Packages

The security issues regarding the package which led to the package’s removal from Hyperbola (old WebKit and Vala dependency) have apparently been resolved in recent releases, see the new comment in this bug report and the latest PKGBUILD in Arch’s repo.

https://launchpad.net/bugs/1698483

https://www.archlinux.org/packages/community/x86_64/midori/

Request for :

qarte

“Allow you to browse into the archive of arte+7 & arteLiveWeb sites and to record your prefered videos.”

https://aur.archlinux.org/packages/qarte

License : GPL3

As the title says, it would be great if after

./mach build

, i could do

./mach build-deb

.

In the meantime: if i can install the files with

mach

to a specified root directory, then i can build a deb package by hand. Is that possible?

Description:

Searx is better in the short term than search engines like Google and DuckDuckGo in that the client-side JavaScript is free and the server-side code is free and public. However, in the long term it can never be a real replacement for non-free search engines while it relies on non-free search engines for data. At this time, the major general purpose search engines who use their own data are all controlled by corporations like Google and Microsoft. The YaCy search engine addresses this by relying on decentralized data based on p2p.

For this reason, I believe that YaCy is socially a better choice than Searx as the default search engine for Iceweasel-UXP. However, it is not at this time a practically better choice. Since YaCy relies on its users to index the web, and does not currently have many users, the search results are not very good. This creates a chicken-and-egg problem, since it will be difficult for YaCy to gain users while its search results are poor.

However, Searx supports YaCy as a source of search engine results. I don’t know of any Searx instances which have YaCy support enabled, presumably since YaCy support would only be useful to users who have YaCy installed locally and running on http://localhost:8090, but Hyperbola could run its own Searx instance, enable YaCy support plus DuckDuckGo, and make this the default search engine for Iceweasel-UXP. This way, Iceweasel-UXP users can use and contribute to YaCy, but supplement YaCy’s search results with results from DuckDuckGo until YaCy becomes strong enough to stand on its own.

Additional info:

* AUR package for YaCy: https://aur.archlinux.org/packages/yacy

* Searx support for YaCy: https://github.com/asciimoo/searx/blob/master/searx/engines/yacy.py

Steps to reproduce: N/A

This is a request to package nnn - a full-featured terminal file manager for low-end devices and the regular desktop.

nnn is available on Debian, Ubuntu (and family), Fedora, OpenSUSE and Arch Linux.

Homepage: https://github.com/jarun/nnn License: BSD 2-Clause

I would highly appreciate if nnn can be added to the repository.

Patch for 4.9 : https://multipath-tcp.org/patches/mptcp-v4.9-c88d1d56809e.patch

AUR : https://aur.archlinux.org/packages/linux-mptcp/

https://aur.archlinux.org/packages/linux-mptcp/

Kernel Patch for 4.9 :
http://multipath-tcp.org/patches/mptcp-v4.9-c88d1d56809e.patch

Compile :
https://multipath-tcp.org/pmwiki.php/Users/DoItYourself

Description:
Hyperbola has the following SPF implementations:
* libspf2
* perl-mail-spf
* perl-mail-spf-query

However, none of them work out of the box with postfix. There’s postfix-policyd-spf-perl, which uses one the current perl implementations (perl-mail-spf), takes no time to build and all the dependencies are already satisfied with Hyperbola’s packages

Here I made a PKGBUILD that’s compliant with the packaging standards:

pkgname=postfix-policyd-spf-perl
pkgver=2.011
pkgrel=1
pkgdesc='Postfix SPF policy engine, written in Perl'
arch=(i686 x86_64)
url='https://launchpad.net/postfix-policyd-spf-perl/'
license=(GPL)
depends=(perl-mail-spf perl-netaddr-ip perl-sys-hostname-long)
source=("https://launchpad.net/postfix-policyd-spf-perl/trunk/${pkgver}/+download/${pkgname}-${pkgver}.tar.gz"{,.asc})
sha512sums=('22fc00bf74912056a67e937a460ac1fd878f1cb1a3bfa7b19bc5f1e6bc1c36d815dcf8c945e818d242ed5e72a6295bb0e1569446e06b09aefb2842993b8016ba'
            'SKIP')
validpgpkeys=(E7729BFFBE85400FEEEE23B178D7DEFB9AD59AF1) # Scott Kitterman

package() {
  cd "${pkgname}-${pkgver}"

  install -Dm755 "${pkgname}" "${pkgdir}/usr/libexec/postfix/${pkgname}"
  install -Dm644 CHANGES INSTALL README -t "${pkgdir}/usr/share/doc/${pkgname}"
  install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}

in the other hand, to give users the possibility of having more options, we could add pypolicyd-spf (AUR), which depends in pyspf (AUR) and other packages that Hyperbola has. In fact, ArchWiki talks about this implementation, but this might not be relevant.

The IDE codelite is an excellent development environment, continuously updated, has a clear vision and active support.
Would be nice to have this one within the repositories in upcoming releases, perhaps 0.5?

CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.

Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.

Code is available via svn:

$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp

Copy chdkptp.sh and config.mk files to source tree then compile via make. Requires root privileges to connect to a camera.

Is that package worth using to generate every sentence of any kind?

Polygen:

• Package name: polygen{,-data}
• Release version: 1.0.6
• Release date: June 28, 2004
• Author(s): Alvise Spanò
• Written in: OCaml
• Licence(s): GPL-2
• Website(s): http://polygen.org/ (in Italian)
• Source code URL(s):
  • http://polygen.org/dist/polygen-1.0.6-20040628-src.zip
  • https://github.com/alvisespano/Polygen/ (alternative)
• Arch package URL(s):
  • https://aur.archlinux.org/packages/polygen/
  • https://aur.archlinux.org/packages/polygen-data/
• Arch package status: Not available on the offical repository, but available on AUR.
• Debian package URL(s):
  • https://packages.debian.org/stable/polygen
  • https://packages.debian.org/stable/polygen-data
• Debian package status: Available on the official repository.

Users must need DjView to read any DjVu file if it isn’t present on the repository in this distro, so here’s a link about it during the pending process.

• djview: https://git.hostux.net/HarvettFox96/hyperbola-packages-extra/src/commit/028e13cd6fc8731852598646e09045a124965a6a/pending/djview/

By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.

purple-plugin-pack provides access to Napster which is only useful with a single company and sever (as far as I could tell).

Please, replace avideo-lts with youtube-dl. avideo-lts haven’t seen any updates for almost a year and is probably abandoned. Also Stallman confirmed youtube-dl doesn’t execute any non-free JavaScript, so its inclusion doesn’t go against Social Contract.

What do you think ? Avideo is not updated anymore, can’t we use regular youtube-dl instead as RMS himself say :

“youtube-dl is okay to be in the Directory because it does not actually execute nonfree JS as we first suspected.”

Source : https://directory.fsf.org/wiki/Youtube-dl Also : https://github.com/fent/node-ytdl-core/issues/222

Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!

Additional info:
* package version(s) 1.3.2-15

https://github.com/loh-tar/wpa-cute/releases

I know there are plans to remove NetworkManager. I wondered if we could replace it in 0.4 with Wpa_Cute. seen in the above link.

I haven’t been able to compile it, but it has been updated as recent as 2018 december (stable)

or 2019 january. :)

WPA_GUI doesn’t seem to work well for me, it runs into weird errors when I start it. Long story short, I run into this issue with wpa_supplicant when i do it manually:

https://wiki.archlinux.org/index.php/Wpa_supplicant:

Password-related problems

wpa_supplicant may not work properly if directly passed via stdin particularly long or complex passphrases which include special characters. This may lead to errors such as failed 4-way WPA handshake, PSK may be wrong when launching wpa_supplicant.

In order to solve this try using here strings wpa_passphrase <MYSSID> «< “<passphrase>” or passing a file to the -c flag instead:

# wpa_supplicant -i <interface> -c /etc/wpa_supplicant/example.conf

In some instances it was found that storing the passphrase cleartext in the psk key of the wpa_supplicant.conf network block gave positive results (see [2]). However, this approach is rather insecure. Using wpa_cli to create this file instead of manually writing it gives the best results most of the time and therefore is the recommended way to proceed.
Problems with eduroam and other MSCHAPv2 connections

This is my issue with wpa_supplicant sadly... and I do not know how to workaround that without a GUI.

but Wpa_Supplicant_gui does not fix it either, it doesn’t even load properly on my other laptop.

It says it cannot get the status of wpa_supplicant when I load it.

This could be an issue if you get rid of NetworkManager for some users.

So yeah, please take a look at my request okay? Wait for 0.3 to be released to add this if possible. I know you guys are overworked, etc... and it doesn’t need to be done now anyhow. ;)

from the, forums I have heard you plan to base your new iceweasel version from basilisk when firefox switches to web extensions completely. I am concerned about this because noscript and many other addons will no longer support legacy after this point...

I really think you are doing a disservice if you do this. I think we should personally fix the leaks that mozilla makes, the way trisquel 8 does it. I have heard they know how to fix those leaks. Or, another way forward would be to find a way that involves forking firefox esr 60 and correcting the bugs with the help of tcpdump.

Its madness to fork from basilisk because without noscript webextensions and other such addons, any benefits you get will be very small compared to what you have lost in the process.

I doubt you want to have two different versions of iceweasel esr, one that is with webext and one without. But please don’t try to use basilisk as the base for iceweasel.

I really think its a bad idea long term. Do I dislike mozilla’s new plan? Yes... of course. But do I think using basilisk will solve it? Not unless mozilla angers enough people to make their addons for basilisk instead... Which I really, really doubt very highly.

Please hear this request and don’t just close it. Rather, instead discuss it for a long time. Without noscript, firefox is immensely insecure. And Firefox’s legacy noscript version will die in the future. In the NEAR FUTURE I MIGHT ADD

Of course, there are other firefox addons I want that are webext. So yeah... Nano Adblocker, Privacy Settings, Privacy Possum/Privacy Badger, Viewtube, Decentraleyes to name a few.

A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.

With latest iceweasel-uxp, I can’t connect to some HTTPS websites :

For example :

https://pkgs.fedoraproject.org/ is an example

SEC_ERROR_UNKNOWN_ISSUER

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

Description:
https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/

The bug is fixed in TokTok c-toxcore v0.2.8. The bug is also fixed in the master branch of irungentoo’s toxcore, in commit bf69b54f64003d160d759068f4816b2d9b2e1e21. As a general reminder, if you are still using irungentoo’s toxcore, we strongly encourage you to switch to using TokTok c-toxcore instead as it’s a lot more actively developed and maintained.

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug
https://www.openwall.com/lists/oss-security/2018/12/13/4

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem
manipulation in Media Transfer Protocol (MTP)
https://www.openwall.com/lists/oss-security/2018/12/13/11

Patches included at above URLs.

It happened already with minetest and again with prosody: When trying to build own packages with makepkg there are patches downloaded from the Debian-project. But the given HTTP(S)-sources are no longer available, concrete example within prosody to be found: https://deb.debian.org/debian/pool/main/p/prosody/prosody_0.10.2-1~bpo9+1.debian.tar.xz (not available)

Please don’t rely on those external sources when creating PKGBUILD-files or just give users the possibility for a secure and granted download. Therefore I cannot build prosody on my own now!