ngn@lemy.lol to MemesEnglish · 8 months agolove is in the air?lemy.lolimagemessage-square45fedilinkarrow-up1349arrow-down140
arrow-up1309arrow-down1imagelove is in the air?lemy.lolngn@lemy.lol to MemesEnglish · 8 months agomessage-square45fedilink
minus-squarewildbus8979@sh.itjust.workslinkfedilinkarrow-up7arrow-down1·8 months agohttps://archlinux.org/news/the-xz-package-has-been-backdoored/
minus-squareHopFlop@discuss.tchncs.delinkfedilinkarrow-up8·8 months agoYeah but the backdoor does not work on Arch (as far as we currently know). It relies on a linking of libraries that Arch doesnt do by default.
minus-square30p87@feddit.delinkfedilinkarrow-up7·8 months agoAnd as https://www.openwall.com/lists/oss-security/2024/03/29/4 says: “These conditions include targeting only x86-64 linux: […] Building with gcc and the gnu linker […] Running as part of a debian or RPM package build:” I’m not an expert of course.
minus-squarebrvslvrnstlinkfedilinkarrow-up2·8 months agoHoly shit that was a hell of a dive. And no wonder the dude got it working, he was just pounding those “test and translation” commits
https://archlinux.org/news/the-xz-package-has-been-backdoored/
Yeah but the backdoor does not work on Arch (as far as we currently know). It relies on a linking of libraries that Arch doesnt do by default.
And as https://www.openwall.com/lists/oss-security/2024/03/29/4 says:
“These conditions include targeting only x86-64 linux: […] Building with gcc and the gnu linker […] Running as part of a debian or RPM package build:”
I’m not an expert of course.
Holy shit that was a hell of a dive. And no wonder the dude got it working, he was just pounding those “test and translation” commits