30 May 2025 |
| DerivationDingus changed their profile picture. | 19:55:16 |
31 May 2025 |
Grimmauld (any/all) | https://github.com/jqlang/jq/issues/3327#issuecomment-2924552289
So uh - do we discard builds for this? Or do we fix that next cycle? | 07:15:02 |
K900 | We barely have builds | 07:17:19 |
K900 | Send it | 07:17:20 |
Grimmauld (any/all) | I mean, its bootstrap, soo..... | 07:29:11 |
Grimmauld (any/all) | but will do | 07:29:19 |
Grimmauld (any/all) | https://github.com/NixOS/nixpkgs/pull/412590 | 07:37:21 |
| fhluit87 joined the room. | 12:53:13 |
2 Jun 2025 |
| @bweeks:matrix.org left the room. | 06:01:47 |
3 Jun 2025 |
hexa | https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 @ma27
https://github.com/NixOS/nixpkgs/pull/412940 | 01:11:03 |
ma27 | expect a merge today. sorry was in the traveling last weekend and it didn't fit yesterday. | 05:13:17 |
| yadov3k joined the room. | 12:12:31 |
| themadbit joined the room. | 18:26:39 |
Morgan (@numinit) | Samba https://www.samba.org/samba/security/CVE-2025-0620.html | 20:02:40 |
Morgan (@numinit) | Seems to only apply to 4.21, though. So we may be fine? | 20:04:44 |
4 Jun 2025 |
teutat3s | New electron releases with fixes for CVE-2025-5419 are available, I'll get to creating a PR later today. | 13:13:22 |
hexa | https://curl.se/docs/CVE-2025-5399.html 8.14.1 | 14:07:26 |
hexa | * https://curl.se/docs/CVE-2025-5399.html 8.14.1 Scrumplex | 14:07:33 |
Scrumplex | https://github.com/NixOS/nixpkgs/pull/413896 | 14:08:13 |
hexa | are you preparing patches for 25.05 and 24.11? | 14:09:55 |
Scrumplex | Backports should work for both releases, if I am not mistaken | 14:31:04 |
Scrumplex | 24.11 is a little behind actually. We would need a manual patch there | 14:31:36 |
teutat3s | https://github.com/NixOS/nixpkgs/pull/413995 | 17:53:16 |
hexa | curl updates are imo risky and introduce regressions every now and then | 18:03:25 |
hexa | 23.11 looked like this | 18:04:13 |
hexa | patches = [
# fix ipv6 autodetect compile error in configure script
# remove once https://github.com/curl/curl/pull/12607 released (8.6.0)
./configure-ipv6-autodetect.diff
# https://curl.se/docs/CVE-2023-46219.html
./0001-CVE-2023-42619.patch
# https://curl.se/docs/CVE-2023-46218.html
./0002-CVE-2023-42618.patch
# https://curl.se/docs/CVE-2024-2398.html
./0003-CVE-2024-2398.patch
# https://curl.se/docs/CVE-2024-2004.html
./0004-CVE-2024-2004.patch
];
| 18:04:18 |
hexa | frankly not sure why that practice changed | 18:04:36 |
| HedgeMage joined the room. | 19:26:55 |
5 Jun 2025 |
| h0nig2k joined the room. | 07:36:47 |
h0nig2k | Hi, is there any planned triage for https://www.cve.org/CVERecord?id=CVE-2025-4517 - python with CVE 9,4? | 07:40:52 |