!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

739 Members
Coordination and triage of security issues in nixpkgs226 Servers

Load older messages

SenderMessageTime
29 Apr 2026
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2026/04/29/1 starman stigo 00:19:07
@stigo:matrix.orgstigohttps://github.com/NixOS/nixpkgs/pull/51460100:52:28
@hexa:lossy.networkhexa Scrumplex curl 07:44:43
@hexa:lossy.networkhexaRedacted or Malformed Event07:45:11
@samuel.dionne-riel:cyberus-technology.deSamuel Dionne-Rielhttps://github.com/NixOS/nixpkgs/pull/51406313:01:15
@stigo:matrix.orgstigohttps://github.com/NixOS/nixpkgs/pull/514747 <-- perlPackages.TextCSV_XS14:35:51
@brett:librum.orgbrett 💕 joined the room.21:08:26
@stigo:matrix.orgstigohttps://github.com/NixOS/nixpkgs/pull/514896 <-- perlPackages.Plack23:42:27
30 Apr 2026
@sigmasquadron:matrix.orgFernando Rodrigueshttps://github.com/NixOS/nixpkgs/pull/514428 | Xen Security Advisories #483-488 (when applicable)06:24:34
@vcunat:matrix.orgvcunathttps://lists.gnutls.org/pipermail/gnutls-help/2026-April/004922.html07:34:27
@vcunat:matrix.orgvcunat(I can have a look later to update.)07:34:44
@vcunat:matrix.orgvcunatI don't see this mentioned in nixpkgs issues+PRs yet: https://copy.fail08:17:44
@vcunat:matrix.orgvcunat(kernel, CVE-2026-31431)08:18:01
@leona:leona.isleona it's discussed heavly over in #security-discuss:nixos.org 08:18:05
@leona:leona.isleona(we wait for the 6.12 release, greg will do sometime today likely)08:18:20
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/51501609:20:14
@autra:trancart.euautra joined the room.10:20:43
@autra:trancart.euautraI'm not on the ML, but I could reproduce the copy.fail issue10:36:45
@hexa:lossy.networkhexa #security-discuss:nixos.org 10:38:54
@hexa:lossy.networkhexaRedacted or Malformed Event10:39:06
@sigmasquadron:matrix.orgFernando Rodrigues * 10:58:37
@enzime:nixos.devEnzime joined the room.12:52:46
@enzime:nixos.devEnzime hexa could you take a look at this PR? it removes DHE from nginx: https://github.com/NixOS/nixpkgs/pull/515057 12:54:04
@hexa:lossy.networkhexawe're in breaking changes freeze unfortunately12:54:31
@hexa:lossy.networkhexaRedacted or Malformed Event12:54:41
@enzime:nixos.devEnzime
In reply to @hexa:lossy.network
we're in breaking changes freeze unfortunately, so removing the option now is not ok.
should we merge the first commit now? 		12:56:37
@enzime:nixos.devEnzimeand then leave the dropping the NixOS option till after the freeze?12:56:59
@enzime:nixos.devEnzime* and then leave dropping the NixOS option till after the freeze?12:57:05
@hexa:lossy.networkhexaDHE will only be used with dhparams anyway, so I hoped the warning would be sufficient12:59:03
@enzime:nixos.devEnzimejust investigated further, it doesn't matter if the first commit is merged now as nginx will just disable DHE if DH params are not configured https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam13:22:10

Show newer messages

Back to Room ListRoom Version: 6