gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
sjkelly1 has joined #nixos-security
queiw has quit [Ping timeout: 244 seconds]
tokudan has quit [*.net *.split]
hexa- has quit [*.net *.split]
sphalerite has quit [*.net *.split]
hax404 has quit [*.net *.split]
haiko has quit [*.net *.split]
zimbatm has quit [*.net *.split]
gchristensen has quit [*.net *.split]
samueldr has quit [*.net *.split]
craige has quit [*.net *.split]
c74d has quit [*.net *.split]
aminechikhaoui has quit [*.net *.split]
ris has quit [*.net *.split]
edef has quit [*.net *.split]
arianvp has quit [*.net *.split]
alexbakker has quit [*.net *.split]
colemickens has quit [*.net *.split]
flx has quit [*.net *.split]
IdleBot_2e4f9b4b has quit [*.net *.split]
pie_ has quit [*.net *.split]
tv has quit [*.net *.split]
WilliButz has quit [*.net *.split]
tilpner has quit [*.net *.split]
vesper11 has quit [*.net *.split]
globin has quit [*.net *.split]
kalbasit has quit [*.net *.split]
spacekookie has quit [*.net *.split]
andi- has quit [*.net *.split]
thefloweringash has quit [*.net *.split]
Yakulu[m] has quit [*.net *.split]
Foxboron has quit [*.net *.split]
lassulus has quit [*.net *.split]
lejonet has quit [*.net *.split]
swapgs has quit [*.net *.split]
n3t has quit [*.net *.split]
lukegb has quit [*.net *.split]
infinisil has quit [*.net *.split]
{^_^} has quit [*.net *.split]
davidtwco has quit [*.net *.split]
Valodim has quit [*.net *.split]
flokli has quit [*.net *.split]
V has quit [*.net *.split]
kgz has quit [*.net *.split]
c4rc4s has quit [*.net *.split]
sjkelly1 has quit [*.net *.split]
justanotheruser has quit [*.net *.split]
LnL has quit [*.net *.split]
stigo has quit [*.net *.split]
ajs124 has quit [*.net *.split]
primeos has quit [*.net *.split]
garbas has quit [*.net *.split]
qyliss has quit [*.net *.split]
elvishjerricco has quit [*.net *.split]
nh2 has quit [*.net *.split]
JJJollyjim has quit [*.net *.split]
danielrf[m] has quit [*.net *.split]
Guest10762 has quit [*.net *.split]
prusnak has quit [*.net *.split]
elvishjerricco has joined #nixos-security
kgz has joined #nixos-security
c4rc4s has joined #nixos-security
globin has joined #nixos-security
tokudan has joined #nixos-security
WilliButz has joined #nixos-security
aanderse has quit [Read error: Connection reset by peer]
aanderse has joined #nixos-security
tokudan[m] has joined #nixos-security
colemickens has joined #nixos-security
JJJollyjim has joined #nixos-security
bbigras has joined #nixos-security
danielrf[m] has joined #nixos-security
Yakulu[m] has joined #nixos-security
thefloweringash has joined #nixos-security
tokudan[m] has quit [Quit: Idle for 30+ days]
spacekookie has joined #nixos-security
andi- has joined #nixos-security
sjkelly1 has joined #nixos-security
justanotheruser has joined #nixos-security
kalbasit has joined #nixos-security
<hexa-> thx, just saw it on dsa :)
<flokli> is there nayone wo can take a look at the nss update (https://github.com/NixOS/nixpkgs/pull/93910)?
<{^_^}> #93910 (by ajs124, 3 days ago, open): nss: 3.54 -> 3.55
<flokli> In the meantime, there's another firefox bump I think
<flokli> and the previous firefox bump hasn't been backported to stable either IIRC
<ajs124> I can confirm to both of those, yes.
<ajs124> https://github.com/helsinki-systems/nixpkgs/pull/new/upd/firefox exists, but I haven't built everything on there yet.
<ajs124> also, #94184
<{^_^}> https://github.com/NixOS/nixpkgs/pull/94184 (by vcunat, 25 minutes ago, open): nss: switch the default to 3.44
<gchristensen> NSS has the most joke description
<gchristensen> security-enabled client and server applications!
<ajs124> man, that library. I can't really blame upstream, but this whole build system + backwards incompatibility thing really makes it hard for me to like them, right now.
<gchristensen> yeah.
<ajs124> also, we need a maintainer team for nss and firefox.
<samueldr> the good news is that we don't have secure boot (yet)
<Foxboron> I'm severely confused about that bug. grub2 never implemented secure boot verification of the loaded kernel/EFI images it boots. They only have gpg verification
<Foxboron> Or is this *only* applicable to the shims several distros provide?
<hexa-> I guess I'll be looking into the grub patches
<hexa-> if nobody else has done so
<hexa-> ah lovely, they don't apply cleanly on 2.04
<Foxboron> Oh, they just published patches and no release
<Foxboron> that is lovely
<hexa-> it is
<hexa-> |
<hexa-> I am going to go back to GRUB work next week. I will triage all the patches
<hexa-> and take all (obvious) fixes. Then I will release rc1 ASAP... All new features
<hexa-> will be taken after 2.06 release.
<hexa-> ^ daniel kiper
<hexa-> hm, guess I'll piggyback on some other distro
<hexa-> debian, gentoo, arch are all not there yet
<andi-> Everyone talking about exploiting secureboot with grub... why not just ensure the root device is missing to get a grub resuce shell *shrugs*