https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/

[Critical] https://security-tracker.debian.org/tracker/CVE-2019-18934

https://www.openwall.com/lists/oss-security/2019/12/20/2

“This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side.”

Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/

https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now

This is same issue as on:
https://bugzilla.redhat.com/show_bug.cgi?id=1151273

The paths changed and trying to mount davfs file system defined in /etc/fstab fails with error: unknown file system davfs

To remedy, I made symlink in /sbin to mount.davfs

The transition of paths had to take that in account as many mounted remote disks failed after upgrade.

mesa package is outdated on version 17.0.5.
speaking with some Sway dev and trying to compile wlroots fails because it relies on mesa 17.2.3

Please package update to version 3.7.9 of youtube-viewer.

libre.patch attached :)

Since certbot v0.22.0[0] there’s support for ACMEv2 and Wildcard. This is an important update since wildcard SSL certificates can make server security and maintaince easier by supporting all subdomains of a base domain.

Debian Stretch (stable) uses certbot 0.10.2 but there’s 0.23.0 in stretch-backports repository[1]. So I’d like to request an update or a backport of certbot and its dependencies.

These are the actual packages versions from Hyperbola and Arch:

• certbot (0.23.0-1) / Hyperbola version ⇒ (0.14.0-1) [x]
• python-acme (0.23.0-1) / Hyperbola version ⇒ (0.14.0-1) [x]
• python-configargparse (0.12.0-1) / Hyperbola version ⇒ (0.11.0-2) [=]
• python-parsedatetime (2.4-1) / Hyperbola version ⇒ (2.3-1) [x]
• python-pbr (4.0.2-1) / Hyperbola version ⇒ (3.0.0-1) [<]
• python-pytz (2018.4-1) / Hyperbola version ⇒ (2017.2-1) [<]
• python-zope-component (4.4.1-1) / Hyperbola version ⇒ (4.3.0-2) [=]
• python-zope-event (4.3.0-1) / Hyperbola version ⇒ (4.2.0-2) [=]

NOTE: packages marked with an “[x]” means that the pkg has Debian Stretch backports of the proposed updated version. The “[=]” means that Debian has no backports but uses the same version of the pkg as Hyperbola. The [<] means the Debian Version lower than Hyperbola’s Version.

The packages that may get the update should be only the ones marked with an [x], if we follow the Debian Stretch devel. If certbot gets the update, then the following Arch packages need to be added for obtaining wildcard certificates throught the DNS challenge:

• certbot-dns-cloudflare
• certbot-dns-cloudxns
• certbot-dns-digitalocean
• certbot-dns-dnsimple
• certbot-dns-dnsmadeeasy
• certbot-dns-luadns
• certbot-dns-nsone
• certbot-dns-rfc2136
• certbot-dns-route53

I ommited certbot-dns-google since it’s not compatible with the Hyperbola Packaging Guidelines.

[0] https://community.letsencrypt.org/t/certbot-0-22-0-release-with-acmev2-and-wildcard-support/55061
[1] https://packages.debian.org/search?keywords=certbot

The Knock patches for linux-libre maintained by you at https://git.hyperbola.info:50100/kernels/knock.git/ have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x

However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x

This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.

Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do.
https://github.com/copperhead/linux-hardened/releases

New versión v2.2.7

References:

• https://github.com/apple/cups/releases/tag/v2.2.7
• https://security-tracker.debian.org/tracker/source-package/cups
• https://debian.simnet.is/debian/pool/main/c/cups/cups_2.2.7-3.debian.tar.xz

Description:

update package to v0.1.50 version

Note: Update [gegl] or Backport [gegl] and [gimp]
      https://issues.hyperbola.info/index.php?do=details&task_id=1052
      https://issues.hyperbola.info/index.php?do=details&task_id=1053
      https://issues.hyperbola.info/index.php?do=details&task_id=1054

Additional info:

babl 0.1.38-1.hyperbola1

$ pacman -Si babl
Repository      : extra
Name            : babl
Version         : 0.1.38-1.hyperbola1
Description     : Dynamic, any to any, pixel format conversion library
Architecture    : x86_64
URL             : http://gegl.org/babl/
Licenses        : LGPL3
Groups          : None
Provides        : None
Depends On      : glibc
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 237.72 KiB
Installed Size  : 734.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Sun 31 Dec 2017 05:31:32 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

none

Description:

Update package to 0.3.34 version

Note: Update package to 0.3.34 version
      or update package to 0.4.2 backport and GIMP 2.10.2 backport
      Update [babl] package
      https://issues.hyperbola.info/index.php?do=details&task_id=1051
      https://issues.hyperbola.info/index.php?do=details&task_id=1053
      https://issues.hyperbola.info/index.php?do=details&task_id=1054

Additional info:

gegl 0.3.26-2.hyperbola1

$ pacman -Si gegl
Repository      : extra
Name            : gegl
Version         : 0.3.26-2.hyperbola1
Description     : Graph based image processing framework
Architecture    : x86_64
URL             : http://www.gegl.org/
Licenses        : GPL3  LGPL3
Groups          : None
Provides        : None
Depends On      : babl  libspiro  json-glib
Optional Deps   : libraw: raw plugin
                  openexr: openexr plugin
                  ffmpeg: ffmpeg plugin
                  suitesparse: matting-levin plugin
                  librsvg: svg plugin
                  jasper: jasper plugin
                  libtiff: tiff plugin
                  lua: lua plugin
                  lensfun: lens-correct plugin
Conflicts With  : gegl02
Replaces        : gegl02
Download Size   : 1347.15 KiB
Installed Size  : 6823.00 KiB
Packager        : André Silva <emulatorman@hyperbola.info>
Build Date      : Sun 31 Dec 2017 05:37:41 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Steps to reproduce:

none

Description:

Update to 3.1.4 version

Additional info:

krita 3.1.3

$ pacman -Qi krita
Name            : krita
Version         : 3.1.3-1
Description     : Edit and paint images
Architecture    : x86_64
URL             : http://krita.org
Licenses        : LGPL
Groups          : None
Provides        : None
Depends On      : kio  kitemmodels  gsl  libraw  exiv2  openexr  fftw  curl  boost-libs  hicolor-icon-theme
Optional Deps   : poppler-qt5: PDF filter [installed]
                  ffmpeg: to save animations [installed]
                  opencolorio: for the LUT docker [installed]
Required By     : None
Optional For    : None
Conflicts With  : calligra-krita  krita-l10n
Replaces        : calligra-krita  krita-l10n
Installed Size  : 112.43 MiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Fri 28 Apr 2017 07:57:59 AM -03
Install Date    : Tue 12 Sep 2017 03:28:32 AM -03
Install Reason  : Explicitly installed
Install Script  : No
Validated By    : Signature

Steps to reproduce:
contains some bugs

There appears to be a bug with the current version of ufw, 0.35-2

Dunno if updating it would fix it, but it is kind of annoying and possibly security issue.

it says ufw is inactive when I reboot despite it being installed in the runlevel.

Description:

https://proj4.org/index.html

This package have valuable geodetic applications, and I intend to present Hyperbola GNU/Linux-libre soon in universities and schools in East Africa.

The coordinate system there is not WGS84 and this package only in new version is providing the conversion from East African geographic coordinates to WGS84, and will be very usable in many industrial and private applications.

The useragents in random agent spoofer are detected as old apart from, firefox 60 for win7 and win10.*

I recommend focusing on the ones most people still use of each os type and scrapping the rest.

aka, for each section, such as winbugs, mac, gnu/linux... unix, android, etc...

Keep the most used ones, and update them often.

I only suggest this, because it is less work for your team.

*Of all the firefox ones, those are the only ones that work...

In the latest version was released on 11th of January 2019, with several new features, improvements and fixes[1].

[1]: http://grafx2.chez.com/index.php?article9/2010s (see version 2.6 for more details in update log)

Description:

Fixes[0] a small error in the name API function extract.

Replaced name `indivious` to `invidious`

Attached[1] patch update

- [0]:https://github.com/arankaren/youtube-viewer/commit/a464c878579f22c1cf7e5e54897c5ecaf27e333e

- [1]:https://paste.debian.net/plain/1091395

In version 5.0.0 and 5.0.1, there are several added and changed (new or existing) features and functions, and fixed bug, crash and other issues.

See those two sections in the version history releases for more details: https://dev.minetest.net/Changelog

Description:

Version 7.1.32

29 Aug 2019

mbstring:
* Fixed CVE-2019-13224 (don’t allow different encodings for onig_new_deluxe) (stas)
* pcre: Fixed bug #75457 (heap use-after-free in pcrelib) (cmb)

Hello,

Would it be possible to get a package bump for mpv ?

Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use.
0.29.* requires a ffmpeg to 4.x series as well.

Thanks.

Description:

From official PHP page, our php 7.1 is out of support and security

Our package :
https://www.hyperbola.info/packages/extra/x86_64/php/

PHP page :
https://www.php.net/supported-versions.php