mart_w, German
@mart_w@chaos.social avatar

As fixes for the current and are not reliably available yet, keep in mind that a workaround exists for those of you who don’t need support for the ISO-2022-CN-EXT character set: https://rockylinux.org/news/glibc-vulnerability-april-2024/

This should be quite straightforward to apply on most machines – except those running . If you do use NixOS, my solution might help you bridge the gap until the proper fix is upstream: https://git.brokentech.cloud/mart-w/nixos-workaround-cve-2024-2961

Thanks @hexa for pointing me in the right direction!

sandro,
@sandro@c3d2.social avatar

@mart_w if you are building your systems via hydra, you must stay away from replaceRuntimeDependencies or you brick you're web ui and build everything in evaluation phase.

mart_w,
@mart_w@chaos.social avatar

@sandro Good to know, thank you! I don't do that, so that isn't relevant to me personally, but I can see how it would impact others. I'll add a notice to the readme.

Do you have a better idea? My initial approach was to use overlays or somehow override glibc for PHP specifically, but being glibc, that would trigger massive builds of otherwise cached packages for a mere config change. That's when I was made aware of replaceRuntimeDependencies, which seemed to be a good tradeoff.

sandro,
@sandro@c3d2.social avatar

@mart_w No, not really. Maybe we could supply Hydra with the configuration without this setting and only apply it when deploying. This should easily be possible.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • php
  • Durango
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • osvaldo12
  • everett
  • Youngstown
  • khanakhh
  • slotface
  • rosin
  • thenastyranch
  • ngwrru68w68
  • kavyap
  • normalnudes
  • megavids
  • ethstaker
  • GTA5RPClips
  • modclub
  • cisconetworking
  • mdbf
  • tacticalgear
  • cubers
  • provamag3
  • tester
  • anitta
  • Leos
  • JUstTest
  • lostlight
  • All magazines
    •