#archlinux32 | Logs for 2024-03-30
Back
[02:09:56] -!- bill-auger has quit [Remote host closed the connection]
[02:11:06] -!- bill-auger has joined #archlinux32
[04:16:31] -!- AtleoS has joined #archlinux32
[04:45:06] -!- abouvier has quit [Quit: kthxbye]
[04:45:47] -!- abouvier has joined #archlinux32
[07:06:51] <KitsuWhooa> From what I've heard (haven't verified it), arch32 should be okay purely based on the fact that the payload was amd64
[07:07:19] <KitsuWhooa> That said, right now I don't have access to build master to force a rebuild. I assume it'll happen automatically though
[08:05:18] -!- ssserpent has joined #archlinux32
[09:28:41] -!- abaumann has joined #archlinux32
[09:28:42] <buildmaster> Hi abaumann!
[09:28:42] <buildmaster> !rq abaumann
[09:28:43] <phrik> buildmaster: <abaumann> We should really not build a package more than 99 times. ;-)
[09:29:56] <abaumann> Rebuilding from git, nice idea, but github removed the whole xz repo https://github.com
[09:30:11] <abaumann> So, for pacman-static I opted to use an older xz version 5.4.6 from fedora.
[09:30:13] -!- abaumann has quit [Client Quit]
[09:58:12] -!- abaumann has joined #archlinux32
[09:58:12] <buildmaster> Hi abaumann!
[09:58:12] <buildmaster> !rq abaumann
[09:58:13] <phrik> buildmaster: <abaumann> there will always be things, we cannot detect.
[09:58:15] <abaumann> https://www.openwall.com
[09:58:16] <phrik> Title: oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise (at www.openwall.com)
[09:59:13] <abaumann> and yes, the code injection seems to work on x86_64 only and glibc, so I guess it would all fail on Arch32 (maybe the code gets injected, but the sshd exploit would crash the ssh session with a SIGILL or so)
[09:59:38] * abaumann checks machines which have long log-in times now :-)
[09:59:41] -!- abaumann has quit [Client Quit]
[10:04:34] <KitsuWhooa> Yup
[10:54:35] -!- AtleoS has quit [Ping timeout: 264 seconds]
[13:17:52] -!- n0tiz has quit [Quit: Bye]
[13:19:33] -!- n0tiz has joined #archlinux32
[13:21:36] -!- n0tiz has quit [Client Quit]
[13:22:56] -!- n0tiz has joined #archlinux32
[15:20:06] -!- neitzel has joined #archlinux32
[15:51:52] <neitzel> curious-user: it may be a worthwhile exercise for you to find the FORK equivalent to the + i. hook.
[15:52:06] <neitzel> sorry, EWIN!
[16:01:40] <KillerWasp> oooooooohh...... lol, xz are banned by github???
[16:02:03] <KillerWasp> i download a copy of git.... by lucky.... xD
[16:04:26] <KillerWasp> mmmm.... time for make a fork of xz.
[16:04:42] <KillerWasp> i'm upload it in other site.
[16:06:59] <KillerWasp> abaumann: about of the exploit, they are use a prebuilded binaries for 64 bits?
[16:31:30] <KillerWasp> https://bitbucket.org
[16:34:33] <KillerWasp> mmmm.... Although it is different from the tarballs, you should take a look at it anyway so that it doesn't have other strange things apart from the m4 files.
[16:40:47] <KillerWasp> "A fork of XZ compression. DANGER!! Use this repository at your own risk. It has not yet been analyzed and cleaned."
[16:41:55] <KillerWasp> I hope that this description is enough so that they do not ban my account in case there is an exploit.
[17:21:35] <KillerWasp> XZ is a good compressor, but given the turn things took it was completely ruined. It is very possible that all distros and communities will remove XZ from their official repository, or at most, mark it as an obsolete package.
[17:22:55] <KillerWasp> I highly doubt that my XZ fork is the new official git that everyone is going to use. :P
[17:24:11] <KillerWasp> So I'm thinking what to do with this. Whether to keep it as if it were the new official XZ, or modify it according to my personal tastes, such as changing the language.
[17:26:30] <KillerWasp> Well, it depends on the acceptance it will have. It is also very likely that you will forget it and keep it as a museum.
[17:26:42] <KillerWasp> i will forget*
[17:28:11] <KillerWasp> It was to be expected that they were going to delete it. So I quickly made a backup. :3
[17:29:14] <KillerWasp> It's a shame because of the tarballs that I wanted to check and because of all the pending error reports, we have to start over.
[17:30:36] -!- ssserpent has quit [Quit: WeeChat 4.2.1]
[18:57:11] -!- gehidore has quit [Quit: brb parkour]
[18:58:01] -!- gehidore has joined #archlinux32
[19:57:35] -!- girls has quit [Quit: ZNC 1.9.0 - https://znc.in]
[19:58:51] -!- girls has joined #archlinux32
[20:48:26] -!- AtleoS has joined #archlinux32