-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 26 Feb 2020 13:36:38 -0700 Source: golang-go.crypto Architecture: source Version: 1:0.0~git20200221.2aa609c-1 Distribution: unstable Urgency: high Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org> Changed-By: Anthony Fok <foka@debian.org> Closes: 952462 Changes: golang-go.crypto (1:0.0~git20200221.2aa609c-1) unstable; urgency=high . * New upstream version 0.0~git20200221.2aa609c - ssh: return an error for malformed ed25519 public keys rather than panic (v0.0.0-20200220183623-bac4c82f6975). Fixes CVE-2020-9283 (Closes: #952462) * Previously uploaded upstream version 0.0~git20190701.4def268 contains: - salsa20/salsa: fix keystream loop in amd64 assembly when overflowing 32-bit counter (commit b7391e9, 2019-03-20). Fixes CVE-2019-11840 - openpgp/clearsign: reject potentially misleading headers and messages (commit c05e17b, 2019-04-24). Fixes CVE-2019-11841 * debian/gbp.conf: Set debian-branch to debian/sid for DEP-14 conformance * Bump Standards-Version to 4.5.0 (no change) * debian/copyright: Add Upstream-Contact * Remove d/patches/0001-ssh-test-delete-TestInvalidTerminalMode.patch which has been applied upstream as commit 9756ffd * Build-Depends on dh-golang (>= 1.48~) to prevent "no non-test Go files" error in internal/wycheproof during build * Add d/patches/0001-skip-wycheproof_test.patch to skip test that access the Internet with "go mod download -json" * Override dh_auto_install with --no-binaries to prevent /usr/bin/acmeprobe from being built Checksums-Sha1: c5015f19cba6330c3c438faa8aa90a1a38f12433 2465 golang-go.crypto_0.0~git20200221.2aa609c-1.dsc 1b4a6e30c1f2ab63df7fb582ff76ca762508663e 1525536 golang-go.crypto_0.0~git20200221.2aa609c.orig.tar.xz 4f7eead4ae2795007ca45a68616a876a6110b5e9 5732 golang-go.crypto_0.0~git20200221.2aa609c-1.debian.tar.xz 668f0ecb86f1832355823a1fe80662ea24c491c7 7090 golang-go.crypto_0.0~git20200221.2aa609c-1_amd64.buildinfo Checksums-Sha256: b130a6e2d104aad65e736bb41c01aa6fc4c1e16a139c31fc12c3d21df573912b 2465 golang-go.crypto_0.0~git20200221.2aa609c-1.dsc dcd8132ab5acd92dfe2fc8ce8e3c76f3a91f6c60bdfdac1df407b365c1ccd490 1525536 golang-go.crypto_0.0~git20200221.2aa609c.orig.tar.xz 1c9c458572ef8ee734672463159c344c1c4517587427726a968546dd1fed73f8 5732 golang-go.crypto_0.0~git20200221.2aa609c-1.debian.tar.xz 0feef6bc2d0b872620c50d4bccf03a3841eb9655fd92fdc9c4afc1a258eeb915 7090 golang-go.crypto_0.0~git20200221.2aa609c-1_amd64.buildinfo Files: 0a03dc86aed04ecb9ceb44561369f829 2465 devel optional golang-go.crypto_0.0~git20200221.2aa609c-1.dsc fc9ec138dc31168df107dc0ce282617c 1525536 devel optional golang-go.crypto_0.0~git20200221.2aa609c.orig.tar.xz 37ce1a799859a3f283730a9fcbdd3d3c 5732 devel optional golang-go.crypto_0.0~git20200221.2aa609c-1.debian.tar.xz 294dc38aea99f905917b039562c366b7 7090 devel optional golang-go.crypto_0.0~git20200221.2aa609c-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAl5W2GUACgkQ6iUAtBLF ms/sgA//TcMBe1sgevNYxZFzMLn7Y7xFRazaMr15GYTQiUoI2zD3HhYwm+aElGgT 2zEzY0W1KRnhT8dOw3mFr2yr1oTUBXRuzAdxyxIVMekyfnFJrZX7owDHKF6iitSS +wpW2ZQ123nKl7BL0fGWwKmJPFEmHfoI/w2CI+Cho/rGHl0MnQGE5J8WRBo+vkO3 VCoAq/zqXBuwcrlBozko5q9N/VinN8Te5l5GHvXC8ZoLsaG07ZJHy3iN9JsYzXzn Tba5WXbSKj2aZyru6kakV740WTqFK7lm1t/e3JFnYljhwwx/kAzcTz+9JaEPoPg7 ptLt1ieUq8DatllyrPax/bASU3gaiyl2fjVz+Rvvx+7VigHu8VHBroGsDH+Okefh D8lu5WfeT+0yn6TtGKmEV7vwVkm/V1nmp9dlJ7YRlulD+EfnMCvHIMtwjlEt16tL seSVYzUDo+kBnSOFAemYplyUpM/WxzO8RzfAlp8rYWbq3zLlxMd3GZeOeJrAgnaD Wz75JZJJlewjZrfX9P/uYAQZE7ukSzHkrz1WEa8xZaCiiEKv5Wk0FYLrXOoCDnwI wUsYVPOWOBoZXu9AjK49jJbusH9NinWMIZ0ZTm1bs5W/N0Sqp09G7HRHqbl2olNX iFiH9d43nDes0CTS0D64DNr23b0MJ7EuTlCk/a39Dn8MIhOCPsY= =cNWr -----END PGP SIGNATURE-----