| 9 Aug 2022 |
 hexa | yeah, just went doomscrolling 😄 | 22:25:38 |
 @v0id:nltrix.net | * so I have q regarding late sudo,pkexec vulns. The vulns itself are fixed in nixpkgs. How about the old binaries in nix store? Are there mechanisms to gc those vulnerable stuff? | 22:31:38 |
| 10 Aug 2022 |
 eyJhb | Curious, why did andir furiously leave the project? | 07:35:17 |
|  fpletz joined the room. | 13:16:01 |
 vcunat | In reply to @vcunat:matrix.org
I can take gnutls. My day job depends on it a lot. Actually I'm surprised that I'm not in gnutls.meta.maintainers yet. https://github.com/NixOS/nixpkgs/pull/185952 | 18:18:04 |
 j-k | In reply to @vcunat:matrix.org
https://github.com/NixOS/nixpkgs/pull/185952 GNUTLS-SA-2022-07-07
Severity Medium; memory corruption
Recommendation: To address the issue found upgrade to GnuTLS 3.7.7 or later versions.
https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
do you want to update it in that PR or a different one?
| 18:24:41 |
| vcunat | In reply to @j-k:matrix.org
GNUTLS-SA-2022-07-07
Severity Medium; memory corruption
Recommendation: To address the issue found upgrade to GnuTLS 3.7.7 or later versions.
https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
do you want to update it in that PR or a different one?
https://github.com/NixOS/nixpkgs/pull/185645 | 18:29:43 |
| j-k | ahh staging | 18:30:04 |
| j-k | ty | 18:30:05 |
| hexa | death by a thousand cuts probably | 18:47:17 |
| hexa | In reply to @v0id:nltrix.net
this one doesn't have any --with-openssl flag. https://github.com/randombit/botan/commit/b77e5a1b663a8cfa0cfa90fd052a23eb70e9e31d | 21:40:59 |
| hexa | thanks for looking it up | 21:41:04 |
| 11 Aug 2022 |
 Winter (she/her) | In reply to @hexa:lossy.network
death by a thousand cuts probably did they formally say they were leaving at all? | 00:30:49 |
| hexa | they left all rooms | 00:31:10 |
| hexa | so, no, not formally | 00:31:18 |
| Winter (she/her) | ah | 00:34:10 |
|  Solène Rapenne (she/her) joined the room. | 10:53:59 |
|  ar set a profile picture. | 20:54:12 |
| 12 Aug 2022 |
| @v0id:nltrix.net | https://github.com/issikebrokenyet | 20:34:53 |
 @delroth:delroth.net | https://ffmpeg.org/pipermail/ffmpeg-devel/2022-August/299924.html I'm tempted to say that's a security issue and ffmpeg_5 in nixpkgs should disable that protocol. Thoughts? | 21:22:28 |
| hexa | they encoded a fallback ipfs gateway? | 21:53:08 |
| @delroth:delroth.net | I've informally asked Arch and Alpine security folks about this and they generally agree and will look at patching it out on their side (Arch is not on 5.1 yet). Will send an RFC PR that disables the newly added ipfs:// and ipns:// support. | 21:53:13 |
| @delroth:delroth.net | correct | 21:53:16 |
| @delroth:delroth.net | because IFPS is too much of a pain to implement properly so they just translate to an HTTP fetch to a gateway... but they'll just use a random internet-hosted gateway if there isn't one on localhost or configured via environment | 21:54:24 |
| @delroth:delroth.net | (not really "random" but picked without much consideration into any privacy concerns, looking at the discussion) | 21:54:56 |
| hexa | users can always enable ipfs if they want to access that content | 21:56:01 |
| hexa | same goes for all other networks, that are not directly reachable | 21:56:09 |
| hexa | delroth: can you provide a PR? | 22:01:58 |
| @delroth:delroth.net | https://github.com/NixOS/nixpkgs/pull/186351 | 22:05:45 |
| hexa | uh, the proposed patch here still works with a local gateway | 22:08:58 |
