File: changelog

package info (click to toggle)
golang-go.crypto 1%3A0.25.0-1
links: PTS, VCS
area: main
in suites: experimental, forky, sid, trixie, trixie-backports, trixie-proposed-updates
size: 6,768 kB
sloc: asm: 6,518; ansic: 258; sh: 25; makefile: 6
file content (466 lines) | stat: -rw-r--r-- 17,137 bytes
golang-go.crypto (1:0.25.0-1) unstable; urgency=medium

  * New upstream version 0.25.0
  * Bump versioned dependencies as per go.mod

 -- Anthony Fok <foka@debian.org>  Sun, 01 Sep 2024 08:39:31 -0600

golang-go.crypto (1:0.24.0-2) unstable; urgency=medium

  * Bump to golang-golang-x-text-dev (>= 0.16.0) as per go.mod
  * Apply patch "ssh: don't use dsa keys in integration tests"
    by Nicola Murino in commit bb80217080b0e04c6e73e5dcd9f3a9bb11fe23f6
    dated 2024-07-21: "DSA has been disabled by default since OpenSSH 9.8,
    so tests fail with newer versions of OpenSSH".  Fixes FTBFS:
    "client_test.go:149: insert(*dsa.PrivateKey): agent: failure".
    Thanks to Santiago Vila for bringing this to my attention!
    (Closes: #1078281)

 -- Anthony Fok <foka@debian.org>  Sat, 10 Aug 2024 02:57:23 -0600

golang-go.crypto (1:0.24.0-1) unstable; urgency=medium

  * New upstream version 0.24.0
  * Bump versioned dependencies as per go.mod, except for
    golang-golang-x-text-dev (>= 0.16.0) which still needs to be packaged

 -- Anthony Fok <foka@debian.org>  Wed, 31 Jul 2024 11:19:14 -0600

golang-go.crypto (1:0.23.0-1) unstable; urgency=medium

  * New upstream version 0.23.0
  * Bump versioned dependencies as per go.mod
  * Update local copy of golang.org/x/net/idna from v0.10.0 to v0.21.0

 -- Anthony Fok <foka@debian.org>  Mon, 20 May 2024 18:46:25 -0600

golang-go.crypto (1:0.22.0-1) unstable; urgency=medium

  * New upstream version 0.22.0
  * Bump versioned dependencies as per go.mod
  * Bump Standards-Version to 4.7.0 (no change)

 -- Anthony Fok <foka@debian.org>  Fri, 26 Apr 2024 03:11:29 -0600

golang-go.crypto (1:0.21.0-1) unstable; urgency=medium

  * New upstream version 0.21.0
  * Bump versioned dependencies as per go.mod

 -- Anthony Fok <foka@debian.org>  Sun, 24 Mar 2024 17:54:46 -0600

golang-go.crypto (1:0.19.0-1) unstable; urgency=medium

  * New upstream version 0.19.0
  * Bump versioned dependencies as per go.mod

 -- Anthony Fok <foka@debian.org>  Fri, 23 Feb 2024 19:29:57 -0700

golang-go.crypto (1:0.18.0-1) unstable; urgency=medium

  * New upstream version 0.18.0
  * Bump versioned dependencies as per go.mod

 -- Anthony Fok <foka@debian.org>  Mon, 29 Jan 2024 14:46:20 -0700

golang-go.crypto (1:0.17.0-1) unstable; urgency=medium

  * New upstream version 0.17.0
    * CVE-2023-48795
      ssh: implement strict KEX protocol changes
      Implement the "strict KEX" protocol changes, as described in section
      1.9 of the OpenSSH PROTOCOL file (as of OpenSSH version 9.6/9.6p1).
      (Closes: #1059003)

 -- Anthony Fok <foka@debian.org>  Sun, 07 Jan 2024 08:25:22 -0700

golang-go.crypto (1:0.16.0-1) unstable; urgency=medium

  * New upstream version 0.16.0
  * Bump versioned dependencies as per go.mod

 -- Anthony Fok <foka@debian.org>  Thu, 07 Dec 2023 01:53:53 -0700

golang-go.crypto (1:0.14.0-1) unstable; urgency=medium

  * New upstream version 0.14.0
  * Bump versioned dependencies as per go.mod

 -- Anthony Fok <foka@debian.org>  Wed, 01 Nov 2023 02:00:40 -0600

golang-go.crypto (1:0.13.0-1) unstable; urgency=medium

  * New upstream version 0.13.0
  * Bump versioned dependencies as per go.mod

 -- Anthony Fok <foka@debian.org>  Thu, 12 Oct 2023 01:27:41 -0600

golang-go.crypto (1:0.12.0-1) unstable; urgency=medium

  * New upstream version 0.12.0
  * Bump versioned dependencies as per go.mod
  * Refresh Debian patches

 -- Anthony Fok <foka@debian.org>  Mon, 09 Oct 2023 18:04:57 -0600

golang-go.crypto (1:0.10.0-1) unstable; urgency=medium

  * New upstream version 0.10.0
  * Add debian/update-vendored-golang-x-net-idna.sh script
    to facilitate the download of golang.org/x/net/idna for vendoring
    to avoid circular dependency with golang-golang-x-net-dev;
    see debian/README.source for details.
  * debian/rules: Add execute_after_dh_auto_configure target
    to copy golang.org/x/net into vendor directory during build time
  * Commit our local copy of golang.org/x/net/idna v0.10.0
    downloaded with debian/update-vendored-golang-x-net-idna.sh
  * Bump versioned dependencies as per go.mod,
    removing dependency on golang-golang-x-net-dev, but
    adding dependency on golang-golang-x-text-dev
    which is needed by our vendored copy of golang.org/x/net/idna.

 -- Anthony Fok <foka@debian.org>  Thu, 21 Sep 2023 04:55:01 -0600

golang-go.crypto (1:0.4.0-1) unstable; urgency=medium

  * Team upload
  * New upstream version 0.4.0
  * Update Standards-Version to 4.6.2 (no changes)

 -- Shengjing Zhu <zhsj@debian.org>  Mon, 02 Jan 2023 23:01:47 +0800

golang-go.crypto (1:0.1.0-1) unstable; urgency=medium

  * Team upload

  [ Anthony Fok ]
  * Build-depend explicitly on golang-any (>= 2:1.17~) as per go.mod
    to facilitate backports.
  * Remove unneeded dependency on ${shlibs:Depends}

  [ Shengjing Zhu ]
  * Switch to upstream tag version in uscan
  * New upstream version 0.1.0

 -- Shengjing Zhu <zhsj@debian.org>  Wed, 26 Oct 2022 16:03:49 +0800

golang-go.crypto (1:0.0~git20220829.c86fa9a-1) unstable; urgency=medium

  * New upstream version 0.0~git20220829.c86fa9a
  * Bump dependency: golang-golang-x-net-dev (>= 1:0.0+git20211112.69e39ba)
  * Reorder fields in debian/control and debian/copyright
  * Use dh-sequence-golang instead of dh-golang and --with=golang
  * debian/rules: Invoke dh with --builddirectory=_build
  * Bump Standards-Version to 4.6.1 (no change)
  * debian/golang-golang-x-crypto-dev.docs: Remove AUTHORS and CONTRIBUTORS
    which were deleted upstream; see https://github.com/golang/go/issues/53961

 -- Anthony Fok <foka@debian.org>  Mon, 05 Sep 2022 06:00:18 -0600

golang-go.crypto (1:0.0~git20220315.3147a52-1) unstable; urgency=medium

  * Team upload.

  [ Debian Janitor ]
  * Remove constraints unnecessary since buster
    * Build-Depends: Drop versioned constraint on golang-any.

  [ Shengjing Zhu ]
  * New upstream version 0.0~git20211202.5770296
    * CVE-2022-27191
      Potential crash in a golang.org/x/crypto/ssh server when using custom
      Signer.

 -- Shengjing Zhu <zhsj@debian.org>  Thu, 17 Mar 2022 01:21:05 +0800

golang-go.crypto (1:0.0~git20211202.5770296-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 0.0~git20211202.5770296
    + CVE-2021-43565
      x/crypto/ssh: empty plaintext packet causes panic
  * Add Multi-Arch hint
  * Fix upstream-metadata-field-unknown Homepage

 -- Shengjing Zhu <zhsj@debian.org>  Sat, 04 Dec 2021 02:01:12 +0800

golang-go.crypto (1:0.0~git20210817.32db794-1) unstable; urgency=medium

  * New upstream version 0.0~git20210817.32db794
  * Update versioned dependencies according to go.mod
  * Change Section from devel to golang
  * Bump Standards-Version to 4.6.0 (no change)

 -- Anthony Fok <foka@debian.org>  Fri, 20 Aug 2021 21:56:25 -0600

golang-go.crypto (1:0.0~git20201221.eec23a3-1) unstable; urgency=medium

  * New upstream version 0.0~git20201221.eec23a3
  * Update versioned dependencies according to go.mod
    including new dependency on golang-golang-x-term-dev
  * Bump debhelper dependency to "Build-Depends: debhelper-compat (= 13)"
  * Bump Standards-Version to 4.5.1 (no change)

 -- Anthony Fok <foka@debian.org>  Wed, 30 Dec 2020 22:07:06 -0700

golang-go.crypto (1:0.0~git20201016.9e8e0b3-1) unstable; urgency=medium

  * Upload to unstable.

 -- Roger Shimizu <rosh@debian.org>  Fri, 13 Nov 2020 03:39:51 +0900

golang-go.crypto (1:0.0~git20201016.9e8e0b3-1~exp1) experimental; urgency=medium

  * Team upload.
  * New upstream version 0.0~git20201016.9e8e0b3

 -- Roger Shimizu <rosh@debian.org>  Thu, 12 Nov 2020 03:05:14 +0900

golang-go.crypto (1:0.0~git20200604.70a84ac-2) unstable; urgency=medium

  * Team upload.
  * d/patches: Add patch to skip test fails on reproducible builds.
  * d/upstream/metadata: Update URL for issues.

 -- Roger Shimizu <rosh@debian.org>  Wed, 08 Jul 2020 01:10:18 +0900

golang-go.crypto (1:0.0~git20200604.70a84ac-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 0.0~git20200604.70a84ac

 -- Roger Shimizu <rosh@debian.org>  Tue, 09 Jun 2020 01:33:42 +0900

golang-go.crypto (1:0.0~git20200429.4b2356b-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 0.0~git20200429.4b2356b
  * debian/control: Set Rules-Requires-Root to no
  * Add debian/upstream/metadata

 -- Roger Shimizu <rosh@debian.org>  Tue, 05 May 2020 15:13:45 +0900

golang-go.crypto (1:0.0~git20200221.2aa609c-1) unstable; urgency=high

  * New upstream version 0.0~git20200221.2aa609c
    - ssh: return an error for malformed ed25519 public keys
      rather than panic (v0.0.0-20200220183623-bac4c82f6975).
      Fixes CVE-2020-9283 (Closes: #952462)
  * Previously uploaded upstream version 0.0~git20190701.4def268 contains:
    - salsa20/salsa: fix keystream loop in amd64 assembly when overflowing
      32-bit counter (commit b7391e9, 2019-03-20).  Fixes CVE-2019-11840
    - openpgp/clearsign: reject potentially misleading headers and messages
      (commit c05e17b, 2019-04-24).  Fixes CVE-2019-11841
  * debian/gbp.conf: Set debian-branch to debian/sid for DEP-14 conformance
  * Bump Standards-Version to 4.5.0 (no change)
  * debian/copyright: Add Upstream-Contact
  * Remove d/patches/0001-ssh-test-delete-TestInvalidTerminalMode.patch
    which has been applied upstream as commit 9756ffd
  * Build-Depends on dh-golang (>= 1.48~) to prevent
    "no non-test Go files" error in internal/wycheproof during build
  * Add d/patches/0001-skip-wycheproof_test.patch to skip test
    that access the Internet with "go mod download -json"
  * Override dh_auto_install with --no-binaries
    to prevent /usr/bin/acmeprobe from being built

 -- Anthony Fok <foka@debian.org>  Wed, 26 Feb 2020 13:36:38 -0700

golang-go.crypto (1:0.0~git20190701.4def268-2) unstable; urgency=medium

  * Team upload.
  * d/patches/0001-ssh-test-delete-TestInvalidTerminalMode.patch:
    remove test that fails with new openssh.
  * Add openssh-server to Build-Depends to run more tests at build time.
  * Add myself to Uploaders

 -- Michael Hudson-Doyle <mwhudson@debian.org>  Thu, 29 Aug 2019 11:16:07 +1200

golang-go.crypto (1:0.0~git20190701.4def268-1) unstable; urgency=medium

  * New upstream version 0.0~git20190701.4def268
  * Remove Lintian override debian-watch-file-is-missing
    because we now have a debian/watch file.
  * Apply "cme fix dpkg" fixes
    - Specify compatibility level with "Build-Depends: debhelper-compat (= 12)"
    - Bump Standards-Version to 4.4.0 (no change)
  * Update versioned dependencies according to go.mod

 -- Anthony Fok <foka@debian.org>  Sun, 28 Jul 2019 01:50:27 -0600

golang-go.crypto (1:0.0~git20181203.505ab14-1) unstable; urgency=medium

  * New upstream version 0.0~git20181203.505ab14
  * Add debian/watch (direct access to the git repository)
  * Update Maintainer email address to team+pkg-go@tracker.debian.org
  * Bump Standards-Version to 4.3.0 (no change)

 -- Anthony Fok <foka@debian.org>  Tue, 01 Jan 2019 00:21:15 -0700

golang-go.crypto (1:0.0~git20180614.a8fb68e-1) unstable; urgency=medium

  * Team upload.
  * New upstream version.

 -- Alexandre Viau <aviau@debian.org>  Sat, 16 Jun 2018 19:28:53 -0400

golang-go.crypto (1:0.0~git20180613.37a17fe-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 0.0~git20180613.37a17fe. (Closes: #901503)

 -- Dr. Tobias Quathamer <toddy@debian.org>  Thu, 14 Jun 2018 14:33:54 +0200

golang-go.crypto (1:0.0~git20180513.94e3fad-2) unstable; urgency=medium

  * Build-Depend on golang-golang-x-sys-dev (>= 0.0~git20180510.7dfd129)
    because x/crypto now needs x/sys/cpu introduced on 2018-04-13.

 -- Anthony Fok <foka@debian.org>  Thu, 17 May 2018 09:20:32 -0600

golang-go.crypto (1:0.0~git20180513.94e3fad-1) unstable; urgency=medium

  [ Alexandre Viau ]
  * Point Vcs-* urls to salsa.debian.org.

  [ Anthony Fok ]
  * New upstream version 0.0~git20180513.94e3fad
  * Apply "cme fix dpkg" fixes to debian/control,
    bumping Standard-Version to 4.1.4, etc.
  * Build-Depend on golang-any (>= 2:1.9~)
    because x/crypto now needs math/bits introduced in go1.9.

 -- Anthony Fok <foka@debian.org>  Mon, 14 May 2018 01:11:28 -0600

golang-go.crypto (1:0.0~git20180322.88942b9-1) unstable; urgency=medium

  [ Michael Lustfield ]
  * Team upload.
  * Remove Michael Lustfield (self) from Uploaders list.

  [ Dr. Tobias Quathamer ]
  * New upstream version 0.0~git20180322.88942b9. (Closes: #894459)
    - Add new dependency golang-golang-x-sys-dev
    - Update docs installation after upstream renaming
  * Use debhelper v11
  * Update to Standards-Version 4.1.3
    - Use Priority: optional
  * Remove obsolete DH_GOPKG
  * Remove obsolete DH_GOLANG_INSTALL_ALL
  * Remove obsolete override_dh_auto_configure
  * Use wrap-and-sort
  * Remove transitional package golang-go.crypto-dev
  * Remove version constraints for dh-golang and golang-any.
    Those versions are available in stable and oldstable-bpo.
  * Remove unneeded file d/golang-golang-x-crypto-dev.install
  * Remove unneeded file d/golang-golang-x-crypto-dev.lintian-overrides
  * Update d/copyright

 -- Dr. Tobias Quathamer <toddy@debian.org>  Fri, 30 Mar 2018 22:37:34 +0200

golang-go.crypto (1:0.0~git20170629.0.5ef0053-2) unstable; urgency=medium

  * Team upload.
  * Removed inactive user(s) from Uploaders list. (Closes: #836487)

 -- Michael Lustfield <michael@lustfield.net>  Mon, 24 Jul 2017 23:57:17 -0500

golang-go.crypto (1:0.0~git20170629.0.5ef0053-1) unstable; urgency=medium

  * New upstream snapshot.
  * Delete previously cherry-picked security patch:
    The security fix 0001-ssh-require-host-key-checking_CVE-2017-3204.patch
    is already in the new upstream snapshot.
  * Bump Standards-Version to 4.0.0:
    Use https form of the copyright-format URL in debian/copyright.

 -- Anthony Fok <foka@debian.org>  Fri, 30 Jun 2017 09:10:48 -0600

golang-go.crypto (1:0.0~git20170425.0.c7af5bf-1) experimental; urgency=medium

  * New upstream revision.

 -- Michael Lustfield <michael@lustfield.net>  Wed, 03 May 2017 23:53:10 -0500

golang-go.crypto (1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1) unstable; urgency=medium

  * Reverts previous upload to permit freeze exception.
  * patches/0001-ssh-require-host-key-checking_CVE-2017-3204.patch:
    + CVE-2017-3204: Default behavior changed to require explicitly
      registering a hostkey verification mechanism. (Closes: #859655)

 -- Michael Lustfield <michael@lustfield.net>  Wed, 26 Apr 2017 02:42:23 -0500

golang-go.crypto (1:0.0~git20170407.0.55a552f-1) unstable; urgency=medium

  * Team upload.
  * New upstream version.

 -- Michael Lustfield <michael@lustfield.net>  Sat, 08 Apr 2017 04:13:53 -0500

golang-go.crypto (1:0.0~git20161012.0.5f31782-1) unstable; urgency=medium

  * New upstream version.
  * debian/rules: Ignore .gitignore rather than the obsolete .hgignore file.

 -- Anthony Fok <foka@debian.org>  Sat, 15 Oct 2016 05:22:05 -0600

golang-go.crypto (1:0.0~git20160824.0.351dc6a-1) unstable; urgency=medium

  * New upstream version.
  * Add myself to Uploaders.

 -- Anthony Fok <foka@debian.org>  Sun, 28 Aug 2016 06:02:43 -0600

golang-go.crypto (1:0.0~git20160607.0.77f4136-1) unstable; urgency=medium

  [ Martín Ferrari ]
  * Team upload.
  * Require dh-golang 1.10, for XS-Go-Import-Path.
  * Require golang-go 1.4.2.

  [ Anthony Fok ]
  * New upstream snapshot.
  * Add golang-golang-x-net-dev to Build-Depends and Depends
    for the recently added acme/internal/acme/acme.go
  * Change Build-Depends on golang-go to golang-any.
  * Update Vcs-Git to use https URL.
  * Bump Standards-Version to 3.9.8 (no change).

 -- Anthony Fok <foka@debian.org>  Wed, 08 Jun 2016 04:07:39 -0600

golang-go.crypto (1:0.0~git20151201.0.7b85b09-2) unstable; urgency=medium

  [ Tianon Gravi ]
  * Team upload.

  [ Riku Voipio ]
  * Fix the new package name to not overwrite go.net's binary package.

 -- Tianon Gravi <tianon@debian.org>  Thu, 03 Dec 2015 15:00:04 -0800

golang-go.crypto (1:0.0~git20151201.0.7b85b09-1) unstable; urgency=medium

  * Team upload.
  * New upstream snapshot; 7b85b09 from 2015-12-01 (Closes: #786869).
  * Rename binary package to "golang-golang-x-net-dev" to reflect pkg-go policy
    and add "golang-go.crypto-dev" as a transitional package with appropriate
    relations.
  * Update Homepage and Vcs-Browser to use https versions.

 -- Tianon Gravi <tianon@debian.org>  Tue, 01 Dec 2015 00:34:50 -0800

golang-go.crypto (1:0.0~git20150608-1) unstable; urgency=medium

  * New upstream release, package was renamed to golang.org/x/crypto
  * Use an epoch in the version number since upstream switched from hg to git,
    and 0.0~git20150608 is interpreted as older than hg190 by Debian tools.
  * Fix Maintainer/Uploaders to reflect that the package is team-maintained
  * Bump Standards-Version (no changes necessary)

 -- Michael Stapelberg <stapelberg@debian.org>  Mon, 22 Jun 2015 09:28:14 +0200

golang-go.crypto (0.0~hg190-1) unstable; urgency=low

  * Initial release. Closes: #740791

 -- Tonnerre Lombard <tonnerre@ancient-solutions.com>  Wed, 05 Mar 2014 01:01:44 +0100