Skip to content

orogene: drop#455328

Merged
niklaskorz merged 1 commit intoNixOS:masterfrom
bengsparks:orogene-cve
Oct 26, 2025
Merged

orogene: drop#455328
niklaskorz merged 1 commit intoNixOS:masterfrom
bengsparks:orogene-cve

Conversation

@bengsparks
Copy link
Contributor

@bengsparks bengsparks commented Oct 24, 2025
edited by niklaskorz
Loading

Tracking Issue: #455265

Vulnerable to CVE-2025-62518 without replacement.

$ nom-build -A orogene
error: 'orogene' uses a wasm-specific fork of async-tar that is vulnerable to CVE-2025-62518, which is not supported by its upstream

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@bengsparks
orogene: drop
41a4bb5 
Vulnerable to CVE-2025-62518 without replacement
@bengsparks bengsparks added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Oct 24, 2025
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Oct 24, 2025
@nix-owners nix-owners bot requested a review from figsoda October 24, 2025 18:56
@niklaskorz niklaskorz mentioned this pull request Oct 24, 2025
Closed
15 tasks
@mdaniels5757 mdaniels5757 mentioned this pull request Oct 25, 2025
Merged
13 tasks
@nixpkgs-ci nixpkgs-ci bot added the 12.approvals: 1 This PR was reviewed and approved by one person. label Oct 25, 2025
@mdaniels5757 mdaniels5757 added the 8.has: clean-up This PR removes packages or removes other cruft label Oct 25, 2025
niklaskorz
niklaskorz approved these changes Oct 26, 2025
View reviewed changes
Copy link
Member

@niklaskorz niklaskorz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't expect a timely review by figsoda who's last review on nixpkgs was in February 2024, so I'll go ahead and merge this

@niklaskorz niklaskorz added this pull request to the merge queue Oct 26, 2025
Merged via the queue into NixOS:master with commit e2e2304 Oct 26, 2025
35 of 37 checks passed
@mdaniels5757 mdaniels5757 mentioned this pull request Oct 26, 2025
Merged
2 tasks
@mdaniels5757 mdaniels5757 added the 8.has: port to stable This PR already has a backport to the stable release. label Nov 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@niklaskorz niklaskorz niklaskorz approved these changes

@mdaniels5757 mdaniels5757 mdaniels5757 approved these changes

@figsoda figsoda Awaiting requested review from figsoda

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: clean-up This PR removes packages or removes other cruft 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bengsparks @niklaskorz @mdaniels5757