| 18 Dec 2025 |
|  Felix Schröter (🎄2025-12-20T00/2026-01-05T00) changed their display name from Felix Schröter to Felix Schröter (🎄20.12.–04.01.). | 12:24:09 |
| Felix Schröter (🎄2025-12-20T00/2026-01-05T00) changed their display name from Felix Schröter (🎄20.12.–04.01.) to Felix Schröter (🎄2025-12-20T00/2026-01-05T00). | 14:54:58 |
| 19 Dec 2025 |
 Joachim Ernst | https://github.com/NixOS/nixpkgs/pull/471962 ✅️ and https://github.com/NixOS/nixpkgs/pull/472012 ⏳️ | 10:33:23 |
| 21 Dec 2025 |
|  n4ch723hr3r (putting stuff in your name is cringe) joined the room. | 12:20:58 |
| n4ch723hr3r (putting stuff in your name is cringe) | 👋
hi, the package matrix-continuwuity is currently vulnerable to an attack where any server can forge certain events. the devs have currently fixed this in this commit: https://forgejo.ellis.link/continuwuation/continuwuity/commit/7fa4fa98628593c1a963f5aa8dbc3657d604b047 | 12:22:09 |
| n4ch723hr3r (putting stuff in your name is cringe) | its being exploited in the wild which is afaik why the devs have kind of rushed it out | 12:22:54 |
 hexa | can you send a PR that applies the patch? | 12:25:45 |
| hexa | * n4ch723hr3r (putting stuff in your name is cringe): can you send a PR that applies the patch? | 12:25:53 |
| n4ch723hr3r (putting stuff in your name is cringe) | the problem is that they have not released a full version, so it might be best to just use that commit as a patch to the version we currently use | 12:27:16 |
 leona | Redacted or Malformed Event | 12:27:36 |
| n4ch723hr3r (putting stuff in your name is cringe) | https://github.com/NixOS/nixpkgs/pull/472955
i havent tested it yet | 13:15:18 |
| n4ch723hr3r (putting stuff in your name is cringe) | and im kind of a noob at this so sorry if this way of patching an app is stupid 😄 | 13:15:47 |
 emily | I don't think it's enough to just cherry-pick just that one commit.
There are at least 2 commits that fix validation: https://forgejo.ellis.link/continuwuation/continuwuity/commits/commit/7fa4fa98628593c1a963f5aa8dbc3657d604b047
It is paramount that you update to the latest commit from our forgejo as soon as you can. A full release will be following later today.
https://fedi.transgender.ing/notes/agj9mne73ias00d8
If anything, we should bump our version to the unreleased git commit.
| 13:48:53 |
| n4ch723hr3r (putting stuff in your name is cringe) | i merged them together, if i remember correctly | 13:50:33 |
| n4ch723hr3r (putting stuff in your name is cringe) | * i merged them together, if i remember correctly (im not sure anymore since it was on tmpfs and i OOM'd trying to compile it) | 13:51:03 |
| n4ch723hr3r (putting stuff in your name is cringe) | i managed to compile it | 13:51:16 |
| n4ch723hr3r (putting stuff in your name is cringe) | the 7fa... commit contains // Ensure the sending user isn't a lying bozo which i also have in my commit | 13:52:13 |
| emily | #security-discuss:nixos.org would be a better fit for this discussion. | 13:52:30 |
|  magic_rb joined the room. | 14:05:41 |
 Emma [it/its] | oh i was about to bring that up here | 14:08:48 |
| Emma [it/its] | should note that tuwunel is also affected: https://github.com/matrix-construct/tuwunel/commit/dc9314de1f8a6e040c5aa331fe52efbe62e6a2c3 | 14:09:43 |
| n4ch723hr3r (putting stuff in your name is cringe) | it is 2 commits merged together | 14:23:32 |
| n4ch723hr3r (putting stuff in your name is cringe) | https://forgejo.ellis.link/continuwuation/continuwuity/commit/b2bead67ac8bc45de9a612578f295e5b7fc6c2b5
https://forgejo.ellis.link/continuwuation/continuwuity/commit/7fa4fa98628593c1a963f5aa8dbc3657d604b047 | 14:24:03 |
| Emma [it/its] | im aware of the commits, i read them :)
i just couldnt tell exactly from the diff file | 14:24:31 |
| n4ch723hr3r (putting stuff in your name is cringe) | yeah sorry im kind of a noob and when i patch stuff for my overlay i just put everything into one diff >_< | 14:25:24 |
| Emma [it/its] | i tend to use git format-patch start..end -o . (example: https://cgit.rory.gay/Rory-Open-Architecture.git/tree/packages/overlays/matrix-synapse/patches)
though we're veering quite offtopic here lol | 14:26:44 |
| 22 Dec 2025 |
|  amadaluzia[tde] changed their display name from ➡️@amadaluzia:unredacted.org to amadALTuzia (tchncs.de). | 16:11:08 |
| amadaluzia[tde] changed their display name from amadALTuzia (tchncs.de) to amadaluzia[tde]. | 17:30:01 |
| 24 Dec 2025 |
|  amadaluzia changed their profile picture. | 16:53:38 |
| 25 Dec 2025 |
|  lennart changed their profile picture. | 10:33:36 |
