|
Any | Implementation Request | Very Low | Medium | [midori] please re-add new releases | Closed | |
Task Description
The security issues regarding the package which led to the package’s removal from Hyperbola (old WebKit and Vala dependency) have apparently been resolved in recent releases, see the new comment in this bug report and the latest PKGBUILD in Arch’s repo.
https://launchpad.net/bugs/1698483
https://www.archlinux.org/packages/community/x86_64/midori/
|
|
Any | Implementation Request | Very Low | Low | [qarte] add package | Closed | |
Task Description
Request for :
qarte
“Allow you to browse into the archive of arte+7 & arteLiveWeb sites and to record your prefered videos.”
https://aur.archlinux.org/packages/qarte
License : GPL3
|
|
Any | Implementation Request | Very Low | Medium | Request for automating Debian package creation | Closed | |
Task Description
As the title says, it would be great if after
./mach build
, i could do
./mach build-deb
.
In the meantime: if i can install the files with
mach
to a specified root directory, then i can build a deb package by hand. Is that possible?
|
|
Any | Implementation Request | Very Low | Low | add yacy support for iceweasel-XP | Closed | |
Task Description
Description:
Searx is better in the short term than search engines like Google and DuckDuckGo in that the client-side JavaScript is free and the server-side code is free and public. However, in the long term it can never be a real replacement for non-free search engines while it relies on non-free search engines for data. At this time, the major general purpose search engines who use their own data are all controlled by corporations like Google and Microsoft. The YaCy search engine addresses this by relying on decentralized data based on p2p.
For this reason, I believe that YaCy is socially a better choice than Searx as the default search engine for Iceweasel-UXP. However, it is not at this time a practically better choice. Since YaCy relies on its users to index the web, and does not currently have many users, the search results are not very good. This creates a chicken-and-egg problem, since it will be difficult for YaCy to gain users while its search results are poor.
However, Searx supports YaCy as a source of search engine results. I don’t know of any Searx instances which have YaCy support enabled, presumably since YaCy support would only be useful to users who have YaCy installed locally and running on http://localhost:8090, but Hyperbola could run its own Searx instance, enable YaCy support plus DuckDuckGo, and make this the default search engine for Iceweasel-UXP. This way, Iceweasel-UXP users can use and contribute to YaCy, but supplement YaCy’s search results with results from DuckDuckGo until YaCy becomes strong enough to stand on its own.
Additional info:
* AUR package for YaCy: https://aur.archlinux.org/packages/yacy
* Searx support for YaCy: https://github.com/asciimoo/searx/blob/master/searx/engines/yacy.py
Steps to reproduce: N/A
|
|
Any | Implementation Request | Very Low | Medium | [nnn] package request | Closed | |
Task Description
This is a request to package nnn - a full-featured terminal file manager for low-end devices and the regular desktop.
nnn is available on Debian, Ubuntu (and family), Fedora, OpenSUSE and Arch Linux.
Homepage: https://github.com/jarun/nnn License: BSD 2-Clause
I would highly appreciate if nnn can be added to the repository.
|
|
Any | Implementation Request | Very Low | Medium | Support of MPTCP (Multipath TCP) on Hyperbola | Closed | |
Task Description
Patch for 4.9 : https://multipath-tcp.org/patches/mptcp-v4.9-c88d1d56809e.patch
AUR : https://aur.archlinux.org/packages/linux-mptcp/
|
|
Any | Implementation Request | Very Low | High | Add MPTCP (MultiPath TCP) to Hyperbola | Closed | |
Task Description
https://aur.archlinux.org/packages/linux-mptcp/
Kernel Patch for 4.9 : http://multipath-tcp.org/patches/mptcp-v4.9-c88d1d56809e.patch
Compile : https://multipath-tcp.org/pmwiki.php/Users/DoItYourself
|
|
Any | Implementation Request | Very Low | Medium | [SPF][postfix] implement pypolicyd-spf and postfix-poli ... | Closed | |
Task Description
Description: Hyperbola has the following SPF implementations: * libspf2 * perl-mail-spf * perl-mail-spf-query
However, none of them work out of the box with postfix. There’s postfix-policyd-spf-perl, which uses one the current perl implementations (perl-mail-spf), takes no time to build and all the dependencies are already satisfied with Hyperbola’s packages
Here I made a PKGBUILD that’s compliant with the packaging standards:
pkgname=postfix-policyd-spf-perl
pkgver=2.011
pkgrel=1
pkgdesc='Postfix SPF policy engine, written in Perl'
arch=(i686 x86_64)
url='https://launchpad.net/postfix-policyd-spf-perl/'
license=(GPL)
depends=(perl-mail-spf perl-netaddr-ip perl-sys-hostname-long)
source=("https://launchpad.net/postfix-policyd-spf-perl/trunk/${pkgver}/+download/${pkgname}-${pkgver}.tar.gz"{,.asc})
sha512sums=('22fc00bf74912056a67e937a460ac1fd878f1cb1a3bfa7b19bc5f1e6bc1c36d815dcf8c945e818d242ed5e72a6295bb0e1569446e06b09aefb2842993b8016ba'
'SKIP')
validpgpkeys=(E7729BFFBE85400FEEEE23B178D7DEFB9AD59AF1) # Scott Kitterman
package() {
cd "${pkgname}-${pkgver}"
install -Dm755 "${pkgname}" "${pkgdir}/usr/libexec/postfix/${pkgname}"
install -Dm644 CHANGES INSTALL README -t "${pkgdir}/usr/share/doc/${pkgname}"
install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}
in the other hand, to give users the possibility of having more options, we could add pypolicyd-spf (AUR), which depends in pyspf (AUR) and other packages that Hyperbola has. In fact, ArchWiki talks about this implementation, but this might not be relevant.
|
|
Stable | Implementation Request | Very Low | Low | [codelite] Adding new package | Closed | |
Task Description
The IDE codelite is an excellent development environment, continuously updated, has a clear vision and active support. Would be nice to have this one within the repositories in upcoming releases, perhaps 0.5?
|
|
Any | Implementation Request | Very Low | Low | [chdkptp] please add package to repos | Closed | |
Task Description
CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.
Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.
Code is available via svn:
$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp
Copy chdkptp.sh and config.mk files to source tree then compile via make. Requires root privileges to connect to a camera.
|
|
Testing | Implementation Request | Very Low | Low | [Hyperbola GNU/Linux-libre 0.4] [polygen{,-data}] Add p ... | Closed | |
Task Description
Is that package worth using to generate every sentence of any kind?
Polygen:
Package name: polygen{,-data}
Release version: 1.0.6
Release date: June 28, 2004
Author(s): Alvise Spanò
Written in: OCaml
-
-
-
-
Arch package status: Not available on the offical repository, but available on AUR.
-
Debian package status: Available on the official repository.
|
|
Stable | Implementation Request | Very Low | Medium | [djview] Add new package | Closed | |
Task Description
Users must need DjView to read any DjVu file if it isn’t present on the repository in this distro, so here’s a link about it during the pending process.
|
|
Any | Privacy Issue | Very Low | Medium | [avahi] avahi publishes the hostname by default | Closed | |
Task Description
By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.
|
|
Any | Privacy Issue | Very Low | Low | [purple-plugin-pack] Provides Napster support which is ... | Closed | |
Task Description
purple-plugin-pack provides access to Napster which is only useful with a single company and sever (as far as I could tell).
|
|
Any | Replace Request | Very Low | Medium | [youtube-dl] replace avideo-lts with youtube-dl | Closed | |
Task Description
Please, replace avideo-lts with youtube-dl. avideo-lts haven’t seen any updates for almost a year and is probably abandoned. Also Stallman confirmed youtube-dl doesn’t execute any non-free JavaScript, so its inclusion doesn’t go against Social Contract.
|
|
Stable | Replace Request | Very Low | Low | [avideo] Replace with youtube-dl | Closed | |
Task Description
What do you think ? Avideo is not updated anymore, can’t we use regular youtube-dl instead as RMS himself say :
“youtube-dl is okay to be in the Directory because it does not actually execute nonfree JS as we first suspected.”
Source : https://directory.fsf.org/wiki/Youtube-dl Also : https://github.com/fent/node-ytdl-core/issues/222
|
|
Stable | Replace Request | Very Low | Medium | Package ossp has got systemd dependencies | Closed | |
Task Description
Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!
Additional info: * package version(s) 1.3.2-15
|
|
Testing | Replace Request | Very Low | Medium | replace request: NetworkManager with wpa_cute | Closed | |
Task Description
https://github.com/loh-tar/wpa-cute/releases
I know there are plans to remove NetworkManager. I wondered if we could replace it in 0.4 with Wpa_Cute. seen in the above link.
I haven’t been able to compile it, but it has been updated as recent as 2018 december (stable)
or 2019 january. :)
WPA_GUI doesn’t seem to work well for me, it runs into weird errors when I start it. Long story short, I run into this issue with wpa_supplicant when i do it manually:
https://wiki.archlinux.org/index.php/Wpa_supplicant:
Password-related problems
wpa_supplicant may not work properly if directly passed via stdin particularly long or complex passphrases which include special characters. This may lead to errors such as failed 4-way WPA handshake, PSK may be wrong when launching wpa_supplicant.
In order to solve this try using here strings wpa_passphrase <MYSSID> «< “<passphrase>” or passing a file to the -c flag instead:
# wpa_supplicant -i <interface> -c /etc/wpa_supplicant/example.conf
In some instances it was found that storing the passphrase cleartext in the psk key of the wpa_supplicant.conf network block gave positive results (see [2]). However, this approach is rather insecure. Using wpa_cli to create this file instead of manually writing it gives the best results most of the time and therefore is the recommended way to proceed. Problems with eduroam and other MSCHAPv2 connections
This is my issue with wpa_supplicant sadly... and I do not know how to workaround that without a GUI.
but Wpa_Supplicant_gui does not fix it either, it doesn’t even load properly on my other laptop.
It says it cannot get the status of wpa_supplicant when I load it.
This could be an issue if you get rid of NetworkManager for some users.
So yeah, please take a look at my request okay? Wait for 0.3 to be released to add this if possible. I know you guys are overworked, etc... and it doesn’t need to be done now anyhow. ;)
|
|
Any | Security Issue | Very Low | High | Iceweasel ESR request, | Closed | |
Task Description
from the, forums I have heard you plan to base your new iceweasel version from basilisk when firefox switches to web extensions completely. I am concerned about this because noscript and many other addons will no longer support legacy after this point...
I really think you are doing a disservice if you do this. I think we should personally fix the leaks that mozilla makes, the way trisquel 8 does it. I have heard they know how to fix those leaks. Or, another way forward would be to find a way that involves forking firefox esr 60 and correcting the bugs with the help of tcpdump.
Its madness to fork from basilisk because without noscript webextensions and other such addons, any benefits you get will be very small compared to what you have lost in the process.
I doubt you want to have two different versions of iceweasel esr, one that is with webext and one without. But please don’t try to use basilisk as the base for iceweasel.
I really think its a bad idea long term. Do I dislike mozilla’s new plan? Yes... of course. But do I think using basilisk will solve it? Not unless mozilla angers enough people to make their addons for basilisk instead... Which I really, really doubt very highly.
Please hear this request and don’t just close it. Rather, instead discuss it for a long time. Without noscript, firefox is immensely insecure. And Firefox’s legacy noscript version will die in the future. In the NEAR FUTURE I MIGHT ADD
Of course, there are other firefox addons I want that are webext. So yeah... Nano Adblocker, Privacy Settings, Privacy Possum/Privacy Badger, Viewtube, Decentraleyes to name a few.
|
|
Any | Security Issue | Very High | Critical | [networkmanager] CVE-2018-1111: DHCP client script code ... | Closed | |
Task Description
A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.
|
|
Stable | Security Issue | Very High | Critical | [iceweasel-uxp] Issue with HTTPS websites | Closed | |
Task Description
With latest iceweasel-uxp, I can’t connect to some HTTPS websites :
For example :
https://pkgs.fedoraproject.org/ is an example
SEC_ERROR_UNKNOWN_ISSUER
|
|
Any | Security Issue | Very Low | High | [octopi] requires su | Closed | |
Task Description
would it be possible to make it use sudo instead?
From what I know, sudo is safer. Let me know if you agree this is a problem.
|
|
Any | Security Issue | Very Low | Critical | [toxcore] Memory leak bug | Closed | |
Task Description
Description: https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/
The bug is fixed in TokTok c-toxcore v0.2.8. The bug is also fixed in the master branch of irungentoo’s toxcore, in commit bf69b54f64003d160d759068f4816b2d9b2e1e21. As a general reminder, if you are still using irungentoo’s toxcore, we strongly encourage you to switch to using TokTok c-toxcore instead as it’s a lot more actively developed and maintained.
|
|
Any | Security Issue | Very Low | Medium | [qemu] Multiple CVE | Closed | |
Task Description
CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug https://www.openwall.com/lists/oss-security/2018/12/13/4
CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP) https://www.openwall.com/lists/oss-security/2018/12/13/11
Patches included at above URLs.
|
|
Any | Security Issue | Very Low | Medium | Download debian-fixes instead of relying on external so ... | Closed | |
Task Description
It happened already with minetest and again with prosody: When trying to build own packages with makepkg there are patches downloaded from the Debian-project. But the given HTTP(S)-sources are no longer available, concrete example within prosody to be found: https://deb.debian.org/debian/pool/main/p/prosody/prosody_0.10.2-1~bpo9+1.debian.tar.xz (not available)
Please don’t rely on those external sources when creating PKGBUILD-files or just give users the possibility for a secure and granted download. Therefore I cannot build prosody on my own now!
|
|
Stable | Security Issue | Very Low | Critical | [lts-kernel][sec] filter /dev/mem access & restrict acc ... | Closed | |
|
|
Any | Security Issue | Very Low | Critical | [opensmtpd] CVE-2020-8794 | Closed | |
|
|
Stable | Security Issue | Very Low | Medium | [git] Multiple CVEs | Closed | |
|
|
Any | Security Issue | Very Low | Medium | mount.davfs: unknown file system davfs due to paths cha ... | Closed | |
|
|
Any | Update Request | Very Low | Medium | [mesa] needs update | Closed | |
|
|
Any | Update Request | Medium | High | Make Knock patch for Linux-libre 4.14 LTS | Closed | |
|
|
Any | Update Request | Very Low | High | [proj]: please update to latest version | Closed | |
|
|
Any | Update Request | Very Low | Medium | Update addon random agent spoofer | Closed | |
|
|
Stable | Update Request | Very Low | Low | [icewm] Upgrade package version | Closed | |
|
|
Stable | Update Request | Very Low | Medium | [varnish] Missing init script | Closed | |
|
|
Testing | Bug Report | High | High | [mutter] error while loading shared libraries | Closed | |
|
|
Any | Backport Request | Very High | High | [gegl] update package to 0.4.2 backport | Closed | |
|
|
Any | Backport Request | Very High | High | [gimp] update package to 2.10.2 backport | Closed | |
|
|
Any | Backport Request | Very Low | Very Low | Icetray for Iceape-uxp | Closed | |
|
|
Any | Bug Report | Medium | High | [Solved] [xorg-xdm] * status: crashed | Closed | |
|
|
Stable | Bug Report | Medium | High | [gufw][firewalld] have errors | Closed | |
|
|
Any | Bug Report | Low | Medium | [cryptsetup] can't umount luks filesystem on reboot/shu ... | Closed | |
|
|
Any | Bug Report | High | High | [openrc] hwclock: Cannot access the Hardware Clock via ... | Closed | |
|
|
Any | Bug Report | Very Low | Low | [gimp] [gegl] Module '/usr/lib/gegl-0.3/lens-correct.so ... | Closed | |
|
|
Testing | Bug Report | Medium | Medium | [iceweasel-uxp] Top Site positioning | Closed | |
|
|
Testing | Bug Report | Very Low | Low | [iceweasel-uxp] minor issues in "About Iceweasel-UXP" w ... | Closed | |
|
|
Testing | Bug Report | Very Low | High | [iceweasel-uxp] recaptcha issue (webchat.freenode.net) | Closed | |
|
|
Testing | Bug Report | Medium | Low | [iceweasel-uxp] XML Parsing Error: undefined entity in ... | Closed | |
|
|
Testing | Bug Report | Medium | Low | [iceweasel-uxp] XML Parsing Error: undefined entity in ... | Closed | |
|
|
Stable | Bug Report | Very Low | High | [lm_sensors] Fail to load it87 module at boot | Closed | |
|