<andi->
so by verifying my initial reaction back then I figured that the NVD Database has a huge dispair of information in the JSON vs the XML databases.. Means I'll implement the XML thingy now for my usage... :/
ckauhaus has joined #nixos-security
ckauhaus is now known as ckauhaus|away
ckauhaus|away is now known as ckauhaus
<ckauhaus>
hi
<ckauhaus>
andi-: got an idea where to begin?
<andi->
ckauhaus: I started off by looking at one of my older issues #33876
<andi->
I have that ready to commit here.. just did a brief detour into XML parsing for completness of my database..
<ckauhaus>
sounds good
<andi->
briefly went through my mails and didn't find anything particular interesting. There is the new poppler issue we should check out CVE-2018-13988
<andi->
our java versions if you are up for such dirty stuff ;)
<ckauhaus>
uh-oh
<ckauhaus>
well... I've nearly no experience with Java, so I might not be the right guy for that
<andi->
I think java6 is at update 201, 6 at 191 and 8 at u181...
<ckauhaus>
I'd rather have a look at poppler
<andi->
ok
<andi->
I'll look at the java foo.. can't be that hard..
<andi->
oh, just noticed that java 7 was dropped in April \o/
<andi->
and java 10 seems super easy compared to the 10+ tar archive openjdk6 we had..
<ckauhaus>
yeah - we (@FCIO) had even problems getting a working download address for Java 7
<andi->
I wonder if bootstrapping & cross compiling is easier with java10... I spent january trying to compile (without binary bootstrap) on aarch64..
<ckauhaus>
andi-: any idea why nixos-unstable / nixpkgs-unstable are more than a week behind on https://nixos.org/channels/?
<ckauhaus>
is there a known problem with Hydra?
<andi->
there was the same question in #nixos-dev yesterday, I didn't pay attention..
<ckauhaus>
not totally - tetex uses an older version
<ckauhaus>
I gonna check that out
<ckauhaus>
see all-packages.nix line 11534 ff
<ckauhaus>
and libreoffice-still
<ckauhaus>
no idea what that should be good for anyway
<andi->
well there is a few decisions we have to make then: a) can we apply a patch for issues inthat old version? b) create an issue on GH c) try updating some packsges to newer poppler versions?
<ckauhaus>
the latex comment in all-packages says that a newer poppler version than 0.64 will probably do
<ckauhaus>
I'd just give it a shot
<andi->
ok
<ckauhaus>
re libreoffice-still - I'd rather pull the patch into 0.61
<ckauhaus>
really don't like compiling libreoffice
<ckauhaus>
at least not on my notebook
<andi->
I can give it a shot on one of my machines..
<ckauhaus>
ok, why not
<ckauhaus>
compiling texlive is only marginally better
* ckauhaus
is moving on to a more capable server
<andi->
Upgrading & testing java is easy.. collecting the exact list of things that were fixed is the hard work the CPE search of NIST is letting me down..
<ckauhaus>
poppler 0.68 is out - I think I'll bump the version while I'm at it
<andi->
ok, libreoffice doesn't find headers when built using the newer poppler.. I guess that means we try to port that patch, as you said.
<ckauhaus>
ok
<andi->
Probably the most important change in that OpenJDK update: tzdata update: North Korea switches back to +09 on 2018-05-05.
<ckauhaus>
heh
<ckauhaus>
poppler-0.68 fails with ../poppler/JPEG2000Stream.cc:20:10: fatal error: openjpeg.h: No such file or directory
<ckauhaus>
#include <openjpeg.h>
<ckauhaus>
the changelog says "Use OpenJpeg cmake config file instead of pkgconfig"
<ckauhaus>
andi-: do you have experience with inserting cmake config files?
<ckauhaus>
otherwise, I'll figure out
<andi->
I've been doing Cmake all week long at the office.. I can have a look after I figured out if this openjdk10 really still works
<andi->
our openjpeg-dev contains no cmake files (as you probably figured)
<ckauhaus>
yeah
<ckauhaus>
perhaps we stick to 0.67 right now
<ckauhaus>
seems to be a separate topic
<andi->
it is in the `$out` output :/ I have the same issue with yaml-cpp... that must be fixed in many expressions
<andi->
yeah, open an issue I'd say?
<ckauhaus>
please go ahead
<andi->
wrote it down in my notepad, doing the mac openjdk now..
<andi->
IIRC our mysql55 also has a few scary things that should be looked into. It isn't default anymore (we are referring to mariadb) as I learned so probably not as important as it sounds.
<ckauhaus>
texlive won't compile with poppler 0.67
<ckauhaus>
so I'd just include the patch into 0.61 and that's it
<ckauhaus>
I'll prepare a PR tomorrow... quite tired right now
<andi->
ok
<andi->
I am working on openjpeg while this mac box boots..
<ckauhaus>
sounds good
<ckauhaus>
I'll let texlive and libreoffice compile over night
<andi->
ok
ckauhaus is now known as ckauhaus|away
<gchristensen>
NixOS's ofborg infrastructure is undergoing a bit of a risky update. Hopefully nothing goes wrong. I'll keep you posted. See #nixos-borg for finer grained updates. Things _will_ be broken for at least a few minutes, but hopefully _only_ a few minutes.
<gchristensen>
OfBorg is back! Thank you for your patience!