|
Any | Freedom Issue | Very Low | Low | [hexedit]: using kernel name instead of operating syste ... | Closed | |
Task Description
Description:
community/hexedit 1.2.13-3
Hex Editor for Linux
See: https://www.gnu.org/philosophy/words-to-avoid.html#Linux
|
|
Any | Freedom Issue | Very Low | Low | [python2-pyinotify]: using kernel name instead of opera ... | Closed | |
Task Description
Description:
community/python2-pyinotify 0.9.6-3 [installed]
Python module used for monitoring filesystems events on Linux platforms with inotify.
community/qlandkartegt 1.8.1-8
See: https://www.gnu.org/philosophy/words-to-avoid.html#Linux
|
|
Any | Freedom Issue | Very Low | Low | [wireshark-cli]: using kernel name when referring to op ... | Closed | |
Task Description
Description:
community/wireshark-cli 2.2.6-1
a free network protocol analyzer for Unix/Linux and Windows - CLI version
See: https://www.gnu.org/philosophy/words-to-avoid.html#Linux
I would remove Unix and Windows from description as those words steer users towards non-free proprietary software.
|
|
Any | Freedom Issue | Very Low | Low | [wireshark-gtk]: using kernel name when referring to op ... | Closed | |
Task Description
Description:
community/wireshark-gtk 2.2.6-1
a free network protocol analyzer for Unix/Linux and Windows - GTK frontend
See: https://www.gnu.org/philosophy/words-to-avoid.html#Linux
Please remove references to proprietary software.
|
|
Any | Freedom Issue | Very Low | Low | [wireshark-qt]: using kernel name when referring to ope ... | Closed | |
Task Description
Description:
community/wireshark-qt 2.2.6-1
a free network protocol analyzer for Unix/Linux and Windows - Qt frontend
See: https://www.gnu.org/philosophy/words-to-avoid.html#Linux
|
|
Any | Feature Request | Very High | High | [backuppc]: contains systemd files | Closed | |
Task Description
Description:
Since Hyperbola follows the Init Freedom Campaign, systemd unit files removal is required or add OpenRC init scripts to replace it.
Additional info: * package version(s)
community/backuppc 4.1.2-1 [installed]
Enterprise-grade system for backing up Linux, Windows and MacOS PCs
* config and/or log files etc.
Additional info:
Steps to reproduce: install it
|
|
Any | Security Issue | Medium | Medium | [openssh] CVE-2018-15919 | Closed | |
Task Description
Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919
|
|
Any | Feature Request | Very Low | Medium | Remove dependency of packages on pulseaudio/libpulse | Closed | |
Task Description
Similar to systemd, pulseaudio or libpulse is forced upon users as many packages require it such as kodi, gnome-shell (and thus also gdm), ffmpeg, gst-plugins-good, simplescreenrecorder, clementine, empathy, seamonkey (iceape), fluidsynth, mumble and qemu, Most/all of these packages can probably be compiled with pulseaudio or libpulse as an optional dependency instead.
|
|
Any | Replace Request | High | Critical | [python2] replace deprecated Python 2 to Tauthon | Closed | |
Task Description
Description:
replace deprecated Python 2 to Tauthon for Canis Major
Additional info:
Steps to reproduce:
|
|
Any | Security Issue | Very Low | Medium | [patch] CVE-2018-6951 - NULL pointer DoS | Closed | |
Task Description
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.
https://security-tracker.debian.org/tracker/CVE-2018-6951
|
|
Any | Bug Report | Low | High | [xfce4-power-manager] locking session issue | Closed | |
Task Description
I probably should’ve mentioned this before, but if it is set to suspend when lid is closed, it should automatically lock. if the security option: lock screen with system is set to sleep is tweaked on it doesn’t lock always.
This is word for word what I wrote in the forums, but yeah... it is a problem say if someone wants to use your laptop without your permission and can do so.
But it is also a problem if you set it to lock instead because it is more prone to overheating when your not using it, and it doesn’t suspend quickly enough.
I have tried this many times and the same story can be told, again and again.
I think this issue should be considered high or critical merely because of the privacy risk if someone gets their hands on your laptop while its on. Even if you have been away... :/
I wonder if anyone else has this issue... well you guys will tell me I am sure. if critical doesn’t match what you think I am sure you will change it. ;)
|
|
Any | Freedom Issue | Very Low | Low | Add Lumina Desktop | Closed | |
Task Description
A Desktop Enivronment mostly focused on BSD, but also one that is very lightweight and easily customized. Would love to see this desktop on Hyperbola and later whenever Emulatorman makes it, Hyperbola/GNU/HyperBK
https://github.com/lumina-desktop/lumina/releases
Version is the latest one in above link of stable.
|
|
Any | Bug Report | Very Low | Medium | [clamtk] Gtk-WARNING **: Impossible to find the theme e ... | Closed | |
Task Description
Additional info: * package version
Repositorio : community
Nombre : clamtk
Versión : 5.24-1
Descripción : Easy to use, light-weight, on-demand virus scanner for Linux
systems
Arquitectura : any
URL : https://dave-theunsub.github.io/clamtk/
Licencias : GPL
Grupos : Nada
Provee : Nada
Depende de : clamav perl gtk2-perl perl-locale-gettext perl-libwww
perl-http-message perl-lwp-protocol-https perl-text-csv
perl-json python zenity desktop-file-utils gnome-icon-theme
cron
Dependencias opcionales : Nada
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 179,90 KiB
Tamaño de la instalación : 1378,00 KiB
Encargado : Levente Polyak <anthraxx@archlinux.org>
Fecha de creación : sáb 19 nov 2016 20:25:20 -05
Validado por : Suma MD5 Suma SHA-256 Firma
* config and/or log files etc.
$ clamtk Gtk-WARNING **: Imposible encontrar el motor de temas en la ruta al _modulo: «clearlooks», at /usr/lib/perl5/vendor_perl/ClamTk/GUI.pm line 35.
Steps to reproduce:
* Install clamtk in all version
|
|
Any | Freedom Issue | Very Low | Critical | [conky] Some serious issues | Closed | |
Task Description
I’m writing here about the package Conky. It is the useful widget of system monitor into your desktop, but there are some serious issues:
Config variables
distribution outputs the string “Arch Linux” instead of “Hyperbola GNU/Linux-libre”.
eve requires users to use API for non-libre/free video game EVE Online, and should be removed.
All Beep Media Player (BMPx) related variables (including bmpx_album, bmpx_artist, bmpx_bitrate, bmpx_title, bmpx_track and bmpx_uri) are obselete and useless, and should be removed because the package BMPx isn’t present on Arch and Hyperbola official repositories but Arch User Repository (AUR).
[For Milky Way version 0.4.x only] All PulseAudio related variables (including if_pa_sink_muted, pa_sink_volume, pa_sink_volumebar, pa_sink_description, pa_card_name and pa_card_active_profile) are no longer used, and should be removed due replaced the default audio server with sndio.
Manual
|
|
Any | Update Request | Very Low | High | [mpv] request for package bump | Closed | |
Task Description
Hello,
Would it be possible to get a package bump for mpv ?
Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use. 0.29.* requires a ffmpeg to 4.x series as well.
Thanks.
|
|
Any | Privacy Issue | Very Low | Critical | [bleachbit] needs to be adapted to UXP applications | Closed | |
Task Description
The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.
|
|
Any | Security Issue | Very Low | Critical | [opensmtpd] CVE-2020-8794 | Closed | |
Task Description
Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/
Qualys Security Advisory
LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)
Summary Analysis ... Acknowledgments
We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This vulnerability, an out-of-bounds read introduced in December 2015 (commit 80c6a60c, “when peer outputs a multi-line response ...”), is exploitable remotely and leads to the execution of arbitrary shell commands: either as root, after May 2018 (commit a8e22235, “switch smtpd to new grammar”); or as any non-root user, before May 2018.
Because this vulnerability resides in OpenSMTPD’s client-side code (which delivers mail to remote SMTP servers), we must consider two different scenarios:
- Client-side exploitation: This vulnerability is remotely exploitable
in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.
- Server-side exploitation: First, the attacker must connect to the
OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).
We developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the first vulnerable release), Debian 10 (stable), Debian 11 (testing), and Fedora 31.
The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”
|
|
Any | Update Request | Medium | High | [php] is out of date/support | Closed | |
Task Description
Description:
From official PHP page, our php 7.1 is out of support and security
Our package : https://www.hyperbola.info/packages/extra/x86_64/php/
PHP page : https://www.php.net/supported-versions.php
|
|
Any | Security Issue | Very High | Critical | [grub2] UEFI SecureBoot vulnerability + multiple flaws ... | Closed | |
Task Description
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/
https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now
|
|
Any | Bug Report | Very Low | Low | [Hyperbola GNU/Linux-libre 0.4] Testing Lumina - lumina ... | Closed | |
Task Description
So far lumina-mediaplayer is working, but lumina-screenshot has a problem to load as application. The library libQt5X11Extras.so.5 is missing when looking at the dependencies.
|
|
Any | Bug Report | Very High | Critical | [ath9k-htc-firmware]: not work | Closed | |
Task Description
Description:
Ath9k wifi device not working, possibly bad compilation or issues with gcc
Additional info: * package version(s)
- gcc-8.4.0-2 - ath9k-htc-firmware-1.4.0-8
* config and/or log files etc.
[ 8.302952] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 8.303011] usbcore: registered new interface driver ath9k_htc
[ 8.303067] usb 1-1: Direct firmware load for ath9k_htc/htc_9271-1.4.0.fw failed with error -2
[ 8.303073] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[ 8.623141] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51008
[ 9.683657] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 9.683672] ath9k_htc: Failed to initialize the device
Steps to reproduce:
- Add wifi device with ath9k firmware, for example: TL-WN722N - pacman -S ath9k-htc-firmware
References:
- https://bugzilla.kernel.org/show_bug.cgi?id=208251
|
|
Any | Privacy Issue | Medium | High | midori new Support for cross-browser web extensions | Closed | |
Task Description
Description: idk what to do with it i add the PKGBUILD but this new extension needs to be checked left or patched, https://git.hyperbola.info:50100/~team/packages/extra.git/plain/midori/PKGBUILD?h=rachad
Additional info: * package version(9.0)
important links to check: * https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions * https://github.com/midori-browser/core/issues/244
|
|
Any | Feature Request | Medium | Low | [Hyperbola GNU/Linux 0.4] Reactivate ALSA for all UXP-a ... | Closed | |
Task Description
Description: As sndio has its own problems I’d propose to reactivate ALSA for all UXP-applications.
|
|
Any | Bug Report | Very Low | Medium | wesnoth change language no works | Closed | |
Task Description
Description: after install the package, select language, choose other language and the language no change
Additional info: * package version(s) : Battle for Wesnoth v1.14.15 * config and/or log files etc. ↓
[ user | 2021-11-05 | 07:31 ] [/home/user] [0] $ wesnoth Battle for Wesnoth v1.14.15 Started on Fri Nov 5 07:32:01 2021
Data directory: /usr/share/games/wesnoth User configuration directory: /home/USER/.config/wesnoth User data directory: /home/USER/.local/share/wesnoth/1.14 Cache directory: /home/USER/.cache/wesnoth
Setting mode to 1366×768 Checking lua scripts... ok 20211105 07:32:12 warning general: setlocale() failed for ‘it_IT’. 20211105 07:32:12 warning general: setlocale() failed for ‘it_IT’.
Steps to reproduce: Install, run, select new language, and find, the language no change
Attach image log
|