!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

666 Members
Coordination and triage of security issues in nixpkgs210 Servers

Load older messages

SenderMessageTime
18 Jun 2025
@jtojnar:matrix.orgJan Tojnarthanks, opened https://github.com/NixOS/nixpkgs/pull/41776307:20:55
@leona:leona.isleonacan look in around 8 hours if no one beats me to that07:51:03
@h0nig2k:matrix.orgh0nig2khttps://github.com/NixOS/nixpkgs/pull/417898 for CVE-2025-46727 (please backport to 25.05 as well, thank you)15:52:17
@vcunat:matrix.orgvcunat

updated X too soon

A fix will be issued in xorg-server-21.1.18 and xwayland-24.1.8 shortly.

https://lists.x.org/archives/xorg-announce/2025-June/003611.html

16:08:45
@hexa:lossy.networkhexaRedacted or Malformed Event16:23:13
@hexa:lossy.networkhexaRedacted or Malformed Event16:23:39
@hexa:lossy.networkhexaRedacted or Malformed Event16:23:49
@aleksana:mozilla.orgaleksana 🏳️‍⚧️ (force me to bed after 18:00 UTC)
In reply to @jtojnar:matrix.org
thanks, opened https://github.com/NixOS/nixpkgs/pull/417763
This hasn't been backported to 24.11 because of merge conflict, have we abandoned 24.11 yet? 		17:18:10
@hexa:lossy.networkhexanot yet17:19:56
@vcunat:matrix.orgvcunatEnd of the month is promised traditionally.17:24:14
20 Jun 2025
@alina:kescher.at@alina:kescher.at changed their display name from alina, dognitohazard 🏳️‍⚧️🐾 to alina, moved to @alina:catgirl.cloud.18:14:34
@alina:kescher.at@alina:kescher.at left the room.19:02:28
21 Jun 2025
@leona:leona.isleonaWould like to get a review on the patch backport please https://github.com/NixOS/nixpkgs/pull/418180, as relevant for next staging cycle11:17:42
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all)(on a similar note, https://github.com/NixOS/nixpkgs/pull/418255 works as an update, but the diff is large enough for me to not feel competent with a backport. And the doc building is still bissing, as i don't know enough docbook to fix it. Either needs someone looking at docs or making the executive decision to just ignore docs on pam)11:19:24
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all)* (on a similar note, https://github.com/NixOS/nixpkgs/pull/418255 works as an update, but the diff is large enough for me to not feel comfortable with an immediate backport. And the doc building is still bissing, as i don't know enough docbook to fix it. Either needs someone looking at docs or making the executive decision to just ignore docs on pam)11:20:21
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all)* (on a similar note, https://github.com/NixOS/nixpkgs/pull/418255 works as an update, but the diff is large enough for me to not feel comfortable with an immediate backport. And the doc building is still missing, as i don't know enough docbook to fix it. Either needs someone looking at docs or making the executive decision to just ignore docs on pam)11:43:23
22 Jun 2025
@ss:someonex.netSomeoneSerge (Ever OOMed by Element) changed their display name from SomeoneSerge (UTC+U[-12,12]) to SomeoneSerge (Ever OOMed by Element).12:12:51
@saiko:knifepoint.netKatalin 🔪 changed their display name from Katalin ⚧︎ to Katalin ⚧︎.20:44:15
@saiko:knifepoint.netKatalin 🔪 changed their display name from Katalin ⚧︎ to Katalin ⚧︎.20:45:27
24 Jun 2025
@joerg:thalheim.ioMic92https://github.com/NixOS/nixpkgs/pull/41957514:08:47
@joerg:thalheim.ioMic92* https://github.com/NixOS/nixpkgs/pull/419575 Nix security updates14:08:56
25 Jun 2025
@hxr404:tchncs.dehxr404 ✨ [she/her] changed their display name from hxr404 ✨ [it/she] to hxr404 ✨ [she/her].12:34:23
26 Jun 2025
@hexa:lossy.networkhexa https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm nh2 23:44:04
@nh2:matrix.orgnh2looking23:44:23
@nh2:matrix.orgnh2this is odd, the patch for Ceph 17 was already merged for October 2024: https://github.com/ceph/ceph/pull/60314 The 2 links for the other versions are invalid23:52:24
27 Jun 2025
@nh2:matrix.orgnh2

The correct pull requests for the other versions are:

  • Ceph 18: https://github.com/ceph/ceph/pull/61379
  • Ceph 19: https://github.com/ceph/ceph/pull/63458

I have commented that on one of them.

00:11:06
@nh2:matrix.orgnh2PR for the patch in nixpkgs: https://github.com/NixOS/nixpkgs/pull/42038000:11:12
@nh2:matrix.orgnh2Builds and tests fine, good to merge from my side00:54:24
@redstone-menace:matrix.orgR̴̨͕͇͍̞̮̐̅͆̌̀̉̐͋̈́̃̀͒́̎̅̚̚̚͠͝Ĕ̵̡̛͖͖̟̙̫̱͈̘̞̭͍͍͑̌̄͑̓̋̓̀̈̏̈́͊̇͊͆̉͂̏̀̃̚͘͝͝ͅͅD̶̡̢͔̱̖̮͙͉̘̺͓͍̩̮͈͍͗̃̀̏͌͘͜ͅŚ̸̬̭̯̬͙͇͓̬̩̳̤͚͓̤̩̺͉͖̉͛̓̿̎͊̿̆́̐͂̇͌̄̇̓͘ͅͅT̴̞̫̘̝͇͔̟̪̪̦͂̔̎̀̎ͅŎ̷̡̬̹̪͈̭̣͈̭̭͉̦̖̝̘̪͖͔̥̦̘̻̳Ṋ̶̛̫͈̳̘͚̜̔̋͆̅̈́͊̑͊̉̌̈́̾͑̈́̚ͅË̸̡̨̨̛͇̜̖͔͖̻̟̗̠̙͓̘̗̥͉͇̜͑͆͊͑͑̀̓͒͜͝͝ changed their display name from Redstone to R̴̨͕͇͍̞̮̐̅͆̌̀̉̐͋̈́̃̀͒́̎̅̚̚̚͠͝Ĕ̵̡̛͖͖̟̙̫̱͈̘̞̭͍͍͑̌̄͑̓̋̓̀̈̏̈́͊̇͊͆̉͂̏̀̃̚͘͝͝ͅͅD̶̡̢͔̱̖̮͙͉̘̺͓͍̩̮͈͍͗̃̀̏͌͘͜ͅŚ̸̬̭̯̬͙͇͓̬̩̳̤͚͓̤̩̺͉͖̉͛̓̿̎͊̿̆́̐͂̇͌̄̇̓͘ͅͅT̴̞̫̘̝͇͔̟̪̪̦͂̔̎̀̎ͅŎ̷̡̬̹̪͈̭̣͈̭̭͉̦̖̝̘̪͖͔̥̦̘̻̳Ṋ̶̛̫͈̳̘͚̜̔̋͆̅̈́͊̑͊̉̌̈́̾͑̈́̚ͅË̸̡̨̨̛͇̜̖͔͖̻̟̗̠̙͓̘̗̥͉͇̜͑͆͊͑͑̀̓͒͜͝͝.00:55:32
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all)https://github.com/NixOS/nixpkgs/pull/403244 anyone wants to look at a long-overdue java update?07:12:14

Show newer messages

Back to Room ListRoom Version: 6