| 11 Oct 2023 |
 ⛧-440729 [sophie raven] (it/its) | Releases apparently aren't online yet. The links on https://curl.se/download.html return a 404. | 06:19:08 |
 raitobezarius | yep I advise to wait until they are out | 06:19:27 |
| raitobezarius | we can theoretically apply the patch for 23.05 though | 06:19:55 |
| raitobezarius | i don't think we need to wait 8.4.0 for that | 06:20:00 |
| raitobezarius | or maybe we should bump 23.05 to 8.4.0 | 06:20:25 |
| raitobezarius | I don't know the policy here | 06:20:28 |
| ⛧-440729 [sophie raven] (it/its) | 8.4.0 should be released soon™, I'd wait for the new release. 23.05 probably should get the backport as well due to this being a security issue | 06:22:17 |
 vcunat | We're on 8.1.1 in 23.05. | 06:22:34 |
| vcunat | So probably pick just the patches. | 06:22:45 |
| vcunat | * So probably pick just the patches in there. | 06:23:07 |
| ⛧-440729 [sophie raven] (it/its) | Release is online, the darwin patch doesn't cleanly apply anymore. Someone with a darwin system needs to test whether my changes to the patch are good. | 06:33:23 |
| vcunat | I can build on a slow x86_64-darwin. | 06:40:47 |
| vcunat | No nixpkgs PR yet? (for staging-next-23.05) | 06:41:04 |
| vcunat | Patching is a pain here. Normally it would need addition of autoreconfHook, but that would cause nontrivial infinite recursion. | 06:42:31 |
| vcunat | As for backporting itself, the conflicts didn't look bad at a glance. | 06:43:12 |
| ⛧-440729 [sophie raven] (it/its) | PR incoming now, I'm preparing the patch for staging-23.05 | 06:43:24 |
| ⛧-440729 [sophie raven] (it/its) | * PR incoming now, I'm still preparing the patch for staging-23.05 | 06:43:37 |
| ⛧-440729 [sophie raven] (it/its) | https://github.com/NixOS/nixpkgs/pull/260378 | 06:44:42 |
| ⛧-440729 [sophie raven] (it/its) | PR for staging: https://github.com/NixOS/nixpkgs/pull/260381 | 06:50:15 |
| ⛧-440729 [sophie raven] (it/its) | * PR for staging-23.05: https://github.com/NixOS/nixpkgs/pull/260381 | 06:50:19 |
| vcunat | Hmm, that's annoying. It seems really hard to resolve autoconf issues without reimporting nixpkgs.
I tested the patch by using autoreconfHook from a different nixpkgs version. With that the build passes with the backported patch. | 07:44:38 |
| vcunat | I don't know, I'll probably give it up for the current staging-next-23.05. In case someone wants to experiment, you can get prototype patch for nghttp2 (version without touching generated stuff): https://github.com/vcunat/nghttp2/pull/new/p/backport-cve-2023-44487 | 10:21:12 |
|  @dexternemrod:matrix.org left the room. | 17:47:38 |
|  @xfix:matrix.org changed their display name from xfix to xfix (she/her). | 18:19:58 |
|  ·☽•Nameless☆•777 · ± changed their profile picture. | 19:34:58 |
|  幸猫 changed their display name from FC (they/them) to Fay (she/her). | 20:54:19 |
| 12 Oct 2023 |
| ⛧-440729 [sophie raven] (it/its) | Can someone please review and merge the PR for curl 8.4.0? https://github.com/NixOS/nixpkgs/pull/260378 | 06:42:30 |
|  ajs124 changed their profile picture. | 21:42:48 |
| 13 Oct 2023 |
 AkechiShiro | Redacted or Malformed Event | 15:21:14 |
