| 4 Oct 2023 |
 Fabián Heredia | building | 06:02:15 |
| Fabián Heredia | Cherry-picked to main branch and checked build with nix-build -A xorg.libX11 and nix-build -A xorg.libXpm LGTM | 06:10:03 |
 flokli | vcunat: the glibc stuff is in. I assume we can/want to not wait another week to have hydra build glibc, or do we? | 15:56:33 |
| flokli | Talking about curl, edef said:
glibc bug is local root, curl is gonna be RCE at worst, it's gonna suck but it'll suck less if we don't have a local privesc bug for attackers to chain it with
| 15:58:48 |
| flokli | (I'm currently building the VM tests for 23.05-staging, then the backport PR should also be able to land) | 15:59:43 |
 ma27 | vcunat re
Maybe this is even doable without huge rebuild and without grafting, as I'd assume only /run/wrappers contents needs to be rebuilt.
(https://matrix.to/#/%23security-discuss%3Anixos.org/%24uB9I2wrpom60t455GlhfR5JFANamSdCWLHq4I1P61gI?via=nicht-so.sexy&via=matrix.org&via=envs.net&via=tchncs.de)
I'm not sure if I get what you're suggesting here.
Follow-up: what's the current state of staging-next (pardon my ignorance, I'm most of the time not really involved in the staging workflow itself)? I.e. does it make sense to push glibc to the current iteration or do we need to await another? | 16:08:19 |
 vcunat | We're almost finished building. | 16:08:53 |
| vcunat | nix does not build on *-darwin though. | 16:09:02 |
| vcunat | * nix does not build on *-darwin though.
EDIT: this chat channel is just for triaging CVEs, though. | 16:14:23 |
| ma27 | isn't "getting it in the channels" part of coordination though? Otherwise, #security-discuss:nixos.org? | 16:27:49 |
 hexa | drop it off here, make sure we know someone is taking care of it, further discussion elsewhere | 16:36:16 |
| hexa | working on django https://www.djangoproject.com/weblog/2023/oct/04/security-releases/ | 16:48:11 |
| hexa | https://github.com/NixOS/nixpkgs/pull/259029
https://github.com/NixOS/nixpkgs/pull/259031 | 17:04:53 |
|  @fack:cyberia.club changed their profile picture. | 21:46:41 |
| 5 Oct 2023 |
| hexa | grub https://lore.kernel.org/all/ZRxK8s4nQV2jBq%2F9@tomti.i.net-space.pl/ samueldr | 00:16:16 |
 ⛧-440729 [sophie raven] (it/its) | Is someone already aware of the upcoming curl security update next week?
https://github.com/curl/curl/discussions/12026 | 11:39:06 |
| hexa | yes, it was not posted here yet, but I'm aware. Do you feel like taking care of that update? | 11:44:03 |
| vcunat | It was posted here.
https://matrix.to/#/!ZRgXNaHrdpGqwUnGnj:nixos.org/$1otMB-k9sHMa-2c9vbzwz_5sN22PYt2RFgvTl7VONW0?via=nixos.org&via=matrix.org&via=nixos.dev | 11:44:41 |
|  @manuelbaerenz:matrix.org joined the room. | 13:44:04 |
|  @aloisw:kde.org joined the room. | 14:49:15 |
|  @rick:matrix.ciphernetics.nl changed their display name from Rick (Mindavi) to Mindavi. | 15:31:36 |
| 6 Oct 2023 |
|  @pokon548:bukn.uk joined the room. | 07:37:44 |
| @pokon548:bukn.uk left the room. | 10:35:05 |
|  recoup3948 joined the room. | 11:37:26 |
|  Hubble the Wolverine (they/them) joined the room. | 11:56:04 |
|  Las left the room. | 16:44:52 |
| 7 Oct 2023 |
|  angelwn joined the room. | 12:45:07 |
| Hubble the Wolverine (they/them) changed their display name from Hubble the Wolverine to Hubble the Wolverine (they/them). | 12:54:52 |
| 8 Oct 2023 |
|  Find me at aleksana:qaq.li joined the room. | 06:52:56 |
|  clefru joined the room. | 08:12:17 |
