useful with a single company and sever (as far as I could tell).

PackagesAnyPrivacy IssueVery LowLow[github] check github-related packagesResearching
Task Description

We should check if the following packages run any non-free JS (like youtube-dl) or access a proprietary API:

- hub
- python-pygithub
- python2-pygithub

I haven’t check them, but they look fishy. Take it as a reminder, this is far from being urgent IMO.

PackagesAnyReplace RequestDeferCritical[bzr] replace deprecated GNU Bazaar to BrezyDeferred
Task Description


  • replace deprecated GNU Bazaar to Brezy for Canis Major

Additional info:

Note: It needs a provide: bazaar and brezy

Steps to reproduce:

  • broken package
PackagesAnyReplace RequestDeferCritical[python2] replace deprecated Python 2 to TauthonDeferred
Task Description


  • replace deprecated Python 2 to Tauthon for Canis Major

Additional info:

Steps to reproduce:

  • Broken python2 packages.
PackagesStableReplace RequestVery LowCriticalPackage spamassassin includes dependencies for systemdUnconfirmed
Task Description

Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 3.4.1-7

PackagesStableReplace RequestVery LowCriticalPackage opendkim includes dependencies for systemdUnconfirmed
Task Description

Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 2.10.3-4

PackagesStableReplace RequestVery LowMediumPackage ossp has got systemd dependenciesUnconfirmed
Task Description

Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!

Additional info:
* package version(s) 1.3.2-15

PackagesAnyReplace RequestLowLow[appmenu-qt4] replace with appmenu-qt (qt5)Deferred
Task Description

“appmenu-qt4”[0][2] is a deprecated package (release in 2012)[1] and use qt4 unsupported/non-lts software[3], but “appmenu-qt5” not contains any release source code[2]

$ pacman -Si appmenu-qt4
Repository : community
Name : appmenu-qt4
Version : 0.2.6-1
Description : Export Qt4 applications menus over D-Bus
Architecture : x86_64
URL : Licenses : GPL Groups : None
Provides : None
Depends On : libdbusmenu-qt4
Optional Deps : None
Conflicts With : appmenu-qt
Replaces : appmenu-qt
Download Size : 16.55 KiB
Installed Size : 48.00 KiB
Packager : Antonio Rojas Build Date : Tue 28 Feb 2017 05:59:31 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]: (qt4)
[1]: [2]: [3]:

PackagesAnySecurity IssueVery HighCritical[openssh] CVE-2018-15919Researching
Task Description

Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’

PackagesAnySecurity IssueVery LowCritical[octopi] requires suUnconfirmed
Task Description

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

PackagesAnySecurity IssueHighCritical[octopi] uploads system logs to without confirm...In Progress
Task Description

Octopi 0.9.0 is uploading system logs to without confirmation through :

→ SysInfo →

I think it should be either disabled or add at least a patch to ask for a confirmation.
An other way could be to patch this :

240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@-", tempFile->fileName());
256:  return ptpb;

to :

240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **", tempFile->fileName());
256:  return ptpb;

This way, you can at least ask for log deletion with the help of log uuid as explained here :

PackagesAnySecurity IssueVery HighCritical[libssh] CVE-2018-10933Researching
Task Description

libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authentciate
without any credentials.

Additional info:
* package version(s) : extra/libssh 0.7.5-1


PackagesAnySecurity IssueVery LowCritical[dokuwiki] CVEsUnconfirmed
Task Description

Our current dokuwiki 20170219_b-1 has two serious CVE.

Error message attached after the first installation

PackagesAnySecurity IssueVery LowCritical[tcpreplay] CVEsUnconfirmed
Task Description

A huge number of CVEs have been fixed on 4.3.1 :


Current Hyperbola version is 4.2.6

PackagesAnySecurity IssueMediumMedium[cinepaint] unmaintained and unsupportableIn Progress
Task Description

Remove “cinepaint” package since it’s unmaintained and unsupportable. Also, it doesn’t contains any file format support in the latest version (previous version supported multiple file formats).

I suggest use Krita (or Gimp 2.10) to edit 16bit and 32bit file formats or convert with imagemagick/graphicsmagick.

$ pacman -Si cinepaint
Repository      : community
Name            : cinepaint
Version         : 1:1.0.4-5
Description     : Sophisticated graphics manipulation programm supporting > 8bit pictures
Architecture    : x86_64
URL             :
Licenses        : LGPL  GPL  MIT
Groups          : None
Provides        : None
Depends On      : gtk2  openexr  lcms  libxpm  fltk  ftgl  libxxf86vm
Optional Deps   : python2: for python plug-ins
                  gutenprint: for print plug-ins
                  ghostscript: for pdf plug-ins
Conflicts With  : None
Replaces        : None
Download Size   : 3.75 MiB
Installed Size  : 13.91 MiB
Packager        : Christian Hesse <>
Build Date      : Thu 28 Apr 2016 05:17:05 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnySecurity IssueVery LowMedium[patch] CVE-2018-6951 - NULL pointer DoSUnconfirmed
Task Description

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.

PackagesAnySecurity IssueVery LowMedium[qemu] Multiple CVEUnconfirmed
Task Description

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem
manipulation in Media Transfer Protocol (MTP)

Patches included at above URLs.

PackagesStableUpdate RequestHighHigh[qt5] upgrade Qt project to the 5.6 LTS version, requir...Deferred
Task Description

Cannot mix incompatible Qt library (version 0×50800) with this library (version 0×50904)

./Nextcloud-2.3.3-x86_64.AppImage: /usr/lib/ version `Qt_5.9’ not found (required by /tmp/.mount_NextclpprMnG/usr/bin/../lib/

These two packages are directly affected by an older qt5...

Could you update all the qt packages to the LTS version available?

PackagesAnyUpdate RequestMediumHighMake Knock patch for Linux-libre 4.14 LTSUnconfirmed
Task Description

The Knock patches for linux-libre maintained by you at have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x

However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x

This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.

Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do.

PackagesAnyUpdate RequestVery LowHighufw update/ufw bugUnconfirmed
Task Description

There appears to be a bug with the current version of ufw, 0.35-2

Dunno if updating it would fix it, but it is kind of annoying and possibly security issue.

it says ufw is inactive when I reboot despite it being installed in the runlevel.

PackagesAnyUpdate RequestVery LowHigh[proj]: please update to latest versionUnconfirmed
Task Description


This package have valuable geodetic applications, and I intend to present Hyperbola GNU/Linux-libre soon in universities and schools in East Africa.

The coordinate system there is not WGS84 and this package only in new version is providing the conversion from East African geographic coordinates to WGS84, and will be very usable in many industrial and private applications.

PackagesAnyUpdate RequestMediumMedium[cups] update requestAssigned
Task Description

New versión v2.2.7


PackagesStableUpdate RequestVery LowMedium[xfe] update package to 1.43.1Researching
Task Description

In the latest version fixes several minor bugs and search file function issue[1].

[1]: (see 1.43 and 1.43.1 in the news section)

PackagesStableUpdate RequestVery LowMedium[grafx2] update package to 2.6Unconfirmed
Task Description

In the latest version was released on 11th of January 2019, with several new features, improvements and fixes[1].

[1]: (see version 2.6 for more details in update log)

Showing tasks 601 - 629 of 629 Page 13 of 13<<First - 9 - 10 - 11 - 12 - 13

Available keyboard shortcuts


Task Details

Task Editing