| 14 Jan 2025 |
 hexa | pam-u2f | 18:45:29 |
 aidalgol | AIUI, it's the PAM module for using U2F. | 18:46:18 |
|  ā§-440729 [sophie raven] (it/its) changed their profile picture. | 18:56:36 |
 tgerbet | https://github.com/NixOS/nixpkgs/pull/373818 | 19:30:17 |
|  Luke joined the room. | 20:47:26 |
| 15 Jan 2025 |
|  leon joined the room. | 08:21:09 |
|  SomeoneSerge (back on matrix) changed their display name from SomeoneSerge (utc+3) to SomeoneSerge. | 19:01:56 |
| 17 Jan 2025 |
|  Johann Wagner changed their display name from Johann to Johann Wanger (hier nicht erreichbar). | 09:25:54 |
| Johann Wagner changed their display name from Johann Wanger (hier nicht erreichbar) to Johann Wagner. | 09:31:02 |
| 18 Jan 2025 |
|  syd installs gentoo (they/them) changed their display name from syd 9291 (they/them) to syd installs gentoo (they/them). | 16:26:46 |
| 19 Jan 2025 |
|  Reventlov left the room. | 09:36:52 |
| 20 Jan 2025 |
| tgerbet | vim Philip Taron (UTC-8) https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 | 22:21:02 |
| 21 Jan 2025 |
 Philip Taron (UTC-8) | In reply to @tgerbet:matrix.org
vim Philip Taron (UTC-8) https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 Iām next at a computer tomorrow morning. Thanks for the heads up. Looks relatively minor all told. | 01:44:04 |
|  oak š³ļøāšā„ļø changed their profile picture. | 22:35:37 |
| oak š³ļøāšā„ļø changed their profile picture. | 22:37:18 |
| 22 Jan 2025 |
| Philip Taron (UTC-8) | https://github.com/NixOS/nixpkgs/pull/375891 | 17:50:49 |
| 24 Jan 2025 |
 Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | Uh oh; We seem to be vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2022-27470 and SDL_ttf has no maintainers and is 3 years outdated (no update script, and the project moved to github). Tasty 7.8 XD
This seems straight-forward to fix, will send a PR once i get there. | 11:05:48 |
| Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | update: Not really fixable; SDL2_ttf exists and fixes these vulnerabilities, the newest SDL1-based SDL_ttf is vulnerable. So even if we update from the current version (2.0.11, released in 2013) to the newest (2.0.18, released in 2022) this wouldn't actually fix the vuln. So i suppose the correct way is to update the depoendents instead? | 11:43:02 |
| Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | * update: Not really fixable; SDL2_ttf exists and fixes these vulnerabilities, the newest SDL1-based SDL_ttf is vulnerable. So even if we update from the current version (2.0.11, released in 2013) to the newest (2.0.18, released in 2022) this wouldn't actually fix the vuln. So i suppose the correct way is to update the dependents instead? | 11:43:08 |
 emily | we should really drop sdl1 | 11:51:58 |
| emily | just mark it known vulnerable for now | 11:52:44 |
| Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | This has the sideeffect of breaking all appimage-based packages. Now i do hate appimage, but we shouldn't break them. https://github.com/NixOS/nixpkgs/blame/defe5870670e9fe4d0a8a04e0e58ec60c7745bb1/pkgs/build-support/appimage/default.nix#L183C7-L183C14 lists it as included in the appimage environment, but that is 6 years old and the linked exclude list does not list anything related to sdl anymore. Do i just drop SDL1 ttf from appimage FHS? | 11:55:20 |
| Grimmauld (moving to @grimmauld:grapevine.grimmauld.de) | * This has the sideeffect of breaking all appimage-based packages. Now i do hate appimage, but we shouldn't break them. https://github.com/NixOS/nixpkgs/blame/defe5870670e9fe4d0a8a04e0e58ec60c7745bb1/pkgs/build-support/appimage/default.nix#L183C7-L183C14 lists it as included in the appimage environment, but that is 6 years old and the linked exclude list does not list anything related to sdl anymore. Do i just drop SDL1 things from appimage FHS? | 11:55:56 |
