| 10 Nov 2025 |
 hexa | ❯ git log --oneline origin/master..origin/staging --no-merges --no-decorate --grep=CVE
1e7d8a4584ab python3Packages.django_4: 4.2.25 -> 4.2.26
6fd9ec48b661 xorg.xorgserver: 21.1.18 -> 21.1.20
d81ba7d1f23a lz4: apply fix for CVE-2025-62813
| 17:18:14 |
| hexa | ❯ git log --oneline origin/release-25.05..origin/staging-25.05 --no-merges --no-decorate --grep=CVE
2b13164ef7d0 lz4: apply fix for CVE-2025-62813
d81c0d0ae3c0 glib: apply patch for CVE-2025-7039
| 17:18:21 |
| hexa | ❯ git log --oneline origin/release-25.05..origin/staging-25.05 --no-merges --no-decorate
2b13164ef7d0 lz4: apply fix for CVE-2025-62813
98dba649eaa9 minio: 2025-09-07T16-13-09Z -> 2025-10-15T17-29-55Z
cd2ce1aab67a minio: 2025-07-23T15-54-02Z -> 2025-09-07T16-13-09Z
f250657e7d35 minio: 2025-07-18T21-56-31Z -> 2025-07-23T15-54-02Z
b75ed85e0e11 minio: 2025-06-13T11-33-47Z -> 2025-07-18T21-56-31Z
b746a7218c8f minio: 2025-05-24T17-08-30Z -> 2025-06-13T11-33-47Z
a6c9ae3da512 minio: 2025-03-12T18-04-18Z -> 2025-05-24T17-08-30Z
4bccb3507bf6 go_1_24: 1.24.9 -> 1.24.10
c0ea3dfb77f3 qt5: 5.15.17 -> 5.15.18
d81c0d0ae3c0 glib: apply patch for CVE-2025-7039
cd525dd017a3 unbound-full: 1.24.0 -> 1.24.1
1d8ef5fde841 unbound-with-systemd: 1.23.1 -> 1.24.0
776374ef65f9 jdk: 21.0.9+8 -> 21.0.9+10
| 17:18:51 |
| 11 Nov 2025 |
 ElvishJerricco | there's some texlive thing that's failing on staging-next and breaking asciidoc-full | 07:24:37 |
 Vladimír Čunát | Yes, texlive seems quite broken. | 07:27:19 |
| Vladimír Čunát | Lots of packages are affected; it's just less visible in nix-review-reports, because it happens for packages with various .name values. | 07:28:19 |
| Vladimír Čunát | * Lots of packages are affected; it's just less visible in nix-review-reports, because it happens for derivations with various .name values. | 07:28:26 |
| ElvishJerricco | is there someone who knows what's going on / what to do about it? | 07:30:48 |
 leona | texlive/share links to the texlive-doc output now and therefore texlive/share/something can't be created | 07:32:22 |
| leona | I haven't yet figured out why this is now | 07:32:30 |
|  Mirko Lenz changed their display name from mlenz to Mirko Lenz. | 08:07:22 |
| ElvishJerricco | bisected it to https://github.com/NixOS/nixpkgs/pull/451871 | 10:46:52 |
| ElvishJerricco | so that's fun | 10:47:44 |
| ElvishJerricco | nix-repl> :p (texliveMinimal.withPackages (ps: [])).pathsToLink
[
"/"
"/share/texmf-var/scripts"
"/share/texmf-var/tex/generic/config"
"/share/texmf-var/web2c"
"/share/texmf-config"
"/bin"
]
nix-repl> :p (texliveMinimal.withPackages (ps: [])).pathsToLinkJSON
["/"]
ok, it's an overrides inconsistency, probably because of https://github.com/NixOS/nixpkgs/blob/addd85b5d06ea90d5a7923956a65baf96bcd1e9f/pkgs/tools/typesetting/tex/texlive/build-tex-env.nix#L51
| 11:14:55 |
| ElvishJerricco | * nix-repl> :p (texliveMinimal.withPackages (ps: [])).pathsToLink
[
"/"
"/share/texmf-var/scripts"
"/share/texmf-var/tex/generic/config"
"/share/texmf-var/web2c"
"/share/texmf-config"
"/bin"
]
nix-repl> :p (texliveMinimal.withPackages (ps: [])).pathsToLinkJSON
["/"]
ok, it's an overriding inconsistency, probably because of https://github.com/NixOS/nixpkgs/blob/addd85b5d06ea90d5a7923956a65baf96bcd1e9f/pkgs/tools/typesetting/tex/texlive/build-tex-env.nix#L51
| 11:15:05 |
 K900 | ...what the fuck | 11:15:18 |
| ElvishJerricco | yea, this is great fun :P | 11:15:37 |
| ElvishJerricco | so much fun, you can't do the finalAttrs style fix with runCommand | 11:17:18 |
| Vladimír Čunát | I looked at that override a while ago, but no ideas why this would happen. | 11:17:28 |
| ElvishJerricco | well, presumably it's because the buildEnv' wrapper function in that build-tex-env.nix file is not really passing pathsToLink to buildEnv, but instead replacing it with overrideAttrs, which does not propagate to pathsToLinkJSON | 11:18:25 |
| ElvishJerricco | because buildEnv uses rec instead of a finalAttrs type thing | 11:18:42 |
| ElvishJerricco | which you can't do with runCommand | 11:18:48 |
 Grimmauld (any/all) | queue is basically empty, so i guess its just fixing the channel blockers now? | 11:18:49 |
| ElvishJerricco | so I guess I can either figure out how to plumb a finalAttrs into buildEnv to get rid of the rec, or I can just extract the pathsToLink arg and pass it to buildEnv properly | 11:20:16 |
| Grimmauld (any/all) | do we even need overrideAttrs, can't we just // most of the things? | 11:20:43 |
| ElvishJerricco | yea it's not clear to me why this function was written this way | 11:21:36 |
| Vladimír Čunát | I have a workaround for it. | 11:21:46 |
| Vladimír Čunát | (fixing some texlive builds at least) | 11:21:59 |
| ElvishJerricco | good lord, the thing it does to extract extraOutputsToInstall appears to have been not working this whole time, so that's fun (there needed to be parens) | 11:22:50 |
| Vladimír Čunát | Yeah, I'm adding the parens, too. | 11:23:08 |
