gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
MichaelRaskin has joined #nixos-security
hmpffff has joined #nixos-security
hmpffff has quit [Quit: nchrrrr…]
ivan has quit [Write error: Connection reset by peer]
ivan has joined #nixos-security
hmpffff has joined #nixos-security
hmpffff has quit [Quit: nchrrrr…]
MichaelRaskin has quit [Ping timeout: 245 seconds]
MichaelRaskin has joined #nixos-security
hmpffff has joined #nixos-security
<ris> #73555
<{^_^}> https://github.com/NixOS/nixpkgs/pull/73555 (by risicle, 14 seconds ago, open): dpdk: 19.08 -> 19.08.2, 17.11.6 -> 17.11.9, addressing CVE-2019-14818
hmpffff has quit [Quit: nchrrrr…]
<{^_^}> #73186 (by flokli, 6 days ago, open): dpdk: build with meson, odp-dpdk: -> 1.22.0.0
<ris> ah
<ris> ok will investigate
<flokli> I mean, we could keep the stuff from the PR for the 19.09 backport
<flokli> but the dpdk build is pretty messy in current master
<flokli> We could also merge in your bump, and then I'll rebase on top of that.
<flokli> might make backporting easier.
<flokli> also note that ceph might be affected too - they seem to be using their own bundled spdk in some configurations.
<flokli> (I stumbled over all this while working towards ceph on aarch64…)
<flokli> yeah, let's merge and backport #73555, and rebase #73186 on top of that.
<{^_^}> https://github.com/NixOS/nixpkgs/pull/73555 (by risicle, 13 minutes ago, open): dpdk: 19.08 -> 19.08.2, 17.11.6 -> 17.11.9, addressing CVE-2019-14818
<{^_^}> https://github.com/NixOS/nixpkgs/pull/73186 (by flokli, 6 days ago, open): dpdk: build with meson, odp-dpdk: -> 1.22.0.0
<ris> any reason it's going to 18.11.3 when 18.11.5 is available?
<ris> hmm yes ceph hadn't looked into that
<ris> (trying to make a storage cluster on rpis by any chance?)
<flokli> ris: yes, basically that :-)
<ris> neato
<flokli> It's still a long road until then
<flokli> basically, patching the ceph build system to use more in-nixpkgs packages (because cross works there)
<flokli> and fixing and cross-enabling the in-nixpkgs packages before that
hmpffff has joined #nixos-security
<flokli> ok, rebased on top of #73555. did you open a backport PR yet?
<{^_^}> https://github.com/NixOS/nixpkgs/pull/73555 (by risicle, 22 minutes ago, merged): dpdk: 19.08 -> 19.08.2, 17.11.6 -> 17.11.9, addressing CVE-2019-14818
<ris> not yet you're too fast
<ris> i'm looking at dropping a message in the ceph issue tracker to the effect of "you've bundled dpdk in your code, it is your responsibility to update to a non-vulnerable version and release stable backports where applicable"
<flokli> that would be <3
<flokli> it seems there's ways so build it with a pkg-config provided dpdk, but at least for spdk, this doesn't seem to be possible
<flokli> and I'm not sure how it's usually packaged downstream
<ris> ceph issue tracker: Due to an influx in spam, new user accounts have to be manually approved. We do our best to check and approve accounts within 1 business day.
<ris> nice
<ris> i'll handle 19.03
<flokli> lol
vesper11 has quit [Quit: ZNC 1.7.4 - https://znc.in]
vesper11 has joined #nixos-security
vesper11 has quit [Read error: Connection reset by peer]
vesper11 has joined #nixos-security
WilliButz has quit [Remote host closed the connection]
WilliButz has joined #nixos-security
<ris> #73573
<{^_^}> https://github.com/NixOS/nixpkgs/pull/73573 (by risicle, 1 minute ago, open): libextractor: add patch for CVE-2019-15531
vesper11 has quit [Read error: Connection reset by peer]
vesper11 has joined #nixos-security
tv has quit [Ping timeout: 246 seconds]
tv has joined #nixos-security
hmpffff has quit [Quit: nchrrrr…]