gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
Henson has quit [Remote host closed the connection]
Henson has joined #nixos-security
<Henson> ok, here's a wrinkle in the openssh_hpn thing I was asking about earlier. I made a mistake in that hpnSupport=true uses version 7.8p1 of OpenSSH, and my CVE patches for 7.9p1 were not being enabled conditionally on the version being 7.9p1, which is why they weren't applying to the hpnSupport source.
<Henson> but an underlying question still remains, do we keep the hpnSupport flag in the openssh package which automatically switches it back to version 7.8p1, do we move the hpnSupport logic into the openssh_hpn package which is forever stuck at 7.8p1, or do we just get rid of hpnSupport and openssh_hpn altogether?
<Henson> I think what I'll do it this: make openssh_hpn a full derivation in its own right (not being an override of openssh with hpnSupport=true), and make openssh be 7.9p1 without the hpnSupport logic. That way it simplifies openssh, allows upstream patches to be applied easily, and will allow it to progress to version 8.0 at some point in time. If somebody later decides hpnSupport is no longer...
<Henson> required and wants to remove it, then they just have to get rid of the openssh_hpn derivation and nothing else is affected.
Henson is now known as HensonGarbage
HensonGarbage is now known as Henson
Henson has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
tilpner has joined #nixos-security
tilpner_ has quit [Remote host closed the connection]
tokudan has quit [Quit: ZNC 1.7.3 - https://znc.in]
tokudan has joined #nixos-security
pietranera has joined #nixos-security
<pietranera> https://seclists.org/oss-sec/2019/q3/126 "wpa_supplicant/hostapd: SAE/EAP-pwd side-channel attack update" - more patches for better mitigation.
<ivan> I made untested chromium PRs because they probably work and I might be offline
<andi-> ivan: thanks, I am reviewing the 19.03 PR right now
sugi[m] has quit [Write error: Connection reset by peer]
timokau[m] has quit [Read error: Connection reset by peer]
timokau[m] has joined #nixos-security
pietranera has quit [Quit: Leaving.]
{^_^} has quit [Remote host closed the connection]
{^_^} has joined #nixos-security
sugi[m] has joined #nixos-security
justanotheruser has quit [Ping timeout: 268 seconds]
justanotheruser has joined #nixos-security