Debian Patches

Status for golang-1.15/1.15.9-6

Patch Description Author Forwarded Bugs Origin Last update
0001-Disable-test-for-UserHomeDir.patch Disable test for UserHomeDir.
On Debian buildds, the user home dir does not exist, so this test fails.
"Dr. Tobias Quathamer" <> no 2018-12-19
0002-Fix-Lintian-warnings-about-wrong-interpreter-path.patch Fix Lintian warnings about wrong interpreter path
The command used for this change is as follows:

grep -rH "/usr/bin/env perl" * | cut -d: -f1 | xargs -n1 sed -i -e "s,/usr/bin/env perl,/usr/bin/perl,"
"Dr. Tobias Quathamer" <> no 2019-08-01
0003-cmd-go-cmd-cgo-pass-mfp32-and-mhard-soft-float-to-MI.patch cmd/go, cmd/cgo: pass -mfp32 and -mhard/soft-float to MIPS GCC
For mips32 currently, we are using FP32, while the gcc may be FPXX,
which may generate .MIPS.abiflags and .gnu.attributes section with
value as FPXX. So the kernel will treat the exe as FPXX, and may
choose to use FR=1 FPU mode for it.
Currently, in Go, we use 2 lwc1 to load both half of a double value
to a pair of even-odd FPR. This behavior can only work with FR=0 mode.

In FR=1 mode, all of 32 FPR are 64bit. If we lwc1 the high-half of a double
value to an odd FPR, and try to use the previous even FPR to compute, the
real high-half of even FPR will be unpredicatable.
We set -mfp32 to force the gcc generate FP32 code and section value.

More details about FP32/FPXX/FP64 are explained in:

When GOMIPS/GOMIPS64 is set as softfloat, we should also pass
-msoft-float to gcc.

Here we also add -mno-odd-spreg option, since Loongson's CPU cannot use
odd-number FR in FR=0 mode.

Fixes #39435
YunQiang Su <> no 2020-06-09
0004-cmd-dist-fix-build-failure-of-misc-cgo-test-on-arm64.patch cmd/dist: fix build failure of misc/cgo/test on arm64
Test7978 of misc/cgo/test fails in 'dist test' on arm64 if the C compiler
is of GCC-9.4 or above and its 'outline atomics' feature is enabled, since
the internal linking hasn't yet supported "__attribute__((constructor))"
and also mis-handles hidden visibility.

Two changes are made for 'misc/cgo/test' to fix the issue:
1. passing "-tags=internal" for the internal linking PIE case.
2. skipping Test7978 on arm64 for the internal linking cases.

This CL fixes 'dist test' failure only, user is expected to pass the option
'-mno-outline-atomics' via CGO_CFLAGS if running into the same problem when
building cgo program using internal linking.

Updates #39466
Xiangdong Ji <> no 2020-08-05
0005-cmd-dist-increase-default-timeout-scale-for-arm.patch [PATCH] cmd/dist: increase default timeout scale for arm

Most developers use (faster) amd64 machines setting the test timeouts,
but test may run on slower arm ones and also different tests may suffer
different relative slowdown on the arm CPUs.

Due to those two varying factors it is safer to allow a higher timeout
scale on arm to avoid tests timing out.
Balint Reczey <> yes 2020-08-31
0006-skip-userns-test-in-schroot-as-well.patch skip userns test in schroot as well
When schroot is using overlayfs, it fails to detect it as chroot.
Shengjing Zhu <> no 2021-02-05
0007-CVE-2021-31525.patch [PATCH] [release-branch.go1.15] std: update to 20210428183841-261fb518b1ed

go get -d
go mod tidy
go mod vendor

This http2 bundle does not need to be updated.

Fixes #45711
Katie Hockman <> no 2021-04-28
0008-CVE-2021-33196.patch archive/zip: only preallocate File slice if reasonably sized
Since the number of files in the EOCD record isn't validated, it isn't
safe to preallocate Reader.Files using that field. A malformed archive
can indicate it contains up to 1 << 128 - 1 files. We can still safely
preallocate the slice by checking if the specified number of files in
the archive is reasonable, given the size of the archive.

Thanks to the OSS-Fuzz project for discovering this issue and to
Emmanuel Odeke for reporting it.

Updates #46242
Fixes #46396
Fixes CVE-2021-33196

(cherry picked from commit 74242baa4136c7a9132a8ccd9881354442788c8c)
Roland Shoemaker <> no backport, 2021-05-11
0009-CVE-2021-33195-1.patch [PATCH] [release-branch.go1.15] net: verify results from Lookup* are valid domain names

For the methods LookupCNAME, LookupSRV, LookupMX, LookupNS, and
LookupAddr check that the returned domain names are in fact valid DNS
names using the existing isDomainName function.

Thanks to Philipp Jeitner and Haya Shulman from Fraunhofer SIT for
reporting this issue.

Updates #46241
Fixes #46356
Fixes CVE-2021-33195

(cherry picked from commit cdcd02842da7c004efd023881e3719105209c908)
Roland Shoemaker <> no 2021-05-27
0010-CVE-2021-33195-2.patch [PATCH] [release-branch.go1.15] net: don't rely on system hosts in TestCVE202133195

Also don't unnecessarily deref the error return.

Updates #46504
Fixes #46531

(cherry picked from commit dd7ba3ba2c860c40be6d70b63d4a678449cae80f)
Roland Shoemaker <> no 2021-06-02
0011-CVE-2021-33197.patch [PATCH] [release-branch.go1.15] net/http/httputil: always remove hop-by-hop headers

Previously, we'd fail to remove the Connection header from a request
like this:

Connection: x-header

Updates #46313
Fixes #46314
Fixes CVE-2021-33197
Filippo Valsorda <> no 2021-05-21
0012-CVE-2021-33198.patch [PATCH] [release-branch.go1.15] math/big: check for excessive exponents in Rat.SetString

Found by OSS-Fuzz

Thanks to Emmanuel Odeke for reporting this issue.

Updates #45910
Fixes #46305
Fixes CVE-2021-33198

(cherry picked from commit 6c591f79b0b5327549bd4e94970f7a279efb4ab0)
Robert Griesemer <> no 2021-05-02
0013-CVE-2021-34558.patch [PATCH] [release-branch.go1.15] crypto/tls: test key type when casting

When casting the certificate public key in generateClientKeyExchange,
check the type is appropriate. This prevents a panic when a server
agrees to a RSA based key exchange, but then sends an ECDSA (or
other) certificate.

Updates #47143
Fixes #47144
Fixes CVE-2021-34558

Thanks to Imre Rad for reporting this issue.
Roland Shoemaker <> no 2021-06-09

All known versions for source package 'golang-1.15'