| === chris15 is now known as chris14 | ||
| hallyn | mdeslaur: ohrly. interesting. Thanks. Sorry for not engaging - was afk today - but relieved to hear it's solved. | 03:40 |
|---|---|---|
| ricotz | hello, the last tiff security update is causing a crash in the libreoffice build, a remerge with tiff 4.4.0-6 fixed the issue on lunar, now I am seeing it on kinetic too | 06:29 |
| ricotz | at least tiff is what the stacktrace suggests https://paste.ubuntu.com/p/ctmvDyVf7G/plain/ | 06:37 |
| ricotz | while comparing build-environment with an older identical libreoffice build, it seems something else is causing this | 07:02 |
| ebarretto | ricotz, do you have a ticket open for that? in which releases is the crash happening? | 08:07 |
| ricotz | ebarretto, I have not filed a bug, I have seen this crash on lunar and kinetic -- the kinetic build-environment difference is https://paste.ubuntu.com/p/QySQPnXzr4/plain/ | 08:16 |
| ricotz | so I am starting to wonder if this is an infrastructure/builder issue | 08:17 |
| ricotz | although I saw this crash on amd64 and arm64 | 08:17 |
| ebarretto | ricotz, thanks, I'm forwarding this info to my colleague who did the last kinetic update. Lunar is behind kinetic right now on tiff, so I wonder if building with the -proposed version is also crashing | 08:20 |
| ricotz | ebarretto, ok, see the build-environment diff which indicates it isn't tiff causing it | 08:21 |
| nishit | thanks ricotz, Do you have issue reproducible step for this? It will help me reproduce the issue on kinetic/lunar, thanks | 08:24 |
| ricotz | nishit, sorry no, on lunar I assumed it got caused by the missing tiff/lerc transition which lead to a library conflict with python3-lerc | 08:35 |
| ricotz | or the missing patch for https://ubuntu.com/security/CVE-2022-3970 | 08:36 |
| -ubottu:#ubuntu-security- A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970> | 08:36 | |
| ricotz | but then it happened on kinetic | 08:36 |
| ricotz | nishit, build failure at https://launchpad.net/~libreoffice/+archive/ubuntu/experimental/+build/24873352 and success at https://launchpad.net/~libreoffice/+archive/ubuntu/experimental/+build/24883263 - identical source with following build-enviroment changes https://paste.ubuntu.com/p/GDtbC6nFsb/plain/ | 08:44 |
| ricotz | I have retried the failed libreoffice/kinetic SRU build on amd64 to reproduce it - https://launchpad.net/ubuntu/+source/libreoffice/1:7.4.3-0ubuntu0.22.10.1/+build/24883181 | 08:47 |
| === chris15 is now known as chris14 | ||
| mdeslaur | If anyone uses u-boot, I'd appreciate getting some testing on the packages in here: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages | 17:34 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!