|
Stable | Update Request | High | High | [qt5] upgrade Qt project to the 5.6 LTS version, requir ... | Closed | |
Task Description
Cannot mix incompatible Qt library (version 0×50800) with this library (version 0×50904) Aborted
./Nextcloud-2.3.3-x86_64.AppImage: /usr/lib/libQt5Core.so.5: version `Qt_5.9’ not found (required by /tmp/.mount_NextclpprMnG/usr/bin/../lib/libqt5keychain.so.1
These two packages are directly affected by an older qt5...
Could you update all the qt packages to the LTS version available?
|
|
Any | Update Request | Very Low | High | [mpv] request for package bump | Closed | |
Task Description
Hello,
Would it be possible to get a package bump for mpv ?
Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use. 0.29.* requires a ffmpeg to 4.x series as well.
Thanks.
|
|
Any | Update Request | Medium | High | [php] is out of date/support | Closed | |
Task Description
Description:
From official PHP page, our php 7.1 is out of support and security
Our package : https://www.hyperbola.info/packages/extra/x86_64/php/
PHP page : https://www.php.net/supported-versions.php
|
|
Any | Update Request | Medium | Medium | [cups] update request | Closed | |
Task Description
New versión v2.2.7
References:
|
|
Testing | Update Request | Very Low | Medium | [lmms] update package version to 1.2.0 | Closed | |
Task Description
In the latest version, it has many more changes with new and improvement features, and fixes function issues since released as preview stage in every eight times per three years ago[1]. And also it is possible to rebuild package with sndio.
[1]: https://github.com/LMMS/lmms/releases/ (see all sections below from 1.2.0-RC1 to 1.2.0 in the version history releases)
|
|
Stable | Update Request | Very Low | Medium | [varnish] Missing init script | Closed | |
Task Description
Description:
Init script is missing for this package.
I think has some systemd dependecies.
/tmp/alpm_sYmHUS/.INSTALL: line 7: systemd-sysusers: command not found error: command failed to execute correctly
package version: varnish-5.1.2-1
|
|
Stable | Update Request | Very Low | Low | [icewm] Upgrade package version | Closed | |
Task Description
The current version of the package icewm within the Hyperbola-repositories is 1.3.8. The latest version is 1.6.3! An update would be helpful as this window-manager follows absolutely the principles of the distribution Hyperbola itself, being simple and fast.
|
|
Any | Security Issue | Very Low | Critical | [opensmtpd] CVE-2020-8794 | Closed | |
Task Description
Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/
Qualys Security Advisory
LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)
Summary Analysis ... Acknowledgments
We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This vulnerability, an out-of-bounds read introduced in December 2015 (commit 80c6a60c, “when peer outputs a multi-line response ...”), is exploitable remotely and leads to the execution of arbitrary shell commands: either as root, after May 2018 (commit a8e22235, “switch smtpd to new grammar”); or as any non-root user, before May 2018.
Because this vulnerability resides in OpenSMTPD’s client-side code (which delivers mail to remote SMTP servers), we must consider two different scenarios:
- Client-side exploitation: This vulnerability is remotely exploitable
in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.
- Server-side exploitation: First, the attacker must connect to the
OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).
We developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the first vulnerable release), Debian 10 (stable), Debian 11 (testing), and Fedora 31.
The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”
|
|
Any | Security Issue | Very High | Critical | [grub2] UEFI SecureBoot vulnerability + multiple flaws ... | Closed | |
Task Description
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/
https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now
|
|
Any | Security Issue | Medium | Medium | [openssh] CVE-2018-15919 | Closed | |
Task Description
Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919
|
|
Any | Security Issue | Very Low | Medium | [patch] CVE-2018-6951 - NULL pointer DoS | Closed | |
Task Description
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.
https://security-tracker.debian.org/tracker/CVE-2018-6951
|
|
Stable | Security Issue | Very Low | Medium | [git] Multiple CVEs | Closed | |
Task Description
CVE-2020-5260 has been fixed very recently in Debian, so I thought I would apply this patch. However, I found out that security patches have not been applied for quite a while (I could account for at least 6 CVEs).
Considering that the version in Debian stretch (2.11.0) is the nearest version with security patches released by Debian and that git project oldest supported version is 2.17, I have used patches from Debian stretch to apply on 2.12.2 currently in Milky Way.
But I have the following error on check():
| *** prove ***
|
| Test Summary Report
| -------------------
| t5570-git-daemon.sh (Wstat: 256 Tests: 20 Failed: 10)
| Failed tests: 3-7, 15-19
| Non-zero exit status: 1
| t5811-proto-disable-git.sh (Wstat: 256 Tests: 26 Failed: 16)
| Failed tests: 2-6, 9-11, 15-19, 21-23
| Non-zero exit status: 1
| Files=769, Tests=14137, 1101 wallclock secs ( 8.08 usr 1.12 sys + 144.48 cusr 63.42 csys = 217.10 CPU)
| Result: FAIL
| make[1]: *** [Makefile:45: prove] Error 1
| make[1]: Leaving directory '/build/git/src/git-2.12.2/t'
| make: *** [Makefile:2291: test] Error 2
| ==> ERROR: A failure occurred in check().
| Aborting...
This does not seem to be related to my change as the current version in Milky Way produces the same error (IOW the package currently in Milky Way is not rebuidable).
|
|
Any | Replace Request | High | Critical | [python2] replace deprecated Python 2 to Tauthon | Closed | |
Task Description
Description:
replace deprecated Python 2 to Tauthon for Canis Major
Additional info:
Steps to reproduce:
|
|
Any | Privacy Issue | Very Low | Critical | [bleachbit] needs to be adapted to UXP applications | Closed | |
Task Description
The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.
|
|
Any | Privacy Issue | Medium | High | midori new Support for cross-browser web extensions | Closed | |
Task Description
Description: idk what to do with it i add the PKGBUILD but this new extension needs to be checked left or patched, https://git.hyperbola.info:50100/~team/packages/extra.git/plain/midori/PKGBUILD?h=rachad
Additional info: * package version(9.0)
important links to check: * https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions * https://github.com/midori-browser/core/issues/244
|
|
Testing | Implementation Request | High | Critical | [xlsfonts] Missing package needs to be added for xenoca ... | Closed | |
Task Description
Description: Package xlsfonts is missing and should absolutely being added also within groups for ‘xenocara-apps’ and ‘xorg-apps’.
|
|
Testing | Implementation Request | Very Low | High | Hplip for printing, | Closed | |
Task Description
Does not need any insane depends, such as dbus, as far as the website says:
https://developers.hp.com/hp-linux-imaging-and-printing/install/manual/distros/other
its optional,
I would like to see it readded in the future...
I need it for printing, only one of my laptops is on 0.3, for this purpose at this time.
|
|
Any | Implementation Request | Medium | Medium | [ncdu] add new package | Closed | |
Task Description
PKGBUILD
# $Id: PKGBUILD 187611 2016-08-26 15:44:01Z bisson $
# Contributor: lp76 <l.peduto@gmail.com>
# Contributor: Daenyth <Daenyth+Arch AT gmail DOT com>
# Maintainer: Gaetan Bisson <bisson@archlinux.org>
pkgname=ncdu
pkgver=1.12
pkgrel=1.hyperbola1
pkgdesc='Disk usage analyzer with an ncurses interface'
url='https://dev.yorhel.nl/ncdu'
license=('custom:MIT')
depends=('ncurses')
arch=('i686' 'x86_64')
validpgpkeys=('74460D32B80810EBA9AFA2E962394C698C2739FA')
source=("https://dev.yorhel.nl/download/${pkgname}-${pkgver}.tar.gz"{,.asc})
sha512sums=('20620dd79d2af878442769e097f13806f64f23875dcb85ebccd573a3de43aba5663d496049b64015d13f9a79d624298032c008ef61dfb6f61d8b12902b8dca12'
'SKIP')
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
./configure --prefix=/usr
make
}
package() {
cd "${srcdir}/${pkgname}-${pkgver}"
make DESTDIR="${pkgdir}" install
install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}
|
|
Testing | Implementation Request | Low | Medium | [spacefm] add new package | Closed | |
Task Description
Add SpaceFM File Manager for Hyperbola
Aur Package: spacefm Debian Package: spacefm
|
|
Stable | Implementation Request | Medium | Medium | [materia-theme] add package | Closed | |
Task Description
A Material-like flat theme for GTK+ 2/3, and GNOME shell, released under a GNU General Public Licence (GNU GPL) 2 and later.
|
|
Stable | Implementation Request | Very Low | Medium | [gcc] Renew to version 8 or 9, including multilib | Closed | |
Task Description
As even the support for GCC 7 is now ending with the release of version 7.5 (https://gcc.gnu.org/ml/gcc/2019-11/msg00099.html) I’d like to propose a renewal of the building-stack - which I think is also needed in time. Also a renewal of the glibc would be good at all!
|
|
Stable | Implementation Request | Very Low | Low | [xfe] Add Opus audio file type support | Closed | |
Task Description
A format is not known or recognized in the original code base. To add a string into at the audio section in xferc.in:
opus = "<audioplayer>,<audioplayer>,audacity;Opus Audio;mp3_32x32.png;mp3_16x16.png;;"
|
|
Any | Freedom Issue | Very Low | Critical | [conky] Some serious issues | Closed | |
Task Description
I’m writing here about the package Conky. It is the useful widget of system monitor into your desktop, but there are some serious issues:
Config variables
distribution outputs the string “Arch Linux” instead of “Hyperbola GNU/Linux-libre”.
eve requires users to use API for non-libre/free video game EVE Online, and should be removed.
All Beep Media Player (BMPx) related variables (including bmpx_album, bmpx_artist, bmpx_bitrate, bmpx_title, bmpx_track and bmpx_uri) are obselete and useless, and should be removed because the package BMPx isn’t present on Arch and Hyperbola official repositories but Arch User Repository (AUR).
[For Milky Way version 0.4.x only] All PulseAudio related variables (including if_pa_sink_muted, pa_sink_volume, pa_sink_volumebar, pa_sink_description, pa_card_name and pa_card_active_profile) are no longer used, and should be removed due replaced the default audio server with sndio.
Manual
|
|
Testing | Freedom Issue | Very Low | Critical | [Hyperbola GNU/Linux-libre 0.4] [lumina-core] has some ... | Closed | |
Task Description
The list contains some icons before being removed for displaying non-libre and trademark-related stuffs, which may infringe the GNU Free System Distribution Guidelines and Hyperbola Packaging Guidelines.
/usr/share/icons/material-design-{dark,light}/scalable/applications/:
Icons that are libre apps but has problematic issues:
nodejs.svg
npm.svg
umbraco.svg
Icons that are non-libre apps:
Icons that are non-libre games:
black-mesa.svg
minecraft.svg
Icons that are non-libre network services:
amazon.svg
appnet.svg (discontinued)
basecamp.svg
bing.svg
bitbucket.svg
blogger.svg
deviantart.svg
disqus.svg
dribbble.svg
dropbox.svg
ebay.svg
etsy.svg
facebook.svg
flattr.svg
foursquare.svg
github.svg
gmail.svg
google-drive.svg
google-maps.svg
google-photos.svg
google-play.svg
google-plus.svg (discontinued)
google-translate.svg
google-wallet.svg (discontinued, now as Google Pay)
instagram.svg
jsfiddle.svg
lastfm.svg
linkedin.svg
linode.svg
mixcloud.svg
onedrive.svg
pandora.svg
pinterest.svg
rdio.svg (discontinued)
reddit.svg
soundcloud.svg
spotify.svg
stackexchange.svg
stackoverflow.svg
telegram.svg
tumblr.svg
twitch.svg
twitter.svg
vimeo.svg
vine.svg (discontinued)
vk.svg
wechat.svg
xing.svg
yelp.svg
youtube.svg
Icons that are non-FSDG operating systems:
Icons that are non-libre operating systems:
Icons that are trademarked brands and products:
Icons that are trademarked characters:
|
|
Any | Freedom Issue | Very Low | Low | [wireshark*] mentions non-free OSes in pacman descripti ... | Closed | |
Task Description
community/wireshark-cli 2.2.6-1
a free network protocol analyzer for Unix/Linux and Windows - CLI version
community/wireshark-common 2.2.6-1
Common files used by wireshark-gtk and wireshark-qt
community/wireshark-gtk 2.2.6-1
a free network protocol analyzer for Unix/Linux and Windows - GTK frontend
community/wireshark-qt 2.2.6-1
a free network protocol analyzer for Unix/Linux and Windows - Qt frontend
It’s better to change to a more neutral description such as “a cross-platform network protocol analyzer - CLI/GTK/Qt version”.
|
|
Any | Freedom Issue | Medium | Low | [aiksaurus] vague terminology "Open Source" in descript ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [assimp] vague terminology "Open Source" in description ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [cmake] vague terminology "Open Source" in description ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [gstreamer] vague terminology "Open Source" in descript ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [java-openjfx] vague terminology "Open Source" in descr ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [java-openjfx-doc] vague terminology "Open Source" in d ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [java-openjfx-src] vague terminology "Open Source" in d ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [kdegames-kigo] vague terminology "Open Source" in desc ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [libgdiplus] vague terminology "Open Source" in descrip ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [libical] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [liblouis] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [libofa] vague terminology "Open Source" in description ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [libomxil-bellagio] vague terminology "Open Source" in ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [libupnp] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [mlt] vague terminology "Open Source" in description of ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [mlt-python-bindings] vague terminology "Open Source" i ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [opencore-amr] vague terminology "Open Source" in descr ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [openjpeg] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [openjpeg2] vague terminology "Open Source" in descript ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [rhino] vague terminology "Open Source" in description ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [sofia-sip] vague terminology "Open Source" in descript ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [swt] vague terminology "Open Source" in description of ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [tomcat7] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [tomcat8] vague terminology "Open Source" in descriptio ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [unixodbc] vague terminology "Open Source" in descripti ... | Closed | |
|