1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1106218: unblock: golang-golang-x-net/1:0.27.0-2

    From Jochen Sprickerhof@21:1/5 to All on Wed May 21 14:40:01 2025
    XPost: linux.debian.devel.release

    This is a multi-part MIME message sent by reportbug.


    Package: release.debian.org
    Severity: normal
    X-Debbugs-Cc: golang-golang-x-net@packages.debian.org
    Control: affects -1 + src:golang-golang-x-net
    User: release.debian.org@packages.debian.org
    Usertags: unblock

    Please unblock package golang-golang-x-net

    [ Reason ]
    The patch fixes a FTBFS due to a failing test (#1089192) and adds to
    fixes for CVEs.

    [ Impact ]
    downstream build dependencies are affected by the CVEs and users can't
    easily modify and build the package.

    [ Tests ]
    Recompiled a couple times with sbulid and ran autopkgtests to make sure
    it work now.

    [ Risks ]
    Low, The skipped test has no impact compared to the version in testing
    and the patches for the two CVEs are from upstream and applied without problems.

    [ Checklist ]
    [X] all changes are documented in the d/changelog
    [X] I reviewed all changes and I approve them
    [X] attach debdiff against the package in testing

    [ Other info ]
    As this is a source only -dev package we probably need to recompile all downstream build dependencies to make user the CVEs fixes are applied.

    unblock golang-golang-x-net/1:0.27.0-2

    diff --git a/debian/changelog b/debian/changelog
    index c713a01..20fadd0 100644
    --- a/debian/changelog
    +++ b/debian/changelog
    @@ -1,3 +1,16 @@
    +golang-golang-x-net (1:0.27.0-2) unstable; urgency=medium
    +
    + * Team upload.
    +
    + [ Ananthu C V ]
    + * Skip more publicsuffix tests (Closes: #1089192)
    +
    + [ Jochen Sprickerhof ]
    + * Add patch for CVE-2025-22872 (Closes: #1103586)
    + * Add patch for CVE-2024-45338 (Closes: #1091168)
    +
    + -- Jochen Sprickerhof <jspricke@debian.org> Wed, 21 May 2025 14:16:51 +0200 +
    golang-golang-x-net (1:0.27.0-1) unstable; urgency=medium

    * New upstream version 0.27.0
    diff --git a/debian/patches/0003-html-properly-handle-trailing-solidus-in-unquoted-at.patch b/debian/patches/0003-html-properly-handle-trailing-solidus-in-unquoted-at.patch
    new file mode 100644
    index 0000000..4eb0cec
    --- /dev/null
    +++ b/debian/patches/0003-html-properly-handle-trailing-solidus-in-unquoted-at.patch
    @@ -0,0 +1,91 @@
    +From: Roland Shoemaker <roland@golang.org>
    +Date: Mon, 24 Feb 2025 11:18:31 -0800
    +Subject: html: properly handle trailing solidus in unq