This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless.
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
| "externalParameters": { | |
| "configSource": { | |
| "ref": "refs/tags/v1.2.3", | |
| "repository": "https://github.com/GoogleCloudPlatform/cloud-build-samples", | |
| "path": "basic-config/cloudbuild.yaml" | |
| } | |
| }, | |
| "resolvedDependencies": {{ | |
| "uri": "git+https://github.com/GoogleCloudPlatform/cloud-build-samples@refs/tags/v1.2.3", | |
| "digest": { "sha1": "bb0fe8075f92bb82b679afe400a47b106f0cec4b" } |
| #!/bin/bash | |
| # Compute "dirhash" of a go module directory. | |
| # | |
| # Original go code: https://cs.opensource.google/go/x/mod/+/master:sumdb/dirhash/hash.go | |
| # | |
| # Author: Mark Lodato <lodato@google.com> | |
| # | |
| # Copyright 2022 Google LLC. | |
| # SPDX-License-Identifier: Apache-2.0 |
| { | |
| "_type": "https://in-toto.io/Statement/v0.1", | |
| "predicateType": "https://slsa.dev/provenance/v0.2", | |
| "subject": [ | |
| { | |
| "name": "binary-linux-amd64", | |
| "digest": { | |
| "sha256": "6292ee2efd5465706969ea671049028e3c275e88a405439a858e9d766b519518" | |
| } | |
| } |
| { | |
| "_type": "https://in-toto.io/Statement/v0.1", | |
| "subject": [ | |
| { | |
| "name": "dist/PyYAML-6.0-cp310-cp310-macosx_10_9_x86_64.whl", | |
| "digest": { | |
| "sha256": "3335d8653eff7ad35fbd29f3573810d525a4b641eacc59b43922c413062d63cc" | |
| } | |
| }, | |
| { |
| #!/usr/bin/python | |
| # Parse a crawl morgue file and print a pretty skill progression table. | |
| # USAGE: python skill_graph.py < ./crawl/morgue/<filename>.txt | |
| # Works best with 'note_all_skill_levels = true' in ~/.crawlrc. | |
| # | |
| # Copyright 2016 Google Inc. | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at |
| ▶ bzr revno | |
| 646 | |
| ▶ make CC=clang CFLAGS='-fsanitize=address -fno-omit-frame-pointer -g -O1' | |
| ▶ for x in ~/p/vt100-to-html/test/*.in; bin/unterm $x >/dev/null || echo $x | |
| ================================================================= | |
| ==7091==ERROR: AddressSanitizer: negative-size-param: (size=-20) | |
| #0 0x4a611d in __asan_memmove (/home/mark/tmp/libvterm/bin/.libs/lt-unterm+0x4a611d) | |
| #1 0x7ff6a1fc9a11 in scroll /home/mark/tmp/libvterm/src/state.c:92:7 | |
| #2 0x7ff6a1fc4624 in on_csi /home/mark/tmp/libvterm/src/state.c:1306:5 | |
| #3 0x7ff6a1fcc88d in do_string_csi /home/mark/tmp/libvterm/src/parser.c:100:10 |
Create the repository:
▶ git init
Create the first branch:
▶ echo foo > one
▶ git add one
▶ git commit -m A
| set nocompatible | |
| set bs=2 | |
| set ai | |
| set viminfo='20,\"500 | |
| set history=50 | |
| set ruler | |
| set incsearch | |
| filetype plugin indent on | |
| set shiftwidth=4 | |
| set softtabstop=4 |
| #!/bin/sh | |
| # | |
| # git-snapshot.sh - save junk code to a snapshots branch | |
| # | |
| # USAGE: git-snapshot.sh [-m message] [files...] | |
| # | |
| # Run `git add files` and then create a new commit on branch 'snapshot' | |
| # with two parents, the previous snapshot and HEAD. | |
| # | |
| # If -m is given, the 'message' is used as the commit message; otherwise |