| 16 May 2025 |
|  Winter joined the room. | 01:58:58 |
 hexa | https://www.openwall.com/lists/oss-security/2025/05/16/7 glibc ma27 | 23:06:10 |
 emily | I suspect the only static setuid program on 90% of NixOS systems is our wrapper? | 23:06:54 |
| emily | which hopefully doesn't dlopen | 23:06:58 |
| emily | well, 90% is probably way too low for that figure. also sorry, forgot this was triage room | 23:07:16 |
| 17 May 2025 |
|  s-rein joined the room. | 03:31:56 |
 aloisw | The wrapper uses musl and erases LD_LIBRARY_PATH, so NixOS should indeed be unaffected. | 05:00:12 |
 ma27 | Agreed.
I'll prepare an update todya nonetheless since people are using nixpkgs to build all kinds of stuff. | 08:12:34 |
 vcunat | Sounds OK for the normal staging* workflow. | 08:34:01 |
 K900 | What's the plan for the next cycle? | 08:36:37 |
| K900 | I've got Mesa 25.1.1 and Qt 6.9.1 next week | 08:36:51 |
 Alyssa Ross | Still looking for Darwin testing on the Meson upgrade https://github.com/NixOS/nixpkgs/pull/402752 | 08:37:33 |
| Alyssa Ross | But this is the wrong room | 08:44:58 |
| ma27 | OK we don't have to do anything btw: the advisory states
Fix-Commit: 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 (2.39)
the commit is from 2023 and part of the glibc we're shipping. | 08:58:36 |
| K900 | https://github.com/google/security-research/security/advisories/GHSA-qx2m-rcpc-v43v | 12:23:49 |
| K900 | Ayylmao | 12:24:09 |
 tgerbet | Fixed in https://github.com/NixOS/nixpkgs/pull/400278 and https://github.com/NixOS/nixpkgs/pull/403432
It looks like they did not update the fixed version field in the advisory | 12:26:11 |
| K900 | Ayylmao, but different | 12:27:29 |
 Grimmauld (any/all) | https://github.com/NixOS/nixpkgs/pull/401409
I still have an open security fix PR that noone seems to want to review... | 14:29:27 |
|  oddlama changed their display name from oddlama to Malte. | 20:12:23 |
| 18 May 2025 |
| K900 | https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/ | 14:06:39 |
| K900 | @hexa:lossy.network | 14:06:43 |
 linj | fixed in https://github.com/NixOS/nixpkgs/pull/408236 | 14:07:52 |
| K900 | Cool | 14:08:29 |
| hexa | still testing on 24.11 | 14:08:58 |
| 19 May 2025 |
| Grimmauld (any/all) | Can we get a merge on https://github.com/NixOS/nixpkgs/pull/408524? Its analogous to the firefox update and i'd really rather have that.... Yes yes, we are on topic with browser forks, but i can't commit this (yet) | 14:56:55 |
|  oak 🏳️🌈♥️ changed their display name from oak 🫱⭕🫲 to oak. | 10:59:05 |
| hexa | note that we started requiring an active committer on the maintainers list for browsers cough | 14:57:48 |
