GNU bug report logs - #74984
[PATCH] gnu: age: Patch for security vulnerability

Previous Next

Package: guix-patches;

Reported by: Ashish SHUKLA <ashish.is <at> lostca.se>

Date: Thu, 19 Dec 2024 23:00:02 UTC

Severity: normal

Tags: patch

Done: Hilton Chain <hako <at> ultrarare.space>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ashish SHUKLA <ashish.is <at> lostca.se>
Subject: bug#74984: closed (Re: [bug#74984] [PATCH] gnu: age: Patch for
 security vulnerability)
Date: Fri, 20 Dec 2024 17:17:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#74984: [PATCH] gnu: age: Patch for security vulnerability

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 74984 <at> debbugs.gnu.org.

-- 
74984: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=74984
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Hilton Chain <hako <at> ultrarare.space>
To: Ashish SHUKLA <ashish.is <at> lostca.se>
Cc: 74984-close <at> debbugs.gnu.org
Subject: Re: [bug#74984] [PATCH] gnu: age: Patch for security vulnerability
Date: Sat, 21 Dec 2024 01:15:58 +0800

Hi Ashish,

On Fri, 20 Dec 2024 06:58:29 +0800,
Ashish SHUKLA via Guix-patches via wrote:
>
> See https://github.com/advisories/GHSA-32gq-x56h-299c
>
> * gnu/packages/golang-crypto.scm (go-filippo-io-age): [source]
> <patches> Add a patch.

age is updated to 1.2.1 in 7f91b12fe31baa0838ae2e942d4515911e71b137.  Closing.


[Message part 3 (message/rfc822, inline)]
From: Ashish SHUKLA <ashish.is <at> lostca.se>
To: guix-patches <at> gnu.org
Cc: Ashish SHUKLA <ashish.is <at> lostca.se>
Subject: [PATCH] gnu: age: Patch for security vulnerability
Date: Thu, 19 Dec 2024 22:58:29 +0000

See https://github.com/advisories/GHSA-32gq-x56h-299c

* gnu/packages/golang-crypto.scm (go-filippo-io-age): [source]
<patches> Add a patch.

Change-Id: I2cf58e864446589d9016415f2400f74797f0f87e
---
 gnu/packages/golang-crypto.scm | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/golang-crypto.scm b/gnu/packages/golang-crypto.scm
index 0fd96eaa54..dc290635c1 100644
--- a/gnu/packages/golang-crypto.scm
+++ b/gnu/packages/golang-crypto.scm
@@ -44,6 +44,7 @@ (define-module (gnu packages golang-crypto)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix build-system go)
   #:use-module (guix gexp)
+  #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix packages)
   #:use-module (guix utils)
@@ -133,7 +134,14 @@ (define-public go-filippo-io-age
              (commit (string-append "v" version))))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "1dms32lxqgjipmlisng7dmy1sdw0qscj43x9lmpadyzbzc64lhrv"))))
+        (base32 "1dms32lxqgjipmlisng7dmy1sdw0qscj43x9lmpadyzbzc64lhrv"))
+       (patches
+         (list
+           ;; https://github.com/advisories/GHSA-32gq-x56h-299c
+           (origin
+             (method url-fetch)
+             (uri "https://github.com/FiloSottile/age/commit/482cf6fc9babd3ab06f6606762aac10447222201.patch")
+             (sha256 (base32 "19lkq2xbv3l0sxp7z9r7qgdi2v18bkaqg9kkyvc3qzyk5nsk56j6")))))))
     (build-system go-build-system)
     (arguments
      (list

base-commit: 07b4b1d055c36c6c61d39273c26974771dbfe805
-- 
2.47.1
This bug report was last modified 154 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.