2022-02-01 18:02:09 <Ariadne> ikke: source package = pillow
2022-02-01 18:03:01 <ikke> there is a rewrite from python:* to py3-*, not?
2022-02-01 18:03:29 <Ariadne> not sure, i think so
2022-02-01 18:04:30 <ikke> https://gitlab.alpinelinux.org/ariadne/secfixes-tracker/-/blob/master/secfixes_tracker/importers.py#L101
2022-02-01 18:05:01 <Ariadne> oh
2022-02-01 18:05:06 <Ariadne> the language field is not set in the cpe
2022-02-01 18:05:18 <Ariadne> instead they used vendor of python
2022-02-01 18:05:56 <ikke> aha
2022-02-03 10:13:00 <omni> should this channel be +R too?
2022-02-03 10:32:29 <danieli> I haven't seen much spam here
2022-02-03 10:35:13 <omni> true
2022-02-03 10:35:33 <omni> just noticed on reconnect
2022-02-03 10:42:01 <danieli> aah, I thought you were asking if +R should be set but if it's already set it could probably be unset
2022-02-03 10:42:10 <danieli> I think alpine-devel and alpine-linux both have +R too
2022-02-03 10:42:23 <danieli> that was due to previous waves of spam though
2022-02-03 11:20:06 <ikke> It's still continuing
2022-02-03 13:26:39 <ncopa> Hi, can someone help me backport expat 2.4.4 to 3.14-stable? For the cve fix. If not I’ll do it later today
2022-02-03 13:33:30 <psykose> like this https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/30413 or are there some rebuilds to do
2022-02-03 13:36:33 <psykose> 3.15 seems like it needs it too
2022-02-03 13:36:47 <psykose> not sure if 3.13/3.12 were patched as well
2022-02-03 13:38:30 <psykose> https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/30414 3.15
2022-02-03 15:51:13 <ncopa> psykose: thank you very much!
2022-02-03 15:51:37 <psykose> :)
2022-02-03 15:53:01 <ncopa> I think patches may need to be back ported for  3.13 and 3.12. not sure if we dare to upgrade to 2.4.4
2022-02-03 15:57:43 <psykose> yeah should find the specifics
2022-02-03 15:57:47 <psykose> they already have a few for the other ones
2022-02-10 15:02:11 <jvoisin> Ariadne: https://github.com/netblue30/firejail/issues/4780
2022-02-10 15:44:49 <Ariadne> jvoisin: :)
2022-02-10 16:24:55 <donoban> lol
2022-02-10 16:52:23 <donoban> Maybe I'm wrong but the fix doesn't look very reasoned, if (strcmp(dir, ".") == 0 || *dir != '/') ..., the strcmp() part is not already included in the second?
2022-02-10 18:29:42 <Ariadne> its an or condition
2022-02-10 18:29:45 <Ariadne> not an and
2022-02-10 19:08:36 <donoban> Ariadne: I know, I just feel that always that strcmp() is true, the other part also is true
2022-02-10 19:10:03 <donoban> s/always that/whenever/
2022-02-14 17:47:11 <donoban> I know that there is no too much love for pam on Alpine but since it's an important security risk once installed it should be handled (at some degree) as a distribution policy instead a mess of different packages using different models
2022-02-14 17:47:53 <donoban> In that sense I feel that this was a good improvement https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/25178/
2022-02-14 17:48:48 <donoban> uses openembeded config instead archlinux (Reduces pam complexity from 90 to 18 lines)
2022-02-14 17:50:58 <donoban> well, it's need some fixes
2022-02-16 12:50:25 <minimal> BIOS/UEFI vulnerabilities: https://binarly.io/posts/An_In_Depth_Look_at_the_23_High_Impact_Vulnerabilities/index.html
2022-02-20 11:44:04 <ikke> More CVEs for expat: https://www.openwall.com/lists/oss-security/2022/02/19/1
2022-02-20 14:06:47 <Ariadne> fun
2022-02-20 21:58:38 <psykose> i patched them all
2022-02-20 21:58:49 <psykose> and went to bed
2022-02-20 21:58:54 <psykose> and woke up to them not being merged :p
2022-02-20 21:59:54 <psykose> !31183 !31217 !31216 !31215 !31214
2022-02-21 00:15:10 <psykose> success
2022-02-21 05:33:05 <ikke> they have been merged :)
2022-02-21 05:50:29 <psykose> hence the success
2022-02-21 05:50:31 <psykose> :)
2022-02-27 07:16:27 <ikke> https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/