IRC Logs for #crux Sunday, 2017-06-25

*** elderK has quit IRC01:02
*** onodera has quit IRC02:09
brian|lfsmore info on stack clash02:24
brian|lfsI have no clue if we are patched for this or not https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash02:24
darfoif a NIC flips back and forth between enp3s8 and enp4s8 after power interruptions is it flaky hardware? I thought this shouldn't happen with udev.02:30
darfoI checked /etc/udev/rules.d and there is no rules in it.02:33
darfoand /lib/udev/rules.d/80-net-name-slot.rules is the default from core/eudev02:37
*** _________mavric6 has quit IRC02:39
*** _________mavric6 has joined #crux02:40
j_vbrian|lfs: it looks like we should be patched for the sudo vulnerability with that latest update to the sudo port. if i understand the descriptions for CVE-2017-1000364 and CVE-2017-1000365, the fix is upgrading kernel (cve document says that 4.11.5 and earlier are affected).03:06
j_vi updated to kernel 4.11.7 because since the changelog for that kernel documents for fixes for stack guard stuff. looks to have been backported to the 4.9 branch with 4.9.34, ifaict03:15
j_vs/because since/because/03:16
brian|lfsok so I should upgrade my kernel03:24
j_vi would recommend it03:26
j_vlooking at the release dates for recent kernels, it looks like the 4.11 and 4.9 are the only branches (other than 'next') that have been patched. just an observation that i can't prove03:30
*** brian|lfs has quit IRC03:45
*** brian|lfs has joined #crux03:52
brian|lfsok I"m patched03:52
j_vcool03:53
brian|lfswonder if we need an e-mail announcement or an announcement ont he CRUX home page03:57
brian|lfseven announcement added to the welcome message people will see whent hey come in here04:03
j_vyou could send in a heads up to the CRUX ml. can't hurt04:05
frinnstdont you read the [notify] emails?04:07
j_vfrinnst: was there one about CVE-2017-100036{4,5} ?04:08
j_vi noticed the one about sudo for CVE-2017-100036704:09
frinnstsudo is patched, but there wasnt any public disclosure when it got patched04:10
frinnstso no notification was sent out04:10
j_vhmmm, you had something about it in the commit message, didn't you?04:10
frinnstI dont think so04:11
frinnstah, when p1 was updated yes04:11
j_vahh, looking at it now, i see that there wasn't. ok, thought i remembered it from somewhere04:12
frinnsthttps://lists.crux.nu/pipermail/crux/2017-May/005523.html04:12
Romsteri've compiled almost all of opt xorg and contrib and i have error logs and over 1000 built packages http://crux.ster.zone/packages/3.3/?C=M;O=D04:12
frinnstthats what we knew at the time04:13
brian|lfsif your running less then 4.11.5 update your kernl romster04:13
brian|lfsbad security vulnerability discovered04:14
frinnstnot really remote exploitable so no big worry04:14
Romsteri'm on 4.9 3304:14
Romsteri've been reading04:14
brian|lfsI think 4.9 may be patched04:14
frinnstdo you follow oss-sec brian|lfs ?04:15
brian|lfsanyone download windows 10 source code lol04:15
brian|lfsno whats oss-sec04:15
Romsterwish i knew where it was brian|lfs04:15
frinnsthttp://seclists.org/oss-sec/04:15
Romstermm 4.9.34 is out04:15
brian|lfsyou didn't see the article on slashdot about it today04:15
Romsteri have04:15
brian|lfsI'm not really sure if its a hoax or not04:16
Romsteri haven't got 32TB of space to spare currently04:16
brian|lfsanyone with have a brain would encrypt that shit04:16
Romsternor know whee it is04:16
brian|lfsI don't have 32TB either04:16
brian|lfsbut its only 8TB compressed04:16
brian|lfsit would help the ReactOS community lol04:17
Romsterand wine but they can't use that type of source without getting in trouble04:18
brian|lfsya I know04:18
brian|lfsI tried ReactOS few months ago it was junk04:18
brian|lfsjust using wine works better pretty sad04:18
ryu0so that was your "reaction"04:18
brian|lfsthat was a bad joke04:19
ryu0all this talk of liquor.04:19
ryu0lol04:19
brian|lfsjust poured some rum for you04:21
frinnstHAM!04:21
ryu0ACTION watches frinnst transform into ham.04:22
ryu0frinnst is now the hamburgler.04:23
frinnstim mantis tobagen04:24
nogagplzhe's not transforming into ham, he's choking on the scenery04:24
frinnsthttps://www.youtube.com/watch?v=9SULSoOYmRs04:25
*** tilman_ has joined #crux04:32
*** tsaop has joined #crux06:32
*** Duskmourn has quit IRC06:57
*** maraku_ has joined #crux06:59
*** maraku has quit IRC07:02
*** tsaop has quit IRC07:49
cruxbot[contrib.git/3.3]: virtualbox: fix footprint08:25
cruxbot[contrib.git/3.3]: ffmpeg-compat: 2.8.8 -> 2.8.1208:25
cruxbot[contrib.git/3.3]: vlc: 2.2.1 -> 2.2.608:25
cruxbot[contrib.git/3.3]: slock: fix dependency08:25
cruxbot[contrib.git/3.3]: qiv: fix dependency09:09
cruxbot[contrib.git/3.3]: p5-berkeleydb: 0.43 -> 0.5509:09
cruxbot[contrib.git/3.3]: p5-asterisk: 1.03 -> 1.0809:09
cruxbot[contrib.git/3.3]: p5-class-std: 0.011 -> 0.01309:09
cruxbot[contrib.git/3.3]: p5-gd: 2.53 -> 2.6609:09
cruxbot[contrib.git/3.3]: p5-sdl1-perl: fix footprint09:09
just_funRomster, any chance to sign your CRUX-Store ? :D09:19
Romsterat some point09:20
Romsterso much stuff is broken -_-09:21
Romsteri haven't figured what key or make a new key or best way yet09:22
just_funWhy not romster.pub/sec ?09:22
Romsteri was thinking of using my romster.pub one09:23
Romsteryou could pretty much install an entire deptree of ports from that collection in binary09:24
Romsterbut you will miss out on soft dependencies09:24
Romsterunless you rebuild those.09:24
just_funI know you have a huge collection, this is why I'm asking about sigs. I can't wait to enable the signature check in my pkgmk.conf patches for your "store". I already found two bugs there.09:27
Romsterwhat 2 bugs are that?09:27
just_funone was: after the pkg was downloaded, the signature was tried on all mirrors, including the source ones09:28
just_funthe other one is in by container-build-script: wrong signature name09:31
just_funhttps://github.com/therealfun/crux-ports/blob/master/func/depinstc (function make_pkg_signature)09:32
Romstermake_signature() function and make it work for built packages09:32
Romstercrikey the complexity of that09:36
just_funThe ports are signed by the port's maintainer (make_signature), and the builds are signed by the "builder" (signing everything).09:39
just_funDo you say I should change make_signature to sign binaries too?09:39
Romsteri dunno, i have my own scripts for building and stuff09:44
just_funWell, signing your builds is one signify line away :)09:45
Romsteryeah true09:46
just_funI was thinking if using prebuilt packages when the build fails will be useful, as an option.09:46
Romsteri've done that a few times when something on my system is putting it off09:47
Romstersometimes libtool can be a pain with old references to a library version that's been updated.09:47
Romsterbut i've fixed those with sed09:48
just_funI do have my pkgmk.conf patches enabled, and one time I was suprised that I've downloaded a prebuild package from you :))09:48
just_funforgot about that09:49
Romsterlol09:49
just_funI was trying to build firefox on a 2GB mem machine09:49
just_funand it was fast :))09:49
just_funThis is why I was thinking to "improve" those patches to download only when fails :)09:50
Romsterwell i was only building the big slow ports at first.09:50
Romsteri just throw them at my distcc+ccache cluster09:51
just_funIt was good to hear you've build them all.09:52
Romsterwell most of them, there is still about 138 broken ports09:52
just_funYou've already done a huge work. 138 is nothing :)09:53
*** jue has quit IRC09:54
*** tsaop has joined #crux09:55
*** jue has joined #crux09:58
*** elderK has joined #crux10:01
*** tsaop has quit IRC10:11
*** tsaop has joined #crux10:20
cruxbot[opt.git/3.3]: nano: update to 2.8.511:31
cruxbot[opt.git/3.3]: dar: update to 2.5.1111:31
cruxbot[contrib.git/3.3]: libva-intel: add missing dependency libva12:19
cruxbot[contrib.git/3.3]: keepassx2: 2.0.2 -> 2.0.312:19
Romster132 now just_fun12:21
Romstersome will be held back from a dependency being broken12:21
just_funRomster, do you count contrib too?12:22
just_funI'm thinking that there are 2 psychological levels: 128 and 64 :))12:23
cruxbot[contrib.git/3.3]: keepassx2: forgot to update signature after footprint12:24
Romsteri'm counting contrib compat-32 xorg and opt12:25
Romstersome of these errors are just missing dependencies12:26
*** tsaop has quit IRC12:26
*** tsaop has joined #crux12:27
cruxbot[contrib.git/3.3]: keepassx: add missing dependency xorg-libxtst12:28
just_funRomster, we are already in your debt. After that, some will go broke.12:33
Romsteri'm just sick of brokenness so i am doing something about it.12:34
Romsterneed to keep the quality of crux up not the quantity12:34
tsaopamen12:35
tsaopI should also polish my ports12:35
cruxbot[opt.git/3.3]: libunique: depends on gtk version 2 not 312:37
Romsteri have yet to get to romster collection12:42
cruxbot[contrib.git/3.3]: mpd: 0.20.6 -> 0.20.9 add boost at a dependency, move man pages to /usr/share12:45
Romsterwow that is old in xorg... wonder how that got missed.12:52
cruxbot[xorg.git/3.3]: xorg-xf86-video-openchrome: 0.3.3 -> 0.6.013:05
cruxbot[xorg.git/3.3]: xorg-xf86-video-xgixp: dropped last update in 201213:05
cruxbot[xorg.git/3.3]: xorg-xf86-video-newport: dropped last update in 201213:05
cruxbot[xorg.git/3.3]: xorg-xf86-video-v4l: dropped last update in 200813:05
*** elderK has quit IRC13:10
*** ubuuu has joined #crux13:13
*** ubuuu has quit IRC13:17
cruxbot[contrib.git/3.3]: wyrd: move man pages to share, remove redundant dependency13:21
cruxbot[contrib.git/3.3]: camlp depends on ocamlbuild and removed redundant dependency ocaml13:21
*** chinarulezzz has quit IRC13:27
*** onodera has joined #crux13:45
*** xeirrr has joined #crux13:55
xeirrrRomster: I know sepen is the maintainer of virtualbox, but how about you update it to 5.1.22 since there are several fixes there?13:56
xeirrrI saw you updated its footprint.13:57
*** ubuuu has joined #crux14:04
Romsteryeah i did just do that.14:06
Romsteri'll look into it14:06
*** ubuuu has quit IRC14:07
*** ubuuu has joined #crux14:08
*** xeirrr has quit IRC14:08
*** tsaop has quit IRC14:13
*** ubuuu has quit IRC14:46
*** darfo has quit IRC15:56
*** darfo has joined #crux15:59
*** ubuuu has joined #crux16:29
*** tsaop has joined #crux16:30
*** Guest1705 has joined #crux16:46
*** tsaop has quit IRC18:31
darfo<darfo> ah, one of my two NIC's drivers is loaded as a module. Modules are loaded asynchronously.18:39
darfo<darfo> I'll see if changing it to built-in makes udev generate the same name after all power cycles.18:40
darfoput the above on the wrong channel18:40
darfoafter rebuilding the kernel and then a power cycle it flipped to enp3s8. Now to power cycle again and see what gives.18:42
*** nthwyatt has joined #crux18:46
*** darfo has quit IRC18:47
*** nthwyatt has quit IRC18:48
*** darfo has joined #crux18:48
darfo[    3.803708] 8139too 0000:04:08.0 enp4s8: renamed from eth118:50
darfohrm. making it built-in didn't help18:51
onoderahttps://lists.debian.org/debian-devel/2017/06/msg00308.html18:51
onoderahow dangerous is this?18:51
darfo"system misbehavior, data corruption, and data loss" sound pretty serious to me18:54
onoderaye...18:54
*** ma0 has joined #crux18:55
darfoso 80-net-name-slot.rules is renaming my interface for me but is using supplied info for the name18:59
darfoand that info is toggling on every power cycle.18:59
*** onodera has quit IRC19:00
darfoi guess there some things I don't understand about PCI slots and the discovery the kernel does19:00
darfothe NIC built on to the motherboard never changes but the one in the expansion slot does19:01
darfoi keep hearing Inago Montoya saying "I don' theenk you know the meening of this word"19:02
jaegerchances are the chipset/bios enumerates differently when the expansion slots change19:02
darfobut I move nothing19:02
jaegerthat would indeed be strange, then. :)19:03
darfothis is just one power cycle to the next19:03
jaegerdoes lspci always show the same numbers/ids?19:03
darfoI haven't been checking but will going forward19:03
darfoi think the mobo is flaky19:03
*** tsaop has joined #crux19:09
*** onodera has joined #crux19:10
*** darfo has quit IRC19:16
*** darfo has joined #crux19:20
darfodidn't change this time :(19:23
darfolooking at the old logs the pci numbers correspond to the the move and it changes the FireWire too19:34
jaegerthat sounds like a hardware/bios issue to me, though I'm no expert19:35
darfothe firewire is built-in19:35
darfoyeah, me too. might be time to start shopping for a mobo19:36
darfothis one is 2005 vintage so maybe I got my moneys worth out of it19:36
jaegeryeah :)19:45
*** Guest1705 has quit IRC20:04
*** ubuuu has quit IRC20:05
*** elderK has joined #crux20:10
*** tsaop has quit IRC20:46
*** chinarulezzz has joined #crux22:03
*** ryu0 has quit IRC22:26
*** ryu0 has joined #crux22:31
*** vsteve has joined #crux23:54
vsteveis anyone here using the radeon driver?23:55

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!