Change log for golang-1.21 package in Debian

golang-1.21 (1.21.13-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.13

 -- Shengjing Zhu <email address hidden>  Wed, 07 Aug 2024 11:57:13 +0800

Available diffs

• diff from 1.21.12-1 to 1.21.13-1 (1.6 KiB)

golang-1.21 (1.21.12-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.12
    + CVE-2024-24791: net/http: denial of service due to improper 100-continue
      handling

 -- Shengjing Zhu <email address hidden>  Wed, 03 Jul 2024 16:04:00 +0800

Available diffs

• diff from 1.21.11-1 to 1.21.12-1 (9.2 KiB)

golang-1.21 (1.21.11-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.11
    + CVE-2024-24789: archive/zip: mishandling of corrupt central directory
      record
    + CVE-2024-24790: net/netip: unexpected behavior from Is methods for
      IPv4-mapped IPv6 addresses

 -- Shengjing Zhu <email address hidden>  Wed, 05 Jun 2024 07:29:58 +0800

Available diffs

• diff from 1.21.10-1 to 1.21.11-1 (10.5 KiB)

golang-1.21 (1.21.10-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.10
     + CVE-2024-24788: net: malformed DNS message can cause infinite loop

 -- Shengjing Zhu <email address hidden>  Wed, 08 May 2024 17:13:11 +0800

Available diffs

• diff from 1.21.9-1 to 1.21.10-1 (3.1 KiB)

golang-1.21 (1.21.9-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.9
    + CVE-2023-45288: http2: close connections when receiving too many headers

 -- Shengjing Zhu <email address hidden>  Thu, 04 Apr 2024 04:16:59 +0800

Available diffs

• diff from 1.21.8-1build1 (in Ubuntu) to 1.21.9-1 (4.3 KiB)

golang-1.21 (1.21.8-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.8
    + CVE-2024-24783: crypto/x509: Verify panics on certificates with an
      unknown public key algorithm
    + CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
    + CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of
      sensitive headers and cookies on HTTP redirect
    + CVE-2024-24785: html/template: errors returned from MarshalJSON methods
      may break template escaping
    + CVE-2024-24784: net/mail: comments in display names are incorrectly
      handled
  * Update upstream signing key

 -- Shengjing Zhu <email address hidden>  Wed, 06 Mar 2024 15:14:10 +0800

Available diffs

• diff from 1.21.7-2 to 1.21.8-1 (28.2 KiB)

golang-1.21 (1.21.7-2) unstable; urgency=medium

  * Team upload
  * Skip flaky TestCrashDumpsAllThreads on mips64le

 -- Shengjing Zhu <email address hidden>  Mon, 26 Feb 2024 17:13:31 +0800

Available diffs

• diff from 1.21.7-1 to 1.21.7-2 (751 bytes)

golang-1.21 (1.21.7-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.7

 -- Shengjing Zhu <email address hidden>  Wed, 21 Feb 2024 16:35:15 +0800

Available diffs

• diff from 1.21.6-1 to 1.21.7-1 (21.6 KiB)

golang-1.21 (1.21.6-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.6

 -- Shengjing Zhu <email address hidden>  Thu, 11 Jan 2024 18:46:44 +0800

Available diffs

• diff from 1.21.5-1 to 1.21.6-1 (15.5 KiB)

golang-1.21 (1.21.5-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.5
    + CVE-2023-39326: net/http: limit chunked data overhead
    + CVE-2023-45285: cmd/go: go get may unexpectedly fallback to insecure git
    + CVE-2023-45283: path/filepath: retain trailing \ when cleaning paths
      like \\?\c:\

 -- Shengjing Zhu <email address hidden>  Wed, 06 Dec 2023 15:32:23 +0800

Available diffs

• diff from 1.21.4-1 to 1.21.5-1 (17.4 KiB)

golang-1.21 (1.21.4-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.4
    + CVE-2023-45283: path/filepath: recognize \??\ as a Root Local Device
      path prefix.
    + CVE-2023-45284: path/filepath: recognize device names with trailing
      spaces and superscripts.

 -- Shengjing Zhu <email address hidden>  Wed, 08 Nov 2023 03:40:30 +0800

Available diffs

• diff from 1.21.3-1 to 1.21.4-1 (10.9 KiB)

golang-1.21 (1.21.3-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.3
    + CVE-2023-44487/CVE-2023-39325: net/http: rapid stream resets can cause
      excessive work

 -- Shengjing Zhu <email address hidden>  Wed, 11 Oct 2023 14:53:53 +0800

Available diffs

• diff from 1.21.1-1 to 1.21.3-1 (8.8 KiB)

golang-1.21 (1.21.2-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.2
    + CVE-2023-39323: cmd/go: line directives allows arbitrary execution during
      build

 -- Shengjing Zhu <email address hidden>  Fri, 06 Oct 2023 19:35:37 +0800

golang-1.21 (1.21.1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.1
    + CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary
      execution
    + CVE-2023-39318: html/template: improper handling of HTML-like comments
      within script contexts
    + CVE-2023-39319: html/template: improper handling of special tags within
      script contexts
    + CVE-2023-39321/CVE-2023-39322: crypto/tls: panic when processing
      post-handshake message on QUIC connections

 -- Shengjing Zhu <email address hidden>  Thu, 07 Sep 2023 11:51:55 +0800

Available diffs

• diff from 1.21.0-1 to 1.21.1-1 (63.0 KiB)

golang-1.21 (1.21.0-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21.0

 -- Shengjing Zhu <email address hidden>  Wed, 09 Aug 2023 14:40:00 +0800

Available diffs

• diff from 1.21~rc4-1 to 1.21.0-1 (3.5 KiB)

golang-1.21 (1.21~rc4-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21~rc4

 -- Shengjing Zhu <email address hidden>  Thu, 03 Aug 2023 15:15:53 +0800

Available diffs

• diff from 1.21~rc3-2 to 1.21~rc4-1 (39.0 KiB)

golang-1.21 (1.21~rc3-2) unstable; urgency=medium

  * Team upload
  * Add Breaks+Replaces golang-1.21-go (<< 1.21~rc3) on golang-1.21-src
    src/internal/platform/zosarch.go move from golang-1.21-go to
    golang-1.21-src (Closes: #1041412)

 -- Shengjing Zhu <email address hidden>  Wed, 19 Jul 2023 16:12:19 +0800

Available diffs

• diff from 1.21~rc3-1 to 1.21~rc3-2 (581 bytes)

golang-1.21 (1.21~rc3-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21~rc3

 -- Shengjing Zhu <email address hidden>  Mon, 17 Jul 2023 15:20:39 +0800

Available diffs

• diff from 1.21~rc2-2 to 1.21~rc3-1 (88.8 KiB)

golang-1.21 (1.21~rc2-2) unstable; urgency=medium

  * Team upload
  * Add autopkgtest

 -- Shengjing Zhu <email address hidden>  Thu, 29 Jun 2023 16:33:35 +0800

Available diffs

• diff from 1.21~rc2-1 to 1.21~rc2-2 (701 bytes)

golang-1.21 (1.21~rc2-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21~rc2

 -- Shengjing Zhu <email address hidden>  Thu, 22 Jun 2023 14:53:06 +0800

Available diffs

• diff from 1.21~rc1-1 to 1.21~rc2-1 (14.6 KiB)

golang-1.21 (1.21~rc1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.21rc1
  * Install go.env in GOROOT
  * Drop patches
    + 0001-Disable-test-for-UserHomeDir.patch.
      Now the test doesn't fail if HOME dir doesn't exist
      See https://github.com/golang/go/commit/bb4ea80b
    + 0002-Fix-Lintian-warnings-about-wrong-interpreter-path.patch.
      We don't run these scripts, just leave them as is.
    + 0003-cmd-dist-increase-default-timeout-scale-for-arm.patch.
      Upstream has removed arch-specific timeout scale heuristics.
      See https://github.com/golang/go/issues/57117
      We can move the setting to dh-golang.
    + 0004-skip-userns-test-in-schroot-as-well.patch.
      Now the tests doesn't hardcode chroot types.
      See https://github.com/golang/go/commit/09267142

 -- Shengjing Zhu <email address hidden>  Tue, 20 Jun 2023 17:39:49 +0800