When updating packages this warning appears:

warning: directory permissions differ on /usr/sbin/
filesystem: 750  package: 755

Description:

Additional info:
* package version(s)

$ pacman -Si gufw
Repositorio               : community
Nombre                    : gufw
Versión                   : 17.04.1-3.hyperbola1
Descripción               : Uncomplicated way to manage your GNU/Linux firewall
Arquitectura              : any
URL                       : https://gufw.org/
Licencias                 : GPL-3
Grupos                    : Nada
Provee                    : Nada
Depende de                : gtk3  polkit  python-gobject  ufw  webkit2gtk  net-tools  desktop-file-utils  gtk-update-icon-cache
Dependencias opcionales   : Nada
En conflicto con          : Nada
Remplaza a                : Nada
Tamaño de la descarga     : 886,27 KiB
Tamaño de la instalación  : 3827,00 KiB
Encargado                 : HyperBuilder <hyperbuilder@hyperbola.info>
Fecha de creación         : mar 01 oct 2019 14:35:51 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

==== AUTHENTICATING FOR com.ubuntu.pkexec.gufw ===
Authentication is required to run the Firewall Configuration
Authenticating as: freedom
Password: 
polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized

This incident has been reported.

Steps to reproduce:
- install gufw

I added
<quote>modules=”fs-fuse”</quote>
to /etc/conf.d/modules (and also “fuse” instead).

I looked in /var/log/rc.log and I see this line

<quote>modprobe: FATAL: Module fs-fusetun not found in directory /lib/modules/4.9.194-gnu-1-lts</quote>

It looks like modprobe added “tun” to the filename which prevents loading the module.

One can mount exfat by running commands such as “sudo modprobe fuse” and “sudo mount.exfat /dev/sdc1 /mnt/storage” but it is inconvenient.

Also, loading fuse at startup is problematic - see here:

https://issues.hyperbola.info/index.php?do=details&task_id=1433

Additional info:
* package version(s)

# pacman -Si firewalld
Repositorio               : community
Nombre                    : firewalld
Versión                   : 0.4.4.4-1.hyperbola1
Descripción               : Firewall daemon with D-Bus interface, with OpenRC support
Arquitectura              : any
URL                       : https://github.com/t-woerner/firewalld
Licencias                 : GPL2
Grupos                    : Nada
Provee                    : Nada
Depende de                : dbus-glib  dconf  ebtables  hicolor-icon-theme  ipset  iptables
                            python-slip
Dependencias opcionales   : bash-completion: bash completion
                            gtk3: firewall-config
                            libnm-glib: firewall-config and firewall-applet
                            libnotify: firewall-applet
                            python-pyqt5: firewall-applet
En conflicto con          : Nada
Remplaza a                : Nada
Tamaño de la descarga     : 532,05 KiB
Tamaño de la instalación  : 4865,00 KiB
Encargado                 : André Silva <emulatorman@hyperbola.info>
Fecha de creación         : lun 25 sep 2017 21:00:50 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

# tail -F /var/log/firewalld

2019-10-02 22:09:45 DEBUG1: Loading zone file ‘/usr/lib/firewalld/zones/internal.xml’
2019-10-02 22:09:45 DEBUG1: Loading zone file ‘/usr/lib/firewalld/zones/public.xml’
2019-10-02 22:09:45 DEBUG1: Loading zone file ‘/usr/lib/firewalld/zones/trusted.xml’
2019-10-02 22:09:45 DEBUG1: Loading zone file ‘/usr/lib/firewalld/zones/work.xml’
2019-10-02 22:09:45 DEBUG1: Using default zone ‘public’
2019-10-02 22:09:45 ERROR: Failed to read file “/proc/sys/net/netfilter/nf_conntrack_helper”: [Errno 2] No existe el fichero o el directorio: ‘/proc/sys/net/netfilter/nf_conntrack_helper’
2019-10-02 22:09:45 WARNING: Failed to get and parse nf_conntrack_helper setting
2019-10-02 22:09:45 FATAL ERROR: No IPv4 and IPv6 firewall.
2019-10-02 22:09:45 ERROR: Raising SystemExit in run_server

Steps to reproduce:

- Install package
- rc-service firewalld start
- firewalld –debug

Current VLC version (3.0.4-3.hyperbola1.backports1) fails to play DVB stream using a RTL2832 usb dongle.

I start the playlist like this :

vlc channels.conf

but it returns the following error :

cache_block stream error: cannot pre fill buffer

Also, it asks the user to be in “video” group to access DVB device, this was not needed before with Hyperbola 0.2.9. User being in “wheel” was enough.
Anyway, even after adding my user to video group, it still fails with “cache_block stream error: cannot pre fill buffer”

This is not an issue with my DVB adapter or driver. rtl2832 is correctly loaded. And I can play the channels.conf playlist just fine with “mpv” or “mplayer”.
Also, the channels.conf used works just fine with a more recent version of VLC on an other system (Manjaro) so something is broken with the current VLC used.

Maybe a package bump would fix the issue.

After installing and adding it to the configuration under /etc/conf.d/modules the concurrent module won’t be loaded at all.

rrip_gui does not work. The fix is to install cairo-gobject which is not in the repos. Attached is a working PKGBUILD adapted from the official one.

Description:
The sshguard package should have its /usr/bin/sshguard executable in /usr/sbin, has systemd service files and no OpenRC init script

Additional info:
* sshguard-2.0.0-4
* when I run `sshguard`:

# sshguard
/usr/bin/sshguard: line 87: /usr/bin/journalctl: No such file or directory

* default /etc/sshguard.conf

LOGREADER="LANG=C /usr/bin/journalctl -afb -p info -n1 -t sshd -o cat"
BLACKLIST_FILE=120:/var/db/sshguard/blacklist.db
BACKEND="/usr/lib/sshguard/sshg-fw-iptables"

(commenting the first line temporally solves the issue)

Description:

I saw errors in logs because fail2ban couldn’t find /usr/bin/sendmail, and discovered this:

[/etc/fail2ban] [0]
$ grep /usr/bin/sendmail */*
action.d/sendmail-buffered.conf:              Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-buffered.conf:                 Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-buffered.conf:             Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-buffered.conf:                Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-common.conf:              Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-common.conf:             Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-geoip-lines.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-whois.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-whois-ipjailmatches.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-whois-ipmatches.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-whois-lines.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>
action.d/sendmail-whois-matches.conf:            Fail2Ban" | /usr/bin/sendmail -f <sender> <dest>

Please, also check for other binaries with wrong locations

As of now, the solution is as simple as removing this line → https://git.hyperbola.info:50100/packages/community.git/tree/fail2ban/PKGBUILD#n79

Additional info:
* fail2ban-0.9.6-2.hyperbola3

Description:
Hyperbola has the following SPF implementations:
* libspf2
* perl-mail-spf
* perl-mail-spf-query

However, none of them work out of the box with postfix. There’s postfix-policyd-spf-perl, which uses one the current perl implementations (perl-mail-spf), takes no time to build and all the dependencies are already satisfied with Hyperbola’s packages

Here I made a PKGBUILD that’s compliant with the packaging standards:

pkgname=postfix-policyd-spf-perl
pkgver=2.011
pkgrel=1
pkgdesc='Postfix SPF policy engine, written in Perl'
arch=(i686 x86_64)
url='https://launchpad.net/postfix-policyd-spf-perl/'
license=(GPL)
depends=(perl-mail-spf perl-netaddr-ip perl-sys-hostname-long)
source=("https://launchpad.net/postfix-policyd-spf-perl/trunk/${pkgver}/+download/${pkgname}-${pkgver}.tar.gz"{,.asc})
sha512sums=('22fc00bf74912056a67e937a460ac1fd878f1cb1a3bfa7b19bc5f1e6bc1c36d815dcf8c945e818d242ed5e72a6295bb0e1569446e06b09aefb2842993b8016ba'
            'SKIP')
validpgpkeys=(E7729BFFBE85400FEEEE23B178D7DEFB9AD59AF1) # Scott Kitterman

package() {
  cd "${pkgname}-${pkgver}"

  install -Dm755 "${pkgname}" "${pkgdir}/usr/libexec/postfix/${pkgname}"
  install -Dm644 CHANGES INSTALL README -t "${pkgdir}/usr/share/doc/${pkgname}"
  install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}

in the other hand, to give users the possibility of having more options, we could add pypolicyd-spf (AUR), which depends in pyspf (AUR) and other packages that Hyperbola has. In fact, ArchWiki talks about this implementation, but this might not be relevant.

Description:

default configuration is /etc/auto.master instead of /etc/autofs/auto.master

admin→ sudo /usr/bin/automount -v -f -p /run/autofs.pid
Starting automounter version 5.1.2, master map /etc/auto.master
using kernel protocol version 5.02
lookup(file): file map /etc/auto.master missing or not readable
no mounts in table

The IDE codelite is an excellent development environment, continuously updated, has a clear vision and active support.
Would be nice to have this one within the repositories in upcoming releases, perhaps 0.5?

Description: As Gnome has decided against following libre, free principles the desktop-environment has becoming a risk for the privacy and freedom for users. Meaning that the desktop-environment with all basic packages should be removed. Of course the final decision is up to the community and the development-team. Followed up are more reasons for the insights:

* Bloated with questionable dependencies (including mandatory systemd)
* Using proprietary services as high risk for freedom and privacy for users (https://i.stack.imgur.com/yZcyV.png)
* Coming up with questionable and vague principles, against software-freedom in a whole (inclusion of flatpak and flathub as so-called standardization for distributions, discussions about proprietary software included within the software-center)

Additional info for packages:

gnome-backgrounds
gnome-calculator
gnome-contacts
gnome-control-center
gnome-dictionary
gnome-disk-utility
gnome-font-viewer
gnome-keyring
gnome-screenshot
gnome-session
gnome-settings-daemon
gnome-shell
gnome-shell-extensions
gnome-system-monitor
gnome-terminal
gnome-themes-standard
gnome-user-docs
gnome-user-share
grilo-plugins

It happened already with minetest and again with prosody: When trying to build own packages with makepkg there are patches downloaded from the Debian-project. But the given HTTP(S)-sources are no longer available, concrete example within prosody to be found: https://deb.debian.org/debian/pool/main/p/prosody/prosody_0.10.2-1~bpo9+1.debian.tar.xz (not available)

Please don’t rely on those external sources when creating PKGBUILD-files or just give users the possibility for a secure and granted download. Therefore I cannot build prosody on my own now!

Description:
linphonec is unusable because a error produce a continuous log

Additional info:
linphone 3.11.1-1.hyperbola1

Steps to reproduce:
linphonec

Log:
linphonec> 2019-12-15 19:25:58:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:03:012 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:08:018 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:13:013 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:18:016 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:23:014 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:28:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:33:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:38:012 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:43:015 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:48:010 ortp-error-Error in connect: Network is unreachable
2019-12-15 19:26:53:010 ortp-error-Error in connect: Network is unreachable

When i try to set the brightness on my screen, with xbacklight -set 100,

it does this:

No outputs have backlight property

and it doesn’t really matter if I set it lower than 100 or what it currently is at.

Fix when you can please!

The current version of the package icewm within the Hyperbola-repositories is 1.3.8. The latest version is 1.6.3!
An update would be helpful as this window-manager follows absolutely the principles of the distribution Hyperbola itself, being simple and fast.

It appears when I plug in my libreboot laptop x200 in, it appears to dim the screen and when its unplugged, the screen is bright again. Something peculiar is at work, I wondered if this could be fixed.

My assumption is it is related to lxdm or lightdm. Any thoughts?

I am currently using 0.4, so I don’t expect this to be a fast process, just when you get a chance okay?

These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

When trying to start a new campaign the complete game-engine is crashing with the following message:

Object::disconnect: Unexpected null parameter
QCoreApplication::postEvent: Unexpected null receiver

As ghc and fpc should be removed in the near future it would be good to validate this or otherwise remove the game-package itself also.

When using the package for wireless connections no further icon is displayed without having the package [b]network-manager-applet[/b] installed.

Is there any way to force it to try from yt as it did in the final attempt?

$ hypervideo -f 22 https://www.youtube.com/watch?v=X7v2aHUPp14 [youtube] X7v2aHUPp14: Downloading webpage
[youtube] X7v2aHUPp14: Downloading video info webpage
[youtube] X7v2aHUPp14: Checking URL Invidious API [youtube] X7v2aHUPp14: Downloading JSON metadata
[youtube] X7v2aHUPp14: Downloading from Invidious API ERROR: unable to download video data: HTTP Error 403: Forbidden

$ hypervideo -f 22 https://www.youtube.com/watch?v=X7v2aHUPp14 [youtube] X7v2aHUPp14: Downloading webpage
[youtube] X7v2aHUPp14: Downloading video info webpage
[youtube] X7v2aHUPp14: Checking URL Invidious API [youtube] X7v2aHUPp14: Trying from YT
[download] Destination: Caroline’s First Day _ Green Wing _ Series 1 Episode 1 _ Dead Parrot-X7v2aHUPp14.mp4
[download] 100% of 418.57MiB in 03:31

Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.

Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.

Code is available via svn:

$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp

Copy chdkptp.sh and config.mk files to source tree then compile via make. Requires root privileges to connect to a camera.