!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

703 Members
Coordination and triage of security issues in nixpkgs215 Servers

Load older messages

SenderMessageTime
16 Feb 2025
@steeringwheelrules:tchncs.de@steeringwheelrules:tchncs.de joined the room.15:49:30
@hexa:lossy.networkhexa

https://www.postgresql.org/message-id/173945575457.197393.6175786842655230205%40wrigleys.postgresql.org
https://www.postgresql.org/about/news/postgresql-173-167-1511-1416-and-1319-released-3015/

ma27

16:37:38
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/38228216:38:33
@ma27:nicht-so.sexyma27 WIP already: https://github.com/NixOS/nixpkgs/pull/382282 16:38:35
@hexa:lossy.networkhexaI suck at searching the PR tracker, sowwy 😄 16:39:35
17 Feb 2025
@sandro:supersandro.deSandroin:title is usually required to find things17:54:09
18 Feb 2025
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2025/02/18/111:39:02
@hexa:lossy.networkhexaopenssh11:39:05
@arianvp:matrix.orgArianVerifyHostKeyDNS is not enabled by default on nixos right11:41:20
@niklaskorz:korz.devNiklas Korzno, but there are at least some public configs enabling it: https://grep.app/search?f.lang=Nix&f.lang.pattern=nix&q=VerifyHostKeyDNS11:44:04
@arianvp:matrix.orgArianI definitely had it enabled in my homelab before because if was using SSHFP11:45:11
@niklaskorz:korz.devNiklas Korz oh, NuschtOS enables it by default (cc Sandro 🐧 👀) 11:45:16
@sandro:supersandro.deSandrohttps://www.openssh.com/releasenotes.html#9.9p212:10:24
@sandro:supersandro.deSandroI don't see a PR yet12:11:53
@tgerbet:matrix.orgtgerbetI'm running the tests right now12:45:25
@stites:matrix.org@stites:matrix.org left the room.12:54:35
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/38309613:07:40
@emilazy:matrix.orgemily I believe VerifyHostKeyDNS is only safe if you are running a DNSSEC-validating resolver locally. caveat emptor 18:49:56
@emilazy:matrix.orgemily(I mean, even post-fix.)18:50:01
@leona:leona.isleonafun with grub https://www.openwall.com/lists/oss-security/2025/02/18/319:15:47
@hexa:lossy.networkhexaunmaintained … rip19:29:09
19 Feb 2025
@sss:matrix.dark-alexandr.netsss 20:06:15
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2025/02/19/1 exim @[0x4A6F] 23:28:01
@hexa:lossy.networkhexa
In reply to@leona:leona.is
fun with grub https://www.openwall.com/lists/oss-security/2025/02/18/3
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18, Daniel Kiper <=

<del>let's just casually apply this 73 patches</del> 		23:29:47
@hexa:lossy.networkhexa
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18, Daniel Kiper <=

let's just casually apply this 73 patches 		23:29:52
@hexa:lossy.networkhexa
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18, Daniel Kiper <=

let's just casually apply these 73 patches 		23:29:59
@tgerbet:matrix.orgtgerbet

I gave it a try https://github.com/NixOS/nixpkgs/pull/383375

Something breaks nixosTests.grub, still need to identify what...

23:30:00
@hexa:lossy.networkhexabold, you even broken tree-sitter (github diff)23:30:34
@hexa:lossy.networkhexaah nvm, that's actually commented23:30:47
21 Feb 2025
@robert:funklause.dedotlambdahttps://github.com/NixOS/nixpkgs/pull/367821#issuecomment-267299984300:15:44

Show newer messages

Back to Room ListRoom Version: 6