There are issues with the current sndio-package as it seems not possible to get this to work with ALSA.

Description:

Ath9k wifi device not working, possibly bad compilation or issues with gcc

Additional info:
* package version(s)

- gcc-8.4.0-2
- ath9k-htc-firmware-1.4.0-8

* config and/or log files etc.

[    8.302952] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[    8.303011] usbcore: registered new interface driver ath9k_htc
[    8.303067] usb 1-1: Direct firmware load for ath9k_htc/htc_9271-1.4.0.fw failed with error -2
[    8.303073] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[    8.623141] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51008
[    9.683657] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[    9.683672] ath9k_htc: Failed to initialize the device

Steps to reproduce:

- Add wifi device with ath9k firmware, for example: TL-WN722N
- pacman -S ath9k-htc-firmware

References:

- https://bugzilla.kernel.org/show_bug.cgi?id=208251

$ pacman -Si cmake-fedora
Repository : community
Name : cmake-fedora
Version : 2.7.1-3
Description : CMake helper modules for fedora developers
Architecture : any
URL : https://pagure.io/cmake-fedora Licenses : custom:BSD
Groups : None
Provides : None
Depends On : cmake
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 90.94 KiB
Installed Size : 422.00 KiB
Packager : Felix Yan felixonmars@archlinux.org Build Date : Mon 17 Apr 2017 06:39:49 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

I can’t update filters or update with iceweasel-uxp-ublock-origin.
When I toggle the additional filters list, it is empty.

Hello,

I can’t manually install some extensions I was using successfully with iceweasel-esr (52.9.x) previously.
Notably :

https-everywhere https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/ watch-with-mpv https://addons.mozilla.org/en-US/firefox/addon/watch-with-mpv/ tampermonkey https://addons.mozilla.org/en-US/firefox/addon/tampermonkey/ Save URL to Wayback Machine https://addons.mozilla.org/en-US/firefox/addon/save-url-to-wayback-machine

How to install them with iceweasel-uxp ?

Description:
Postfix is a mess, first it failed to start (running ‘postfix start’) with the following:

  postfix: fatal: chdir(/usr/lib/postfix/bin): No such file or directory

Then, to solve this, I symlinked /usr/libexec/postfix to /usr/lib/postfix/bin, because there were the binaries, but then it came with the following:

  # postfix start
  /usr/lib/postfix/bin/postfix-script: line 89: /usr/bin/postconf: No such file or directory
  /usr/lib/postfix/bin/postfix-script: line 90: /usr/bin/postlog: No such file or directory

Because all the post* bins where now in /usr/sbin, so I symlinked them to /usr/bin, and it could finally run, but with many warnings

  # postfix start
  postfix/postfix-script: warning: symlink leaves directory: /usr/lib/postfix/./bin
  postfix/postfix-script: warning: not owned by group postdrop: /usr/bin/postqueue
  postfix/postfix-script: warning: not owned by group postdrop: /usr/bin/postdrop
  postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/bin/postqueue
  postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/bin/postdrop
  postfix/postfix-script: starting the Postfix mail system

Additional info:
* postfix 3.2.2-1.hyperbola6

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation

https://security-tracker.debian.org/tracker/CVE-2019-2201

Patch: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388

The aarch64-linux-gnu-linux-api-headers package from [community] compiles using the blobbed Linux kernel source[0], at Parabola it has been replaced with aarch64-linux-gnu-linux-libre-api-headers[1], since this issue is exactly the same as with linux-api-headers.

The solution is to simply compile using Linux-libre sources.

[0] https://git.archlinux.org/svntogit/community.git/plain/aarch64-linux-gnu-linux-api-headers/trunk/PKGBUILD

[1] https://git.parabola.nu/abslibre.git/commit/?id=acaa4ba9c0bc77deb6b77e4dad815f66c673d662

With the recent update to hypervideo, my workflow is broken as I can’t archive several youtube channels with hypervideo, the error is always the following :

WARNING: unable to extract html5 player; please report this issue on https://issues.hyperbola.info/ . Make sure you are using the latest version; type 'pacman -Sy hypervideo' as root. Be sure to call hypervideo with the --verbose flag and include its complete output.
[youtube] {22} signature length 44.40, html5 player None
ERROR: Signature extraction failed: Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
    video_id, player_url, s
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
    raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL
 (caused by ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL",)); please report this issue on https://issues.hyperbola.info/ . Make sure you are using the latest version; type 'pacman -Sy hypervideo' as root. Be sure to call hypervideo with the --verbose flag and include its complete output.
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
    video_id, player_url, s
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
    raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
    video_id, player_url, s
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
    raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/hypervideo/YoutubeDL.py", line 792, in extract_info
    ie_result = ie.extract(url)
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/common.py", line 508, in extract
    ie_result = self._real_extract(url)
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1806, in _real_extract
    encrypted_sig, video_id, player_url, age_gate)
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1204, in _decrypt_signature
    'Signature extraction failed: ' + tb, cause=e)
hypervideo.utils.ExtractorError: Signature extraction failed: Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1194, in _decrypt_signature
    video_id, player_url, s
  File "/usr/lib/python3.6/site-packages/hypervideo/extractor/youtube.py", line 1127, in _extract_signature_function
    raise ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL", expected=True)
hypervideo.utils.ExtractorError: YouTube's DRM has prevented this software from obtaining the video URL
 (caused by ExtractorError("YouTube's DRM has prevented this software from obtaining the video URL",)); please report this issue on https://issues.hyperbola.info/ . Make sure you are using the latest version; type 'pacman -Sy hypervideo' as root. Be sure to call hypervideo with the --verbose flag and include its complete output.

Since python-pip and python2-pip have been removed, I can’t install python2-reportlab because python2-pip is a dependency of this package.
.

Hello,

I’m unable to print some pdfs on my Hyperbola 3.0 system.
Some background :

cups is installed, service enabled and working
system-config-printer is installed and my printer has been correctly added.

I can print most pdfs and text files but recently with a pdf, it fails to print it.* And system-config-printer returned the following error (see capture) :

Printer "EPSON XP-620-Series" requires the '/usr/lib/cups/filters/epson-escpr-wrapper' but it is not currently installed.

Currently, “epson-escpr-wrapper” is installed but it is in :

/usr/libexec/cups/filters/epson-escpr-wrapper

Looking at source code of system-config-printer, it expects that wrapper to be installed in “/usr/lib/” so I tried to symlink that “epson-escpr-wrapper” to “/usr/lib/cups/filters” but it doesn’t work..

*With a Debian system and the exact same configuration, the “problematic” pdf prints just fine so it is not an issue with the pdf.

About that distro, Elementary OS is semi-libre/free, Ubuntu based, long term support, but does not comply with the GNU Free System Distributibution Guidelines (FSDG). To either rebrand or remove existing non-FSDG compliant distro icon files.

The following affected files are present in this list:

• /usr/share/icons/elementary/places/16/distributor-logo.svg
• /usr/share/icons/elementary/places/24/distributor-logo.svg
• /usr/share/icons/elementary/places/32/distributor-logo.svg
• /usr/share/icons/elementary/places/48/distributor-logo.svg
• /usr/share/icons/elementary/places/64/distributor-logo.svg
• /usr/share/icons/elementary/places/128/distributor-logo.svg
• /usr/share/icons/elementary/places/symbolic/distributor-logo-symbolic.svg

osdbattery is (probably) useless and broken so Conky did compete because It is still unmaintained and unsupported over 14 years ago (last released version 1.4 on August 23, 2005), and should be removed per anti-abandonware rule at the packaging guidelines.

Also, the default config file contains non-libre/free Microsoft font Verdana as X11 font format property in font variable.

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/

[Critical] https://security-tracker.debian.org/tracker/CVE-2019-18934

The list contains some icons before being removed for displaying non-libre and trademark-related stuffs, which may infringe the GNU Free System Distribution Guidelines and Hyperbola Packaging Guidelines.

/usr/share/icons/material-design-{dark,light}/scalable/applications/:

• Icons that are libre apps but has problematic issues:
  • nodejs.svg
  • npm.svg
  • umbraco.svg
• Icons that are non-libre apps:
  • apple-finder.svg
  • apple-safari.svg
  • edge.svg
  • emby.svg
  • evernote.svg
  • google-chrome.svg
  • google-earth.svg
  • internet-explorer.svg (discontinued)
  • itunes.svg
  • jira.svg
  • opera.svg
  • plex.svg
  • quicktime.svg
  • skype.svg
  • slack.svg
  • steam.svg
  • teamviewer.svg
  • unity.svg
  • visualstudio.svg
  • whatsapp.svg
• Icons that are non-libre games:
  • black-mesa.svg
  • minecraft.svg
• Icons that are non-libre network services:
  • amazon.svg
  • appnet.svg (discontinued)
  • basecamp.svg
  • bing.svg
  • bitbucket.svg
  • blogger.svg
  • deviantart.svg
  • disqus.svg
  • dribbble.svg
  • dropbox.svg
  • ebay.svg
  • etsy.svg
  • facebook.svg
  • flattr.svg
  • foursquare.svg
  • github.svg
  • gmail.svg
  • google-drive.svg
  • google-maps.svg
  • google-photos.svg
  • google-play.svg
  • google-plus.svg (discontinued)
  • google-translate.svg
  • google-wallet.svg (discontinued, now as Google Pay)
  • instagram.svg
  • jsfiddle.svg
  • lastfm.svg
  • linkedin.svg
  • linode.svg
  • mixcloud.svg
  • onedrive.svg
  • pandora.svg
  • pinterest.svg
  • rdio.svg (discontinued)
  • reddit.svg
  • soundcloud.svg
  • spotify.svg
  • stackexchange.svg
  • stackoverflow.svg
  • telegram.svg
  • tumblr.svg
  • twitch.svg
  • twitter.svg
  • vimeo.svg
  • vine.svg (discontinued)
  • vk.svg
  • wechat.svg
  • xing.svg
  • yelp.svg
  • youtube.svg
• Icons that are non-FSDG operating systems:
  • android.svg
  • ubuntu.svg
• Icons that are non-libre operating systems:
  • apple-ios.svg
• Icons that are trademarked brands and products:
  • apple.svg
  • beats.svg
  • blackberry.svg
  • dolby.svg
  • google.svg
  • google-cardboard.svg (discontinued)
  • google-glass.svg
  • microsoft.svg
  • playstation.svg
  • wii.svg (discontinued)
  • wiiu.svg (discontinued)
• Icons that are trademarked characters:
  • clippy.svg (appearance from the Office Assistant part of M$ Office 97 to 2003)

Description: Package xlsfonts is missing and should absolutely being added also within groups for ‘xenocara-apps’ and ‘xorg-apps’.

A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.

pacman -Si openldap
Repository : core
Name : openldap
Version : 2.4.44-4.hyperbola3
Description : Lightweight Directory Access Protocol (LDAP) client and

                server, with OpenRC support

Architecture : x86_64
URL : https://www.openldap.org/ Licenses : custom
Groups : None
Provides : None
Depends On : libldap>=2.4.44 libltdl unixodbc
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 1282.52 KiB
Installed Size : 3990.00 KiB
Packager : André Silva emulatorman@hyperbola.info Build Date : Wed 21 Feb 2018 08:09:38 PM CET
Validated By : MD5 Sum SHA-256 Sum Signature

pacman -Ql openldap | grep /usr/lib/
openldap /usr/lib/
openldap /usr/lib/openldap/
openldap /usr/lib/openldap/accesslog-2.4.so.2
openldap /usr/lib/openldap/accesslog-2.4.so.2.10.7
openldap /usr/lib/openldap/accesslog.so
openldap /usr/lib/openldap/auditlog-2.4.so.2
openldap /usr/lib/openldap/auditlog-2.4.so.2.10.7
openldap /usr/lib/openldap/auditlog.so
openldap /usr/lib/openldap/collect-2.4.so.2
openldap /usr/lib/openldap/collect-2.4.so.2.10.7
openldap /usr/lib/openldap/collect.so
openldap /usr/lib/openldap/constraint-2.4.so.2
openldap /usr/lib/openldap/constraint-2.4.so.2.10.7
openldap /usr/lib/openldap/constraint.so
openldap /usr/lib/openldap/dds-2.4.so.2
openldap /usr/lib/openldap/dds-2.4.so.2.10.7
openldap /usr/lib/openldap/dds.so
openldap /usr/lib/openldap/deref-2.4.so.2
openldap /usr/lib/openldap/deref-2.4.so.2.10.7
openldap /usr/lib/openldap/deref.so
openldap /usr/lib/openldap/dyngroup-2.4.so.2
openldap /usr/lib/openldap/dyngroup-2.4.so.2.10.7
openldap /usr/lib/openldap/dyngroup.so
openldap /usr/lib/openldap/dynlist-2.4.so.2
openldap /usr/lib/openldap/dynlist-2.4.so.2.10.7
openldap /usr/lib/openldap/dynlist.so
openldap /usr/lib/openldap/memberof-2.4.so.2
openldap /usr/lib/openldap/memberof-2.4.so.2.10.7
openldap /usr/lib/openldap/memberof.so
openldap /usr/lib/openldap/nssov.so
openldap /usr/lib/openldap/nssov.so.0
openldap /usr/lib/openldap/nssov.so.0.0.0
openldap /usr/lib/openldap/pcache-2.4.so.2
openldap /usr/lib/openldap/pcache-2.4.so.2.10.7
openldap /usr/lib/openldap/pcache.so
openldap /usr/lib/openldap/ppolicy-2.4.so.2
openldap /usr/lib/openldap/ppolicy-2.4.so.2.10.7
openldap /usr/lib/openldap/ppolicy.so
openldap /usr/lib/openldap/refint-2.4.so.2
openldap /usr/lib/openldap/refint-2.4.so.2.10.7
openldap /usr/lib/openldap/refint.so
openldap /usr/lib/openldap/retcode-2.4.so.2
openldap /usr/lib/openldap/retcode-2.4.so.2.10.7
openldap /usr/lib/openldap/retcode.so
openldap /usr/lib/openldap/rwm-2.4.so.2
openldap /usr/lib/openldap/rwm-2.4.so.2.10.7
openldap /usr/lib/openldap/rwm.so
openldap /usr/lib/openldap/seqmod-2.4.so.2
openldap /usr/lib/openldap/seqmod-2.4.so.2.10.7
openldap /usr/lib/openldap/seqmod.so
openldap /usr/lib/openldap/sssvlv-2.4.so.2
openldap /usr/lib/openldap/sssvlv-2.4.so.2.10.7
openldap /usr/lib/openldap/sssvlv.so
openldap /usr/lib/openldap/syncprov-2.4.so.2
openldap /usr/lib/openldap/syncprov-2.4.so.2.10.7
openldap /usr/lib/openldap/syncprov.so
openldap /usr/lib/openldap/translucent-2.4.so.2
openldap /usr/lib/openldap/translucent-2.4.so.2.10.7
openldap /usr/lib/openldap/translucent.so
openldap /usr/lib/openldap/unique-2.4.so.2
openldap /usr/lib/openldap/unique-2.4.so.2.10.7
openldap /usr/lib/openldap/unique.so
openldap /usr/lib/openldap/valsort-2.4.so.2
openldap /usr/lib/openldap/valsort-2.4.so.2.10.7
openldap /usr/lib/openldap/valsort.so
openldap /usr/lib/slapd

With latest iceweasel-uxp, I can’t connect to some HTTPS websites :

For example :

https://pkgs.fedoraproject.org/ is an example

SEC_ERROR_UNKNOWN_ISSUER

Description:
https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/

The bug is fixed in TokTok c-toxcore v0.2.8. The bug is also fixed in the master branch of irungentoo’s toxcore, in commit bf69b54f64003d160d759068f4816b2d9b2e1e21. As a general reminder, if you are still using irungentoo’s toxcore, we strongly encourage you to switch to using TokTok c-toxcore instead as it’s a lot more actively developed and maintained.

Description:

I may be wrong for I did not migrate to 0.3 as of yet, but I think that `msmtp` has been forgotten and needs to be recompiled with `libressl`.

Please remove this report if I am mistaken.

Description:

I may be wrong for I did not migrate to 0.3 as of yet, but I think that `msmtp` has been forgotten and needs to be recompiled with `libressl`.

Please remove this report if I am mistaken.

These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si aircrack-ng
Repository      : community
Name            : aircrack-ng
Version         : 1.2rc4-4
Description     : Key cracker for the 802.11 WEP and WPA-PSK protocols
Architecture    : x86_64
URL             : https://www.aircrack-ng.org
Licenses        : GPL2
Groups          : None
Provides        : aircrack-ng-scripts
Depends On      : openssl  sqlite  iw  net-tools  wireless_tools  ethtool
Optional Deps   : None
Conflicts With  : aircrack-ng-scripts
Replaces        : aircrack-ng-scripts
Download Size   : 375.88 KiB
Installed Size  : 1627.00 KiB
Packager        : Jonathan Steel <jsteel@archlinux.org>
Build Date      : Mon 27 Mar 2017 04:13:22 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature