|
Stable | Bug Report | Very Low | Critical | [hypervideo] YouTube's DRM has prevented this software ... | Closed | |
Task Description
With the recent update to hypervideo, my workflow is broken as I can’t archive several youtube channels with hypervideo, the error is always the following :
WARNING: unable to extract html5 player; please report this issue on https://issues.hyperbola.info/ . Make sure you are using the latest version; type 'pacman -Sy hypervideo' as root. Be sure to call hypervideo with the --verbose flag and include its complete output.
[youtube] {22} signature length 44.40, html5 player None
ERROR: Signature extraction failed: Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
video_id, player_url, s
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL
(caused by ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL",)); please report this issue on https://issues.hyperbola.info/ . Make sure you are using the latest version; type 'pacman -Sy hypervideo' as root. Be sure to call hypervideo with the --verbose flag and include its complete output.
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
video_id, player_url, s
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
video_id, player_url, s
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/hypervideo/YoutubeDL.py", line 792, in extract_info
ie_result = ie.extract(url)
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/common.py", line 508, in extract
ie_result = self._real_extract(url)
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1806, in _real_extract
encrypted_sig, video_id, player_url, age_gate)
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1204, in _decrypt_signature
'Signature extraction failed: ' + tb, cause=e)
hypervideo.utils.ExtractorError: Signature extraction failed: Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
video_id, player_url, s
File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL
(caused by ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL",)); please report this issue on https://issues.hyperbola.info/ . Make sure you are using the latest version; type 'pacman -Sy hypervideo' as root. Be sure to call hypervideo with the --verbose flag and include its complete output.
|
|
Stable | Bug Report | Very Low | Critical | [python2-reportlab] python2-pip dependency | Closed | |
Task Description
Since python-pip and python2-pip have been removed, I can’t install python2-reportlab because python2-pip is a dependency of this package. .
|
|
Stable | Replace Request | Very Low | Critical | [spamassassin] includes dependencies for systemd | Closed | |
Task Description
Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd
Additional info: * package version(s) 3.4.1-7
|
|
Stable | Replace Request | Very Low | Critical | [opendkim] includes dependencies for systemd | Closed | |
Task Description
Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd
Additional info: * package version(s) 2.10.3-4
|
|
Any | Security Issue | Very Low | Critical | [dokuwiki] CVEs | Closed | |
Task Description
Our current dokuwiki 20170219_b-1 has two serious CVE.
Error message attached after the first installation
|
|
Any | Security Issue | Very Low | Critical | [tcpreplay] CVEs | Closed | |
Task Description
A huge number of CVEs have been fixed on 4.3.1 :
CVE-2018-20552 CVE-2018-20553 CVE-2018-18408 CVE-2018-18407 CVE-2018-17974 CVE-2018-17580 CVE-2018-17582 CVE-2018-13112
Current Hyperbola version is 4.2.6
|
|
Any | Freedom Issue | Very Low | Critical | [flatpak] Access to proprietary applications | Closed | |
Task Description
Description:
Additional info: * 0.9.10-2.hyperbola2
Steps to reproduce: Flatpak gives access to interesting features for the deployment of applications, but in fact it also gives access to proprietary applications like Skype (https://flathub.org/apps/details/com.skype.Client), Steam (https://flathub.org/apps/details/com.valvesoftware.Steam) and many more. So it should be checked if this should be part of the repositories within an open, libre distribution. In my point of view this violates the freedom of users, because there can be not tolerance about intolerance even regarding this.
|
|
Any | Bug Report | Very Low | Critical | [msmtp] needs libressl | Closed | |
Task Description
Description:
I may be wrong for I did not migrate to 0.3 as of yet, but I think that `msmtp` has been forgotten and needs to be recompiled with `libressl`.
Please remove this report if I am mistaken.
|
|
Testing | Bug Report | Very Low | Critical | [msmtp] needs libressl | Closed | |
Task Description
Description:
I may be wrong for I did not migrate to 0.3 as of yet, but I think that `msmtp` has been forgotten and needs to be recompiled with `libressl`.
Please remove this report if I am mistaken.
|
|
Any | Bug Report | Very Low | Critical | [system-config-printer] Impossible to print some pdfs ( ... | Closed | |
Task Description
Hello,
I’m unable to print some pdfs on my Hyperbola 3.0 system. Some background :
cups is installed, service enabled and working system-config-printer is installed and my printer has been correctly added.
I can print most pdfs and text files but recently with a pdf, it fails to print it.* And system-config-printer returned the following error (see capture) :
Printer "EPSON XP-620-Series" requires the '/usr/lib/cups/filters/epson-escpr-wrapper' but it is not currently installed.
Currently, “epson-escpr-wrapper” is installed but it is in :
/usr/libexec/cups/filters/epson-escpr-wrapper
Looking at source code of system-config-printer, it expects that wrapper to be installed in “/usr/lib/” so I tried to symlink that “epson-escpr-wrapper” to “/usr/lib/cups/filters” but it doesn’t work..
*With a Debian system and the exact same configuration, the “problematic” pdf prints just fine so it is not an issue with the pdf.
|
|
Stable | Freedom Issue | Very Low | Critical | [elementary-icon-theme] Contains non-FSDG compliant dis ... | Closed | |
Task Description
About that distro, Elementary OS is semi-libre/free, Ubuntu based, long term support, but does not comply with the GNU Free System Distributibution Guidelines (FSDG). To either rebrand or remove existing non-FSDG compliant distro icon files.
The following affected files are present in this list:
/usr/share/icons/elementary/places/16/distributor-logo.svg
/usr/share/icons/elementary/places/24/distributor-logo.svg
/usr/share/icons/elementary/places/32/distributor-logo.svg
/usr/share/icons/elementary/places/48/distributor-logo.svg
/usr/share/icons/elementary/places/64/distributor-logo.svg
/usr/share/icons/elementary/places/128/distributor-logo.svg
/usr/share/icons/elementary/places/symbolic/distributor-logo-symbolic.svg
|
|
Any | Freedom Issue | Very Low | Critical | [conky] Some serious issues | Closed | |
Task Description
I’m writing here about the package Conky. It is the useful widget of system monitor into your desktop, but there are some serious issues:
Config variables
distribution outputs the string “Arch Linux” instead of “Hyperbola GNU/Linux-libre”.
eve requires users to use API for non-libre/free video game EVE Online, and should be removed.
All Beep Media Player (BMPx) related variables (including bmpx_album, bmpx_artist, bmpx_bitrate, bmpx_title, bmpx_track and bmpx_uri) are obselete and useless, and should be removed because the package BMPx isn’t present on Arch and Hyperbola official repositories but Arch User Repository (AUR).
[For Milky Way version 0.4.x only] All PulseAudio related variables (including if_pa_sink_muted, pa_sink_volume, pa_sink_volumebar, pa_sink_description, pa_card_name and pa_card_active_profile) are no longer used, and should be removed due replaced the default audio server with sndio.
Manual
|
|
Stable | Drop Request | Very Low | Critical | [osdbattery] Unmaintained and unsupportable | Closed | |
Task Description
osdbattery is (probably) useless and broken so Conky did compete because It is still unmaintained and unsupported over 14 years ago (last released version 1.4 on August 23, 2005), and should be removed per anti-abandonware rule at the packaging guidelines.
Also, the default config file contains non-libre/free Microsoft font Verdana as X11 font format property in font variable.
|
|
Stable | Update Request | Very Low | Critical | [qt5] request for upgrade | Closed | |
Task Description
I know that upgrading Qt is not a trivial task, but would it be possible to do this anyway? Qt 5.8 has issues that other versions do not have. See for example the discussion here about Projecteur, a very useful tool. Hyperbola seems to be the only Linux distribution unable to run it, just because of Qt 5.8:
https://github.com/jahnf/Projecteur/issues/26
|
|
Any | Privacy Issue | Very Low | Critical | [bleachbit] needs to be adapted to UXP applications | Closed | |
Task Description
The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.
|
|
Any | Security Issue | Very Low | Critical | [unbound] Multiple CVEs | Closed | |
Task Description
https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
[Critical] https://security-tracker.debian.org/tracker/CVE-2019-18934
|
|
Stable | Bug Report | Very Low | Critical | [smartmontools] update-smart-drivedb fails to update | Closed | |
Task Description
smartmontools 6.5-1.hyperbola1
Error while trying to update smart-drivedb :
anon@test[~] update-smart-drivedb
External Link/usr/bin/update-smart-drivedb: download from branches/RELEASE_6_5_DRIVEDB failed (curl: exit 23)
/usr/bin/update-smart-drivedb: download from trunk failed (curl: exit 23)
|
|
Stable | Security Issue | Very Low | Critical | [lts-kernel][sec] filter /dev/mem access & restrict acc ... | Closed | |
Task Description
These two options could be enabled :
Kernel hacking → [*] Filter access to /dev/mem [*] Filter I/O access to /dev/mem
Security options → [*] Restrict unprivileged access to the kernel syslog
|
|
Any | Security Issue | Very Low | Critical | [opensmtpd] CVE-2020-8794 | Closed | |
Task Description
Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/
Qualys Security Advisory
LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)
Summary Analysis ... Acknowledgments
We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This vulnerability, an out-of-bounds read introduced in December 2015 (commit 80c6a60c, “when peer outputs a multi-line response ...”), is exploitable remotely and leads to the execution of arbitrary shell commands: either as root, after May 2018 (commit a8e22235, “switch smtpd to new grammar”); or as any non-root user, before May 2018.
Because this vulnerability resides in OpenSMTPD’s client-side code (which delivers mail to remote SMTP servers), we must consider two different scenarios:
- Client-side exploitation: This vulnerability is remotely exploitable
in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.
- Server-side exploitation: First, the attacker must connect to the
OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).
We developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the first vulnerable release), Debian 10 (stable), Debian 11 (testing), and Fedora 31.
The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”
|
|
Stable | Bug Report | Very Low | Critical | [gtk-2] Severe problems with GTK2-applications | Closed | |
Task Description
Description: Since the migration to xenocara there seems to be a bug with applications using GTK-2. From time to time there are crashes with assertion `!xcb_xlib_threads_sequence_lost’.
Looking into this a little bit more deep there are also other distributions affected and this is an upstream-bug. But the concrete situation is not that easy, while it could be also part of the library libX11 itself. Looking therefore here: https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1782984
Affected are for example LXDE in general, icedove, iceweasel and many more!
|
|
Stable | Freedom Issue | Very Low | Critical | [keybase] Complete removal of tool | Closed | |
Task Description
There is only the source code of the client available and since years nothing more happened. With keybase joining “Zoom” nothing more seems to happen. Look also here in the forum: https://forums.hyperbola.info/viewtopic.php?id=368
|
|
Testing | Bug Report | Very Low | Critical | [Hyperbola GNU/Linux-libre 0.4] Installation issue for ... | Closed | |
Task Description
Description: Problem with execution of “pacstrap /mnt base base-devel syslinux” from 0.3.1-chroot ISO-image with modified pacman.conf and mirrorlist for testing. There are errors for the packages “libxcrypt” and “man-pages” as both have “/usr/share/man/man3/crypt.3.gz” and “/usr”share/man/man3/crypt_r.3.gz” included.
|
|
Testing | Freedom Issue | Very Low | Critical | [Hyperbola GNU/Linux-libre 0.4] [lumina-core] has some ... | Closed | |
Task Description
The list contains some icons before being removed for displaying non-libre and trademark-related stuffs, which may infringe the GNU Free System Distribution Guidelines and Hyperbola Packaging Guidelines.
/usr/share/icons/material-design-{dark,light}/scalable/applications/:
Icons that are libre apps but has problematic issues:
nodejs.svg
npm.svg
umbraco.svg
Icons that are non-libre apps:
Icons that are non-libre games:
black-mesa.svg
minecraft.svg
Icons that are non-libre network services:
amazon.svg
appnet.svg (discontinued)
basecamp.svg
bing.svg
bitbucket.svg
blogger.svg
deviantart.svg
disqus.svg
dribbble.svg
dropbox.svg
ebay.svg
etsy.svg
facebook.svg
flattr.svg
foursquare.svg
github.svg
gmail.svg
google-drive.svg
google-maps.svg
google-photos.svg
google-play.svg
google-plus.svg (discontinued)
google-translate.svg
google-wallet.svg (discontinued, now as Google Pay)
instagram.svg
jsfiddle.svg
lastfm.svg
linkedin.svg
linode.svg
mixcloud.svg
onedrive.svg
pandora.svg
pinterest.svg
rdio.svg (discontinued)
reddit.svg
soundcloud.svg
spotify.svg
stackexchange.svg
stackoverflow.svg
telegram.svg
tumblr.svg
twitch.svg
twitter.svg
vimeo.svg
vine.svg (discontinued)
vk.svg
wechat.svg
xing.svg
yelp.svg
youtube.svg
Icons that are non-FSDG operating systems:
Icons that are non-libre operating systems:
Icons that are trademarked brands and products:
Icons that are trademarked characters:
|
|
Any | Replace Request | Defer | Critical | [bzr] replace deprecated GNU Bazaar to Brezy | Closed | |
Task Description
Description:
replace deprecated GNU Bazaar to Brezy for Canis Major
Additional info:
bzr 2.7.0-2
GNU Bazaar will be unmaintained (for now, there are only bug fixes)
GNU Bazaar only supports Python 2.
-
-
-
Note: It needs a provide: bazaar and brezy
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [linux-libre-*] add missing installed kernel configurat ... | Closed | |
Task Description
Add missing /boot/config-linux-libre-* useful for applications such as Xen.
|
|
Any | Feature Request | Very High | High | [kmod] add init file to load kernel modules from /etc f ... | Closed | |
|
|
Any | Feature Request | Very High | High | [procps-ng] add init file to load sysctl configuration ... | Closed | |
|
|
Any | Bug Report | Very High | High | [android-udev] [MTP] unable to mount Android phone | Closed | |
|
|
Any | Feature Request | Very High | High | [kmod] when dummy.ko is loaded, dummy0 interface is loa ... | Closed | |
|
|
Any | Security Issue | Very High | High | [gnupg] CVE-2018-12020 | Closed | |
|
|
Any | Update Request | Very High | High | [babl] update package to v0.1.50 | Closed | |
|
|
Any | Update Request | Very High | High | [gegl] update package to 0.3.34 | Closed | |
|
|
Any | Backport Request | Very High | High | [gegl] update package to 0.4.2 backport | Closed | |
|
|
Any | Backport Request | Very High | High | [gimp] update package to 2.10.2 backport | Closed | |
|
|
Any | Update Request | Very High | High | [krita] update to 3.1.4 version | Closed | |
|
|
Any | Backport Request | Very High | High | [tcpreplay] update package to 4.2.6 backport | Closed | |
|
|
Any | Implementation Request | Very High | High | [ring] add new package | Closed | |
|
|
Any | Feature Request | Very High | High | [amule] contains systemd unit files | Closed | |
|
|
Any | Feature Request | Very High | High | [deluge] contains systemd unit files | Closed | |
|
|
Any | Feature Request | Very High | High | [gnunet] contains systemd unit file | Closed | |
|
|
Any | Feature Request | Very High | High | [mldonkey] contains systemd unit files | Closed | |
|
|
Any | Feature Request | Very High | High | [timidity++] contains systemd unit file | Closed | |
|
|
Any | Feature Request | Very High | High | [wesnoth] contains systemd unit files | Closed | |
|
|
Any | Feature Request | Very High | High | [sage-notebook] contains systemd unit file | Closed | |
|
|
Any | Feature Request | Very High | High | [evolution-data-server] contains systemd unit files | Closed | |
|
|
Any | Feature Request | Very High | High | [gnome-terminal] contains systemd unit file | Closed | |
|
|
Any | Feature Request | Very High | High | [tracker] contains systemd unit files | Closed | |
|
|
Any | Feature Request | Very High | High | [vino] contains systemd unit file | Closed | |
|
|
Any | Feature Request | Very High | High | [mkinitcpio] enable "hidepid" support in /proc filesyst ... | Closed | |
|
|
Any | Feature Request | Very High | High | [openrc] minor fix in /proc mount option | Closed | |
|