golang-golang-x-net - Debian Package Tracker

general

source: golang-golang-x-net (main)
version: 1:0.27.0-2
maintainer: Debian Go Packaging Team (DMD)
uploaders: Anthony Fok [DMD] – Tim Potter [DMD] – Martín Ferrari [DMD] – Michael Stapelberg [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:0.0+git20210119.5f4716e+dfsg-4
oldstable: 1:0.7.0+dfsg-1
stable: 1:0.27.0-2
testing: 1:0.27.0-2
unstable: 1:0.27.0-2

versioned links

1:0.0+git20210119.5f4716e+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:0.7.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:0.27.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-golang-x-net-dev (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 0.48.0 high

A new upstream version 0.48.0 is available, you should consider packaging it.

Created: 2025-11-26 Last update: 2025-12-21 10:01

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2023-06-25 Last update: 2025-12-21 10:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1:0.33.0-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit c919ce136a21db988d28e569f27f0e015971516e
Author: Ananthu C V <weepingclown@debian.org>
Date:   Sat May 3 16:48:12 2025 +0530

    Update changelog

commit 081a8b286c2a1b2697d3cd146946a35411b92f7c
Author: Ananthu C V <weepingclown@debian.org>
Date:   Sat May 3 15:20:47 2025 +0530

    Upload to unstable

commit a369c5756c2e3cd53b013d73eebf4ce9980e1347
Author: Ananthu C V <weepingclown@debian.org>
Date:   Sat May 3 15:18:20 2025 +0530

    Skip more publicsuffix tests (Closes: #1089192)

commit 82677257a8eeac9e4c1d6ea0320d5d43b510cf3e
Author: Maytham Alsudany <maytha8thedev@gmail.com>
Date:   Mon Jan 6 16:33:24 2025 +0800

    Update changelog

commit e24c95c04f45e7db568e1a18e13c84e8b94fd43c
Author: Maytham Alsudany <maytha8thedev@gmail.com>
Date:   Mon Jan 6 16:30:36 2025 +0800

    Skip publicsuffix tests TestPublicSuffix, TestSlowPublicSuffix, and TestNumICANNRules
    
    These tests are hardcoded by upstream to check against parts of the test data,
    but break when the test data is regenerated from the latest publicsuffix data,
    which is constantly changing.
    
    This patch skips TestPublicSuffix, TestSlowPublicSuffix, and
    TestNumICANNRules, which are all affected by this problem and resulted in test
    failures.
    
    Closes: #1089192

commit 6ab3ef3bcdb38811556409fe388fb798f9746e51
Author: Maytham Alsudany <maytha8thedev@gmail.com>
Date:   Mon Jan 6 16:17:56 2025 +0800

    Refresh patches
    
    Gbp-Dch: ignore

commit 776c4533e226083b04a6cba9194fde3d9ddfd148
Merge: 29fa448 c799c32
Author: Maytham Alsudany <maytha8thedev@gmail.com>
Date:   Mon Jan 6 15:50:54 2025 +0800

    Update upstream source from tag 'upstream/0.33.0'
    
    Update to upstream version '0.33.0'
    with Debian dir bdad16f95163796012e76b8b8aa29bb15dbf180f

commit 29fa44814a122cd87eafa914ed8275600b96b26b
Author: Anthony Fok <foka@debian.org>
Date:   Sun Sep 1 08:41:37 2024 -0600

    Update changelog for 1:0.27.0-1 release

commit 528627e0b426197cd63598ff35457036d9ee1fdd
Author: Anthony Fok <foka@debian.org>
Date:   Sun Sep 1 08:41:16 2024 -0600

    Bump versioned dependencies as per go.mod

commit f65ffbbc76d05f858fbcd85b1073100b99648025
Merge: 376fa07 5eb5618
Author: Anthony Fok <foka@debian.org>
Date:   Sun Sep 1 08:29:46 2024 -0600

    Update upstream source from tag 'upstream/0.27.0'
    
    Update to upstream version '0.27.0'
    with Debian dir ba5b4a049ae925b457ef184cb7f18261306274a5

commit 376fa0737584abfbc4c64decccb764a13bc1da8d
Author: Anthony Fok <foka@debian.org>
Date:   Sat Aug 10 03:02:44 2024 -0600

    Update changelog for 1:0.26.0+dfsg-2 release

commit c605ad6fd236ac382495921dc0f59c7e406dea9a
Author: Anthony Fok <foka@debian.org>
Date:   Sat Aug 10 03:02:25 2024 -0600

    Bump to golang-golang-x-text-dev (>= 0.16.0) as per go.mod

commit 8fdd99e494fe3e107e515a14957a00eed99ecdf6
Author: Anthony Fok <foka@debian.org>
Date:   Wed Jul 31 11:28:42 2024 -0600

    Update changelog for 1:0.26.0+dfsg-1 release

commit df24525238863841c0307ebbc575f151101ea3c4
Author: Anthony Fok <foka@debian.org>
Date:   Wed Jul 31 11:27:56 2024 -0600

    Bump versioned dependencies as per go.mod
    
    except for golang-golang-x-text-dev (>= 0.16.0)
    which still needs to be packaged

commit 9deda08c4ae8504007eb08a3af2c8336c9cedd9c
Merge: f5b0204 fce6bad
Author: Anthony Fok <foka@debian.org>
Date:   Wed Jul 31 09:15:13 2024 -0600

    Update upstream source from tag 'upstream/0.26.0+dfsg'
    
    Update to upstream version '0.26.0+dfsg'
    with Debian dir 350849fe8a4dd3224276c830078bf499edd0aa59

commit f5b0204ca295ea4a2f6ba2b384e141fe5b4bc78a
Author: Anthony Fok <foka@debian.org>
Date:   Mon May 20 18:51:13 2024 -0600

    Update changelog for 1:0.25.0+dfsg-1 release

commit 9c3c72e980af09bfb1520c876d8b868580e8e7b5
Author: Anthony Fok <foka@debian.org>
Date:   Mon May 20 18:50:46 2024 -0600

    Bump versioned dependencies as per go.mod

commit 9c1b575ac12aa8d58b2a7d8d3cda35c5df65c704
Merge: 8c9a1f2 07d9f38
Author: Anthony Fok <foka@debian.org>
Date:   Mon May 20 18:49:09 2024 -0600

    Update upstream source from tag 'upstream/0.25.0+dfsg'
    
    Update to upstream version '0.25.0+dfsg'
    with Debian dir 2e6461846d0a15cad618625bc61a658b0a342550

commit 8c9a1f2a532677c9ffdb0cca2ccb4c641805788a
Author: Anthony Fok <foka@debian.org>
Date:   Fri Apr 26 03:23:29 2024 -0600

    Update changelog for 1:0.24.0+dfsg-1 release

commit bb4f002c691649dab74b6da5c37feb7061658d2e
Author: Anthony Fok <foka@debian.org>
Date:   Fri Apr 26 03:23:05 2024 -0600

    Bump Standards-Version to 4.7.0 (no change)

commit e2b617bef1e248347cc6bff46aa81f1eb3cddd96
Author: Anthony Fok <foka@debian.org>
Date:   Fri Apr 26 03:22:48 2024 -0600

    Bump versioned dependencies as per go.mod

commit ae7443c634c29d5e3856ea4eb38d2372a7f260f8
Merge: af7e9ca 9b9f6bc
Author: Anthony Fok <foka@debian.org>
Date:   Fri Apr 26 03:19:09 2024 -0600

    Update upstream source from tag 'upstream/0.24.0+dfsg'
    
    Update to upstream version '0.24.0+dfsg'
    with Debian dir 4a1f1b576f0c6af610d16ac18655bbe68f45efc1

commit af7e9caf17b6ff978e418e0c75b3078dd60a1cd1
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Thu Apr 4 04:39:52 2024 +0800

    Update changelog for 1:0.23.0+dfsg-1 release

commit c7863418fd83fc2d5baeedd0b98d12a2fc88789e
Merge: 6b20012 675e292
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Thu Apr 4 04:36:16 2024 +0800

    Update upstream source from tag 'upstream/0.23.0+dfsg'
    
    Update to upstream version '0.23.0+dfsg'
    with Debian dir 1cbed2a87190fe9d5dbe5a6fab6aceec0ead23b2

commit 6b20012b902ca14fdf22ebcfb8be1a5f568acfb8
Author: Anthony Fok <foka@debian.org>
Date:   Sun Mar 24 18:00:12 2024 -0600

    Update changelog for 1:0.22.0+dfsg-1 release

commit 8c5d7cbc06ca7295822602b5108e3cd8195bad75
Author: Anthony Fok <foka@debian.org>
Date:   Sun Mar 24 18:00:01 2024 -0600

    Bump versioned dependencies as per go.mod

commit edd00f0aabee2c5b06d80d87b99aacd63d672abd
Merge: 7b2906d 3d73f91
Author: Anthony Fok <foka@debian.org>
Date:   Sun Mar 24 17:46:47 2024 -0600

    Update upstream source from tag 'upstream/0.22.0+dfsg'
    
    Update to upstream version '0.22.0+dfsg'
    with Debian dir 61b1fbf203a3a2179d1bd4eb3d69855b4474b147

commit 7b2906daedee6d2ba820a7d726affa1f4473bf74
Author: Anthony Fok <foka@debian.org>
Date:   Fri Feb 23 19:31:16 2024 -0700

    Update changelog for 1:0.21.0+dfsg-1 release

commit 25bf70f38ec7966b725e64dfd1eb10ffba162316
Author: Anthony Fok <foka@debian.org>
Date:   Fri Feb 23 19:31:02 2024 -0700

    Bump versioned dependencies as per go.mod

commit 44b56419230ae991c035c233f59d8a0171439411
Merge: b0a2929 e3ec65b
Author: Anthony Fok <foka@debian.org>
Date:   Fri Feb 23 19:18:07 2024 -0700

    Update upstream source from tag 'upstream/0.21.0+dfsg'
    
    Update to upstream version '0.21.0+dfsg'
    with Debian dir 34be6e4851e72f37ba6d3647e08027fa80d40059

commit b0a292910b70ed65ff1f0a0ffbd6b4c409468f6b
Author: Anthony Fok <foka@debian.org>
Date:   Mon Jan 29 14:52:49 2024 -0700

    Update changelog for 1:0.20.0+dfsg-1 release

commit 76586f33911d98769d310abc171a995c951b67a9
Author: Anthony Fok <foka@debian.org>
Date:   Mon Jan 29 14:52:32 2024 -0700

    Bump versioned dependencies as per go.mod

commit e3296d7d4d92d75ad895d6257f9d38d1de1f0c46
Merge: 65195eb 517af42
Author: Anthony Fok <foka@debian.org>
Date:   Mon Jan 29 14:50:51 2024 -0700

    Update upstream source from tag 'upstream/0.20.0+dfsg'
    
    Update to upstream version '0.20.0+dfsg'
    with Debian dir b724df09dac2fcf3edd1c916721b97490aaea6e3

commit 65195eb8d474f9ee615229e6fafec802a348ccb8
Author: Anthony Fok <foka@debian.org>
Date:   Fri Dec 8 15:16:08 2023 -0700

    Update changelog for 1:0.19.0+dfsg-1 release

commit 4b643f62933ee9efe2c6820fd7dbee140749d124
Author: Anthony Fok <foka@debian.org>
Date:   Fri Dec 8 15:13:13 2023 -0700

    Append internal/quic/cmd to DH_GOLANG_EXCLUDES
    
    to avoid building the new QUIC interop test runner

commit c40803329f6a9611c3d882c3f6820e4f2b66a4ec
Author: Anthony Fok <foka@debian.org>
Date:   Fri Dec 8 14:40:34 2023 -0700

    Bump versioned dependencies as per go.mod

commit 6bb5afbc5d101ac279d3aa0a4d462783d80bd692
Merge: 2900752 c89574b
Author: Anthony Fok <foka@debian.org>
Date:   Fri Dec 8 14:29:09 2023 -0700

    Update upstream source from tag 'upstream/0.19.0+dfsg'
    
    Update to upstream version '0.19.0+dfsg'
    with Debian dir 7625d8c0cc41f6f54d71ba9830679b495cf95c1d

commit 290075209172b3bf4c570f54618f80474e49817a
Author: Anthony Fok <foka@debian.org>
Date:   Wed Nov 1 02:22:40 2023 -0600

    Update changelog for 1:0.17.0+dfsg-1 release

commit c175a450effdba5469a043ba5289858f1f335b29
Author: Anthony Fok <foka@debian.org>
Date:   Wed Nov 1 02:21:15 2023 -0600

    Bump versioned dependencies as per go.mod

commit 32296451daf4a1567c84cbece30b2a7de5685a61
Merge: 43abc4f cd8f753
Author: Anthony Fok <foka@debian.org>
Date:   Wed Nov 1 02:18:36 2023 -0600

    Update upstream source from tag 'upstream/0.17.0+dfsg'
    
    Update to upstream version '0.17.0+dfsg'
    with Debian dir a3b61d17d986ec47b82c6eb50e1095b920bb89eb

commit 43abc4f3e69498dff3d5be47c419b91d8ed58ee7
Author: Anthony Fok <foka@debian.org>
Date:   Thu Oct 12 12:55:49 2023 -0600

    Update changelog for 1:0.15.0-2 release

commit c8428bccc3cf94124fd8decef2d1fcb4d56a2798
Author: Anthony Fok <foka@debian.org>
Date:   Thu Oct 12 12:29:30 2023 -0600

    Bump build-dependency publicsuffix (>= 20230804.1533)
    
    as golang.org/x/net v0.15.0 updated its copy of publicsuffix, especially
    "New policy for .museum, without all the SLD (Second-Level Domains)"

commit f264f35ac1f17bb75d3b3f0dad7f0ec3ffd4555a
Author: Anthony Fok <foka@debian.org>
Date:   Thu Oct 12 01:36:39 2023 -0600

    Update changelog for 1:0.15.0-1 release

commit 44a32b6cafbac16841f19b4088e4ffb23edba6ca
Author: Anthony Fok <foka@debian.org>
Date:   Thu Oct 12 01:35:18 2023 -0600

    Remove 0001-quic-fix-testConn.uncheckedHandshake.patch
    
    which was backported from this version
    
    Revert "Backport "quic: fix testConn.uncheckedHandshake" from v0.15.0"
    
    This reverts commit 534333d48852f2b71a8ac6f2e0079d06a585a9bb.

commit 1f314dcdea07dae6ecea5a1dce931d883464e0c0
Author: Anthony Fok <foka@debian.org>
Date:   Thu Oct 12 01:32:29 2023 -0600

    Bump versioned dependencies as per go.mod

commit 38d7ece7c2ede19dac49cb92994415ad34a7eaa3
Merge: 09d0adf 5c99de0
Author: Anthony Fok <foka@debian.org>
Date:   Thu Oct 12 01:15:48 2023 -0600

    Update upstream source from tag 'upstream/0.15.0'
    
    Update to upstream version '0.15.0'
    with Debian dir c26a274683512306cf364b8f35bf590c4712e605

commit 09d0adf90ec1214d1ac917d3004a6b12875a8c7b
Author: Anthony Fok <foka@debian.org>
Date:   Tue Oct 10 05:59:44 2023 -0600

    Update changelog for 1:0.14.0-1 release

commit 534333d48852f2b71a8ac6f2e0079d06a585a9bb
Author: Anthony Fok <foka@debian.org>
Date:   Tue Oct 10 05:58:15 2023 -0600

    Backport "quic: fix testConn.uncheckedHandshake" from v0.15.0

commit e8374075b18a1bf8e2c19859f2ceb23a1e718905
Author: Anthony Fok <foka@debian.org>
Date:   Mon Oct 9 18:57:53 2023 -0600

    Update changelog for 1:0.14.0-1 release

commit 219a4794b52cab64c94712c7d83b3ec574aad8cf
Author: Anthony Fok <foka@debian.org>
Date:   Mon Oct 9 18:57:32 2023 -0600

    Bump versioned dependencies as per go.mod

Created: 2025-01-05 Last update: 2025-12-16 16:01

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-12-16 Last update: 2025-12-16 16:01

4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

4 issues left for the package maintainer to handle:

CVE-2023-3978: (needs triaging) Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
CVE-2023-45288: (needs triaging) An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CVE-2024-45338: (needs triaging) An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
CVE-2025-22872: (needs triaging) The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-08-03 Last update: 2025-08-10 06:32

debian/patches: 2 patches to forward upstream low

Among the 4 debian patches available in version 1:0.27.0-2 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-05-21 Last update: 2025-05-21 20:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-05-21 17:04

news

[rss feed]

[2025-05-25] golang-golang-x-net 1:0.27.0-2 MIGRATED to testing (Debian testing watch)
[2025-05-21] Accepted golang-golang-x-net 1:0.27.0-2 (source) into unstable (Jochen Sprickerhof)
[2024-09-04] golang-golang-x-net 1:0.27.0-1 MIGRATED to testing (Debian testing watch)
[2024-09-01] Accepted golang-golang-x-net 1:0.27.0-1 (source) into unstable (Anthony Fok)
[2024-08-13] golang-golang-x-net 1:0.26.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2024-08-10] Accepted golang-golang-x-net 1:0.26.0+dfsg-2 (source) into unstable (Anthony Fok)
[2024-08-04] golang-golang-x-net 1:0.26.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-07-31] Accepted golang-golang-x-net 1:0.26.0+dfsg-1 (source) into unstable (Anthony Fok)
[2024-05-27] golang-golang-x-net 1:0.25.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-05-21] Accepted golang-golang-x-net 1:0.25.0+dfsg-1 (source) into unstable (Anthony Fok)
[2024-05-03] golang-golang-x-net 1:0.24.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-04-26] Accepted golang-golang-x-net 1:0.24.0+dfsg-1 (source) into unstable (Anthony Fok)
[2024-04-07] golang-golang-x-net 1:0.23.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-04-07] golang-golang-x-net 1:0.23.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-04-03] Accepted golang-golang-x-net 1:0.23.0+dfsg-1 (source) into unstable (Shengjing Zhu)
[2024-03-29] golang-golang-x-net 1:0.22.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-03-25] Accepted golang-golang-x-net 1:0.22.0+dfsg-1 (source) into unstable (Anthony Fok)
[2024-02-27] golang-golang-x-net 1:0.21.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-02-24] Accepted golang-golang-x-net 1:0.21.0+dfsg-1 (source) into unstable (Anthony Fok)
[2024-02-08] golang-golang-x-net 1:0.20.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-02-08] golang-golang-x-net 1:0.20.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-01-29] Accepted golang-golang-x-net 1:0.20.0+dfsg-1 (source) into unstable (Anthony Fok)
[2023-12-14] golang-golang-x-net 1:0.19.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-12-08] Accepted golang-golang-x-net 1:0.19.0+dfsg-1 (source) into unstable (Anthony Fok)
[2023-11-05] golang-golang-x-net 1:0.17.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-11-05] golang-golang-x-net 1:0.17.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-11-01] Accepted golang-golang-x-net 1:0.17.0+dfsg-1 (source) into unstable (Anthony Fok)
[2023-10-15] golang-golang-x-net 1:0.15.0-2 MIGRATED to testing (Debian testing watch)
[2023-10-12] Accepted golang-golang-x-net 1:0.15.0-2 (source) into unstable (Anthony Fok)
[2023-10-12] Accepted golang-golang-x-net 1:0.15.0-1 (source) into unstable (Anthony Fok)

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:0.27.0-2