Commit 41a4bb5a authored by Benjamin Sparks's avatar Benjamin Sparks
Browse files

orogene: drop 

Vulnerable to CVE-2025-62518 without replacement
parent 994e3e23

pkgs/by-name/or/orogene/package.nix

deleted100644 → 0
+0 −61
Original line number Diff line number Diff line 
{

  lib,

  rustPlatform,

  fetchFromGitHub,

  pkg-config,

  openssl,

  versionCheckHook,

}:



rustPlatform.buildRustPackage rec {

  pname = "orogene";

  version = "0.3.34";



  src = fetchFromGitHub {

    owner = "orogene";

    repo = "orogene";

    tag = "v${version}";

    hash = "sha256-GMWrlvZZ2xlcvcRG3u8jS8KiewHpyX0brNe4pmCpHbM=";

    fetchSubmodules = true;

  };



  cargoPatches = [

    # Workaround to avoid "error[E0282]"

    # ref: https://github.com/orogene/orogene/pull/315

    ./update-outdated-lockfile.patch

  ];



  cargoHash = "sha256-I08mqyogEuadp+V10svMmCm0i0zOZWiocOpM9E3lgag=";



  nativeBuildInputs = [

    pkg-config

  ];



  buildInputs = [

    openssl

  ];



  preCheck = ''

    export CI=true

    export HOME=$(mktemp -d)

  '';



  doInstallCheck = true;

  nativeInstallCheckInputs = [

    versionCheckHook

  ];

  versionCheckProgram = "${placeholder "out"}/bin/oro";

  versionCheckProgramArg = "--version";



  meta = with lib; {

    description = "Package manager for tools that use node_modules";

    homepage = "https://github.com/orogene/orogene";

    changelog = "https://github.com/orogene/orogene/blob/${src.rev}/CHANGELOG.md";

    license = with licenses; [

      asl20

      isc

    ];

    maintainers = with maintainers; [ figsoda ];

    mainProgram = "oro";

  };

}

pkgs/by-name/or/orogene/update-outdated-lockfile.patch

deleted100644 → 0
+0 −3785

File deleted.

Preview size limit exceeded, changes collapsed.

pkgs/top-level/aliases.nix

+1 −0
Original line number Diff line number Diff line
@@ -2030,6 +2030,7 @@ mapAliases { 
  openvdb_11 = throw "'openvdb_11' has been removed in favor of the latest version'"; # Added 2025-05-03

  opera = throw "'opera' has been removed due to lack of maintenance in nixpkgs"; # Added 2025-05-19

  orchis = throw "'orchis' has been renamed to/replaced by 'orchis-theme'"; # Converted to throw 2024-10-17

  orogene = throw "'orogene' uses a wasm-specific fork of async-tar that is vulnerable to CVE-2025-62518, which is not supported by its upstream"; # Added 2025-10-24

  ortp = throw "'ortp' has been moved to 'linphonePackages.ortp'"; # Added 2025-09-20

  omping = throw "'omping' has been removed because its upstream has been archived"; # Added 2025-05-10

  onlyoffice-bin = onlyoffice-desktopeditors; # Added 2024-09-20