From ihsan at opencsw.org  Thu Jun 13 11:05:53 2024
From: ihsan at opencsw.org (Ihsan Dogan)
Date: Thu, 13 Jun 2024 11:05:53 +0200
Subject: CSWxz and CVE-2024-3094
In-Reply-To: <ABF99B58-A2F8-40B6-8BAE-3525A8D92528@opencsw.org>
References: <ABF99B58-A2F8-40B6-8BAE-3525A8D92528@opencsw.org>
Message-ID: <9BFCAB16-76E2-4EA4-A960-AB7EE21B5FFB@opencsw.org>

H

> Am 02.04.2024 um 14:57 schrieb Ihsan Dogan via users <users at lists.opencsw.org>:
> 
>>>>> what about CVE-2024-3094 and current version CSWxz?
>>>>> 
>>>>> https://nvd.nist.gov/vuln/detail/CVE-2024-3094
>>>> 
>>>> Ihsan already prepared an updated package which should show up soon.
>>> 
>>> Yes, I am on it. I am preparing a rollback to the last 5.4 release. Should be out either today or tomorrow.
>> 
>> Jia Tan started contributing to xz circa the development version 5.3.
>> To get untainted code, you have to go back to version 5.2. But rolling
>> back to version 5.2 means ABI and symbol breaks. If you don't want to
>> go back to 5.2, then it means you have to audit over 700 commits in
>> xz. Also see <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024#5>.
>> 
>> Jia Tan started influencing code before the persona (he/she/it?) had
>> check-in privileges. Also see
>> <https://www.mail-archive.com/xz-devel at tukaani.org/msg00571.html>.
> 
> Thanks for the hint. In this case, I am going back to 5.2.9. 5.2.9 does contain security issues, but at least it should not have any code from Jian Tian.

I have pushed 5.6.2 today to the catalog, which is the first 5.6 xz release without the backdoor.


Regards

Ihsan

From joncox at alum.mit.edu  Wed Jun 26 07:43:07 2024
From: joncox at alum.mit.edu (Jonathan Cox)
Date: Wed, 26 Jun 2024 05:43:07 +0000
Subject: Interest in a few modern python-and SDL2-related packages?
Message-ID: <CH2PR12MB5514156A28438C040F2706CDF4D62@CH2PR12MB5514.namprd12.prod.outlook.com>

Hello,

I recently acquired a Sun Blade 2500 UltraSPARC IIIi dual-cpu workstation running Solaris 10 1/13, and I've been working on building and testing modern, UltraSPARC optimized packages for the following:

  *   Python 3.9.19
  *   OpenBLAS 0.2.20
  *   Tcl/tk 8.6.14
  *   SDL2 2.30.4
  *   numpy 1.22.4
  *   lapack 3.12.0

I'm working on a few other things, such as other SDL2 components and other python packages like matplotlib, pygame, etc. I found that, for a RISC processor like the SPARC, configuring the compiler to target the proper CPU makes a huge difference. Thus, I'd like to target at least -mcpu=ultrasparc, preferably -mcpu=ultrasparc3.

If it's a relatively straightforward process to package this up as a package and add it to OpenCSW, I could try to do that. Let me know if there is interest. I'm a big Python fan, so I'm working toward having a complete enough set of python tools to accomplish all the things I'm interested in.

Regards,
Jon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.opencsw.org/pipermail/users/attachments/20240626/629dd20c/attachment-0001.html>

From dam at opencsw.org  Wed Jun 26 08:32:41 2024
From: dam at opencsw.org (Dagobert Michelsen)
Date: Wed, 26 Jun 2024 08:32:41 +0200
Subject: Interest in a few modern python-and SDL2-related packages?
In-Reply-To: <CH2PR12MB5514156A28438C040F2706CDF4D62@CH2PR12MB5514.namprd12.prod.outlook.com>
References: <CH2PR12MB5514156A28438C040F2706CDF4D62@CH2PR12MB5514.namprd12.prod.outlook.com>
Message-ID: <D1F4D475-F9D5-40E9-A096-ECFF2F017E29@opencsw.org>

Hi Jon,

> Am 26.06.2024 um 07:43 schrieb Jonathan Cox via users <users at lists.opencsw.org>:
> I recently acquired a Sun Blade 2500 UltraSPARC IIIi dual-cpu workstation running Solaris 10 1/13, and I?ve been working on building and testing modern, UltraSPARC optimized packages for the following:
> Python 3.9.19
> OpenBLAS 0.2.20
> Tcl/tk 8.6.14
> SDL2 2.30.4
> numpy 1.22.4
> lapack 3.12.0
>  
> I?m working on a few other things, such as other SDL2 components and other python packages like matplotlib, pygame, etc. I found that, for a RISC processor like the SPARC, configuring the compiler to target the proper CPU makes a huge difference. Thus, I?d like to target at least -mcpu=ultrasparc, preferably -mcpu=ultrasparc3.
>  
> If it?s a relatively straightforward process to package this up as a package and add it to OpenCSW, I could try to do that. Let me know if there is interest. I?m a big Python fan, so I?m working toward having a complete enough set of python tools to accomplish all the things I?m interested in.

This would indeed be interesting! Are you building your packages with GAR? That is a close to a requirement because
the packages must also conform to a special structure so the OpenCSW infrastructure can process them.


Best regards

  ? Dago

-- 
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.opencsw.org/pipermail/users/attachments/20240626/9cd6e11d/attachment.html>

From joncox at alum.mit.edu  Wed Jun 26 08:47:56 2024
From: joncox at alum.mit.edu (Jonathan Cox)
Date: Wed, 26 Jun 2024 06:47:56 +0000
Subject: Interest in a few modern python-and SDL2-related packages?
In-Reply-To: <D1F4D475-F9D5-40E9-A096-ECFF2F017E29@opencsw.org>
References: <CH2PR12MB5514156A28438C040F2706CDF4D62@CH2PR12MB5514.namprd12.prod.outlook.com>
 <D1F4D475-F9D5-40E9-A096-ECFF2F017E29@opencsw.org>
Message-ID: <CH2PR12MB5514D25EF341D3114CE58EF5F4D62@CH2PR12MB5514.namprd12.prod.outlook.com>

Hello Dago,

I think I am using GAR, but I need to double check that I built with gar for all of the packages. Initially, I spent a lot of time trying to build with Solaris Studio 12.4, but I found that most code assumes GNU compilers and tools these days, so I gave up on that. Thus, I am building with the gcc-5.5, g++5.5, gfortran-5.5 compilers and toolchain from OpenCSW, using mcpu=ultrasparc or ultrasparc3.

Most of the builds weren?t too difficult, although I did have to modify source code slightly in a few places. SDL2 has been the most complicated to date.

-Jon

From: Dagobert Michelsen <dam at opencsw.org>
Sent: Wednesday, June 26, 2024 00:33
To: Questions and discussions <users at lists.opencsw.org>
Cc: Jonathan Cox <joncox at alum.mit.edu>; buildfarm <buildfarm at opencsw.org>
Subject: Re: Interest in a few modern python-and SDL2-related packages?

Hi Jon,


Am 26.06.2024 um 07:43 schrieb Jonathan Cox via users <users at lists.opencsw.org<mailto:users at lists.opencsw.org>>:
I recently acquired a Sun Blade 2500 UltraSPARC IIIi dual-cpu workstation running Solaris 10 1/13, and I?ve been working on building and testing modern, UltraSPARC optimized packages for the following:

  *   Python 3.9.19
  *   OpenBLAS 0.2.20
  *   Tcl/tk 8.6.14
  *   SDL2 2.30.4
  *   numpy 1.22.4
  *   lapack 3.12.0

I?m working on a few other things, such as other SDL2 components and other python packages like matplotlib, pygame, etc. I found that, for a RISC processor like the SPARC, configuring the compiler to target the proper CPU makes a huge difference. Thus, I?d like to target at least -mcpu=ultrasparc, preferably -mcpu=ultrasparc3.

If it?s a relatively straightforward process to package this up as a package and add it to OpenCSW, I could try to do that. Let me know if there is interest. I?m a big Python fan, so I?m working toward having a complete enough set of python tools to accomplish all the things I?m interested in.

This would indeed be interesting! Are you building your packages with GAR? That is a close to a requirement because
the packages must also conform to a special structure so the OpenCSW infrastructure can process them.


Best regards

  ? Dago

--
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.opencsw.org/pipermail/users/attachments/20240626/ecd7304a/attachment-0001.html>