Conversation

Notices

1. m0xEE (m0xee@social.librem.one)'s status on Wednesday, 03-Jul-2024 19:22:25 JST m0xEE

   Fuck it! I'm just downgrading to OpenSSH_8.4p1, which is supposedly unaffected. Because this newly patched OpenSSH_9.8p1 simply doesn't work on the only one of my systems that should be affected (32-bit, glibc).
   It just crashes before any key exchange even starts — what's odd, it works when its binary isn't in /usr/local/sbin — it doesn't depend on whether the binary is stripped or anything else — it's just about the path, 9.1p1 and 8.4p1 built on the same system work, this one doesn't 🤬

   • vertka (vertka@suya.place)'s status on Wednesday, 03-Jul-2024 19:22:20 JST vertka

     in reply to

     • ロミンちゃん
     @m0xee @romin then the golden rule can be applied here: if shit works, don't update shit.
   • m0xEE (m0xee@social.librem.one)'s status on Wednesday, 03-Jul-2024 19:22:21 JST m0xEE

     in reply to

     • vertka
     • ロミンちゃん

     @vertka @romin
     Nah, tried everything in the book — no success 🤷
     It even works when I run binary from the build directory directly, which is extremely odd. This machine might have many… "peculiarities" as I build most stuff myself and it's not as clean as when software is installed with a package manager.
     But I'm not motivated enough to investigate it further, besides, 8.4p1 built on the same machine with the same tools and with the same set of libraries works without a hitch — so why bother 😅

   • vertka (vertka@suya.place)'s status on Wednesday, 03-Jul-2024 19:22:22 JST vertka

     in reply to

     • vertka
     • ロミンちゃん
     @romin @m0xee Now seriously: Arch news wrote that you need to restart sshd after the update, maybe this is the case?
   • vertka (vertka@suya.place)'s status on Wednesday, 03-Jul-2024 19:22:23 JST vertka

     in reply to

     • ロミンちゃん
     @romin @m0xee install Rust :Elaina:
   • ロミンちゃん (romin@shitposter.world)'s status on Wednesday, 03-Jul-2024 19:22:24 JST ロミンちゃん

     in reply to
     @m0xee
     >Can I have my old computing back please
     no :l_well:
   • m0xEE (m0xee@social.librem.one)'s status on Wednesday, 03-Jul-2024 19:22:25 JST m0xEE

     in reply to

     And I don't want to investigate why this shit doesn't work so I'm just downgrading.

     Can I have my old computing back please — without all this complexity? When vulnerabilities with such a severity happened once in a few years instead of every other month 😩

   • vertka (vertka@suya.place)'s status on Wednesday, 03-Jul-2024 19:22:59 JST vertka

     in reply to

     • vertka
     • ロミンちゃん
     @m0xee @romin maybe it's way better to use outdated software but without this CVE after all.