#nixos-security on 2020-03-10

2019-04-23 19:29 gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh

00:21 {^_^} has quit [Remote host closed the connection]

00:22 {^_^} has joined #nixos-security

02:42 anselmolsm_ has quit [Quit: Konversation terminated!]

05:21 zarel_ has quit [Ping timeout: 265 seconds]

05:25 zarel has joined #nixos-security

06:39 hmpffff has joined #nixos-security

07:07 kleisli has quit [Ping timeout: 256 seconds]

07:44 hmpffff has quit [Quit: nchrrrr…]

08:11 ris has quit [Ping timeout: 265 seconds]

09:32 KeiraT has quit [Remote host closed the connection]

09:33 KeiraT has joined #nixos-security

09:49 <tokudan[m]> could someone look at https://github.com/NixOS/nixpkgs/pull/82049? it's a backport from unstable to fix a security issue in 19.09

09:49 <{^_^}> #82049 (by tokudan, 1 day ago, open): fetchmail: 6.3.26 to 6.4.2 [19.09] [security]

10:10 hmpffff has joined #nixos-security

10:11 hmpffff has quit [Client Quit]

10:28 hmpffff has joined #nixos-security

12:09 kleisli has joined #nixos-security

14:08 justanotheruser has quit [Ping timeout: 265 seconds]

14:44 justanotheruser has joined #nixos-security

15:03 justanotheruser has quit [Read error: Connection reset by peer]

15:10 <infinisil> "We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page."

15:10 <infinisil> From https://www.mozilla.org/en-US/firefox/74.0/releasenotes/

15:11 <infinisil> Very nice :)

15:11 <andi-> Yeah

15:12 <andi-> Ran into them a bunch already. I hope that helps drive TLS further. On the other hand it is scary what kind of pressure browser vendors (the few we have) do have on everyone.

15:24 hmpffff_ has joined #nixos-security

15:26 hmpffff has quit [Read error: Connection reset by peer]

15:26 justanotheruser has joined #nixos-security

15:28 hmpffff has joined #nixos-security

15:29 hmpffff_ has quit [Ping timeout: 260 seconds]

15:57 <tokudan[m]> andi-: don't know if ff74 needs any more updates besides the new version, so I've started a PR: https://github.com/NixOS/nixpkgs/pull/82257

15:57 <{^_^}> #82257 (by tokudan, 4 minutes ago, open): firefox{,bin}: 73.0.1 -> 74.0

15:57 <tokudan[m]> firefox-bin appears to work fine

15:59 <tokudan[m]> apparently a patch fails

15:59 <andi-> Yeah, we can drop that aarch64 patch now

15:59 <andi-> (that we merged yesterday :D)

16:00 <andi-> This new release cycle of mozilla really hasn't become my habit yet... I wasn't expecting the release this week.

16:02 <tokudan[m]> yay, the build worked for one whole day! =)

16:02 <tokudan[m]> (from yesterday till today)

16:03 <andi-> ha, NSS update required..

16:03 justanotheruser has quit [Ping timeout: 240 seconds]

16:04 justanotheruser has joined #nixos-security

16:05 <tokudan[m]> ah, then I'll let you continue with that. feel free to scrap my PR :)

16:05 <andi-> I'll just go from there

16:06 <tokudan[m]> should I reduce my PR to firefox-bin and you'll do firefox?

16:06 <andi-> That also works

16:06 <andi-> make sure to update the other -bin's as well please

16:06 <andi-> devedition and nightly

16:06 <andi-> as those might carry the same "security" fixes (if any)

16:08 <tokudan[m]> nightly = beta?

16:09 <andi-> Yeah, that makes more sense

16:20 hmpffff_ has joined #nixos-security

16:22 <tokudan[m]> https://github.com/NixOS/nixpkgs/pull/82257 for the three versions of firefox-bin is ready for review/merge

16:22 <{^_^}> #82257 (by tokudan, 29 minutes ago, open): firefox-bin: 73.0.1 -> 74.0

16:23 hmpffff has quit [Ping timeout: 258 seconds]

16:26 <andi-> tokudan[m]: I think firefox-esr-bin is still todo

16:27 <tokudan[m]> nix-repl> firefox-esr-bin

16:27 <tokudan[m]> error: undefined variable 'firefox-esr-bin' at (string):1:1

16:28 <tokudan[m]> I don't see a bin version of firefox-esr in nixpkgs, though I could be blind

16:28 <andi-> nevermind

16:28 <andi-> I am confused (and hungry)

16:46 hmpffff_ has quit [Quit: nchrrrr…]

17:28 kleisli has quit [Ping timeout: 240 seconds]

17:28 Synthetica has joined #nixos-security

17:39 anselmolsm has joined #nixos-security

19:00 hmpffff has joined #nixos-security

19:04 kleisli has joined #nixos-security

19:04 hmpffff has quit [Ping timeout: 272 seconds]

19:09 ris has joined #nixos-security

19:13 kleisli has quit [Remote host closed the connection]

19:14 kleisli has joined #nixos-security

19:16 hmpffff has joined #nixos-security

19:17 kleisli has quit [Remote host closed the connection]

19:18 kleisli has joined #nixos-security

19:22 justanotheruser has quit [Ping timeout: 272 seconds]

19:37 hmpffff has quit [Ping timeout: 256 seconds]

19:38 hmpffff has joined #nixos-security

20:10 kleisli has quit [Ping timeout: 260 seconds]

22:29 <andi-> anyone up for a review of the stable version bumps? https://github.com/NixOS/nixpkgs/pull/82280

22:29 <{^_^}> #82280 (by andir, 1 hour ago, open): [19.09] firefox: 73.0.1 -> 74.0, firefox-esr-68: 68.5.0esr -> 68.6.0esr, -bin updates

22:29 <andi-> I'll do 20.03 only tomorrow.. Gotta do something else now :)

23:52 justanotheruser has joined #nixos-security