net/url: URL.Parse Multiple Parsing Issues #29098

wir3less · 2018-12-04T17:21:41Z

What version of Go are you using (`go version`)?

$ go version
go version go1.11.2 windows/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (`go env`)?

go env Output

$ go env
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\wir3less\AppData\Local\go-build
set GOEXE=.exe
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOOS=windows
set GOPATH=C:\Users\wir3less\go
set GOPROXY=
set GORACE=
set GOROOT=C:\Go
set GOTMPDIR=
set GOTOOLDIR=C:\Go\pkg\tool\windows_amd64
set GCCGO=gccgo
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=C:\Users\wir3less\AppData\Local\Temp\go-build829182294=/tmp/go-build -gno-record-gcc-switches

What did you do?

While playing around with URL.Parse I found a few problems I'd like to share.
I'll gladly share more details if anything is unclear or if someone is interested.

Normally, javascript:alert(1) when parsed by url.parse has no Hostname()
But javascript://alert(1) has a hostname of alert(1)
This can be taken further...
javascript://%250aalert(1)+'aa@google.com/a'a has a hostname of google.com and will pop an alert if relocated to by a browser (after decoding)

IPV6 support also has it's issues...
this URL http://[google.com]:80 has the hostname of google.com
But also do all of these:
http://google.com]:80
http://google.com]:80__Anything_you'd_like_sir
http://[google.com]FreeTextZoneHere]:80

Even without thinking about how this would interact with other systems and parsers,
Just considering code used URL hostname validations and Go's https functions (http.Get() for instance) leveraging url.parse should explain how this could be used maliciously.

Again, will be glad to provide more details if needed.
All POCs can be found here
https://play.golang.org/p/UoqEcxCFY8z

What did you expect to see?

Errors for most of it...

What did you see instead?

Hostnames

The text was updated successfully, but these errors were encountered:

agnivade · 2018-12-05T06:11:57Z

/cc @bradfitz

mengzhuo · 2018-12-05T06:19:59Z

What did you see instead?
Hostnames

I think an invalid error is more appropriate.

wir3less · 2018-12-05T11:17:24Z

I agree. Thats what I wrote on the "Expected" field.
Recieving a Hostname is what currently happens.

mengzhuo · 2018-12-05T15:09:40Z

I've take a look into url_test.go

go/src/net/url/url_test.go

Lines 423 to 432 in 5e17278

    
           // worst case host, still round trips 
        
           { 
        
           	"scheme://!$&'()*+,;=hello!:port/path", 
        
           	&URL{ 
        
           		Scheme: "scheme", 
        
           		Host:   "!$&'()*+,;=hello!:port", 
        
           		Path:   "/path", 
        
           	}, 
        
           	"", 
        
           },

You can see this is design on purpose.

wir3less · 2018-12-06T10:48:16Z

I see...
Well this is still the wrong behaviour, both in my opinion as well as by the spec.
The fact that we have tests for it doesn't make it right...
Try testing other parsers, non will allow that kind of parsing

mees- · 2018-12-27T12:41:44Z

I don't know if this is the right place to mention this but url.Parse("localhost") sets the Path to "localhost" and the host is empty. I believe this is also an error in the parsing

fraenkel · 2018-12-27T20:18:55Z

@mees- Why would that be an error? You have provided a valid relative path.

mees- · 2018-12-27T20:34:49Z

I'm sorry, I misunderstood the documentation

wir3less · 2018-12-28T20:06:36Z

Can I provide any more info to get this issue resolved? No point in leaving this issue open for nothing...

agnivade · 2018-12-29T03:58:19Z

Try testing other parsers, non will allow that kind of parsing

If you can take each case, and show a comparison of the behavior in Python, Node and Ruby, it will help us understand the situation better.

wir3less · 2019-01-01T12:04:19Z

So I've taken the time and compiled the following table
https://docs.google.com/spreadsheets/d/1HNyNO6dVYNhdsd_oLZELw4L17L3hK0r2OcZZv1lrx3Y/edit?usp=sharing

You can notice that for the Javascript URLs, Chrome is the only one actually following the spec, and python is doing a half decent job (has hostname, but ignored http specific chars like '@' in non http schemes.)

For the IPv6 URLs, you can see that Go is by far the most permissive parser.

Please keep in mind that all these vectors can be used to trick and bypass code trying to validate the host of a user-supplied URL.

I'm also going to open bugs for Node and Ruby as they are also in risk of that.

agnivade · 2019-01-01T14:39:11Z

Thank you for spending time on this !

wir3less · 2019-01-01T15:39:25Z

I dug a little deeper on the Node cases.
I used node 10.13.0 for my testing, apparently, there's already 10.15.0
One of the patches is of interest to this issue - https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/#hostname-spoofing-in-url-parser-for-javascript-protocol-cve-2018-12123

So using url.parse() is fixed on Node now, these problems still exist it if you use the new URL() syntax

> new URL("javascript://google.com").host
'google.com'
> url.parse("javascript://google.com").host
null

wir3less · 2019-01-09T09:44:07Z

Guys,
Any update here?

ghost · 2019-01-10T04:29:53Z

   javascript://alert(1) has a hostname of alert(1)
   javascript://%250aalert(1)+'aa@google.com/a'a has a hostname of google.com and will pop an alert if relocated to by a browser (after decoding)

I don't see an issue here. If you're using unescaped and unsanitized data in HTML code, then nothing would help you. And whitelisting is not an option here, while blacklisting isn't a solution as it always can be bypassed by a malicious.actor.

wir3less · 2019-01-10T09:45:04Z

Thanks @bradfitz .

@opennota - The URL parser is meant to deal with such data.
You're supposed to be able to pass user-data into it, and it should return an error in case the URL is malformed.
Otherwise, it should return a safe object that correctly represents the URL. Meaning, for example, no Hostname for hostless schemes such as JS.

As for the blacklist approach, I think a piece of code such as the one implemented by Node, should do the trick:
https://github.com/nodejs/node/blob/master/lib/url.js#L277

wir3less · 2019-01-13T11:39:56Z

@bradfitz I just realized that go releases a major version every 6 months, and that 1.13 will be released on August 19.
Does that mean this issue will wait till then to get resolved?

bradfitz · 2019-01-14T19:31:02Z

At least, if ever. We don't have a great history of being able to make changes to the URL type without breaking code. So it might need to remain unchanged (or at least only documented). But I can't say because I haven't looked into this bug at all yet or your spreadsheet. But thanks for gathering data.

mikesamuel · 2019-08-14T21:25:04Z

Is net/url based on STD66 or https://url.spec.whatwg.org/ ?

FiloSottile · 2019-08-14T21:41:52Z

@mikesamuel STD66. It cites RFC 3986 and RFC 2396. Is it relevant here? Do either allow non-numeric ports?

mikesamuel · 2019-08-21T19:27:58Z

@FiloSottile

I don't know that they differ around ports.
IIRC, url.spec does differ around javascript://example.com/%0aalert(1).

The Appendix B regex is perfectly happy with non-numeric ports, so it really depends on whether you're strictly matching the grammar or doing approximate decomposition.

The TestParseErrors test function was not strict with unwanted errors received from url.Parse(). It was not failing in such cases, now it does. Updates golang#33646 and golang#29098

gopherbot · 2019-08-27T18:12:07Z

Change https://golang.org/cl/191966 mentions this issue: net/url: fail TestParseErrors test when getting an unwanted error

The TestParseErrors test function was not strict with unwanted errors received from url.Parse(). It was not failing in such cases, now it does Fixes #33646 Updates #29098 Change-Id: I069521093e2bff8b1fcd41ffd3f9799f3108bc61 GitHub-Last-Rev: e6844c5 GitHub-Pull-Request: #33876 Reviewed-on: https://go-review.googlesource.com/c/go/+/191966 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>

The TestParseErrors test function was not strict with unwanted errors received from url.Parse(). It was not failing in such cases, now it does Fixes golang#33646 Updates golang#29098 Change-Id: I069521093e2bff8b1fcd41ffd3f9799f3108bc61 GitHub-Last-Rev: e6844c5 GitHub-Pull-Request: golang#33876 Reviewed-on: https://go-review.googlesource.com/c/go/+/191966 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>

EddieIvan01 · 2019-09-03T12:03:55Z

So I've taken the time and compiled the following table
https://docs.google.com/spreadsheets/d/1HNyNO6dVYNhdsd_oLZELw4L17L3hK0r2OcZZv1lrx3Y/edit?usp=sharing

You can notice that for the Javascript URLs, Chrome is the only one actually following the spec, and python is doing a half decent job (has hostname, but ignored http specific chars like '@' in non http schemes.)

For the IPv6 URLs, you can see that Go is by far the most permissive parser.

Please keep in mind that all these vectors can be used to trick and bypass code trying to validate the host of a user-supplied URL.

I'm also going to open bugs for Node and Ruby as they are also in risk of that.

Python also has the behavior (Python 3.6.4 (default, Apr 4 2019, 19:58:46))

>>> from urllib.parse import urlparse
>>> urlparse("javascript://%250aalert(1)+'aa@google.com/a'a")
ParseResult(scheme='javascript', netloc="%250aalert(1)+'aa@google.com", path="/a'a", params='', query='', fragment='')
>>> a = _ 
>>> a.hostname
'google.com'
>>> a.username
"%250aalert(1)+'aa"

But in my opinion, this behavior (javascript://%250aalert(1)+'aa@google.com/a') isn't a security bug. Developer should filter XSS while writing to HTML.
And somthing following the indicator of hierarchical URL is authentication and hostname, even if the URL is non-hierarchical, parser dont need to confirm which protocols are hierarchical.

The TestParseErrors test function was not strict with unwanted errors received from url.Parse(). It was not failing in such cases, now it does Fixes golang#33646 Updates golang#29098 Change-Id: I069521093e2bff8b1fcd41ffd3f9799f3108bc61 GitHub-Last-Rev: e6844c5 GitHub-Pull-Request: golang#33876 Reviewed-on: https://go-review.googlesource.com/c/go/+/191966 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>

dwillemv · 2019-10-02T07:24:19Z

The following custom URI was accepted before, but isn't now:
s://1:2.3
A port is extracted as 2.3, which is not a valid port, but our scheme does not define the concept of a port.

FiloSottile · 2019-10-02T16:41:28Z

The following custom URI was accepted before, but isn't now:
s://1:2.3
A port is extracted as 2.3, which is not a valid port, but our scheme does not define the concept of a port.

As far as I can tell, that's not a valid URL according to any spec. I realize it can be useful to use the URL parser for similar formats, but that convenience comes with the security cost of accepting invalid URLs that are surprising to applications that expect well formed URLs, and the name of the package is net/url.

dwillemv · 2019-10-02T17:23:10Z

Fair enough, I know that is not a URL.
Would you say "file://1:2.3" should fail parsing too?

FiloSottile · 2019-10-02T17:29:45Z

Would you say "file://1:2.3" should fail parsing too?

I think it should, as the correct format for it is file:///1:2.3, where the host is empty. Does it not?

dwillemv · 2019-10-02T20:20:40Z

I see. I forgot about the third / meaning the part after that is treated as a path, so that wasn't a valid example.
My issue is with the assumption that any hostname that is not an IP will end with a port number.

"http://host:sub" doesn't parse either. I couldn't find if the RFC3986 mandates that the second part of any host string must be a port, but if it is I'll have to live with it. If it isn't I would prefer that the behavior of parse gets relaxed and just return the entire host name string as is.

FiloSottile · 2019-10-02T20:33:02Z

If there is a colon in the authority, the part after it is a port, and ports can only be digits.

  authority   = [ userinfo "@" ] host [ ":" port ]
  port        = *DIGIT

https://tools.ietf.org/html/rfc3986#section-3.2

(Of course, the port is optional, but if there is a colon there is a port, by the syntax.)

golang-1.14 (1.14~beta1-1) unstable; urgency=medium * New upstream major version. golang-1.13 (1.13.5-1) unstable; urgency=medium * New upstream version 1.13.5 golang-1.13 (1.13.4-1) unstable; urgency=medium * New upstream version 1.13.4 - Refresh patches golang-1.13 (1.13.3-1) unstable; urgency=medium * New upstream version 1.13.3 - Refresh patch - crypto/dsa: invalid public key causes panic in dsa.Verify. Fixes CVE-2019-17596. Closes: #942628 * Update Standards-Version to 4.4.1, no changes needed golang-1.13 (1.13.1-1) unstable; urgency=medium * New upstream version 1.13.1 - net/textproto: don't normalize headers with spaces before the colon. Fixes CVE-2019-16276. See golang/go#34541 and Debian bug #941173 golang-1.13 (1.13-1) unstable; urgency=medium * New upstream version 1.13 - Refresh patch * Set pristine-tar for gbp to False golang-1.13 (1.13~rc2-1) unstable; urgency=medium * New upstream version 1.13~rc2 - Remove patch for CVE-2019-9512 and CVE-2019-9514, has been applied upstream golang-1.13 (1.13~rc1-2) unstable; urgency=medium * Exclude testdata from dh_makeshlibs. Otherwise, the build fails at least on armel and armhf. * Apply changes from cme fix dpkg * Set Rules-Requires-Root: no golang-1.13 (1.13~rc1-1) unstable; urgency=medium * New upstream version 1.13~rc1 - Remove patch for CVE-2019-14809, has been applied upstream * Use dh_missing instead of deprecated dh_install --fail-missing * Do not run dh_dwz, there is no debugging information * Use debhelper-compat (= 12) golang-1.13 (1.13~beta1-3) unstable; urgency=high * Fix Denial of Service vulnerabilities in the HTTP/2 implementation. golang/go#33631 CVE-2019-9512, CVE-2019-9514. Closes: #934955 * Fix multiple Parsing Issues in URL.Parse golang/go#29098 CVE-2019-14809. Closes: #934954 golang-1.13 (1.13~beta1-2) unstable; urgency=medium * Set GOCACHE to fix a FTBFS. (See bug #933958) golang-1.13 (1.13~beta1-1) unstable; urgency=medium * New upstream major version. - Remove Reproducible-BUILD_PATH_PREFIX_MAP.patch. This patch is finally no longer needed with Go 1.13. Upstream has implemented a new flag "-trimpath" for the command "go build" which either strips the path or replaces it in the resulting binaries. References: golang/go#16860 https://go-review.googlesource.com/c/go/+/173345/ https://go-review.googlesource.com/c/go/+/173344/ - Remove arm64-arm64asm-recognise-new-ssbb-pssbb-mnemonics-fr.patch. This patch has been cherry-picked from upstream and is now included. - Refresh remaining patches - Fix lintian warning: make scripts executable * Switch to debhelper-compat, but stay at v11 for now golang-1.12 (1.12.7-1) unstable; urgency=medium * New upstream version 1.12.7 - Refresh patches * Update Standards-Version to 4.4.0, no changes needed golang-1.12 (1.12.5-1) unstable; urgency=medium * New upstream version 1.12.5 golang-1.12 (1.12.4-1) unstable; urgency=medium [ Anthony Fok ] * Add /usr/lib/go-X.Y/{api,misc} symlinks. For example, programs such as https://github.com/vugu/vugu and documentation such as https://github.com/golang/go/wiki/WebAssembly expect to find wasm_exec.js at "$(go env GOROOT)/misc/wasm/wasm_exec.js". [ Dr. Tobias Quathamer ] * New upstream version 1.12.4 * Add five lintian overrides for false positives golang-1.12 (1.12.1-1) unstable; urgency=medium * New upstream version 1.12.1 * Use upstream signing key for tarball verification golang-1.12 (1.12-1) unstable; urgency=medium * New upstream version 1.12 - Remove patch 0005-Fix-CVE-2019-6486, applied upstream golang-1.12 (1.12~beta2-2) unstable; urgency=medium * Refresh patch Reproducible BUILD_PATH_PREFIX_MAP. Thanks to Michael Stapelberg! * Add patch to fix CVE-2019-6486. (Closes: #920548) golang-1.12 (1.12~beta2-1) unstable; urgency=medium * New upstream version 1.12~beta2 - Remove two patches, applied upstream. Refresh remaining patch. golang-1.12 (1.12~beta1-4) unstable; urgency=medium * Switch watch file to version 4 * Update d/copyright golang-1.12 (1.12~beta1-3) unstable; urgency=medium [ Anthony Fok ] * Add patch "unix: fix Fstatat by using fillStat_t on linux/mips64x" This fixes the "Fstatat: returned stat does not match Stat/Lstat" errors detected by TestFstatat. See https://go-review.googlesource.com/c/sys/+/155747 [ Dr. Tobias Quathamer ] * Add another lintian override golang-1.12 (1.12~beta1-2) unstable; urgency=medium [ Anthony Fok ] * Add patch "cmd/compile: fix MIPS SGTconst-with-shift rules" by Cherry Zhang. This fixes the root problem behind the "slice bounds out of range" build error seen in 1.11.4 on mips and mipsel architectures. See https://go-review.googlesource.com/c/go/+/155798 * Bump Standards-Version to 4.3.0 (no change) [ Dr. Tobias Quathamer ] * Do not compress favicon.ico. Thanks to Dato Simó <dato@debian.org> (Closes: #917132) golang-1.12 (1.12~beta1-1) unstable; urgency=medium * New upstream major version. - Refresh patches - Add new patch to disable test for UserHomeDir * Switch team address to tracker.d.o * Add another lintian override for a false positive golang-1.11 (1.11.4-1) unstable; urgency=medium * New upstream version 1.11.4 * Make lintian override agnostic of golang version golang-1.11 (1.11.3-1) unstable; urgency=medium * New upstream version 1.11.3 - Refresh patches * Update gbp.conf to new style syntax * Suggest brz as alternative to bzr; it provides the same command-line API. * Add myself to Uploaders golang-1.11 (1.11.2-2) unstable; urgency=medium * d/patches/arm64-arm64asm-recognise-new-ssbb-pssbb-mnemonics-fr.patch: backport workaround for objdump's support of newer mnemonics on arm64. golang-1.11 (1.11.2-1) unstable; urgency=medium * Team upload. [ Michael Hudson-Doyle ] * New upstream major version. * Update debhelper compat level to 11. * Remove GOCACHE files after running tests. * Stop dh_strip_nondeterminism from looking at testdata directories. [ Dr. Tobias Quathamer ] * Build-Depend on debhelper v11 * Override two false positive Lintian errors (missing depends on sensible-utils) * Add Lintian overrides for testdata * Include /usr/share/dpkg/architecture.mk for DEB_HOST_ARCH * Refresh patch for new upstream version * Fix Lintian warnings about wrong interpreter path * Make two scripts executable which have been missed by upstream * Remove three unneeded lintian overrides * Use HTTPS URL for d/watch * Update to Standards-Version 4.2.1 - Use HTTPS for d/copyright * Update d/copyright golang-1.10 (1.10.3-1) unstable; urgency=medium * New upstream version 1.10.3 * Restore changelog entry for 1.10.1-3, and fix that for 1.10.2-1, oops. golang-1.10 (1.10.2-1) unstable; urgency=medium * New upstream version 1.10.2. - d/patches/0003-Backport_nopie_fix.patch: removed, now included upstream. - d/patches/0004-Backport_mips_octeon3_fp_fix.patch: removed, also included upstream. golang-1.10 (1.10.1-3) unstable; urgency=high * Team upload. [ Michael Hudson-Doyle ] * Install the 'misc' and 'api' directories as part of the golang-1.10-src package as some tools (vgo, go tool trace) expect them to be there. (Closes: 894992¸ LP: #1743598) [ Martín Ferrari ] * Backport fix for FP bug in mips/Octeon III. Closes: #892088. Raising severity. golang-1.10 (1.10.1-2) unstable; urgency=medium * Team upload. * Backport patch that fixes FTBFS in arm64. * debian/copyright: Update attribution. * debian/source: Update lintian-overrides. golang-1.10 (1.10.1-1) unstable; urgency=medium * New upstream version 1.10.1. * d/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch: update patch tags to reference upstream discussion of this topic. * d/control, d/control.in: Update Vcs-* to point to salsa. golang-1.10 (1.10-1) unstable; urgency=medium * New upstream version 1.10 golang-1.10 (1.10~rc2-1) unstable; urgency=medium * New upstream version, fixing CVE-2018-6574. * d/patches/0001-os-signal-skip-TestTerminalSignal-if-posix_openpt-fa.patch, d/patches/0003-cmd-vendor-github.com-google-pprof-cherry-pick-fix-t.patch, d/patches/0004-cmd-link-internal-loadelf-fix-logic-for-computing-EL.patch: removed, now included upstream. golang-1.10 (1.10~rc1-2) unstable; urgency=medium * d/patches/0004-cmd-link-internal-loadelf-fix-logic-for-computing-EL.patch: Backport from upstream to fix build issues on armhf (causes ftbfs on Ubuntu but not Debian for some reason, but could produce broken binaries on Debian too). golang-1.10 (1.10~rc1-1) unstable; urgency=medium * New upstream version 1.10~rc1. * d/patches/0004-cmd-dist-use-buildmode-pie-for-pie-testing.patch, d/patches/0006-misc-cgo-testcarchive-use-no-pie-where-needed.patch, d/patches/0003-Do-not-use-SP-as-index-reg.patch: removed, included upstream. * d/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch: refreshed. * d/patches/0001-os-signal-skip-TestTerminalSignal-if-posix_openpt-fa.patch: Add to fix test failure in chroot. * d/patches/0003-cmd-vendor-github.com-google-pprof-cherry-pick-fix-t.patch: Add to fix test failure when $HOME is not writable. * d/rules: Set GOCACHE to "off" during build to avoid shipping cache files. golang-1.9 (1.9.2-4) unstable; urgency=medium * Enable building on mips, mipsel and mips64. (Closes: 879764) golang-1.9 (1.9.2-3) unstable; urgency=medium * Remove workaround for now fixed debhelper bug #879762 * Backport three patches from upstream to fix ftbfs on ppc64el with new kernel. golang-1.9 (1.9.2-2) unstable; urgency=medium [ Martín Ferrari ] * Add debian/patches/0003-Do-not-use-SP-as-index-reg.patch (Closes: #877541) golang-1.9 (1.9.2-1) unstable; urgency=medium * New upstream version 1.9.2 * Work around debhelper bug #879762 golang-1.9 (1.9.1-2) unstable; urgency=medium * Update debian/copyright (Closes: #873740) golang-1.9 (1.9.1-1) unstable; urgency=medium * New upstream release. * Use my @debian.org address in Uploaders. golang-1.9 (1.9-1) unstable; urgency=medium [ Michael Hudson-Doyle ] * New upstream release. * Suppress some new lintian errors in golang-1.9-src. [ Michael Stapelberg ] * Add debian/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch golang-1.8 (1.8.3-1) unstable; urgency=medium * New upstream release. (Closes: 863292, 863307) golang-1.8 (1.8.1-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~rc3-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~rc2-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~rc1-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~beta2-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~beta1-1) unstable; urgency=medium * New upstream release. * Remove d/patches/cl-29995--tzdata-2016g.patch, included upstream. golang-1.7 (1.7.4-1) unstable; urgency=medium * Update to 1.7.4 upstream release (Closes: #846545) - https://groups.google.com/d/topic/golang-announce/2lP5z9i9ySY/discussion - https://golang.org/issue/17965 (potential DoS vector in net/http) - golang/go@go1.7.3...go1.7.4 golang-1.7 (1.7.3-1) unstable; urgency=medium * New upstream release. * Delete d/patches/cl-28850.patch, applied upstream. golang-1.7 (1.7.1-3) unstable; urgency=medium * Backport CL 29995 for tzdata 2016g changes (Closes: #839317) golang-1.7 (1.7.1-2) unstable; urgency=medium * Add upstream patch for s390x FTBFS golang-1.7 (1.7.1-1) unstable; urgency=medium * New upstream release. * Re-enable tests on s390x now that gcc-6 has been fixed in unstable. golang-1.7 (1.7-3) unstable; urgency=medium * Add "s390x" to Architectures golang-1.7 (1.7-2) unstable; urgency=medium * Disable tests on armel. golang-1.7 (1.7-1) unstable; urgency=medium * New upstream release. golang-1.7 (1.7~rc4-1) unstable; urgency=medium * New upstream release. golang-1.7 (1.7~rc3-1) unstable; urgency=medium [ Tianon Gravi ] * Remove outdated README files (README.source and README.Debian) [ Michael Hudson-Doyle ] * New upstream release. * Suppress inaccurate source-is-missing lintian warnings. * Update Standards-Version to 3.9.8 (no changes required). golang-1.7 (1.7~rc2-1) unstable; urgency=medium * Update to 1.7rc2 upstream release. golang-1.7 (1.7~rc1-1) unstable; urgency=medium [ Paul Tagliamonte ] * Use a secure transport for the Vcs-Git and Vcs-Browser URL [ Tianon Gravi ] * Update to 1.7rc1 upstream release (new packages, not used by default; see also src:golang-defaults) * Update Vcs-Git to reference a particular branch golang-1.6 (1.6.2-2) unstable; urgency=medium * Update "golang-any" in "Build-Depends" to fallback to "golang-go | gccgo" (will help with backporting) golang-1.6 (1.6.2-1) unstable; urgency=medium * Update to 1.6.2 upstream release (Closes: #825696) * Build-Depend on golang-any instead of golang-go (Closes: #824421) golang-1.6 (1.6.1-1) unstable; urgency=medium * Build golang version-specific packages (Closes: #818415) * Things that (conceptually at least) move to new golang version independent golang-defaults source package: - Man pages. - Suggesting golang-golang-x-tools. - Breaks/Replace-ing of old golang-go-$GOOS-$GOARCH packages. * Stop using alternatives to manage /usr/bin/go. * sed trickery in debian/rules to support easy changes to new golang versions. golang (2:1.6.1-2) unstable; urgency=medium * Don't strip testdata files, causes build failures on some platforms. golang (2:1.6.1-1) unstable; urgency=medium [ Michael Hudson-Doyle ] * Breaks/Replaces: older golang-golang-x-tools, not Conflicts, to ensure smooth upgrades. * Strip the binaries as it has worked for the last five years or so and upstream sees no reason to disable it. [ Tianon Gravi ] * Update to 1.6.1 upstream release (Closes: #820369) - Fix CVE-2016-3959: infinite loop in several big integer routines golang (2:1.6-1) unstable; urgency=medium * Update to 1.6 upstream release (thanks Hilko!) - change "ar" arguments to quiet spurious warnings while using gccgo (Closes: #807138) - skip multicast listen test (Closes: #814849) - skip userns tests when chrooted (Closes: #807303) - use correct ELF header for armhf binaries (Closes: #734357) - Update debian/rules clean for new location of generated file. [ Michael Hudson-Doyle ] * Respect "nocheck" in DEB_BUILD_OPTIONS while building to skip tests (Closes: #807290) * Trim Build-Depends (Closes: #807299) * Fix several minor debian/copyright issues (Closes: #807304) * Remove inconsistently included race-built packages (Closes: #807294) [ Tianon Gravi ] * Add "-k" to "run.bash" invocation so that we do a full test run every time golang (2:1.5.3-1) unstable; urgency=high * Update to 1.5.3 upstream release - Fix CVE-2015-8618: Carry propagation in Int.Exp Montgomery code in math/big library (Closes: #809168) * Add "Breaks" to properly complement our "Replaces" (Closes: #810595) golang (2:1.5.2-1) unstable; urgency=medium * Update to 1.5.2 upstream release (Closes: #807136) golang (2:1.5.1-4) unstable; urgency=medium * Add Conflicts to force newer golang-go.tools too (Closes: #803559) golang (2:1.5.1-3) unstable; urgency=medium * Remove architecture qualification on golang-go Build-Depend now that golang-go is available for more architectures. golang (2:1.5.1-2) unstable; urgency=medium * Add Conflicts to force newer golang-golang-x-tools (Closes: #802945). golang (2:1.5.1-1) unstable; urgency=medium * Upload to unstable. * Update to 1.5.1 upstream release (see notes from experimental uploads for what's changed). * Skip tests on architectures where the tests fail. golang (2:1.4.3-3) unstable; urgency=medium * Fix FTBFS for non-amd64 architectures due to handling of "-race". golang (2:1.5.1-1~exp2) experimental; urgency=medium * Upload to experimental. * Add arch-qualifiers to "golang-go" build-depends to unblock the buildds (Closes: #800479); thanks Tim! golang (2:1.4.3-2) unstable; urgency=medium * Update Recommends/Suggests, especially to add gcc, etc. * Refactor "debian/rules" to utilize debhelper more effectively, especially for arch vs indep building (mostly backported from the 1.5+ changes), which fixes the "arch:all" FTBFS. golang (2:1.5.1-1~exp1) experimental; urgency=low * Upload to experimental. * Update to 1.5.1 upstream release (Closes: #796150). - Compiler and runtime written entirely in Go. - Concurrent garbage collector. - GOMAXPROCS=runtime.NumCPU() by default. - "internal" packages for all, not just core. - Experimental "vendoring" support. - Cross-compilation no longer requires a complete rebuild of the stdlib in GOROOT, and thus the golang-go-GOHOST-GOARCH packages are removed. * Sync debian/copyright with the Ubuntu delta. (thanks doko!) * Remove patches that no longer apply. * Add more supported arches to "debian/rules" code for detecting appropriate GOARCH/GOHOSTARCH values; thanks mwhudson and tpot! (Closes: #799907) * Refactor "debian/rules" to utilize debhelper more effectively, especially for arch vs indep building. * Move "dpkg-architecture" to "GOOS"/"GOARCH" code into a simple shell script for easier maintenance. golang (2:1.4.3-1) unstable; urgency=medium * New upstream version (https://golang.org/doc/devel/release.html#go1.4.minor) - includes previous CVE and non-CVE security fixes, especially TEMP-0000000-1C4729 golang (2:1.4.2-4) unstable; urgency=high * Apply backported CVE fixes (Closes: #795106). - CVE-2015-5739: Invalid headers are parsed as valid headers - CVE-2015-5740: RFC 7230 3.3.3 4 violation - CVE-2015-5741: other discoveries of security-relevant RFC 7230 violations golang (2:1.4.2-3) unstable; urgency=medium * Add missing "prerm" for our new alternatives (thanks piuparts). golang (2:1.4.2-2) unstable; urgency=medium * Move "go" and "gofmt" into "/usr/lib/go" and use alternatives to provide appropriate symlinks (Closes: #779503, #782301). * Relax "golang-go.tools" relationship to Suggests (from Recommends). * Add "go get" VCS options to Suggests for golang-go (bzr, git, mercurial, subversion). golang (2:1.4.2-1) unstable; urgency=medium * New upstream version (https://golang.org/doc/devel/release.html#go1.4.minor) golang (2:1.4.1-1~exp1) experimental; urgency=low * New upstream version (https://golang.org/doc/go1.4) - all editor support files have been removed from misc/ upstream upstream, so golang-mode, kate-syntax-go, and vim-syntax-go can no longer be provided; see https://github.com/golang/go/wiki/IDEsAndTextEditorPlugins for an upstream-maintained list of potential replacements golang (2:1.3.3-1) unstable; urgency=medium * New upstream version (https://code.google.com/p/go/source/list?name=go1.3.3) - time: removed from tests now obsolete assumption about Australian tz abbreviations - net: temporarily skip TestAcceptIgnoreSomeErrors - runtime: hide cgocallback_gofunc calling cgocallbackg from linker - runtime: fix GOTRACEBACK reading on Windows, Plan 9 - nacltest.bash: unset GOROOT - cmd/5l, cmd/6l, cmd/8l: fix nacl binary corruption bug * Add Paul and myself as uploaders. Many, many thanks to Michael for his work so far on this package (and hopefully more to come). golang (2:1.3.2-1) unstable; urgency=medium * New upstream version golang (2:1.3.1-1) unstable; urgency=medium * New upstream version golang (2:1.3-4) unstable; urgency=medium [ Tianon Gravi ] * update debian/watch for upstream's latest move (Closes: #756415) * backport archive/tar patch to fix PAX headers (Closes: #756416) golang (2:1.3-3) unstable; urgency=medium * don’t depend on emacs23, depend on emacs instead (Closes: #754013) * install include/ in golang-src, VERSION in golang-go (Closes: #693186) golang (2:1.3-2) unstable; urgency=medium * Add /usr/lib/go/test symlink * Build with GO386=387 to favor the 387 floating point unit over sse2 instructions (Closes: #753160) * Add debian/patches/0001-backport-delete-whole-line.patch to fix a deprecation warning about flet in the emacs part of golang-mode (Closes: #753607) * Migrate to emacsen >2 (Closes: #753607) * Backport two patches to improve archive/tar performance (for docker): debian/patches/0002-archive-tar-reuse-temporary-buffer-in-writeHeader.patch debian/patches/0003-archive-tar-reuse-temporary-buffer-in-readHeader.patch golang (2:1.3-1) unstable; urgency=medium * New upstream version. * Drop patches merged upstream: - debian/patches/add-tar-xattr-support.patch - debian/patches/add-tar-xattr-support.patch * Fix debian/watch (Thanks Tianon) (Closes: #748290) * Remove dangling symlink /usr/lib/go/lib/godoc (Closes: #747968) golang (2:1.2.1-2) unstable; urgency=low * Re-apply debian/patches/add-tar-xattr-support.patch which got lost when uploading 1.2.1-1; sorry about that. golang (2:1.2.1-1) unstable; urgency=low * New upstream release. golang (2:1.2-3) unstable; urgency=low * add debian/patches/add-tar-xattr-support.patch to have xattr support in tar (cherry-picked from upstream) (Thanks proppy) (Closes: #739586) golang (2:1.2-2) unstable; urgency=low * add patches/add-src-pkg-debug-elf-testdata-hello.patch to provide source for the testdata/ ELF binaries (Closes: #716853) golang (2:1.2-1) unstable; urgency=low * New upstream release. * drop patches/archive-tar-fix-links-and-pax.patch, it is merged upstream * godoc(1) is now in the Debian package golang-go.tools, it was moved into a separate repository by upstream. * move patches/godoc-symlinks.diff to golang-go.tools golang (2:1.1.2-3) unstable; urgency=low * cherry-pick upstream commit: archive-tar-fix-links-and-pax.patch (Closes: #730566) golang (2:1.1.2-2) unstable; urgency=low * Build golang-go-linux-* for each architecture (Thanks James Page) (Closes: #719611) * Update lintian-overrides to override statically-linked-binary and unstripped-binary-or-object for all of golang-go golang (2:1.1.2-1) unstable; urgency=low * New upstream release. * Relicense debian/ under the Go license to match upstream. All copyright holders agreed to this. (Closes: #716907) * golang-mode: don’t install for a number of emacs versions which are not supported upstream (Thanks Kevin Ryde) (Closes: #702511, #717521) golang (2:1.1.1-4) unstable; urgency=low * Disable stripping, it breaks go binaries on some architectures. This drops the golang-dbg package which would be empty now. (Thanks Robie Basak) (Closes: #717172) golang (2:1.1.1-3) unstable; urgency=low * Ship */runtime/cgo.a in golang-go to ensure it is present. It can only be used on the native architecture anyway (cannot be used when cross-compiling), so having it in golang-go-$GOOS-$GOARCH is not necessary. Even worse, since these packages are arch: all, they will be built precisely once, and only the runtime/cgo.a for the buildd’s native arch will be present. (Closes: #715025) golang (2:1.1.1-2) unstable; urgency=low [ James Page ] * Ensure smooth upgrade path from << 2:1.1-2 (Closes: #714838) golang (2:1.1.1-1) unstable; urgency=low * Imported Upstream version 1.1.1 golang (2:1.1-2) unstable; urgency=low [ Ondřej Surý ] * Promote Michael to Maintainer [ Michael Stapelberg ] * Build golang-go-$GOOS-$GOARCH packages for cross-compiling (Closes: #710090) * Build race detector on linux/amd64 (only supported arch) (Closes: #710691) * Switch compression to xz (50% smaller binaries) golang (2:1.1-1) unstable; urgency=low * New upstream release: Go 1.1! * Remove the long obsolete goinstall debconf question and config file. goinstall does not exist anymore since a long time. This also obsoletes the need for any translations (Closes: #685923, #692478) * Emacs go-mode auto-mode-alist entry was fixed upstream (Closes: #670371) golang (2:1.1~hg20130405-1) experimental; urgency=low * Provide a new hg tip snapshot. This includes what was recently released as Go 1.1 beta. golang (2:1.1~hg20130323-1) experimental; urgency=low * Provide a new hg tip snapshot. * Add debian/watch (Closes: #699698) golang (2:1.1~hg20130304-2) experimental; urgency=low * Fix FTBFS of binary-arch only builds (as performed by buildds) caused by 'rm' not finding jquery.js in golang-doc (Thanks Peter Green) golang (2:1.1~hg20130304-1) experimental; urgency=low * Provide a hg tip snapshot (2013-03-04) in Debian experimental. Current hg tip is a good approximation to Go 1.1 and should get some testing within Debian in order to package Go 1.1 well when it is released. Thanks to Andrew Gerrand. golang (2:1.0.2-2) unstable; urgency=low * Add myself to uploaders, as discussed in #683421. * cherry-pick r820ffde8c396 (net/http: non-keepalive connections close successfully) (Closes: #683421) golang (2:1.0.2-1.1) unstable; urgency=low * Non-maintainer upload. (as discussed with Ondřej in #679692) * Fix godoc-symlinks.diff (godoc didn’t find docs) (Closes: #679692) golang (2:1.0.2-1) unstable; urgency=low [ Ondřej Surý ] * Imported Upstream version 1.0.2 * Update Vcs fields to reflect new git repository location * Kill get-orig-source, since 1.0.0, the tarballs can be downloaded from webpage [ Michael Stapelberg ] * golang-mode: use debian-pkg-add-load-path-item (Closes: #664802) * add manpages (Closes: #632964) * Use updated pt.po from Pedro Ribeiro (Closes: #674958) golang (2:1.0.1-1) unstable; urgency=low * Imported Upstream version 1.0.1 * Apply godoc patch to display package list correctly (Closes: #669354) golang (2:1-6) unstable; urgency=low * Merge upstream patch to fix homedir issue (http://code.google.com/p/go/source/detail?r=709120aecee0) * Disable GNU/KFreeBSD build (Closes: #668794) golang (2:1-5) unstable; urgency=low * Rewrite test conditions to make them more readable (and fix the debian/rules to really not check on armel+kfreebsd) * Patch upstream test to not fail on missing home directory golang (2:1-4) unstable; urgency=low * Disable tests on Debian GNU/KFreeBSD, they just hang now (Closes: #668794) * Disable tests on armel, but the invalid instruction needs fixing in upstream * Create fake home directory to pass the os/user test golang (2:1-3) unstable; urgency=high * Use VERSION provided by upstream for packaging purposes * Run tests as a part of a build process * Install full src tree (except pkg/debug) because go command depend on sources available * Install sources without testdata and *_test.go * Remove circular dependency golang-go->golang-doc->golang-go * Make sure that timestamp on installed binaries and libraries is same because go build/install recompiles everything if the go binary has more recent timestamp than libraries (Closes: #668235) + Need to update timestamps at postinst time because already created directories can have time in the past * Fix couple of lintian errors and warnings golang (2:1-2) unstable; urgency=low * Remove preserving of old -tools settings, there are too many options now anyway (Closes: #666007) golang (2:1-1) unstable; urgency=low * New major upstream release Go 1 (Closes: #666942) * Bumb epoch to 2, since 1 < 60 < 2011 (I wonder if next version will be 0 :) * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. (Closes: #663181) * [Debconf translation updates] + Pick existing translations from golang-weekly and do appropriate sed magic to fit golang templates. (Closes: #666884, #666880, #666881) + Dutch; (Jeroen Schot). (Closes: #664598) + Czech (Michal Simunek). (Closes: #665385) + Spanish; (Camaleón). (Closes: #666177) + Danish (Joe Hansen). (Closes: #666526) golang (1:60.3-2) unstable; urgency=low * debconf-gettextize package templates golang (1:60.3-1) unstable; urgency=low * Imported Upstream version 60.3 golang (1:60.2-1) unstable; urgency=low * Imported Upstream version 60.2 golang (1:60.1-1) unstable; urgency=low * Imported Upstream version 60.1 golang (1:60-1) unstable; urgency=low * Imported Upstream version 60 * Save upstream VERSION to the archive * Use GOVERSION as generated by src/version.bash on hg archive time * Add support for goinstall dashboard debconf question in the Debian packaging * Read goinstall dashboard option from debian configuration file * Remove 005-goinstall_dont_call_home_by_default.patch; replaced by configuration option * Fix directory name for upstream archive checkout golang (1:59-1) unstable; urgency=low * Imported Upstream version 59 * Refresh patches to a new release * Fix FTBFS on ARM (Closes: #634270) * Update version.bash to work with Debian packaging and not hg repository golang (1:58.1-2) unstable; urgency=low * Install golang-doc package by default (Recommends from golang-tools, Depends from golang) golang (1:58.1-1) unstable; urgency=low * Imported Upstream version 58.1 golang (1:58-1) unstable; urgency=low * Imported Upstream version 58 + Add NEWS file with upstream API changes * Remove patch to not update standard package, fixed in upstream golang (1:57.2-1) unstable; urgency=low * Imported Upstream version 57.2 * More spelling fixes (Closes: #630660) golang (1:57.1-4) unstable; urgency=low * Description update to have proper articles and capitalization (Closes: #630189) * Add extended description about Go being experimental and that the languager can change between releases golang (1:57.1-3) unstable; urgency=low * Fix "the Google's Go implementation" in extended description (Closes: #627814) * Update Vcs-* links * Install vim ftplugin files into correct directory (Closes: #629844) golang (1:57.1-2) unstable; urgency=low * Bump standards version to 3.9.2 * Capitalize Kate (Closes: #627036) * Import slightly modified patch to be more clear about $GOPATH installs for non-root users * Remove don't install deps patch from goinstall; deprecated by $GOPATH installs golang (1:57.1-1) unstable; urgency=low * Add support for dot-minor releases * Imported Upstream version 57.1 golang (1:57-3) unstable; urgency=low [ Florian Weimer ] * golang-tools: install gofix binary [ Ondřej Surý ] * Add lintian-overrides for gofix binary golang (1:57-2) unstable; urgency=low * Remove weekly code from debian/rules * Add golang meta-package * Don't create tool chain symlinks twice * Make debian/rules more generic for simpler sync between weekly and release branches golang (1:57-1) unstable; urgency=low * Imported Upstream version r57 * Bumped epoch version to 1, to convert from date based versions to release number based version * Allow release to migrate to testing (Closes: #624408) * Add kate and vim syntax highlighting (Closes: #624544) * Add -dbg package with debugging symbols golang (2011.04.27-2) unstable; urgency=low * Fix yet another build failure on kfreebsd (use linux userspace) golang (2011.04.27-1) unstable; urgency=low * Imported Upstream version 2011.04.27 * Update debian/rules to allow pulling weekly upstream releases * Don't remove RUNPATH from binaries; fixed upstream (golang#1527) * Set GOHOSTOS and GOHOSTARCH to match dpkg-architecture variables * Add support for kfreebsd-i386, kfreebsd-amd64, armel and armhf architectures + 006-fix_kfreebsd_build.patch: - Add GNU/KFreeBSD support by replacing all uname calls by $(GOOS) + 007-use_native_dynamic_linker_on_kfreebsd.patch: - Use native kfreebsd dynamic linker (/lib/ld-*.so.1) * Add information about available architectures (Closes: #623877) * Don't strip gotest * Add Depends: golang-go to golang-tools * Add better support for armhf golang (2011.04.13-1) unstable; urgency=low [ Florian Weimer ] * Delete bin directory in clean target * Enable parallel build * golang-src: install source files directly * Use proper symlink targets for architecture-independent toolchain names * Emacs mode: indent keys in struct literals properly [ Ondřej Surý ] * Imported Upstream weekly version 2011.04.13 * Update patches to new weekly release * Add lintian-override for gotest binary golang (2011.03.07.1-1) unstable; urgency=low * Imported Upstream version 2011.03.07.1 * Install to /usr/lib/go * Remove xkcd strip to get rid of CC-NC-BY * Update golang-src.install to new upstream * Remove 002-use_GOROOT_FINAL_in_generated_binaries.patch; merged upstream * Make all .go files no-executable * Update lintian-overrides to include both types of syntax golang (2011.02.15-2) unstable; urgency=low [ Ondřej Surý ] * Add ${misc:Depends} to golang-mode to shutup lintian * Rehaul build system and add golang-src package with .go source files * goinstall: do not automatically install prerequisities * goinstall: don't report to dashboard by default * Add a README.Debian about local modifications to goinstall * Add warning about local modifications also directly to goinstall command [ Florian Weimer ] * Fix syntax error in 004- dont_reinstall_dependencies_in_goinstall.patch golang (2011.02.15-1) unstable; urgency=low [ Obey Arthur Liu ] * Added pkg-google git repo to control file [ Florian Weimer ] * Build golang-mode package [ Ondřej Surý ] * Imported Upstream version 2011.02.15 * Don't compress godoc documentation * Correctly use $GOROOT_FINAL in the build chain * Remove RPATH/RUNPATH from go binaries golang (2011.02.01.1-1) unstable; urgency=low [ Ivan Wong ] * Initial release (Closes: #574371) [ Jonathan Nieder ] * Fill out copyright file * Rewrite debian/rules using dh driver * debian: fix get-orig-source rule * debian: do not install extra files on repeated build * debian: fix reversed ‘if’ * debian: do not leave around stale debian/env.sh+ file * debian: Build-Depends on awk instead of gawk * debian: add run-time dependency on perl * debian: add build-time dependency on perl * debian: fix setting of GOARM on arm * debian: do not compress files in web page * debian: install favicon [ Ondřej Surý ] * Make myself a maintainer * Add patch to allow IPv4 on IPv6 sockets (Courtesy of Florian Weimer) * Use GOROOT_FINAL and change GOBIN to /usr/bin * Get rid of env.sh and wrappers * Add support for building in i386 pbuilder on amd64 architecture * Rename source package to golang to match upstream repository name * Add golang-doc package * Split package into compiler, docs and tools * Don't install quietgcc and hgpatch * Don't generate fake gomake * Update golang-doc package * Export GOHOSTARCH and GOHOSTOS * Disable build time checks * Fail on missed installed files * Revert s{tmp{golang-go{ change in DESTDIR * Relicence debian/ files from versionless GPL to GPL-3 * Move golang-doc to doc section * Add more lintian overrides for Go binaries * Install all 6,8,5 variants of commands * Install golang-* symlinks for 6,8,5* commands * Don't strip govet as well * Remove ${shlibs:Depends} where it doesn't belong * Move more html files to golang-doc package * Remove codereview directory - some python code to deal with mercurial

golang-1.14 (1.14~beta1-2) unstable; urgency=medium * Source-only upload. * Add two more lintian overrides for testdata golang-1.14 (1.14~beta1-1) unstable; urgency=medium * New upstream major version. golang-1.13 (1.13.5-1) unstable; urgency=medium * New upstream version 1.13.5 golang-1.13 (1.13.4-1) unstable; urgency=medium * New upstream version 1.13.4 - Refresh patches golang-1.13 (1.13.3-1) unstable; urgency=medium * New upstream version 1.13.3 - Refresh patch - crypto/dsa: invalid public key causes panic in dsa.Verify. Fixes CVE-2019-17596. Closes: #942628 * Update Standards-Version to 4.4.1, no changes needed golang-1.13 (1.13.1-1) unstable; urgency=medium * New upstream version 1.13.1 - net/textproto: don't normalize headers with spaces before the colon. Fixes CVE-2019-16276. See golang/go#34541 and Debian bug #941173 golang-1.13 (1.13-1) unstable; urgency=medium * New upstream version 1.13 - Refresh patch * Set pristine-tar for gbp to False golang-1.13 (1.13~rc2-1) unstable; urgency=medium * New upstream version 1.13~rc2 - Remove patch for CVE-2019-9512 and CVE-2019-9514, has been applied upstream golang-1.13 (1.13~rc1-2) unstable; urgency=medium * Exclude testdata from dh_makeshlibs. Otherwise, the build fails at least on armel and armhf. * Apply changes from cme fix dpkg * Set Rules-Requires-Root: no golang-1.13 (1.13~rc1-1) unstable; urgency=medium * New upstream version 1.13~rc1 - Remove patch for CVE-2019-14809, has been applied upstream * Use dh_missing instead of deprecated dh_install --fail-missing * Do not run dh_dwz, there is no debugging information * Use debhelper-compat (= 12) golang-1.13 (1.13~beta1-3) unstable; urgency=high * Fix Denial of Service vulnerabilities in the HTTP/2 implementation. golang/go#33631 CVE-2019-9512, CVE-2019-9514. Closes: #934955 * Fix multiple Parsing Issues in URL.Parse golang/go#29098 CVE-2019-14809. Closes: #934954 golang-1.13 (1.13~beta1-2) unstable; urgency=medium * Set GOCACHE to fix a FTBFS. (See bug #933958) golang-1.13 (1.13~beta1-1) unstable; urgency=medium * New upstream major version. - Remove Reproducible-BUILD_PATH_PREFIX_MAP.patch. This patch is finally no longer needed with Go 1.13. Upstream has implemented a new flag "-trimpath" for the command "go build" which either strips the path or replaces it in the resulting binaries. References: golang/go#16860 https://go-review.googlesource.com/c/go/+/173345/ https://go-review.googlesource.com/c/go/+/173344/ - Remove arm64-arm64asm-recognise-new-ssbb-pssbb-mnemonics-fr.patch. This patch has been cherry-picked from upstream and is now included. - Refresh remaining patches - Fix lintian warning: make scripts executable * Switch to debhelper-compat, but stay at v11 for now golang-1.12 (1.12.7-1) unstable; urgency=medium * New upstream version 1.12.7 - Refresh patches * Update Standards-Version to 4.4.0, no changes needed golang-1.12 (1.12.5-1) unstable; urgency=medium * New upstream version 1.12.5 golang-1.12 (1.12.4-1) unstable; urgency=medium [ Anthony Fok ] * Add /usr/lib/go-X.Y/{api,misc} symlinks. For example, programs such as https://github.com/vugu/vugu and documentation such as https://github.com/golang/go/wiki/WebAssembly expect to find wasm_exec.js at "$(go env GOROOT)/misc/wasm/wasm_exec.js". [ Dr. Tobias Quathamer ] * New upstream version 1.12.4 * Add five lintian overrides for false positives golang-1.12 (1.12.1-1) unstable; urgency=medium * New upstream version 1.12.1 * Use upstream signing key for tarball verification golang-1.12 (1.12-1) unstable; urgency=medium * New upstream version 1.12 - Remove patch 0005-Fix-CVE-2019-6486, applied upstream golang-1.12 (1.12~beta2-2) unstable; urgency=medium * Refresh patch Reproducible BUILD_PATH_PREFIX_MAP. Thanks to Michael Stapelberg! * Add patch to fix CVE-2019-6486. (Closes: #920548) golang-1.12 (1.12~beta2-1) unstable; urgency=medium * New upstream version 1.12~beta2 - Remove two patches, applied upstream. Refresh remaining patch. golang-1.12 (1.12~beta1-4) unstable; urgency=medium * Switch watch file to version 4 * Update d/copyright golang-1.12 (1.12~beta1-3) unstable; urgency=medium [ Anthony Fok ] * Add patch "unix: fix Fstatat by using fillStat_t on linux/mips64x" This fixes the "Fstatat: returned stat does not match Stat/Lstat" errors detected by TestFstatat. See https://go-review.googlesource.com/c/sys/+/155747 [ Dr. Tobias Quathamer ] * Add another lintian override golang-1.12 (1.12~beta1-2) unstable; urgency=medium [ Anthony Fok ] * Add patch "cmd/compile: fix MIPS SGTconst-with-shift rules" by Cherry Zhang. This fixes the root problem behind the "slice bounds out of range" build error seen in 1.11.4 on mips and mipsel architectures. See https://go-review.googlesource.com/c/go/+/155798 * Bump Standards-Version to 4.3.0 (no change) [ Dr. Tobias Quathamer ] * Do not compress favicon.ico. Thanks to Dato Simó <dato@debian.org> (Closes: #917132) golang-1.12 (1.12~beta1-1) unstable; urgency=medium * New upstream major version. - Refresh patches - Add new patch to disable test for UserHomeDir * Switch team address to tracker.d.o * Add another lintian override for a false positive golang-1.11 (1.11.4-1) unstable; urgency=medium * New upstream version 1.11.4 * Make lintian override agnostic of golang version golang-1.11 (1.11.3-1) unstable; urgency=medium * New upstream version 1.11.3 - Refresh patches * Update gbp.conf to new style syntax * Suggest brz as alternative to bzr; it provides the same command-line API. * Add myself to Uploaders golang-1.11 (1.11.2-2) unstable; urgency=medium * d/patches/arm64-arm64asm-recognise-new-ssbb-pssbb-mnemonics-fr.patch: backport workaround for objdump's support of newer mnemonics on arm64. golang-1.11 (1.11.2-1) unstable; urgency=medium * Team upload. [ Michael Hudson-Doyle ] * New upstream major version. * Update debhelper compat level to 11. * Remove GOCACHE files after running tests. * Stop dh_strip_nondeterminism from looking at testdata directories. [ Dr. Tobias Quathamer ] * Build-Depend on debhelper v11 * Override two false positive Lintian errors (missing depends on sensible-utils) * Add Lintian overrides for testdata * Include /usr/share/dpkg/architecture.mk for DEB_HOST_ARCH * Refresh patch for new upstream version * Fix Lintian warnings about wrong interpreter path * Make two scripts executable which have been missed by upstream * Remove three unneeded lintian overrides * Use HTTPS URL for d/watch * Update to Standards-Version 4.2.1 - Use HTTPS for d/copyright * Update d/copyright golang-1.10 (1.10.3-1) unstable; urgency=medium * New upstream version 1.10.3 * Restore changelog entry for 1.10.1-3, and fix that for 1.10.2-1, oops. golang-1.10 (1.10.2-1) unstable; urgency=medium * New upstream version 1.10.2. - d/patches/0003-Backport_nopie_fix.patch: removed, now included upstream. - d/patches/0004-Backport_mips_octeon3_fp_fix.patch: removed, also included upstream. golang-1.10 (1.10.1-3) unstable; urgency=high * Team upload. [ Michael Hudson-Doyle ] * Install the 'misc' and 'api' directories as part of the golang-1.10-src package as some tools (vgo, go tool trace) expect them to be there. (Closes: 894992¸ LP: #1743598) [ Martín Ferrari ] * Backport fix for FP bug in mips/Octeon III. Closes: #892088. Raising severity. golang-1.10 (1.10.1-2) unstable; urgency=medium * Team upload. * Backport patch that fixes FTBFS in arm64. * debian/copyright: Update attribution. * debian/source: Update lintian-overrides. golang-1.10 (1.10.1-1) unstable; urgency=medium * New upstream version 1.10.1. * d/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch: update patch tags to reference upstream discussion of this topic. * d/control, d/control.in: Update Vcs-* to point to salsa. golang-1.10 (1.10-1) unstable; urgency=medium * New upstream version 1.10 golang-1.10 (1.10~rc2-1) unstable; urgency=medium * New upstream version, fixing CVE-2018-6574. * d/patches/0001-os-signal-skip-TestTerminalSignal-if-posix_openpt-fa.patch, d/patches/0003-cmd-vendor-github.com-google-pprof-cherry-pick-fix-t.patch, d/patches/0004-cmd-link-internal-loadelf-fix-logic-for-computing-EL.patch: removed, now included upstream. golang-1.10 (1.10~rc1-2) unstable; urgency=medium * d/patches/0004-cmd-link-internal-loadelf-fix-logic-for-computing-EL.patch: Backport from upstream to fix build issues on armhf (causes ftbfs on Ubuntu but not Debian for some reason, but could produce broken binaries on Debian too). golang-1.10 (1.10~rc1-1) unstable; urgency=medium * New upstream version 1.10~rc1. * d/patches/0004-cmd-dist-use-buildmode-pie-for-pie-testing.patch, d/patches/0006-misc-cgo-testcarchive-use-no-pie-where-needed.patch, d/patches/0003-Do-not-use-SP-as-index-reg.patch: removed, included upstream. * d/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch: refreshed. * d/patches/0001-os-signal-skip-TestTerminalSignal-if-posix_openpt-fa.patch: Add to fix test failure in chroot. * d/patches/0003-cmd-vendor-github.com-google-pprof-cherry-pick-fix-t.patch: Add to fix test failure when $HOME is not writable. * d/rules: Set GOCACHE to "off" during build to avoid shipping cache files. golang-1.9 (1.9.2-4) unstable; urgency=medium * Enable building on mips, mipsel and mips64. (Closes: 879764) golang-1.9 (1.9.2-3) unstable; urgency=medium * Remove workaround for now fixed debhelper bug #879762 * Backport three patches from upstream to fix ftbfs on ppc64el with new kernel. golang-1.9 (1.9.2-2) unstable; urgency=medium [ Martín Ferrari ] * Add debian/patches/0003-Do-not-use-SP-as-index-reg.patch (Closes: #877541) golang-1.9 (1.9.2-1) unstable; urgency=medium * New upstream version 1.9.2 * Work around debhelper bug #879762 golang-1.9 (1.9.1-2) unstable; urgency=medium * Update debian/copyright (Closes: #873740) golang-1.9 (1.9.1-1) unstable; urgency=medium * New upstream release. * Use my @debian.org address in Uploaders. golang-1.9 (1.9-1) unstable; urgency=medium [ Michael Hudson-Doyle ] * New upstream release. * Suppress some new lintian errors in golang-1.9-src. [ Michael Stapelberg ] * Add debian/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch golang-1.8 (1.8.3-1) unstable; urgency=medium * New upstream release. (Closes: 863292, 863307) golang-1.8 (1.8.1-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~rc3-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~rc2-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~rc1-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~beta2-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~beta1-1) unstable; urgency=medium * New upstream release. * Remove d/patches/cl-29995--tzdata-2016g.patch, included upstream. golang-1.7 (1.7.4-1) unstable; urgency=medium * Update to 1.7.4 upstream release (Closes: #846545) - https://groups.google.com/d/topic/golang-announce/2lP5z9i9ySY/discussion - https://golang.org/issue/17965 (potential DoS vector in net/http) - golang/go@go1.7.3...go1.7.4 golang-1.7 (1.7.3-1) unstable; urgency=medium * New upstream release. * Delete d/patches/cl-28850.patch, applied upstream. golang-1.7 (1.7.1-3) unstable; urgency=medium * Backport CL 29995 for tzdata 2016g changes (Closes: #839317) golang-1.7 (1.7.1-2) unstable; urgency=medium * Add upstream patch for s390x FTBFS golang-1.7 (1.7.1-1) unstable; urgency=medium * New upstream release. * Re-enable tests on s390x now that gcc-6 has been fixed in unstable. golang-1.7 (1.7-3) unstable; urgency=medium * Add "s390x" to Architectures golang-1.7 (1.7-2) unstable; urgency=medium * Disable tests on armel. golang-1.7 (1.7-1) unstable; urgency=medium * New upstream release. golang-1.7 (1.7~rc4-1) unstable; urgency=medium * New upstream release. golang-1.7 (1.7~rc3-1) unstable; urgency=medium [ Tianon Gravi ] * Remove outdated README files (README.source and README.Debian) [ Michael Hudson-Doyle ] * New upstream release. * Suppress inaccurate source-is-missing lintian warnings. * Update Standards-Version to 3.9.8 (no changes required). golang-1.7 (1.7~rc2-1) unstable; urgency=medium * Update to 1.7rc2 upstream release. golang-1.7 (1.7~rc1-1) unstable; urgency=medium [ Paul Tagliamonte ] * Use a secure transport for the Vcs-Git and Vcs-Browser URL [ Tianon Gravi ] * Update to 1.7rc1 upstream release (new packages, not used by default; see also src:golang-defaults) * Update Vcs-Git to reference a particular branch golang-1.6 (1.6.2-2) unstable; urgency=medium * Update "golang-any" in "Build-Depends" to fallback to "golang-go | gccgo" (will help with backporting) golang-1.6 (1.6.2-1) unstable; urgency=medium * Update to 1.6.2 upstream release (Closes: #825696) * Build-Depend on golang-any instead of golang-go (Closes: #824421) golang-1.6 (1.6.1-1) unstable; urgency=medium * Build golang version-specific packages (Closes: #818415) * Things that (conceptually at least) move to new golang version independent golang-defaults source package: - Man pages. - Suggesting golang-golang-x-tools. - Breaks/Replace-ing of old golang-go-$GOOS-$GOARCH packages. * Stop using alternatives to manage /usr/bin/go. * sed trickery in debian/rules to support easy changes to new golang versions. golang (2:1.6.1-2) unstable; urgency=medium * Don't strip testdata files, causes build failures on some platforms. golang (2:1.6.1-1) unstable; urgency=medium [ Michael Hudson-Doyle ] * Breaks/Replaces: older golang-golang-x-tools, not Conflicts, to ensure smooth upgrades. * Strip the binaries as it has worked for the last five years or so and upstream sees no reason to disable it. [ Tianon Gravi ] * Update to 1.6.1 upstream release (Closes: #820369) - Fix CVE-2016-3959: infinite loop in several big integer routines golang (2:1.6-1) unstable; urgency=medium * Update to 1.6 upstream release (thanks Hilko!) - change "ar" arguments to quiet spurious warnings while using gccgo (Closes: #807138) - skip multicast listen test (Closes: #814849) - skip userns tests when chrooted (Closes: #807303) - use correct ELF header for armhf binaries (Closes: #734357) - Update debian/rules clean for new location of generated file. [ Michael Hudson-Doyle ] * Respect "nocheck" in DEB_BUILD_OPTIONS while building to skip tests (Closes: #807290) * Trim Build-Depends (Closes: #807299) * Fix several minor debian/copyright issues (Closes: #807304) * Remove inconsistently included race-built packages (Closes: #807294) [ Tianon Gravi ] * Add "-k" to "run.bash" invocation so that we do a full test run every time golang (2:1.5.3-1) unstable; urgency=high * Update to 1.5.3 upstream release - Fix CVE-2015-8618: Carry propagation in Int.Exp Montgomery code in math/big library (Closes: #809168) * Add "Breaks" to properly complement our "Replaces" (Closes: #810595) golang (2:1.5.2-1) unstable; urgency=medium * Update to 1.5.2 upstream release (Closes: #807136) golang (2:1.5.1-4) unstable; urgency=medium * Add Conflicts to force newer golang-go.tools too (Closes: #803559) golang (2:1.5.1-3) unstable; urgency=medium * Remove architecture qualification on golang-go Build-Depend now that golang-go is available for more architectures. golang (2:1.5.1-2) unstable; urgency=medium * Add Conflicts to force newer golang-golang-x-tools (Closes: #802945). golang (2:1.5.1-1) unstable; urgency=medium * Upload to unstable. * Update to 1.5.1 upstream release (see notes from experimental uploads for what's changed). * Skip tests on architectures where the tests fail. golang (2:1.4.3-3) unstable; urgency=medium * Fix FTBFS for non-amd64 architectures due to handling of "-race". golang (2:1.5.1-1~exp2) experimental; urgency=medium * Upload to experimental. * Add arch-qualifiers to "golang-go" build-depends to unblock the buildds (Closes: #800479); thanks Tim! golang (2:1.4.3-2) unstable; urgency=medium * Update Recommends/Suggests, especially to add gcc, etc. * Refactor "debian/rules" to utilize debhelper more effectively, especially for arch vs indep building (mostly backported from the 1.5+ changes), which fixes the "arch:all" FTBFS. golang (2:1.5.1-1~exp1) experimental; urgency=low * Upload to experimental. * Update to 1.5.1 upstream release (Closes: #796150). - Compiler and runtime written entirely in Go. - Concurrent garbage collector. - GOMAXPROCS=runtime.NumCPU() by default. - "internal" packages for all, not just core. - Experimental "vendoring" support. - Cross-compilation no longer requires a complete rebuild of the stdlib in GOROOT, and thus the golang-go-GOHOST-GOARCH packages are removed. * Sync debian/copyright with the Ubuntu delta. (thanks doko!) * Remove patches that no longer apply. * Add more supported arches to "debian/rules" code for detecting appropriate GOARCH/GOHOSTARCH values; thanks mwhudson and tpot! (Closes: #799907) * Refactor "debian/rules" to utilize debhelper more effectively, especially for arch vs indep building. * Move "dpkg-architecture" to "GOOS"/"GOARCH" code into a simple shell script for easier maintenance. golang (2:1.4.3-1) unstable; urgency=medium * New upstream version (https://golang.org/doc/devel/release.html#go1.4.minor) - includes previous CVE and non-CVE security fixes, especially TEMP-0000000-1C4729 golang (2:1.4.2-4) unstable; urgency=high * Apply backported CVE fixes (Closes: #795106). - CVE-2015-5739: Invalid headers are parsed as valid headers - CVE-2015-5740: RFC 7230 3.3.3 4 violation - CVE-2015-5741: other discoveries of security-relevant RFC 7230 violations golang (2:1.4.2-3) unstable; urgency=medium * Add missing "prerm" for our new alternatives (thanks piuparts). golang (2:1.4.2-2) unstable; urgency=medium * Move "go" and "gofmt" into "/usr/lib/go" and use alternatives to provide appropriate symlinks (Closes: #779503, #782301). * Relax "golang-go.tools" relationship to Suggests (from Recommends). * Add "go get" VCS options to Suggests for golang-go (bzr, git, mercurial, subversion). golang (2:1.4.2-1) unstable; urgency=medium * New upstream version (https://golang.org/doc/devel/release.html#go1.4.minor) golang (2:1.4.1-1~exp1) experimental; urgency=low * New upstream version (https://golang.org/doc/go1.4) - all editor support files have been removed from misc/ upstream upstream, so golang-mode, kate-syntax-go, and vim-syntax-go can no longer be provided; see https://github.com/golang/go/wiki/IDEsAndTextEditorPlugins for an upstream-maintained list of potential replacements golang (2:1.3.3-1) unstable; urgency=medium * New upstream version (https://code.google.com/p/go/source/list?name=go1.3.3) - time: removed from tests now obsolete assumption about Australian tz abbreviations - net: temporarily skip TestAcceptIgnoreSomeErrors - runtime: hide cgocallback_gofunc calling cgocallbackg from linker - runtime: fix GOTRACEBACK reading on Windows, Plan 9 - nacltest.bash: unset GOROOT - cmd/5l, cmd/6l, cmd/8l: fix nacl binary corruption bug * Add Paul and myself as uploaders. Many, many thanks to Michael for his work so far on this package (and hopefully more to come). golang (2:1.3.2-1) unstable; urgency=medium * New upstream version golang (2:1.3.1-1) unstable; urgency=medium * New upstream version golang (2:1.3-4) unstable; urgency=medium [ Tianon Gravi ] * update debian/watch for upstream's latest move (Closes: #756415) * backport archive/tar patch to fix PAX headers (Closes: #756416) golang (2:1.3-3) unstable; urgency=medium * don’t depend on emacs23, depend on emacs instead (Closes: #754013) * install include/ in golang-src, VERSION in golang-go (Closes: #693186) golang (2:1.3-2) unstable; urgency=medium * Add /usr/lib/go/test symlink * Build with GO386=387 to favor the 387 floating point unit over sse2 instructions (Closes: #753160) * Add debian/patches/0001-backport-delete-whole-line.patch to fix a deprecation warning about flet in the emacs part of golang-mode (Closes: #753607) * Migrate to emacsen >2 (Closes: #753607) * Backport two patches to improve archive/tar performance (for docker): debian/patches/0002-archive-tar-reuse-temporary-buffer-in-writeHeader.patch debian/patches/0003-archive-tar-reuse-temporary-buffer-in-readHeader.patch golang (2:1.3-1) unstable; urgency=medium * New upstream version. * Drop patches merged upstream: - debian/patches/add-tar-xattr-support.patch - debian/patches/add-tar-xattr-support.patch * Fix debian/watch (Thanks Tianon) (Closes: #748290) * Remove dangling symlink /usr/lib/go/lib/godoc (Closes: #747968) golang (2:1.2.1-2) unstable; urgency=low * Re-apply debian/patches/add-tar-xattr-support.patch which got lost when uploading 1.2.1-1; sorry about that. golang (2:1.2.1-1) unstable; urgency=low * New upstream release. golang (2:1.2-3) unstable; urgency=low * add debian/patches/add-tar-xattr-support.patch to have xattr support in tar (cherry-picked from upstream) (Thanks proppy) (Closes: #739586) golang (2:1.2-2) unstable; urgency=low * add patches/add-src-pkg-debug-elf-testdata-hello.patch to provide source for the testdata/ ELF binaries (Closes: #716853) golang (2:1.2-1) unstable; urgency=low * New upstream release. * drop patches/archive-tar-fix-links-and-pax.patch, it is merged upstream * godoc(1) is now in the Debian package golang-go.tools, it was moved into a separate repository by upstream. * move patches/godoc-symlinks.diff to golang-go.tools golang (2:1.1.2-3) unstable; urgency=low * cherry-pick upstream commit: archive-tar-fix-links-and-pax.patch (Closes: #730566) golang (2:1.1.2-2) unstable; urgency=low * Build golang-go-linux-* for each architecture (Thanks James Page) (Closes: #719611) * Update lintian-overrides to override statically-linked-binary and unstripped-binary-or-object for all of golang-go golang (2:1.1.2-1) unstable; urgency=low * New upstream release. * Relicense debian/ under the Go license to match upstream. All copyright holders agreed to this. (Closes: #716907) * golang-mode: don’t install for a number of emacs versions which are not supported upstream (Thanks Kevin Ryde) (Closes: #702511, #717521) golang (2:1.1.1-4) unstable; urgency=low * Disable stripping, it breaks go binaries on some architectures. This drops the golang-dbg package which would be empty now. (Thanks Robie Basak) (Closes: #717172) golang (2:1.1.1-3) unstable; urgency=low * Ship */runtime/cgo.a in golang-go to ensure it is present. It can only be used on the native architecture anyway (cannot be used when cross-compiling), so having it in golang-go-$GOOS-$GOARCH is not necessary. Even worse, since these packages are arch: all, they will be built precisely once, and only the runtime/cgo.a for the buildd’s native arch will be present. (Closes: #715025) golang (2:1.1.1-2) unstable; urgency=low [ James Page ] * Ensure smooth upgrade path from << 2:1.1-2 (Closes: #714838) golang (2:1.1.1-1) unstable; urgency=low * Imported Upstream version 1.1.1 golang (2:1.1-2) unstable; urgency=low [ Ondřej Surý ] * Promote Michael to Maintainer [ Michael Stapelberg ] * Build golang-go-$GOOS-$GOARCH packages for cross-compiling (Closes: #710090) * Build race detector on linux/amd64 (only supported arch) (Closes: #710691) * Switch compression to xz (50% smaller binaries) golang (2:1.1-1) unstable; urgency=low * New upstream release: Go 1.1! * Remove the long obsolete goinstall debconf question and config file. goinstall does not exist anymore since a long time. This also obsoletes the need for any translations (Closes: #685923, #692478) * Emacs go-mode auto-mode-alist entry was fixed upstream (Closes: #670371) golang (2:1.1~hg20130405-1) experimental; urgency=low * Provide a new hg tip snapshot. This includes what was recently released as Go 1.1 beta. golang (2:1.1~hg20130323-1) experimental; urgency=low * Provide a new hg tip snapshot. * Add debian/watch (Closes: #699698) golang (2:1.1~hg20130304-2) experimental; urgency=low * Fix FTBFS of binary-arch only builds (as performed by buildds) caused by 'rm' not finding jquery.js in golang-doc (Thanks Peter Green) golang (2:1.1~hg20130304-1) experimental; urgency=low * Provide a hg tip snapshot (2013-03-04) in Debian experimental. Current hg tip is a good approximation to Go 1.1 and should get some testing within Debian in order to package Go 1.1 well when it is released. Thanks to Andrew Gerrand. golang (2:1.0.2-2) unstable; urgency=low * Add myself to uploaders, as discussed in #683421. * cherry-pick r820ffde8c396 (net/http: non-keepalive connections close successfully) (Closes: #683421) golang (2:1.0.2-1.1) unstable; urgency=low * Non-maintainer upload. (as discussed with Ondřej in #679692) * Fix godoc-symlinks.diff (godoc didn’t find docs) (Closes: #679692) golang (2:1.0.2-1) unstable; urgency=low [ Ondřej Surý ] * Imported Upstream version 1.0.2 * Update Vcs fields to reflect new git repository location * Kill get-orig-source, since 1.0.0, the tarballs can be downloaded from webpage [ Michael Stapelberg ] * golang-mode: use debian-pkg-add-load-path-item (Closes: #664802) * add manpages (Closes: #632964) * Use updated pt.po from Pedro Ribeiro (Closes: #674958) golang (2:1.0.1-1) unstable; urgency=low * Imported Upstream version 1.0.1 * Apply godoc patch to display package list correctly (Closes: #669354) golang (2:1-6) unstable; urgency=low * Merge upstream patch to fix homedir issue (http://code.google.com/p/go/source/detail?r=709120aecee0) * Disable GNU/KFreeBSD build (Closes: #668794) golang (2:1-5) unstable; urgency=low * Rewrite test conditions to make them more readable (and fix the debian/rules to really not check on armel+kfreebsd) * Patch upstream test to not fail on missing home directory golang (2:1-4) unstable; urgency=low * Disable tests on Debian GNU/KFreeBSD, they just hang now (Closes: #668794) * Disable tests on armel, but the invalid instruction needs fixing in upstream * Create fake home directory to pass the os/user test golang (2:1-3) unstable; urgency=high * Use VERSION provided by upstream for packaging purposes * Run tests as a part of a build process * Install full src tree (except pkg/debug) because go command depend on sources available * Install sources without testdata and *_test.go * Remove circular dependency golang-go->golang-doc->golang-go * Make sure that timestamp on installed binaries and libraries is same because go build/install recompiles everything if the go binary has more recent timestamp than libraries (Closes: #668235) + Need to update timestamps at postinst time because already created directories can have time in the past * Fix couple of lintian errors and warnings golang (2:1-2) unstable; urgency=low * Remove preserving of old -tools settings, there are too many options now anyway (Closes: #666007) golang (2:1-1) unstable; urgency=low * New major upstream release Go 1 (Closes: #666942) * Bumb epoch to 2, since 1 < 60 < 2011 (I wonder if next version will be 0 :) * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. (Closes: #663181) * [Debconf translation updates] + Pick existing translations from golang-weekly and do appropriate sed magic to fit golang templates. (Closes: #666884, #666880, #666881) + Dutch; (Jeroen Schot). (Closes: #664598) + Czech (Michal Simunek). (Closes: #665385) + Spanish; (Camaleón). (Closes: #666177) + Danish (Joe Hansen). (Closes: #666526) golang (1:60.3-2) unstable; urgency=low * debconf-gettextize package templates golang (1:60.3-1) unstable; urgency=low * Imported Upstream version 60.3 golang (1:60.2-1) unstable; urgency=low * Imported Upstream version 60.2 golang (1:60.1-1) unstable; urgency=low * Imported Upstream version 60.1 golang (1:60-1) unstable; urgency=low * Imported Upstream version 60 * Save upstream VERSION to the archive * Use GOVERSION as generated by src/version.bash on hg archive time * Add support for goinstall dashboard debconf question in the Debian packaging * Read goinstall dashboard option from debian configuration file * Remove 005-goinstall_dont_call_home_by_default.patch; replaced by configuration option * Fix directory name for upstream archive checkout golang (1:59-1) unstable; urgency=low * Imported Upstream version 59 * Refresh patches to a new release * Fix FTBFS on ARM (Closes: #634270) * Update version.bash to work with Debian packaging and not hg repository golang (1:58.1-2) unstable; urgency=low * Install golang-doc package by default (Recommends from golang-tools, Depends from golang) golang (1:58.1-1) unstable; urgency=low * Imported Upstream version 58.1 golang (1:58-1) unstable; urgency=low * Imported Upstream version 58 + Add NEWS file with upstream API changes * Remove patch to not update standard package, fixed in upstream golang (1:57.2-1) unstable; urgency=low * Imported Upstream version 57.2 * More spelling fixes (Closes: #630660) golang (1:57.1-4) unstable; urgency=low * Description update to have proper articles and capitalization (Closes: #630189) * Add extended description about Go being experimental and that the languager can change between releases golang (1:57.1-3) unstable; urgency=low * Fix "the Google's Go implementation" in extended description (Closes: #627814) * Update Vcs-* links * Install vim ftplugin files into correct directory (Closes: #629844) golang (1:57.1-2) unstable; urgency=low * Bump standards version to 3.9.2 * Capitalize Kate (Closes: #627036) * Import slightly modified patch to be more clear about $GOPATH installs for non-root users * Remove don't install deps patch from goinstall; deprecated by $GOPATH installs golang (1:57.1-1) unstable; urgency=low * Add support for dot-minor releases * Imported Upstream version 57.1 golang (1:57-3) unstable; urgency=low [ Florian Weimer ] * golang-tools: install gofix binary [ Ondřej Surý ] * Add lintian-overrides for gofix binary golang (1:57-2) unstable; urgency=low * Remove weekly code from debian/rules * Add golang meta-package * Don't create tool chain symlinks twice * Make debian/rules more generic for simpler sync between weekly and release branches golang (1:57-1) unstable; urgency=low * Imported Upstream version r57 * Bumped epoch version to 1, to convert from date based versions to release number based version * Allow release to migrate to testing (Closes: #624408) * Add kate and vim syntax highlighting (Closes: #624544) * Add -dbg package with debugging symbols golang (2011.04.27-2) unstable; urgency=low * Fix yet another build failure on kfreebsd (use linux userspace) golang (2011.04.27-1) unstable; urgency=low * Imported Upstream version 2011.04.27 * Update debian/rules to allow pulling weekly upstream releases * Don't remove RUNPATH from binaries; fixed upstream (golang#1527) * Set GOHOSTOS and GOHOSTARCH to match dpkg-architecture variables * Add support for kfreebsd-i386, kfreebsd-amd64, armel and armhf architectures + 006-fix_kfreebsd_build.patch: - Add GNU/KFreeBSD support by replacing all uname calls by $(GOOS) + 007-use_native_dynamic_linker_on_kfreebsd.patch: - Use native kfreebsd dynamic linker (/lib/ld-*.so.1) * Add information about available architectures (Closes: #623877) * Don't strip gotest * Add Depends: golang-go to golang-tools * Add better support for armhf golang (2011.04.13-1) unstable; urgency=low [ Florian Weimer ] * Delete bin directory in clean target * Enable parallel build * golang-src: install source files directly * Use proper symlink targets for architecture-independent toolchain names * Emacs mode: indent keys in struct literals properly [ Ondřej Surý ] * Imported Upstream weekly version 2011.04.13 * Update patches to new weekly release * Add lintian-override for gotest binary golang (2011.03.07.1-1) unstable; urgency=low * Imported Upstream version 2011.03.07.1 * Install to /usr/lib/go * Remove xkcd strip to get rid of CC-NC-BY * Update golang-src.install to new upstream * Remove 002-use_GOROOT_FINAL_in_generated_binaries.patch; merged upstream * Make all .go files no-executable * Update lintian-overrides to include both types of syntax golang (2011.02.15-2) unstable; urgency=low [ Ondřej Surý ] * Add ${misc:Depends} to golang-mode to shutup lintian * Rehaul build system and add golang-src package with .go source files * goinstall: do not automatically install prerequisities * goinstall: don't report to dashboard by default * Add a README.Debian about local modifications to goinstall * Add warning about local modifications also directly to goinstall command [ Florian Weimer ] * Fix syntax error in 004- dont_reinstall_dependencies_in_goinstall.patch golang (2011.02.15-1) unstable; urgency=low [ Obey Arthur Liu ] * Added pkg-google git repo to control file [ Florian Weimer ] * Build golang-mode package [ Ondřej Surý ] * Imported Upstream version 2011.02.15 * Don't compress godoc documentation * Correctly use $GOROOT_FINAL in the build chain * Remove RPATH/RUNPATH from go binaries golang (2011.02.01.1-1) unstable; urgency=low [ Ivan Wong ] * Initial release (Closes: #574371) [ Jonathan Nieder ] * Fill out copyright file * Rewrite debian/rules using dh driver * debian: fix get-orig-source rule * debian: do not install extra files on repeated build * debian: fix reversed ‘if’ * debian: do not leave around stale debian/env.sh+ file * debian: Build-Depends on awk instead of gawk * debian: add run-time dependency on perl * debian: add build-time dependency on perl * debian: fix setting of GOARM on arm * debian: do not compress files in web page * debian: install favicon [ Ondřej Surý ] * Make myself a maintainer * Add patch to allow IPv4 on IPv6 sockets (Courtesy of Florian Weimer) * Use GOROOT_FINAL and change GOBIN to /usr/bin * Get rid of env.sh and wrappers * Add support for building in i386 pbuilder on amd64 architecture * Rename source package to golang to match upstream repository name * Add golang-doc package * Split package into compiler, docs and tools * Don't install quietgcc and hgpatch * Don't generate fake gomake * Update golang-doc package * Export GOHOSTARCH and GOHOSTOS * Disable build time checks * Fail on missed installed files * Revert s{tmp{golang-go{ change in DESTDIR * Relicence debian/ files from versionless GPL to GPL-3 * Move golang-doc to doc section * Add more lintian overrides for Go binaries * Install all 6,8,5 variants of commands * Install golang-* symlinks for 6,8,5* commands * Don't strip govet as well * Remove ${shlibs:Depends} where it doesn't belong * Move more html files to golang-doc package * Remove codereview directory - some python code to deal with mercurial

golang-1.15 (1.15~beta1-2) unstable; urgency=medium * Source-only upload. golang-1.15 (1.15~beta1-1) unstable; urgency=medium * New upstream major version. - Drop patch to fix FTBFS on $HOME managed with git, has been applied upstream. - Refresh remaining patches golang-1.14 (1.14.4-1) unstable; urgency=medium * New upstream version 1.14.4 - Refresh patches golang-1.14 (1.14.3-2) unstable; urgency=medium * Increase the test timeout that made some builds succeed there on slow hardware (such as emulated riscv64). Thanks to Gianfranco Costamagna (Closes: #960759) golang-1.14 (1.14.3-1) unstable; urgency=medium * New upstream version 1.14.3 * Use debhelper v13 golang-1.14 (1.14.2-1) unstable; urgency=medium * New upstream version 1.14.2 golang-1.14 (1.14.1-1) unstable; urgency=medium * New upstream version 1.14.1 - Add new patch to fix FTBFS on $HOME managed with git. Thanks to Guillem Jover <gjover@sipwise.com> (Closes: #953276) golang-1.14 (1.14-2) unstable; urgency=medium * Fix FTBFS if built twice in a row. Some paths of autogenerated files have been changed upstream, so that the removal of those files after the build did no longer succeed. Thanks to Guillem Jover (Closes: #953277) * Update Standards-Version to 4.5.0, no changes needed golang-1.14 (1.14-1) unstable; urgency=medium * New upstream version 1.14 golang-1.14 (1.14~rc1-1) unstable; urgency=medium * New upstream version 1.14~rc1 - Fixes CVE-2020-7919 * Add Breaks: dh-golang (<< 1.43~) to golang-go. Thanks to Pirate Praveen <praveen@onenetbeyond.org> * Update upstream's signing key * Add support for riscv64. Thanks to Aurelien Jarno <aurel32@debian.org> (Closes: #950517) golang-1.14 (1.14~beta1-2) unstable; urgency=medium * Source-only upload. * Add two more lintian overrides for testdata golang-1.14 (1.14~beta1-1) unstable; urgency=medium * New upstream major version. golang-1.13 (1.13.5-1) unstable; urgency=medium * New upstream version 1.13.5 golang-1.13 (1.13.4-1) unstable; urgency=medium * New upstream version 1.13.4 - Refresh patches golang-1.13 (1.13.3-1) unstable; urgency=medium * New upstream version 1.13.3 - Refresh patch - crypto/dsa: invalid public key causes panic in dsa.Verify. Fixes CVE-2019-17596. Closes: #942628 * Update Standards-Version to 4.4.1, no changes needed golang-1.13 (1.13.1-1) unstable; urgency=medium * New upstream version 1.13.1 - net/textproto: don't normalize headers with spaces before the colon. Fixes CVE-2019-16276. See golang/go#34541 and Debian bug #941173 golang-1.13 (1.13-1) unstable; urgency=medium * New upstream version 1.13 - Refresh patch * Set pristine-tar for gbp to False golang-1.13 (1.13~rc2-1) unstable; urgency=medium * New upstream version 1.13~rc2 - Remove patch for CVE-2019-9512 and CVE-2019-9514, has been applied upstream golang-1.13 (1.13~rc1-2) unstable; urgency=medium * Exclude testdata from dh_makeshlibs. Otherwise, the build fails at least on armel and armhf. * Apply changes from cme fix dpkg * Set Rules-Requires-Root: no golang-1.13 (1.13~rc1-1) unstable; urgency=medium * New upstream version 1.13~rc1 - Remove patch for CVE-2019-14809, has been applied upstream * Use dh_missing instead of deprecated dh_install --fail-missing * Do not run dh_dwz, there is no debugging information * Use debhelper-compat (= 12) golang-1.13 (1.13~beta1-3) unstable; urgency=high * Fix Denial of Service vulnerabilities in the HTTP/2 implementation. golang/go#33631 CVE-2019-9512, CVE-2019-9514. Closes: #934955 * Fix multiple Parsing Issues in URL.Parse golang/go#29098 CVE-2019-14809. Closes: #934954 golang-1.13 (1.13~beta1-2) unstable; urgency=medium * Set GOCACHE to fix a FTBFS. (See bug #933958) golang-1.13 (1.13~beta1-1) unstable; urgency=medium * New upstream major version. - Remove Reproducible-BUILD_PATH_PREFIX_MAP.patch. This patch is finally no longer needed with Go 1.13. Upstream has implemented a new flag "-trimpath" for the command "go build" which either strips the path or replaces it in the resulting binaries. References: golang/go#16860 https://go-review.googlesource.com/c/go/+/173345/ https://go-review.googlesource.com/c/go/+/173344/ - Remove arm64-arm64asm-recognise-new-ssbb-pssbb-mnemonics-fr.patch. This patch has been cherry-picked from upstream and is now included. - Refresh remaining patches - Fix lintian warning: make scripts executable * Switch to debhelper-compat, but stay at v11 for now golang-1.12 (1.12.7-1) unstable; urgency=medium * New upstream version 1.12.7 - Refresh patches * Update Standards-Version to 4.4.0, no changes needed golang-1.12 (1.12.5-1) unstable; urgency=medium * New upstream version 1.12.5 golang-1.12 (1.12.4-1) unstable; urgency=medium [ Anthony Fok ] * Add /usr/lib/go-X.Y/{api,misc} symlinks. For example, programs such as https://github.com/vugu/vugu and documentation such as https://github.com/golang/go/wiki/WebAssembly expect to find wasm_exec.js at "$(go env GOROOT)/misc/wasm/wasm_exec.js". [ Dr. Tobias Quathamer ] * New upstream version 1.12.4 * Add five lintian overrides for false positives golang-1.12 (1.12.1-1) unstable; urgency=medium * New upstream version 1.12.1 * Use upstream signing key for tarball verification golang-1.12 (1.12-1) unstable; urgency=medium * New upstream version 1.12 - Remove patch 0005-Fix-CVE-2019-6486, applied upstream golang-1.12 (1.12~beta2-2) unstable; urgency=medium * Refresh patch Reproducible BUILD_PATH_PREFIX_MAP. Thanks to Michael Stapelberg! * Add patch to fix CVE-2019-6486. (Closes: #920548) golang-1.12 (1.12~beta2-1) unstable; urgency=medium * New upstream version 1.12~beta2 - Remove two patches, applied upstream. Refresh remaining patch. golang-1.12 (1.12~beta1-4) unstable; urgency=medium * Switch watch file to version 4 * Update d/copyright golang-1.12 (1.12~beta1-3) unstable; urgency=medium [ Anthony Fok ] * Add patch "unix: fix Fstatat by using fillStat_t on linux/mips64x" This fixes the "Fstatat: returned stat does not match Stat/Lstat" errors detected by TestFstatat. See https://go-review.googlesource.com/c/sys/+/155747 [ Dr. Tobias Quathamer ] * Add another lintian override golang-1.12 (1.12~beta1-2) unstable; urgency=medium [ Anthony Fok ] * Add patch "cmd/compile: fix MIPS SGTconst-with-shift rules" by Cherry Zhang. This fixes the root problem behind the "slice bounds out of range" build error seen in 1.11.4 on mips and mipsel architectures. See https://go-review.googlesource.com/c/go/+/155798 * Bump Standards-Version to 4.3.0 (no change) [ Dr. Tobias Quathamer ] * Do not compress favicon.ico. Thanks to Dato Simó <dato@debian.org> (Closes: #917132) golang-1.12 (1.12~beta1-1) unstable; urgency=medium * New upstream major version. - Refresh patches - Add new patch to disable test for UserHomeDir * Switch team address to tracker.d.o * Add another lintian override for a false positive golang-1.11 (1.11.4-1) unstable; urgency=medium * New upstream version 1.11.4 * Make lintian override agnostic of golang version golang-1.11 (1.11.3-1) unstable; urgency=medium * New upstream version 1.11.3 - Refresh patches * Update gbp.conf to new style syntax * Suggest brz as alternative to bzr; it provides the same command-line API. * Add myself to Uploaders golang-1.11 (1.11.2-2) unstable; urgency=medium * d/patches/arm64-arm64asm-recognise-new-ssbb-pssbb-mnemonics-fr.patch: backport workaround for objdump's support of newer mnemonics on arm64. golang-1.11 (1.11.2-1) unstable; urgency=medium * Team upload. [ Michael Hudson-Doyle ] * New upstream major version. * Update debhelper compat level to 11. * Remove GOCACHE files after running tests. * Stop dh_strip_nondeterminism from looking at testdata directories. [ Dr. Tobias Quathamer ] * Build-Depend on debhelper v11 * Override two false positive Lintian errors (missing depends on sensible-utils) * Add Lintian overrides for testdata * Include /usr/share/dpkg/architecture.mk for DEB_HOST_ARCH * Refresh patch for new upstream version * Fix Lintian warnings about wrong interpreter path * Make two scripts executable which have been missed by upstream * Remove three unneeded lintian overrides * Use HTTPS URL for d/watch * Update to Standards-Version 4.2.1 - Use HTTPS for d/copyright * Update d/copyright golang-1.10 (1.10.3-1) unstable; urgency=medium * New upstream version 1.10.3 * Restore changelog entry for 1.10.1-3, and fix that for 1.10.2-1, oops. golang-1.10 (1.10.2-1) unstable; urgency=medium * New upstream version 1.10.2. - d/patches/0003-Backport_nopie_fix.patch: removed, now included upstream. - d/patches/0004-Backport_mips_octeon3_fp_fix.patch: removed, also included upstream. golang-1.10 (1.10.1-3) unstable; urgency=high * Team upload. [ Michael Hudson-Doyle ] * Install the 'misc' and 'api' directories as part of the golang-1.10-src package as some tools (vgo, go tool trace) expect them to be there. (Closes: 894992¸ LP: #1743598) [ Martín Ferrari ] * Backport fix for FP bug in mips/Octeon III. Closes: #892088. Raising severity. golang-1.10 (1.10.1-2) unstable; urgency=medium * Team upload. * Backport patch that fixes FTBFS in arm64. * debian/copyright: Update attribution. * debian/source: Update lintian-overrides. golang-1.10 (1.10.1-1) unstable; urgency=medium * New upstream version 1.10.1. * d/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch: update patch tags to reference upstream discussion of this topic. * d/control, d/control.in: Update Vcs-* to point to salsa. golang-1.10 (1.10-1) unstable; urgency=medium * New upstream version 1.10 golang-1.10 (1.10~rc2-1) unstable; urgency=medium * New upstream version, fixing CVE-2018-6574. * d/patches/0001-os-signal-skip-TestTerminalSignal-if-posix_openpt-fa.patch, d/patches/0003-cmd-vendor-github.com-google-pprof-cherry-pick-fix-t.patch, d/patches/0004-cmd-link-internal-loadelf-fix-logic-for-computing-EL.patch: removed, now included upstream. golang-1.10 (1.10~rc1-2) unstable; urgency=medium * d/patches/0004-cmd-link-internal-loadelf-fix-logic-for-computing-EL.patch: Backport from upstream to fix build issues on armhf (causes ftbfs on Ubuntu but not Debian for some reason, but could produce broken binaries on Debian too). golang-1.10 (1.10~rc1-1) unstable; urgency=medium * New upstream version 1.10~rc1. * d/patches/0004-cmd-dist-use-buildmode-pie-for-pie-testing.patch, d/patches/0006-misc-cgo-testcarchive-use-no-pie-where-needed.patch, d/patches/0003-Do-not-use-SP-as-index-reg.patch: removed, included upstream. * d/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch: refreshed. * d/patches/0001-os-signal-skip-TestTerminalSignal-if-posix_openpt-fa.patch: Add to fix test failure in chroot. * d/patches/0003-cmd-vendor-github.com-google-pprof-cherry-pick-fix-t.patch: Add to fix test failure when $HOME is not writable. * d/rules: Set GOCACHE to "off" during build to avoid shipping cache files. golang-1.9 (1.9.2-4) unstable; urgency=medium * Enable building on mips, mipsel and mips64. (Closes: 879764) golang-1.9 (1.9.2-3) unstable; urgency=medium * Remove workaround for now fixed debhelper bug #879762 * Backport three patches from upstream to fix ftbfs on ppc64el with new kernel. golang-1.9 (1.9.2-2) unstable; urgency=medium [ Martín Ferrari ] * Add debian/patches/0003-Do-not-use-SP-as-index-reg.patch (Closes: #877541) golang-1.9 (1.9.2-1) unstable; urgency=medium * New upstream version 1.9.2 * Work around debhelper bug #879762 golang-1.9 (1.9.1-2) unstable; urgency=medium * Update debian/copyright (Closes: #873740) golang-1.9 (1.9.1-1) unstable; urgency=medium * New upstream release. * Use my @debian.org address in Uploaders. golang-1.9 (1.9-1) unstable; urgency=medium [ Michael Hudson-Doyle ] * New upstream release. * Suppress some new lintian errors in golang-1.9-src. [ Michael Stapelberg ] * Add debian/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch golang-1.8 (1.8.3-1) unstable; urgency=medium * New upstream release. (Closes: 863292, 863307) golang-1.8 (1.8.1-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~rc3-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~rc2-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~rc1-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~beta2-1) unstable; urgency=medium * New upstream release. golang-1.8 (1.8~beta1-1) unstable; urgency=medium * New upstream release. * Remove d/patches/cl-29995--tzdata-2016g.patch, included upstream. golang-1.7 (1.7.4-1) unstable; urgency=medium * Update to 1.7.4 upstream release (Closes: #846545) - https://groups.google.com/d/topic/golang-announce/2lP5z9i9ySY/discussion - https://golang.org/issue/17965 (potential DoS vector in net/http) - golang/go@go1.7.3...go1.7.4 golang-1.7 (1.7.3-1) unstable; urgency=medium * New upstream release. * Delete d/patches/cl-28850.patch, applied upstream. golang-1.7 (1.7.1-3) unstable; urgency=medium * Backport CL 29995 for tzdata 2016g changes (Closes: #839317) golang-1.7 (1.7.1-2) unstable; urgency=medium * Add upstream patch for s390x FTBFS golang-1.7 (1.7.1-1) unstable; urgency=medium * New upstream release. * Re-enable tests on s390x now that gcc-6 has been fixed in unstable. golang-1.7 (1.7-3) unstable; urgency=medium * Add "s390x" to Architectures golang-1.7 (1.7-2) unstable; urgency=medium * Disable tests on armel. golang-1.7 (1.7-1) unstable; urgency=medium * New upstream release. golang-1.7 (1.7~rc4-1) unstable; urgency=medium * New upstream release. golang-1.7 (1.7~rc3-1) unstable; urgency=medium [ Tianon Gravi ] * Remove outdated README files (README.source and README.Debian) [ Michael Hudson-Doyle ] * New upstream release. * Suppress inaccurate source-is-missing lintian warnings. * Update Standards-Version to 3.9.8 (no changes required). golang-1.7 (1.7~rc2-1) unstable; urgency=medium * Update to 1.7rc2 upstream release. golang-1.7 (1.7~rc1-1) unstable; urgency=medium [ Paul Tagliamonte ] * Use a secure transport for the Vcs-Git and Vcs-Browser URL [ Tianon Gravi ] * Update to 1.7rc1 upstream release (new packages, not used by default; see also src:golang-defaults) * Update Vcs-Git to reference a particular branch golang-1.6 (1.6.2-2) unstable; urgency=medium * Update "golang-any" in "Build-Depends" to fallback to "golang-go | gccgo" (will help with backporting) golang-1.6 (1.6.2-1) unstable; urgency=medium * Update to 1.6.2 upstream release (Closes: #825696) * Build-Depend on golang-any instead of golang-go (Closes: #824421) golang-1.6 (1.6.1-1) unstable; urgency=medium * Build golang version-specific packages (Closes: #818415) * Things that (conceptually at least) move to new golang version independent golang-defaults source package: - Man pages. - Suggesting golang-golang-x-tools. - Breaks/Replace-ing of old golang-go-$GOOS-$GOARCH packages. * Stop using alternatives to manage /usr/bin/go. * sed trickery in debian/rules to support easy changes to new golang versions. golang (2:1.6.1-2) unstable; urgency=medium * Don't strip testdata files, causes build failures on some platforms. golang (2:1.6.1-1) unstable; urgency=medium [ Michael Hudson-Doyle ] * Breaks/Replaces: older golang-golang-x-tools, not Conflicts, to ensure smooth upgrades. * Strip the binaries as it has worked for the last five years or so and upstream sees no reason to disable it. [ Tianon Gravi ] * Update to 1.6.1 upstream release (Closes: #820369) - Fix CVE-2016-3959: infinite loop in several big integer routines golang (2:1.6-1) unstable; urgency=medium * Update to 1.6 upstream release (thanks Hilko!) - change "ar" arguments to quiet spurious warnings while using gccgo (Closes: #807138) - skip multicast listen test (Closes: #814849) - skip userns tests when chrooted (Closes: #807303) - use correct ELF header for armhf binaries (Closes: #734357) - Update debian/rules clean for new location of generated file. [ Michael Hudson-Doyle ] * Respect "nocheck" in DEB_BUILD_OPTIONS while building to skip tests (Closes: #807290) * Trim Build-Depends (Closes: #807299) * Fix several minor debian/copyright issues (Closes: #807304) * Remove inconsistently included race-built packages (Closes: #807294) [ Tianon Gravi ] * Add "-k" to "run.bash" invocation so that we do a full test run every time golang (2:1.5.3-1) unstable; urgency=high * Update to 1.5.3 upstream release - Fix CVE-2015-8618: Carry propagation in Int.Exp Montgomery code in math/big library (Closes: #809168) * Add "Breaks" to properly complement our "Replaces" (Closes: #810595) golang (2:1.5.2-1) unstable; urgency=medium * Update to 1.5.2 upstream release (Closes: #807136) golang (2:1.5.1-4) unstable; urgency=medium * Add Conflicts to force newer golang-go.tools too (Closes: #803559) golang (2:1.5.1-3) unstable; urgency=medium * Remove architecture qualification on golang-go Build-Depend now that golang-go is available for more architectures. golang (2:1.5.1-2) unstable; urgency=medium * Add Conflicts to force newer golang-golang-x-tools (Closes: #802945). golang (2:1.5.1-1) unstable; urgency=medium * Upload to unstable. * Update to 1.5.1 upstream release (see notes from experimental uploads for what's changed). * Skip tests on architectures where the tests fail. golang (2:1.4.3-3) unstable; urgency=medium * Fix FTBFS for non-amd64 architectures due to handling of "-race". golang (2:1.5.1-1~exp2) experimental; urgency=medium * Upload to experimental. * Add arch-qualifiers to "golang-go" build-depends to unblock the buildds (Closes: #800479); thanks Tim! golang (2:1.4.3-2) unstable; urgency=medium * Update Recommends/Suggests, especially to add gcc, etc. * Refactor "debian/rules" to utilize debhelper more effectively, especially for arch vs indep building (mostly backported from the 1.5+ changes), which fixes the "arch:all" FTBFS. golang (2:1.5.1-1~exp1) experimental; urgency=low * Upload to experimental. * Update to 1.5.1 upstream release (Closes: #796150). - Compiler and runtime written entirely in Go. - Concurrent garbage collector. - GOMAXPROCS=runtime.NumCPU() by default. - "internal" packages for all, not just core. - Experimental "vendoring" support. - Cross-compilation no longer requires a complete rebuild of the stdlib in GOROOT, and thus the golang-go-GOHOST-GOARCH packages are removed. * Sync debian/copyright with the Ubuntu delta. (thanks doko!) * Remove patches that no longer apply. * Add more supported arches to "debian/rules" code for detecting appropriate GOARCH/GOHOSTARCH values; thanks mwhudson and tpot! (Closes: #799907) * Refactor "debian/rules" to utilize debhelper more effectively, especially for arch vs indep building. * Move "dpkg-architecture" to "GOOS"/"GOARCH" code into a simple shell script for easier maintenance. golang (2:1.4.3-1) unstable; urgency=medium * New upstream version (https://golang.org/doc/devel/release.html#go1.4.minor) - includes previous CVE and non-CVE security fixes, especially TEMP-0000000-1C4729 golang (2:1.4.2-4) unstable; urgency=high * Apply backported CVE fixes (Closes: #795106). - CVE-2015-5739: Invalid headers are parsed as valid headers - CVE-2015-5740: RFC 7230 3.3.3 4 violation - CVE-2015-5741: other discoveries of security-relevant RFC 7230 violations golang (2:1.4.2-3) unstable; urgency=medium * Add missing "prerm" for our new alternatives (thanks piuparts). golang (2:1.4.2-2) unstable; urgency=medium * Move "go" and "gofmt" into "/usr/lib/go" and use alternatives to provide appropriate symlinks (Closes: #779503, #782301). * Relax "golang-go.tools" relationship to Suggests (from Recommends). * Add "go get" VCS options to Suggests for golang-go (bzr, git, mercurial, subversion). golang (2:1.4.2-1) unstable; urgency=medium * New upstream version (https://golang.org/doc/devel/release.html#go1.4.minor) golang (2:1.4.1-1~exp1) experimental; urgency=low * New upstream version (https://golang.org/doc/go1.4) - all editor support files have been removed from misc/ upstream upstream, so golang-mode, kate-syntax-go, and vim-syntax-go can no longer be provided; see https://github.com/golang/go/wiki/IDEsAndTextEditorPlugins for an upstream-maintained list of potential replacements golang (2:1.3.3-1) unstable; urgency=medium * New upstream version (https://code.google.com/p/go/source/list?name=go1.3.3) - time: removed from tests now obsolete assumption about Australian tz abbreviations - net: temporarily skip TestAcceptIgnoreSomeErrors - runtime: hide cgocallback_gofunc calling cgocallbackg from linker - runtime: fix GOTRACEBACK reading on Windows, Plan 9 - nacltest.bash: unset GOROOT - cmd/5l, cmd/6l, cmd/8l: fix nacl binary corruption bug * Add Paul and myself as uploaders. Many, many thanks to Michael for his work so far on this package (and hopefully more to come). golang (2:1.3.2-1) unstable; urgency=medium * New upstream version golang (2:1.3.1-1) unstable; urgency=medium * New upstream version golang (2:1.3-4) unstable; urgency=medium [ Tianon Gravi ] * update debian/watch for upstream's latest move (Closes: #756415) * backport archive/tar patch to fix PAX headers (Closes: #756416) golang (2:1.3-3) unstable; urgency=medium * don’t depend on emacs23, depend on emacs instead (Closes: #754013) * install include/ in golang-src, VERSION in golang-go (Closes: #693186) golang (2:1.3-2) unstable; urgency=medium * Add /usr/lib/go/test symlink * Build with GO386=387 to favor the 387 floating point unit over sse2 instructions (Closes: #753160) * Add debian/patches/0001-backport-delete-whole-line.patch to fix a deprecation warning about flet in the emacs part of golang-mode (Closes: #753607) * Migrate to emacsen >2 (Closes: #753607) * Backport two patches to improve archive/tar performance (for docker): debian/patches/0002-archive-tar-reuse-temporary-buffer-in-writeHeader.patch debian/patches/0003-archive-tar-reuse-temporary-buffer-in-readHeader.patch golang (2:1.3-1) unstable; urgency=medium * New upstream version. * Drop patches merged upstream: - debian/patches/add-tar-xattr-support.patch - debian/patches/add-tar-xattr-support.patch * Fix debian/watch (Thanks Tianon) (Closes: #748290) * Remove dangling symlink /usr/lib/go/lib/godoc (Closes: #747968) golang (2:1.2.1-2) unstable; urgency=low * Re-apply debian/patches/add-tar-xattr-support.patch which got lost when uploading 1.2.1-1; sorry about that. golang (2:1.2.1-1) unstable; urgency=low * New upstream release. golang (2:1.2-3) unstable; urgency=low * add debian/patches/add-tar-xattr-support.patch to have xattr support in tar (cherry-picked from upstream) (Thanks proppy) (Closes: #739586) golang (2:1.2-2) unstable; urgency=low * add patches/add-src-pkg-debug-elf-testdata-hello.patch to provide source for the testdata/ ELF binaries (Closes: #716853) golang (2:1.2-1) unstable; urgency=low * New upstream release. * drop patches/archive-tar-fix-links-and-pax.patch, it is merged upstream * godoc(1) is now in the Debian package golang-go.tools, it was moved into a separate repository by upstream. * move patches/godoc-symlinks.diff to golang-go.tools golang (2:1.1.2-3) unstable; urgency=low * cherry-pick upstream commit: archive-tar-fix-links-and-pax.patch (Closes: #730566) golang (2:1.1.2-2) unstable; urgency=low * Build golang-go-linux-* for each architecture (Thanks James Page) (Closes: #719611) * Update lintian-overrides to override statically-linked-binary and unstripped-binary-or-object for all of golang-go golang (2:1.1.2-1) unstable; urgency=low * New upstream release. * Relicense debian/ under the Go license to match upstream. All copyright holders agreed to this. (Closes: #716907) * golang-mode: don’t install for a number of emacs versions which are not supported upstream (Thanks Kevin Ryde) (Closes: #702511, #717521) golang (2:1.1.1-4) unstable; urgency=low * Disable stripping, it breaks go binaries on some architectures. This drops the golang-dbg package which would be empty now. (Thanks Robie Basak) (Closes: #717172) golang (2:1.1.1-3) unstable; urgency=low * Ship */runtime/cgo.a in golang-go to ensure it is present. It can only be used on the native architecture anyway (cannot be used when cross-compiling), so having it in golang-go-$GOOS-$GOARCH is not necessary. Even worse, since these packages are arch: all, they will be built precisely once, and only the runtime/cgo.a for the buildd’s native arch will be present. (Closes: #715025) golang (2:1.1.1-2) unstable; urgency=low [ James Page ] * Ensure smooth upgrade path from << 2:1.1-2 (Closes: #714838) golang (2:1.1.1-1) unstable; urgency=low * Imported Upstream version 1.1.1 golang (2:1.1-2) unstable; urgency=low [ Ondřej Surý ] * Promote Michael to Maintainer [ Michael Stapelberg ] * Build golang-go-$GOOS-$GOARCH packages for cross-compiling (Closes: #710090) * Build race detector on linux/amd64 (only supported arch) (Closes: #710691) * Switch compression to xz (50% smaller binaries) golang (2:1.1-1) unstable; urgency=low * New upstream release: Go 1.1! * Remove the long obsolete goinstall debconf question and config file. goinstall does not exist anymore since a long time. This also obsoletes the need for any translations (Closes: #685923, #692478) * Emacs go-mode auto-mode-alist entry was fixed upstream (Closes: #670371) golang (2:1.1~hg20130405-1) experimental; urgency=low * Provide a new hg tip snapshot. This includes what was recently released as Go 1.1 beta. golang (2:1.1~hg20130323-1) experimental; urgency=low * Provide a new hg tip snapshot. * Add debian/watch (Closes: #699698) golang (2:1.1~hg20130304-2) experimental; urgency=low * Fix FTBFS of binary-arch only builds (as performed by buildds) caused by 'rm' not finding jquery.js in golang-doc (Thanks Peter Green) golang (2:1.1~hg20130304-1) experimental; urgency=low * Provide a hg tip snapshot (2013-03-04) in Debian experimental. Current hg tip is a good approximation to Go 1.1 and should get some testing within Debian in order to package Go 1.1 well when it is released. Thanks to Andrew Gerrand. golang (2:1.0.2-2) unstable; urgency=low * Add myself to uploaders, as discussed in #683421. * cherry-pick r820ffde8c396 (net/http: non-keepalive connections close successfully) (Closes: #683421) golang (2:1.0.2-1.1) unstable; urgency=low * Non-maintainer upload. (as discussed with Ondřej in #679692) * Fix godoc-symlinks.diff (godoc didn’t find docs) (Closes: #679692) golang (2:1.0.2-1) unstable; urgency=low [ Ondřej Surý ] * Imported Upstream version 1.0.2 * Update Vcs fields to reflect new git repository location * Kill get-orig-source, since 1.0.0, the tarballs can be downloaded from webpage [ Michael Stapelberg ] * golang-mode: use debian-pkg-add-load-path-item (Closes: #664802) * add manpages (Closes: #632964) * Use updated pt.po from Pedro Ribeiro (Closes: #674958) golang (2:1.0.1-1) unstable; urgency=low * Imported Upstream version 1.0.1 * Apply godoc patch to display package list correctly (Closes: #669354) golang (2:1-6) unstable; urgency=low * Merge upstream patch to fix homedir issue (http://code.google.com/p/go/source/detail?r=709120aecee0) * Disable GNU/KFreeBSD build (Closes: #668794) golang (2:1-5) unstable; urgency=low * Rewrite test conditions to make them more readable (and fix the debian/rules to really not check on armel+kfreebsd) * Patch upstream test to not fail on missing home directory golang (2:1-4) unstable; urgency=low * Disable tests on Debian GNU/KFreeBSD, they just hang now (Closes: #668794) * Disable tests on armel, but the invalid instruction needs fixing in upstream * Create fake home directory to pass the os/user test golang (2:1-3) unstable; urgency=high * Use VERSION provided by upstream for packaging purposes * Run tests as a part of a build process * Install full src tree (except pkg/debug) because go command depend on sources available * Install sources without testdata and *_test.go * Remove circular dependency golang-go->golang-doc->golang-go * Make sure that timestamp on installed binaries and libraries is same because go build/install recompiles everything if the go binary has more recent timestamp than libraries (Closes: #668235) + Need to update timestamps at postinst time because already created directories can have time in the past * Fix couple of lintian errors and warnings golang (2:1-2) unstable; urgency=low * Remove preserving of old -tools settings, there are too many options now anyway (Closes: #666007) golang (2:1-1) unstable; urgency=low * New major upstream release Go 1 (Closes: #666942) * Bumb epoch to 2, since 1 < 60 < 2011 (I wonder if next version will be 0 :) * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. (Closes: #663181) * [Debconf translation updates] + Pick existing translations from golang-weekly and do appropriate sed magic to fit golang templates. (Closes: #666884, #666880, #666881) + Dutch; (Jeroen Schot). (Closes: #664598) + Czech (Michal Simunek). (Closes: #665385) + Spanish; (Camaleón). (Closes: #666177) + Danish (Joe Hansen). (Closes: #666526) golang (1:60.3-2) unstable; urgency=low * debconf-gettextize package templates golang (1:60.3-1) unstable; urgency=low * Imported Upstream version 60.3 golang (1:60.2-1) unstable; urgency=low * Imported Upstream version 60.2 golang (1:60.1-1) unstable; urgency=low * Imported Upstream version 60.1 golang (1:60-1) unstable; urgency=low * Imported Upstream version 60 * Save upstream VERSION to the archive * Use GOVERSION as generated by src/version.bash on hg archive time * Add support for goinstall dashboard debconf question in the Debian packaging * Read goinstall dashboard option from debian configuration file * Remove 005-goinstall_dont_call_home_by_default.patch; replaced by configuration option * Fix directory name for upstream archive checkout golang (1:59-1) unstable; urgency=low * Imported Upstream version 59 * Refresh patches to a new release * Fix FTBFS on ARM (Closes: #634270) * Update version.bash to work with Debian packaging and not hg repository golang (1:58.1-2) unstable; urgency=low * Install golang-doc package by default (Recommends from golang-tools, Depends from golang) golang (1:58.1-1) unstable; urgency=low * Imported Upstream version 58.1 golang (1:58-1) unstable; urgency=low * Imported Upstream version 58 + Add NEWS file with upstream API changes * Remove patch to not update standard package, fixed in upstream golang (1:57.2-1) unstable; urgency=low * Imported Upstream version 57.2 * More spelling fixes (Closes: #630660) golang (1:57.1-4) unstable; urgency=low * Description update to have proper articles and capitalization (Closes: #630189) * Add extended description about Go being experimental and that the languager can change between releases golang (1:57.1-3) unstable; urgency=low * Fix "the Google's Go implementation" in extended description (Closes: #627814) * Update Vcs-* links * Install vim ftplugin files into correct directory (Closes: #629844) golang (1:57.1-2) unstable; urgency=low * Bump standards version to 3.9.2 * Capitalize Kate (Closes: #627036) * Import slightly modified patch to be more clear about $GOPATH installs for non-root users * Remove don't install deps patch from goinstall; deprecated by $GOPATH installs golang (1:57.1-1) unstable; urgency=low * Add support for dot-minor releases * Imported Upstream version 57.1 golang (1:57-3) unstable; urgency=low [ Florian Weimer ] * golang-tools: install gofix binary [ Ondřej Surý ] * Add lintian-overrides for gofix binary golang (1:57-2) unstable; urgency=low * Remove weekly code from debian/rules * Add golang meta-package * Don't create tool chain symlinks twice * Make debian/rules more generic for simpler sync between weekly and release branches golang (1:57-1) unstable; urgency=low * Imported Upstream version r57 * Bumped epoch version to 1, to convert from date based versions to release number based version * Allow release to migrate to testing (Closes: #624408) * Add kate and vim syntax highlighting (Closes: #624544) * Add -dbg package with debugging symbols golang (2011.04.27-2) unstable; urgency=low * Fix yet another build failure on kfreebsd (use linux userspace) golang (2011.04.27-1) unstable; urgency=low * Imported Upstream version 2011.04.27 * Update debian/rules to allow pulling weekly upstream releases * Don't remove RUNPATH from binaries; fixed upstream (golang#1527) * Set GOHOSTOS and GOHOSTARCH to match dpkg-architecture variables * Add support for kfreebsd-i386, kfreebsd-amd64, armel and armhf architectures + 006-fix_kfreebsd_build.patch: - Add GNU/KFreeBSD support by replacing all uname calls by $(GOOS) + 007-use_native_dynamic_linker_on_kfreebsd.patch: - Use native kfreebsd dynamic linker (/lib/ld-*.so.1) * Add information about available architectures (Closes: #623877) * Don't strip gotest * Add Depends: golang-go to golang-tools * Add better support for armhf golang (2011.04.13-1) unstable; urgency=low [ Florian Weimer ] * Delete bin directory in clean target * Enable parallel build * golang-src: install source files directly * Use proper symlink targets for architecture-independent toolchain names * Emacs mode: indent keys in struct literals properly [ Ondřej Surý ] * Imported Upstream weekly version 2011.04.13 * Update patches to new weekly release * Add lintian-override for gotest binary golang (2011.03.07.1-1) unstable; urgency=low * Imported Upstream version 2011.03.07.1 * Install to /usr/lib/go * Remove xkcd strip to get rid of CC-NC-BY * Update golang-src.install to new upstream * Remove 002-use_GOROOT_FINAL_in_generated_binaries.patch; merged upstream * Make all .go files no-executable * Update lintian-overrides to include both types of syntax golang (2011.02.15-2) unstable; urgency=low [ Ondřej Surý ] * Add ${misc:Depends} to golang-mode to shutup lintian * Rehaul build system and add golang-src package with .go source files * goinstall: do not automatically install prerequisities * goinstall: don't report to dashboard by default * Add a README.Debian about local modifications to goinstall * Add warning about local modifications also directly to goinstall command [ Florian Weimer ] * Fix syntax error in 004- dont_reinstall_dependencies_in_goinstall.patch golang (2011.02.15-1) unstable; urgency=low [ Obey Arthur Liu ] * Added pkg-google git repo to control file [ Florian Weimer ] * Build golang-mode package [ Ondřej Surý ] * Imported Upstream version 2011.02.15 * Don't compress godoc documentation * Correctly use $GOROOT_FINAL in the build chain * Remove RPATH/RUNPATH from go binaries golang (2011.02.01.1-1) unstable; urgency=low [ Ivan Wong ] * Initial release (Closes: #574371) [ Jonathan Nieder ] * Fill out copyright file * Rewrite debian/rules using dh driver * debian: fix get-orig-source rule * debian: do not install extra files on repeated build * debian: fix reversed ‘if’ * debian: do not leave around stale debian/env.sh+ file * debian: Build-Depends on awk instead of gawk * debian: add run-time dependency on perl * debian: add build-time dependency on perl * debian: fix setting of GOARM on arm * debian: do not compress files in web page * debian: install favicon [ Ondřej Surý ] * Make myself a maintainer * Add patch to allow IPv4 on IPv6 sockets (Courtesy of Florian Weimer) * Use GOROOT_FINAL and change GOBIN to /usr/bin * Get rid of env.sh and wrappers * Add support for building in i386 pbuilder on amd64 architecture * Rename source package to golang to match upstream repository name * Add golang-doc package * Split package into compiler, docs and tools * Don't install quietgcc and hgpatch * Don't generate fake gomake * Update golang-doc package * Export GOHOSTARCH and GOHOSTOS * Disable build time checks * Fail on missed installed files * Revert s{tmp{golang-go{ change in DESTDIR * Relicence debian/ files from versionless GPL to GPL-3 * Move golang-doc to doc section * Add more lintian overrides for Go binaries * Install all 6,8,5 variants of commands * Install golang-* symlinks for 6,8,5* commands * Don't strip govet as well * Remove ${shlibs:Depends} where it doesn't belong * Move more html files to golang-doc package * Remove codereview directory - some python code to deal with mercurial

golang-1.17 (1.17~rc2-0ubuntu1) impish; urgency=medium . * New upstream release candidate. * Refresh patches, dropping two that are merged upstream. * Do not include the now-deleted favicon.ico in golang-1.17-doc. . golang-1.16 (1.16.5-1ubuntu1) impish; urgency=medium . * Merge from Debian unstable. Remaning change: - d/patches/0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch: disable internal linking when dynamically linking and CGO_CFLAGS contains flags that might make host object files that the internal linkers ELF reader does not support. This fixes lots of package builds when LTO is enabled by default via dpkg-buildflags. * d/patches/0007-cmd-link-cmd-cgo-support-flto-in-CFLAGS.patch: backport another patch from upstream to fix some failures seen with LTO. . golang-1.16 (1.16.5-1) unstable; urgency=medium . * Team upload. * New upstream version 1.16.5 + CVE-2021-33195: net: Lookup functions may return invalid host names + CVE-2021-33196: archive/zip: malformed archive may cause panic or memory exhaustion (Closes: #989492) + CVE-2021-33197: net/http/httputil: ReverseProxy forwards Connection headers if first one is empty + CVE-2021-33198: math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range" . golang-1.16 (1.16.4-1) unstable; urgency=medium . * Team upload. * New upstream version 1.16.4 Fix CVE-2021-31525 net/http: ReadRequest can stack overflow due to recursion with very large headers . golang-1.16 (1.16.3-4) unstable; urgency=medium . * Team upload. * Remove bootstrap dir after build. Otherwise tests fail . golang-1.16 (1.16.3-3) unstable; urgency=medium . * Team upload. * Drop mtime hack in postinst and d/rules golang/go#3506 (comment) > Essentially everything involved in this report has been rewritten. > The go command no longer cares about mtimes. * No need to remove src dir in golang-$(GOVER)-go package. It's not installed by golang-X.Y-go.dirs now * Update description and recommended way to use specified version (Closes: #985542) * Rebuild with go1.16. To build with GO386=softfloat, golang/go#44500 * Add Multi-Arch hint * Only build in -arch target again. Move generated source files to golang-1.16-go package * Not force gencontrol in dh_clean. Not needed after the new branch is created. And we need to add some Breaks/Replaces to d/control which should not be in next version * Remove GOCACHE before dh_install. So it is executed when build with nocheck as well . golang-1.16 (1.16.3-2) unstable; urgency=medium . * Team upload. * Also build package in indep target (Closes: #987126) As the -src package moved to arch all, * Build with empty GO386 env on i386 for now. It's no possible to build go1.16 with go1.15 with either GO386=softfloat or GO386=387. We can rebuild go1.16 with go1.16 and GO386=softfloat later. . golang-1.16 (1.16.3-1) unstable; urgency=medium . * Team upload. * New upstream version 1.16.3 Fix CVE-2021-27918 CVE-2021-27919 * Move golang-X.Y-src to arch all. The package doesn't contain arch specific source now. * Update golang-X.Y-doc package description. Most contents are removed by upstream in 1.16, which is moved to x/website repository. And the godoc binary is also shipped in golang-golang-x-tools now. So no longer recommend users to read doc with godoc. These html files can also be read in plain browsers. * Replace dpkg-parsechangelog with dpkg pkg-info.mk * Try to enable tests on armel and ppc64. No comments say why it doesn't work * Remove nocheck detection as debhelper respects it since compat 13 * Remove override_dh_missing as fail-missing is default in compat 13 . golang-1.16 (1.16.2-0ubuntu1) hirsute; urgency=medium . * New upstream version. . golang-1.16 (1.16.1-0ubuntu1) hirsute; urgency=medium . * New upstream version. . golang-1.16 (1.16-1) unstable; urgency=medium . * New upstream version 1.16 * debian/control{.in,}: Change Section from devel to golang * Add myself to Uploaders . golang-1.16 (1.16-0ubuntu1) hirsute; urgency=medium . * New upstream version. * d/patches/0001-cmd-link-check-CGO_CFLAGS-for-non-g-I-O-options-befo.patch: disable internal linking when dynamically linking and CGO_CFLAGS contains flags that might make host object files that the internal linkers ELF reader does not support. This fixes lots of package builds when LTO is enabled by default via dpkg-buildflags. . golang-1.16 (1.16~rc1-1) unstable; urgency=medium . * Team upload. * New upstream major version. - Drop 0004-cmd-dist-fix-build-failure-of-misc-cgo-test-on-arm64.patch which was replaced by https://go-review.googlesource.com/c/go/+/262357/ and cherry-picked as b3f7f60 for go1.16 upstream - Refresh remaining patches * Update Standards-Version to 4.5.1, no changes needed . golang-1.15 (1.15.8-1) unstable; urgency=medium . * Team upload. * New upstream version 1.15.8 * Skip userns tests in schroot. When schroot is using overlayfs, it fails to detect it as chroot. . golang-1.15 (1.15.7-1) unstable; urgency=medium . * Team upload. * New upstream version 1.15.7 + crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 . golang-1.15 (1.15.6-1) unstable; urgency=medium . * Team upload. . [ Balint Reczey ] * cmd/dist: increase default timeout scale for arm (LP: #1893640) . [ Shengjing Zhu ] * New upstream version 1.15.6 * Drop CGO_LDFLAGS patch, fixed in go1.15.6 . golang-1.15 (1.15.5-2) unstable; urgency=medium . * Team upload. * Backport patch to fix usability regression in go1.15.5 cmd/go: allow flags in CGO_LDFLAGS environment variable not in security allowlist golang/go#42567 . golang-1.15 (1.15.5-1) unstable; urgency=medium . * New upstream version 1.15.5. . golang-1.15 (1.15.4-1) unstable; urgency=medium . * New upstream version 1.15.4. . golang-1.15 (1.15.2-1) unstable; urgency=medium . * New upstream version 1.15.2. . golang-1.15 (1.15-2) unstable; urgency=medium . * Team upload. * Backport fix for arm64 cgo test https://go-review.googlesource.com/c/go/+/237858 . golang-1.15 (1.15-1) unstable; urgency=medium . * New upstream version 1.15 . golang-1.15 (1.15~rc2-1) unstable; urgency=medium . * New upstream version 1.15~rc2 - encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs. CVE-2020-16845 . golang-1.15 (1.15~rc1-1) unstable; urgency=medium . [ Shengjing Zhu ] * Backport patches to fix the FPU ABI problems for mips32 https://go-review.googlesource.com/c/go/+/237058/ . [ Dr. Tobias Quathamer ] * New upstream version 1.15~rc1 - Refresh patches - net/http: Expect 100-continue panics in httputil.ReverseProxy. See golang/go#34902, fixes CVE-2020-15586 . golang-1.15 (1.15~beta1-2) unstable; urgency=medium . * Source-only upload. . golang-1.15 (1.15~beta1-1) unstable; urgency=medium . * New upstream major version. - Drop patch to fix FTBFS on $HOME managed with git, has been applied upstream. - Refresh remaining patches . golang-1.14 (1.14.4-1) unstable; urgency=medium . * New upstream version 1.14.4 - Refresh patches . golang-1.14 (1.14.3-2) unstable; urgency=medium . * Increase the test timeout that made some builds succeed there on slow hardware (such as emulated riscv64). Thanks to Gianfranco Costamagna (Closes: #960759) . golang-1.14 (1.14.3-1) unstable; urgency=medium . * New upstream version 1.14.3 * Use debhelper v13 . golang-1.14 (1.14.2-1) unstable; urgency=medium . * New upstream version 1.14.2 . golang-1.14 (1.14.1-1) unstable; urgency=medium . * New upstream version 1.14.1 - Add new patch to fix FTBFS on $HOME managed with git. Thanks to Guillem Jover <gjover@sipwise.com> (Closes: #953276) . golang-1.14 (1.14-2) unstable; urgency=medium . * Fix FTBFS if built twice in a row. Some paths of autogenerated files have been changed upstream, so that the removal of those files after the build did no longer succeed. Thanks to Guillem Jover (Closes: #953277) * Update Standards-Version to 4.5.0, no changes needed . golang-1.14 (1.14-1) unstable; urgency=medium . * New upstream version 1.14 . golang-1.14 (1.14~rc1-1) unstable; urgency=medium . * New upstream version 1.14~rc1 - Fixes CVE-2020-7919 * Add Breaks: dh-golang (<< 1.43~) to golang-go. Thanks to Pirate Praveen <praveen@onenetbeyond.org> * Update upstream's signing key * Add support for riscv64. Thanks to Aurelien Jarno <aurel32@debian.org> (Closes: #950517) . golang-1.14 (1.14~beta1-2) unstable; urgency=medium . * Source-only upload. * Add two more lintian overrides for testdata . golang-1.14 (1.14~beta1-1) unstable; urgency=medium . * New upstream major version. . golang-1.13 (1.13.5-1) unstable; urgency=medium . * New upstream version 1.13.5 . golang-1.13 (1.13.4-1) unstable; urgency=medium . * New upstream version 1.13.4 - Refresh patches . golang-1.13 (1.13.3-1) unstable; urgency=medium . * New upstream version 1.13.3 - Refresh patch - crypto/dsa: invalid public key causes panic in dsa.Verify. Fixes CVE-2019-17596. Closes: #942628 * Update Standards-Version to 4.4.1, no changes needed . golang-1.13 (1.13.1-1) unstable; urgency=medium . * New upstream version 1.13.1 - net/textproto: don't normalize headers with spaces before the colon. Fixes CVE-2019-16276. See golang/go#34541 and Debian bug #941173 . golang-1.13 (1.13-1) unstable; urgency=medium . * New upstream version 1.13 - Refresh patch * Set pristine-tar for gbp to False . golang-1.13 (1.13~rc2-1) unstable; urgency=medium . * New upstream version 1.13~rc2 - Remove patch for CVE-2019-9512 and CVE-2019-9514, has been applied upstream . golang-1.13 (1.13~rc1-2) unstable; urgency=medium . * Exclude testdata from dh_makeshlibs. Otherwise, the build fails at least on armel and armhf. * Apply changes from cme fix dpkg * Set Rules-Requires-Root: no . golang-1.13 (1.13~rc1-1) unstable; urgency=medium . * New upstream version 1.13~rc1 - Remove patch for CVE-2019-14809, has been applied upstream * Use dh_missing instead of deprecated dh_install --fail-missing * Do not run dh_dwz, there is no debugging information * Use debhelper-compat (= 12) . golang-1.13 (1.13~beta1-3) unstable; urgency=high . * Fix Denial of Service vulnerabilities in the HTTP/2 implementation. golang/go#33631 CVE-2019-9512, CVE-2019-9514. Closes: #934955 * Fix multiple Parsing Issues in URL.Parse golang/go#29098 CVE-2019-14809. Closes: #934954 . golang-1.13 (1.13~beta1-2) unstable; urgency=medium . * Set GOCACHE to fix a FTBFS. (See bug #933958) . golang-1.13 (1.13~beta1-1) unstable; urgency=medium . * New upstream major version. - Remove Reproducible-BUILD_PATH_PREFIX_MAP.patch. This patch is finally no longer needed with Go 1.13. Upstream has implemented a new flag "-trimpath" for the command "go build" which either strips the path or replaces it in the resulting binaries. References: golang/go#16860 https://go-review.googlesource.com/c/go/+/173345/ https://go-review.googlesource.com/c/go/+/173344/ - Remove arm64-arm64asm-recognise-new-ssbb-pssbb-mnemonics-fr.patch. This patch has been cherry-picked from upstream and is now included. - Refresh remaining patches - Fix lintian warning: make scripts executable * Switch to debhelper-compat, but stay at v11 for now . golang-1.12 (1.12.7-1) unstable; urgency=medium . * New upstream version 1.12.7 - Refresh patches * Update Standards-Version to 4.4.0, no changes needed . golang-1.12 (1.12.5-1) unstable; urgency=medium . * New upstream version 1.12.5 . golang-1.12 (1.12.4-1) unstable; urgency=medium . [ Anthony Fok ] * Add /usr/lib/go-X.Y/{api,misc} symlinks. For example, programs such as https://github.com/vugu/vugu and documentation such as https://github.com/golang/go/wiki/WebAssembly expect to find wasm_exec.js at "$(go env GOROOT)/misc/wasm/wasm_exec.js". . [ Dr. Tobias Quathamer ] * New upstream version 1.12.4 * Add five lintian overrides for false positives . golang-1.12 (1.12.1-1) unstable; urgency=medium . * New upstream version 1.12.1 * Use upstream signing key for tarball verification . golang-1.12 (1.12-1) unstable; urgency=medium . * New upstream version 1.12 - Remove patch 0005-Fix-CVE-2019-6486, applied upstream . golang-1.12 (1.12~beta2-2) unstable; urgency=medium . * Refresh patch Reproducible BUILD_PATH_PREFIX_MAP. Thanks to Michael Stapelberg! * Add patch to fix CVE-2019-6486. (Closes: #920548) . golang-1.12 (1.12~beta2-1) unstable; urgency=medium . * New upstream version 1.12~beta2 - Remove two patches, applied upstream. Refresh remaining patch. . golang-1.12 (1.12~beta1-4) unstable; urgency=medium . * Switch watch file to version 4 * Update d/copyright . golang-1.12 (1.12~beta1-3) unstable; urgency=medium . [ Anthony Fok ] * Add patch "unix: fix Fstatat by using fillStat_t on linux/mips64x" This fixes the "Fstatat: returned stat does not match Stat/Lstat" errors detected by TestFstatat. See https://go-review.googlesource.com/c/sys/+/155747 . [ Dr. Tobias Quathamer ] * Add another lintian override . golang-1.12 (1.12~beta1-2) unstable; urgency=medium . [ Anthony Fok ] * Add patch "cmd/compile: fix MIPS SGTconst-with-shift rules" by Cherry Zhang. This fixes the root problem behind the "slice bounds out of range" build error seen in 1.11.4 on mips and mipsel architectures. See https://go-review.googlesource.com/c/go/+/155798 * Bump Standards-Version to 4.3.0 (no change) . [ Dr. Tobias Quathamer ] * Do not compress favicon.ico. Thanks to Dato Simó <dato@debian.org> (Closes: #917132) . golang-1.12 (1.12~beta1-1) unstable; urgency=medium . * New upstream major version. - Refresh patches - Add new patch to disable test for UserHomeDir * Switch team address to tracker.d.o * Add another lintian override for a false positive . golang-1.11 (1.11.4-1) unstable; urgency=medium . * New upstream version 1.11.4 * Make lintian override agnostic of golang version . golang-1.11 (1.11.3-1) unstable; urgency=medium . * New upstream version 1.11.3 - Refresh patches * Update gbp.conf to new style syntax * Suggest brz as alternative to bzr; it provides the same command-line API. * Add myself to Uploaders . golang-1.11 (1.11.2-2) unstable; urgency=medium . * d/patches/arm64-arm64asm-recognise-new-ssbb-pssbb-mnemonics-fr.patch: backport workaround for objdump's support of newer mnemonics on arm64. . golang-1.11 (1.11.2-1) unstable; urgency=medium . * Team upload. . [ Michael Hudson-Doyle ] * New upstream major version. * Update debhelper compat level to 11. * Remove GOCACHE files after running tests. * Stop dh_strip_nondeterminism from looking at testdata directories. . [ Dr. Tobias Quathamer ] * Build-Depend on debhelper v11 * Override two false positive Lintian errors (missing depends on sensible-utils) * Add Lintian overrides for testdata * Include /usr/share/dpkg/architecture.mk for DEB_HOST_ARCH * Refresh patch for new upstream version * Fix Lintian warnings about wrong interpreter path * Make two scripts executable which have been missed by upstream * Remove three unneeded lintian overrides * Use HTTPS URL for d/watch * Update to Standards-Version 4.2.1 - Use HTTPS for d/copyright * Update d/copyright . golang-1.10 (1.10.3-1) unstable; urgency=medium . * New upstream version 1.10.3 * Restore changelog entry for 1.10.1-3, and fix that for 1.10.2-1, oops. . golang-1.10 (1.10.2-1) unstable; urgency=medium . * New upstream version 1.10.2. - d/patches/0003-Backport_nopie_fix.patch: removed, now included upstream. - d/patches/0004-Backport_mips_octeon3_fp_fix.patch: removed, also included upstream. . golang-1.10 (1.10.1-3) unstable; urgency=high . * Team upload. . [ Michael Hudson-Doyle ] * Install the 'misc' and 'api' directories as part of the golang-1.10-src package as some tools (vgo, go tool trace) expect them to be there. (Closes: 894992¸ LP: #1743598) . [ Martín Ferrari ] * Backport fix for FP bug in mips/Octeon III. Closes: #892088. Raising severity. . golang-1.10 (1.10.1-2) unstable; urgency=medium . * Team upload. * Backport patch that fixes FTBFS in arm64. * debian/copyright: Update attribution. * debian/source: Update lintian-overrides. . golang-1.10 (1.10.1-1) unstable; urgency=medium . * New upstream version 1.10.1. * d/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch: update patch tags to reference upstream discussion of this topic. * d/control, d/control.in: Update Vcs-* to point to salsa. . golang-1.10 (1.10-1) unstable; urgency=medium . * New upstream version 1.10 . golang-1.10 (1.10~rc2-1) unstable; urgency=medium . * New upstream version, fixing CVE-2018-6574. * d/patches/0001-os-signal-skip-TestTerminalSignal-if-posix_openpt-fa.patch, d/patches/0003-cmd-vendor-github.com-google-pprof-cherry-pick-fix-t.patch, d/patches/0004-cmd-link-internal-loadelf-fix-logic-for-computing-EL.patch: removed, now included upstream. . golang-1.10 (1.10~rc1-2) unstable; urgency=medium . * d/patches/0004-cmd-link-internal-loadelf-fix-logic-for-computing-EL.patch: Backport from upstream to fix build issues on armhf (causes ftbfs on Ubuntu but not Debian for some reason, but could produce broken binaries on Debian too). . golang-1.10 (1.10~rc1-1) unstable; urgency=medium . * New upstream version 1.10~rc1. * d/patches/0004-cmd-dist-use-buildmode-pie-for-pie-testing.patch, d/patches/0006-misc-cgo-testcarchive-use-no-pie-where-needed.patch, d/patches/0003-Do-not-use-SP-as-index-reg.patch: removed, included upstream. * d/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch: refreshed. * d/patches/0001-os-signal-skip-TestTerminalSignal-if-posix_openpt-fa.patch: Add to fix test failure in chroot. * d/patches/0003-cmd-vendor-github.com-google-pprof-cherry-pick-fix-t.patch: Add to fix test failure when $HOME is not writable. * d/rules: Set GOCACHE to "off" during build to avoid shipping cache files. . golang-1.9 (1.9.2-4) unstable; urgency=medium . * Enable building on mips, mipsel and mips64. (Closes: 879764) . golang-1.9 (1.9.2-3) unstable; urgency=medium . * Remove workaround for now fixed debhelper bug #879762 * Backport three patches from upstream to fix ftbfs on ppc64el with new kernel. . golang-1.9 (1.9.2-2) unstable; urgency=medium . [ Martín Ferrari ] * Add debian/patches/0003-Do-not-use-SP-as-index-reg.patch (Closes: #877541) . golang-1.9 (1.9.2-1) unstable; urgency=medium . * New upstream version 1.9.2 * Work around debhelper bug #879762 . golang-1.9 (1.9.1-2) unstable; urgency=medium . * Update debian/copyright (Closes: #873740) . golang-1.9 (1.9.1-1) unstable; urgency=medium . * New upstream release. * Use my @debian.org address in Uploaders. . golang-1.9 (1.9-1) unstable; urgency=medium . [ Michael Hudson-Doyle ] * New upstream release. * Suppress some new lintian errors in golang-1.9-src. . [ Michael Stapelberg ] * Add debian/patches/0002-reproducible-BUILD_PATH_PREFIX_MAP.patch . golang-1.8 (1.8.3-1) unstable; urgency=medium . * New upstream release. (Closes: 863292, 863307) . golang-1.8 (1.8.1-1) unstable; urgency=medium . * New upstream release. . golang-1.8 (1.8-1) unstable; urgency=medium . * New upstream release. . golang-1.8 (1.8~rc3-1) unstable; urgency=medium . * New upstream release. . golang-1.8 (1.8~rc2-1) unstable; urgency=medium . * New upstream release. . golang-1.8 (1.8~rc1-1) unstable; urgency=medium . * New upstream release. . golang-1.8 (1.8~beta2-1) unstable; urgency=medium . * New upstream release. . golang-1.8 (1.8~beta1-1) unstable; urgency=medium . * New upstream release. * Remove d/patches/cl-29995--tzdata-2016g.patch, included upstream. . golang-1.7 (1.7.4-1) unstable; urgency=medium . * Update to 1.7.4 upstream release (Closes: #846545) - https://groups.google.com/d/topic/golang-announce/2lP5z9i9ySY/discussion - https://golang.org/issue/17965 (potential DoS vector in net/http) - golang/go@go1.7.3...go1.7.4 . golang-1.7 (1.7.3-1) unstable; urgency=medium . * New upstream release. * Delete d/patches/cl-28850.patch, applied upstream. . golang-1.7 (1.7.1-3) unstable; urgency=medium . * Backport CL 29995 for tzdata 2016g changes (Closes: #839317) . golang-1.7 (1.7.1-2) unstable; urgency=medium . * Add upstream patch for s390x FTBFS . golang-1.7 (1.7.1-1) unstable; urgency=medium . * New upstream release. * Re-enable tests on s390x now that gcc-6 has been fixed in unstable. . golang-1.7 (1.7-3) unstable; urgency=medium . * Add "s390x" to Architectures . golang-1.7 (1.7-2) unstable; urgency=medium . * Disable tests on armel. . golang-1.7 (1.7-1) unstable; urgency=medium . * New upstream release. . golang-1.7 (1.7~rc4-1) unstable; urgency=medium . * New upstream release. . golang-1.7 (1.7~rc3-1) unstable; urgency=medium . [ Tianon Gravi ] * Remove outdated README files (README.source and README.Debian) . [ Michael Hudson-Doyle ] * New upstream release. * Suppress inaccurate source-is-missing lintian warnings. * Update Standards-Version to 3.9.8 (no changes required). . golang-1.7 (1.7~rc2-1) unstable; urgency=medium . * Update to 1.7rc2 upstream release. . golang-1.7 (1.7~rc1-1) unstable; urgency=medium . [ Paul Tagliamonte ] * Use a secure transport for the Vcs-Git and Vcs-Browser URL . [ Tianon Gravi ] * Update to 1.7rc1 upstream release (new packages, not used by default; see also src:golang-defaults) * Update Vcs-Git to reference a particular branch . golang-1.6 (1.6.2-2) unstable; urgency=medium . * Update "golang-any" in "Build-Depends" to fallback to "golang-go | gccgo" (will help with backporting) . golang-1.6 (1.6.2-1) unstable; urgency=medium . * Update to 1.6.2 upstream release (Closes: #825696) * Build-Depend on golang-any instead of golang-go (Closes: #824421) . golang-1.6 (1.6.1-1) unstable; urgency=medium . * Build golang version-specific packages (Closes: #818415) * Things that (conceptually at least) move to new golang version independent golang-defaults source package: - Man pages. - Suggesting golang-golang-x-tools. - Breaks/Replace-ing of old golang-go-$GOOS-$GOARCH packages. * Stop using alternatives to manage /usr/bin/go. * sed trickery in debian/rules to support easy changes to new golang versions. . golang (2:1.6.1-2) unstable; urgency=medium . * Don't strip testdata files, causes build failures on some platforms. . golang (2:1.6.1-1) unstable; urgency=medium . [ Michael Hudson-Doyle ] * Breaks/Replaces: older golang-golang-x-tools, not Conflicts, to ensure smooth upgrades. * Strip the binaries as it has worked for the last five years or so and upstream sees no reason to disable it. . [ Tianon Gravi ] * Update to 1.6.1 upstream release (Closes: #820369) - Fix CVE-2016-3959: infinite loop in several big integer routines . golang (2:1.6-1) unstable; urgency=medium . * Update to 1.6 upstream release (thanks Hilko!) - change "ar" arguments to quiet spurious warnings while using gccgo (Closes: #807138) - skip multicast listen test (Closes: #814849) - skip userns tests when chrooted (Closes: #807303) - use correct ELF header for armhf binaries (Closes: #734357) - Update debian/rules clean for new location of generated file. . [ Michael Hudson-Doyle ] * Respect "nocheck" in DEB_BUILD_OPTIONS while building to skip tests (Closes: #807290) * Trim Build-Depends (Closes: #807299) * Fix several minor debian/copyright issues (Closes: #807304) * Remove inconsistently included race-built packages (Closes: #807294) . [ Tianon Gravi ] * Add "-k" to "run.bash" invocation so that we do a full test run every time . golang (2:1.5.3-1) unstable; urgency=high . * Update to 1.5.3 upstream release - Fix CVE-2015-8618: Carry propagation in Int.Exp Montgomery code in math/big library (Closes: #809168) * Add "Breaks" to properly complement our "Replaces" (Closes: #810595) . golang (2:1.5.2-1) unstable; urgency=medium . * Update to 1.5.2 upstream release (Closes: #807136) . golang (2:1.5.1-4) unstable; urgency=medium . * Add Conflicts to force newer golang-go.tools too (Closes: #803559) . golang (2:1.5.1-3) unstable; urgency=medium . * Remove architecture qualification on golang-go Build-Depend now that golang-go is available for more architectures. . golang (2:1.5.1-2) unstable; urgency=medium . * Add Conflicts to force newer golang-golang-x-tools (Closes: #802945). . golang (2:1.5.1-1) unstable; urgency=medium . * Upload to unstable. * Update to 1.5.1 upstream release (see notes from experimental uploads for what's changed). * Skip tests on architectures where the tests fail. . golang (2:1.4.3-3) unstable; urgency=medium . * Fix FTBFS for non-amd64 architectures due to handling of "-race". . golang (2:1.5.1-1~exp2) experimental; urgency=medium . * Upload to experimental. * Add arch-qualifiers to "golang-go" build-depends to unblock the buildds (Closes: #800479); thanks Tim! . golang (2:1.4.3-2) unstable; urgency=medium . * Update Recommends/Suggests, especially to add gcc, etc. * Refactor "debian/rules" to utilize debhelper more effectively, especially for arch vs indep building (mostly backported from the 1.5+ changes), which fixes the "arch:all" FTBFS. . golang (2:1.5.1-1~exp1) experimental; urgency=low . * Upload to experimental. * Update to 1.5.1 upstream release (Closes: #796150). - Compiler and runtime written entirely in Go. - Concurrent garbage collector. - GOMAXPROCS=runtime.NumCPU() by default. - "internal" packages for all, not just core. - Experimental "vendoring" support. - Cross-compilation no longer requires a complete rebuild of the stdlib in GOROOT, and thus the golang-go-GOHOST-GOARCH packages are removed. * Sync debian/copyright with the Ubuntu delta. (thanks doko!) * Remove patches that no longer apply. * Add more supported arches to "debian/rules" code for detecting appropriate GOARCH/GOHOSTARCH values; thanks mwhudson and tpot! (Closes: #799907) * Refactor "debian/rules" to utilize debhelper more effectively, especially for arch vs indep building. * Move "dpkg-architecture" to "GOOS"/"GOARCH" code into a simple shell script for easier maintenance. . golang (2:1.4.3-1) unstable; urgency=medium . * New upstream version (https://golang.org/doc/devel/release.html#go1.4.minor) - includes previous CVE and non-CVE security fixes, especially TEMP-0000000-1C4729 . golang (2:1.4.2-4) unstable; urgency=high . * Apply backported CVE fixes (Closes: #795106). - CVE-2015-5739: Invalid headers are parsed as valid headers - CVE-2015-5740: RFC 7230 3.3.3 4 violation - CVE-2015-5741: other discoveries of security-relevant RFC 7230 violations . golang (2:1.4.2-3) unstable; urgency=medium . * Add missing "prerm" for our new alternatives (thanks piuparts). . golang (2:1.4.2-2) unstable; urgency=medium . * Move "go" and "gofmt" into "/usr/lib/go" and use alternatives to provide appropriate symlinks (Closes: #779503, #782301). * Relax "golang-go.tools" relationship to Suggests (from Recommends). * Add "go get" VCS options to Suggests for golang-go (bzr, git, mercurial, subversion). . golang (2:1.4.2-1) unstable; urgency=medium . * New upstream version (https://golang.org/doc/devel/release.html#go1.4.minor) . golang (2:1.4.1-1~exp1) experimental; urgency=low . * New upstream version (https://golang.org/doc/go1.4) - all editor support files have been removed from misc/ upstream upstream, so golang-mode, kate-syntax-go, and vim-syntax-go can no longer be provided; see https://github.com/golang/go/wiki/IDEsAndTextEditorPlugins for an upstream-maintained list of potential replacements . golang (2:1.3.3-1) unstable; urgency=medium . * New upstream version (https://code.google.com/p/go/source/list?name=go1.3.3) - time: removed from tests now obsolete assumption about Australian tz abbreviations - net: temporarily skip TestAcceptIgnoreSomeErrors - runtime: hide cgocallback_gofunc calling cgocallbackg from linker - runtime: fix GOTRACEBACK reading on Windows, Plan 9 - nacltest.bash: unset GOROOT - cmd/5l, cmd/6l, cmd/8l: fix nacl binary corruption bug * Add Paul and myself as uploaders. Many, many thanks to Michael for his work so far on this package (and hopefully more to come). . golang (2:1.3.2-1) unstable; urgency=medium . * New upstream version . golang (2:1.3.1-1) unstable; urgency=medium . * New upstream version . golang (2:1.3-4) unstable; urgency=medium . [ Tianon Gravi ] * update debian/watch for upstream's latest move (Closes: #756415) * backport archive/tar patch to fix PAX headers (Closes: #756416) . golang (2:1.3-3) unstable; urgency=medium . * don’t depend on emacs23, depend on emacs instead (Closes: #754013) * install include/ in golang-src, VERSION in golang-go (Closes: #693186) . golang (2:1.3-2) unstable; urgency=medium . * Add /usr/lib/go/test symlink * Build with GO386=387 to favor the 387 floating point unit over sse2 instructions (Closes: #753160) * Add debian/patches/0001-backport-delete-whole-line.patch to fix a deprecation warning about flet in the emacs part of golang-mode (Closes: #753607) * Migrate to emacsen >2 (Closes: #753607) * Backport two patches to improve archive/tar performance (for docker): debian/patches/0002-archive-tar-reuse-temporary-buffer-in-writeHeader.patch debian/patches/0003-archive-tar-reuse-temporary-buffer-in-readHeader.patch . golang (2:1.3-1) unstable; urgency=medium . * New upstream version. * Drop patches merged upstream: - debian/patches/add-tar-xattr-support.patch - debian/patches/add-tar-xattr-support.patch * Fix debian/watch (Thanks Tianon) (Closes: #748290) * Remove dangling symlink /usr/lib/go/lib/godoc (Closes: #747968) . golang (2:1.2.1-2) unstable; urgency=low . * Re-apply debian/patches/add-tar-xattr-support.patch which got lost when uploading 1.2.1-1; sorry about that. . golang (2:1.2.1-1) unstable; urgency=low . * New upstream release. . golang (2:1.2-3) unstable; urgency=low . * add debian/patches/add-tar-xattr-support.patch to have xattr support in tar (cherry-picked from upstream) (Thanks proppy) (Closes: #739586) . golang (2:1.2-2) unstable; urgency=low . * add patches/add-src-pkg-debug-elf-testdata-hello.patch to provide source for the testdata/ ELF binaries (Closes: #716853) . golang (2:1.2-1) unstable; urgency=low . * New upstream release. * drop patches/archive-tar-fix-links-and-pax.patch, it is merged upstream * godoc(1) is now in the Debian package golang-go.tools, it was moved into a separate repository by upstream. * move patches/godoc-symlinks.diff to golang-go.tools . golang (2:1.1.2-3) unstable; urgency=low . * cherry-pick upstream commit: archive-tar-fix-links-and-pax.patch (Closes: #730566) . golang (2:1.1.2-2) unstable; urgency=low . * Build golang-go-linux-* for each architecture (Thanks James Page) (Closes: #719611) * Update lintian-overrides to override statically-linked-binary and unstripped-binary-or-object for all of golang-go . golang (2:1.1.2-1) unstable; urgency=low . * New upstream release. * Relicense debian/ under the Go license to match upstream. All copyright holders agreed to this. (Closes: #716907) * golang-mode: don’t install for a number of emacs versions which are not supported upstream (Thanks Kevin Ryde) (Closes: #702511, #717521) . golang (2:1.1.1-4) unstable; urgency=low . * Disable stripping, it breaks go binaries on some architectures. This drops the golang-dbg package which would be empty now. (Thanks Robie Basak) (Closes: #717172) . golang (2:1.1.1-3) unstable; urgency=low . * Ship */runtime/cgo.a in golang-go to ensure it is present. It can only be used on the native architecture anyway (cannot be used when cross-compiling), so having it in golang-go-$GOOS-$GOARCH is not necessary. Even worse, since these packages are arch: all, they will be built precisely once, and only the runtime/cgo.a for the buildd’s native arch will be present. (Closes: #715025) . golang (2:1.1.1-2) unstable; urgency=low . [ James Page ] * Ensure smooth upgrade path from << 2:1.1-2 (Closes: #714838) . golang (2:1.1.1-1) unstable; urgency=low . * Imported Upstream version 1.1.1 . golang (2:1.1-2) unstable; urgency=low . [ Ondřej Surý ] * Promote Michael to Maintainer . [ Michael Stapelberg ] * Build golang-go-$GOOS-$GOARCH packages for cross-compiling (Closes: #710090) * Build race detector on linux/amd64 (only supported arch) (Closes: #710691) * Switch compression to xz (50% smaller binaries) . golang (2:1.1-1) unstable; urgency=low . * New upstream release: Go 1.1! * Remove the long obsolete goinstall debconf question and config file. goinstall does not exist anymore since a long time. This also obsoletes the need for any translations (Closes: #685923, #692478) * Emacs go-mode auto-mode-alist entry was fixed upstream (Closes: #670371) . golang (2:1.1~hg20130405-1) experimental; urgency=low . * Provide a new hg tip snapshot. This includes what was recently released as Go 1.1 beta. . golang (2:1.1~hg20130323-1) experimental; urgency=low . * Provide a new hg tip snapshot. * Add debian/watch (Closes: #699698) . golang (2:1.1~hg20130304-2) experimental; urgency=low . * Fix FTBFS of binary-arch only builds (as performed by buildds) caused by 'rm' not finding jquery.js in golang-doc (Thanks Peter Green) . golang (2:1.1~hg20130304-1) experimental; urgency=low . * Provide a hg tip snapshot (2013-03-04) in Debian experimental. Current hg tip is a good approximation to Go 1.1 and should get some testing within Debian in order to package Go 1.1 well when it is released. Thanks to Andrew Gerrand. . golang (2:1.0.2-2) unstable; urgency=low . * Add myself to uploaders, as discussed in #683421. * cherry-pick r820ffde8c396 (net/http: non-keepalive connections close successfully) (Closes: #683421) . golang (2:1.0.2-1.1) unstable; urgency=low . * Non-maintainer upload. (as discussed with Ondřej in #679692) * Fix godoc-symlinks.diff (godoc didn’t find docs) (Closes: #679692) . golang (2:1.0.2-1) unstable; urgency=low . [ Ondřej Surý ] * Imported Upstream version 1.0.2 * Update Vcs fields to reflect new git repository location * Kill get-orig-source, since 1.0.0, the tarballs can be downloaded from webpage . [ Michael Stapelberg ] * golang-mode: use debian-pkg-add-load-path-item (Closes: #664802) * add manpages (Closes: #632964) * Use updated pt.po from Pedro Ribeiro (Closes: #674958) . golang (2:1.0.1-1) unstable; urgency=low . * Imported Upstream version 1.0.1 * Apply godoc patch to display package list correctly (Closes: #669354) . golang (2:1-6) unstable; urgency=low . * Merge upstream patch to fix homedir issue (http://code.google.com/p/go/source/detail?r=709120aecee0) * Disable GNU/KFreeBSD build (Closes: #668794) . golang (2:1-5) unstable; urgency=low . * Rewrite test conditions to make them more readable (and fix the debian/rules to really not check on armel+kfreebsd) * Patch upstream test to not fail on missing home directory . golang (2:1-4) unstable; urgency=low . * Disable tests on Debian GNU/KFreeBSD, they just hang now (Closes: #668794) * Disable tests on armel, but the invalid instruction needs fixing in upstream * Create fake home directory to pass the os/user test . golang (2:1-3) unstable; urgency=high . * Use VERSION provided by upstream for packaging purposes * Run tests as a part of a build process * Install full src tree (except pkg/debug) because go command depend on sources available * Install sources without testdata and *_test.go * Remove circular dependency golang-go->golang-doc->golang-go * Make sure that timestamp on installed binaries and libraries is same because go build/install recompiles everything if the go binary has more recent timestamp than libraries (Closes: #668235) + Need to update timestamps at postinst time because already created directories can have time in the past * Fix couple of lintian errors and warnings . golang (2:1-2) unstable; urgency=low . * Remove preserving of old -tools settings, there are too many options now anyway (Closes: #666007) . golang (2:1-1) unstable; urgency=low . * New major upstream release Go 1 (Closes: #666942) * Bumb epoch to 2, since 1 < 60 < 2011 (I wonder if next version will be 0 :) * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. (Closes: #663181) * [Debconf translation updates] + Pick existing translations from golang-weekly and do appropriate sed magic to fit golang templates. (Closes: #666884, #666880, #666881) + Dutch; (Jeroen Schot). (Closes: #664598) + Czech (Michal Simunek). (Closes: #665385) + Spanish; (Camaleón). (Closes: #666177) + Danish (Joe Hansen). (Closes: #666526) . golang (1:60.3-2) unstable; urgency=low . * debconf-gettextize package templates . golang (1:60.3-1) unstable; urgency=low . * Imported Upstream version 60.3 . golang (1:60.2-1) unstable; urgency=low . * Imported Upstream version 60.2 . golang (1:60.1-1) unstable; urgency=low . * Imported Upstream version 60.1 . golang (1:60-1) unstable; urgency=low . * Imported Upstream version 60 * Save upstream VERSION to the archive * Use GOVERSION as generated by src/version.bash on hg archive time * Add support for goinstall dashboard debconf question in the Debian packaging * Read goinstall dashboard option from debian configuration file * Remove 005-goinstall_dont_call_home_by_default.patch; replaced by configuration option * Fix directory name for upstream archive checkout . golang (1:59-1) unstable; urgency=low . * Imported Upstream version 59 * Refresh patches to a new release * Fix FTBFS on ARM (Closes: #634270) * Update version.bash to work with Debian packaging and not hg repository . golang (1:58.1-2) unstable; urgency=low . * Install golang-doc package by default (Recommends from golang-tools, Depends from golang) . golang (1:58.1-1) unstable; urgency=low . * Imported Upstream version 58.1 . golang (1:58-1) unstable; urgency=low . * Imported Upstream version 58 + Add NEWS file with upstream API changes * Remove patch to not update standard package, fixed in upstream . golang (1:57.2-1) unstable; urgency=low . * Imported Upstream version 57.2 * More spelling fixes (Closes: #630660) . golang (1:57.1-4) unstable; urgency=low . * Description update to have proper articles and capitalization (Closes: #630189) * Add extended description about Go being experimental and that the languager can change between releases . golang (1:57.1-3) unstable; urgency=low . * Fix "the Google's Go implementation" in extended description (Closes: #627814) * Update Vcs-* links * Install vim ftplugin files into correct directory (Closes: #629844) . golang (1:57.1-2) unstable; urgency=low . * Bump standards version to 3.9.2 * Capitalize Kate (Closes: #627036) * Import slightly modified patch to be more clear about $GOPATH installs for non-root users * Remove don't install deps patch from goinstall; deprecated by $GOPATH installs . golang (1:57.1-1) unstable; urgency=low . * Add support for dot-minor releases * Imported Upstream version 57.1 . golang (1:57-3) unstable; urgency=low . [ Florian Weimer ] * golang-tools: install gofix binary . [ Ondřej Surý ] * Add lintian-overrides for gofix binary . golang (1:57-2) unstable; urgency=low . * Remove weekly code from debian/rules * Add golang meta-package * Don't create tool chain symlinks twice * Make debian/rules more generic for simpler sync between weekly and release branches . golang (1:57-1) unstable; urgency=low . * Imported Upstream version r57 * Bumped epoch version to 1, to convert from date based versions to release number based version * Allow release to migrate to testing (Closes: #624408) * Add kate and vim syntax highlighting (Closes: #624544) * Add -dbg package with debugging symbols . golang (2011.04.27-2) unstable; urgency=low . * Fix yet another build failure on kfreebsd (use linux userspace) . golang (2011.04.27-1) unstable; urgency=low . * Imported Upstream version 2011.04.27 * Update debian/rules to allow pulling weekly upstream releases * Don't remove RUNPATH from binaries; fixed upstream (golang#1527) * Set GOHOSTOS and GOHOSTARCH to match dpkg-architecture variables * Add support for kfreebsd-i386, kfreebsd-amd64, armel and armhf architectures + 006-fix_kfreebsd_build.patch: - Add GNU/KFreeBSD support by replacing all uname calls by $(GOOS) + 007-use_native_dynamic_linker_on_kfreebsd.patch: - Use native kfreebsd dynamic linker (/lib/ld-*.so.1) * Add information about available architectures (Closes: #623877) * Don't strip gotest * Add Depends: golang-go to golang-tools * Add better support for armhf . golang (2011.04.13-1) unstable; urgency=low . [ Florian Weimer ] * Delete bin directory in clean target * Enable parallel build * golang-src: install source files directly * Use proper symlink targets for architecture-independent toolchain names * Emacs mode: indent keys in struct literals properly . [ Ondřej Surý ] * Imported Upstream weekly version 2011.04.13 * Update patches to new weekly release * Add lintian-override for gotest binary . golang (2011.03.07.1-1) unstable; urgency=low . * Imported Upstream version 2011.03.07.1 * Install to /usr/lib/go * Remove xkcd strip to get rid of CC-NC-BY * Update golang-src.install to new upstream * Remove 002-use_GOROOT_FINAL_in_generated_binaries.patch; merged upstream * Make all .go files no-executable * Update lintian-overrides to include both types of syntax . golang (2011.02.15-2) unstable; urgency=low . [ Ondřej Surý ] * Add ${misc:Depends} to golang-mode to shutup lintian * Rehaul build system and add golang-src package with .go source files * goinstall: do not automatically install prerequisities * goinstall: don't report to dashboard by default * Add a README.Debian about local modifications to goinstall * Add warning about local modifications also directly to goinstall command . [ Florian Weimer ] * Fix syntax error in 004- dont_reinstall_dependencies_in_goinstall.patch . golang (2011.02.15-1) unstable; urgency=low . [ Obey Arthur Liu ] * Added pkg-google git repo to control file . [ Florian Weimer ] * Build golang-mode package . [ Ondřej Surý ] * Imported Upstream version 2011.02.15 * Don't compress godoc documentation * Correctly use $GOROOT_FINAL in the build chain * Remove RPATH/RUNPATH from go binaries . golang (2011.02.01.1-1) unstable; urgency=low . [ Ivan Wong ] * Initial release (Closes: #574371) . [ Jonathan Nieder ] * Fill out copyright file * Rewrite debian/rules using dh driver * debian: fix get-orig-source rule * debian: do not install extra files on repeated build * debian: fix reversed ‘if’ * debian: do not leave around stale debian/env.sh+ file * debian: Build-Depends on awk instead of gawk * debian: add run-time dependency on perl * debian: add build-time dependency on perl * debian: fix setting of GOARM on arm * debian: do not compress files in web page * debian: install favicon . [ Ondřej Surý ] * Make myself a maintainer * Add patch to allow IPv4 on IPv6 sockets (Courtesy of Florian Weimer) * Use GOROOT_FINAL and change GOBIN to /usr/bin * Get rid of env.sh and wrappers * Add support for building in i386 pbuilder on amd64 architecture * Rename source package to golang to match upstream repository name * Add golang-doc package * Split package into compiler, docs and tools * Don't install quietgcc and hgpatch * Don't generate fake gomake * Update golang-doc package * Export GOHOSTARCH and GOHOSTOS * Disable build time checks * Fail on missed installed files * Revert s{tmp{golang-go{ change in DESTDIR * Relicence debian/ files from versionless GPL to GPL-3 * Move golang-doc to doc section * Add more lintian overrides for Go binaries * Install all 6,8,5 variants of commands * Install golang-* symlinks for 6,8,5* commands * Don't strip govet as well * Remove ${shlibs:Depends} where it doesn't belong * Move more html files to golang-doc package * Remove codereview directory - some python code to deal with mercurial

ALTree changed the title ~~Net/URL: URL.Parse Multiple Parsing Issues~~ net/url: URL.Parse Multiple Parsing Issues Dec 4, 2018

ALTree added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Dec 4, 2018

bradfitz added this to the Go1.13 milestone Jan 9, 2019

andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019

andybons modified the milestones: Go1.14, Go1.13 Aug 6, 2019

andybons removed the early-in-cycle A change that should be done early in the 3 month dev cycle. label Aug 6, 2019

vangent mentioned this issue Aug 14, 2019

pubsub/awssnssqs: URL scheme broken by go 1.12.8 google/go-cloud#2647

Closed

stefanb mentioned this issue Aug 27, 2019

net/url: fail TestParseErrors test when getting an unwanted error #33876

Closed

FiloSottile modified the milestones: Go1.13, Go1.14 Aug 27, 2019

rsc modified the milestones: Go1.14, Backlog Oct 9, 2019

aircraft-cerier mentioned this issue Feb 12, 2020

go-mysql password sanitizing support aws/aws-xray-sdk-go#191

Merged

wy65701436 mentioned this issue Feb 20, 2020

Need upgrade Golang as Golang v1.12.12 has multiple vulnerabilities goharbor/harbor#10761

Closed

FiloSottile mentioned this issue Mar 10, 2021

new security policy #44918

Closed

rsc unassigned FiloSottile Jun 23, 2022

Gaethje mentioned this issue Feb 16, 2023

Reflection needed on several critical security vulnerabilities haproxytech/kubernetes-ingress#521

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

net/url: URL.Parse Multiple Parsing Issues #29098

net/url: URL.Parse Multiple Parsing Issues #29098

wir3less commented Dec 4, 2018

agnivade commented Dec 5, 2018

mengzhuo commented Dec 5, 2018

wir3less commented Dec 5, 2018

mengzhuo commented Dec 5, 2018 •

edited

wir3less commented Dec 6, 2018 •

edited

mees- commented Dec 27, 2018

fraenkel commented Dec 27, 2018

mees- commented Dec 27, 2018

wir3less commented Dec 28, 2018

agnivade commented Dec 29, 2018

wir3less commented Jan 1, 2019

agnivade commented Jan 1, 2019

wir3less commented Jan 1, 2019 •

edited

wir3less commented Jan 9, 2019

ghost commented Jan 10, 2019

wir3less commented Jan 10, 2019

wir3less commented Jan 13, 2019

bradfitz commented Jan 14, 2019

mikesamuel commented Aug 14, 2019

FiloSottile commented Aug 14, 2019

mikesamuel commented Aug 21, 2019

gopherbot commented Aug 27, 2019

EddieIvan01 commented Sep 3, 2019

dwillemv commented Oct 2, 2019

FiloSottile commented Oct 2, 2019

dwillemv commented Oct 2, 2019

FiloSottile commented Oct 2, 2019

dwillemv commented Oct 2, 2019

FiloSottile commented Oct 2, 2019 •

edited

net/url: URL.Parse Multiple Parsing Issues #29098

net/url: URL.Parse Multiple Parsing Issues #29098

Comments

wir3less commented Dec 4, 2018

What version of Go are you using (go version)?

Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

What did you do?

What did you expect to see?

What did you see instead?

agnivade commented Dec 5, 2018

mengzhuo commented Dec 5, 2018

wir3less commented Dec 5, 2018

mengzhuo commented Dec 5, 2018 • edited

wir3less commented Dec 6, 2018 • edited

mees- commented Dec 27, 2018

fraenkel commented Dec 27, 2018

mees- commented Dec 27, 2018

wir3less commented Dec 28, 2018

agnivade commented Dec 29, 2018

wir3less commented Jan 1, 2019

agnivade commented Jan 1, 2019

wir3less commented Jan 1, 2019 • edited

wir3less commented Jan 9, 2019

ghost commented Jan 10, 2019

wir3less commented Jan 10, 2019

wir3less commented Jan 13, 2019

bradfitz commented Jan 14, 2019

mikesamuel commented Aug 14, 2019

FiloSottile commented Aug 14, 2019

mikesamuel commented Aug 21, 2019

gopherbot commented Aug 27, 2019

EddieIvan01 commented Sep 3, 2019

dwillemv commented Oct 2, 2019

FiloSottile commented Oct 2, 2019

dwillemv commented Oct 2, 2019

FiloSottile commented Oct 2, 2019

dwillemv commented Oct 2, 2019

FiloSottile commented Oct 2, 2019 • edited

What version of Go are you using (`go version`)?

What operating system and processor architecture are you using (`go env`)?

mengzhuo commented Dec 5, 2018 •

edited

wir3less commented Dec 6, 2018 •

edited

wir3less commented Jan 1, 2019 •

edited

FiloSottile commented Oct 2, 2019 •

edited