| Time |
Nick |
Message |
| 00:14 |
|
SFENCE joined #minetest-dev |
| 00:28 |
|
ShadowBot joined #minetest-dev |
| 00:49 |
|
ivanbu joined #minetest-dev |
| 01:08 |
|
SFENCE joined #minetest-dev |
| 01:36 |
|
Noisytoot joined #minetest-dev |
| 01:54 |
|
SFENCE joined #minetest-dev |
| 02:01 |
|
v-rob joined #minetest-dev |
| 05:00 |
|
MTDiscord joined #minetest-dev |
| 05:13 |
|
v-rob joined #minetest-dev |
| 06:02 |
|
Noisytoot joined #minetest-dev |
| 06:10 |
MTDiscord |
<_.juri._> Just commenting out the line made it compile yes |
| 06:11 |
MTDiscord |
<_.juri._> v-rob: that's interesting, I assumed it's just some legacy name scheme thing |
| 06:15 |
MTDiscord |
<_.juri._> got any idea why i get this "declared in this scope" error on recent master? |
| 06:16 |
MTDiscord |
<_.juri._> *not declared |
| 06:47 |
v-rob |
My guess is that these definitions are not necessarily portable across SDL versions (which would make sense, since they have "HINT" in the prefix) |
| 06:49 |
v-rob |
However, I'm pretty sure that these are just #defines to a string constant, so changing it to SDL_SetHint("SDL_HINT_MOUSE_TOUCH_EVENTS", "0") with quotes should fix it. |
| 06:53 |
v-rob |
Better yet, we shouldn't use hints at all and instead ignore mouse events with `which = SDL_TOUCH_MOUSEID`, and similarly for touch events. |
| 07:00 |
|
book` joined #minetest-dev |
| 07:38 |
|
calcul0n joined #minetest-dev |
| 07:38 |
|
SFENCE joined #minetest-dev |
| 08:24 |
|
SFENCE joined #minetest-dev |
| 08:52 |
|
grorp joined #minetest-dev |
| 09:02 |
sfan5 |
those hints exist since at least SDL 2.0.16 (from 2021) |
| 09:05 |
sfan5 |
more specifically 2.0.10 (2019) has them both |
| 09:05 |
sfan5 |
so I guess we should just set that as minimum |
| 09:05 |
sfan5 |
(https://github.com/libsdl-org/SDL/commit/56cab6d45280fbb4b645083eceeaa8f474c0aac3 | https://github.com/libsdl-org/SDL/commit/e41576188d17fd09c95777d665f6c4532574f8ac) |
| 09:08 |
grorp |
makes sense |
| 09:09 |
grorp |
v-rob: why would you want to reimplement something that can be done with a hint? |
| 09:50 |
sfan5 |
merging #14370, #14365 in 10m |
| 09:50 |
ShadowBot |
https://github.com/minetest/minetest/issues/14370 -- [no squash] Remove insecure environment from async and emerge environment by sfan5 |
| 09:50 |
ShadowBot |
https://github.com/minetest/minetest/issues/14365 -- Fix undefined behaviors by fuzun |
| 10:10 |
sfan5 |
should we publish security advisories only when a fixed version has been released or asap? |
| 10:15 |
MTDiscord |
<jordan4ibanez> Probably asap so people can help fix them |
| 10:16 |
MTDiscord |
<paradust> If there's a chance of it being exploited, definitely right away. It doesn't need to contain a description that would allow someone to exploit it. |
| 10:17 |
MTDiscord |
<paradust> *being exploited in the wild |
| 10:20 |
sfan5 |
the advisory would contain a description of the bug, a link to the patch and maybe more text |
| 10:21 |
sfan5 |
example: https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc |
| 10:23 |
MTDiscord |
<jordan4ibanez> I thought the VM would have been deleted and reloaded |
| 10:24 |
MTDiscord |
<paradust> that's a fixed bug |
| 10:25 |
sfan5 |
(it was an example for how an advisory looks) |
| 10:25 |
MTDiscord |
<jordan4ibanez> Oh, oh. I see I see |
| 10:25 |
MTDiscord |
<jordan4ibanez> See? That worked out immediately lol |
| 10:26 |
MTDiscord |
<jordan4ibanez> I saw the advisory and mapped out a plan even though I forgot to check if it was actually closed |
| 10:27 |
MTDiscord |
<paradust> I'm of the opinion that an advanced warning or pre-advisory that contains advice for mitigating the attack, but not enough info to reproduce the attack, is a good idea. Especially if it is going to take a while to fix and ship a patched version. |
| 10:34 |
sfan5 |
the main concern in this case is not availability of a fix, just that we can't tell people "oh just update to 5.8.1/5.9.0" |
| 10:34 |
sfan5 |
hmm I guess patching it via builtin would be possible |
| 11:58 |
|
Juri joined #minetest-dev |
| 12:10 |
|
Noisytoot joined #minetest-dev |
| 12:11 |
Juri |
sfan5: apparently I have 2.0.8 here on my laptop, thanks for investigating |
| 12:11 |
Juri |
(sdl2) |
| 12:16 |
Juri |
I am no expert but I think I would keep the advisories hidden until there is either a fix or exploitation itw is being reported |
| 12:19 |
Juri |
Reasoning is to not make skiddies try hard to find and abuse the vulnerability before it is patched and rolled out but in case someone is actively abusing it you guys can make it public to signal that you guys are aware and working on a fix |
| 12:38 |
|
TheCoffeMaker joined #minetest-dev |
| 12:51 |
|
proller joined #minetest-dev |
| 13:01 |
|
appguru joined #minetest-dev |
| 13:27 |
|
appguru1 joined #minetest-dev |
| 15:51 |
sfan5 |
planning to merge #14371 this late evening. not literally just comment changes but I promise there is zero functional change |
| 15:51 |
ShadowBot |
https://github.com/minetest/minetest/issues/14371 -- [no squash] Minor maintenance stuff by sfan5 |
| 16:00 |
|
lhofhansl joined #minetest-dev |
| 16:00 |
lhofhansl |
Hello. Planning to merge #14338 is a few. |
| 16:00 |
ShadowBot |
https://github.com/minetest/minetest/issues/14338 -- Allow shaders with disabled post processing pipeline by lhofhansl |
| 16:25 |
lhofhansl |
Done |
| 16:26 |
|
Desour joined #minetest-dev |
| 16:46 |
|
Noisytoot joined #minetest-dev |
| 16:50 |
sfan5 |
11:10 <+sfan5> should we publish security advisories only when a fixed version has been released or asap? |
| 16:50 |
sfan5 |
^ more opinions welcome |
| 16:51 |
nrz_ |
like all software, when a bugfix release has been published |
| 16:51 |
nrz_ |
the goal of advisories is to tell people, go update. if you publish it but no update released, it's not useful |
| 16:59 |
|
appguru joined #minetest-dev |
| 18:29 |
Desour |
merging #14323 in 5 |
| 18:29 |
ShadowBot |
https://github.com/minetest/minetest/issues/14323 -- Inline g/setPixel in imageCleanTransparent by Desour |
| 18:57 |
|
v-rob joined #minetest-dev |
| 19:03 |
v-rob |
Re: "why would you want to reimplement something that can be done with a hint?" |
| 19:03 |
v-rob |
I've never particularly liked hints because they're poorly documented, and it's difficult to know how they really behave. But I think it's not unreasonable to use them. |
| 19:05 |
v-rob |
Specifically for the hints previously mentioned, they aren't documented in the SDL2 documentation at all, so I had to go source code diving to understand what they did. |
| 19:19 |
celeron55_ |
sfan5: ideally a fixed release should be released along with the advisory. if not, there should be a specific reason why not |
| 19:28 |
rubenwardy |
in an ideal world, this would be a nonissue as making a fixed point release should be easy |
| 19:31 |
MTDiscord |
<luatic> the question is: which steps can we take to approach such an ideal world? |
| 19:32 |
rubenwardy |
CI/CD for all release binaries would be a good step |
| 19:32 |
rubenwardy |
Windows and Android are currently done manually. With Android, we could probably download from the Action and sign using the CLI, idk how to do that though |
| 19:33 |
rubenwardy |
you'd still need to do testing though |
| 19:39 |
rubenwardy |
I should if releasing was easy enough, could let end users do the testing ;) |
| 19:39 |
rubenwardy |
*suppose |
| 19:43 |
ROllerozxa |
the artifacts produced by the mingw CI are ready to be used for releases now since #14098 I believe |
| 19:43 |
ShadowBot |
https://github.com/minetest/minetest/issues/14098 -- [no squash] Windows CI/build improvements by sfan5 |
| 19:44 |
ROllerozxa |
for android, I assume the CI would need to build an AAB bundle that can then be uploaded to google play? |
| 19:44 |
rubenwardy |
oh yeah, needs to be an .aab |
| 19:51 |
ROllerozxa |
for building a bundle from the CLI you'd need to do `./gradlew bundleRelease`, and then sign with jarsigner. so the CI would generate the bundle and the signing would be done locally during release |
| 20:37 |
MTDiscord |
<luatic> merging #14349 in 15m |
| 20:37 |
ShadowBot |
https://github.com/minetest/minetest/issues/14349 -- Fix minimap textures overwrite by cx384 |
| 21:06 |
|
proller joined #minetest-dev |
| 21:23 |
|
Lupercus joined #minetest-dev |
| 23:15 |
sfan5 |
postponing #14371 merge to tomorrow morning |
| 23:15 |
ShadowBot |
https://github.com/minetest/minetest/issues/14371 -- [no squash] Minor maintenance stuff by sfan5 |
| 23:32 |
|
panwolfram joined #minetest-dev |
| 23:36 |
|
v-rob joined #minetest-dev |
