ngn@lemy.lol to Memes@lemmy.mlEnglish · 8 months agolove is in the air?lemy.lolimagemessage-square41fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1imagelove is in the air?lemy.lolngn@lemy.lol to Memes@lemmy.mlEnglish · 8 months agomessage-square41fedilink
minus-squarewildbus8979@sh.itjust.workslinkfedilinkarrow-up0·8 months agohttps://archlinux.org/news/the-xz-package-has-been-backdoored/
minus-square30p87@feddit.delinkfedilinkarrow-up0·8 months agoAnd as https://www.openwall.com/lists/oss-security/2024/03/29/4 says: “These conditions include targeting only x86-64 linux: […] Building with gcc and the gnu linker […] Running as part of a debian or RPM package build:” I’m not an expert of course.
minus-squarebrvslvrnst@lemmy.mllinkfedilinkarrow-up0·8 months agoHoly shit that was a hell of a dive. And no wonder the dude got it working, he was just pounding those “test and translation” commits
minus-squareHopFlop@discuss.tchncs.delinkfedilinkarrow-up0·8 months agoYeah but the backdoor does not work on Arch (as far as we currently know). It relies on a linking of libraries that Arch doesnt do by default.
https://archlinux.org/news/the-xz-package-has-been-backdoored/
And as https://www.openwall.com/lists/oss-security/2024/03/29/4 says:
“These conditions include targeting only x86-64 linux: […] Building with gcc and the gnu linker […] Running as part of a debian or RPM package build:”
I’m not an expert of course.
Holy shit that was a hell of a dive. And no wonder the dude got it working, he was just pounding those “test and translation” commits
Yeah but the backdoor does not work on Arch (as far as we currently know). It relies on a linking of libraries that Arch doesnt do by default.