> I'd suggest reverting to 5.3.1. Bearing in mind that there were security > fixes after that point for ZDI-CAN-16587 that would need to be reapplied.
Note that reverted to such an old version will break packages that use new symbols introduced since then. From a quick look, this is at least: - dpkg - erofs-utils - kmod
Having dpkg in that list means that such downgrade has to be planned carefully.
@_ruby: The setup behind the CVE-2024-3094 supply-chain attack is fascinating. I originally wanted to finish and share a tool to audit other OSS projects for anomalous contributor behavior, but I feel what I found tr……
How it was found:
FWIW, I didn't actually start looking due to the 500ms – I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins.
— Andres Freund (Tech) (@AndresFreundTec) March 30, 2024
Interesting! The xz backdoor code was so unperformant under normal SSH password grinding on the public Internet, @AndresFreundTec noticed and dug in. Thanks for your discovery Andres! https://t.co/Ee5xm8kWJj
what I wanna know is what was up with the other repos on Jia Tan’s GitHub. Has anyone looked at *those* commits and libraries? Because there was a lot of other stuff on there I haven’t seen mentioned
"don't run xz –version to check if you're compromised"
haha, too late
If you have infected version of liblzma in your system, it's already loaded into EVERY process that depends on libsystemd. systemd's dependency on liblzma *was literally* the attack vector. pic.twitter.com/TsaH7d20r7
If -sdel switch is specified, 7-Zip deletes files after including to archive. So it works like moving files to archive., moves txt files from disk’s directory to a.7z archive.
From one of my scripts: it will find a 64-bit 7z.exe if it was installed as part of the 7-zip installer, then run it with the parameters provided to the batch file.
setlocal
:verify7zip
:: registry trick from http://www.robvanderwoude.com/files/sortdate2_nt.txt
:: extra trick: tokens=2* allows to get the 3rd (and beyond: space delimited!) value in one variable %%b
for /F "tokens=2*" %%a IN ('REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\7-Zip" /v Path64 2^>nul') do set sevenZipDirectoryPath=%%b
call :checkMissingSetting sevenZipDirectoryPath || goto :help
set sevenZipExeFilePath=%sevenZipDirectoryPath%7z.exe
if not exist "%sevenZipExeFilePath%" call :showError "No 7-zip executable at %sevenZipExeFilePath%" || goto :help
:run7zip
"%sevenZipExeFilePath%" %*
endlocal
goto :end
:checkMissingSetting
if not defined %1 call :notifyMissingSetting %1 && exit /b 1
call :showSetting %1
exit /b 0
goto :end
:notifyMissingSetting
echo Registry didn't provide the environment variable "%1"
goto :end
:showError
:: remove double quotes using tilde trick:
echo %~1
:help
echo Syntax: %0 7z.exe-commandline-parameters
goto :end
:end
but it is in the command-line help, at least in versions 16.x:
C:\temp>"C:\Program Files\7-Zip\7z.exe" --help
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
Usage: 7z [...] [...]
[<@listfiles...>]
a : Add files to archive
b : Benchmark
d : Delete files from archive
e : Extract files from archive (without using directory names)
h : Calculate hash values for files
i : Show information about supported formats
l : List contents of archive
rn : Rename files in archive
t : Test integrity of archive
u : Update files to archive
x : eXtract files with full paths
7-zip can uncompress a truckload of formats, but what if you need formats it doesn’t support or you want to integrate decompression in your own software?
Then some libraries can be really useful provided you regularly update them (otherwise you – like Symantec – can run in substantial security risks).
Symantec dropped the ball here. A quick look at the decomposer library shipped by Symantec showed that they were using code derived from open source libraries like libmspack and unrarsrc, but hadn’t updated them in at least 7 years.
Though I’ve written only a few blog posts about 7zip – my compressor of choice ever since I discovered 7zip some 10 years ago around version 3.13 (their history goes much further back: 1999) – here is a fresh one:
7zip is a fast, free, multi-platform and has great compression. No wonder Toms Hardware gave them an award last year: And The Undisputed Winner Is… 7-Zip.
For Windows, I take the downloads from 7-Zip: there are both x64 and x86 versions (x64 supports more memory so can handle bigger archives).
For Mac, I’ve been using Keka – the free Mac OS X file archiver. Both compressing and decompressing involve dragging the uncompressed or compressed files to the Keka dock icon.
That is slightly more involved than the context menu in Windows, but it works great.
For Windows command line usage, I use either 7za.exe or 7z.exe (uses DLLs, supports more compression)
The Wiert Corner - irregular stream of stuff 