|
Any | Freedom Issue | Very Low | Low | [gnome] Complete remval of desktop-environment | Closed | |
Task Description
Description: As Gnome has decided against following libre, free principles the desktop-environment has becoming a risk for the privacy and freedom for users. Meaning that the desktop-environment with all basic packages should be removed. Of course the final decision is up to the community and the development-team. Followed up are more reasons for the insights:
* Bloated with questionable dependencies (including mandatory systemd) * Using proprietary services as high risk for freedom and privacy for users (https://i.stack.imgur.com/yZcyV.png) * Coming up with questionable and vague principles, against software-freedom in a whole (inclusion of flatpak and flathub as so-called standardization for distributions, discussions about proprietary software included within the software-center)
Additional info for packages:
gnome-backgrounds gnome-calculator gnome-contacts gnome-control-center gnome-dictionary gnome-disk-utility gnome-font-viewer gnome-keyring gnome-screenshot gnome-session gnome-settings-daemon gnome-shell gnome-shell-extensions gnome-system-monitor gnome-terminal gnome-themes-standard gnome-user-docs gnome-user-share grilo-plugins
|
|
Any | Security Issue | Very Low | Medium | Download debian-fixes instead of relying on external so ... | Closed | |
Task Description
It happened already with minetest and again with prosody: When trying to build own packages with makepkg there are patches downloaded from the Debian-project. But the given HTTP(S)-sources are no longer available, concrete example within prosody to be found: https://deb.debian.org/debian/pool/main/p/prosody/prosody_0.10.2-1~bpo9+1.debian.tar.xz (not available)
Please don’t rely on those external sources when creating PKGBUILD-files or just give users the possibility for a secure and granted download. Therefore I cannot build prosody on my own now!
|
|
Any | Privacy Issue | Very Low | Critical | [bleachbit] needs to be adapted to UXP applications | Closed | |
Task Description
The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.
|
|
Any | Security Issue | Very Low | Critical | [unbound] Multiple CVEs | Closed | |
Task Description
https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
[Critical] https://security-tracker.debian.org/tracker/CVE-2019-18934
|
|
Stable | Bug Report | Very Low | Medium | linphonec error (cli version) | Closed | |
Task Description
Description: linphonec is unusable because a error produce a continuous log
Additional info: linphone 3.11.1-1.hyperbola1
Steps to reproduce: linphonec
Log: linphonec> 2019-12-15 19:25:58:010 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:03:012 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:08:018 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:13:013 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:18:016 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:23:014 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:28:010 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:33:010 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:38:012 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:43:015 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:48:010 ortp-error-Error in connect: Network is unreachable 2019-12-15 19:26:53:010 ortp-error-Error in connect: Network is unreachable
|
|
Any | Bug Report | Very Low | Low | Xenocara xbacklight bug | Closed | |
Task Description
When i try to set the brightness on my screen, with xbacklight -set 100,
it does this:
No outputs have backlight property
and it doesn’t really matter if I set it lower than 100 or what it currently is at.
Fix when you can please!
|
|
Stable | Update Request | Very Low | Low | [icewm] Upgrade package version | Closed | |
Task Description
The current version of the package icewm within the Hyperbola-repositories is 1.3.8. The latest version is 1.6.3! An update would be helpful as this window-manager follows absolutely the principles of the distribution Hyperbola itself, being simple and fast.
|
|
Any | Bug Report | Very Low | Low | lightdm/lxdm bug | Closed | |
Task Description
It appears when I plug in my libreboot laptop x200 in, it appears to dim the screen and when its unplugged, the screen is bright again. Something peculiar is at work, I wondered if this could be fixed.
My assumption is it is related to lxdm or lightdm. Any thoughts?
I am currently using 0.4, so I don’t expect this to be a fast process, just when you get a chance okay?
|
|
Stable | Bug Report | Very Low | Critical | [smartmontools] update-smart-drivedb fails to update | Closed | |
Task Description
smartmontools 6.5-1.hyperbola1
Error while trying to update smart-drivedb :
anon@test[~] update-smart-drivedb
External Link/usr/bin/update-smart-drivedb: download from branches/RELEASE_6_5_DRIVEDB failed (curl: exit 23)
/usr/bin/update-smart-drivedb: download from trunk failed (curl: exit 23)
|
|
Stable | Security Issue | Very Low | Critical | [lts-kernel][sec] filter /dev/mem access & restrict acc ... | Closed | |
Task Description
These two options could be enabled :
Kernel hacking → [*] Filter access to /dev/mem [*] Filter I/O access to /dev/mem
Security options → [*] Restrict unprivileged access to the kernel syslog
|
|
Any | Freedom Issue | Very Low | Low | [hedgewars] Crash when starting a new singleplayer-camp ... | Closed | |
Task Description
When trying to start a new campaign the complete game-engine is crashing with the following message:
Object::disconnect: Unexpected null parameter QCoreApplication::postEvent: Unexpected null receiver
As ghc and fpc should be removed in the near future it would be good to validate this or otherwise remove the game-package itself also.
|
|
Stable | Bug Report | Very Low | Low | [dhcpcd-ui] Adding icons from "Network-Manager Applet" | Closed | |
Task Description
When using the package for wireless connections no further icon is displayed without having the package [b]network-manager-applet[/b] installed.
|
|
Any | Security Issue | Very Low | High | [tigervnc] Multiple CVE | Closed | |
Task Description
https://www.openwall.com/lists/oss-security/2019/12/20/2
“This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side.”
|
|
Any | Bug Report | Very Low | Low | [hypervideo] "HTTP Error 403: Forbidden" error on some ... | Closed | |
Task Description
Is there any way to force it to try from yt as it did in the final attempt?
$ hypervideo -f 22 https://www.youtube.com/watch?v=X7v2aHUPp14 [youtube] X7v2aHUPp14: Downloading webpage [youtube] X7v2aHUPp14: Downloading video info webpage [youtube] X7v2aHUPp14: Checking URL Invidious API [youtube] X7v2aHUPp14: Downloading JSON metadata [youtube] X7v2aHUPp14: Downloading from Invidious API ERROR: unable to download video data: HTTP Error 403: Forbidden
$ hypervideo -f 22 https://www.youtube.com/watch?v=X7v2aHUPp14 [youtube] X7v2aHUPp14: Downloading webpage [youtube] X7v2aHUPp14: Downloading video info webpage [youtube] X7v2aHUPp14: Checking URL Invidious API [youtube] X7v2aHUPp14: Trying from YT [download] Destination: Caroline’s First Day _ Green Wing _ Series 1 Episode 1 _ Dead Parrot-X7v2aHUPp14.mp4 [download] 100% of 418.57MiB in 03:31
|
|
Any | Security Issue | Very Low | Critical | [opensmtpd] CVE-2020-8794 | Closed | |
Task Description
Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/
Qualys Security Advisory
LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)
Summary Analysis ... Acknowledgments
We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This vulnerability, an out-of-bounds read introduced in December 2015 (commit 80c6a60c, “when peer outputs a multi-line response ...”), is exploitable remotely and leads to the execution of arbitrary shell commands: either as root, after May 2018 (commit a8e22235, “switch smtpd to new grammar”); or as any non-root user, before May 2018.
Because this vulnerability resides in OpenSMTPD’s client-side code (which delivers mail to remote SMTP servers), we must consider two different scenarios:
- Client-side exploitation: This vulnerability is remotely exploitable
in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.
- Server-side exploitation: First, the attacker must connect to the
OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).
We developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the first vulnerable release), Debian 10 (stable), Debian 11 (testing), and Fedora 31.
The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”
|
|
Any | Implementation Request | Very Low | Medium | [chdkptp] please add package to control Canon cameras | Closed | |
Task Description
CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.
Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.
Code is available via svn:
$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp
Copy chdkptp.sh and config.mk files to source tree then compile via make. chdkptp requires root privileges to connect to a camera.
|
|
Any | Implementation Request | Very Low | Low | [chdkptp] please add package to repos | Closed | |
Task Description
CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.
Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.
Code is available via svn:
$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp
Copy chdkptp.sh and config.mk files to source tree then compile via make. Requires root privileges to connect to a camera.
|
|
Stable | Bug Report | Very Low | High | [ispell] require FHS | Closed | |
Task Description
Description:
cant open /usr/local/lib/english.hash
Additional info:
Repository : extra
Name : ispell
Version : 3.3.02-7
Description : An interactive spell-checking program for Unix
Architecture : x86_64
URL : http://ficus-www.cs.ucla.edu/geoff/ispell.html
Licenses : BSD
Groups : None
Provides : None
Depends On : ncurses
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 321.26 KiB
Installed Size : 1336.00 KiB
Packager : Evangelos Foutras <evangelos@foutrelis.com>
Build Date : Sun Sep 6 12:07:06 2015
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
- Install package
|
|
Stable | Security Issue | Very Low | Medium | [git] Multiple CVEs | Closed | |
Task Description
CVE-2020-5260 has been fixed very recently in Debian, so I thought I would apply this patch. However, I found out that security patches have not been applied for quite a while (I could account for at least 6 CVEs).
Considering that the version in Debian stretch (2.11.0) is the nearest version with security patches released by Debian and that git project oldest supported version is 2.17, I have used patches from Debian stretch to apply on 2.12.2 currently in Milky Way.
But I have the following error on check():
| *** prove ***
|
| Test Summary Report
| -------------------
| t5570-git-daemon.sh (Wstat: 256 Tests: 20 Failed: 10)
| Failed tests: 3-7, 15-19
| Non-zero exit status: 1
| t5811-proto-disable-git.sh (Wstat: 256 Tests: 26 Failed: 16)
| Failed tests: 2-6, 9-11, 15-19, 21-23
| Non-zero exit status: 1
| Files=769, Tests=14137, 1101 wallclock secs ( 8.08 usr 1.12 sys + 144.48 cusr 63.42 csys = 217.10 CPU)
| Result: FAIL
| make[1]: *** [Makefile:45: prove] Error 1
| make[1]: Leaving directory '/build/git/src/git-2.12.2/t'
| make: *** [Makefile:2291: test] Error 2
| ==> ERROR: A failure occurred in check().
| Aborting...
This does not seem to be related to my change as the current version in Milky Way produces the same error (IOW the package currently in Milky Way is not rebuidable).
|
|
Stable | Bug Report | Very Low | Critical | [gtk-2] Severe problems with GTK2-applications | Closed | |
Task Description
Description: Since the migration to xenocara there seems to be a bug with applications using GTK-2. From time to time there are crashes with assertion `!xcb_xlib_threads_sequence_lost’.
Looking into this a little bit more deep there are also other distributions affected and this is an upstream-bug. But the concrete situation is not that easy, while it could be also part of the library libX11 itself. Looking therefore here: https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1782984
Affected are for example LXDE in general, icedove, iceweasel and many more!
|
|
Stable | Freedom Issue | Very Low | Critical | [keybase] Complete removal of tool | Closed | |
Task Description
There is only the source code of the client available and since years nothing more happened. With keybase joining “Zoom” nothing more seems to happen. Look also here in the forum: https://forums.hyperbola.info/viewtopic.php?id=368
|
|
Any | Freedom Issue | Very Low | High | Synergy en teclado en español no tiene tildes ni ñ | Closed | |
Task Description
Description: Share a single mouse and keyboard between multiple computers, with libressl and OpenRC support
Issue: Synergy no es capas de trasmitir tildes ni eñes y demás caracteres del español españa
Additional info: * package version(s): community/synergy 1.8.8-2.hyperbola1 * config and/or log files etc.
Steps to reproduce: instalarar synergy en 2 PCs con hyperbola 0.3, he intentar escribir tildes, no funcionará…
|
|
Any | Backport Request | Very Low | Low | elogind package | Closed | |
Task Description
Description: Was wondering if there is any issue in terms of freedom andor privacy for the inclusion of elogind? Feedback will be apreciated Cheers.
this was recently implemented in gentoo.
source: https://libregit.org/i3_relativism/elogind
references: https://blogs.gentoo.org/leio/2019/03/26/gnome-3-30/#comment-9555 https://forums.gentoo.org/viewtopic-t-1094796.html
contact gentoo developer for help in implementation: https://wiki.gentoo.org/wiki/User:Leio/TODO
|
|
Any | Security Issue | Very Low | Medium | mount.davfs: unknown file system davfs due to paths cha ... | Closed | |
Task Description
This is same issue as on: https://bugzilla.redhat.com/show_bug.cgi?id=1151273
The paths changed and trying to mount davfs file system defined in /etc/fstab fails with error: unknown file system davfs
To remedy, I made symlink in /sbin to mount.davfs
The transition of paths had to take that in account as many mounted remote disks failed after upgrade.
|
|
Stable | Bug Report | Very Low | Medium | Untrsuted gpg key | Closed | |
Task Description
Description: There is an issue with Christian Rebischke key, i’ve tried to delete /etc/pacman.d/gnupg/ and repopulate it but it doesn’t fix the issue.
error: ascii: signature from “Christian Rebischke (Arch Linux Security Team-Member) Chris.Rebischke@archlinux.org” is unknown trust File /var/cache/pacman/pkg/ascii-3.15-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Steps to reproduce:
sudo pacman -S ascii
|
|
Stable | Update Request | Very Low | Medium | [varnish] Missing init script | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | Juniper Networks Certified Expert Security | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | How to resolve QuickBooks Error 15241 | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | What are the easy tips to setup yahoo mail in outlook? | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | Fix QuickBooks Error 6147 in 5 Tricky Ways | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | How do I set up Bellsouth email on Outlook? | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | How do I resolve outlook cannot connect to server probl ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | Can 123.hp.com/setup help me to fix HP Printer error co ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | How do I Choose The Best SEO Services Provider For My B ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | Dial helpline number to find solutions of cash app card ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | Get Cash app customer service number to resuscitate the ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | Fix interface issue while using elective send cash from ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | How do you unlock Yahoo account without phone number an ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | Fix Your Epson Printer Offline Troubleshooting | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | Fix Your Epson Printer Offline Troubleshooting | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | Where To Go If Cash App Refund Problems Take Place? | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | Can You Get cash app Dispute? If the transfer can't be ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | How to Connect With coursework help online in USA Exper ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | How to Connect With coursework help online in USA Exper ... | Closed | |
|
|
Testing | Bug Report | Very Low | Critical | [Hyperbola GNU/Linux-libre 0.4] Installation issue for ... | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | [Hyperbola GNU/Linux-libre 0.4] No login after installa ... | Closed | |
|
|
Any | Bug Report | Very Low | Low | [Hyperbola GNU/Linux-libre 0.4] Testing Lumina - lumina ... | Closed | |
|
|
Stable | Bug Report | Very Low | Medium | nouveau_drv.so: undefined symbol: exaDriverAlloc | Closed | |
|
|
Testing | Feature Request | Very Low | Medium | [Hyperbola GNU/Linux-Libre 0.4] [lumina-core] Replace t ... | Closed | |
|
|
Testing | Freedom Issue | Very Low | Critical | [Hyperbola GNU/Linux-libre 0.4] [lumina-core] has some ... | Closed | |
|