Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

Description: Since the migration to xenocara there seems to be a bug with applications using GTK-2. From time to time there are crashes with assertion `!xcb_xlib_threads_sequence_lost’.

Looking into this a little bit more deep there are also other distributions affected and this is an upstream-bug. But the concrete situation is not that easy, while it could be also part of the library libX11 itself. Looking therefore here: https://bugs.launchpad.net/ubuntu/+source/pcmanfm/+bug/1782984

Affected are for example LXDE in general, icedove, iceweasel and many more!

There is only the source code of the client available and since years nothing more happened. With keybase joining “Zoom” nothing more seems to happen. Look also here in the forum: https://forums.hyperbola.info/viewtopic.php?id=368

Description:

I have tried all combinations, but despite “noauto” specified in /etc/fstab all devices get mounted at boot.

Who can help me, not to mount a device during boot?

Description:

glom cannot run without libgda, so it should depend on libgda package

/etc/ssl/certs/java/cacerts has 0 entries, resulting in ssl handshake errors in java applications.

Package versions:
* ca-certificates 20170307-1
* ca-certificates-utils 20170307-1

The wiki pages look really too narrow and not readable on even half a screen of the laptop.

Description:

https://proj4.org/index.html

This package have valuable geodetic applications, and I intend to present Hyperbola GNU/Linux-libre soon in universities and schools in East Africa.

The coordinate system there is not WGS84 and this package only in new version is providing the conversion from East African geographic coordinates to WGS84, and will be very usable in many industrial and private applications.

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

Description:

This bug only appears when logged in as root on terminal

# kf5-config --version
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
Qt: 5.8.0
KDE Frameworks: 5.33.0
kf5-config: 1.0

Additional info:

* package version(s)

$ pacman -Si kdelibs4support
Repositorio               : extra
Nombre                    : kdelibs4support
Versión                   : 5.33.0-1
Descripción               : Porting aid from KDELibs4
Arquitectura              : x86_64
URL                       : https://community.kde.org/Frameworks
Licencias                 : LGPL
Grupos                    : kf5-aids
Provee                    : Nada
Depende de                : kunitconversion  kitemmodels  kemoticons  kded  kparts
Dependencias opcionales   : Nada
En conflicto con          : kde4support
Remplaza a                : kde4support
Tamaño de la descarga     : 3,03 MiB
Tamaño de la instalación  : 17,36 MiB
Encargado                 : Felix Yan <felixonmars@archlinux.org>
Fecha de creación         : jue 13 abr 2017 14:29:47 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

Steps to reproduce:

- Install KDE plasma

Description:

org.freedesktop.DBus.Error.NameHasNoOwner: Could not get owner of name ‘org.bluez.obex’: no such name

Additional info:
* package version(s)

$ pacman -Si blueman
Repositorio               : community
Nombre                    : blueman
Versión                   : 2.0.4-3
Descripción               : GTK+ Bluetooth Manager
Arquitectura              : x86_64
URL                       : https://github.com/blueman-project/blueman
Licencias                 : GPL
Grupos                    : Nada
Provee                    : Nada
Depende de                : bluez  bluez-libs  gtk3  libnotify  python-cairo  python-dbus
                            python-gobject
Dependencias opcionales   : dnsmasq: Network Access Point (NAP) support
                            networkmanager: Dial Up Networking (DUN) and Personal Area
                            Networking (PAN) support
                            pulseaudio-bluetooth: audio devices support
En conflicto con          : Nada
Remplaza a                : Nada
Tamaño de la descarga     : 1814,18 KiB
Tamaño de la instalación  : 5345,00 KiB
Encargado                 : Felix Yan <felixonmars@archlinux.org>
Fecha de creación         : dom 25 dic 2016 12:00:42 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

(blueman-applet | ccze -A):
- https://paste.debian.net/plain/1049476

(pkgfile -l blueman):
- https://paste.debian.net/plain/1049477

Steps to reproduce:

- Install blueman

Description:

Devede fails to convert transcoded videos to iso format with libburn-1.5.0.

Drive current: -outdev 'stdio:/home/heckyel/movie/movie.iso'
Media current: stdio file, overwriteable
Media status : is blank
Media summary: 0 sessions, 0 data blocks, 0 data,  334g free
xorriso : FAILURE : -as genisofs: Unsupported option '-dvd-video'
xorriso : NOTE : -return_with SORRY 32 triggered by problem severity FAI

Additional info:

$ pacman -Si devede
Repositorio               : community
Nombre                    : devede
Versión                   : 4.8.8-1
Descripción               : A program to create VideoDVDs and CDs
Arquitectura              : any
URL                       : http://www.rastersoft.com/programas/devede.html
Licencias                 : GPL3
Grupos                    : Nada
Provee                    : Nada
Depende de                : mencoder  ffmpeg  dvdauthor  vcdimager  cdrkit  ttf-dejavu
                            gtk3  python-cairo  python-gobject  python-setuptools
Dependencias opcionales   : mplayer
                            vlc
                            mpv
En conflicto con          : Nada
Remplaza a                : Nada
Tamaño de la descarga     : 1640,88 KiB
Tamaño de la instalación  : 3331,00 KiB
Encargado                 : Sergej Pupykin <pupykin.s+arch@gmail.com>
Fecha de creación         : vie 10 feb 2017 05:06:37 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

Link’s code:

- https://gitlab.com/rastersoft/devedeng/blob/master/src/devedeng/mkisofs.py#L61

- https://gitlab.com/rastersoft/devedeng/blob/master/src/devedeng/genisoimage.py#L61

Steps to reproduce:

- Install devede
- Create video DVD disc

(14/14) installing gitlab [##############################] 100%
/tmp/alpm_bCqhHf/.INSTALL: line 2: systemd-tmpfiles: command not found

Hello Hyperbola!

GPA gives out the following errors upon opening the app.

First:

```
The GPGME library returned an unexpected
error at confdialog.c:1459. The error was:

    Unsupported protocol

This is either an installation problem or a bug in GPA.
GPA will now try to recover from this error.
```

Second:

```
Fatal Error in GPGME library
(invoked from file options.c, line 302):

    Unsupported protocol

The application will be terminated

What can I do to overcome these errors?
```
As this issue makes gpa app completely unusable, I have set this bug report’s severity as high.

I also request the admin to set priority to high due to it’s severity.

Thank you!

Regards,
RG.

Description:

groff is typesetting system similar to TeX/LaTeX however, it is very small and very usable. It is not built properly with URW fonts, or such are missing, I cannot know all details. Overall groff package is basically somehow broken.

It shall depend on proper fonts, and such fonts should already be built, including their Unicode versions.

Package is only partially built.

https://aur.archlinux.org/packages/linux-mptcp/

Kernel Patch for 4.9 :
http://multipath-tcp.org/patches/mptcp-v4.9-c88d1d56809e.patch

Compile :
https://multipath-tcp.org/pmwiki.php/Users/DoItYourself

Current VLC version (3.0.4-3.hyperbola1.backports1) fails to play DVB stream using a RTL2832 usb dongle.

I start the playlist like this :

vlc channels.conf

but it returns the following error :

cache_block stream error: cannot pre fill buffer

Also, it asks the user to be in “video” group to access DVB device, this was not needed before with Hyperbola 0.2.9. User being in “wheel” was enough.
Anyway, even after adding my user to video group, it still fails with “cache_block stream error: cannot pre fill buffer”

This is not an issue with my DVB adapter or driver. rtl2832 is correctly loaded. And I can play the channels.conf playlist just fine with “mpv” or “mplayer”.
Also, the channels.conf used works just fine with a more recent version of VLC on an other system (Manjaro) so something is broken with the current VLC used.

Maybe a package bump would fix the issue.

my recommended fix, make it reflect the applications that are actually installed on the system after removing non-free software support.

recommended fix, remove non-free software entries in menu and replace them with applications that actually exist.

rrip_gui does not work. The fix is to install cairo-gobject which is not in the repos. Attached is a working PKGBUILD adapted from the official one.

Error: conflicting protocols specified: inet-service vs. icmp

when using

ip protocol icmp icmp type echo-request counter accept comment “accept ICMP echo-request type” ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept comment “Accept ICMPv6”

It is a known bug on 0.7 and solved on 0.9

https://bugzilla.netfilter.org/show_bug.cgi?id=1073 commit 0011985554e269e1cc8f8e5b41eb9dcd795ebe8c fixes this problem upstream.

Hello,

Would it be possible to get a package bump for mpv ?

Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use.
0.29.* requires a ffmpeg to 4.x series as well.

Thanks.

https://www.openwall.com/lists/oss-security/2019/12/20/2

“This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side.”

Description:

cant open /usr/local/lib/english.hash

Additional info:

Repository      : extra
Name            : ispell
Version         : 3.3.02-7
Description     : An interactive spell-checking program for Unix
Architecture    : x86_64
URL             : http://ficus-www.cs.ucla.edu/geoff/ispell.html
Licenses        : BSD
Groups          : None
Provides        : None
Depends On      : ncurses
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 321.26 KiB
Installed Size  : 1336.00 KiB
Packager        : Evangelos Foutras <evangelos@foutrelis.com>
Build Date      : Sun Sep 6 12:07:06 2015
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

- Install package

Description:
Share a single mouse and keyboard between multiple computers, with libressl and OpenRC support

Issue:
Synergy no es capas de trasmitir tildes ni eñes y demás caracteres del español españa

Additional info:
* package version(s): community/synergy 1.8.8-2.hyperbola1
* config and/or log files etc.

Steps to reproduce:
instalarar synergy en 2 PCs con hyperbola 0.3, he intentar escribir tildes, no funcionará...

The requirement for TLS 1.2 in email effectively isolated us from internet, and yelling for change isn’t working even in communications with other free/libre system distributions and mailing lists related to free/libre software (both for software and for discussions related to the movement itself). :)

Many mailing lists at gnu.org, fsf.org, fsfla.org, libreplanet.org, and also in other free/libre system distributions aren’t accessible (e.g.: Trisquel).

Yaics is a simple GNU social client written in C++ and Qt and licensed under the GNU GPL 3.0 (or later).

Please implement yaics as an optional package.

https://stigatle.no/yaics/

https://gitlab.com/stigatle/yaics

After installation, none of the addons is present in Kodi!

By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.

After talking to Emulatorman, we think this would be a nice feature to add to our Hyperwiki to be able to subscribe to the original page in English to help tracking changing to the translated pages.
This implies to add the email notifications to the dokuwiki system

cowsay (cowsay-3.03-9.hyperbola1) is missing perl-text-charwidth dependency

Error message :

“Can’t locate Text/CharWidth.pm in @INC (you may need to install the Text::CharWidth module) (@INC contains: /usr/lib/perl5/site_perl /usr/share/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib/perl5/core_perl /usr/share/perl5/core_perl .) at /usr/bin/cowsay line 14.
BEGIN failed–compilation aborted at /usr/bin/cowsay line 14.”

After installing perl-text-charwidth, it works fine.

Hello,

Could it be possible to add this package :

arm-linux-gnueabihf-gcc

“The GNU Compiler Collection (arm-linux-gnueabihf)”

Also requires :

arm-linux-gnueabihf-binutils (A set of programs to assemble and manipulate binary and object files)
arm-linux-gnueabihf-glibc (GNU C Library)

https://aur.archlinux.org/packages/arm-linux-gnueabihf-gcc/

License : GPL

Thanks

Hi,

Would be nice to add etherpad-lite to our pacman.

https://github.com/ether/etherpad-lite

https://aur.archlinux.org/packages/etherpad-lite/

Hello,

When mounting an NFS share, I get a warning about missing idmpad.conf

rpc.idmapd: Skipping configuration file "/etc/idmapd.conf": No such file or directory
4341: * Stopping idmapd ...

Debian includes a default config file for idmap :

[General]

Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if id differs from FQDN minus hostname
# Domain = localdomain

[Mapping]

Nobody-User = nobody
Nobody-Group = nogroup

Description:

A nice Git service would be welcomed in our pacman.

- https://github.com/go-gitea/gitea

- https://www.archlinux.org/packages/community/x86_64/gitea/

1:2.8 or later, qemu-kvm

This would make qemu so much easier and faster, please support this package.

According to : https://github.com/thestinger/hardening-wrapper-deprecated

Wrapper scripts for building hardened executables by default (deprecated, replaced by standard Arch Linux toolchain changes)

Name: New Tab Tools
Version: 81 (compatible Firefox version 52)
Source code: Github
Description: Customize Firefox’s. Tabs Page

https://github.com/darktrojan/newtabtools

https://addons.mozilla.org/en-US/firefox/addon/new-tab-tools/

Description:

The problem is pcmanfm is not showing any partitions on the left side. It only show Home Folder, Desktop, Applications, Filesystem and the ext. hdd. If I include dbus-launch pcmanfm -d command, it show the other partitions on the left side of window but not ext. hdd. The drive/partitions are not encrypted.
I do have dbus, gvfs & ntfs-3g installed and active services.

Additional info:
* package version(s)
PCManFM 1.2.5 - using LibFM ver. 1.2.5

Steps to reproduce:
Original install from the livecd with LXDE but I may run Openbox standalone and get the same behavior with either environment. I do not have this issue running other distros.

Similar to systemd, pulseaudio or libpulse is forced upon users as many packages require it such as kodi, gnome-shell (and thus also gdm), ffmpeg, gst-plugins-good, simplescreenrecorder, clementine, empathy, seamonkey (iceape), fluidsynth, mumble and qemu, Most/all of these packages can probably be compiled with pulseaudio or libpulse as an optional dependency instead.

After enabling show-flags via dconf-editor in org.mate.peripherals-keyboard-xkb.indicator the flags don’t show up. The simple workaround is to copy flags you want into ~/.icons/flags (after creating the directory) from here

https://github.com/linuxmint/flags/tree/master/usr/share/iso-flag-png

and then to reboot.

It seems to be this bug:

https://askubuntu.com/questions/1059324/how-to-show-current-keyboard-layout-on-mate-panel-as-country-flag/1059325#1059325

ffmpegthumbnailer does not support some media formats since they do not appear in its configuration file ffmpegthumbnailer.thumbnailer which can be found in /usr/share/thumbnailers/. By editing the file ffmpegthumbnailer.thumbnailer one can add thumbnail support for embedded art in audio formats such as flac and mp3 (using the -m flag) and thumbnail support for webp (a new image format which iceweasel-uxp and gthumb support). I’m attaching my edited file (I just added a few common audio formats and webp and added the -m flag and removed the -f flag).

Unlike other mapping software (gnome-maps, emerillon) it does not depend on geoclue/geoclue2 (or on kde packages like marble). The package was added to Arch’s official repos over a year ago. Their PKGBUILD builds fine.

Description:

Hi guys. Could they add PeerTube to Hyperbola?

It’s on AUR.

Under the AGPLv3 license

Additional info:

I see that the PeerTube help configuration with an init.d

slim-themes seems to be considered free according to Parabola - they have an issue with arch branding (slim-themes::::[branding][:package] has “archlinux” theme) which they resolve be creating the package parabola-themes-slim. Perhaps this can be the basis for hyperbola branded themes.

https://git.parabola.nu/blacklist.git/plain/blacklist.txt https://www.parabola.nu/packages/libre/x86_64/parabola-themes-slim/

I would like this, because, it looks even better than xfce4. It does use an older qt3 though, BUT, they are maintaining QT3 and improving it themselves.

Plus, its more lightweight than xfce4 and maybe even lxqt too without looking like crap like lxqt and yet still is better than a WM.

I know you don’t like stuff that is abandonware in any sense, but given its being maintained, I hope you will add it.

But let me know.

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.

https://security-tracker.debian.org/tracker/CVE-2018-6951

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug
https://www.openwall.com/lists/oss-security/2018/12/13/4

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem
manipulation in Media Transfer Protocol (MTP)
https://www.openwall.com/lists/oss-security/2018/12/13/11

Patches included at above URLs.

Package is a libpurple plugin for the Matrix protocol which is consistent with Hyperbola’s social contract as Matrix is a federated protocol.

Source code can be found here licensed under GPLv2:

https://github.com/matrix-org/purple-matrix

PKGBUILD for git version is available here (last stable release is from two years ago so git version is probably the best version to use):

https://aur.archlinux.org/packages/purple-matrix-git/

Description: i3-gaps is a fork of i3 that properly implements gaps.

Additional info:
It is implemented in the AUR https://www.archlinux.org/packages/community/x86_64/i3-gaps/ and it’s source is available on github: https://github.com/Airblader/i3