Packages

This package contains vague terminology “Open Source”:

extra/rhino-javadoc 1.7.7.1-1.hyperbola1
    Open-source implementation of JavaScript written entirely in Java - Javadoc

According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open

It would be good example to set to have proper description of packages without using “Open Source”.

eg.

Free-software implementation of JavaScript written entirely in Java - Javadoc

$ pacman -Si rfkill
Repository : core
Name : rfkill
Version : 0.5-2
Description : Tool for enabling and disabling wireless devices
Architecture : x86_64
URL : http://wireless.kernel.org/en/users/Documentation/rfkill Licenses : custom
Groups : None
Provides : None
Depends On : None
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 7.66 KiB
Installed Size : 14.00 KiB
Packager : Gaetan Bisson bisson@archlinux.org Build Date : Sun 02 Apr 2017 05:59:08 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[coadde@nbc_netbook ~]$ pacman -Ql rfkill
rfkill /usr/
rfkill /usr/bin/
rfkill /usr/bin/rfkill
rfkill /usr/lib/
rfkill /usr/lib/systemd/
rfkill /usr/lib/systemd/system/
rfkill /usr/lib/systemd/system/rfkill-block@.service
rfkill /usr/lib/systemd/system/rfkill-unblock@.service
rfkill /usr/lib/sysusers.d/
rfkill /usr/lib/sysusers.d/rfkill.conf
rfkill /usr/lib/udev/
rfkill /usr/lib/udev/rules.d/
rfkill /usr/lib/udev/rules.d/60-rfkill.rules
rfkill /usr/share/
rfkill /usr/share/licenses/
rfkill /usr/share/licenses/rfkill/
rfkill /usr/share/licenses/rfkill/LICENSE
rfkill /usr/share/man/
rfkill /usr/share/man/man8/
rfkill /usr/share/man/man8/rfkill.8.gz

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Bug Report

Tratando proveedor ubicación `geoclue2'...
Usando el proveedor `geoclue2'.
Unable to connect to GeoClue.
Incapaz de obtener localización desde el proveedor.

Package information:

$ pacman -S redshift
Repositorio : community
Nombre : redshift
Versión : 1.11-4.hyperbola1
Descripción : Adjusts the color temperature of your screen according to your surroundings, without geoclue2 support
Arquitectura : x86_64
URL : http://jonls.dk/redshift/ Licencias : GPL3
Grupos : Nada
Provee : Nada
Depende de : libdrm libxcb libxxf86vm
Dependencias opcionales : python-gobject: for redshift-gtk python-xdg: for redshift-gtk librsvg: for redshift-gtk
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 107,66 KiB
Tamaño de la instalación : 1004,00 KiB
Encargado : André Silva emulatorman@hyperbola.info Fecha de creación : sáb 17 jun 2017 14:03:43 -05
Validado por : Suma MD5 Suma SHA-256 Firma

$ pacman -Si redis
Repository : community
Name : redis
Version : 3.2.8-1
Description : Advanced key-value store
Architecture : x86_64
URL : http://redis.io/ Licenses : BSD
Groups : None
Provides : None
Depends On : jemalloc grep shadow
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 564.71 KiB
Installed Size : 3286.00 KiB
Packager : Sergej Pupykin <pupykin.s+arch@gmail.com>
Build Date : Mon 13 Feb 2017 09:08:25 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[coadde@nbc_netbook ~]$ pacman -Ql redis
redis /etc/
redis /etc/logrotate.d/
redis /etc/logrotate.d/redis
redis /etc/redis.conf
redis /usr/
redis /usr/bin/
redis /usr/bin/redis-benchmark
redis /usr/bin/redis-check-aof
redis /usr/bin/redis-check-rdb
redis /usr/bin/redis-cli
redis /usr/bin/redis-sentinel
redis /usr/bin/redis-server
redis /usr/lib/
redis /usr/lib/systemd/
redis /usr/lib/systemd/system/
redis /usr/lib/systemd/system/redis.service
redis /usr/share/
redis /usr/share/licenses/
redis /usr/share/licenses/redis/
redis /usr/share/licenses/redis/LICENSE

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Al momento de querer previsualizar un archivo txt o cualquier archivo que contenga texto sale este mensaje: ‘/bin/sh: sensible-editor: command not found’

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Description:
As stated on the home page of the project (https://qtpass.org/):
<quote>
All passwords generated with QtPass’ built-in password generator prior to 1.2.1 are possibly predictable and enumerable by hackers.
</quote>

Description:

Hi guys. From → https://issues.hyperbola.info/index.php?do=details&task_id=1121

Now is necessary rebuild qtox and toxic.

Additional info:

toxic:

ldd $(command -v toxic) | grep 'not found'
	libtoxdns.so.1 => not found
	libtoxencryptsave.so.1 => not found
	libtoxav.so.1 => not found
	libtoxcore.so.1 => not found
	libtoxcrypto.so.1 => not found
	libtoxnetwork.so.1 => not found
	libtoxdht.so.1 => not found
	libtoxnetcrypto.so.1 => not found
	libtoxfriends.so.1 => not found
	libtoxmessenger.so.1 => not found
	libtoxgroup.so.1 => not found

qtox:

ldd $(command -v qtox) | grep 'not found'
	libtoxcore.so.1 => not found
	libtoxav.so.1 => not found
	libtoxencryptsave.so.1 => not found

When running QtEmu for the first time and running the new machine wizard, the software lists non-free operating systems and refers to GNU/Linux as Linux.

It would be nice to list LibertyBSD in the list of distros in this software in addition to GNU/Linux and GNU/Hurd (which are listed in aqemu).

Rebuild package against libressl, since it depends on openssl-1.0.

$ pacman -Si qt4
Repository      : extra
Name            : qt4
Version         : 4.8.7-19
Description     : A cross-platform application and UI framework
Architecture    : x86_64
URL             : http://www.qt.io
Licenses        : GPL3  LGPL  FDL  custom
Groups          : None
Provides        : None
Depends On      : sqlite  ca-certificates  fontconfig  libgl  libxrandr  libxv  libxi  alsa-lib  xdg-utils  hicolor-icon-theme  desktop-file-utils  libmng
                  dbus  openssl-1.0
Optional Deps   : postgresql-libs: PostgreSQL driver
                  libmariadbclient: MariaDB driver
                  unixodbc: ODBC driver
                  libfbclient: Firebird/iBase driver
                  libxinerama: Xinerama support
                  libxcursor: Xcursor support
                  libxfixes: Xfixes support
                  icu: Unicode support
                  sni-qt: StatusNotifierItem (AppIndicators) support
Conflicts With  : qt
Replaces        : qt<=4.8.4
Download Size   : 20.89 MiB
Installed Size  : 84.71 MiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Tue 25 Apr 2017 12:53:54 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

I cannot start qemu (2.9.0-1) on latest hyperbola stable release.

Error message : qemu-system-x86_64: error while loading shared libraries: libseccomp.so.2

Thanks for your help

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si python
Repository      : extra
Name            : python
Version         : 3.6.1-1
Description     : Next generation of the python high-level scripting language
Architecture    : x86_64
URL             : http://www.python.org/
Licenses        : custom
Groups          : None
Provides        : python3
Depends On      : expat  bzip2  gdbm  openssl  libffi  zlib
Optional Deps   : python-setuptools
                  python-pip
                  sqlite
                  mpdecimal: for decimal
                  xz: for lzma
                  tk: for tkinter
Conflicts With  : None
Replaces        : python3
Download Size   : 33.19 MiB
Installed Size  : 124.78 MiB
Packager        : Felix Yan <felixonmars@archlinux.org>
Build Date      : Sun 26 Mar 2017 01:29:51 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Description:

• replace deprecated Python 2 to Tauthon for Canis Major

Additional info:

• python 2.7.14-2.hyperbola1
• Python 2.7 is the end of the Python 2 line of development. [0]
• There never will be an official Python 2.8 release.

Steps to reproduce:

• Broken python2 packages.

Rebuild package against libressl, since it depends on openssl.

$ pacman -Si python2
Repository      : extra
Name            : python2
Version         : 2.7.13-2
Description     : A high-level scripting language
Architecture    : x86_64
URL             : http://www.python.org/
Licenses        : PSF
Groups          : None
Provides        : None
Depends On      : bzip2  gdbm  openssl  zlib  expat  sqlite  libffi
Optional Deps   : tk: for IDLE
                  python2-setuptools
                  python2-pip
Conflicts With  : python<3
Replaces        : None
Download Size   : 10.81 MiB
Installed Size  : 71.38 MiB
Packager        : Pierre Schmitz <pierre@archlinux.de>
Build Date      : Sat 11 Feb 2017 08:29:35 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3→Malloc→Thread1→Free’s→Thread2-Re-uses-Free’d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.

https://security-tracker.debian.org/tracker/CVE-2018-1000030

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Description:
pip allows the user to search and install packages from the PyPi repository, which contains proprietary software.

Additional info:
* example of proprietary package in PyPi repository: https://pypi.org/project/snaplogic * Trisquel’s solution was to remove python-pip: https://trisquel.info/en/issues/3741

Steps to reproduce:
$ sudo pacman -S python-pip
$ pip search snaplogic # prints information about proprietary package
$ pip install snaplogic # installs proprietary package

Tried browsing videos in other YouTube client(s) such as mps-youtube. Minor problems, like/dislike ratio and category aren’t displaying of video metadata.

Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .

Please remove as plugin is only useful with Skype hosted by a single company on a single server as far as I can tell (unlike pidgin-sipe).

Description:

community/purple-facebook 0.9.3-1
    Facebook protocol plugin for libpurple

It is up to maintainers to decide of course. IMHO I would remove this one as it uses proprietary network Facebook, exclusively, and even mentioning the word in the package.

See:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

A free system distribution must not steer users towards obtaining any nonfree information for practical use, or encourage them to do so.