star_cloud has quit [Ping timeout: 268 seconds]
cole-h has quit [Ping timeout: 268 seconds]
ris has quit [Ping timeout: 240 seconds]
rajivr has joined #nixos-security
star_cloud has joined #nixos-security
lejonet has quit [Ping timeout: 265 seconds]
lejonet has joined #nixos-security
cole-h has joined #nixos-security
<
supersandro2000>
stigo: ^
cole-h has quit [Ping timeout: 268 seconds]
stigo has quit [Ping timeout: 260 seconds]
stigo has joined #nixos-security
<
stigo>
supersandro2000: interesting, thx.
<
stigo>
i'd think these issues should have CVEs assigned, imho
<
hexa->
not our job
<
hexa->
ok, that's not entirley correct
<
hexa->
can we get these fixes in though?
<
stigo>
patching Net-CIDR-Lite now
<
stigo>
emailed upstream
<
hexa->
not really capable of reviewing perl :)
FRidh has joined #nixos-security
<
supersandro2000>
its pretty easy. it is just a regex which checks if the first digit begind with a 0
<
supersandro2000>
*any digit
asymmetric has quit [Remote host closed the connection]
asymmetric has joined #nixos-security
<
hexa->
how do we get rid of the buggy node package now?
<
hexa->
run ./generate.sh and pray?
<
supersandro2000>
and then run nixpkgs-review [wip| rev HEAD|pr XXXX --eval local]
<
{^_^}>
#112831 (by SuperSandro2000, 6 weeks ago, open): Automatically update nodePackages
<
hexa->
I don't like the way we handle node-packages
<
hexa->
I'm not sure automating the mess is a good solution
<
supersandro2000>
Running it locally takes ~ twice the amount of time
<
supersandro2000>
and trusting random people is worse than trusting the runner
<
supersandro2000>
I don't like it either but yeah..
<
hexa->
(1 of 5 netmask consumers switched to 2.0.1)
<
hexa->
and that consumer is webtorrent-cli
<
hexa->
kudos to webtorrent-cli
<
hexa->
which hasn't updated since november 2020 …
<
supersandro2000>
thats a coffesript library in npm. How is that related to perl? Did it copy also the bugs.
<
hexa->
the original CVE was for nodes netmask library
<
hexa->
that in turn said they lifted most of the logic from a perl library
<
supersandro2000>
oh, nice
anselmolsm has joined #nixos-security
ris has joined #nixos-security
Synthetica has joined #nixos-security
<
hexa->
merging when ci succeeds
rajivr has quit [Quit: Connection closed for inactivity]
<
ris>
#118097 phew.
<
{^_^}>
ris's karma got increased to 0o6
<
hexa->
after dinner :p
cole-h has joined #nixos-security
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixos-security
supersandro2000 has joined #nixos-security
bbigras has left #nixos-security ["User left"]
supersandro2000 has quit [Remote host closed the connection]
FRidh has quit [Quit: Konversation terminated!]
supersandro2000 has joined #nixos-security
blueberrypie7 has joined #nixos-security
edef_ has joined #nixos-security
edef_ is now known as edef
edef has quit [Killed (beckett.freenode.net (Nickname regained by services))]
blueberrypie has quit [Quit: Ping timeout (120 seconds)]
IdleBot_407f9721 has quit [Ping timeout: 265 seconds]
blueberrypie7 is now known as blueberrypie
energizer has quit [Ping timeout: 265 seconds]
IdleBot_d6dff8fb has joined #nixos-security
IdleBot_0ca1d906 has joined #nixos-security
IdleBot_8e3e97e9 has quit [Ping timeout: 240 seconds]
energizer has joined #nixos-security
cjb has joined #nixos-security
cjb is now known as Guest32178
Guest32178 is now known as cjb
cjb has quit [Quit: brb]
cjb has joined #nixos-security
Synthetica has quit [Quit: Connection closed for inactivity]
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-security