From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 19 17:59:17 2024
Received: (at submit) by debbugs.gnu.org; 19 Dec 2024 22:59:17 +0000
Received: from localhost ([127.0.0.1]:40546 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1tOPUD-0001XM-Fe
	for submit@debbugs.gnu.org; Thu, 19 Dec 2024 17:59:17 -0500
Received: from lists.gnu.org ([209.51.188.17]:32916)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ashish.is@lostca.se>) id 1tOPUB-0001XD-N8
 for submit@debbugs.gnu.org; Thu, 19 Dec 2024 17:59:16 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ashish.is@lostca.se>)
 id 1tOPUB-0006cN-GK
 for guix-patches@gnu.org; Thu, 19 Dec 2024 17:59:15 -0500
Received: from anamika.lostca.se ([65.21.75.227])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ashish.is@lostca.se>)
 id 1tOPU9-0006Zh-Bm
 for guix-patches@gnu.org; Thu, 19 Dec 2024 17:59:15 -0500
Received: from localhost.localdomain (unknown
 [IPv6:2a02:9140:3880:ca00:b1ed:eae1:a3ed:ac64])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested) (Authenticated sender: abbe)
 by anamika.lostca.se (Postfix) with ESMTPSA id A7ECF42D7C;
 Thu, 19 Dec 2024 22:58:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lostca.se; s=anamika; 
 t=1734649139;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=T53b6+ysZjhnpNtnWmsYeqoXEdJ7Y/58aPzEh8F3Jo0=;
 b=Mcb12aUuA0u4rDwdzRw/LD//THe9YOTgsYAcd4At00vZhs64anUTQl1kx2Ex4dq3rM/KMp
 rOlSUzCNECkGgjzZoxaXoA8ELPU7WQ5oU57C59FttE6pyfXeiRzWHLNunjexX2D9Nu6LiL
 mQP9J/UjpKOthHOGtB6P6nPTozmADYs=
From: Ashish SHUKLA <ashish.is@lostca.se>
To: guix-patches@gnu.org
Subject: [PATCH] gnu: age: Patch for security vulnerability
Date: Thu, 19 Dec 2024 22:58:29 +0000
Message-ID: <9c76c7c122531bbeab0ad81228ecc7f3f62f3fa2.1734649109.git.ashish.is@lostca.se>
X-Mailer: git-send-email 2.47.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=65.21.75.227; envelope-from=ashish.is@lostca.se;
 helo=anamika.lostca.se
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
Cc: Ashish SHUKLA <ashish.is@lostca.se>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

See https://github.com/advisories/GHSA-32gq-x56h-299c

* gnu/packages/golang-crypto.scm (go-filippo-io-age): [source]
<patches> Add a patch.

Change-Id: I2cf58e864446589d9016415f2400f74797f0f87e
---
 gnu/packages/golang-crypto.scm | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/golang-crypto.scm b/gnu/packages/golang-crypto.scm
index 0fd96eaa54..dc290635c1 100644
--- a/gnu/packages/golang-crypto.scm
+++ b/gnu/packages/golang-crypto.scm
@@ -44,6 +44,7 @@ (define-module (gnu packages golang-crypto)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix build-system go)
   #:use-module (guix gexp)
+  #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix packages)
   #:use-module (guix utils)
@@ -133,7 +134,14 @@ (define-public go-filippo-io-age
              (commit (string-append "v" version))))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "1dms32lxqgjipmlisng7dmy1sdw0qscj43x9lmpadyzbzc64lhrv"))))
+        (base32 "1dms32lxqgjipmlisng7dmy1sdw0qscj43x9lmpadyzbzc64lhrv"))
+       (patches
+         (list
+           ;; https://github.com/advisories/GHSA-32gq-x56h-299c
+           (origin
+             (method url-fetch)
+             (uri "https://github.com/FiloSottile/age/commit/482cf6fc9babd3ab06f6606762aac10447222201.patch")
+             (sha256 (base32 "19lkq2xbv3l0sxp7z9r7qgdi2v18bkaqg9kkyvc3qzyk5nsk56j6")))))))
     (build-system go-build-system)
     (arguments
      (list

base-commit: 07b4b1d055c36c6c61d39273c26974771dbfe805
-- 
2.47.1





From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 20 12:16:06 2024
Received: (at 74984-close) by debbugs.gnu.org; 20 Dec 2024 17:16:06 +0000
Received: from localhost ([127.0.0.1]:43853 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1tOgbe-0003eY-IF
	for submit@debbugs.gnu.org; Fri, 20 Dec 2024 12:16:06 -0500
Received: from mx.boiledscript.com ([88.99.243.112]:57986)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <hako@ultrarare.space>) id 1tOgbb-0003eP-Tj
 for 74984-close@debbugs.gnu.org; Fri, 20 Dec 2024 12:16:04 -0500
Date: Sat, 21 Dec 2024 01:15:58 +0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ultrarare.space;
 s=mail; t=1734714962;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=L6Z+LHtwxwEcJtSxJf6TFCuH8/Kv5IXznbxfNzb8fQw=;
 b=aAr8HdKhtb2U25HLeVnA1ESY2OGUAvJm5MTrbz5bgArjdgCD/5oUwi8PVeTFk4W9ChdNaD
 m2W00LhibJ0IKBW+QWYw3bnMrwIIT15M0IZezX3Xyg7A4gGnhKzVy/s2BWMvKfFW70I6d9
 KhNPAq4KLwwB1Vi48ISQN3s7wwo3k5gyWwOP2Cn+DB6qTyxQ75y6t8ZMh1sAwHzKcaTADR
 e1ubD9UV/QDUwnS+ZIklnTlJmPGYL0MIchDjRCok8qnIkQvRDqesRNAy37JNx2wp+aqIaB
 nDxWjOKdT/uDwqepXCs6uSj592/V1Tjhb/sHe0hI2OA3dYwCLN4NE+4G64msdA==
Message-ID: <877c7ujmwh.wl-hako@ultrarare.space>
From: Hilton Chain <hako@ultrarare.space>
To: Ashish SHUKLA <ashish.is@lostca.se>
Subject: Re: [bug#74984] [PATCH] gnu: age: Patch for security vulnerability
In-Reply-To: <9c76c7c122531bbeab0ad81228ecc7f3f62f3fa2.1734649109.git.ashish.is@lostca.se>
References: <9c76c7c122531bbeab0ad81228ecc7f3f62f3fa2.1734649109.git.ashish.is@lostca.se>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 74984-close
Cc: 74984-close@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Ashish,

On Fri, 20 Dec 2024 06:58:29 +0800,
Ashish SHUKLA via Guix-patches via wrote:
>
> See https://github.com/advisories/GHSA-32gq-x56h-299c
>
> * gnu/packages/golang-crypto.scm (go-filippo-io-age): [source]
> <patches> Add a patch.

age is updated to 1.2.1 in 7f91b12fe31baa0838ae2e942d4515911e71b137.  Closing.




From unknown Sat Jun 21 03:27:41 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Sat, 18 Jan 2025 12:24:06 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator