Debian Patches

Status for golang-golang-x-net/1:0.27.0-2

Patch Description Author Forwarded Bugs Origin Last update
publicsuffix.patch avoid download on build time; use data from "publicsuffix" package. Dmitry Smirnov <onlyjob@debian.org> not-needed 2019-12-30
skip-publicsuffix-tests.patch skip publicsuffix tests

These tests are hardcoded by upstream to check against parts of the test data,
but break when the test data is regenerated from the latest publicsuffix data,
which is constantly changing.

This patch skips TestPublicSuffix, TestSlowPublicSuffix, TestNumICANNRules,
ExamplePublicSuffix_manager, and TestICANN, which are all affected by this
problem and resulted in test failures.		 Maytham Alsudany <maytha8thedev@gmail.com> not-needed debian 2025-05-03
0003-html-properly-handle-trailing-solidus-in-unquoted-at.patch html: properly handle trailing solidus in unquoted attribute value in foreign content

The parser properly treats tags like <p a=/> as <p a="/">, but the
tokenizer emits the SelfClosingTagToken token incorrectly. When the
parser is used to parse foreign content, this results in an incorrect
DOM.

Thanks to Sean Ng (https://ensy.zip) for reporting this issue.

Fixes golang/go#73070
Fixes CVE-2025-22872		 Roland Shoemaker <roland@golang.org> no 2025-02-24
0004-html-use-strings.EqualFold-instead-of-lowering-ourse.patch html: use strings.EqualFold instead of lowering ourselves
Instead of using strings.ToLower and == to check case insensitive
equality, just use strings.EqualFold, even when the strings are only
ASCII. This prevents us unnecessarily lowering extremely long strings,
which can be a somewhat expensive operation, even if we're only
attempting to compare equality with five characters.

Thanks to Guido Vranken for reporting this issue.

Fixes golang/go#70906
Fixes CVE-2024-45338		 Roland Shoemaker <roland@golang.org> no 2024-12-04

All known versions for source package 'golang-golang-x-net'

Links