Skip to content

[Backport staging-24.11] perl: apply patch for CVE-2025-40909#412295

Merged
leona-ya merged 1 commit intostaging-24.11from
backport-412233-to-staging-24.11
May 30, 2025
Merged

[Backport staging-24.11] perl: apply patch for CVE-2025-40909#412295
leona-ya merged 1 commit intostaging-24.11from
backport-412233-to-staging-24.11

Conversation

@nixpkgs-ci
Copy link
Contributor

@nixpkgs-ci nixpkgs-ci bot commented May 30, 2025

Bot-based backport to staging-24.11, triggered by a label in #412233.

  • Before merging, ensure that this backport is acceptable for the release.
    • Even as a non-committer, if you find that it is not acceptable, leave a comment.

@nixpkgs-ci nixpkgs-ci bot added the 1.severity: security Issues which raise a security issue, or PRs that fix one label May 30, 2025
@nixpkgs-ci nixpkgs-ci bot mentioned this pull request May 30, 2025
Merged
13 tasks
@github-actions github-actions bot added the 4.workflow: backport This targets a stable branch label May 30, 2025
@nix-owners nix-owners bot requested review from marcusramberg, stigtsp and zakame May 30, 2025 10:00
@github-actions github-actions bot added 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. labels May 30, 2025
@leona-ya
Copy link
Member

leona-ya commented May 30, 2025
edited
Loading

cc @wolfgangwalther for the cherry-pick error. Same for #412296. Also tried a restart, but didn't fix that one. I guess this is because the original PR targeted staging, not master. IMO staging and staging-next are also valid sources for backports to stable staging

@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented May 30, 2025
edited
Loading

Also tried a restart, but didn't fix that one. I guess this is because the original PR targeted staging, not master. IMO staging and staging-next are also valid sources for backports to stable staging

Yes, this was my bad. I accidentally removed staging while adding haskell-updates and python-updates as valid branches. I have a fix in my patch series at #412068 already.

Edit: Although staging-next was never in there. Maybe we should add that, too...

@wolfgangwalther wolfgangwalther mentioned this pull request May 30, 2025
Merged
1 task
@stigtsp @wolfgangwalther
perl: apply patch for CVE-2025-40909
edff17d 
(cherry picked from commit 88c1caa)
@wolfgangwalther wolfgangwalther force-pushed the backport-412233-to-staging-24.11 branch from 0ad0ca7 to edff17d Compare May 30, 2025 11:23
@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented May 30, 2025

I rebased after fixing the pickable branches, the cherry-picks job should now pass.

@leona-ya leona-ya merged commit 90c6cc5 into staging-24.11 May 30, 2025
14 of 17 checks passed
@leona-ya leona-ya deleted the backport-412233-to-staging-24.11 branch May 30, 2025 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leona-ya leona-ya leona-ya approved these changes

@marcusramberg marcusramberg Awaiting requested review from marcusramberg

@stigtsp stigtsp Awaiting requested review from stigtsp

@zakame zakame Awaiting requested review from zakame

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 4.workflow: backport This targets a stable branch 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@leona-ya @wolfgangwalther @stigtsp