WolfMUD: Journal for Sunday 31st March, 2024


  Up to Main Index                             Up to Journal for March, 2024

                     JOURNAL FOR SUNDAY 31ST MARCH, 2024
______________________________________________________________________________

SUBJECT: Minor updates to vendor trading
   DATE: Sun 31 Mar 20:10:18 BST 2024

I’ve just pushed out some updates for vendor trading to the public dev branch.
This includes a complete re-working of how trades are loaded and initialised
for vendors. It now follows the standard inventory and item initialisation all
other inventories and items use. The code is a lot cleaner and the wasteful
double copy of the trades is gone.

Trades for a vendor are now consistently ordered. The layout of trades has
also been improved:


    >buy baker
    The baker has the following trades available:
      100c - some waybread
        1c - a small loaf of bread
        3c - a large loaf of bread
        2c - a small pastry
        5c - a large pastry
    >


Observers are now notified when a player interacts with a vendor and queries
the trades available:


    >
    Diddymus talks with the baker.
    >


Progress, but not as much as I would have liked for a long weekend :( I have
been working to update the vendors in the stock zones and to give values to
items. It’s just going to take a little longer.

I blame the shenanigans with the xz-utils packages and CVE-2024-3094[1], which
came out Friday. That and the mad rush to check and secure all machines :/

I thought something was off when I saw in the change log that xz-utils had
been rolled back multiple versions by the Debian security team. However, the
change log was brief on details and poking around the git repository didn’t
shed any light. It was only Saturday I found out about CVE-2024-3094 :(

Luckily, for my machines, I don’t run systemd[2]. For my Raspberry Pi running
32-bit RPi OS I’ve not seen any package updates for the testing distribution
appear for over month now. Which means I missed the xz-utils 5.6.0 and 5.6.1
versions. I’ve posted to the RPi forums[3] in the hope packages start flowing
again.

The only other thing of note is that the clocks went forward an hour today and
we are now on British summer time. Outside it’s cold, wet and gloomy and there
is a yellow rain warning in force… *sigh*

--
Diddymus

  [1] xz-utils malicious code (CVE-2024-3094):
      https://security-tracker.debian.org/tracker/CVE-2024-3094

  [2] The xz-utils malicious code seems to have been exploiting sshd via
      systemd.

  [3] RPi forum post: 32-bit trixie/testing repo not getting updates?
      https://forums.raspberrypi.com/viewtopic.php?t=368297


  Up to Main Index                             Up to Journal for March, 2024