Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-backports-changes@lists.debian.org>
Subject: Accepted golang-1.17 1.17.13-3~bpo11+1 (source) into bullseye-backports
Date: Wed, 17 Aug 2022 07:19:05 +0000
Signed by: Anthony Fok <foka@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 11 Aug 2022 23:34:05 -0600
Source: golang-1.17
Architecture: source
Version: 1.17.13-3~bpo11+1
Distribution: bullseye-backports
Urgency: medium
Maintainer: Debian Go Compiler Team <team+go-compiler@tracker.debian.org>
Changed-By: Anthony Fok <foka@debian.org>
Changes:
 golang-1.17 (1.17.13-3~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
 golang-1.17 (1.17.13-3) unstable; urgency=medium
 .
   * Remove debian/patches/0005-accept-larger-pie-size.patch.
     Sorry, I was careless: this patch is not the solution to the recent
     FTBFS with golang-1.17 on ppc64el.
   * Apply debian/patches/0005-increase-size-limit-in-size-check.patch.
     From https://go-review.googlesource.com/c/go/+/371634:
       misc/cgo/testshared: increase size limit in size check
       Recently in Fedora we switched binutils ld's separate-code on. This
       led to increased size of binaries, especially on 64k aligned arches.
       For example trivial test binary size grew from 80k to 211k on ppc64le
       tripping the size check(RHBZ#2030308). Therefore adjusting the size limit.
     Fixes recent FTBFS on ppc64el:
       ##### ../misc/cgo/testshared
       --- FAIL: TestTrivialExecutable (5.02s)
           shared_test.go:483: file too large: got 138376, want <= 100000
       --- FAIL: TestTrivialExecutablePIE (0.62s)
           shared_test.go:483: file too large: got 138376, want <= 100000
 .
 golang-1.17 (1.17.13-2) unstable; urgency=medium
 .
   * Renumber Debian patches in consecutive order
   * Import 0002-accept-larger-pie-size.patch from Ubuntu golang-1.18
     1.18.4-1ubuntu2.  This patches TestPIESize to allow the difference
     between position-independent and position-dependent executables to
     be larger than before.  This resolves an FTBFS on ppc64el.
     Thanks to William 'jawn-smith' Wilson for the patch!
 .
 golang-1.17 (1.17.13-1) unstable; urgency=medium
 .
   [ Shengjing Zhu ]
   * Update upstream signing key.
     Download from https://dl.google.com/dl/linux/linux_signing_key.pub
 .
   [ Anthony Fok ]
   * New upstream version 1.17.13
     - Security vulnerabilities fixed in 1.17.12:
       + CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding
                        header
       + CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions
       + CVE-2022-30630: io/fs: stack exhaustion in Glob
       + CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read
       + CVE-2022-30632: path/filepath: stack exhaustion in Glob
       + CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal
       + CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
       + CVE-2022-32148: net/http: Improper exposure of client IP addresses
     - Security vulnerabilities fixed in 1.17.13:
       + CVE-2022-32189: math/big: index out of range in Float.GobDecode
   * Bump Standards-Version to 4.6.1 (no change)
Checksums-Sha1:
 df9dbad913db7116b4ce945bd5e5c006d9272c13 2903 golang-1.17_1.17.13-3~bpo11+1.dsc
 53ea9b774a9d8f97db3611fb842865a0c4d8a665 42752 golang-1.17_1.17.13-3~bpo11+1.debian.tar.xz
 c90b0dc74204e1aff585fa3539fe3db1416964c5 7158 golang-1.17_1.17.13-3~bpo11+1_amd64.buildinfo
Checksums-Sha256:
 4d8436e3b0ad5d91f62164580edd9e715c6232e97455510ee03bfeaefe9b9858 2903 golang-1.17_1.17.13-3~bpo11+1.dsc
 b06054312db4545cea00cde347fb06c9dc714cc510258d6ce805748afc701990 42752 golang-1.17_1.17.13-3~bpo11+1.debian.tar.xz
 10c0c131db9404709a3fa544dea021ba7b3055f17202686619306986ccf051ca 7158 golang-1.17_1.17.13-3~bpo11+1_amd64.buildinfo
Files:
 2a26144c7fdcdeafee6b0811fec90ea4 2903 golang optional golang-1.17_1.17.13-3~bpo11+1.dsc
 5b2a98af6f8eb81d041b95b300f10ff1 42752 golang optional golang-1.17_1.17.13-3~bpo11+1.debian.tar.xz
 ad0546fee72767f89879cdb97819a5eb 7158 golang optional golang-1.17_1.17.13-3~bpo11+1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmL18fsQHGZva2FAZGVi
aWFuLm9yZwAKCRDqJQC0EsWaz+9RD/958NZQcvJuM49KOGkGyFqYLbVCZ5Dr6pek
MuVvmq0m4gULZYeUKAPv+rZeCdE/P+rGS0PXBKCYIrciXkOBHabSoLhPbxp80M5g
99a3CocFOZgmDmckpDZoqzqg+uYToj0NucHTsLGhAkL+Njdn9wk51M8Aq7VYUSRO
f+Hbc+K73b9AmtuBPETg/nW9PqZF2eIkkjrDXm3WjNju8DQ8JgRPtqFs0ynbcta4
IuIQiYi+CvDW4RkdMKEsAKzgMcyq7DCkM5h0B9keMNlxR/RuocMS3vgiOp/2iFWz
bULYSOdV7UoIkDZY05uQ98+K+dNFhPkFT2URyPxtbR+GoMtZQWkMiJ0sLNOZltT7
xQl2dy8FzEkPEydONHF2tBibHhIpkdhsaqAb7T/Y1be8wvSE0QQoFOFwgc+cxVr8
MXmf+QG9ehG9GyCvTv2P+FxwaOgyTyNgalehjiXx7AV9WyzHEJwS4cRcgUjsvjrI
eHy8OOt+HeAKLvw6inl1xjyuA8ynkKro2zUwjLItxakrUEARwRnSNwsiNt9WyHIe
ZkMfhS5L6fweEJnXCZDpbM3y42MxYofECN6E7bGPFEgruRllEWu6aTcza51xt0da
fbzgxiq147mnG8CAGAnmiLIS+DT++Xl9FKmMx9sRTvOAGsj0MXZRYU1HfwSQbfEQ
vrlEOahZmg==
=rzNC
-----END PGP SIGNATURE-----
News for package golang-1.17
