Packages

Description:

lsusb does not resolve device names from /var/lib/usbutils/usb.ids

The same thing as described here: https://unix.stackexchange.com/questions/220759/lsusb-doesnt-list-device-names

Description:

• Fix package name to emacs-headless that is the correct name for packages without graphical user interface support. nox suffix is incorrect because Hyperbola supports Wayland too, not only X.Org.

Additional info:
* package version(s)

• 25.2-1

* config and/or log files etc.

Steps to reproduce:

• None

Description:

• Fix package name to erlang-headless that is the correct name for packages without graphical user interface support. nox suffix is incorrect because Hyperbola supports Wayland too, not only X.Org.

Additional info:
* package version(s)

• 19.3-3

* config and/or log files etc.

Steps to reproduce:

• None

Description:

• Fix package name to qbittorrent-headless that is the correct name for packages without graphical user interface support. nox suffix is incorrect because Hyperbola supports Wayland too, not only X.Org.

Additional info:
* package version(s)

• 3.3.11-1

* config and/or log files etc.

Steps to reproduce:

• None

A very nasty bug I wasn’t able to find an answer to.
I compiled stuff (buildroot) using menuconfig, the menu display was fine in xfce4-terminal (See screenshot #1)
I restarted the config a few days later with the same command :

$ make menuconfig

and this time the display was messed up (See screenshot #2)

After investigation, I noticed a directory (filled with stuff) have been created in my home folder :

.terminfo

I don’t know why. But anyway, if I delete it, then the display is ok again.
I noticed that if I use good old xterm terminal, then the display is fine even if the .terminfo directory is present. (it uses “xterm” instead of xterm-256color)

But, with xfce4-terminal (and others, I tried with gnome-terminal, sakura..), the display is messed up if the .terminfo directory is present in my home folder.

I also noticed that if I run the command in a screen session, the issue is not present.

(I open xfce4-terminal)

$ screen
$ printenv TERM
screen.xterm-256color
$ make menuconfig (or htop, or other program using ncurses)

= display ok

but with default :

(I open xfce4-terminal)

$ printenv TERM
xterm-256color
make menuconfig (or htop, or other program using ncurses)

= display messed up if .terminfo directory is present

So I have no idea why this .terminfo directory is generated. What could trigger its generation ? Is that an issue with ncurses or something else ?

Thanks for your help

Description:

crystal build src/invidious.cr –release

Error in src/invidious.cr:19: while requiring "kemal"

require "kemal"
^

in lib/kemal/src/kemal.cr:4: while requiring "./kemal/*"

require "./kemal/*"
^

in lib/kemal/src/kemal/config.cr:26: expanding macro

    property static_headers : (HTTP::Server::Response, String, File::Info -> Void)?
    ^~~~~~~~

in lib/kemal/src/kemal/config.cr:26: expanding macro

    property static_headers : (HTTP::Server::Response, String, File::Info -> Void)?
    ^

in macro 'property' expanded macro: macro_48177600:567, line 4:

   1.       
   2.         
   3.           
>  4.             @static_headers : (HTTP::Server::Response, String, File::Info -> Void) | ::Nil
   5. 
   6.             def static_headers : (HTTP::Server::Response, String, File::Info -> Void) | ::Nil
   7.               @static_headers
   8.             end
   9. 
  10.             def static_headers=(@static_headers : (HTTP::Server::Response, String, File::Info -> Void) | ::Nil)
  11.             end
  12.           
  13.         
  14.       
  15.     

undefined constant File::Info

Additional info:
* package version(s)

Crystal 0.22.0 (2017-04-22) LLVM 4.0.0

Steps to reproduce:

Description:

• Option to add NextCloud/OwnCloud accounts in ‘Online Accounts’ section of System Settings not appearing.

Additional info:
* package version(s)

• 17.04.0-1

* config and/or log files etc.

• N/A

Steps to reproduce:

• Run application
• Go to ‘Online Accounts’ section of System Settings

Description:

• Clicking to add an Jabber Account opens a dialog with no fields to enter information.

Additional info:
* package version(s)

• 17.04.0-3.hyperbola1

* config and/or log files etc.

• N/A

Steps to reproduce:

• Run Application
• Clicking to add an Jabber Account

I probably should’ve mentioned this before, but if it is set to suspend when lid is closed, it should automatically lock. if the security option: lock screen with system is set to sleep is tweaked on it doesn’t lock always.

This is word for word what I wrote in the forums, but yeah... it is a problem say if someone wants to use your laptop without your permission and can do so.

But it is also a problem if you set it to lock instead because it is more prone to overheating when your not using it, and it doesn’t suspend quickly enough.

I have tried this many times and the same story can be told, again and again.

I think this issue should be considered high or critical merely because of the privacy risk if someone gets their hands on your laptop while its on. Even if you have been away... :/

I wonder if anyone else has this issue... well you guys will tell me I am sure. if critical doesn’t match what you think I am sure you will change it. ;)

As per the source code, xdg-utils is meant to work with firefox, google-chrome, and other browsers. It is missing support for -uxp applications.

Please, package and backport the docker CE for Hyperbola Milky Way.

For reference, see the package docker in the Parabola.

Please package update to version 3.7.9 of youtube-viewer.

libre.patch attached :)

The Knock patches for linux-libre maintained by you at https://git.hyperbola.info:50100/kernels/knock.git/ have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x

However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x

This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.

Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do.
https://github.com/copperhead/linux-hardened/releases

New versión v2.2.7

References:

• https://github.com/apple/cups/releases/tag/v2.2.7
• https://security-tracker.debian.org/tracker/source-package/cups
• https://debian.simnet.is/debian/pool/main/c/cups/cups_2.2.7-3.debian.tar.xz

Description:

From official PHP page, our php 7.1 is out of support and security

Our package :
https://www.hyperbola.info/packages/extra/x86_64/php/

PHP page :
https://www.php.net/supported-versions.php

Remove “cinepaint” package since it’s unmaintained and unsupportable. Also, it doesn’t contains any file format support in the latest version (previous version supported multiple file formats).

I suggest use Krita (or Gimp 2.10) to edit 16bit and 32bit file formats or convert with imagemagick/graphicsmagick.

$ pacman -Si cinepaint
Repository      : community
Name            : cinepaint
Version         : 1:1.0.4-5
Description     : Sophisticated graphics manipulation programm supporting > 8bit pictures
Architecture    : x86_64
URL             : http://www.cinepaint.org
Licenses        : LGPL  GPL  MIT
Groups          : None
Provides        : None
Depends On      : gtk2  openexr  lcms  libxpm  fltk  ftgl  libxxf86vm
Optional Deps   : python2: for python plug-ins
                  gutenprint: for print plug-ins
                  ghostscript: for pdf plug-ins
Conflicts With  : None
Replaces        : None
Download Size   : 3.75 MiB
Installed Size  : 13.91 MiB
Packager        : Christian Hesse <arch@eworm.de>
Build Date      : Thu 28 Apr 2016 05:17:05 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

$ sudo pacman -S blender
resolviendo dependencias…
buscando conflictos entre paquetes…

Paquetes (20) alembic-1.7.1-1  blender-common-2.78.c-1.hyperbola4  blosc-1.11.3-1  ilmbase-2.2.0-2  intel-tbb-2017_20170226-1  libraw-0.18.2-1  libspnav-0.2.3-1  llvm-4.0.0-2
              log4cplus-1.2.0-3  opencollada-1.6.45-1.hyperbola1  opencolorio-1.0.9-5  openexr-2.2.0-3.hyperbola2  openimageio-1.6.18-1.hyperbola1  openshadinglanguage-1.7.5-1.hyperbola1
              opensubdiv-3.1.1-1  openvdb-3.2.0-2  ptex-2.1.28-1.hyperbola1  valgrind-3.12.0-2  zstd-1.1.4-1  blender-2.78.c-1.hyperbola4

Tamaño total de la descarga:      0,33 MiB
Tamaño total de la instalación:  567,26 MiB

:: ¿Continuar con la instalación? [S/n] s
:: Recibiendo los paquetes…
 libspnav-0.2.3-1-x86_64                                                                     8,5 KiB   849K/s 00:00 [######################################################################] 100%
 zstd-1.1.4-1-x86_64                                                                       283,3 KiB   199K/s 00:01 [######################################################################] 100%
 blosc-1.11.3-1-x86_64                                                                      43,0 KiB   331K/s 00:00 [######################################################################] 100%
(20/20) comprobando las claves del depósito                                                                         [######################################################################] 100%
(20/20) verificando la integridad de los paquetes                                                                   [######################################################################] 100%
error: libspnav: signature from "Andrea Scarpino <me@andreascarpino.it>" is marginal trust
:: El archivo /var/cache/pacman/pkg/libspnav-0.2.3-1-x86_64.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n] s
error: zstd: signature from "Andrzej Giniewicz (giniu) <gginiu@gmail.com>" is marginal trust
:: El archivo /var/cache/pacman/pkg/zstd-1.1.4-1-x86_64.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n] s
error: blosc: signature from "Andrzej Giniewicz (giniu) <gginiu@gmail.com>" is marginal trust
:: El archivo /var/cache/pacman/pkg/blosc-1.11.3-1-x86_64.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n] s
error: no se pudo realizar la operación (paquete no válido o dañado)
Ocurrieron errores, por lo que no se actualizaron los paquetes

https://security-tracker.debian.org/tracker/CVE-2018-1088

http://openwall.com/lists/oss-security/2018/04/18/1

https://bugs.debian.org/896128

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

Upstream patches: https://review.gluster.org/#/c/19899/1..2

Fixed in: https://github.com/gluster/glusterfs/releases/tag/v4.0.2

Per toxcore official blog, there is a security issue that affects all versions prior to 0.2.3. Users IP will leak if they have public ToxID.
https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release/

Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation

https://security-tracker.debian.org/tracker/CVE-2019-2201

Patch: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388

Replace “devtools” to “artools”[0][1]

[0]:https://github.com/artix-linux/artools [1]:https://git.archlinux.org/devtools.git

Notes: "artools" replaces "devtools" and "archiso"
       without "systemd", but it is not a "libretools" replacement.
       For now, "libretools" needs a "chroot" wrapper to use it.

Description:

I used to be under the
impression that youtube-dl executes proprietary JavaScript, but I now
understand that it only *parses* the JavaScript to find the URL for some
videos. It doesn’t actually run the JavaScript, so it’s not a freedom
issue.

Youtube-dl only executes regular expressions [0][1][2]

you also remove the files that are just for testing [3][4][5][6][7]
and when compiling the program with libretools the test files are not placed[8]

I have consulted with other programmers and we have reached the same conclusion. Youtube-dl does not execute JS non-free, it only extracts the JS to read through python the URL‘s of some videos.[9][10]

The issues that I see with youtube-dl are rather in their form of development because it changes at every moment

Additional info:

- [0]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L12

- [1]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L132

- [2]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/swfinterp.py#L391

- [3]: https://github.com/ytdl-org/youtube-dl/tree/master/test/swftests/

- [4]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_iqiyi_sdk_interpreter.py

- [5]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_jsinterp.py

- [6]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_swfinterp.py

- [7]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_youtube_signature.py

- [8]:

$ tree -d

.
├── bin
├── lib
│   └── python3.6
│       └── site-packages
│           ├── youtube_dl
│           │   ├── downloader
│           │   │   └── __pycache__
│           │   ├── extractor
│           │   │   └── __pycache__
│           │   ├── postprocessor
│           │   │   └── __pycache__
│           │   └── __pycache__
│           └── youtube_dl-2019.5.11-py3.6.egg-info
└── share
    ├── bash-completion
    │   └── completions
    ├── doc
    │   └── youtube_dl
    ├── fish
    │   └── completions
    ├── licenses
    │   └── youtube-dl
    ├── man
    │   └── man1
    └── zsh
        └── site-functions

26 directories

- [9]: https://directory.fsf.org/wiki/Youtube-dl - [10]: https://github.com/fent/node-ytdl-core/issues/222

Description:

Firejail developers since October 2018 have started building LTS versions of firejail[0], according to Packaging Guidelines we must use LTS versions of the packages if they are available.

Links:

[0]: https://github.com/netblue30/firejail/tree/LTSbase

As per a user report (https://forums.hyperbola.info/viewtopic.php?id=92), DDG is USA based search engine and is blocking Tor users (https://trac.torproject.org/projects/tor/ticket/23648).
They are also using non-free JS on the default search.

It seems the best way to solve this is to use their “html” hidden service since it conceals the user IP, doesn’t block Tor users by default, and doesn’t need JS. https://3g2upl4pq6kufc4m.onion/html/

This will affect multiple applications that are currently using DuckDuckGo. The alternative is to remove it completely, but it still is a better option than Google et. all for privacy...