Category Task Type Priority Severity Summary Status Progress
StableBug ReportVery LowCritical [python2-reportlab] python2-pip dependency Closed
Task Description

Since python-pip and python2-pip have been removed, I can’t install python2-reportlab because python2-pip is a dependency of this package.

StableReplace RequestVery LowCritical [spamassassin] includes dependencies for systemd Closed
Task Description

Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 3.4.1-7

StableReplace RequestVery LowCritical [opendkim] includes dependencies for systemd Closed
Task Description

Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 2.10.3-4

AnySecurity IssueVery LowCritical [dokuwiki] CVEs Closed
Task Description

Our current dokuwiki 20170219_b-1 has two serious CVE.

Error message attached after the first installation

AnySecurity IssueVery LowCritical [tcpreplay] CVEs Closed
Task Description

A huge number of CVEs have been fixed on 4.3.1 :


Current Hyperbola version is 4.2.6

AnyFreedom IssueVery LowCritical [flatpak] Access to proprietary applications Closed
Task Description


Additional info:
* 0.9.10-2.hyperbola2

Steps to reproduce: Flatpak gives access to interesting features for the deployment of applications, but in fact it also gives access to proprietary applications like Skype (, Steam ( and many more. So it should be checked if this should be part of the repositories within an open, libre distribution. In my point of view this violates the freedom of users, because there can be not tolerance about intolerance even regarding this.

AnyBug ReportVery LowCritical [msmtp] needs libressl Closed
Task Description


I may be wrong for I did not migrate to 0.3 as of yet, but I think that `msmtp` has been forgotten and needs to be recompiled with `libressl`.

Please remove this report if I am mistaken.

TestingBug ReportVery LowCritical [msmtp] needs libressl Closed
Task Description


I may be wrong for I did not migrate to 0.3 as of yet, but I think that `msmtp` has been forgotten and needs to be recompiled with `libressl`.

Please remove this report if I am mistaken.

AnyBug ReportVery LowCritical [system-config-printer] Impossible to print some pdfs ( ...Closed
Task Description


I’m unable to print some pdfs on my Hyperbola 3.0 system.
Some background :

cups is installed, service enabled and working
system-config-printer is installed and my printer has been correctly added.

I can print most pdfs and text files but recently with a pdf, it fails to print it.* And system-config-printer returned the following error (see capture) :

Printer "EPSON XP-620-Series" requires the '/usr/lib/cups/filters/epson-escpr-wrapper' but it is not currently installed.

Currently, “epson-escpr-wrapper” is installed but it is in :


Looking at source code of system-config-printer, it expects that wrapper to be installed in “/usr/lib/” so I tried to symlink that “epson-escpr-wrapper” to “/usr/lib/cups/filters” but it doesn’t work..

*With a Debian system and the exact same configuration, the “problematic” pdf prints just fine so it is not an issue with the pdf.

StableFreedom IssueVery LowCritical [elementary-icon-theme] Contains non-FSDG compliant dis ...Closed
Task Description

About that distro, Elementary OS is semi-libre/free, Ubuntu based, long term support, but does not comply with the GNU Free System Distributibution Guidelines (FSDG). To either rebrand or remove existing non-FSDG compliant distro icon files.

The following affected files are present in this list:

  • /usr/share/icons/elementary/places/16/distributor-logo.svg
  • /usr/share/icons/elementary/places/24/distributor-logo.svg
  • /usr/share/icons/elementary/places/32/distributor-logo.svg
  • /usr/share/icons/elementary/places/48/distributor-logo.svg
  • /usr/share/icons/elementary/places/64/distributor-logo.svg
  • /usr/share/icons/elementary/places/128/distributor-logo.svg
  • /usr/share/icons/elementary/places/symbolic/distributor-logo-symbolic.svg
AnyFreedom IssueVery LowCritical [conky] Some serious issues Closed
Task Description

I’m writing here about the package Conky. It is the useful widget of system monitor into your desktop, but there are some serious issues:

Config variables

  • distribution outputs the string “Arch Linux” instead of “Hyperbola GNU/Linux-libre”.
  • eve requires users to use API for non-libre/free video game EVE Online, and should be removed.
  • All Beep Media Player (BMPx) related variables (including bmpx_album, bmpx_artist, bmpx_bitrate, bmpx_title, bmpx_track and bmpx_uri) are obselete and useless, and should be removed because the package BMPx isn’t present on Arch and Hyperbola official repositories but Arch User Repository (AUR).
  • [For Milky Way version 0.4.x only] All PulseAudio related variables (including if_pa_sink_muted, pa_sink_volume, pa_sink_volumebar, pa_sink_description, pa_card_name and pa_card_active_profile) are no longer used, and should be removed due replaced the default audio server with sndio.


  • Contains non-FDSG compliant distros.
  • Contains vague terminology.
  • Requires users to use API for non-libre/free weather network service(s) (including The Weather Channel).
StableDrop RequestVery LowCritical [osdbattery] Unmaintained and unsupportable Closed
Task Description

osdbattery is (probably) useless and broken so Conky did compete because It is still unmaintained and unsupported over 14 years ago (last released version 1.4 on August 23, 2005), and should be removed per anti-abandonware rule at the packaging guidelines.

Also, the default config file contains non-libre/free Microsoft font Verdana as X11 font format property in font variable.

StableUpdate RequestVery LowCritical [qt5] request for upgrade Closed
Task Description

I know that upgrading Qt is not a trivial task, but would it be possible to do this anyway? Qt 5.8 has issues that other versions do not have. See for example the discussion here about Projecteur, a very useful tool. Hyperbola seems to be the only Linux distribution unable to run it, just because of Qt 5.8:

AnyPrivacy IssueVery LowCritical [bleachbit] needs to be adapted to UXP applications Closed
Task Description

The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.

AnySecurity IssueVery LowCritical [unbound] Multiple CVEs Closed
Task Description


StableBug ReportVery LowCritical [smartmontools] update-smart-drivedb fails to update Closed
Task Description

smartmontools 6.5-1.hyperbola1

Error while trying to update smart-drivedb :

anon@test[~] update-smart-drivedb

External Link/usr/bin/update-smart-drivedb: download from branches/RELEASE_6_5_DRIVEDB failed (curl: exit 23) /usr/bin/update-smart-drivedb: download from trunk failed (curl: exit 23)

StableSecurity IssueVery LowCritical [lts-kernel][sec] filter /dev/mem access & restrict acc ...Closed
Task Description

These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

AnySecurity IssueVery LowCritical [opensmtpd] CVE-2020-8794 Closed
Task Description


Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)




We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This
vulnerability, an out-of-bounds read introduced in December 2015 (commit
80c6a60c, “when peer outputs a multi-line response ...”), is exploitable
remotely and leads to the execution of arbitrary shell commands: either
as root, after May 2018 (commit a8e22235, “switch smtpd to new
grammar”); or as any non-root user, before May 2018.

Because this vulnerability resides in OpenSMTPD’s client-side code
(which delivers mail to remote SMTP servers), we must consider two
different scenarios:

- Client-side exploitation: This vulnerability is remotely exploitable

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

- Server-side exploitation: First, the attacker must connect to the

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

We developed a simple exploit for this vulnerability and successfully
tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the
first vulnerable release), Debian 10 (stable), Debian 11 (testing), and
Fedora 31.

The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”

StableBug ReportVery LowCritical [gtk-2] Severe problems with GTK2-applications Closed
Task Description

Description: Since the migration to xenocara there seems to be a bug with applications using GTK-2. From time to time there are crashes with assertion `!xcb_xlib_threads_sequence_lost’.

Looking into this a little bit more deep there are also other distributions affected and this is an upstream-bug. But the concrete situation is not that easy, while it could be also part of the library libX11 itself. Looking therefore here:

Affected are for example LXDE in general, icedove, iceweasel and many more!

StableFreedom IssueVery LowCritical [keybase] Complete removal of tool Closed
Task Description

There is only the source code of the client available and since years nothing more happened. With keybase joining “Zoom” nothing more seems to happen. Look also here in the forum:

TestingBug ReportVery LowCritical [Hyperbola GNU/Linux-libre 0.4] Installation issue for  ...Closed
Task Description

Description: Problem with execution of “pacstrap /mnt base base-devel syslinux” from 0.3.1-chroot ISO-image with modified pacman.conf and mirrorlist for testing. There are errors for the packages “libxcrypt” and “man-pages” as both have “/usr/share/man/man3/crypt.3.gz” and “/usr”share/man/man3/crypt_r.3.gz” included.

TestingFreedom IssueVery LowCritical [Hyperbola GNU/Linux-libre 0.4] [lumina-core] has some  ...Closed
Task Description

The list contains some icons before being removed for displaying non-libre and trademark-related stuffs, which may infringe the GNU Free System Distribution Guidelines and Hyperbola Packaging Guidelines.


  • Icons that are libre apps but has problematic issues:
    • nodejs.svg
    • npm.svg
    • umbraco.svg
  • Icons that are non-libre apps:
    • apple-finder.svg
    • apple-safari.svg
    • edge.svg
    • emby.svg
    • evernote.svg
    • google-chrome.svg
    • google-earth.svg
    • internet-explorer.svg (discontinued)
    • itunes.svg
    • jira.svg
    • opera.svg
    • plex.svg
    • quicktime.svg
    • skype.svg
    • slack.svg
    • steam.svg
    • teamviewer.svg
    • unity.svg
    • visualstudio.svg
    • whatsapp.svg
  • Icons that are non-libre games:
    • black-mesa.svg
    • minecraft.svg
  • Icons that are non-libre network services:
    • amazon.svg
    • appnet.svg (discontinued)
    • basecamp.svg
    • bing.svg
    • bitbucket.svg
    • blogger.svg
    • deviantart.svg
    • disqus.svg
    • dribbble.svg
    • dropbox.svg
    • ebay.svg
    • etsy.svg
    • facebook.svg
    • flattr.svg
    • foursquare.svg
    • github.svg
    • gmail.svg
    • google-drive.svg
    • google-maps.svg
    • google-photos.svg
    • google-play.svg
    • google-plus.svg (discontinued)
    • google-translate.svg
    • google-wallet.svg (discontinued, now as Google Pay)
    • instagram.svg
    • jsfiddle.svg
    • lastfm.svg
    • linkedin.svg
    • linode.svg
    • mixcloud.svg
    • onedrive.svg
    • pandora.svg
    • pinterest.svg
    • rdio.svg (discontinued)
    • reddit.svg
    • soundcloud.svg
    • spotify.svg
    • stackexchange.svg
    • stackoverflow.svg
    • telegram.svg
    • tumblr.svg
    • twitch.svg
    • twitter.svg
    • vimeo.svg
    • vine.svg (discontinued)
    • vk.svg
    • wechat.svg
    • xing.svg
    • yelp.svg
    • youtube.svg
  • Icons that are non-FSDG operating systems:
    • android.svg
    • ubuntu.svg
  • Icons that are non-libre operating systems:
    • apple-ios.svg
  • Icons that are trademarked brands and products:
    • apple.svg
    • beats.svg
    • blackberry.svg
    • dolby.svg
    • google.svg
    • google-cardboard.svg (discontinued)
    • google-glass.svg
    • microsoft.svg
    • playstation.svg
    • wii.svg (discontinued)
    • wiiu.svg (discontinued)
  • Icons that are trademarked characters:
    • clippy.svg (appearance from the Office Assistant part of M$ Office 97 to 2003)
AnyReplace RequestDeferCritical [bzr] replace deprecated GNU Bazaar to Brezy Closed
Task Description


  • replace deprecated GNU Bazaar to Brezy for Canis Major

Additional info:

Note: It needs a provide: bazaar and brezy

Steps to reproduce:

  • broken package
AnyFeature RequestVery HighHigh [linux-libre-*] add missing installed kernel configurat ...Closed
Task Description

Add missing /boot/config-linux-libre-* useful for applications such as Xen.

AnyFeature RequestVery HighHigh [kmod] add init file to load kernel modules from /etc f ...Closed
Task Description

Add init file to load kernel modules in system configuration





command_args="$(cat /etc/modules.{,d/*}conf)"

AnyFeature RequestVery HighHigh [procps-ng] add init file to load sysctl configuration  ...Closed
AnyBug ReportVery HighHigh [android-udev] [MTP] unable to mount Android phone Closed
AnyFeature RequestVery HighHigh [kmod] when dummy.ko is loaded, dummy0 interface is loa ...Closed
AnySecurity IssueVery HighHigh [gnupg] CVE-2018-12020 Closed
AnyUpdate RequestVery HighHigh [babl] update package to v0.1.50 Closed
AnyUpdate RequestVery HighHigh [gegl] update package to 0.3.34 Closed
AnyBackport RequestVery HighHigh [gegl] update package to 0.4.2 backport Closed
AnyBackport RequestVery HighHigh [gimp] update package to 2.10.2 backport Closed
AnyUpdate RequestVery HighHigh [krita] update to 3.1.4 version Closed
AnyBackport RequestVery HighHigh [tcpreplay] update package to 4.2.6 backport  Closed
AnyImplementation RequestVery HighHigh [ring] add new package Closed
AnyFeature RequestVery HighHigh [amule] contains systemd unit files Closed
AnyFeature RequestVery HighHigh [deluge] contains systemd unit files Closed
AnyFeature RequestVery HighHigh [gnunet] contains systemd unit file Closed
AnyFeature RequestVery HighHigh [mldonkey] contains systemd unit files Closed
AnyFeature RequestVery HighHigh [timidity++] contains systemd unit file Closed
AnyFeature RequestVery HighHigh [wesnoth] contains systemd unit files Closed
AnyFeature RequestVery HighHigh [sage-notebook] contains systemd unit file Closed
AnyFeature RequestVery HighHigh [evolution-data-server] contains systemd unit files Closed
AnyFeature RequestVery HighHigh [gnome-terminal] contains systemd unit file Closed
AnyFeature RequestVery HighHigh [tracker] contains systemd unit files Closed
AnyFeature RequestVery HighHigh [vino] contains systemd unit file Closed
AnyFeature RequestVery HighHigh [mkinitcpio] enable "hidepid" support in /proc filesyst ...Closed
AnyFeature RequestVery HighHigh [openrc] minor fix in /proc mount option Closed
AnyFeature RequestVery HighHigh [system-config-printer] contains systemd unit file Closed
Showing tasks 151 - 200 of 1513 Page 4 of 31

Available keyboard shortcuts


Task Details

Task Editing