*** Feksclaus has quit IRC | 02:54 | |
*** kori has quit IRC | 03:45 | |
*** mavrick61 has quit IRC | 03:48 | |
*** mavrick61 has joined #crux-devel | 03:49 | |
*** kori has joined #crux-devel | 04:07 | |
*** deus_ex has quit IRC | 04:40 | |
*** kori has quit IRC | 05:32 | |
*** kori has joined #crux-devel | 05:39 | |
frinnst | heh, i was running a xorg-server 1.17-rc before i rebuild with 1.16.2.901 | 08:20 |
---|---|---|
frinnst | you sure get some wierd errors unless you rebuild the drivers when downgrading | 08:20 |
Romster | ABI yeah | 08:21 |
frinnst | I thought i had some hardware issue when i turned on my box this morning | 08:22 |
frinnst | just a blank screen | 08:22 |
Romster | anyone going to do alancos kde4 branch update to 3.1 | 08:22 |
Romster | hah man that reminds me of the error screensaver.... the moment i glanced at my monitor it had the kenrel panic of linux.... | 08:23 |
Romster | i was WTF | 08:24 |
Romster | oh gawd it was just the screensaver | 08:24 |
prologic | anyone else have trouble using bintary in sources for ports? | 08:28 |
prologic | even wget'ing the url sucks | 08:29 |
teK_ | Workster / Romster I updated kde4 to point to 3.1. Should hit the website tomorrow, when pdb was updated | 08:29 |
Romster | teK_, thanks man. alan seems to have a hard time with updates or isn't around for a dev to see. | 08:39 |
Romster | teK_, does all the site work anymore. | 08:39 |
Romster | when i read the xorg security venerability's i was shocked. | 08:40 |
teK_ | heh | 08:41 |
diverse | it was the heartbleed of GUIs huh? | 08:41 |
Romster | http://www.phoronix.com/scan.php?page=news_item&px=MTg1ODQ | 08:42 |
Romster | These issues date back to the 80's and 90's -- thus affecting most X.Org running systems out there. The oldest of these vulnerabilities go back to 1987 with X11 core protocol requests. | 08:42 |
Romster | does no one valgrind or other tools for these? | 08:43 |
diverse | alright, more like the Bash shellshock of GUIs | 08:43 |
teK_ | Ilja van Sprundel probably did ;) | 08:43 |
teK_ | but I think that he was a fuzzer-guy so he probably used that, too | 08:44 |
Romster | Among the vulnerabilities are an unchecked malloc in client authentication leading to a potential denial of service, integer overflows, and out of bounds access due to not checking lengths/offsets in requests. | 08:44 |
Romster | i mean the first rule is never trust user input. check everything. | 08:44 |
Romster | poor programming practices. | 08:45 |
teK_ | the fixes mention "added paranoia" which reflects a strange attitude towards this topic. IMHO | 08:47 |
diverse | what does "added paranoia" mean specifically? | 08:49 |
diverse | still 3 bigs ones this years, heartblead, shellshock, and now this | 08:51 |
diverse | *year | 08:51 |
Romster | yeah i hope this is the last one for this year.... | 09:06 |
teK_ | diverse: it means they do proper length checking instead of relying on the users to behave... | 09:14 |
diverse | ah gotcha | 09:14 |
teK_ | it's like using a parameter superuser=(0|1) in the URL of your webapp without checking | 09:15 |
diverse | oh I guess I was thinking of array bounds checking | 09:16 |
*** Feksclaus has joined #crux-devel | 09:29 | |
teK_ | yeah that was faulty too, iirc | 09:41 |
diverse | buffer overflows huh? | 09:42 |
teK_ | for maximum pleasure, read the linked ML posts | 09:42 |
diverse | somehow I think it's more important that programmers get re-educated in the art of code-correctness | 09:44 |
diverse | because that seems to be in much higher demand now with all these expliot findings | 10:05 |
prologic | Where's sepan these days? | 11:02 |
prologic | his @crux.nu email is non-existent | 11:02 |
frinnst | he hosts his own mailserver at home and its down | 11:02 |
frinnst | for a few days even | 11:02 |
frinnst | pitillo has his other gmail address (i forgot) | 11:03 |
Romster | sepen at crux-arm.nu | 11:08 |
Romster | is something of his not right prologic ? | 11:09 |
pitillo | beep beep... shared on pm | 11:26 |
prologic | no, it's fine :) | 11:34 |
prologic | just wanted him to add a symlink for VBoxManage for the virtualbox port | 11:34 |
*** Workster has quit IRC | 16:36 | |
jaeger | Romster: wine needs a bit of a tweak, it has the wrong gecko and mono versions currently. http://sprunge.us/DLYK | 16:52 |
jaeger | (oops, that patch doesn't bump release) | 16:52 |
*** leo-unglaub has joined #crux-devel | 17:36 | |
*** deus_ex has joined #crux-devel | 18:10 | |
*** deus_ex has quit IRC | 18:16 | |
*** crash_ has joined #crux-devel | 18:50 | |
*** crash_ has quit IRC | 18:50 | |
*** crash_ has joined #crux-devel | 18:51 | |
jue | hello | 19:37 |
jue | wrt mailing list thread: '... X does not work with slim ...' | 19:39 |
jue | I see the same messages in my xorg log, can someone else confirm this, please? | 19:40 |
jue | looks like we have to add a --disable-systemd-logind | 19:41 |
teK_ | same here | 19:45 |
teK_ | I refrained from testing or better: reporting back for various reasons | 19:46 |
jaeger | I see the systemd login error but it doesn't cause X to fail on my system | 19:47 |
jaeger | I do run dbus | 19:47 |
teK_ | dito and dito. | 19:50 |
leo-unglaub | hey :) | 19:53 |
jue | thx, I'll commit a new release with a explicit --disable-systemd-logind | 19:56 |
jue | with that I no longer see the errors | 19:56 |
jaeger | ok | 19:56 |
prologic | slim works fine here now | 20:53 |
prologic | it didn't a little while ago | 20:53 |
prologic | but xfce4 runs debus for me | 20:53 |
prologic | ooooh | 21:00 |
prologic | the new Xorg server with all the bug fies | 21:00 |
prologic | and the new hard systemd integration :) | 21:01 |
prologic | that's going to screw me over too isn't it :) | 21:01 |
*** crash_ has quit IRC | 21:51 | |
*** leo-unglaub has quit IRC | 23:17 | |
*** Workster has joined #crux-devel | 23:26 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!