<jaeger>
You'll need to rebuild anything that owns a libtool file referencing that
<jaeger>
grep libuuid.la /usr/lib/*.la, rebuild anything that matches
<cruxbridge>
<emmett1> jaeger: ok thanks jaeger
<cruxbridge>
<emmett1> btw any plan on completely remove *la files in the future?
<cruxbridge>
<jloc0> One of my xfce4 packages deps on a la file not present in a xorg package and fails since it don’t exist on the system, id say completely removing la files is premature at best. I’ve found most of xfce expects them to exist (I don’t recall which xorg package it is and I’m away from my machine)
<cruxbridge>
<jloc0> Just commenting on “complete removal”
SiFuh has quit [Remote host closed the connection]
SiFuh has joined #crux
<cruxbridge>
<emmett1> thats because half of your packages is provided *.la files
<cruxbridge>
<emmett1> i've been using CRUX before without *.la files completely by exclude it in /etc/pkgadd.conf, and never encounter libtool error even once
<cruxbridge>
<emmett1> and as far as i know, CRUX the only distro that still keep *.la files
<cruxbridge>
<emmett1> Venom Linux started around 2016 (something around that year) been rolling without *.la files, never encounter libtool error once
<cruxbridge>
<emmett1> and only ImageMagick required its *.la files
tarxvfz has joined #crux
tarxvfz has quit [Remote host closed the connection]
tarxvfz has joined #crux
tarxvfz has quit [Ping timeout: 260 seconds]
tarxvfz has joined #crux
dlcusa has joined #crux
jue has joined #crux
<cruxbot>
[xorg/3.7]: xorg-libxt: rebuilt for util-linux 2.40
<cruxbot>
[xorg/3.7]: xorg-libsm: rebuilt for util-linux 2.40
<cruxbot>
[opt/3.7]: iwd: updated to version 2.17
zorz has joined #crux
lavaball has joined #crux
dlcusa has quit [Ping timeout: 260 seconds]
jue has quit [Ping timeout: 264 seconds]
dlcusa has joined #crux
<cruxbot>
[opt/3.7]: prt-utils: updated URL
tarxvfz has quit [Remote host closed the connection]
chrcav has quit [Ping timeout: 260 seconds]
chrcav has joined #crux
<cruxbot>
[opt/3.7]: thunderbird-bin: updated to version 115.9.0
<cruxbot>
[contrib/3.7]: vte3: updated to version 0.76.0; new dependency: lz4
<cruxbot>
[contrib/3.7]: python3-referencing: updated to version 0.34.0
<cruxbot>
[contrib/3.7]: python3-importlib_metadata: updated to version 7.1.0
brian|lfs has quit [Quit: Leaving]
<cruxbot>
[core/3.7]: coreutils: updated to version 9.5
tarxvfz has joined #crux
<cruxbot>
[xorg/3.7]: xorg-libpciaccess: updated to version 0.18.1
tarxvfz has quit [Remote host closed the connection]
tarxvfz has joined #crux
tarxvfz has quit [Remote host closed the connection]
tarxvfz has joined #crux
tarxvfz has quit [Remote host closed the connection]
tarxvfz has joined #crux
tarxvfz has quit [Remote host closed the connection]
tarxvfz has joined #crux
tarxvfz has quit [Remote host closed the connection]
<remiliascarlet>
Affected versions happen to be 5.6.0 and 5.6.1, but all my FreeBSD, OpenBSD, PostmarketOS, and Debian/Devuan boxes report they run 5.4.x. Only 1 Void Linux box had 5.6.1, and a simple `xbps-install -Su` made it downgrade back to 5.4. This effectively makes CRUX the only one with the backdoored version in it.
<cruxbridge>
<tim> i have to ask: do you ever stop and think for a second before you post on irc?
<remiliascarlet>
I have no idea what your problem is, you seem pretty miserable every time I saw anything at all as of late.
<joacim>
i've been lazy, and still use 5.4.x on my crux install
<remiliascarlet>
s/saw/say
<remiliascarlet>
Downgraded xz on CRUX now.
<joacim>
my tumbleweed system is on 5.6.1 tho
<jaeger>
From what I can see crux isn't really vulnerable (no systemd linked with xz/lzma, no ssh linked against systemd linked against xz/lzma, no successful check for debian/redhat derivatives in configure), for what that's worth... but it's still a scary supply chain issue either way
<joacim>
actually, i've been lazy with my tumbleweed system too. so i'll lock the package, or just not upgrade until this is fixed
<cruxbridge>
<tim> i agree with jaeger, until the supply chain issue is not resolved I have no idea what else there is to do.
<joacim>
what is the bridge bridging from?
<remiliascarlet>
I know it only affects shitstaind distro's, but I still downgraded it just in case it turns out it affects other init systems as well.
<cruxbridge>
<tim> joacim: matrix
lavaball has quit [Remote host closed the connection]
tarxvfz has quit [Quit: tarxvfz]
<remiliascarlet>
Looking at Linux IRC channels, and they say it affects systemd distro's only.
<remiliascarlet>
Looking at BSD IRC channels, and they say it affects all glibc distro's.
<joacim>
i guess it affects everything that links to it
<ukky>
my system still uses 5.4.5. That's the case when being too busy is good