IRC Logs for #crux-devel Wednesday, 2014-09-24

*** mavrick61 has quit IRC02:54
*** mavrick61 has joined #crux-devel02:55
pitillogood morning07:18
pitillosorry for being boring with this topic, but can someone make a change in my private repo url (again, sorry) from lokalix.uni.cx to vjml.es ?07:19
teK__done, running pdbcacher now..08:23
pitillothank you very much teK__ :)08:27
teK__welcome08:28
*** Romster has quit IRC09:09
*** Romster has joined #crux-devel09:16
frinnstStephane Chazelas discovered a vulnerability in bash, related to how14:11
frinnstenvironment variables are processed: trailing code in function14:11
frinnstdefinitions was executed, independent of the variable name.14:11
frinnstIn many common configurations, this vulnerability is exploitable over14:11
frinnstthe network.14:11
frinnstChet Ramey, the GNU bash upstream maintainer, will soon release14:11
frinnstofficial upstream patches.14:12
jaegercharming14:16
frinnstI guess it's CVE-2014-627114:17
frinnstdebian just released a patch14:17
teK__over the network? wat.14:19
frinnstfucking embargoes14:20
frinnstftp://ftp.cwru.edu/pub/bash/bash-4.3-patches/bash43-02514:28
jueoops, all versions since 3.0 are affected14:57
juefrinnst: do you have an update ready or should I do it?14:59
juefrinnst: done15:22
teK__mind pushing that to 3.0? :))15:23
jueyeah, can do that even though I guess we didn't push everything security related to 3.0?15:25
teK__probably not15:27
teK__315:27
teK__I coulddo it, too15:27
jueteK__: will do it later today15:55
teK__thx15:56
diverseare they still maintaining the 3.0 version?16:01
teK__not really16:03
teK__i.e. no guarantees16:03
frinnstcrux.nu?17:14
teK__what about it17:39
jueteK__: done17:44
teK__thx :)17:47
teK__=======> ERROR: Md5sum mismatch found:17:48
teK__MISSING   1fb7f3f6bf92ce6c5c9ed9949ae858fe  procps-ng-3.3.10.tar.xz17:48
teK__NEW       48923adcd063442882d98718e070102e  procps-ng-3.3.10.tar.xz17:48
teK__=======> ERROR: Building '/usr/ports/packages/procps#3.3.10-1.pkg.tar.gz' failed.17:48
teK__my fault?17:48
jaegerI bet frinnst did it18:02
teK__if it's not my fault it's his, for sure18:03
jueteK__: works for me and the md5sum from the sourceforge page is still the same as ours18:21
teK__I'm using a gentoo mirror18:21
teK__fucking upstream..18:21
frinnstcrux.nu: its probably a good idea to patch bash there, too18:47
frinnst9pm, zzzzzzzz18:48
teK__we have #PermitUserEnvironment no18:48
*** Workster has quit IRC19:08
*** Workster_ has joined #crux-devel19:08
teK__frinnst: get to work ASAP!20:24
teK__https://www.mozilla.org/security/announce/2014/mfsa2014-73.html20:24
*** dwts has quit IRC22:35
*** dwts has joined #crux-devel22:36

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!