#nixos-security on 2019-07-11

2019-04-23 19:29 gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh

02:46 andi- has quit [Remote host closed the connection]

02:53 andi- has joined #nixos-security

05:28 Yakulu has joined #nixos-security

07:48 hmpffff has joined #nixos-security

07:48 hmpffff has quit [Client Quit]

07:58 hmpffff has joined #nixos-security

08:32 hmpffff has quit [Quit: nchrrrr…]

08:51 hmpffff has joined #nixos-security

12:02 hmpffff_ has joined #nixos-security

12:05 hmpffff_ has quit [Read error: Connection reset by peer]

12:05 hmpffff__ has joined #nixos-security

12:05 hmpffff has quit [Ping timeout: 258 seconds]

12:07 hmpffff__ has quit [Client Quit]

12:18 hmpffff has joined #nixos-security

12:29 hmpffff_ has joined #nixos-security

12:31 hmpffff__ has joined #nixos-security

12:32 hmpffff has quit [Ping timeout: 246 seconds]

12:34 hmpffff_ has quit [Ping timeout: 268 seconds]

12:43 <hexa-> updating fwupd past 1.2.7 has become critical for users of logitech unifying dongles

12:43 hmpffff has joined #nixos-security

12:43 <hexa-> 19.03 is currently stuck with 1.2.3, which exits with an error when a unifying dongle is connected

12:44 <hexa-> master has a pr that would bump it to 1.2.6 which has been stuck for a while https://github.com/NixOS/nixpkgs/pull/56390

12:44 <{^_^}> #56390 (by dtzWill, 19 weeks ago, open): fwupd: 1.2.3 -> 1.2.6

12:45 <hexa-> this is with regard to https://www.cvedetails.com/cve/CVE-2019-13052/

12:45 <hexa-> > Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed.

12:45 <{^_^}> error: syntax error, unexpected IF, expecting ')', at (string):255:49

12:46 hmpffff__ has quit [Ping timeout: 258 seconds]

12:48 <hexa-> my bad, the pr updates to v1.2.8

12:50 <hexa-> which would be fine to get out the firmware fix

13:29 hmpffff_ has joined #nixos-security

13:32 hmpffff has quit [Ping timeout: 245 seconds]

14:38 <hexa-> created an issue as per comment in the pull https://github.com/NixOS/nixpkgs/issues/64631

14:38 <{^_^}> #64631 (by mweinelt, 18 seconds ago, open): fwupd upgrade of Logitech Unifying dongles fails on 19.03

14:53 <gchristensen> hexa-: hmm we should definitely get that out, not good

14:54 <gchristensen> hexa-: you've tested that PR?

14:54 <hexa-> sadly not

14:54 <hexa-> currently at work, but the build process changed a bit wrt 19.03

14:55 <gchristensen> okay

14:55 <gchristensen> so

14:55 <gchristensen> I'm inclined to merge that PR

14:55 <hexa-> worldofpeace stated it's backwards compatibility was los

14:55 <hexa-> s/los/low/

14:55 <gchristensen> maybe you could help by opening the backport PR?

14:55 <hexa-> I can look into that later tonight

14:55 <gchristensen> boy, this is a thorny one

15:14 <hexa-> nah that looks I'm a bit in over my head, sorry

15:49 hmpffff_ has quit [Quit: nchrrrr…]

18:07 hmpffff has joined #nixos-security

20:11 hmpffff_ has joined #nixos-security

20:11 hmpffff has quit [Read error: Connection reset by peer]

22:13 hmpffff_ has quit [Quit: nchrrrr…]

22:37 justanotheruser has quit [Ping timeout: 248 seconds]