All Projects

ProjectCategoryTask TypePriority  descSeveritySummaryStatusProgress
PackagesAnySecurity IssueVery LowMedium[qemu] Multiple CVEUnconfirmed
0%
Task Description

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug
https://www.openwall.com/lists/oss-security/2018/12/13/4

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem
manipulation in Media Transfer Protocol (MTP)
https://www.openwall.com/lists/oss-security/2018/12/13/11

Patches included at above URLs.

PackagesAnySecurity IssueVery LowMediumDownload debian-fixes instead of relying on external so...Unconfirmed
0%
Task Description

It happened already with minetest and again with prosody: When trying to build own packages with makepkg there are patches downloaded from the Debian-project. But the given HTTP(S)-sources are no longer available, concrete example within prosody to be found: https://deb.debian.org/debian/pool/main/p/prosody/prosody_0.10.2-1~bpo9+1.debian.tar.xz (not available)

Please don’t rely on those external sources when creating PKGBUILD-files or just give users the possibility for a secure and granted download. Therefore I cannot build prosody on my own now!

PackagesAnySecurity IssueVery LowCritical[unbound] Multiple CVEsAssigned
0%
Task Description

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/

[Critical] https://security-tracker.debian.org/tracker/CVE-2019-18934

PackagesStableSecurity IssueVery LowCritical[lts-kernel][sec] filter /dev/mem access & restrict acc...Unconfirmed
0%
Task Description

These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

PackagesAnySecurity IssueVery LowHigh[tigervnc] Multiple CVEResearching
0%
Task Description

https://www.openwall.com/lists/oss-security/2019/12/20/2

“This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side.”

PackagesAnySecurity IssueVery LowCritical[opensmtpd] CVE-2020-8794Unconfirmed
0%
Task Description

Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

Contents

Summary
Analysis
...
Acknowledgments

Summary

We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This
vulnerability, an out-of-bounds read introduced in December 2015 (commit
80c6a60c, “when peer outputs a multi-line response ...”), is exploitable
remotely and leads to the execution of arbitrary shell commands: either
as root, after May 2018 (commit a8e22235, “switch smtpd to new
grammar”); or as any non-root user, before May 2018.

Because this vulnerability resides in OpenSMTPD’s client-side code
(which delivers mail to remote SMTP servers), we must consider two
different scenarios:

- Client-side exploitation: This vulnerability is remotely exploitable

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

- Server-side exploitation: First, the attacker must connect to the

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

We developed a simple exploit for this vulnerability and successfully
tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the
first vulnerable release), Debian 10 (stable), Debian 11 (testing), and
Fedora 31.

The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”

PackagesStableSecurity IssueVery LowMedium[git] Multiple CVEsUnconfirmed
0%
Task Description

CVE-2020-5260 has been fixed very recently in Debian, so I thought I would apply this patch. However, I found out that security patches have not been applied for quite a while (I could account for at least 6 CVEs).

Considering that the version in Debian stretch (2.11.0) is the nearest version with security patches released by Debian and that git project oldest supported version is 2.17, I have used patches from Debian stretch to apply on 2.12.2 currently in Milky Way.

But I have the following error on check():

 |  *** prove ***
 |
 |  Test Summary Report
 |  -------------------
 |  t5570-git-daemon.sh                              (Wstat: 256 Tests: 20 Failed: 10)
 |    Failed tests:  3-7, 15-19
 |    Non-zero exit status: 1
 |  t5811-proto-disable-git.sh                       (Wstat: 256 Tests: 26 Failed: 16)
 |    Failed tests:  2-6, 9-11, 15-19, 21-23
 |    Non-zero exit status: 1
 |  Files=769, Tests=14137, 1101 wallclock secs ( 8.08 usr  1.12 sys + 144.48 cusr 63.42 csys = 217.10 CPU)
 |  Result: FAIL
 |  make[1]: *** [Makefile:45: prove] Error 1
 |  make[1]: Leaving directory '/build/git/src/git-2.12.2/t'
 |  make: *** [Makefile:2291: test] Error 2
 |  ==> ERROR: A failure occurred in check().
 |      Aborting...

This does not seem to be related to my change as the current version in Milky Way produces the same error (IOW the package currently in Milky Way is not rebuidable).

ServicesFlyspray IssueSecurity IssueVery LowLowAfter account confirmation, crypt: No salt parameter wa...Unconfirmed
0%
Task Description

After confirming the newly created account (typing the confirmation code, the passwoard and its confirmation, and clicking the button to continue), the following error appears:

  Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /srv/http/flyspray/includes/class.flyspray.php on line 656 

The account login seems to work normaly.

PackagesAnySecurity IssueVery LowMediummount.davfs: unknown file system davfs due to paths cha...Unconfirmed
0%
Task Description

This is same issue as on:
https://bugzilla.redhat.com/show_bug.cgi?id=1151273

The paths changed and trying to mount davfs file system defined in /etc/fstab fails with error: unknown file system davfs

To remedy, I made symlink in /sbin to mount.davfs

The transition of paths had to take that in account as many mounted remote disks failed after upgrade.

PackagesStableReplace RequestVery LowMediumPackage ossp has got systemd dependenciesUnconfirmed
0%
Task Description

Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!

Additional info:
* package version(s) 1.3.2-15

PackagesTestingReplace RequestVery LowMedium replace request: NetworkManager with wpa_cuteUnconfirmed
0%
Task Description

https://github.com/loh-tar/wpa-cute/releases

I know there are plans to remove NetworkManager. I wondered if we could replace it in 0.4 with Wpa_Cute. seen in the above link.

I haven’t been able to compile it, but it has been updated as recent as 2018 december (stable)

or 2019 january. :)

WPA_GUI doesn’t seem to work well for me, it runs into weird errors when I start it. Long story short, I run into this issue with wpa_supplicant when i do it manually:

https://wiki.archlinux.org/index.php/Wpa_supplicant:

Password-related problems

wpa_supplicant may not work properly if directly passed via stdin particularly long or complex passphrases which include special characters. This may lead to errors such as failed 4-way WPA handshake, PSK may be wrong when launching wpa_supplicant.

In order to solve this try using here strings wpa_passphrase <MYSSID> «< “<passphrase>” or passing a file to the -c flag instead:

# wpa_supplicant -i <interface> -c /etc/wpa_supplicant/example.conf

In some instances it was found that storing the passphrase cleartext in the psk key of the wpa_supplicant.conf network block gave positive results (see [2]). However, this approach is rather insecure. Using wpa_cli to create this file instead of manually writing it gives the best results most of the time and therefore is the recommended way to proceed.
Problems with eduroam and other MSCHAPv2 connections

This is my issue with wpa_supplicant sadly... and I do not know how to workaround that without a GUI.

but Wpa_Supplicant_gui does not fix it either, it doesn’t even load properly on my other laptop.

It says it cannot get the status of wpa_supplicant when I load it.

This could be an issue if you get rid of NetworkManager for some users.

So yeah, please take a look at my request okay? Wait for 0.3 to be released to add this if possible. I know you guys are overworked, etc... and it doesn’t need to be done now anyhow. ;)

PackagesAnyPrivacy IssueVery LowMedium[avahi] avahi publishes the hostname by defaultUnconfirmed
0%
Task Description

By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.

PackagesAnyPrivacy IssueVery LowLow[purple-plugin-pack] Provides Napster support which is ...Unconfirmed
0%
Task Description

purple-plugin-pack provides access to Napster which is only useful with a single company and sever (as far as I could tell).

PackagesAnyPrivacy IssueVery LowLow[github] check github-related packagesResearching
0%
Task Description

We should check if the following packages run any non-free JS (like youtube-dl) or access a proprietary API:

- hub
- python-pygithub
- python2-pygithub

I haven’t check them, but they look fishy. Take it as a reminder, this is far from being urgent IMO.

PackagesAnyPrivacy IssueVery LowCritical[bleachbit] needs to be adapted to UXP applicationsAssigned
0%
Task Description

The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.

PackagesAnyImplementation RequestVery LowLow[3proxy] add package since it's useful for tor on ftp p...Deferred
0%
Task Description

Add “3proxy”[0] package

Useful for tor on ftp proxy[1]

[0]:https://github.com/z3APA3A/3proxy [1]:https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/FTP

PackagesAnyImplementation RequestVery LowLow[plymouth] add packageDeferred
0%
Task Description

Plymouth is an application that runs very early in the boot process (even before the root filesystem is mounted!) that provides a graphical boot animation while the boot process happens in the background.

Please implement plymouth as an optional package.

PackagesTestingImplementation RequestVery LowMedium[yaics] add packageDeferred
0%
Task Description

Yaics is a simple GNU social client written in C++ and Qt and licensed under the GNU GPL 3.0 (or later).

Please implement yaics as an optional package.

https://stigatle.no/yaics/

https://gitlab.com/stigatle/yaics

PackagesTestingImplementation RequestVery LowLow[sirikata] add packageDeferred
0%
Task Description

Sirikata a platform for virtual worlds.

Sirikata is a platform for virtual worlds. We provide a set of libraries and protocols which can be used to deploy a virtual world, as well as fully featured sample implementations of services for hosting and deploying these worlds.

Please implement sirikata as an optional package.

PackagesAnyImplementation RequestVery LowLow[multipath-tools] add packageDeferred
0%
Task Description

Hello,

Could it be possible to add this package :

multipath-tools

“Multipath tools for Linux (including kpartx)”

License : GPL2

to the repo ?

Thank you

PackagesAnyImplementation RequestVery LowLow[thinkfan] add packageDeferred
0%
Task Description

Could it be possible to add this package :

thinkfan

“A minimalist fan control program. Supports the sysfs hwmon interface and thinkpad_acpi”

License : GPL

to the repo ?

Thanks

PackagesAnyImplementation RequestVery LowLow[fsearch] add packageUnconfirmed
0%
Task Description

Could it be possible to add :

fsearch

https://github.com/cboxdoerfer/fsearch

License : GPL

PackagesAnyImplementation RequestVery LowLow[flowblade] add packageUnconfirmed
0%
Task Description

Could it be possible to add :

flowblade

https://www.parabola.nu/packages/pcr/any/flowblade/

“a multitrack non-linear video editor for GNU/Linux”

License : GPL3

Thanks

PackagesAnyImplementation RequestVery LowLow[whipper] add packageUnconfirmed
0%
Task Description

Could it be possible to add :

whipper

“A Unix CD ripper aiming for accuracy over speed – forked from morituri”

https://www.parabola.nu/packages/community/any/whipper/ https://github.com/JoeLametta/whipper

License : GPL3

Thanks

PackagesAnyImplementation RequestVery LowLow[sacd-extract] add packageUnconfirmed
0%
Task Description

Could it be possible to add :

sacd-extract

“Extract DSD files from an SACD image”

https://www.parabola.nu/packages/pcr/x86_64/sacd-extract/ https://sourceforge.net/p/sacd-ripper/

License : GPL2

Thanks

PackagesAnyImplementation RequestVery LowLow[radiotray] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add :

radiotray

“An online radio streaming player that runs on a Linux system tray.”

https://aur.archlinux.org/packages/radiotray/

License : GPL

Thanks

PackagesAnyImplementation RequestVery LowLow[ttf-font-awesome] add ttf-font-awesome fontUnconfirmed
0%
Task Description

Could it be possible to add :

ttf-font-awesome

to the repo ?

https://www.parabola.nu/packages/community/any/ttf-font-awesome/ http://fontawesome.io/

Thanks

PackagesAnyImplementation RequestVery LowLow[awesome-terminal-fonts] add packageUnconfirmed
0%
Task Description

Could it be possible to add :

awesome-terminal-fonts

to the repo please ?

https://www.parabola.nu/packages/community/any/awesome-terminal-fonts/ https://github.com/gabrielelana/awesome-terminal-fonts

Thanks

PackagesAnyImplementation RequestVery LowLow[w_scan] add package Unconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

w_scan

“Universal ATSC and DVB blind scanner”

https://aur.archlinux.org/packages/w_scan/

License : GPL

Thanks

PackagesAnyImplementation RequestVery LowLow[qpdfview] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

qpdfview

“A tabbed PDF viewer using the poppler library.”

https://www.parabola.nu/packages/community/x86_64/qpdfview/

License : GPL2

Thanks

PackagesAnyImplementation RequestVery LowLow[menulibre] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

menulibre

“An advanced menu editor that provides modern features in a clean, easy-to-use interface. All without GNOME dependencies”

https://aur.archlinux.org/packages/menulibre/

License : GPL3

Thanks

PackagesAnyImplementation RequestVery LowLow[crunch] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

crunch

“A wordlist generator where you can specify a standard character set or a character set you specify and generate all possible combinations and permutations.”

https://aur.archlinux.org/packages/crunch/

License : GPL2

Thanks

PackagesAnyImplementation RequestVery LowLow[dmg2img] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

dmg2img

“A CLI tool to uncompress Apple’s compressed DMG files to the HFS+ IMG format”

https://aur.archlinux.org/packages/dmg2img/

License : GPL2

Thanks

PackagesAnyImplementation RequestVery LowLow[gcdemu] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

gcdemu

“GNOME panel applet controlling cdemu-daemon”

https://aur.archlinux.org/packages/gcdemu

http://cdemu.sourceforge.net/

License : GPL2

Thanks

PackagesAnyImplementation RequestVery LowLow[python-cheat] add package Unconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

python-cheat

“Cheat allows you to create and view interactive cheatsheets on the command-line.”

https://aur.archlinux.org/packages/python-cheat/

https://github.com/chrisallenlane/cheat

License : GPL3

Thanks

PackagesAnyImplementation RequestVery LowLow[accuraterip-checksum] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

accuraterip-checksum

“A C99 commandline program to compute the AccurateRip checksum of singletrack WAV files”

https://www.parabola.nu/packages/community/x86_64/accuraterip-checksum/

License : GPL

Thanks

PackagesAnyImplementation RequestVery LowLow[pacpl] Add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

pacpl

“Convert multiple audio types from one format to another.”

https://aur.archlinux.org/packages/pacpl/

License : GPL

Dependencies needed (and currently missing in Hyperbola repo) :

perl-ogg-vorbis-header perl-mp4-info perl-mp3-tag perl-audio-flac-header perl-audio-musepack perl-parallel-forkmanager perl-cddb
PackagesAnyImplementation RequestVery LowLow[gmusicbrowser] Add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

gmusicbrowser

“A customizable open-source jukebox for large collections”

https://www.parabola.nu/packages/pcr/any/gmusicbrowser/

License : GPL3

Thanks

PackagesAnyImplementation RequestVery LowLow[quiterss] add package Unconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

quiterss

“Fast and light RSS/Atom feed reader written in Qt/С++”

https://aur.archlinux.org/packages/quiterss

License : GPL3

Thanks

PackagesAnyImplementation RequestVery LowLow[wekan] add package Unconfirmed
0%
Task Description

Hello,

Would it be possible to add this package :

wekan

“Wekan is an completely Open Source and Free software collaborative kanban board application”

https://github.com/wekan/wekan

License : MIT

Thanks

PackagesAnyImplementation RequestVery LowLow[moloch] add package Unconfirmed
0%
Task Description

Hello,

Would it be possible to add this package :

moloch

“ Moloch is an open source, large scale, full packet capturing, indexing, and database system.”

http://molo.ch

https://github.com/aol/moloch

License : Apache2

Thanks

ServicesWiki Page IssueImplementation RequestVery LowMediumAdd notification/subscription capabilities when a page ...Unconfirmed
0%
Task Description

After talking to Emulatorman, we think this would be a nice feature to add to our Hyperwiki to be able to subscribe to the original page in English to help tracking changing to the translated pages.
This implies to add the email notifications to the dokuwiki system

PackagesAnyImplementation RequestVery LowLow[powerpill] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

powerpill

“Pacman wrapper for faster downloads.”

https://aur.archlinux.org/packages/powerpill/

https://xyne.archlinux.ca/projects/powerpill

License : GPL

Thanks

PackagesAnyImplementation RequestVery LowLow[flacon] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

flacon

“Extracts individual tracks from one big audio file containing the entire album of music and saves them as separate audio files.”

https://aur.archlinux.org/packages/flacon/

https://flacon.github.io/

License : LGPL2.1

Thanks

PackagesAnyImplementation RequestVery LowMedium[arm-linux-gnueabihf-gcc] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

arm-linux-gnueabihf-gcc

“The GNU Compiler Collection (arm-linux-gnueabihf)”

Also requires :

arm-linux-gnueabihf-binutils (A set of programs to assemble and manipulate binary and object files)
arm-linux-gnueabihf-glibc (GNU C Library)

https://aur.archlinux.org/packages/arm-linux-gnueabihf-gcc/

License : GPL

Thanks

PackagesAnyImplementation RequestVery LowLow[gogs] add packageUnconfirmed
0%
Task Description

Hello,

It would be great to add this package :

gogs

“Self Hosted Git Service written in Go”

https://aur.archlinux.org/packages/gogs

openrc init scripts : https://aur.archlinux.org/packages/gogs-openrc

License : GPL

Thanks

PackagesAnyImplementation RequestVery LowMedium[etherpad-lite] add packageUnconfirmed
0%
Task Description

Hi,

Would be nice to add etherpad-lite to our pacman.

https://github.com/ether/etherpad-lite

https://aur.archlinux.org/packages/etherpad-lite/

PackagesAnyImplementation RequestVery LowLow[gimagereader] add packageUnconfirmed
0%
Task Description

Hello,

Could it be possible to add this package :

gimagereader

“A graphical frontend to tesseract-ocr”

https://aur.archlinux.org/packages/gimagereader

License : GPL3

Thanks

InstallationGeneralImplementation RequestVery LowLowTo make installation instructions and get use of live I...Unconfirmed
0%
Task Description

I have installed multiple times Hyperbola, 4 times on 4 different notebooks.

What I have noticed is that the live ISO is quite huge in relation to the task that should be done. Namely. the live ISO shall at least contain some first packages, so that they do not need to be downloaded online.

Best would be if the live ISO can be copied straight and that system can run from ISO/DVD without having Internet. At least one simple graphical environment shall be included.

Further, I have noticed that there is only network instructions as HTML file.

I would rather call it installation-instructions.html to make it clear for people what it is. Or simply: INSTALL.html so that people understand what it is.

It says just network.html if I remember well.

Then there is absolutely no point or link or reference to the installation instructions.

Each time I got a network I had to go to either duckduckgo search engine or to hyperbola.info website and then I tried with lynx to find installation instructions.

It is not straight, not quite clearly in open, it is in Wiki, but that is quite hard to find.

We have to put ourselves in the shoes of those in need of free software. Millions of people need free software.

Many of us live in a developed western countries.

Yet millions of people in need of this software live in South America, Africa, Asia, Eastern Europe.

There are millions of students that could advance their study, and that could progress faster with free software.

In those countries Internet is often non-existent, universities may be located in poor network areas, Internet is being fetched by using mobile phones.

So if there is a live distribution, such shall at least contain basic software, which really can fit onto any DVD, and that as such can be copied on the computer without using Internet. Upgrades could be fetched by using Internet.

And there shall be clear reference, link or file about installation. There shall be no need to go to Internet to install the software.

ServicesFlyspray IssueImplementation RequestVery LowLowSetting avatar picture on flyspry at issues.hyperbola.i...Unconfirmed
0%
Task Description

So avatar uploading is not working well, and picture is getting minimized to nothing.

Showing tasks 201 - 250 of 516 Page 5 of 11<<First - 3 - 4 - 5 - 6 - 7 - Last >>

Available keyboard shortcuts

Tasklist

Task Details

Task Editing