HyperTask https://issues.hyperbola.info/ packages 2019-06-15T18:25:32Z FS#1383: [exim] CVE-2019-10149 https://issues.hyperbola.info/index.php?do=details&task_id=1383 2019-06-15T18:25:32Z bugmen0t Description: There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner. https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability https://www.openwall.com/lists/oss-security/2019/06/06/1 Description: There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner.

https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability

https://www.openwall.com/lists/oss-security/2019/06/06/1

]]> FS#1382: Add Draco Desktop https://issues.hyperbola.info/index.php?do=details&task_id=1382 2019-06-05T17:51:55Z winter https://github.com/rodlie/draco its like Lumina Desktop, but its more lightweight and better for Gnu/Linux :) Matter of fact, I hope its okay, but the latest stable build, of Draco is vastly better than Lumina. And for this reason I wanted to know if you could put higher priority on this than the Lumina Desktop request. https://github.com/rodlie/draco

its like Lumina Desktop, but its more lightweight and better for Gnu/Linux

:)

Matter of fact, I hope its okay, but the latest stable build, of Draco is vastly better than Lumina. And for this reason I wanted to know if you could put higher priority on this than the Lumina Desktop request.

]]> FS#1380: [openssl-1.0] Newer version required for plowshare MEGA plugin https://issues.hyperbola.info/index.php?do=details&task_id=1380 2019-05-22T02:40:25Z Alon Ivtsan As per this bug report the MEGA plugin cannot be compiled using the OpenSSL version provided in hyperbola. https://github.com/mcrapet/plowshare-module-mega/issues/18 This described solution works (I successfully upgraded the package to version 1.0.2r). Install the openssl-1.0 package. Run ./configure with the following arguments: ./configure –enable-local OPENSSL_LIBS=’-L/usr/lib/openssl-1.0 -lssl -lcrypto’ OPENSSL_CFLAGS=’-I/usr/include/openssl-1.0’ run make Unfortunately this solution (upgrading openssl-1.0) breaks some other packages such as phantomjs and avidemux, so it would be great if the package could be upgraded by Hyperbola’s developers alongside all its dependencies. As per this bug report the MEGA plugin cannot be compiled using the OpenSSL version provided in hyperbola.

https://github.com/mcrapet/plowshare-module-mega/issues/18

This described solution works (I successfully upgraded the package to version 1.0.2r). 

  Install the openssl-1.0 package.
  Run ./configure with the following arguments:

./configure –enable-local OPENSSL_LIBS=’-L/usr/lib/openssl-1.0 -lssl -lcrypto’ OPENSSL_CFLAGS=’-I/usr/include/openssl-1.0’ 

  run make

Unfortunately this solution (upgrading openssl-1.0) breaks some other packages such as phantomjs and avidemux, so it would be great if the package could be upgraded by Hyperbola’s developers alongside all its dependencies.

]]> FS#1378: [hypervideo] stop the development of Hypervideo https://issues.hyperbola.info/index.php?do=details&task_id=1378 2019-05-17T01:16:47Z Irene Yacila Description: I used to be under theimpression that youtube-dl executes proprietary JavaScript, but I nowunderstand that it only *parses* the JavaScript to find the URL for somevideos. It doesn’t actually run the JavaScript, so it’s not a freedomissue. Youtube-dl only executes regular expressions [0][1][2] you also remove the files that are just for testing [3][4][5][6][7]and when compiling the program with libretools the test files are not placed[8] I have consulted with other programmers and we have reached the same conclusion. Youtube-dl does not execute JS non-free, it only extracts the JS to read through python the URL‘s of some videos.[9][10] The issues that I see with youtube-dl are rather in their form of development because it changes at every moment Additional info: - [0]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L12 - [1]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L132 - [2]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/swfinterp.py#L391 - [3]: https://github.com/ytdl-org/youtube-dl/tree/master/test/swftests/ - [4]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_iqiyi_sdk_interpreter.py - [5]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_jsinterp.py - [6]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_swfinterp.py - [7]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_youtube_signature.py - [8]: $ tree -d . ├── bin ├── lib │   └── python3.6 │   └── site-packages │   ├── youtube_dl │   │   ├── downloader │   │   │   └── __pycache__ │   │   ├── extractor │   │   │   └── __pycache__ │   │   ├── postprocessor │   │   │   └── __pycache__ │   │   └── __pycache__ │   └── youtube_dl-2019.5.11-py3.6.egg-info └── share ├── bash-completion │   └── completions ├── doc │   └── youtube_dl ├── fish │   └── completions ├── licenses │   └── youtube-dl ├── man │   └── man1 └── zsh └── site-functions 26 directories - [9]: https://directory.fsf.org/wiki/Youtube-dl - [10]: https://github.com/fent/node-ytdl-core/issues/222 Description:

I used to be under the
impression that youtube-dl executes proprietary JavaScript, but I now
understand that it only *parses* the JavaScript to find the URL for some
videos. It doesn’t actually run the JavaScript, so it’s not a freedom
issue.

Youtube-dl only executes regular expressions [0][1][2]

you also remove the files that are just for testing [3][4][5][6][7]
and when compiling the program with libretools the test files are not placed[8]

I have consulted with other programmers and we have reached the same conclusion. Youtube-dl does not execute JS non-free, it only extracts the JS to read through python the URL‘s of some videos.[9][10]

The issues that I see with youtube-dl are rather in their form of development because it changes at every moment

Additional info:

- [0]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L12

- [1]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L132

- [2]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/swfinterp.py#L391

- [3]: https://github.com/ytdl-org/youtube-dl/tree/master/test/swftests/

- [4]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_iqiyi_sdk_interpreter.py

- [5]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_jsinterp.py

- [6]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_swfinterp.py

- [7]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_youtube_signature.py

- [8]:

$ tree -d

.
├── bin
├── lib
│   └── python3.6
│       └── site-packages
│           ├── youtube_dl
│           │   ├── downloader
│           │   │   └── __pycache__
│           │   ├── extractor
│           │   │   └── __pycache__
│           │   ├── postprocessor
│           │   │   └── __pycache__
│           │   └── __pycache__
│           └── youtube_dl-2019.5.11-py3.6.egg-info
└── share
    ├── bash-completion
    │   └── completions
    ├── doc
    │   └── youtube_dl
    ├── fish
    │   └── completions
    ├── licenses
    │   └── youtube-dl
    ├── man
    │   └── man1
    └── zsh
        └── site-functions

26 directories

- [9]: https://directory.fsf.org/wiki/Youtube-dl - [10]: https://github.com/fent/node-ytdl-core/issues/222

]]> FS#1377: [cantarell-fonts] update package version to 0.111 https://issues.hyperbola.info/index.php?do=details&task_id=1377 2019-05-15T13:14:46Z Jayvee Enaguas Prior version 0.0.25 and below are outdated. Since version 0.100 and later, there are some changes being redesigned from scratch, added three new weights (including extra bold, light and thin) but not italic or oblique styles, AppStream metadata translations from contributors, and more. See the version history releases for more details: https://gitlab.gnome.org/GNOME/cantarell-fonts/raw/master/NEWS Prior version 0.0.25 and below are outdated.

Since version 0.100 and later, there are some changes being redesigned from scratch, added three new weights (including extra bold, light and thin) but not italic or oblique styles, AppStream metadata translations from contributors, and more.

See the version history releases for more details: https://gitlab.gnome.org/GNOME/cantarell-fonts/raw/master/NEWS

]]> FS#1376: mach package command crashes and fails to build the package https://issues.hyperbola.info/index.php?do=details&task_id=1376 2019-05-06T19:54:41Z None of your business I build Iceweasel-UXP with these commands: cd /tmp git clone https://github.com/MoonchildProductions/UXP cd UXP/application/ git clone https://git.hyperbola.info:50100/software/iceweasel-uxp.git cd .. wget http://oscomp.hu/depot/iceweasel-uxp.mozconfig -O .mozconfig ./mach build but after this, when i give the command ./mach package then the following happens:http://oscomp.hu/depot/mach_package_crash.log I build Iceweasel-UXP with these commands: 

cd /tmp
git clone https://github.com/MoonchildProductions/UXP
cd UXP/application/
git clone https://git.hyperbola.info:50100/software/iceweasel-uxp.git
cd ..
wget http://oscomp.hu/depot/iceweasel-uxp.mozconfig -O .mozconfig
./mach build

but after this, when i give the command 

./mach package

then the following happens:
http://oscomp.hu/depot/mach_package_crash.log

]]> FS#1375: Request for automating Debian package creation https://issues.hyperbola.info/index.php?do=details&task_id=1375 2019-05-06T07:19:03Z None of your business As the title says, it would be great if after ./mach build , i could do ./mach build-deb . In the meantime: if i can install the files with mach to a specified root directory, then i can build a deb package by hand. Is that possible? As the title says, it would be great if after 

./mach build

, i could do 

./mach build-deb

.

In the meantime: if i can install the files with 

mach

to a specified root directory, then i can build a deb package by hand. Is that possible?

]]> FS#1374: [hypervideo] YouTube no longer works https://issues.hyperbola.info/index.php?do=details&task_id=1374 2019-05-07T22:18:34Z Alon Ivtsan When trying to download a video I get a token error. Here is an example: $ hypervideo https://www.youtube.com/watch?v=-2KJ-g-QgMk[youtube] -2KJ-g-QgMk: Downloading webpage[youtube] -2KJ-g-QgMk: Downloading video info webpageERROR: -2KJ-g-QgMk: “token” parameter not in video info for unknown reason; When trying to download a video I get a token error.

Here is an example:

$ hypervideo https://www.youtube.com/watch?v=-2KJ-g-QgMk[youtube] -2KJ-g-QgMk: Downloading webpage
[youtube] -2KJ-g-QgMk: Downloading video info webpage
ERROR: -2KJ-g-QgMk: “token” parameter not in video info for unknown reason;

]]> FS#1372: [icinga2] add package https://issues.hyperbola.info/index.php?do=details&task_id=1372 2019-05-14T23:02:15Z belette Description:Icinga2 is a libre host, service and network monitoring program Without it is is very difficult to monitor (CPU/Memory/Process...) Hyperbola systems under Icinga2 Web.Arch Package & Parabola Package I already tested theses packages on Hyperbola but Systemd + other packages versions dependencies issues. This would made a very nice addition as Hyperbola is also designed to be installed on servers & virtual machines (my case on +10 machines). Description:
Icinga2 is a libre host, service and network monitoring program

Without it is is very difficult to monitor (CPU/Memory/Process...) Hyperbola systems under Icinga2 Web.
Arch Package & Parabola Package

I already tested theses packages on Hyperbola but Systemd + other packages versions dependencies issues.

This would made a very nice addition as Hyperbola is also designed to be installed on servers & virtual machines (my case on +10 machines).

]]> FS#1371: add package powerkit https://issues.hyperbola.info/index.php?do=details&task_id=1371 2019-04-14T22:58:24Z winter https://github.com/rodlie/powerkit/releases Version 1.0 requested When you add Lumina desktop, add this package for sure. Although it is compatible with other desktops too. So it would be good to add it regardless. https://github.com/rodlie/powerkit/releases

Version 1.0 requested

When you add Lumina desktop, add this package for sure. Although it is compatible with other desktops too. So it would be good to add it regardless.

]]>