00:19:37 hrm, ctags apparently fails to parse artefact.cc? 00:59:06 looks like it's probably due to preprocessor directives from headers 00:59:39 apparently you can get around it with a tool like unifdef, but maybe I need to look into cscope 01:36:08 -!- amalloy_ is now known as amalloy 02:24:00 -!- amalloy is now known as amalloy_ 03:06:23 Good day all! 03:11:52 Unstable branch on crawl.beRotato.org updated to: 0.25-a0-503-ge281fa6 (34) 03:45:12 Fork (bcrawl) on crawl.kelbi.org updated to: 0.23-a0-2954-g81b64cc576 03:47:46 Fork (bcadrencrawl) on crawl.kelbi.org updated to: 0.22.1-2010-g48977948da 08:44:02 03Aidan Holm02 07[stone_soup-0.10] * 0.10.4-1-g26031a8: Disable lua bytecode loading 10(12 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/26031a8f9ec1 08:46:00 03Aidan Holm02 07[stone_soup-0.11] * 0.11.3-1-gfd394f0: Disable lua bytecode loading 10(14 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/fd394f0f85b0 08:46:32 03Aidan Holm02 07[stone_soup-0.12] * 0.12.3-1-gf156d20: Disable lua bytecode loading 10(15 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/f156d2071964 08:46:32 03Aidan Holm02 07[stone_soup-0.13] * 0.13.2-1-g732d779: Disable lua bytecode loading 10(15 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/732d779f4838 08:46:32 03Aidan Holm02 07[stone_soup-0.14] * 0.14.2-1-gc0b9e41: Disable lua bytecode loading 10(15 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/c0b9e412e31d 08:46:32 03Aidan Holm02 07[stone_soup-0.15] * 0.15.2-1-ga000369: Disable lua bytecode loading 10(15 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/a0003691570e 08:46:32 03Aidan Holm02 07[stone_soup-0.16] * 0.16.2-13-g5edc399: Disable lua bytecode loading 10(15 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/5edc399eeac1 08:47:03 03Aidan Holm02 07[stone_soup-0.17] * 0.17.2-2-gbb8e225: Disable lua bytecode loading 10(15 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/bb8e2252cef9 08:47:04 03Aidan Holm02 07[stone_soup-0.18] * 0.18.1-51-g5e05c4d: Disable lua bytecode loading 10(15 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/5e05c4d4889e 08:47:04 03Aidan Holm02 07[stone_soup-0.19] * 0.19.5-2-g88d7a0c: Disable lua bytecode loading 10(15 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/88d7a0c8898e 08:47:04 03Aidan Holm02 07[stone_soup-0.20] * 0.20.1-3-g7921b9d: Disable lua bytecode loading 10(15 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/7921b9d0200a 08:47:33 03Aidan Holm02 07[stone_soup-0.21] * 0.21.2-2-g132acf7: Disable lua bytecode loading 10(16 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/132acf7e8d94 08:47:34 03Aidan Holm02 07[stone_soup-0.22] * 0.22.2-2-gb8697bf: Disable lua bytecode loading 10(16 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/b8697bfa384b 08:47:34 03Aidan Holm02 07[stone_soup-0.23] * 0.23.2-43-g5aa5405: Disable lua bytecode loading 10(16 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/5aa5405057fe 08:47:34 03Aidan Holm02 07[stone_soup-0.24] * 0.24.0-124-g2791043: Disable lua bytecode loading 10(16 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/2791043dd8ec 08:50:08 So good, they committed it twice 08:50:14 03Aidan Holm02 07* 0.25-a0-504-g768f60d: Disable lua bytecode loading 10(18 minutes ago, 1 file, 17+ 0-) 13https://github.com/crawl/crawl/commit/768f60da87a3 08:50:41 almost forgot about the master branch, heh 08:51:31 oh I suppose we should tag those 08:52:00 The build has errored. (stone_soup-0.16 - 5edc399 #12673 : Aidan Holm): https://travis-ci.org/crawl/crawl/builds/649961306 08:59:41 The build has errored. (stone_soup-0.17 - bb8e225 #12674 : Aidan Holm): https://travis-ci.org/crawl/crawl/builds/649961367 09:02:37 Unstable branch on crawl.kelbi.org updated to: 0.25-a0-504-g768f60da87 (34) 09:03:35 advil: re tags; we haven't done 0.24.1 yet! 09:03:41 erm 09:03:43 aidanh: 09:04:45 hmm true 09:05:56 dpmdpm: Cat's out of the bag now. In terms of formal reporting, I think I'm speaking for all of us when I say we'd appreciate it if you handled that part (since you seem to be familiar with the process and invested in it) but maybe hold off for 48hr or so, so that the rest of the team can weigh in. 09:06:42 ??rebuild 09:06:42 rebuild[1/2]: http://crawl.akrasiac.org/rebuild/ http://underhound.eu:81/rebuild/ http://crawl.berotato.org/crawl/rebuild/ http://crawl.xtahua.com/rebuild/ https://crawl.kelbi.org/rebuild/ Bug gammafunk, advil, |amethyst, or Nap.Kin for CDO. Use your powers wisely. 09:06:42 dpm posted this yesterday in dev-s: https://help.github.com/en/github/managing-security-vulnerabilities/creating-a-security-advisory 09:06:44 seems reasonably straightforward 09:06:50 I infer we should probably take this change ASAP ? 09:06:52 oh. when I joined dev-s it was just me so I parted 09:07:49 probably, although anyone with the talent and inclination to use this could probably find other holes, it's not like crawl servers are particularly well secured 09:08:51 dpmdpm: might be nice to have a cve to throw in the changelogs for each release, so I'm holding off on tagging a release for now 09:09:34 Yeah, but it's going to be awkward all round if something happens to CKO/CPO/etc because we specifically didn't. I'll see to it this evening. Thanks. 09:10:31 sure, better safe than sorry 09:12:30 The build has errored. (stone_soup-0.18 - 5e05c4d #12675 : Aidan Holm): https://travis-ci.org/crawl/crawl/builds/649961467 09:21:22 The build has errored. (stone_soup-0.19 - 88d7a0c #12676 : Aidan Holm): https://travis-ci.org/crawl/crawl/builds/649961536 09:37:05 The build has errored. (stone_soup-0.21 - 132acf7 #12678 : Aidan Holm): https://travis-ci.org/crawl/crawl/builds/649961723 09:46:05 The build has errored. (stone_soup-0.22 - b8697bf #12679 : Aidan Holm): https://travis-ci.org/crawl/crawl/builds/649961840 09:48:33 ebering re 0.24.1 I never got to updating the ghosts 10:57:19 Creating a github security advisory requires Admin permissions to the repository. I recommend following the github process, but if you'd like me to do it I can contact cve.mitre.org directly. Let me know. 10:57:19 dpmdpm: You have 1 message. Use !messages to read it. 10:57:48 New branch created: launching (1 commit) 13https://github.com/crawl/crawl/tree/launching 10:57:49 03PleasingFungus02 07[launching] * 0.25-a0-504-g8365cbd: Potion of agility -> launching 10(35 hours ago, 28 files, 91+ 58-) 13https://github.com/crawl/crawl/commit/8365cbdce9d9 11:00:24 Can you also tell me what crawl versions you want tagged as vulnerable, and the number for the patched version? 11:00:54 I think aidanh opened a github security advisory 11:01:53 Ok great. Then I will go back to letting you handle it. Thanks for following up. 11:03:33 aidanh did you already click this "Request CVE" button? 11:10:34 aidanh also, did you consider disabling loadstring altogether? 11:14:20 The only use-case I can think of for that in clua is running extremely complicated bots that would probably better be run on a custom compiled version anyways 11:14:37 I filled in a bunch of the other details in the advisory 11:17:10 oh I guess clicking "Request CV 11:17:18 E" is equivalent to requesting to publish the advisory 11:17:26 so it's not ready to do that probably 11:24:15 Stable (0.23) branch on underhound.eu updated to: 0.23.1-92-g5aa5405057 11:27:49 hm it would be possible on modern github to have a "server op" team, I know we historically have this ultra-egalatarian access policy but modifying that would be useful in cases like this 11:32:06 it would also provide a way of dealing with some of the issues I occasionally agitate about where it's not easy to communicate with even a subset of server owners as a group 11:36:50 also I'm setting the two active people who aren't "owners" as owners 11:37:39 I guess if either of you object to this you can set yourself back :-) 11:38:24 BTW, sedition was asking on ##crawl about how one gets to be an "official" (=~ CAO scoring) server op, I said (not a vanilla dev but AFAIK) set the server up and the vanilla devs have to trust you. Hope that's OK. 11:39:17 trust is necessary but not sufficient, in that there's also some assessment made about whether there's really need for additional servers in the relevant geographical area 11:39:42 they should probably come try asking here though 11:41:18 e.g. I'm not sure if north america really *needs* an additional server right now (though one could make the case that at least cao is pretty swamped) 12:48:47 The build failed. (launching - 8365cbd #12683 : Nicholas Feinberg): https://travis-ci.org/crawl/crawl/builds/650024720 14:01:14 Fire Elementalists have old Book Of Flames 13https://crawl.develz.org/mantis/view.php?id=12198 by nubinia 14:02:41 -!- amalloy_ is now known as amalloy 14:30:29 hm, !launching plus darts seems a bit of a weird combination? doesn't feel like it'd achieve the goal of reducing inventory pressure later on 14:31:20 since you'd definitely want to carry that along with all the dart types 15:06:22 of the two alternative branches I like !camo over !launching 15:07:07 Pushed today's bugfix to master 15:07:35 I'll gently encourage the Goons to take it too 15:21:54 Stable (0.20) branch on underhound.eu updated to: 0.20.1-3-g7921b9d020 16:19:21 Stable (0.17) branch on underhound.eu updated to: 0.17.2-2-gbb8e2252ce 16:47:40 wow, thanks aidanh 16:49:02 deleting the source code repos for old stable versions comes back to bite me in the ass 16:50:19 advil: if you invite all the server ops to the github crawl project you can then add them into a group called @severadmins which you can @ in conversations 16:50:59 the only sticking point is I'm guessing there are no teams (what these are called) in the org now, which means all/most of the repos are set to give anyone in the org admin access 16:54:32 floraline: ping in case you missed the security vuln talk. You may want to disable forks until they integrate it 16:55:14 alexjurkiewicz yeah, that's what I had in mind...there seems to be a "developer" team but I'm not sure how the permissions are set up 16:55:59 I'm not sure what the user-type-tag (eg owner, contributor) would show up as in that case, if you worry about that too 17:16:33 probably would be different, but that seems ok to me (people barely understand those on average anyways) 17:39:41 does anyone object to me testing out this serveradmin team idea by inviting alexjurkiewicz? 17:40:11 who if I understand correctly would then be a member of the crawl org but not with automatic commit rights 17:46:05 git remote rename upstream origin 17:46:13 wrong channel 18:23:24 Unstable branch on underhound.eu updated to: 0.25-a0-504-g768f60da87 (34) 18:54:03 -!- Tiobot is now known as Guest12903 19:02:14 advil: that seems like a good idea 19:16:47 advil: I wasn't sure if loadstring was in use by any of the gobs of lua crawl has, so I left it for now 19:17:39 might want to disable printing function addresses though, iirc that can be done by wrapping tostring 19:22:10 Stable (0.24) branch on underhound.eu updated to: 0.24.0-124-g2791043dd8 19:57:23 New branch created: pull/1284 (1 commit) 13https://github.com/crawl/crawl/pull/1284 19:57:23 03theJollySin02 07https://github.com/crawl/crawl/pull/1284 * 0.25-a0-475-g9dd35ce: Improved some entry vaults without enough tactics 10(5 days ago, 1 file, 22+ 15-) 13https://github.com/crawl/crawl/commit/9dd35ce94eb4 20:29:00 -!- amalloy is now known as amalloy_ 20:55:41 -!- amalloy_ is now known as amalloy 21:17:01 advil: yeah, we'd likely spin something up on the west coast, but am open to whatever. i still need to spend more time with the docs 21:22:44 sedition: yeah, we're generally trying to not have too many servers, and we do have a bunch US servers right now; part of the limiting factor is not having single sign-on, but there's also an issue of knowing the admin and their policies 21:24:05 sure, that's fair. 21:24:23 SSO would be a game-changer for sure 21:24:24 we've had issues ranging from admins who end up not not having as much time/interest after a while (which is only fair, but we like to minimize the headaches of retiring servers) and with admins running servers connected to Discords (a chat platofrm) that have been the source of a lot of community harassment 21:24:34 yes, SSO would be great 21:24:38 oh that's weird RE discord 21:24:54 s/platofrm/platform/ 21:26:28 if you think you'll be around the community for a while, we'll definitely remember to contact you if we get to the point where we lose a US server or maybe if we feel like our infrastructure is more up to task, and maybe we can also chat with you a bit about your sort of community standards/rules at that time 21:26:54 thanks for the offer either way 21:27:31 definitely. i'll stick around. :) 22:19:00 Stable (0.16) branch on underhound.eu updated to: 0.16.2-13-g5edc399eea 22:23:15 alexjurkiewicz: thanks! would you strongly recommend that? how much of a risk is this vulnerability? 22:27:50 it's bad; are we agreed that we can describe the effect of the bug at this point? I haven't followed the security reporting status 22:34:06 floraline: it allows arbitrary code execution (as another dev mentioned in here earlier, fyi gammafunk ) 22:36:31 floraline: no official announcement or poc. But the fix in vanilla probably points people in the right direction. stoatsoup, bcrawl, gooncrawl and bloatcrawl2 are updated. bcadrencrawl isn't yet 22:39:44 there's also the issue of untransfered games 22:39:55 well, in addition to the issue with old versions, of course 22:41:54 thanks for the info dump, i'm surprised so many forks have updated so quickly 22:42:42 gammafunk: wouldn't old save files still use the updated binary? or am i missing your point 22:43:00 oh not trunk i guess 22:43:08 that makes sense lol 22:43:15 oh dear, thats a fun bug 22:52:06 advil: or amalloy could you please update the csdc pin to https://www.reddit.com/r/dcss/comments/f3mexf/024_sudden_death_challenges_week_2_recap_and_week/? thank you! 22:54:12 yeah, this makes me wonder if this is a good opportunity to break save compat 23:09:52 ebering: is your sudden deaths video meant to pause on yermak's death for 6 minutes? 23:10:05 i hope you weren't recording commentary with your mic muted