| 29 Oct 2024 |
 Scrumplex | * https://github.com/NixOS/nixpkgs/pull/352161 | 19:13:30 |
 hexa | are you planning to test these? | 19:33:19 |
| Scrumplex | In reply to @hexa:lossy.network
are you planning to test these? I was just setting up a remote builder to be able to build them in a reasonable time | 19:46:30 |
| hexa | I queued build for firefox-unwrapped.tests and firefox-esr-unwrapped.tests on x86-64-linux and aarch64-linux | 19:52:47 |
| hexa | * I queued builds for firefox-unwrapped.tests and firefox-esr-unwrapped.tests on x86-64-linux and aarch64-linux | 19:52:52 |
| Scrumplex | firefox-bin firefox-beta-bin firefox-devedition-bin thunderbird-bin all work | 19:57:40 |
| Scrumplex | both -devedition and -beta fail to apply /nix/store/9lx1746yy56pn3dpc35l1xr6l3lykbin-env_var_for_system_dir-ff111.patch | 20:05:47 |
| hexa | #mozilla:nixos.org | 20:07:35 |
| hexa | vcunat: https://www.openwall.com/lists/oss-security/2024/10/29/2 | 20:39:42 |
 vcunat | I certainly can't do anything tonight anymore. | 20:50:06 |
| Scrumplex | I can submit a PR but I don't think I'll be able to test them beyond building them | 20:53:34 |
| Scrumplex | * I can submit a PR but I don't think I'll be able to test them beyond building them
Edit: PR: https://github.com/NixOS/nixpkgs/pull/352191 | 21:16:01 |
| 30 Oct 2024 |
 stigo | This seems to have been merged into staging, any ETA on when this fix will arrive in the unstable channels? | 11:22:08 |
 Lun | https://github.com/NixOS/nixpkgs/issues/352445 | 19:24:20 |
| vcunat | Like... a month, I'd guess. | 19:25:32 |
 emily | uh, we're doing one more staging before release though right? | 19:26:10 |
| emily | there's some pretty important fixes in there | 19:26:14 |
| emily | and the schedule calls for it | 19:26:22 |
| emily | I thought we would go straight into staging-next-24.05 in a couple days when we merge, and then do one last 24.11-pre. | 19:26:55 |
|  @grossmap:in.tum.de joined the room. | 19:59:46 |
 Mic92 | https://github.com/NixOS/nixpkgs/pull/352455 https://github.com/NixOS/nixpkgs/pull/352456 | 20:36:43 |
| Mic92 | nix: fix macOS sandbox escape via builtin builders | 20:36:55 |
| emily | Redacted or Malformed Event | 20:44:35 |
| emily | will handle this one | 20:48:58 |
| hexa | https://www.openwall.com/lists/oss-security/2024/10/30/4 qbittorrent | 23:55:19 |
| 31 Oct 2024 |
| Scrumplex | https://github.com/NixOS/nixpkgs/pull/352499 for master | 00:11:01 |
| Scrumplex | 24.05 is on 4.x. Just blindly applying the relevant patches doesn't work
Relevant patch: https://github.com/qbittorrent/qBittorrent/commit/2a4425380292baedc3be1d1e57506e45172da6fc
Part of the same PR but not strictly needed to fix vulnerability: https://github.com/qbittorrent/qBittorrent/commit/2a4077414f44f370d4bb66c3fd91ec755d4ce04d | 00:17:48 |
| emily | the advisory is somewhat (subtextually) withering about their security practices. I think knownVulnerabilities for 24.05 is okay, and it's not clear to me if the other issues they disclosed have been fixed. | 00:18:32 |
| emily | * the advisory is somewhat (subtextually) withering about their security practices. I think knownVulnerabilities for 24.05 is okay, and it's not clear to me if the other issues they disclosed have been fixed. (edit: actually, I guess they implied they're at least unexploitable due to TLS validation now) | 00:19:12 |
| Scrumplex | I'll propose this: https://github.com/NixOS/nixpkgs/pull/352501
Maybe we can safely update 24.05 to qBittorrent 5.0.1, as I couldn't see any breaking changes, but maybe other people can handle that ^^ | 00:21:57 |
