GNU bug report logs -
#74984
[PATCH] gnu: age: Patch for security vulnerability
Previous Next
Reported by: Ashish SHUKLA <ashish.is <at> lostca.se>
Date: Thu, 19 Dec 2024 23:00:02 UTC
Severity: normal
Tags: patch
Done: Hilton Chain <hako <at> ultrarare.space>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 74984 in the body.
You can then email your comments to 74984 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#74984; Package
guix-patches.
(Thu, 19 Dec 2024 23:00:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ashish SHUKLA <ashish.is <at> lostca.se>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 19 Dec 2024 23:00:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
See https://github.com/advisories/GHSA-32gq-x56h-299c
* gnu/packages/golang-crypto.scm (go-filippo-io-age): [source]
<patches> Add a patch.
Change-Id: I2cf58e864446589d9016415f2400f74797f0f87e
---
gnu/packages/golang-crypto.scm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/golang-crypto.scm b/gnu/packages/golang-crypto.scm
index 0fd96eaa54..dc290635c1 100644
--- a/gnu/packages/golang-crypto.scm
+++ b/gnu/packages/golang-crypto.scm
@@ -44,6 +44,7 @@ (define-module (gnu packages golang-crypto)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix build-system go)
#:use-module (guix gexp)
+ #:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix packages)
#:use-module (guix utils)
@@ -133,7 +134,14 @@ (define-public go-filippo-io-age
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1dms32lxqgjipmlisng7dmy1sdw0qscj43x9lmpadyzbzc64lhrv"))))
+ (base32 "1dms32lxqgjipmlisng7dmy1sdw0qscj43x9lmpadyzbzc64lhrv"))
+ (patches
+ (list
+ ;; https://github.com/advisories/GHSA-32gq-x56h-299c
+ (origin
+ (method url-fetch)
+ (uri "https://github.com/FiloSottile/age/commit/482cf6fc9babd3ab06f6606762aac10447222201.patch")
+ (sha256 (base32 "19lkq2xbv3l0sxp7z9r7qgdi2v18bkaqg9kkyvc3qzyk5nsk56j6")))))))
(build-system go-build-system)
(arguments
(list
base-commit: 07b4b1d055c36c6c61d39273c26974771dbfe805
--
2.47.1
Reply sent
to
Hilton Chain <hako <at> ultrarare.space>:
You have taken responsibility.
(Fri, 20 Dec 2024 17:17:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Ashish SHUKLA <ashish.is <at> lostca.se>:
bug acknowledged by developer.
(Fri, 20 Dec 2024 17:17:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 74984-close <at> debbugs.gnu.org (full text, mbox):
Hi Ashish,
On Fri, 20 Dec 2024 06:58:29 +0800,
Ashish SHUKLA via Guix-patches via wrote:
>
> See https://github.com/advisories/GHSA-32gq-x56h-299c
>
> * gnu/packages/golang-crypto.scm (go-filippo-io-age): [source]
> <patches> Add a patch.
age is updated to 1.2.1 in 7f91b12fe31baa0838ae2e942d4515911e71b137. Closing.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 18 Jan 2025 12:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 153 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.