Search
Items tagged with: xz
Three years ago, #FDroid had a similar kind of attempt as the #xz #backdoor. A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn't found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a #SQLinjection #vuln. In this case, we managed to catch it before it was merged. Since similar tactics were used, I think its relevant now
https://gitlab.com/fdroid/fdroidclient/-/merge_requests/889
Search improvements: Sort based on keyword matching and removed alphabetic sort (!889) · Merge requests · F-Droid / Client · GitLab
The search results are pretty unusable currently. So I've changed it to show apps in this order: App name matches keyword, summary matches keyword, description matches keyword. Also,...GitLab
A Microcosm of the interactions in Open Source projects
Originally a thread on Twitter about the xz/liblzma vulnerability, when I finished typing it, I realized I had a real world slice of Open Source interaction that deserved more attention.robmensching.com
If you use #Manjaro, here's how to downgrade #xz to excape the #backdoor that everybody is justifiably freaking out about.
https://wiki.manjaro.org/index.php?title=Downgrading_packages
Github has disabled the https://github.com/tukaani-project/xz repository
That seems a bit of a problem for everyone who needs to understand the past activity there in order to fully address the #xz backdoor. Sheesh
I have a clone from today if anyone needs it.
tukaani-project/xz
XZ Utils. Contribute to tukaani-project/xz development by creating an account on GitHub.GitHub