HyperTask Thu, 19 Mar 2020 20:38:34 +0000 packages https://issues.hyperbola.info/ FS#1512: [ispell] require FHS Irene Yacila Tue, 17 Mar 2020 20:58:01 +0000 Description:

cant open /usr/local/lib/english.hash

Additional info:

Repository      : extra
Name            : ispell
Version         : 3.3.02-7
Description     : An interactive spell-checking program for Unix
Architecture    : x86_64
URL             : http://ficus-www.cs.ucla.edu/geoff/ispell.html
Licenses        : BSD
Groups          : None
Provides        : None
Depends On      : ncurses
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 321.26 KiB
Installed Size  : 1336.00 KiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Sun Sep 6 12:07:06 2015
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

- Install package

]]>
https://issues.hyperbola.info/index.php?do=details&task_id=1512 https://issues.hyperbola.info/index.php?do=details&task_id=1512
FS#1511: [chdkptp] please add package to repos Alon Ivtsan Mon, 16 Mar 2020 14:27:32 +0000 CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.

Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.

Code is available via svn:

$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp

Copy chdkptp.sh and config.mk files to source tree then compile via make. Requires root privileges to connect to a camera.

]]>
https://issues.hyperbola.info/index.php?do=details&task_id=1511 https://issues.hyperbola.info/index.php?do=details&task_id=1511
FS#1510: [chdkptp] please add package to control Canon cameras Alon Ivtsan Mon, 16 Mar 2020 14:25:55 +0000 CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.

Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.

Code is available via svn:

$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp

Copy chdkptp.sh and config.mk files to source tree then compile via make. chdkptp requires root privileges to connect to a camera.

]]>
https://issues.hyperbola.info/index.php?do=details&task_id=1510 https://issues.hyperbola.info/index.php?do=details&task_id=1510
FS#1508: [opensmtpd] CVE-2020-8794 bugmen0t Tue, 25 Feb 2020 13:58:18 +0000 Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

Contents

Summary
Analysis
...
Acknowledgments

Summary

We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This
vulnerability, an out-of-bounds read introduced in December 2015 (commit
80c6a60c, “when peer outputs a multi-line response ...”), is exploitable
remotely and leads to the execution of arbitrary shell commands: either
as root, after May 2018 (commit a8e22235, “switch smtpd to new
grammar”); or as any non-root user, before May 2018.

Because this vulnerability resides in OpenSMTPD’s client-side code
(which delivers mail to remote SMTP servers), we must consider two
different scenarios:

- Client-side exploitation: This vulnerability is remotely exploitable

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

- Server-side exploitation: First, the attacker must connect to the

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

We developed a simple exploit for this vulnerability and successfully
tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the
first vulnerable release), Debian 10 (stable), Debian 11 (testing), and
Fedora 31.

The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”

]]>
https://issues.hyperbola.info/index.php?do=details&task_id=1508 https://issues.hyperbola.info/index.php?do=details&task_id=1508
FS#1507: [gstreamer] needed rebuild Irene Yacila Fri, 14 Feb 2020 17:37:16 +0000 (gst-plugin-scanner:17336): GStreamer-WARNING : Failed to load plugin ‘/usr/lib/gstreamer-1.0/libgstzbar.so’: libzbar.so.0: cannot open shared object file: No such file or directory
(gst-plugin-scanner:17336): GStreamer-WARNING
: Failed to load plugin ‘/usr/lib/gstreamer-1.0/libgstfluidsynthmidi.so’: libfluidsynth.so.1: cannot open shared object file: No such file or directory

Repositorio : extra
Nombre : gstreamer
Versión : 1.12.0-1
Descripción : GStreamer open-source multimedia framework core library
Arquitectura : x86_64
URL : https://gstreamer.freedesktop.org/ Licencias : LGPL Grupos : Nada
Provee : Nada
Depende de : libxml2 glib2 libunwind libcap libelf
Dependencias opcionales : Nada
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 1897,45 KiB
Tamaño de la instalación : 17241,00 KiB
Encargado : Jan Alexander Steffens (heftig) jan.steffens@gmail.com Fecha de creación : jue 04 may 2017 14:13:05 -05
Validado por : Suma MD5 Suma SHA-256 Firma

]]>
https://issues.hyperbola.info/index.php?do=details&task_id=1507 https://issues.hyperbola.info/index.php?do=details&task_id=1507
FS#1505: [hypervideo] "HTTP Error 403: Forbidden" error on some videos Alon Ivtsan Thu, 23 Jan 2020 15:39:24 +0000 Is there any way to force it to try from yt as it did in the final attempt?

$ hypervideo -f 22 https://www.youtube.com/watch?v=X7v2aHUPp14 [youtube] X7v2aHUPp14: Downloading webpage
[youtube] X7v2aHUPp14: Downloading video info webpage
[youtube] X7v2aHUPp14: Checking URL Invidious API [youtube] X7v2aHUPp14: Downloading JSON metadata
[youtube] X7v2aHUPp14: Downloading from Invidious API ERROR: unable to download video data: HTTP Error 403: Forbidden

$ hypervideo -f 22 https://www.youtube.com/watch?v=X7v2aHUPp14 [youtube] X7v2aHUPp14: Downloading webpage
[youtube] X7v2aHUPp14: Downloading video info webpage
[youtube] X7v2aHUPp14: Checking URL Invidious API [youtube] X7v2aHUPp14: Trying from YT
[download] Destination: Caroline’s First Day _ Green Wing _ Series 1 Episode 1 _ Dead Parrot-X7v2aHUPp14.mp4
[download] 100% of 418.57MiB in 03:31

]]>
https://issues.hyperbola.info/index.php?do=details&task_id=1505 https://issues.hyperbola.info/index.php?do=details&task_id=1505
FS#1504: [tigervnc] Multiple CVE bugmen0t Tue, 07 Jan 2020 21:01:12 +0000 https://www.openwall.com/lists/oss-security/2019/12/20/2

“This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side.”

]]>
https://issues.hyperbola.info/index.php?do=details&task_id=1504 https://issues.hyperbola.info/index.php?do=details&task_id=1504
FS#1503: [dhcpcd-ui] Adding icons from "Network-Manager Applet" Tobias Dausend Sun, 22 Dec 2019 01:10:16 +0000 When using the package for wireless connections no further icon is displayed without having the package [b]network-manager-applet[/b] installed.

]]>
https://issues.hyperbola.info/index.php?do=details&task_id=1503 https://issues.hyperbola.info/index.php?do=details&task_id=1503
FS#1502: [hedgewars] Crash when starting a new singleplayer-campaign Tobias Dausend Sat, 21 Dec 2019 22:45:21 +0000 When trying to start a new campaign the complete game-engine is crashing with the following message:

Object::disconnect: Unexpected null parameter
QCoreApplication::postEvent: Unexpected null receiver

As ghc and fpc should be removed in the near future it would be good to validate this or otherwise remove the game-package itself also.

]]>
https://issues.hyperbola.info/index.php?do=details&task_id=1502 https://issues.hyperbola.info/index.php?do=details&task_id=1502
FS#1501: [lts-kernel][sec] filter /dev/mem access & restrict access to syslog fablamar Sat, 21 Dec 2019 07:38:31 +0000 These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

]]>
https://issues.hyperbola.info/index.php?do=details&task_id=1501 https://issues.hyperbola.info/index.php?do=details&task_id=1501