osdbattery is (probably) useless and broken so Conky did compete because It is still unmaintained and unsupported over 14 years ago (last released version 1.4 on August 23, 2005), and should be removed per anti-abandonware rule at the packaging guidelines.

Also, the default config file contains non-libre/free Microsoft font Verdana as X11 font format property in font variable.

These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

Description: Since the migration to xenocara there seems to be a bug with applications using GTK-2. From time to time there are crashes with assertion `!xcb_xlib_threads_sequence_lost’.

Looking into this a little bit more deep there are also other distributions affected and this is an upstream-bug. But the concrete situation is not that easy, while it could be also part of the library libX11 itself. Looking therefore here: https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1782984

Affected are for example LXDE in general, icedove, iceweasel and many more!

There is only the source code of the client available and since years nothing more happened. With keybase joining “Zoom” nothing more seems to happen. Look also here in the forum: https://forums.hyperbola.info/viewtopic.php?id=368

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/

https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now

Description: Problem with execution of “pacstrap /mnt base base-devel syslinux” from 0.3.1-chroot ISO-image with modified pacman.conf and mirrorlist for testing. There are errors for the packages “libxcrypt” and “man-pages” as both have “/usr/share/man/man3/crypt.3.gz” and “/usr”share/man/man3/crypt_r.3.gz” included.

Description: Configuration file “syslinux.cfg” under /boot/syslinux/ has to be adjusted. Problem with kernel-images loaded and the concurrent booting device is per default configured to /dev/sda3. Kernel-images are named as “linux-libre” not “linux-libre-lts”.

Description:

Ath9k wifi device not working, possibly bad compilation or issues with gcc

Additional info:
* package version(s)

- gcc-8.4.0-2
- ath9k-htc-firmware-1.4.0-8

* config and/or log files etc.

[    8.302952] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[    8.303011] usbcore: registered new interface driver ath9k_htc
[    8.303067] usb 1-1: Direct firmware load for ath9k_htc/htc_9271-1.4.0.fw failed with error -2
[    8.303073] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[    8.623141] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51008
[    9.683657] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[    9.683672] ath9k_htc: Failed to initialize the device

Steps to reproduce:

- Add wifi device with ath9k firmware, for example: TL-WN722N
- pacman -S ath9k-htc-firmware

The list contains some icons before being removed for displaying non-libre and trademark-related stuffs, which may infringe the GNU Free System Distribution Guidelines and Hyperbola Packaging Guidelines.

/usr/share/icons/material-design-{dark,light}/scalable/applications/:

• Icons that are libre apps but has problematic issues:
  • nodejs.svg
  • npm.svg
  • umbraco.svg
• Icons that are non-libre apps:
  • apple-finder.svg
  • apple-safari.svg
  • edge.svg
  • emby.svg
  • evernote.svg
  • google-chrome.svg
  • google-earth.svg
  • internet-explorer.svg (discontinued)
  • itunes.svg
  • jira.svg
  • opera.svg
  • plex.svg
  • quicktime.svg
  • skype.svg
  • slack.svg
  • steam.svg
  • teamviewer.svg
  • unity.svg
  • visualstudio.svg
  • whatsapp.svg
• Icons that are non-libre games:
  • black-mesa.svg
  • minecraft.svg
• Icons that are non-libre network services:
  • amazon.svg
  • appnet.svg (discontinued)
  • basecamp.svg
  • bing.svg
  • bitbucket.svg
  • blogger.svg
  • deviantart.svg
  • disqus.svg
  • dribbble.svg
  • dropbox.svg
  • ebay.svg
  • etsy.svg
  • facebook.svg
  • flattr.svg
  • foursquare.svg
  • github.svg
  • gmail.svg
  • google-drive.svg
  • google-maps.svg
  • google-photos.svg
  • google-play.svg
  • google-plus.svg (discontinued)
  • google-translate.svg
  • google-wallet.svg (discontinued, now as Google Pay)
  • instagram.svg
  • jsfiddle.svg
  • lastfm.svg
  • linkedin.svg
  • linode.svg
  • mixcloud.svg
  • onedrive.svg
  • pandora.svg
  • pinterest.svg
  • rdio.svg (discontinued)
  • reddit.svg
  • soundcloud.svg
  • spotify.svg
  • stackexchange.svg
  • stackoverflow.svg
  • telegram.svg
  • tumblr.svg
  • twitch.svg
  • twitter.svg
  • vimeo.svg
  • vine.svg (discontinued)
  • vk.svg
  • wechat.svg
  • xing.svg
  • yelp.svg
  • youtube.svg
• Icons that are non-FSDG operating systems:
  • android.svg
  • ubuntu.svg
• Icons that are non-libre operating systems:
  • apple-ios.svg
• Icons that are trademarked brands and products:
  • apple.svg
  • beats.svg
  • blackberry.svg
  • dolby.svg
  • google.svg
  • google-cardboard.svg (discontinued)
  • google-glass.svg
  • microsoft.svg
  • playstation.svg
  • wii.svg (discontinued)
  • wiiu.svg (discontinued)
• Icons that are trademarked characters:
  • clippy.svg (appearance from the Office Assistant part of M$ Office 97 to 2003)

Hello,

I’m unable to print some pdfs on my Hyperbola 3.0 system.
Some background :

cups is installed, service enabled and working
system-config-printer is installed and my printer has been correctly added.

I can print most pdfs and text files but recently with a pdf, it fails to print it.* And system-config-printer returned the following error (see capture) :

Printer "EPSON XP-620-Series" requires the '/usr/lib/cups/filters/epson-escpr-wrapper' but it is not currently installed.

Currently, “epson-escpr-wrapper” is installed but it is in :

/usr/libexec/cups/filters/epson-escpr-wrapper

Looking at source code of system-config-printer, it expects that wrapper to be installed in “/usr/lib/” so I tried to symlink that “epson-escpr-wrapper” to “/usr/lib/cups/filters” but it doesn’t work..

*With a Debian system and the exact same configuration, the “problematic” pdf prints just fine so it is not an issue with the pdf.

I’m writing here about the package Conky. It is the useful widget of system monitor into your desktop, but there are some serious issues:

Config variables

• distribution outputs the string “Arch Linux” instead of “Hyperbola GNU/Linux-libre”.
• eve requires users to use API for non-libre/free video game EVE Online, and should be removed.
• All Beep Media Player (BMPx) related variables (including bmpx_album, bmpx_artist, bmpx_bitrate, bmpx_title, bmpx_track and bmpx_uri) are obselete and useless, and should be removed because the package BMPx isn’t present on Arch and Hyperbola official repositories but Arch User Repository (AUR).
• [For Milky Way version 0.4.x only] All PulseAudio related variables (including if_pa_sink_muted, pa_sink_volume, pa_sink_volumebar, pa_sink_description, pa_card_name and pa_card_active_profile) are no longer used, and should be removed due replaced the default audio server with sndio.

Manual

• Contains non-FDSG compliant distros.
• Contains vague terminology.
• Requires users to use API for non-libre/free weather network service(s) (including The Weather Channel).

The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/

[Critical] https://security-tracker.debian.org/tracker/CVE-2019-18934

smartmontools 6.5-1.hyperbola1

Error while trying to update smart-drivedb :

anon@test[~] update-smart-drivedb

External Link/usr/bin/update-smart-drivedb: download from branches/RELEASE_6_5_DRIVEDB failed (curl: exit 23) /usr/bin/update-smart-drivedb: download from trunk failed (curl: exit 23)

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation

https://security-tracker.debian.org/tracker/CVE-2019-2201

Patch: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388

Description:

Wireless connection does not work

Additional info:
* package version(s)

- wpa_supplicant 2:2.9-1
- libressl 3.2.2-1

* config and/or log files etc.

Successfully initialized wpa_supplicant
OpenSSL: Failed to set cipher string 'DEFAULT@SECLEVEL=1'
SSL: Failed to initialize TLS context.
Failed to initialize EAPOL state machines.
nl80211: deinit ifname=wlp0s18f2u1 disabled_11b_rates=0

Steps to reproduce:

$ wpa_supplicant -B -i device-name -c <(wpa_passphrase “ssid” “psk”)

Current torsocks version is broken.
It returns the following error when attempting to torify application :

which: no getcap

There are issues with the current sndio-package as it seems not possible to get this to work with ALSA.

Develop HyperBK (Hyper Berkeley Kernel), a BSD descendant kernel with GPL-compatible licenses preserved, non-compatible ones removed, and new code written under GPL-3 for HyperbolaBSD.

TODO:

• Download OpenBSD kernel source code from OpenBSD site → DONE

• Download LibertyBSD scripts to deblob and rebrand kernel from their scripts. → DONE

• Create a new project in Hyperbola Git called hyperbk. → DONE

• Push source to HyperBK’s project. → DONE

• Rebrand OpenBSD kernel to HyperbolaBSD with LibertyBSD scripts. → DONE

• Rebrand entire code (functions, variable, pointers, etc) under HyperbolaBSD → DONE

• Remove files under non GPL-compatible licenses → DONE

• Import code from another BSD systems under GPL-compatible licenses → IN PROGRESS

• Remove remaining nonfree files don't found from LibertyBSD scripts → IN PROGRESS

• Write new code under GPL-3 → IN PROGRESS

• Package HyperBK for HyperbolaBSD.

PATCHING NOTE

When the check concerns kernel, we obviously want to match with HyperbolaBSD.

Example of triplet check:	hyperbolabsd)
Example of uname -s check:	HyperbolaBSD)
Example of uname -r check:	0.1)
Example of C macro check:	defined(__HyperbolaBSD__)

Description:

• replace deprecated GNU Bazaar to Brezy for Canis Major

Additional info:

• bzr 2.7.0-2
• GNU Bazaar will be unmaintained (for now, there are only bug fixes)
• GNU Bazaar only supports Python 2.
• Python 2.7 is the end of the Python 2 line of development. [0]
• There never will be an official Python 2.8 release.
• Or use Tauthon (fork of Python 2.7) as dependency.

Note: It needs a provide: bazaar and brezy

Steps to reproduce:

• broken package

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and the Power9-based Talos II promises to be a great architecture example for workstations and servers environments where Hyperbola is focused since is a fully free long-term support distribution.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the POWER architecture (power64le).

NOTE: POWER porting is focused only for Hyperbola GNU/Linux-libre .

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and ARM A7/A53 promises to be a great architecture example for low-power computers, laptops and embedded systems.

NOTE: ARM porting is focused only for HyperbolaBSD .

The unfortunate reality is that x86 computers come encumbered with built-in low-level backdoors like the Intel Management Engine , as well as nonfree boot firmware. This means that users can’t gain full control over their computers, even if they install a free operating system such as Hyperbola GNU/Linux-libre .

Hyperbola is working hard to fix these issues and getting closer every day, but for the time being, this is why many current Respects Your Freedom (RYF) offerings are refurbished older devices.

For the future of free computing, we need support architectures that do not come with such malware pre-installed, and RISC-V promises to be a great architecture example for low-power computers, laptops and embedded systems, also as ARM architecture replacement.

Devices like this are the future of computing that Respects Your Freedom and for that reason it’s a high priority for Hyperbola port all packages for the RISC-V architecture (riscv64) with multilib support.

NOTE: RISC-V porting is focused only for Hyperbola GNU/Linux-libre .

The Knock patches for linux-libre maintained by you at https://git.hyperbola.info:50100/kernels/knock.git/ have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x

However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x

This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.

Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do.
https://github.com/copperhead/linux-hardened/releases

Description:

I have tried all combinations, but despite “noauto” specified in /etc/fstab all devices get mounted at boot.

Who can help me, not to mount a device during boot?

Description:

glom cannot run without libgda, so it should depend on libgda package

/etc/ssl/certs/java/cacerts has 0 entries, resulting in ssl handshake errors in java applications.

Package versions:
* ca-certificates 20170307-1
* ca-certificates-utils 20170307-1

Description:

https://proj4.org/index.html

This package have valuable geodetic applications, and I intend to present Hyperbola GNU/Linux-libre soon in universities and schools in East Africa.

The coordinate system there is not WGS84 and this package only in new version is providing the conversion from East African geographic coordinates to WGS84, and will be very usable in many industrial and private applications.

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

Description:

This bug only appears when logged in as root on terminal

# kf5-config --version
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
Qt: 5.8.0
KDE Frameworks: 5.33.0
kf5-config: 1.0

Additional info:

* package version(s)

$ pacman -Si kdelibs4support
Repositorio               : extra
Nombre                    : kdelibs4support
Versión                   : 5.33.0-1
Descripción               : Porting aid from KDELibs4
Arquitectura              : x86_64
URL                       : https://community.kde.org/Frameworks
Licencias                 : LGPL
Grupos                    : kf5-aids
Provee                    : Nada
Depende de                : kunitconversion  kitemmodels  kemoticons  kded  kparts
Dependencias opcionales   : Nada
En conflicto con          : kde4support
Remplaza a                : kde4support
Tamaño de la descarga     : 3,03 MiB
Tamaño de la instalación  : 17,36 MiB
Encargado                 : Felix Yan <felixonmars@archlinux.org>
Fecha de creación         : jue 13 abr 2017 14:29:47 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

Steps to reproduce:

- Install KDE plasma

Description:

org.freedesktop.DBus.Error.NameHasNoOwner: Could not get owner of name ‘org.bluez.obex’: no such name

Additional info:
* package version(s)

$ pacman -Si blueman
Repositorio               : community
Nombre                    : blueman
Versión                   : 2.0.4-3
Descripción               : GTK+ Bluetooth Manager
Arquitectura              : x86_64
URL                       : https://github.com/blueman-project/blueman
Licencias                 : GPL
Grupos                    : Nada
Provee                    : Nada
Depende de                : bluez  bluez-libs  gtk3  libnotify  python-cairo  python-dbus
                            python-gobject
Dependencias opcionales   : dnsmasq: Network Access Point (NAP) support
                            networkmanager: Dial Up Networking (DUN) and Personal Area
                            Networking (PAN) support
                            pulseaudio-bluetooth: audio devices support
En conflicto con          : Nada
Remplaza a                : Nada
Tamaño de la descarga     : 1814,18 KiB
Tamaño de la instalación  : 5345,00 KiB
Encargado                 : Felix Yan <felixonmars@archlinux.org>
Fecha de creación         : dom 25 dic 2016 12:00:42 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

(blueman-applet | ccze -A):
- https://paste.debian.net/plain/1049476

(pkgfile -l blueman):
- https://paste.debian.net/plain/1049477

Steps to reproduce:

- Install blueman

Description:

• Option to add NextCloud/OwnCloud accounts in ‘Online Accounts’ section of System Settings not appearing.

Additional info:
* package version(s)

• 17.04.0-1

* config and/or log files etc.

• N/A

Steps to reproduce:

• Run application
• Go to ‘Online Accounts’ section of System Settings

Description:

• Clicking to add an Jabber Account opens a dialog with no fields to enter information.

Additional info:
* package version(s)

• 17.04.0-3.hyperbola1

* config and/or log files etc.

• N/A

Steps to reproduce:

• Run Application
• Clicking to add an Jabber Account

(14/14) installing gitlab [##############################] 100%
/tmp/alpm_bCqhHf/.INSTALL: line 2: systemd-tmpfiles: command not found

Hello Hyperbola!

GPA gives out the following errors upon opening the app.

First:

```
The GPGME library returned an unexpected
error at confdialog.c:1459. The error was:

    Unsupported protocol

This is either an installation problem or a bug in GPA.
GPA will now try to recover from this error.
```

Second:

```
Fatal Error in GPGME library
(invoked from file options.c, line 302):

    Unsupported protocol

The application will be terminated

What can I do to overcome these errors?
```
As this issue makes gpa app completely unusable, I have set this bug report’s severity as high.

I also request the admin to set priority to high due to it’s severity.

Thank you!

Regards,
RG.

Description:

groff is typesetting system similar to TeX/LaTeX however, it is very small and very usable. It is not built properly with URW fonts, or such are missing, I cannot know all details. Overall groff package is basically somehow broken.

It shall depend on proper fonts, and such fonts should already be built, including their Unicode versions.

Package is only partially built.

https://aur.archlinux.org/packages/linux-mptcp/

Kernel Patch for 4.9 :
http://multipath-tcp.org/patches/mptcp-v4.9-c88d1d56809e.patch

Compile :
https://multipath-tcp.org/pmwiki.php/Users/DoItYourself

Current VLC version (3.0.4-3.hyperbola1.backports1) fails to play DVB stream using a RTL2832 usb dongle.

I start the playlist like this :

vlc channels.conf

but it returns the following error :

cache_block stream error: cannot pre fill buffer

Also, it asks the user to be in “video” group to access DVB device, this was not needed before with Hyperbola 0.2.9. User being in “wheel” was enough.
Anyway, even after adding my user to video group, it still fails with “cache_block stream error: cannot pre fill buffer”

This is not an issue with my DVB adapter or driver. rtl2832 is correctly loaded. And I can play the channels.conf playlist just fine with “mpv” or “mplayer”.
Also, the channels.conf used works just fine with a more recent version of VLC on an other system (Manjaro) so something is broken with the current VLC used.

Maybe a package bump would fix the issue.

my recommended fix, make it reflect the applications that are actually installed on the system after removing non-free software support.

recommended fix, remove non-free software entries in menu and replace them with applications that actually exist.

rrip_gui does not work. The fix is to install cairo-gobject which is not in the repos. Attached is a working PKGBUILD adapted from the official one.

Error: conflicting protocols specified: inet-service vs. icmp

when using

ip protocol icmp icmp type echo-request counter accept comment “accept ICMP echo-request type” ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept comment “Accept ICMPv6”

It is a known bug on 0.7 and solved on 0.9

https://bugzilla.netfilter.org/show_bug.cgi?id=1073 commit 0011985554e269e1cc8f8e5b41eb9dcd795ebe8c fixes this problem upstream.

Hello,

Would it be possible to get a package bump for mpv ?

Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use.
0.29.* requires a ffmpeg to 4.x series as well.

Thanks.

Description:

From official PHP page, our php 7.1 is out of support and security

Our package :
https://www.hyperbola.info/packages/extra/x86_64/php/

PHP page :
https://www.php.net/supported-versions.php

Description:
Share a single mouse and keyboard between multiple computers, with libressl and OpenRC support

Issue:
Synergy no es capas de trasmitir tildes ni eñes y demás caracteres del español españa

Additional info:
* package version(s): community/synergy 1.8.8-2.hyperbola1
* config and/or log files etc.

Steps to reproduce:
instalarar synergy en 2 PCs con hyperbola 0.3, he intentar escribir tildes, no funcionará...

Description:

• needs OpenRC init script

Additional info:

• onioncat 0.2.2.r578-1

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd file

Additional info:

• umurmur 0.2.16_a-6

umurmur /usr/lib/systemd/system/umurmur.service

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd files

Additional info:

• prosody 1:0.10.r7198+.2fd20f372cb1+-2

prosody /usr/lib/systemd/system/prosody.service
prosody /usr/lib/sysusers.d/prosody.conf
prosody /usr/lib/tmpfiles.d/prosody.conf

Steps to reproduce:

• none

Description:

• needs OpenRC init script and contains systemd files

Additional info:

• unrealircd 4.0.11-2

unrealircd /usr/lib/systemd/system/unrealircd.service
unrealircd /usr/lib/tmpfiles.d/unrealircd.conf

Steps to reproduce:

• none