Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://floss.social/users/chimera_linux/statuses/112181481540308860">Chimera Linux (chimera_linux@floss.social)'s status on Saturday, 30-Mar-2024 08:13:14 JST</a><a href="https://floss.social/@chimera_linux" title="chimera_linux@floss.social"><img src="https://gnusocial.jp/avatar/160454-48-20230815165012.webp" width="48" height="48" alt="Chimera Linux" style="position: absolute; left: 0; top: 0;">Chimera Linux</a><div><a href="https://fosstodon.org/@alpinelinux/112181155158145065" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/110845" title="rnd@toot.cat">/dev/urandom</a></li></ul></div></section><article><p><a href="https://fosstodon.org/@alpinelinux">@alpinelinux</a> <a href="https://toot.cat/@rnd">@rnd</a> that does not look right; before the commit made 4 hours ago, you were using the same affected tarballs: <a href="https://gitlab.alpinelinux.org/alpine/aports/-/commit/982d2c6bcbbb579e85bb27c40be84072ca0b1fd9" rel="nofollow noreferrer">https://gitlab.alpinelinux.org/alpine/aports/-/commit/982d2c6bcbbb579e85bb27c40be84072ca0b1fd9</a></p><p>the switch has introduced another problem and that's a build-time depcycle (xz-&gt;gettext-&gt;libxml2-&gt;xz) - which is the primary reason we have not switched (pregenerated autotools files solve that)</p><p>that said, there is no difference otherwise, since the malicious condition does *not* trigger even with the upstream release tarball</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2878895#notice-5721985">In conversation</a><time datetime="2024-03-30T08:13:14+09:00" title="Saturday, 30-Mar-2024 08:13:14 JST">about 8 months ago</time> <span>from <span><a href="https://floss.social/@chimera_linux/112181481540308860" rel="external" title="Sent from floss.social via ActivityPub">floss.social</a></span></span><a href="https://floss.social/@chimera_linux/112181481540308860">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: gitlab.alpinelinux.org</div><h5><a href="https://gitlab.alpinelinux.org/users/sign_in">Sign in · GitLab</a></h5><div></div></header><div>GitLab Community Edition</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Chimera Linux (chimera_linux@floss.social)'s status on Saturday, 30-Mar-2024 08:13:14 JSTChimera Linux
in reply to
- Alpine Linux :alpine:
- /dev/urandom
@alpinelinux @rnd that does not look right; before the commit made 4 hours ago, you were using the same affected tarballs: https://gitlab.alpinelinux.org/alpine/aports/-/commit/982d2c6bcbbb579e85bb27c40be84072ca0b1fd9
the switch has introduced another problem and that's a build-time depcycle (xz->gettext->libxml2->xz) - which is the primary reason we have not switched (pregenerated autotools files solve that)
that said, there is no difference otherwise, since the malicious condition does *not* trigger even with the upstream release tarball
In conversationabout 8 months ago from floss.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: gitlab.alpinelinux.org
  Sign in · GitLab
  GitLab Community Edition

Public

Embed Notice

HTML Code

Corresponding Notice