Skip to content

bindle: drop #455361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 25, 2025
Merged

bindle: drop #455361

merged 2 commits into from
Oct 25, 2025

Conversation

@bengsparks
Copy link
Contributor

@bengsparks bengsparks commented Oct 24, 2025

Tracking issue #455265

$ nix-build -A bindle
       error: bindle has been removed since it is vulnerable to CVE-2025-62518 and upstream has been archived

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Oct 24, 2025
@niklaskorz niklaskorz mentioned this pull request Oct 24, 2025
Closed
15 tasks
niklaskorz
niklaskorz reviewed Oct 24, 2025
View reviewed changes
@niklaskorz niklaskorz added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Oct 25, 2025
@bengsparks bengsparks mentioned this pull request Oct 25, 2025
Merged
13 tasks
@mdaniels5757 mdaniels5757 added the 8.has: clean-up This PR removes packages or removes other cruft label Oct 25, 2025
@nixpkgs-ci nixpkgs-ci bot added the 12.approvals: 1 This PR was reviewed and approved by one person. label Oct 25, 2025
@dotlambda dotlambda requested review from amaxine and kashw2 October 25, 2025 19:40
dotlambda
dotlambda approved these changes Oct 25, 2025
View reviewed changes
Copy link
Member

@dotlambda dotlambda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could first mark it vulnerable and then drop it, which would allow cherry-picking that first commit on 25.05.

@nixpkgs-ci nixpkgs-ci bot added 12.approvals: 2 This PR was reviewed and approved by two persons. and removed 12.approvals: 1 This PR was reviewed and approved by one person. labels Oct 25, 2025
@bengsparks
Copy link
Contributor Author

bengsparks commented Oct 25, 2025

@dotlambda that is a neat trick indeed, I'll apply it now

@dotlambda dotlambda added this pull request to the merge queue Oct 25, 2025
Merged via the queue into NixOS:master with commit df7b14c Oct 25, 2025
26 of 30 checks passed
@bengsparks bengsparks deleted the bindle-cve branch October 25, 2025 22:03
@mdaniels5757 mdaniels5757 added the 8.has: port to stable This PR already has a backport to the stable release. label Nov 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@niklaskorz niklaskorz niklaskorz left review comments

@dotlambda dotlambda dotlambda approved these changes

@kashw2 kashw2 Awaiting requested review from kashw2

@amaxine amaxine Awaiting requested review from amaxine

+1 more reviewer

@mdaniels5757 mdaniels5757 mdaniels5757 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: clean-up This PR removes packages or removes other cruft 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. 12.approvals: 2 This PR was reviewed and approved by two persons.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bengsparks @niklaskorz @dotlambda @mdaniels5757