fsmithred | I just noticed that there are a lot of packages waiting for me in ascii-proposed-updates | 00:47 |
---|---|---|
fsmithred | including a non-devuanized dbus and dbus-x11 | 00:48 |
fsmithred | looks like xfce no longer respects config files in /etc/xdg/xfce4 when creating a new user. This breaks desktop-base. | 16:43 |
fsmithred | I think I'm in ceres (maybe chimaera) | 16:43 |
fsmithred | non-devuanized dbus is also in beowulf-proposed-updates. | 19:14 |
mason | fsmithred: What does non-devuanized indicate for that? | 19:38 |
fsmithred | mason, probably bad shit. | 19:44 |
fsmithred | hm | 19:45 |
fsmithred | not sure | 19:45 |
fsmithred | the deps look ok | 19:45 |
mason | Is this 1.12.20-0+deb10u1 ? | 19:47 |
fsmithred | yes | 19:47 |
mason | https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1754989.html | 19:49 |
mason | No mention of the CVE here though: https://sources.debian.org/patches/dbus/1.12.20-0+deb10u1/ | 19:50 |
fsmithred | prevent use-after-free if two usernames share a uid | 19:52 |
fsmithred | wtf? | 19:52 |
mason | https://nvd.nist.gov/vuln/detail/CVE-2020-12049 | 19:53 |
mason | Ah, not a patch in that version, it's in 1.12.18 | 19:53 |
mason | hence it not showing up in patches specific to 20 | 19:53 |
fsmithred | I don't know why we fork dbus or if we still need to do that | 19:56 |
mason | Do we change it to not link libsystemd0 explicitly? I thought we just had elogind0 provide that and everything was happy. | 19:57 |
mason | libelogind0 | 19:57 |
fsmithred | the new version depends on either | 19:57 |
fsmithred | I don't think we would have forked it just for lsd0 | 19:57 |
mason | hah, I like the abbreviation | 19:58 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!