| 5 Aug 2021 |
 ris_ | (also https://github.com/NixOS/nixpkgs/pull/132323) | 17:26:55 |
| 6 Aug 2021 |
 ajs124 | any prosody users here that want to take a look at https://github.com/NixOS/nixpkgs/pull/132887 | 11:58:36 |
| 7 Aug 2021 |
 hexa | https://www.openwall.com/lists/oss-security/2021/08/07/1 | 16:53:59 |
| hexa | patch used in alpine here https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00007.html | 16:57:15 |
| hexa | --- lynx2.8.9rel.1.orig/WWW/Library/Implementation/HTParse.c
+++ lynx2.8.9rel.1/WWW/Library/Implementation/HTParse.c
@@ -31,6 +31,7 @@
struct struct_parts {
char *access;
+ char *auth;
char *host;
char *absolute;
char *relative;
@@ -121,6 +122,18 @@
}
/*
+ * Scan left-to-right for an authentication username/password combination (auth).
+ */
+ for (p = after_access; *p; p++) {
+ if (*p == '@') {
+ parts->auth = after_access;
+ *p = '\0';
+ after_access = (p + 1); /* advance base pointer forward */
+ break;
+ }
+ }
+
+ /*
* Scan left-to-right for a fragment (anchor).
*/
for (p = after_access; *p; p++) {
@@ -135,10 +148,14 @@
* Scan left-to-right for a host or absolute path.
*/
p = after_access;
- if (*p == '/') {
- if (p[1] == '/') {
- parts->host = (p + 2); /* host has been specified */
- *p = '\0'; /* Terminate access */
+ if (*p == '/' || parts->auth) {
+ if (p[1] == '/' || parts->auth) {
+ if (!parts->auth) {
+ parts->host = (p + 2); /* host has been specified */
+ *p = '\0'; /* Terminate access */
+ } else {
+ parts->host = p;
+ }
p = StrChr(parts->host, '/'); /* look for end of host name if any */
if (p != NULL) {
*p = '\0'; /* Terminate host */
| 16:57:37 |
|  sgo joined the room. | 18:24:09 |
 nixinator | In reply to @hexa:lossy.network
https://www.openwall.com/lists/oss-security/2021/08/07/1 https://github.com/NixOS/nixpkgs/pull/133057 | 22:15:02 |
| nixinator | review and backport requested :-) | 22:15:31 |
| 9 Aug 2021 |
|  dadada (they/them) changed their display name from dadada to dadada (they/them). | 15:59:54 |
| hexa | a gpsd issue will cause time to rollback to some time before 2001 | 21:35:06 |
| hexa | we need to update to gpsd 3.23 and backport it | 21:35:16 |
| nixinator | back to the future.... | 21:38:27 |
| hexa | anyway, there is https://github.com/NixOS/nixpkgs/pull/133216/files | 21:43:27 |
| hexa | I'm cleaining it up a bit right now | 21:43:31 |
| 10 Aug 2021 |
|  anubhavkini left the room. | 05:50:58 |
| hexa | https://c-ares.haxx.se/adv_20210810.html | 10:59:01 |
| hexa | https://nostarttls.secvuln.info/ | 11:20:11 |
| hexa | https://github.com/NixOS/nixpkgs/pull/133375 https://github.com/NixOS/nixpkgs/pull/133378 | 13:27:48 |
| hexa | gave up the latter pr because the bump contains a few more security fixes | 13:37:54 |
| hexa | * https://github.com/NixOS/nixpkgs/pull/133375 https://github.com/NixOS/nixpkgs/pull/133378 | 13:38:09 |
| 11 Aug 2021 |
| hexa | https://github.com/NixOS/nixpkgs/pull/133499 | 13:28:17 |
 aanderse | hexa: i ping you because you're good at looking at CVEs and judging whether they should be backported, etc... :)
i mean, this definitely should be merged and backported, i know that
but everyone likes having a second set of eyes, it makes things more legit
and i mean... ❤️ hexa , of course
| 13:30:11 |
| hexa | thanks for the vote of confidence. I can say that it builds and I slapped that Severity: Very Nasty Backportworthy label on! | 13:30:59 |
| hexa | * thanks for the vote of confidence. I can say that it builds and I slapped that Severity: Very Nasty Backportworthy label onto it! | 13:31:13 |
 Sandro | Just went ahead and merged it | 13:31:20 |
| aanderse | ❤️ Sandro too, for all the amazing work you do 😃 | 13:31:49 |
|  Corbin left the room. | 16:53:03 |
| 12 Aug 2021 |
|  nullrequest joined the room. | 09:49:39 |
| nullrequest | I would like to submit a pr to enable the landlock lsm however the contributing guide says to open an issue about this. I'm not sure which template to use | 10:03:20 |
 Alyssa Ross | I think you don't have to use a template if none fits | 10:03:43 |
