|
Any | Bug Report | Low | Low | [usbutils] lsusb does not list device names | Closed | |
Task Description
Description:
lsusb does not resolve device names from /var/lib/usbutils/usb.ids
The same thing as described here: https://unix.stackexchange.com/questions/220759/lsusb-doesnt-list-device-names
|
|
Any | Bug Report | Low | Low | [emacs-nox] uses "nox" suffix | Closed | |
Task Description
Description:
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Any | Bug Report | Low | Low | [erlang-nox] uses "nox" suffix | Closed | |
Task Description
Description:
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Any | Bug Report | Low | Low | [qbittorrent-nox] uses "nox" suffix | Closed | |
Task Description
Description:
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Stable | Bug Report | Low | Medium | Garbled display with xfce4-terminal (terminfo) | Closed | |
Task Description
A very nasty bug I wasn’t able to find an answer to. I compiled stuff (buildroot) using menuconfig, the menu display was fine in xfce4-terminal (See screenshot #1) I restarted the config a few days later with the same command :
$ make menuconfig
and this time the display was messed up (See screenshot #2)
After investigation, I noticed a directory (filled with stuff) have been created in my home folder :
.terminfo
I don’t know why. But anyway, if I delete it, then the display is ok again. I noticed that if I use good old xterm terminal, then the display is fine even if the .terminfo directory is present. (it uses “xterm” instead of xterm-256color)
But, with xfce4-terminal (and others, I tried with gnome-terminal, sakura..), the display is messed up if the .terminfo directory is present in my home folder.
I also noticed that if I run the command in a screen session, the issue is not present.
(I open xfce4-terminal)
$ screen
$ printenv TERM
screen.xterm-256color
$ make menuconfig (or htop, or other program using ncurses)
= display ok
but with default :
(I open xfce4-terminal)
$ printenv TERM
xterm-256color
make menuconfig (or htop, or other program using ncurses)
= display messed up if .terminfo directory is present
So I have no idea why this .terminfo directory is generated. What could trigger its generation ? Is that an issue with ncurses or something else ?
Thanks for your help
|
|
Any | Bug Report | Low | Low | [crystal] error build Invidious | Closed | |
Task Description
Description:
crystal build src/invidious.cr –release
Error in src/invidious.cr:19: while requiring "kemal"
require "kemal"
^
in lib/kemal/src/kemal.cr:4: while requiring "./kemal/*"
require "./kemal/*"
^
in lib/kemal/src/kemal/config.cr:26: expanding macro
property static_headers : (HTTP::Server::Response, String, File::Info -> Void)?
^~~~~~~~
in lib/kemal/src/kemal/config.cr:26: expanding macro
property static_headers : (HTTP::Server::Response, String, File::Info -> Void)?
^
in macro 'property' expanded macro: macro_48177600:567, line 4:
1.
2.
3.
> 4. @static_headers : (HTTP::Server::Response, String, File::Info -> Void) | ::Nil
5.
6. def static_headers : (HTTP::Server::Response, String, File::Info -> Void) | ::Nil
7. @static_headers
8. end
9.
10. def static_headers=(@static_headers : (HTTP::Server::Response, String, File::Info -> Void) | ::Nil)
11. end
12.
13.
14.
15.
undefined constant File::Info
Additional info: * package version(s)
Crystal 0.22.0 (2017-04-22) LLVM 4.0.0
Steps to reproduce:
|
|
Any | Bug Report | Low | High | [kaccounts-integration] option to add NextCloud/OwnClou ... | Closed | |
Task Description
Description:
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Any | Bug Report | Low | High | [kdenetwork-kopete] clicking to add an Jabber Account o ... | Closed | |
Task Description
Description:
Additional info: * package version(s)
* config and/or log files etc.
Steps to reproduce:
|
|
Any | Bug Report | Low | High | [xfce4-power-manager] locking session issue | Closed | |
Task Description
I probably should’ve mentioned this before, but if it is set to suspend when lid is closed, it should automatically lock. if the security option: lock screen with system is set to sleep is tweaked on it doesn’t lock always.
This is word for word what I wrote in the forums, but yeah... it is a problem say if someone wants to use your laptop without your permission and can do so.
But it is also a problem if you set it to lock instead because it is more prone to overheating when your not using it, and it doesn’t suspend quickly enough.
I have tried this many times and the same story can be told, again and again.
I think this issue should be considered high or critical merely because of the privacy risk if someone gets their hands on your laptop while its on. Even if you have been away... :/
I wonder if anyone else has this issue... well you guys will tell me I am sure. if critical doesn’t match what you think I am sure you will change it. ;)
|
|
Any | Bug Report | Low | Low | [xdg-utils] doesn't work with -uxp applications and has ... | Closed | |
Task Description
As per the source code, xdg-utils is meant to work with firefox, google-chrome, and other browsers. It is missing support for -uxp applications.
|
|
Any | Backport Request | Low | Medium | [docker] package request | Closed | |
Task Description
Please, package and backport the docker CE for Hyperbola Milky Way.
For reference, see the package docker in the Parabola.
|
|
Any | Update Request | Medium | Medium | [youtube-viewer] update request to v3.7.9 | Closed | |
Task Description
Please package update to version 3.7.9 of youtube-viewer.
libre.patch attached :)
|
|
Any | Update Request | Medium | High | Make Knock patch for Linux-libre 4.14 LTS | Closed | |
Task Description
The Knock patches for linux-libre maintained by you at https://git.hyperbola.info:50100/kernels/knock.git/ have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x
However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x
This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.
Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do. https://github.com/copperhead/linux-hardened/releases
|
|
Any | Update Request | Medium | Medium | [cups] update request | Closed | |
Task Description
New versión v2.2.7
References:
|
|
Any | Update Request | Medium | High | [php] is out of date/support | Closed | |
Task Description
Description:
From official PHP page, our php 7.1 is out of support and security
Our package : https://www.hyperbola.info/packages/extra/x86_64/php/
PHP page : https://www.php.net/supported-versions.php
|
|
Any | Security Issue | Medium | Medium | [cinepaint] unmaintained and unsupportable | Closed | |
Task Description
Remove “cinepaint” package since it’s unmaintained and unsupportable. Also, it doesn’t contains any file format support in the latest version (previous version supported multiple file formats).
I suggest use Krita (or Gimp 2.10) to edit 16bit and 32bit file formats or convert with imagemagick/graphicsmagick.
$ pacman -Si cinepaint
Repository : community
Name : cinepaint
Version : 1:1.0.4-5
Description : Sophisticated graphics manipulation programm supporting > 8bit pictures
Architecture : x86_64
URL : http://www.cinepaint.org
Licenses : LGPL GPL MIT
Groups : None
Provides : None
Depends On : gtk2 openexr lcms libxpm fltk ftgl libxxf86vm
Optional Deps : python2: for python plug-ins
gutenprint: for print plug-ins
ghostscript: for pdf plug-ins
Conflicts With : None
Replaces : None
Download Size : 3.75 MiB
Installed Size : 13.91 MiB
Packager : Christian Hesse <arch@eworm.de>
Build Date : Thu 28 Apr 2016 05:17:05 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Security Issue | Medium | High | [blender] error invalid PGP keys | Closed | |
Task Description
$ sudo pacman -S blender
resolviendo dependencias…
buscando conflictos entre paquetes…
Paquetes (20) alembic-1.7.1-1 blender-common-2.78.c-1.hyperbola4 blosc-1.11.3-1 ilmbase-2.2.0-2 intel-tbb-2017_20170226-1 libraw-0.18.2-1 libspnav-0.2.3-1 llvm-4.0.0-2
log4cplus-1.2.0-3 opencollada-1.6.45-1.hyperbola1 opencolorio-1.0.9-5 openexr-2.2.0-3.hyperbola2 openimageio-1.6.18-1.hyperbola1 openshadinglanguage-1.7.5-1.hyperbola1
opensubdiv-3.1.1-1 openvdb-3.2.0-2 ptex-2.1.28-1.hyperbola1 valgrind-3.12.0-2 zstd-1.1.4-1 blender-2.78.c-1.hyperbola4
Tamaño total de la descarga: 0,33 MiB
Tamaño total de la instalación: 567,26 MiB
:: ¿Continuar con la instalación? [S/n] s
:: Recibiendo los paquetes…
libspnav-0.2.3-1-x86_64 8,5 KiB 849K/s 00:00 [######################################################################] 100%
zstd-1.1.4-1-x86_64 283,3 KiB 199K/s 00:01 [######################################################################] 100%
blosc-1.11.3-1-x86_64 43,0 KiB 331K/s 00:00 [######################################################################] 100%
(20/20) comprobando las claves del depósito [######################################################################] 100%
(20/20) verificando la integridad de los paquetes [######################################################################] 100%
error: libspnav: signature from "Andrea Scarpino <me@andreascarpino.it>" is marginal trust
:: El archivo /var/cache/pacman/pkg/libspnav-0.2.3-1-x86_64.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n] s
error: zstd: signature from "Andrzej Giniewicz (giniu) <gginiu@gmail.com>" is marginal trust
:: El archivo /var/cache/pacman/pkg/zstd-1.1.4-1-x86_64.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n] s
error: blosc: signature from "Andrzej Giniewicz (giniu) <gginiu@gmail.com>" is marginal trust
:: El archivo /var/cache/pacman/pkg/blosc-1.11.3-1-x86_64.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n] s
error: no se pudo realizar la operación (paquete no válido o dañado)
Ocurrieron errores, por lo que no se actualizaron los paquetes
|
|
Any | Security Issue | Medium | Critical | [glusterfs] CVE-2018-1088: Privilege escalation via gl ... | Closed | |
Task Description
https://security-tracker.debian.org/tracker/CVE-2018-1088
http://openwall.com/lists/oss-security/2018/04/18/1
https://bugs.debian.org/896128
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
Upstream patches: https://review.gluster.org/#/c/19899/1..2
Fixed in: https://github.com/gluster/glusterfs/releases/tag/v4.0.2
|
|
Any | Security Issue | Medium | High | [toxcore] vulnerability affecting versions < 0.2.3 | Closed | |
Task Description
Per toxcore official blog, there is a security issue that affects all versions prior to 0.2.3. Users IP will leak if they have public ToxID. https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release/
|
|
Any | Security Issue | Medium | Medium | [openssh] CVE-2018-15919 | Closed | |
Task Description
Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919
|
|
Any | Security Issue | Medium | Critical | [libjpeg-turbo] CVE-2019-2201 | Closed | |
Task Description
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation
https://security-tracker.debian.org/tracker/CVE-2019-2201
Patch: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388
|
|
Testing | Replace Request | Medium | Medium | [devtools] use artools as devtools replacement | Closed | |
Task Description
Replace “devtools” to “artools”[0][1]
[0]:https://github.com/artix-linux/artools [1]:https://git.archlinux.org/devtools.git
Notes: "artools" replaces "devtools" and "archiso"
without "systemd", but it is not a "libretools" replacement.
For now, "libretools" needs a "chroot" wrapper to use it.
|
|
Any | Replace Request | Medium | Medium | [hypervideo] stop the development of Hypervideo | Closed | |
Task Description
Description:
I used to be under the impression that youtube-dl executes proprietary JavaScript, but I now understand that it only *parses* the JavaScript to find the URL for some videos. It doesn’t actually run the JavaScript, so it’s not a freedom issue.
Youtube-dl only executes regular expressions [0][1][2]
you also remove the files that are just for testing [3][4][5][6][7] and when compiling the program with libretools the test files are not placed[8]
I have consulted with other programmers and we have reached the same conclusion. Youtube-dl does not execute JS non-free, it only extracts the JS to read through python the URL‘s of some videos.[9][10]
The issues that I see with youtube-dl are rather in their form of development because it changes at every moment
Additional info:
- [0]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L12
- [1]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L132
- [2]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/swfinterp.py#L391
- [3]: https://github.com/ytdl-org/youtube-dl/tree/master/test/swftests/
- [4]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_iqiyi_sdk_interpreter.py
- [5]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_jsinterp.py
- [6]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_swfinterp.py
- [7]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_youtube_signature.py
- [8]:
$ tree -d
.
├── bin
├── lib
│ └── python3.6
│ └── site-packages
│ ├── youtube_dl
│ │ ├── downloader
│ │ │ └── __pycache__
│ │ ├── extractor
│ │ │ └── __pycache__
│ │ ├── postprocessor
│ │ │ └── __pycache__
│ │ └── __pycache__
│ └── youtube_dl-2019.5.11-py3.6.egg-info
└── share
├── bash-completion
│ └── completions
├── doc
│ └── youtube_dl
├── fish
│ └── completions
├── licenses
│ └── youtube-dl
├── man
│ └── man1
└── zsh
└── site-functions
26 directories
- [9]: https://directory.fsf.org/wiki/Youtube-dl - [10]: https://github.com/fent/node-ytdl-core/issues/222
|
|
Any | Replace Request | Medium | High | [firejail] use firejail LTS | Closed | |
Task Description
Description:
Firejail developers since October 2018 have started building LTS versions of firejail[0], according to Packaging Guidelines we must use LTS versions of the packages if they are available.
Links:
[0]: https://github.com/netblue30/firejail/tree/LTSbase
|
|
Any | Privacy Issue | Medium | Medium | [meta] Investigate DuckDuckGo links for privacy | Closed | |
Task Description
As per a user report (https://forums.hyperbola.info/viewtopic.php?id=92), DDG is USA based search engine and is blocking Tor users (https://trac.torproject.org/projects/tor/ticket/23648). They are also using non-free JS on the default search.
It seems the best way to solve this is to use their “html” hidden service since it conceals the user IP, doesn’t block Tor users by default, and doesn’t need JS. https://3g2upl4pq6kufc4m.onion/html/
This will affect multiple applications that are currently using DuckDuckGo. The alternative is to remove it completely, but it still is a better option than Google et. all for privacy...
|
|
Any | Privacy Issue | Medium | High | midori new Support for cross-browser web extensions | Closed | |
|
|
Any | Implementation Request | Medium | Medium | [uzem][uzebox] add uzem emulator and uzebox firmware pa ... | Closed | |
|
|
Any | Implementation Request | Medium | Medium | [octopi] [octopi-cachecleaner] [octopi-notifier] [octop ... | Closed | |
|
|
Any | Implementation Request | Medium | Medium | [ncdu] add new package | Closed | |
|
|
Any | Implementation Request | Medium | Medium | [searx] add new package | Closed | |
|
|
Any | Implementation Request | Medium | Medium | [wine-stable] add package | Closed | |
|
|
Any | Implementation Request | Medium | Low | Scid vs. PC – PGN Reader/ChessBase | Closed | |
|
|
Any | Implementation Request | Medium | Low | Stockfish Chess Engine | Closed | |
|
|
Any | Implementation Request | Medium | Low | [hunspell-pt-br] add new package | Closed | |
|
|
Any | Implementation Request | Medium | Low | [hyphen-pt-br] add new package | Closed | |
|
|
Stable | Implementation Request | Medium | Medium | [materia-theme] add package | Closed | |
|
|
Stable | Implementation Request | Medium | Critical | [strongswan] add new package | Closed | |
|
|
Testing | Implementation Request | Medium | Medium | linux-libre-lts-hypersec: New package with extra securi ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [openssl] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [aiksaurus] vague terminology "Open Source" in descript ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [assimp] vague terminology "Open Source" in description ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [cmake] vague terminology "Open Source" in description ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [gstreamer] vague terminology "Open Source" in descript ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [java-openjfx] vague terminology "Open Source" in descr ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [java-openjfx-doc] vague terminology "Open Source" in d ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [java-openjfx-src] vague terminology "Open Source" in d ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [java-rhino] vague terminology "Open Source" in descrip ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [kdegames-kigo] vague terminology "Open Source" in desc ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [libgdiplus] vague terminology "Open Source" in descrip ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [libical] vague terminology "Open Source" in descriptio ... | Closed | |
|