!vxTmkuJzhGPsMdkAOc:transformierende-gesellschaft.org

NixOS Matrix Subsystem

117 Members
Coordination and discussion about the matrix subsystem in NixOS - https://nixos.wiki/wiki/Matrix66 Servers

Load older messages


SenderMessageTime
27 Aug 2021
@andreas.schraegle:helsinki-systems.de@andreas.schraegle:helsinki-systems.de
⚠️ We expect to publish a security release Synapse 1.41.1 on Tuesday, 31 August which fixes two moderate severity issues.
22:53:34
30 Aug 2021
@sumner:sumnerevans.com@sumner:sumnerevans.com The restricted join rule is now implemented in Synapse and has support in Element. That means that you can create rooms that are join-able if you are in a particular space. For example, this room could be set to joinable by anyone in the #community:nixos.org space. Note that this requires room upgrades to version 8, which is an annoying process. I think that all future rooms should use this, but it is not likely worth it to upgrade existing rooms. 15:42:28
31 Aug 2021
@hexa:lossy.networkhexaheads-up: on python-unstable we are seeing https://github.com/matrix-org/python-canonicaljson/issues/36, which is breaking matrix-synapse14:27:31
@andreas.schraegle:helsinki-systems.de@andreas.schraegle:helsinki-systems.deI thought we were still on frozendict 1.2?14:34:07
@andreas.schraegle:helsinki-systems.de@andreas.schraegle:helsinki-systems.de ah, on python-unstable? Maybe I should close this then 14:34:29
@hexa:lossy.networkhexawe are on 2.0.6 on python-unstable14:36:38
@hexa:lossy.networkhexaif you are doing more than bumping the package then merge it and we'll rebase14:37:08
@hexa:lossy.networkhexaI think octoprint works, let me check14:40:44
@hexa:lossy.networkhexayes, it does 🥳14:49:57
@andreas.schraegle:helsinki-systems.de@andreas.schraegle:helsinki-systems.demagic. Looking at the diff, I switched from fetchPypi to fetchFromGitHub and disabled it on python 2.x, but I don't remember why I did any of that14:50:35
@hexa:lossy.networkhexayeah, I wish. It was blood and sweat. https://github.com/NixOS/nixpkgs/pull/13530214:54:08
@philipp:xndr.dephilipphttps://matrix.org/blog/2021/08/31/synapse-1-41-1-released15:01:24
@philipp:xndr.dephilipp

GHSA-3x4c-pq33-4w3q / CVE-2021-39164: Enumerating a private room's list of members and their display names.

GHSA-jj53-8fmw-f2w2 / CVE-2021-39163: Disclosing a private room's name, avatar, topic, and number of members.

15:02:17
@sumner:sumnerevans.com@sumner:sumnerevans.comCan we get this merged, especially considering 1.8.2 was just released? https://github.com/NixOS/nixpkgs/pull/134492/files16:43:54
@ma27:nicht-so.sexyma27 are there enough people who tested element 1.8 on 21.05 yet? I'd be in favor of merging the PR sumner has filed. 21:53:21
1 Sep 2021
@stites:matrix.orgstites (Old) changed their display name from stites to stites (Old).19:20:59
2 Sep 2021
@sam:m.topoi.devsam joined the room.00:08:55
@philipp:xndr.dephilippTouched up the conduit module for 0.2.0. Maybe now would be a good time to merge it to unstable.10:08:50
@philipp:xndr.dephilipp * Touched up the conduit module for 0.2.0. Maybe now would be a good time to get it merged to unstable.10:09:08
@sumner:sumnerevans.com@sumner:sumnerevans.com ma27: I created the backport PR: https://github.com/NixOS/nixpkgs/pull/136481 15:11:18
3 Sep 2021
@cw:kernelpanic.cafecw (novus ordo seclorum) changed their display name from cw (just got delta) to cw (novus ordo seclorum).07:41:32
@sam:m.topoi.devsam changed their display name from stites to sam.16:05:05
10 Sep 2021
@florian:wolkenplanet.deFlorian Pre-disclosure: upcoming critical fix for several popular Matrix clients 16:04:58
@ma27:nicht-so.sexyma27ah you were faster, just got an email from element for that :) 18:09:51
11 Sep 2021
@philipp:xndr.dephilipp ma27: Do you know which clients are affected? Nheko doesn't seem to be (in stable) as per devs in their channel. 11:25:44
@ma27:nicht-so.sexyma27

Since there's also an official announcement, I guess it's OK to share the email here:

Hi,

I'm Denis, a security researcher at Element. I'm emailing you because I determined you are a package maintainer for either Element Web/Desktop or matrix-js-sdk based on information from repology.org.

I'm writing to inform you that there will be a coordinated security release for a critical flaw happening on Monday, Sep 13th for several Matrix clients/libraries, including Element Web/Desktop and matrix-js-sdk.
+See https://matrix.org/blog/2021/09/10/pre-disclosure-upcoming-critical-fix-for-several-popular-matrix-clients.

We apologize for the rather short notice -- various factors prevented us from reaching out earlier.

Kind regards,
Denis

if nheko uses the matrix-js-sdk, they may be affected as well from my understanding

11:27:44
@philipp:xndr.dephilippThanks! Good to know.11:31:37
@jamie:memes.nzJamie joined the room.11:36:48
@sushi_dude:matrix.orgSushi Dude joined the room.11:37:02
@em:queersin.spaceEmelie joined the room.11:44:53

There are no newer messages yet.


Back to Room ListRoom Version: 4