This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Id": "SourceIP", | |
"Statement": [ | |
{ | |
"Action": "s3:*", | |
"Condition": { | |
"NotIpAddress": { | |
"aws:SourceIp": [ | |
"10.0.0.0/8", | |
"172.16.0.0/12", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# You might need to insert this in a slightly different place | |
cat >>/etc/ssh/ssh_config <<EOF | |
Host * | |
RevokedHostKeys /etc/ssh/ssh_revoked_hosts | |
EOF | |
cat >>/etc/ssh/ssh_revoked_hosts <<EOF | |
# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ | |
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
>>> Creating Manifest for /code/gentoo/gentoo-git/repo/gentoo/app-crypt/age | |
* age-1.0.0.tar.gz BLAKE2B SHA512 size ;-) ... [ ok ] | |
* age-1.0.0-deps-tampered.tar.xz BLAKE2B SHA512 size ;-) ... [ ok ] | |
>>> Unpacking source... | |
>>> Unpacking age-1.0.0.tar.gz to /var/tmp/portage-tmpfs/portage/app-crypt/age-1.0.0-r1/work | |
>>> Unpacking age-1.0.0-deps-tampered.tar.xz to /var/tmp/portage-tmpfs/portage/app-crypt/age-1.0.0-r1/work | |
go mod verify | |
all modules verified | |
>>> Source unpacked in /var/tmp/portage-tmpfs/portage/app-crypt/age-1.0.0-r1/work | |
>>> Preparing source in /var/tmp/portage-tmpfs/portage/app-crypt/age-1.0.0-r1/work/age-1.0.0 ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Gentoo Golang deps bundled injection PoC | |
---------------------------------------- | |
Author: Robin H. Johnson <robbat2@gentoo.org> | |
Date: 2022/10/21 | |
Go build does not catch the injection of malicious code that might have been | |
included in a deps tarball. | |
$WORKDIR/age-1.0.0/go.sum (which is more-trusted, since it came from the age | |
upstream), contains this entry: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upgraded packages that could have broken it | |
x11-libs/pango ->1.50.4 ->1.50.6 | |
x11-libs/motif ->2.3.8-r2 ->2.3.8-r3 | |
x11-libs/libva ->2.13.0-r2 ->2.14.0 | |
x11-libs/mx ->1.4.7-r2 | |
x11-base/xwayland ->22.1.0 ->22.1.1 | |
x11-libs/vte ->0.66.2 ->0.68.0 | |
dev-qt/qtx11extras ->5.15.2-r1 ->5.15.3 | |
x11-libs/libX11 ->1.7.3 ->1.7.4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl -w | |
# The -w is required to trigger the segfault | |
# Copyright 2021/11/17 Robin H. Johnson <robbat2@gentoo.org> | |
# Public domain | |
my $v = undef; | |
my $c = undef; | |
my %x; | |
$x{$v} = ''; | |
$x{$v} .= ' '.$c; # crash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This is a helper hack for updating the certs on the new OpenGear "Operations Manager" | |
# systems like OM2216. | |
# | |
# The script should be in the same directory as the key, cert & intermediate CA. | |
# Copyright 2020 Gentoo Authors, robbat2@gentoo.org | |
cd "$(dirname "$0")" | |
HOSTNAME=$1 | |
DEST="root@${HOSTNAME}" | |
SOCK=$(mktemp -p . ssh.XXXXXXXXX.sock ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. strptime isn't using the timezone specifier from "%z" to correct convert non-UTC back to UTC | |
2. conversion when local tz is UTC or PST to the same value suggests there might be a second bug, depending on implementation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://github.com/ganeti/ganeti/blob/master/src/Ganeti/THH/Types.hs#L118 | |
-- | Generic 'curry' that constructs a curring function of a given arity. | |
curryN :: Int -> Q Exp | |
curryN 0 = [| ($ ()) |] | |
curryN 1 = [| (. OneTuple) |] | |
curryN n = do | |
f <- newName "f" | |
ps <- replicateM n (newName "x") | |
return $ LamE (VarP f : map VarP ps) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 9f8846066dd18b19dc08d7d605be899fd7e79782 Mon Sep 17 00:00:00 2001 | |
From: "Robin H. Johnson" <robbat2@gentoo.org> | |
Date: Mon, 5 Jul 2021 14:34:14 -0700 | |
Subject: [PATCH] gen_moddeps: better module detection | |
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> | |
--- | |
gen_moddeps.sh | 22 ++++++++++++++++++++-- | |
1 file changed, 20 insertions(+), 2 deletions(-) |