Change logs for golang-1.20 source package in Sid

golang-1.20 (1.20.10-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.20.10
    + CVE-2023-44487/CVE-2023-39325: net/http: rapid stream resets can cause
      excessive work

 -- Shengjing Zhu <email address hidden>  Wed, 11 Oct 2023 14:49:01 +0800

golang-1.20 (1.20.9-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.20.9
    + CVE-2023-39323: cmd/go: line directives allows arbitrary execution during
      build

 -- Shengjing Zhu <email address hidden>  Fri, 06 Oct 2023 19:40:40 +0800

golang-1.20 (1.20.8-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.20.8
    + CVE-2023-39318: html/template: improper handling of HTML-like comments
      within script contexts
    + CVE-2023-39319: html/template: improper handling of special tags within
      script contexts

 -- Shengjing Zhu <email address hidden>  Thu, 07 Sep 2023 11:58:16 +0800

golang-1.20 (1.20.7-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.20.7
    + CVE-2023-29409: crypto/tls: restrict RSA keys in certificates
      to <= 8192 bits

 -- Shengjing Zhu <email address hidden>  Wed, 02 Aug 2023 11:30:27 +0800

golang-1.20 (1.20.6-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.20.6
    + CVE-2023-29406: net/http: insufficient sanitization of Host header
  * Add autopkgtest

 -- Shengjing Zhu <email address hidden>  Wed, 12 Jul 2023 13:34:53 +0800

golang-1.20 (1.20.5-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.20.5
    + CVE-2023-29402: cmd/go: cgo code injection
    + CVE-2023-29403: runtime: unexpected behavior of setuid/setgid binaries
    + CVE-2023-29404/CVE-2023-29405: cmd/go: improper sanitization of LDFLAGS

 -- Shengjing Zhu <email address hidden>  Wed, 07 Jun 2023 12:05:11 +0800

golang-1.20 (1.20.4-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.20.4
    + CVE-2023-24539: html/template: improper sanitization of CSS values
    + CVE-2023-24540: html/template: improper handling of JavaScript whitespace
    + CVE-2023-29400: html/template: improper handling of empty HTML attributes

 -- Shengjing Zhu <email address hidden>  Wed, 03 May 2023 14:56:49 +0800

golang-1.20 (1.20.3-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.20.3
    + CVE-2023-24537: go/parser: infinite loop in parsing
    + CVE-2023-24538: html/template: backticks not treated as string delimiters
    + CVE-2023-24534: net/http, net/textproto: denial of service from excessive
      memory allocation
    + CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
      service from excessive resource consumption

 -- Shengjing Zhu <email address hidden>  Wed, 05 Apr 2023 02:04:08 +0800

golang-1.20 (1.20.2-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.20.2
    + CVE-2023-24532: crypto/elliptic: incorrect P-256 ScalarMult and
      ScalarBaseMult results

 -- Shengjing Zhu <email address hidden>  Wed, 08 Mar 2023 13:57:35 +0800

golang-1.20 (1.20.1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.20.1
    + CVE-2022-41722: path/filepath: path traversal in filepath.Clean on
      Windows
    + CVE-2022-41725: net/http, mime/multipart: denial of service from
      excessive resource consumption
    + CVE-2022-41724: crypto/tls: large handshake records may cause panics
    + CVE-2022-41723: net/http: avoid quadratic complexity in HPACK decoding

 -- Shengjing Zhu <email address hidden>  Wed, 15 Feb 2023 09:53:55 +0800

golang-1.20 (1.20-1) unstable; urgency=medium

  * Team upload
  * New upstream release 1.20
  * Remove patches applied upstream:
    - d/patches/0005-Revert-internal-fsys-follow-root-symlink-in-fsys.Wal.patch
    - d/patches/0006-time-revert-strict-parsing-of-RFC-3339.patch

 -- Michael Hudson-Doyle <email address hidden>  Thu, 02 Feb 2023 13:54:15 +1300

golang-1.20 (1.20~rc3-2) unstable; urgency=medium

  * Team upload
  * Revert strict parsing of RFC 3339.
    See https://github.com/golang/go/issues/54580

 -- Shengjing Zhu <email address hidden>  Thu, 19 Jan 2023 16:45:22 +0800

golang-1.20 (1.20~rc3-1) unstable; urgency=medium

  [ William 'jawn-smith' Wilson ]
  * New upstream version 1.20 rc3

  [ Shengjing Zhu ]
  * Drop 0005-syscall-skip-TestUseCgroupFD-if-cgroupfs-not-mounted.patch,
    merged in new version.

 -- Shengjing Zhu <email address hidden>  Fri, 13 Jan 2023 09:51:55 +0800

golang-1.20 (1.20~rc2-2) unstable; urgency=medium

  * Team upload
  * Add NO_PNG_PKG_MANGLE to prevent mangling testdata.
    This is Ubuntu specific behaviour so they can sync the package without
    vendor patch.
  * Revert "internal/fsys: follow root symlink in fsys.Walk"
    Fix https://github.com/golang/go/issues/57754

 -- Shengjing Zhu <email address hidden>  Thu, 12 Jan 2023 22:27:08 +0800

golang-1.20 (1.20~rc2-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.20~rc2
  * Bump bootstrap Go to 1.17.
    See https://github.com/golang/go/issues/44505
  * Drop i386 bootstrap workaround with Go < 1.16
  * Add patch to skip TestUseCgroupFD for schroot
  * Update Standards-Version to 4.6.2 (no changes)
  * $GOROOT/pkg no longer stores pre-compiled package archives for the standard library
  * Make all scripts in src directory executable. To silence lintian.
  * Refresh lintian overrides

 -- Shengjing Zhu <email address hidden>  Thu, 05 Jan 2023 16:01:28 +0800