rrip_gui does not work. The fix is to install cairo-gobject which is not in the repos. Attached is a working PKGBUILD adapted from the official one.

Description:
The sshguard package should have its /usr/bin/sshguard executable in /usr/sbin, has systemd service files and no OpenRC init script

Additional info:
* sshguard-2.0.0-4
* when I run `sshguard`:

# sshguard
/usr/bin/sshguard: line 87: /usr/bin/journalctl: No such file or directory

* default /etc/sshguard.conf

LOGREADER="LANG=C /usr/bin/journalctl -afb -p info -n1 -t sshd -o cat"
BLACKLIST_FILE=120:/var/db/sshguard/blacklist.db
BACKEND="/usr/lib/sshguard/sshg-fw-iptables"

(commenting the first line temporally solves the issue)

Description:
This package has a strong systemd integration. It has a systemd backend to get files modifications:

(from /etc/fail2ban/jail.conf)

# systemd:   uses systemd python library to access the systemd journal.
#              Specifying "logpath" is not valid for this backend.
#              See "journalmatch" in the jails associated filter config

and many files at /etc/fail2ban/filter.d have systemd stuff

[/etc/fail2ban/filter.d] [0]
$ grep -i systemd *
dovecot.conf:#journalmatch = _SYSTEMD_UNIT=dovecot.service
ejabberd-auth.conf:# Notes.:  systemd journalctl style match filter for journal based backend
postfix.conf:journalmatch = _SYSTEMD_UNIT=postfix.service
postfix-sasl.conf:#journalmatch = _SYSTEMD_UNIT=postfix.service
pure-ftpd.conf:journalmatch = _SYSTEMD_UNIT=pure-ftpd.service + _COMM=pure-ftpd
recidive.conf:journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5
sshd.conf:journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
sshd-ddos.conf:journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd

Additional info:
* fail2ban-0.9.6-2.hyperbola3

Description:
The /etc/fail2ban/filter.d/dovecot.conf file has a failregex with the following:

^%(__prefix_line)s(?:auth|auth-worker\(\d+\)): (?:pam|passwd-file)\(\S+,<HOST>\): unknown user\s*$

and works with things like:

Month day time hostname dovecot: auth: passwd-file(user@domain.com,IP): unknown user

but with verbosity enabled in Dovecot, this output looks like this:

Month day time hostname dovecot: auth: passwd-file(user@domain.com,IP): unknown user (given password: password)

and in this case it doesn’t work, but it does if we fix the failregex if we replace it with:

^%(__prefix_line)s(?:auth|auth-worker\(\d+\)): (?:pam|passwd-file)\(\S+,<HOST>\): unknown user( \(given password: \S*\))?\s*$

with this new expression, it works with and without verbosity

And regarding postfix, to make it work correctly I “backported” some pieces from newest failregex:

/etc/fail2ban/postfixr-rbl.conf:

^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: [45]54 [45]\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$

/etc/fail2ban/postfix.conf: (second failregex)

^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 45[04] 4\.7\.1 Client host rejected: cannot find your (reverse )?hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$

I can create a patch if you want. Note that I haven’t tested all filters, some others may also need some rework

Additional info:
* fail2ban-0.9.6-2.hyperbola3

Description:

I saw errors in logs because fail2ban couldn’t find /usr/bin/sendmail, and discovered this:

[/etc/fail2ban] [0]
$ grep /usr/bin/sendmail */*
action.d/sendmail-buffered.conf:              Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-buffered.conf:                 Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-buffered.conf:             Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-buffered.conf:                Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-common.conf:              Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-common.conf:             Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-geoip-lines.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-whois.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-whois-ipjailmatches.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-whois-ipmatches.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-whois-lines.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-whois-matches.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>

Please, also check for other binaries with wrong locations

As of now, the solution is as simple as removing this line → https://git.hyperbola.info:50100/packages/community.git/tree/fail2ban/PKGBUILD#n79

Additional info:
* fail2ban-0.9.6-2.hyperbola3

Error: conflicting protocols specified: inet-service vs. icmp

when using

ip protocol icmp icmp type echo-request counter accept comment “accept ICMP echo-request type” ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept comment “Accept ICMPv6”

It is a known bug on 0.7 and solved on 0.9

https://bugzilla.netfilter.org/show_bug.cgi?id=1073 commit 0011985554e269e1cc8f8e5b41eb9dcd795ebe8c fixes this problem upstream.

Description:
Hyperbola has the following SPF implementations:
* libspf2
* perl-mail-spf
* perl-mail-spf-query

However, none of them work out of the box with postfix. There’s postfix-policyd-spf-perl, which uses one the current perl implementations (perl-mail-spf), takes no time to build and all the dependencies are already satisfied with Hyperbola’s packages

Here I made a PKGBUILD that’s compliant with the packaging standards:

pkgname=postfix-policyd-spf-perl
pkgver=2.011
pkgrel=1
pkgdesc='Postfix SPF policy engine, written in Perl'
arch=(i686 x86_64)
url='https://launchpad.net/postfix-policyd-spf-perl/'
license=(GPL)
depends=(perl-mail-spf perl-netaddr-ip perl-sys-hostname-long)
source=("https://launchpad.net/postfix-policyd-spf-perl/trunk/${pkgver}/+download/${pkgname}-${pkgver}.tar.gz"{,.asc})
sha512sums=('22fc00bf74912056a67e937a460ac1fd878f1cb1a3bfa7b19bc5f1e6bc1c36d815dcf8c945e818d242ed5e72a6295bb0e1569446e06b09aefb2842993b8016ba'
            'SKIP')
validpgpkeys=(E7729BFFBE85400FEEEE23B178D7DEFB9AD59AF1) # Scott Kitterman

package() {
  cd "${pkgname}-${pkgver}"

  install -Dm755 "${pkgname}" "${pkgdir}/usr/libexec/postfix/${pkgname}"
  install -Dm644 CHANGES INSTALL README -t "${pkgdir}/usr/share/doc/${pkgname}"
  install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}

in the other hand, to give users the possibility of having more options, we could add pypolicyd-spf (AUR), which depends in pyspf (AUR) and other packages that Hyperbola has. In fact, ArchWiki talks about this implementation, but this might not be relevant.

Description:
The title says everything

Also, it doesn’t follow the FHS (/usr/bin/postgrey should be in /usr/sbin)

Additional info:
* postgrey-1.37-1

A format is not known or recognized in the original code base. To add a string into at the audio section in xferc.in:

opus = "<audioplayer>,<audioplayer>,audacity;Opus Audio;mp3_32x32.png;mp3_16x16.png;;"

Two formats (including HTML and PHP) are provided to run semi-libre/free web browser Mozilla Firefox in the original code base, but it currently got blacklisted due to numerous branding, security and privacy issues, and replaced by the Hyperbola Iceweasel-UXP. To replace existing strings at the web section in xferc.in:

html = "iceweasel-uxp,iceweasel-uxp,<txteditor>;Hyper Text;html_32x32.png;html_16x16.png;;"
htm = "iceweasel-uxp,iceweasel-uxp,<txteditor>;Hyper Text;html_32x32.png;html_16x16.png;;"
php = "iceweasel-uxp,iceweasel-uxp,<txteditor>;PHP Source;html_32x32.png;html_16x16.png;;"

Description:

default configuration is /etc/auto.master instead of /etc/autofs/auto.master

admin→ sudo /usr/bin/automount -v -f -p /run/autofs.pid
Starting automounter version 5.1.2, master map /etc/auto.master
using kernel protocol version 5.02
lookup(file): file map /etc/auto.master missing or not readable
no mounts in table

osdbattery is (probably) useless and broken so Conky did compete because It is still unmaintained and unsupported over 14 years ago (last released version 1.4 on August 23, 2005), and should be removed per anti-abandonware rule at the packaging guidelines.

Also, the default config file contains non-libre/free Microsoft font Verdana as X11 font format property in font variable.

Hello,

Would it be possible to get a package bump for mpv ?

Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use.
0.29.* requires a ffmpeg to 4.x series as well.

Thanks.

The IDE codelite is an excellent development environment, continuously updated, has a clear vision and active support.
Would be nice to have this one within the repositories in upcoming releases, perhaps 0.5?

Description: As Gnome has decided against following libre, free principles the desktop-environment has becoming a risk for the privacy and freedom for users. Meaning that the desktop-environment with all basic packages should be removed. Of course the final decision is up to the community and the development-team. Followed up are more reasons for the insights:

* Bloated with questionable dependencies (including mandatory systemd)
* Using proprietary services as high risk for freedom and privacy for users (https://i.stack.imgur.com/yZcyV.png)
* Coming up with questionable and vague principles, against software-freedom in a whole (inclusion of flatpak and flathub as so-called standardization for distributions, discussions about proprietary software included within the software-center)

Additional info for packages:

gnome-backgrounds
gnome-calculator
gnome-contacts
gnome-control-center
gnome-dictionary
gnome-disk-utility
gnome-font-viewer
gnome-keyring
gnome-screenshot
gnome-session
gnome-settings-daemon
gnome-shell
gnome-shell-extensions
gnome-system-monitor
gnome-terminal
gnome-themes-standard
gnome-user-docs
gnome-user-share
grilo-plugins

It happened already with minetest and again with prosody: When trying to build own packages with makepkg there are patches downloaded from the Debian-project. But the given HTTP(S)-sources are no longer available, concrete example within prosody to be found: https://deb.debian.org/debian/pool/main/p/prosody/prosody_0.10.2-1~bpo9+1.debian.tar.xz (not available)

Please don’t rely on those external sources when creating PKGBUILD-files or just give users the possibility for a secure and granted download. Therefore I cannot build prosody on my own now!

Description:
linphonec is unusable because a error produce a continuous log

Additional info:
linphone 3.11.1-1.hyperbola1

Steps to reproduce:
linphonec

Log:
linphonec> 2019-12-15 19:25:58:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:03:012 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:08:018 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:13:013 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:18:016 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:23:014 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:28:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:33:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:38:012 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:43:015 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:48:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:53:010 ortp-error-Error in connect: Network is unreachable

When i try to set the brightness on my screen, with xbacklight -set 100,

it does this:

No outputs have backlight property

and it doesn’t really matter if I set it lower than 100 or what it currently is at.

Fix when you can please!

The current version of the package icewm within the Hyperbola-repositories is 1.3.8. The latest version is 1.6.3!
An update would be helpful as this window-manager follows absolutely the principles of the distribution Hyperbola itself, being simple and fast.

It appears when I plug in my libreboot laptop x200 in, it appears to dim the screen and when its unplugged, the screen is bright again. Something peculiar is at work, I wondered if this could be fixed.

My assumption is it is related to lxdm or lightdm. Any thoughts?

I am currently using 0.4, so I don’t expect this to be a fast process, just when you get a chance okay?

These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

When trying to start a new campaign the complete game-engine is crashing with the following message:

Object::disconnect: Unexpected null parameter
QCoreApplication::postEvent: Unexpected null receiver

As ghc and fpc should be removed in the near future it would be good to validate this or otherwise remove the game-package itself also.

When using the package for wireless connections no further icon is displayed without having the package [b]network-manager-applet[/b] installed.

Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

The Mailling list don't work : https://lists.hyperbola.info//mailman/listinfo/

CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.

Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.

Code is available via svn:

$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp

Copy chdkptp.sh and config.mk files to source tree then compile via make. chdkptp requires root privileges to connect to a camera.

CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.

Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.

Code is available via svn:

$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp

Copy chdkptp.sh and config.mk files to source tree then compile via make. Requires root privileges to connect to a camera.

CVE-2020-5260 has been fixed very recently in Debian, so I thought I would apply this patch. However, I found out that security patches have not been applied for quite a while (I could account for at least 6 CVEs).

Considering that the version in Debian stretch (2.11.0) is the nearest version with security patches released by Debian and that git project oldest supported version is 2.17, I have used patches from Debian stretch to apply on 2.12.2 currently in Milky Way.

But I have the following error on check():

 |  *** prove ***
 |
 |  Test Summary Report
 |  -------------------
 |  t5570-git-daemon.sh                              (Wstat: 256 Tests: 20 Failed: 10)
 |    Failed tests:  3-7, 15-19
 |    Non-zero exit status: 1
 |  t5811-proto-disable-git.sh                       (Wstat: 256 Tests: 26 Failed: 16)
 |    Failed tests:  2-6, 9-11, 15-19, 21-23
 |    Non-zero exit status: 1
 |  Files=769, Tests=14137, 1101 wallclock secs ( 8.08 usr  1.12 sys + 144.48 cusr 63.42 csys = 217.10 CPU)
 |  Result: FAIL
 |  make[1]: *** [Makefile:45: prove] Error 1
 |  make[1]: Leaving directory '/build/git/src/git-2.12.2/t'
 |  make: *** [Makefile:2291: test] Error 2
 |  ==> ERROR: A failure occurred in check().
 |      Aborting...

This does not seem to be related to my change as the current version in Milky Way produces the same error (IOW the package currently in Milky Way is not rebuidable).

Description: Since the migration to xenocara there seems to be a bug with applications using GTK-2. From time to time there are crashes with assertion `!xcb_xlib_threads_sequence_lost’.

Looking into this a little bit more deep there are also other distributions affected and this is an upstream-bug. But the concrete situation is not that easy, while it could be also part of the library libX11 itself. Looking therefore here: https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1782984

Affected are for example LXDE in general, icedove, iceweasel and many more!

There is only the source code of the client available and since years nothing more happened. With keybase joining “Zoom” nothing more seems to happen. Look also here in the forum: https://forums.hyperbola.info/viewtopic.php?id=368

Description:

From official PHP page, our php 7.1 is out of support and security

Our package :
https://www.hyperbola.info/packages/extra/x86_64/php/

PHP page :
https://www.php.net/supported-versions.php

Description:
Share a single mouse and keyboard between multiple computers, with libressl and OpenRC support

Issue:
Synergy no es capas de trasmitir tildes ni eñes y demás caracteres del español españa

Additional info:
* package version(s): community/synergy 1.8.8-2.hyperbola1
* config and/or log files etc.

Steps to reproduce:
instalarar synergy en 2 PCs con hyperbola 0.3, he intentar escribir tildes, no funcionará...

Hi,

My email server (riseup.net) fails to deliver emails to hyperbola.info. Here’s the error message coming in the returned email:

Reporting-MTA: dns; mx1.riseup.net
X-Postfix-Queue-ID: 49vvwD4xQnzFf2F
X-Postfix-Sender: rfc822; xxxxx@riseup.net
Arrival-Date: Sun, 28 Jun 2020 08:40:44 -0700 (PDT)

Final-Recipient: rfc822; xxxxx@hyperbola.info
Original-Recipient: rfc822;xxxxx@hyperbola.info
Action: failed
Status: 4.7.5
Diagnostic-Code: X-Postfix; Server certificate not verified

This problem did not occur last time I sent emails to a hyperbola.info account (December 2019).
It does not happen with any other destination email server. My guess is that something isn’t properly configured in your server.
If you conclude that this is a riseup.net problem, let me know and I’ll open a bug report with them.

The requirement for TLS 1.2 in email effectively isolated us from internet, and yelling for change isn’t working even in communications with other free/libre system distributions and mailing lists related to free/libre software (both for software and for discussions related to the movement itself). :)

Many mailing lists at gnu.org, fsf.org, fsfla.org, libreplanet.org, and also in other free/libre system distributions aren’t accessible (e.g.: Trisquel).

After confirming the newly created account (typing the confirmation code, the passwoard and its confirmation, and clicking the button to continue), the following error appears:

  Notice: crypt(): No salt parameter was specified. You must use a randomly generated salt and a strong hash function to produce a secure hash. in /srv/http/flyspray/includes/class.flyspray.php on line 656 

The account login seems to work normaly.

php-imagick is an optdepends for many PHP webapps like Nextcloud and Wordpress, would be good to have itin Hyperbola, Arch added it last year

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/

https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now

Description:
Was wondering if there is any issue in terms of freedom andor privacy for the inclusion of elogind? Feedback will be apreciated Cheers.

this was recently implemented in gentoo.

source:
https://libregit.org/i3_relativism/elogind

references:
https://blogs.gentoo.org/leio/2019/03/26/gnome-3-30/#comment-9555 https://forums.gentoo.org/viewtopic-t-1094796.html

contact gentoo developer for help in implementation:
https://wiki.gentoo.org/wiki/User:Leio/TODO

This is same issue as on:
https://bugzilla.redhat.com/show_bug.cgi?id=1151273

The paths changed and trying to mount davfs file system defined in /etc/fstab fails with error: unknown file system davfs

To remedy, I made symlink in /sbin to mount.davfs

The transition of paths had to take that in account as many mounted remote disks failed after upgrade.

The RFC 3461 would allow Hyperbola email accounts to request the destination email providers to point out if an email was successfully delivered.

It might not cover all transport failures, but at least has a chance to know in advance whether the message was delivered, discarding the events that happen afterwards (be it to the main inbox or subject to filtering rules such as moving to other folder, marking as spam or deleted after receipt).

Description:
There is an issue with Christian Rebischke key, i’ve tried to delete /etc/pacman.d/gnupg/ and repopulate it but it doesn’t fix the issue.

error: ascii: signature from “Christian Rebischke (Arch Linux Security Team-Member) Chris.Rebischke@archlinux.org” is unknown trust
File /var/cache/pacman/pkg/ascii-3.15-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

Steps to reproduce:

sudo pacman -S ascii

Description:

Init script is missing for this package.

I think has some systemd dependecies.

/tmp/alpm_sYmHUS/.INSTALL: line 7: systemd-sysusers: command not found
error: command failed to execute correctly

package version: varnish-5.1.2-1

the cardbook version is 30.9 i tried with vcard 4.0 and vcard 3.0 same issue editing or creating a contact makes
icedove-uxp crash!

here i will report 2 issues and one change to make
issues:
1- there is a failed smtp error with post and reply
2- in the forum profile one cant add website with .xyz domain name

the change:
1- with pgp key one would add a short key link just like what was mentioned in here:
https://forums.hyperbola.info/viewtopic.php?pid=2639#p2639