Category Task Type Priority Severity Summary Status Progress  desc
StableFreedom IssueVery LowCritical [elementary-icon-theme] Contains non-FSDG compliant dis ...Closed
Task Description

About that distro, Elementary OS is semi-libre/free, Ubuntu based, long term support, but does not comply with the GNU Free System Distributibution Guidelines (FSDG). To either rebrand or remove existing non-FSDG compliant distro icon files.

The following affected files are present in this list:

  • /usr/share/icons/elementary/places/16/distributor-logo.svg
  • /usr/share/icons/elementary/places/24/distributor-logo.svg
  • /usr/share/icons/elementary/places/32/distributor-logo.svg
  • /usr/share/icons/elementary/places/48/distributor-logo.svg
  • /usr/share/icons/elementary/places/64/distributor-logo.svg
  • /usr/share/icons/elementary/places/128/distributor-logo.svg
  • /usr/share/icons/elementary/places/symbolic/distributor-logo-symbolic.svg
AnyFreedom IssueVery LowCritical [conky] Some serious issues Closed
Task Description

I’m writing here about the package Conky. It is the useful widget of system monitor into your desktop, but there are some serious issues:

Config variables

  • distribution outputs the string “Arch Linux” instead of “Hyperbola GNU/Linux-libre”.
  • eve requires users to use API for non-libre/free video game EVE Online, and should be removed.
  • All Beep Media Player (BMPx) related variables (including bmpx_album, bmpx_artist, bmpx_bitrate, bmpx_title, bmpx_track and bmpx_uri) are obselete and useless, and should be removed because the package BMPx isn’t present on Arch and Hyperbola official repositories but Arch User Repository (AUR).
  • [For Milky Way version 0.4.x only] All PulseAudio related variables (including if_pa_sink_muted, pa_sink_volume, pa_sink_volumebar, pa_sink_description, pa_card_name and pa_card_active_profile) are no longer used, and should be removed due replaced the default audio server with sndio.


  • Contains non-FDSG compliant distros.
  • Contains vague terminology.
  • Requires users to use API for non-libre/free weather network service(s) (including The Weather Channel).
AnySecurity IssueVery HighCritical [libarchive] CVE-2019-18408 Closed
Task Description

StableDrop RequestVery LowCritical [osdbattery] Unmaintained and unsupportable Closed
Task Description

osdbattery is (probably) useless and broken so Conky did compete because It is still unmaintained and unsupported over 14 years ago (last released version 1.4 on August 23, 2005), and should be removed per anti-abandonware rule at the packaging guidelines.

Also, the default config file contains non-libre/free Microsoft font Verdana as X11 font format property in font variable.

StableUpdate RequestVery LowCritical [qt5] request for upgrade Closed
Task Description

I know that upgrading Qt is not a trivial task, but would it be possible to do this anyway? Qt 5.8 has issues that other versions do not have. See for example the discussion here about Projecteur, a very useful tool. Hyperbola seems to be the only Linux distribution unable to run it, just because of Qt 5.8:

AnySecurity IssueMediumCritical [libjpeg-turbo] CVE-2019-2201 Closed
Task Description

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation


StableFreedom IssueHighCritical [smplayer] Removal of unfree "Chromecast"-plugin Closed
Task Description

Within the current version of smplayer in the repositories a proprietary interface to Chromecast is activated and therefore a risk for privacy of the users as this hardware is the complete opposite of freedom.

AnyPrivacy IssueVery LowCritical [bleachbit] needs to be adapted to UXP applications Closed
Task Description

The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.

AnySecurity IssueVery LowCritical [unbound] Multiple CVEs Closed
Task Description


StableBug ReportVery LowCritical [smartmontools] update-smart-drivedb fails to update Closed
Task Description

smartmontools 6.5-1.hyperbola1

Error while trying to update smart-drivedb :

anon@test[~] update-smart-drivedb

External Link/usr/bin/update-smart-drivedb: download from branches/RELEASE_6_5_DRIVEDB failed (curl: exit 23) /usr/bin/update-smart-drivedb: download from trunk failed (curl: exit 23)

StableSecurity IssueVery LowCritical [lts-kernel][sec] filter /dev/mem access & restrict acc ...Closed
Task Description

These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

AnySecurity IssueVery LowCritical [opensmtpd] CVE-2020-8794 Closed
Task Description


Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)




We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This
vulnerability, an out-of-bounds read introduced in December 2015 (commit
80c6a60c, “when peer outputs a multi-line response ...”), is exploitable
remotely and leads to the execution of arbitrary shell commands: either
as root, after May 2018 (commit a8e22235, “switch smtpd to new
grammar”); or as any non-root user, before May 2018.

Because this vulnerability resides in OpenSMTPD’s client-side code
(which delivers mail to remote SMTP servers), we must consider two
different scenarios:

- Client-side exploitation: This vulnerability is remotely exploitable

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

- Server-side exploitation: First, the attacker must connect to the

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

We developed a simple exploit for this vulnerability and successfully
tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the
first vulnerable release), Debian 10 (stable), Debian 11 (testing), and
Fedora 31.

The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”

StableBug ReportVery LowCritical [gtk-2] Severe problems with GTK2-applications Closed
Task Description

Description: Since the migration to xenocara there seems to be a bug with applications using GTK-2. From time to time there are crashes with assertion `!xcb_xlib_threads_sequence_lost’.

Looking into this a little bit more deep there are also other distributions affected and this is an upstream-bug. But the concrete situation is not that easy, while it could be also part of the library libX11 itself. Looking therefore here:

Affected are for example LXDE in general, icedove, iceweasel and many more!

StableFreedom IssueVery LowCritical [keybase] Complete removal of tool Closed
Task Description

There is only the source code of the client available and since years nothing more happened. With keybase joining “Zoom” nothing more seems to happen. Look also here in the forum:

AnySecurity IssueVery HighCritical [grub2] UEFI SecureBoot vulnerability + multiple flaws  ...Closed
Task Description

TestingBug ReportVery LowCritical [Hyperbola GNU/Linux-libre 0.4] Installation issue for  ...Closed
Task Description

Description: Problem with execution of “pacstrap /mnt base base-devel syslinux” from 0.3.1-chroot ISO-image with modified pacman.conf and mirrorlist for testing. There are errors for the packages “libxcrypt” and “man-pages” as both have “/usr/share/man/man3/crypt.3.gz” and “/usr”share/man/man3/crypt_r.3.gz” included.

TestingBug ReportHighCritical [Hyperbola GNU/Linux-libre 0.4] Installation for syslin ...Closed
Task Description

Description: Configuration file “syslinux.cfg” under /boot/syslinux/ has to be adjusted. Problem with kernel-images loaded and the concurrent booting device is per default configured to /dev/sda3. Kernel-images are named as “linux-libre” not “linux-libre-lts”.

TestingBug ReportHighCritical [Hyperbola GNU/Linux-libre 0.4] Problems with sndio fai ...Closed
Task Description

There are issues with the current sndio-package as it seems not possible to get this to work with ALSA.

TestingBug ReportHighCritical [wpa_supplicant]: wireless connection does not work Closed
Task Description


Wireless connection does not work

Additional info:
* package version(s)

- wpa_supplicant 2:2.9-1
- libressl 3.2.2-1

* config and/or log files etc.

Successfully initialized wpa_supplicant
OpenSSL: Failed to set cipher string 'DEFAULT@SECLEVEL=1'
SSL: Failed to initialize TLS context.
Failed to initialize EAPOL state machines.
nl80211: deinit ifname=wlp0s18f2u1 disabled_11b_rates=0

Steps to reproduce:

$ wpa_supplicant -B -i device-name -c <(wpa_passphrase “ssid” “psk”)

AnyBug ReportVery HighCritical [ath9k-htc-firmware]: not work Closed
Task Description


Ath9k wifi device not working, possibly bad compilation or issues with gcc

Additional info:
* package version(s)

- gcc-8.4.0-2
- ath9k-htc-firmware-1.4.0-8

* config and/or log files etc.

[    8.302952] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[    8.303011] usbcore: registered new interface driver ath9k_htc
[    8.303067] usb 1-1: Direct firmware load for ath9k_htc/htc_9271-1.4.0.fw failed with error -2
[    8.303073] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[    8.623141] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51008
[    9.683657] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[    9.683672] ath9k_htc: Failed to initialize the device

Steps to reproduce:

- Add wifi device with ath9k firmware, for example: TL-WN722N
- pacman -S ath9k-htc-firmware



TestingFreedom IssueVery LowCritical [Hyperbola GNU/Linux-libre 0.4] [lumina-core] has some  ...Closed
Task Description

The list contains some icons before being removed for displaying non-libre and trademark-related stuffs, which may infringe the GNU Free System Distribution Guidelines and Hyperbola Packaging Guidelines.


  • Icons that are libre apps but has problematic issues:
    • nodejs.svg
    • npm.svg
    • umbraco.svg
  • Icons that are non-libre apps:
    • apple-finder.svg
    • apple-safari.svg
    • edge.svg
    • emby.svg
    • evernote.svg
    • google-chrome.svg
    • google-earth.svg
    • internet-explorer.svg (discontinued)
    • itunes.svg
    • jira.svg
    • opera.svg
    • plex.svg
    • quicktime.svg
    • skype.svg
    • slack.svg
    • steam.svg
    • teamviewer.svg
    • unity.svg
    • visualstudio.svg
    • whatsapp.svg
  • Icons that are non-libre games:
    • black-mesa.svg
    • minecraft.svg
  • Icons that are non-libre network services:
    • amazon.svg
    • appnet.svg (discontinued)
    • basecamp.svg
    • bing.svg
    • bitbucket.svg
    • blogger.svg
    • deviantart.svg
    • disqus.svg
    • dribbble.svg
    • dropbox.svg
    • ebay.svg
    • etsy.svg
    • facebook.svg
    • flattr.svg
    • foursquare.svg
    • github.svg
    • gmail.svg
    • google-drive.svg
    • google-maps.svg
    • google-photos.svg
    • google-play.svg
    • google-plus.svg (discontinued)
    • google-translate.svg
    • google-wallet.svg (discontinued, now as Google Pay)
    • instagram.svg
    • jsfiddle.svg
    • lastfm.svg
    • linkedin.svg
    • linode.svg
    • mixcloud.svg
    • onedrive.svg
    • pandora.svg
    • pinterest.svg
    • rdio.svg (discontinued)
    • reddit.svg
    • soundcloud.svg
    • spotify.svg
    • stackexchange.svg
    • stackoverflow.svg
    • telegram.svg
    • tumblr.svg
    • twitch.svg
    • twitter.svg
    • vimeo.svg
    • vine.svg (discontinued)
    • vk.svg
    • wechat.svg
    • xing.svg
    • yelp.svg
    • youtube.svg
  • Icons that are non-FSDG operating systems:
    • android.svg
    • ubuntu.svg
  • Icons that are non-libre operating systems:
    • apple-ios.svg
  • Icons that are trademarked brands and products:
    • apple.svg
    • beats.svg
    • blackberry.svg
    • dolby.svg
    • google.svg
    • google-cardboard.svg (discontinued)
    • google-glass.svg
    • microsoft.svg
    • playstation.svg
    • wii.svg (discontinued)
    • wiiu.svg (discontinued)
  • Icons that are trademarked characters:
    • clippy.svg (appearance from the Office Assistant part of M$ Office 97 to 2003)
TestingBug ReportHighCritical Runit errors, Closed
Task Description

/sbin/openrc-run: bad interpreter: No such file or directory

I get this error whenever I try to start dhcpcd with sv /etc/runit/

And for sndiod I get this doing the same guide,

warning: sndiod: unable to open supervise/ok: file does not exist

Although rather ironically, If I type sndiod or dhcpcd into root, it works just fine.

Maybe its an FHS issue or possibly, I am screwing up? I am not sure. Feedback is welcome.

This is what I did:

=⇒ Add a service:

ln -s /etc/sv/<service> /var/service
==> Start/stop/restart a service:
sv <start/stop/restart> <service>

more or less, I used this guide.

TestingBug ReportVery HighCritical [Hyperbola GNU/Linux 0.4] QtSSL is not working Closed
Task Description

Description: Tried with new compiled version of mumble no open and secured with SSL-certificate is reachable. Log within console: QSslSocket: cannot resolve SSL_CTX_set_options QSslSocket: cannot resolve SSL_session_reused QSslSocket: cannot resolve SSL_set_options QSslSocket: cannot resolve BN_is_word QSslSocket: cannot resolve SSL_in_init

<W>2021-08-23 01:00:18.814 QSslSocket: cannot call unresolved function sk_num

<W>2021-08-23 01:00:20.270 QSslSocket: cannot call unresolved function SSL_CTX_set_options

TestingImplementation RequestHighCritical [xlsfonts] Missing package needs to be added for xenoca ...Closed
Task Description

Description: Package xlsfonts is missing and should absolutely being added also within groups for ‘xenocara-apps’ and ‘xorg-apps’.

TestingBug ReportHighHigh [sway] error while loading shared libraries Closed
Task Description

$ pacman -Si sway
Repository : community
Name : sway
Version : 0.12.2-1
Description : i3 compatible window manager for Wayland
Architecture : x86_64
URL : Licenses : MIT Groups : None
Provides : None
Depends On : wlc xorg-server-xwayland json-c pango wayland gdk-pixbuf2
Optional Deps : rxvt-unicode: Default terminal emulator.

                dmenu: Default for launching applications.
                imagemagick: For taking screenshots.
                ffmpeg: For recording screencasts.
                i3status: To display system information with a bar.

Conflicts With : None
Replaces : None
Download Size : 4.76 MiB
Installed Size : 5.32 MiB
Packager : Jerome Leclanche Build Date : Wed 12 Apr 2017 02:42:57 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ sway
sway: error while loading shared libraries: cannot open shared object file: No such file or directory

$ ldd /usr/bin/sway (0x00007fffe00eb000) => /usr/lib/ (0x00007f41d3298000) => /usr/lib/ (0x00007f41d3058000) => /usr/lib/ (0x00007f41d2e4d000) => /usr/lib/ (0x00007f41d2c3a000) => /usr/lib/ (0x00007f41d2a05000) => /usr/lib/ (0x00007f41d27f8000) => /usr/lib/ (0x00007f41d25ac000) => /usr/lib/ (0x00007f41d235a000) => /usr/lib/ (0x00007f41d202c000) => /usr/lib/ (0x00007f41d1d19000) => /usr/lib/ (0x00007f41d1b15000) => /usr/lib/ (0x00007f41d1771000) => /usr/lib/ (0x00007f41d14c9000) => /usr/lib/ (0x00007f41d12a4000) => /usr/lib/ (0x00007f41d109a000) => /usr/lib/ (0x00007f41d0e65000) => /usr/lib/ (0x00007f41d0c54000) => /usr/lib/ (0x00007f41d0a47000) => /usr/lib/ (0x00007f41d0843000) => /usr/lib/ (0x00007f41d0504000) => /usr/lib/ (0x00007f41d0302000) => /usr/lib/ (0x00007f41d00d9000) => /usr/lib/ (0x00007f41cfed6000) => /usr/lib/ (0x00007f41cfcb9000) => /usr/lib/ (0x00007f41cfab4000) => /usr/lib/ (0x00007f41cf8ac000) => /usr/lib/ (0x00007f41cf65b000) => not found => /usr/lib/ (0x00007f41cf452000) => /usr/lib/ (0x00007f41cf24a000) => /usr/lib/ (0x00007f41cf02c000) => /usr/lib/ (0x00007f41cee26000) => /usr/lib/ (0x00007f41cec0c000) => /usr/lib/ (0x00007f41cea02000) => /usr/lib/ (0x00007f41ce7ed000) => /usr/lib/ (0x00007f41ce4d9000) => /usr/lib/ (0x00007f41ce295000) => /usr/lib/ (0x00007f41cdfd4000) => /usr/lib/ (0x00007f41cddca000) => /usr/lib/ (0x00007f41cdb94000) => /usr/lib/ (0x00007f41cd990000) => /usr/lib/ (0x00007f41cd782000) => /usr/lib/ (0x00007f41cd577000) => /usr/lib/ (0x00007f41cd365000) => /usr/lib/ (0x00007f41cd14e000) => /usr/lib/ (0x00007f41ccedc000)
/lib64/ => /usr/lib64/ (0x00007f41d34db000) => /usr/lib/ (0x00007f41cccad000) => /usr/lib/ (0x00007f41ccaa8000) => /usr/lib/ (0x00007f41cc8a5000) => /usr/lib/ (0x00007f41cc6a2000) => /usr/lib/ (0x00007f41cc49b000) => /usr/lib/ (0x00007f41cc298000) => /usr/lib/ (0x00007f41cc089000) => /usr/lib/ (0x00007f41cbe5f000) => /usr/lib/ (0x00007f41cbc5b000) => /usr/lib/ (0x00007f41cba55000) => /usr/lib/ (0x00007f41cb84f000) => /usr/lib/ (0x00007f41d3634000) => /usr/lib/ (0x00007f41cb645000) => /usr/lib/ (0x00007f41cb3b1000) => /usr/lib/ (0x00007f41cb13e000) => /usr/lib/ (0x00007f41caf2e000) => /usr/lib/ (0x00007f41cad26000) => /usr/lib/ (0x00007f41cab23000) => /usr/lib/ (0x00007f41ca91d000) => /usr/lib/ (0x00007f41ca701000) => /usr/lib/ (0x00007f41ca4fb000) => /usr/lib/ (0x00007f41ca166000) => /usr/lib/ (0x00007f41c9f3a000) => /usr/lib/ (0x00007f41c9d36000) => /usr/lib/ (0x00007f41c9b20000) => /usr/lib/ (0x00007f41c98d2000) => /usr/lib/ (0x00007f41c968c000) => /usr/lib/ (0x00007f41c9487000)
TestingBug ReportHighHigh [sddm] error while loading shared libraries Closed
AnySecurity IssueHighHigh [npapi-sdk] remove unsecure/deprecated package Closed
AnySecurity IssueHighHigh [npapi-vlc] remove unsecured package Closed
AnySecurity IssueHighHigh [nspluginwrapper] remove unsecure/deprecated package Closed
AnySecurity IssueHighHigh [x2goplugin] remove unsecure package Closed
AnySecurity IssueHighHigh [djview] remove unsecure "" Closed
AnySecurity IssueHighHigh [icedtea-web] remove unsecure "" Closed
TestingBug ReportHighHigh [freerdp] error while loading shared libraries Closed
TestingBug ReportHighHigh [gnome-shell] error while loading shared libraries Closed
TestingBug ReportHighHigh [ksystemlog] error while loading shared libraries Closed
TestingBug ReportHighHigh [mutter] error while loading shared libraries Closed
AnyBug ReportMediumHigh [Solved] [xorg-xdm] * status: crashed Closed
TestingBug ReportMediumHigh [dbus] error of connection with dbus Closed
AnyDrop RequestHighHigh [devtools] remove this package Closed
AnyPrivacy IssueHighHigh [redshift] remove geoclue2 support Closed
AnyPrivacy IssueHighHigh [epiphany] would be more private if not for Hyperbola p ...Closed
AnyBug ReportHighHigh [tlp] remove systemd support Closed
AnyBug ReportHighHigh [sway] relies on systemd libraries Closed
AnySecurity IssueHighHigh [podofo] vulnerable allows remote attackers to cause a  ...Closed
AnySecurity IssueHighHigh [isync] needs update Closed
AnyDrop RequestHighHigh [ssmtp] remove obsolete package Closed
AnyFeature RequestHighHigh [icedove-enigmail] add package Closed
AnyBug ReportMediumHigh [brasero] could not establish a connection to Tracker Closed
AnyBug ReportMediumHigh [redshift] No more location providers to try Closed
AnyBug ReportMediumHigh [mutt] error message: mailbox closed Closed
Showing tasks 151 - 200 of 1517 Page 4 of 31

Available keyboard shortcuts


Task Details

Task Editing