| 12 Jun 2024 |
 hexa | https://conduit.rs/changelog/#v0-8-0-2024-06-12
(and conduwuit/grapevine for whoever uses those) | 19:09:11 |
|  networkException joined the room. | 19:28:47 |
| hexa | https://github.com/NixOS/nixpkgs/pull/319362 | 19:57:39 |
| hexa | will backport to release-24.05, given that the breaking changes in 0.7.0 don't affect us | 19:57:52 |
| hexa | * will backport to release-24.05 and release-23.11, given that the breaking changes in 0.7.0 don't affect us | 19:58:11 |
| hexa | marked as vulnerable on 23.11, backport was not possible | 20:57:43 |
| 13 Jun 2024 |
|  OahzEgroeg changed their display name from George to OahzEgroeg. | 10:49:08 |
| 14 Jun 2024 |
| OahzEgroeg left the room. | 09:43:26 |
| OahzEgroeg joined the room. | 09:47:22 |
|  cnm joined the room. | 18:16:58 |
| 15 Jun 2024 |
 felschr | https://github.com/NixOS/nixpkgs/pull/319315 | 11:13:57 |
|  bedridden joined the room. | 21:27:14 |
| bedridden | https://github.com/NixOS/nixpkgs/pull/320093
current bootstrap tools for darwin seem to ship with an old version of curl (and was updated 2 months ago), affected by https://www.tenable.com/plugins/nessus/182874
I suppose this change should first go into staging and then backported to other staging-<version> branches... is this correct? (first contribution, so apologies if I am at the wrong place!) | 21:34:17 |
| hexa | can you poke #macos:nixos.org? | 21:35:09 |
|  @fack:cyberia.club left the room. | 21:51:56 |
| 16 Jun 2024 |
 vcunat | Isn't that affecting only if you use the libcurl as a SOCKS5 proxy? (server side) Or am I reading it wrong? | 06:10:00 |
| bedridden | I believe so, but I am no security expert. https://www.tenable.com/cve/CVE-2023-38545 has a references to few different updates (even ones from Apple updating curl version), so it seems rather important. | 09:58:11 |
| bedridden | That said, I was told in #macos:nixos.org that this issue doesn't affect nixos-24.05 (which I also verified and seems to be the case), so it might be an issue only on nixos-23.11 darwin (haven't yet verified this one). | 09:59:28 |
 ilex | https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-4 | 13:07:30 |
| hexa | @emily
| 13:26:27 |
 emily | ? | 13:26:53 |
| hexa | Forgejo | 13:27:52 |
| emily | already in nixos-unstable-small and nixos-24.05-small. so what is left to do besides marking forgejo as insecure in 23.11?
(though it can be argued over if that CVE is actually all that bad)
| 13:29:50 |
 @adam:robins.wtf | they did cut a 1.21 release too, but marking as insecure in 23.11 is fine with me :) | 13:33:10 |
| emily | 23.11 is on 1.20, not 1.21.
and in the old gitea versioning those are major releases.
| 13:35:11 |
| emily | do you have time to open a PR for this? EOL+vulnerable? | 13:35:44 |
| @adam:robins.wtf | yeah i have a few minutes | 13:36:32 |
| 17 Jun 2024 |
 Mic92 | Electron security fix in deltachat-desktop: https://github.com/NixOS/nixpkgs/pull/320554 | 15:09:49 |
| 18 Jun 2024 |
|  ubbabeck joined the room. | 08:15:55 |
|  blitz left the room. | 08:59:11 |
