IRC Logs for #crux-devel Wednesday, 2014-07-09

*** mavrick61 has quit IRC02:39
*** mavrick61 has joined #crux-devel02:41
teK__time to bake a new kernel for the ISO07:29
teK__http://www.openwall.com/lists/oss-security/2014/07/08/1607:29
frinnstBut does that really matter? the kernel shipped with 3.0 has loads of exploits07:30
frinnstvulnerabilities* asdf07:30
frinnstand the ptrace issue hasnt been patched on any kernel.org kernels afaik07:31
frinnstother than in the git repos07:31
teK__imho we are not supposed to ship vulnerable software07:37
Romstercan someone fix up my wiki account please http://crux.nu/Profiles/DannyRawlins?action=edit07:37
Romsterwas gonna update my page but seems my password doesn't work anymore.07:38
Romsterits stored in my browser so it's correct.07:38
Romsterjaeger, don't forget libvdpau on the iso for mesa3d then your good for a release IMO07:39
teK__Username?07:40
frinnstof course not, but even if its all up to date today - next week there will be vulnerabilities07:41
teK__probably07:42
teK__no reason not to update things before the release07:42
frinnstnot as long as there is a fix out07:42
frinnstah, all kernels but 3.12 have been patched07:45
frinnst3.12 is not maintained by greg :(07:46
teK__Romster: username?07:51
juegood morning07:51
teK__you are not the user list07:51
teK__hello jue07:51
RomsterRomster07:56
teK__nope, not in there07:56
Romsteror was that the one on the public wiki07:56
teK__I will create a DanielRawlins07:56
jueplease note: if we delay 3.1 again, you have to do the release without me ;)07:56
Romsterand my browser decided to just use that07:56
Romstertah teK__07:57
teK__np07:57
Romsterdunno how that got removed i pretty sure edited that page originally myself07:58
Romsterbut i can't remember that far back07:58
Romsteri'm happy with crux 3.1 as it is now.07:59
jueI've just downloaded rc99 and will try to do a install today, but not if we decide to use another kernel version07:59
Romsterthere will always be updates but we met all the current goals.07:59
teK__cynically spoken: we could advertise our ISO by 'only one local privilege escalation in the default installation' :p08:01
teK__but I won't engage in this discussion any further08:01
jueteK__: no, that wasn't my intention, it's ok for me to wait for the fix for 3.12 or even use 3.14, the latest longterm08:04
teK__ok08:04
juebut again, you have the do the release without me, which shouldn't a problem at all ;)08:04
jue*to do08:05
teK__so it's up to frinnst and jaeger to decide08:06
juebut I'm entirely against another long delay of 4 week08:07
teK__I get that ;)08:08
jue:)08:09
jueRomster: vdpau is on the ISO, even setup-helper installs it conditionally08:11
juebbl08:14
*** jue has quit IRC08:15
teK__-208:15
teK__arg08:15
Romstercool08:16
Romsterwhich bug is this?08:17
Romsterthey alraedy fixed the futex lock issue but that wasn't a security issue.08:18
*** jue has joined #crux-devel08:28
Romsterhttp://cxsecurity.com/issue/WLB-2014020130 is that the security issue in iso provided kernel?08:31
Romsterfrinnst, pango is at 1.36.5 we are on 1.36.311:29
frinnstthen I should get a ck4up notification regarding it later today :)11:46
frinnstOverview of changes between 1.36.4 and 1.36.511:48
frinnst=============================================11:48
frinnst- Lower the harfbuzz requirement11:48
frinnstexciting stuff!11:48
frinnsthm, no notification. strange11:49
Romster<< flawed12:22
jaegerRomster: are you saying libvdpau is missing? I see it in packages.xorg and packages.all12:33
jaegerfrinnst: I thought that 3.12.23 had been patched but not the ones before it12:33
jaegerRomster: never mind, I see jue's response now12:33
jaegerjue, teK__: if the only problem with the latest ISO is the kernel version that's something we can easily update and test in short order12:39
frinnstjaeger: that was another security issue12:46
frinnstthis one is brand new :)12:46
juefrinnst: ... and not fixed with .24?12:48
frinnstnot the ptrace issue. there was a futex fix a while back12:48
frinnstthe ptrace issue has been patched in all stable/longterm except for 3.12 (another maintainer)12:49
Romsterjaeger, no i was just wondering if you saw that change.12:50
frinnstJAEGER SEES ALL12:50
frinnst:>12:50
Romsterso i see12:50
Romsterwhere are you getting these reports from frinnst ?12:51
jaegerfrinnst: ok12:51
Romsterid like to follow it myself12:51
frinnstoss security12:52
frinnsthttp://oss-security.openwall.org/wiki/12:52
frinnstbut be warned: its depressing :)12:52
Romsterheh12:52
frinnstalso pretty noisy sometimes12:53
Romsternot so bad when you stick the ML to a directory12:56
jueRomster: here's a nice overview about security lists -> http://seclists.org12:57
Romstercool i got a few but not that one frinnst is using.12:58
Romsteractually i been that one before jue but i forgot about it.12:58
jaegerjust tested the ptrace exploit against both 3.12.19 and 3.12.24 - it doesn't give root privileges but it does hard lock the machine13:00
juejaeger: did a fresh install of rc99, works fine so far13:06
jaegergood :)13:07
jaegerupdating the kernel configs for 3.14.1113:08
juejaeger: hmm, not sure if we really should do that, it doesn't matter which headers we are using with glibc, but it's not very nice IMO13:09
jueto have older headers that the kernel we are using13:10
jues/that/than/13:10
Romsterdepends how far back the glibc kernel headers jsut means that's the oldest kernel version you can use.13:11
juebut well ...13:11
jueRomster: I mean more the cosmetic side13:11
Romstersome cases too new and it could break something too that needs a older kernel.13:12
jueI like it how it is at the moment, waiting for 3.12.25 is still an option13:13
jaegerI don't have a strong feeling about it13:13
Romsterif it's not gonna be 4 weeks later.13:13
jueok, let's list our options with a time schedule:13:16
jue- stick with 3.12.23 -> no delay13:17
jaegera secondary question - is there a patch available for 3.12.x?13:17
jue- wait for 3.12.25 -> estimated 2-3 days13:17
jaegerI don't mind waiting, personally, if you don't mind us doing the release while you're gone.13:18
jaegerjue: unrelated to CRUX, http://jaeger.morpheus.net/misc/wrx/IMG_0615.JPG13:18
juethat's definitely not a problem at all ;)13:18
juejaeger: very nice, there's nearly no diff between WRX and WRX STi anymore?13:22
jaegerThey're still different, yeah. The STi still has the big spoiler on it and a more impressive engine13:23
jaegerThey're not Impreza WRX anymore, though, just WRX or WRX STi13:24
jaegerjue: in terms of appearance, not much besides the spoiler and some lower trim panels13:24
jaegerand maybe brakes? Not sure on that13:24
juejaeger: you've inspired me to think about an update too13:24
jaeger:D13:24
jaegerI really like it so far. And even though the 2015 has a smaller engine it has a bit more power and sounds really nice13:26
jaeger2.5 liter 265 HP -> 2.0 liter 268 HP13:26
jaegerMy new one came with the STi short shift kit installed, too. I didn't ask for that specifically but they didn't ask more for it so I said fine. :)13:27
juecool :)13:28
jaegerI also really like the 6-speed manual, my '08 is 5-speed13:28
juemy STi is now three and a half year old, zero problems so far, really nice cars :)13:29
jaegeron a CRUX note, I've tested fresh installs of rc99.9 in both BIOS and UEFI modes, no problem. I'll test upgrades from 3.0 at home tonight, was too busy last night =/13:29
jaegeryeah, they seem like they last really well13:29
juehave to go now, back in about 1 hour13:31
jaegertake care13:31
*** _mavrick61 has joined #crux-devel13:43
*** mavrick61 has quit IRC13:48
*** pitillo has quit IRC13:48
*** jaeger has quit IRC13:48
*** jaeger has joined #crux-devel13:58
*** pitillo has joined #crux-devel13:58
frinnstnasty exploits in flash patched with version 11.2.202.39414:01
frinnstshould we wait for sepen to fix it?14:01
frinnsthttp://arstechnica.com/security/2014/07/weaponized-exploit-can-steal-user-cookies-on-ebay-tumblr-other-sites/14:02
Romsteri'd bump it now14:33
Romstersepen isn't dependable anymore14:34
frinnstdone15:04
Romsterremember the last thing he broke filed a bug report you ended up reverting it.15:09
frinnstyes he needs to fix his email or drop buy and tell us how to contact him15:16
Romsterpitillo, needs to speak to him.15:16
pitillolet's see if I can call him and tell about the situation here15:20
pitilloand let things in your hands at least for a time15:20
frinnsttell him to fix his crux.nu forwarding. we get loads of bouncing emails15:21
pitillothe kid is eating his little amount of time15:21
pitilloI'll do frinnst15:21
frinnsthe got a kid now? wow, didnt know that15:21
frinnstcongratulate him from me :)15:21
pitillo:)15:22
pitilloa beatiful girl :)15:23
Romsternice well he should let us maintain stuff until he has time15:24
*** jue has quit IRC21:38
nrxtxhttp://zero-io.net/crux/core.html gource output of core repository21:39
frinnstomg21:44
frinnstawesomely cool21:44
nrxtxif you have some hours of time you can have a look at the gource output of the linux kernel :D crux-core is pretty "calm"21:47
frinnstbut jue sure isnt21:54
frinnsthe is flying around and zapping everything :D21:55
jaegerthat's pretty nifty22:34

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!