Bug#1101318: marked as done (ITP: golang-github-awnumar-memguard -- Secure software enclave for storage of sensitive information in memory.)

[Debian Bug Tracking System]

Your message dated Sun, 06 Apr 2025 00:00:11 +0000
with message-id <e1u1dqp-00azs2...@fasolo.debian.org>
and subject line Bug#1101318: fixed in golang-github-awnumar-memguard 0.22.5-1
has caused the Debian Bug report #1101318,
regarding ITP: golang-github-awnumar-memguard -- Secure software enclave for 
storage of sensitive information in memory.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1101318: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101318
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: wnpp
Severity: wishlist
Owner: Simon Josefsson <si...@josefsson.org>

* Package name    : golang-github-awnumar-memguard
  Version         : 0.22.5-1
  Upstream Author : Awn
* URL             : https://github.com/awnumar/memguard
* License         : Apache-2.0
  Programming Lang: Go
  Description     : Secure software enclave for storage of sensitive 
information in memory.

 This package attempts to reduce the likelihood of sensitive data being
 exposed when in memory. It aims to support all major operating systems
 and is written in pure Go.
 .
 Features
 .
  * Sensitive data is encrypted and authenticated in memory with
    XSalsa20Poly1305. The scheme (https://spacetime.dev/encrypting-secrets-in-
    memory) used also defends against cold-boot attacks
    (https://spacetime.dev/memory-retention-attacks).
  * Memory allocation bypasses the language runtime by using system calls
    (https://github.com/awnumar/memcall) to query the kernel for resources
    directly. This avoids interference from the garbage-collector.
  * Buffers that store plaintext data are fortified with guard pages and
    canary values to detect spurious accesses and overflows.
  * Effort is taken to prevent sensitive data from touching the disk.
    This includes locking memory to prevent swapping and handling core
    dumps.
  * Kernel-level immutability is implemented so that attempted
    modification of protected regions results in an access violation.
  * Multiple endpoints provide session purging and safe termination
    capabilities as well as signal handling to prevent remnant data being
    left behind.
  * Side-channel attacks are mitigated against by making sure that the
    copying and comparison of data is done in constant-time.

https://salsa.debian.org/go-team/packages/golang-github-awnumar-memguard
https://salsa.debian.org/jas/golang-github-awnumar-memcall/-/pipelines

/Simon

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: golang-github-awnumar-memguard
Source-Version: 0.22.5-1
Done: Simon Josefsson <si...@josefsson.org>

We believe that the bug you reported is fixed in the latest version of
golang-github-awnumar-memguard, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1101...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Josefsson <si...@josefsson.org> (supplier of updated 
golang-github-awnumar-memguard package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 31 Mar 2025 14:19:37 +0200
Source: golang-github-awnumar-memguard
Binary: golang-github-awnumar-memguard-dev
Architecture: source all
Version: 0.22.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Simon Josefsson <si...@josefsson.org>
Description:
 golang-github-awnumar-memguard-dev - secure enclave for storage of sensitive 
information (library)
Closes: 1101318
Changes:
 golang-github-awnumar-memguard (0.22.5-1) unstable; urgency=medium
 .
   * Initial release (Closes: #1101318)
Checksums-Sha1:
 3dba545567a39999eae4ce3046a3cf267e5b2432 2786 
golang-github-awnumar-memguard_0.22.5-1.dsc
 416a18173778accdb08534b312f194e5698a0bad 75201 
golang-github-awnumar-memguard_0.22.5.orig.tar.gz
 32de0fa3c16d22dcc1cdb97eb3342a63189db528 3964 
golang-github-awnumar-memguard_0.22.5-1.debian.tar.xz
 52d9f1786307ebce2fdd8d30456ddb5ae91ba626 24960 
golang-github-awnumar-memguard-dev_0.22.5-1_all.deb
 78d2368fedf981c329fed6aa70c2d9f66afe05e7 6576 
golang-github-awnumar-memguard_0.22.5-1_amd64.buildinfo
Checksums-Sha256:
 a29a0750d59580320e92008005f2ad491ee66fece2479609f2f0eb74b046e319 2786 
golang-github-awnumar-memguard_0.22.5-1.dsc
 ce8e1f1138add095a4f2f4e210de4bfaa30a58f599d9638bea7ef0019b1735a2 75201 
golang-github-awnumar-memguard_0.22.5.orig.tar.gz
 7d9ef73ce9b6a027e7f38069649feb9f974f1dd1540bfb32e9d442a44a171d32 3964 
golang-github-awnumar-memguard_0.22.5-1.debian.tar.xz
 09a3ed73ecd8b24e9c17dbd8f6280d265c1faaaa1fdcde17b289bed6745d5826 24960 
golang-github-awnumar-memguard-dev_0.22.5-1_all.deb
 b75b5f3f80259b3b9798ef46fbcb1e9c38c2fa92ee3ca6a371a4c8f669210649 6576 
golang-github-awnumar-memguard_0.22.5-1_amd64.buildinfo
Files:
 cf917a91ef5e5de1b2fed14f2433c243 2786 golang optional 
golang-github-awnumar-memguard_0.22.5-1.dsc
 d26662a27a9538d793c694f35f727567 75201 golang optional 
golang-github-awnumar-memguard_0.22.5.orig.tar.gz
 c8b4514da648a5dc46a1cd36f4dd8ffb 3964 golang optional 
golang-github-awnumar-memguard_0.22.5-1.debian.tar.xz
 a7c11fb66438720d08cbb3424fdd119b 24960 golang optional 
golang-github-awnumar-memguard-dev_0.22.5-1_all.deb
 7c6ef9f9ddee8666ff83b27659aac0ed 6576 golang optional 
golang-github-awnumar-memguard_0.22.5-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCgMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmfqij4UHHNpbW9uQGpv
c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f
V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z
ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh
BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA
/iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx
+3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx
I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0
+MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R
cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE
8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J
ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6
qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB
BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA
JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF
PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh
is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFomOkAQDjnzmc/Fps
Uy3VhdsaCzULW22YFiLXTiwUZX1QWmDawgEAvMG3cPCln7zTCB/+xruYoohpsA0G
gvYc+5x/kewrWQw=
=prSW
-----END PGP SIGNATURE-----

pgpNZCukNm7bp.pgp
Description: PGP signature

--- End Message ---