HyperTask https://issues.hyperbola.info/ packages 2019-06-15T18:25:32Z FS#1383: [exim] CVE-2019-10149 https://issues.hyperbola.info/index.php?do=details&task_id=1383 2019-06-15T18:25:32Z bugmen0t Description: There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner. https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability https://www.openwall.com/lists/oss-security/2019/06/06/1 Description: There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner.

https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability

https://www.openwall.com/lists/oss-security/2019/06/06/1

]]>
FS#1382: Add Draco Desktop https://issues.hyperbola.info/index.php?do=details&task_id=1382 2019-06-05T17:51:55Z winter https://github.com/rodlie/draco its like Lumina Desktop, but its more lightweight and better for Gnu/Linux :) Matter of fact, I hope its okay, but the latest stable build, of Draco is vastly better than Lumina. And for this reason I wanted to know if you could put higher priority on this than the Lumina Desktop request. https://github.com/rodlie/draco

its like Lumina Desktop, but its more lightweight and better for Gnu/Linux

:)

Matter of fact, I hope its okay, but the latest stable build, of Draco is vastly better than Lumina. And for this reason I wanted to know if you could put higher priority on this than the Lumina Desktop request.

]]>
FS#1354: [opendkim] includes dependencies for systemd https://issues.hyperbola.info/index.php?do=details&task_id=1354 2019-06-02T11:02:41Z Tobias Dausend Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd Additional info:* package version(s) 2.10.3-4 Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 2.10.3-4

]]>
FS#1353: [spamassassin] includes dependencies for systemd https://issues.hyperbola.info/index.php?do=details&task_id=1353 2019-06-02T11:01:20Z Tobias Dausend Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd Additional info:* package version(s) 3.4.1-7 Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 3.4.1-7

]]>
FS#1355: [xfce4-power-manager] locking session issue https://issues.hyperbola.info/index.php?do=details&task_id=1355 2019-06-02T10:59:25Z winter I probably should’ve mentioned this before, but if it is set to suspend when lid is closed, it should automatically lock. if the security option: lock screen with system is set to sleep is tweaked on it doesn’t lock always. This is word for word what I wrote in the forums, but yeah... it is a problem say if someone wants to use your laptop without your permission and can do so. But it is also a problem if you set it to lock instead because it is more prone to overheating when your not using it, and it doesn’t suspend quickly enough. I have tried this many times and the same story can be told, again and again. I think this issue should be considered high or critical merely because of the privacy risk if someone gets their hands on your laptop while its on. Even if you have been away... :/ I wonder if anyone else has this issue... well you guys will tell me I am sure. if critical doesn’t match what you think I am sure you will change it. ;) I probably should’ve mentioned this before, but if it is set to suspend when lid is closed, it should automatically lock. if the security option: lock screen with system is set to sleep is tweaked on it doesn’t lock always.

This is word for word what I wrote in the forums, but yeah... it is a problem say if someone wants to use your laptop without your permission and can do so.

But it is also a problem if you set it to lock instead because it is more prone to overheating when your not using it, and it doesn’t suspend quickly enough.

I have tried this many times and the same story can be told, again and again.

I think this issue should be considered high or critical merely because of the privacy risk if someone gets their hands on your laptop while its on. Even if you have been away... :/

I wonder if anyone else has this issue... well you guys will tell me I am sure. if critical doesn’t match what you think I am sure you will change it. ;)

]]>
FS#1343: linux-libre-lts-hypersec: New package with extra security settings as default https://issues.hyperbola.info/index.php?do=details&task_id=1343 2019-06-02T10:40:33Z Luke Description: Per a user request and to better secure the kernel, we can embed the cryptsetup and ciphers in the kernel. This would mean rather than exposed modules, they are built-in to the kernel and ready to use even without an intramfs. To be embedded: ciphers aes, twofish, serpent; sha256, sha512 - and the necessary modules (don’t forget the block modes xts, lvm and cryptsetup ...) Additionally, we could include USB Guard and any other features that meet our social contract and security outlook. Description: Per a user request and to better secure the kernel, we can embed the cryptsetup and ciphers in the kernel. This would mean rather than exposed modules, they are built-in to the kernel and ready to use even without an intramfs.

To be embedded: ciphers aes, twofish, serpent; sha256, sha512 - and the necessary modules (don’t forget the block modes xts, lvm and cryptsetup ...)

Additionally, we could include USB Guard and any other features that meet our social contract and security outlook.

]]>
FS#403: [nodejs] rebuild package against libressl https://issues.hyperbola.info/index.php?do=details&task_id=403 2019-06-02T10:39:44Z André Silva Rebuild package against libressl, since it depends on openssl-1.0. $ pacman -Si nodejs Repository : community Name : nodejs Version : 7.10.0-1 Description : Evented I/O for V8 javascript Architecture : x86_64 URL : http://nodejs.org/ Licenses : MIT Groups : None Provides : None Depends On : openssl-1.0 zlib icu libuv http-parser c-ares Optional Deps : npm: nodejs package manager Conflicts With : None Replaces : None Download Size : 4.55 MiB Installed Size : 18.49 MiB Packager : Felix Yan <felixonmars@archlinux.org> Build Date : Wed 03 May 2017 11:50:26 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature Rebuild package against libressl, since it depends on openssl-1.0.

$ pacman -Si nodejs
Repository      : community
Name            : nodejs
Version         : 7.10.0-1
Description     : Evented I/O for V8 javascript
Architecture    : x86_64
URL             : http://nodejs.org/
Licenses        : MIT
Groups          : None
Provides        : None
Depends On      : openssl-1.0  zlib  icu  libuv  http-parser  c-ares
Optional Deps   : npm: nodejs package manager
Conflicts With  : None
Replaces        : None
Download Size   : 4.55 MiB
Installed Size  : 18.49 MiB
Packager        : Felix Yan <felixonmars@archlinux.org>
Build Date      : Wed 03 May 2017 11:50:26 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
]]>
FS#411: [rethinkdb] rebuild package against libressl https://issues.hyperbola.info/index.php?do=details&task_id=411 2019-06-02T10:38:28Z André Silva Rebuild package against libressl, since it depends on openssl-1.0. $ pacman -Si rethinkdb Repository : community Name : rethinkdb Version : 2.3.5-6 Description : Distributed powerful and scalable NoSQL database Architecture : x86_64 URL : http://www.rethinkdb.com/ Licenses : AGPL Groups : None Provides : None Depends On : protobuf ncurses curl openssl-1.0 Optional Deps : None Conflicts With : None Replaces : None Download Size : 10.19 MiB Installed Size : 36.50 MiB Packager : Antonio Rojas &lt;arojas@archlinux.org&gt; Build Date : Wed 05 Apr 2017 08:25:08 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature Rebuild package against libressl, since it depends on openssl-1.0.

$ pacman -Si rethinkdb
Repository      : community
Name            : rethinkdb
Version         : 2.3.5-6
Description     : Distributed powerful and scalable NoSQL database
Architecture    : x86_64
URL             : http://www.rethinkdb.com/
Licenses        : AGPL
Groups          : None
Provides        : None
Depends On      : protobuf  ncurses  curl  openssl-1.0
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 10.19 MiB
Installed Size  : 36.50 MiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Wed 05 Apr 2017 08:25:08 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
]]>
FS#415: [sslscan] rebuild package against libressl https://issues.hyperbola.info/index.php?do=details&task_id=415 2019-06-02T10:38:23Z André Silva Rebuild package against libressl, since it depends on openssl-1.0. $ pacman -Si sslscan Repository : community Name : sslscan Version : 1.10.2-5 Description : A fast tools to scan SSL services, such as HTTPS to determine the ciphers that are supported Architecture : x86_64 URL : https://github.com/DinoTools/sslscan/ Licenses : GPL3 Groups : None Provides : None Depends On : openssl-1.0 Optional Deps : None Conflicts With : None Replaces : None Download Size : 16.98 KiB Installed Size : 45.00 KiB Packager : Antonio Rojas &lt;arojas@archlinux.org&gt; Build Date : Wed 05 Apr 2017 09:07:32 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature Rebuild package against libressl, since it depends on openssl-1.0.

$ pacman -Si sslscan
Repository      : community
Name            : sslscan
Version         : 1.10.2-5
Description     : A fast tools to scan SSL services, such as HTTPS to determine the ciphers that are supported
Architecture    : x86_64
URL             : https://github.com/DinoTools/sslscan/
Licenses        : GPL3
Groups          : None
Provides        : None
Depends On      : openssl-1.0
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 16.98 KiB
Installed Size  : 45.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Wed 05 Apr 2017 09:07:32 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
]]>
FS#410: [qt5-base] rebuild package against libressl https://issues.hyperbola.info/index.php?do=details&task_id=410 2019-06-02T10:38:18Z André Silva Rebuild package against libressl, since it depends on openssl-1.0. $ pacman -Si qt5-base Repository : extra Name : qt5-base Version : 5.8.0-11.hyperbola1 Description : A cross-platform application and UI framework, without systemd support Architecture : x86_64 URL : https://www.qt.io/developers/ Licenses : GPL3 LGPL3 FDL custom Groups : qt qt5 Provides : None Depends On : libjpeg-turbo xcb-util-keysyms xcb-util-renderutil libgl fontconfig xcb-util-wm libxrender libxi sqlite xcb-util-image icu tslib libinput libsm libxkbcommon-x11 libproxy libcups openssl-1.0 Optional Deps : qt5-svg: to use SVG icon themes postgresql-libs: PostgreSQL driver libmariadbclient: MariaDB driver unixodbc: ODBC driver libfbclient: Firebird/iBase driver freetds: MS SQL driver gtk3: GTK platform plugin Conflicts With : qtchooser Replaces : None Download Size : 11.23 MiB Installed Size : 56.18 MiB Packager : André Silva &lt;emulatorman@hyperbola.info&gt; Build Date : Tue 22 Aug 2017 03:22:14 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature Rebuild package against libressl, since it depends on openssl-1.0.

$ pacman -Si qt5-base
Repository      : extra
Name            : qt5-base
Version         : 5.8.0-11.hyperbola1
Description     : A cross-platform application and UI framework, without systemd support
Architecture    : x86_64
URL             : https://www.qt.io/developers/
Licenses        : GPL3  LGPL3  FDL  custom
Groups          : qt  qt5
Provides        : None
Depends On      : libjpeg-turbo  xcb-util-keysyms  xcb-util-renderutil  libgl  fontconfig  xcb-util-wm  libxrender  libxi  sqlite  xcb-util-image  icu  tslib
                  libinput  libsm  libxkbcommon-x11  libproxy  libcups  openssl-1.0
Optional Deps   : qt5-svg: to use SVG icon themes
                  postgresql-libs: PostgreSQL driver
                  libmariadbclient: MariaDB driver
                  unixodbc: ODBC driver
                  libfbclient: Firebird/iBase driver
                  freetds: MS SQL driver
                  gtk3: GTK platform plugin
Conflicts With  : qtchooser
Replaces        : None
Download Size   : 11.23 MiB
Installed Size  : 56.18 MiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Tue 22 Aug 2017 03:22:14 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
]]>