[dgit import tarball golang-1.7 1.7.4-2+deb9u3 golang-1.7_1.7.4-2+deb9u3.debian.tar.xz]
--- /dev/null
+golang-1.7 (1.7.4-2+deb9u3) stretch-security; urgency=high
+
+ * Non-maintainer upload by the LTS Security Team.
+ * CVE-2017-15041: Go allows "go get" remote command execution. Using
+ custom domains, it is possible to arrange things so that
+ example.com/pkg1 points to a Subversion repository but
+ example.com/pkg1/pkg2 points to a Git repository. If the Subversion
+ repository includes a Git checkout in its pkg2 directory and some
+ other work is done to ensure the proper ordering of operations, "go
+ get" can be tricked into reusing this Git checkout for the fetch of
+ code from pkg2. If the Subversion repository's Git checkout has
+ malicious commands in .git/hooks/, they will execute on the system
+ running "go get."
+ * CVE-2018-16873: the "go get" command is vulnerable to remote code
+ execution when executed with the -u flag and the import path of a
+ malicious Go package, as it may treat the parent directory as a Git
+ repository root, containing malicious configuration.
+ * CVE-2018-16874: the "go get" command is vulnerable to directory
+ traversal when executed with the import path of a malicious Go package
+ which contains curly braces (both '{' and '}' characters). The
+ attacker can cause an arbitrary filesystem write, which can lead to
+ code execution.
+ * CVE-2019-9741: in net/http, CRLF injection is possible if the attacker
+ controls a url parameter, as demonstrated by the second argument to
+ http.NewRequest with \r\n followed by an HTTP header or a Redis
+ command.
+ * CVE-2019-16276: Go allows HTTP Request Smuggling.
+ * CVE-2019-17596: Go can panic upon an attempt to process network
+ traffic containing an invalid DSA public key. There are several attack
+ scenarios, such as traffic from a client to a server that verifies
+ client certificates.
+ * CVE-2021-3114: crypto/elliptic/p224.go can generate incorrect outputs,
+ related to an underflow of the lowest limb during the final complete
+ reduction in the P-224 field.
+
+ -- Sylvain Beucler <beuc@debian.org> Sat, 13 Mar 2021 15:48:57 +0100
+
+golang-1.7 (1.7.4-2+deb9u2) stretch-security; urgency=high
+
+ * Non-maintainer upload by the LTS Team.
+ * CVE-2020-15586
+ Using the 100-continue in HTTP headers received by a net/http/Server
+ can lead to a data race involving the connection's buffered writer.
+ * CVE-2020-16845
+ Certain invalid inputs to ReadUvarint or ReadVarint could cause those
+ functions to read an unlimited number of bytes from the ByteReader
+ argument before returning an error.
+
+ -- Thorsten Alteholz <debian@alteholz.de> Fri, 20 Nov 2020 17:03:02 +0100
+
+golang-1.7 (1.7.4-2+deb9u1) stretch-security; urgency=high
+
+ * Team upload.
+ * Add patch to fix CVE-2019-6486
+ * Add patch to fix CVE-2018-7187
+
+ -- Dr. Tobias Quathamer <toddy@debian.org> Mon, 28 Jan 2019 22:24:55 +0100
+
+golang-1.7 (1.7.4-2) unstable; urgency=medium
+
+ * Backport CL 37964 for tzdata 2017a changes (Closes: #859583)
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Wed, 05 Apr 2017 11:53:49 +1200
+
+golang-1.7 (1.7.4-1) unstable; urgency=medium
+
+ * Update to 1.7.4 upstream release (Closes: #846545)
+ - https://groups.google.com/d/topic/golang-announce/2lP5z9i9ySY/discussion
+ - https://golang.org/issue/17965 (potential DoS vector in net/http)
+ - https://github.com/golang/go/compare/go1.7.3...go1.7.4
+
+ -- Tianon Gravi <tianon@debian.org> Fri, 02 Dec 2016 13:30:36 -0800
+
+golang-1.7 (1.7.3-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Delete d/patches/cl-28850.patch, applied upstream.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 20 Oct 2016 09:10:47 +1300
+
+golang-1.7 (1.7.1-3) unstable; urgency=medium
+
+ * Backport CL 29995 for tzdata 2016g changes (Closes: #839317)
+
+ -- Tianon Gravi <tianon@debian.org> Mon, 03 Oct 2016 15:12:28 -0700
+
+golang-1.7 (1.7.1-2) unstable; urgency=medium
+
+ * Add upstream patch for s390x FTBFS
+
+ -- Tianon Gravi <tianon@debian.org> Mon, 12 Sep 2016 09:32:10 -0700
+
+golang-1.7 (1.7.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Re-enable tests on s390x now that gcc-6 has been fixed in unstable.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 08 Sep 2016 13:04:33 +1200
+
+golang-1.7 (1.7-3) unstable; urgency=medium
+
+ * Add "s390x" to Architectures
+
+ -- Tianon Gravi <tianon@debian.org> Tue, 23 Aug 2016 07:35:16 -0700
+
+golang-1.7 (1.7-2) unstable; urgency=medium
+
+ * Disable tests on armel.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 16 Aug 2016 15:18:07 +1200
+
+golang-1.7 (1.7-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 16 Aug 2016 11:37:34 +1200
+
+golang-1.7 (1.7~rc4-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 02 Aug 2016 15:10:22 +1200
+
+golang-1.7 (1.7~rc3-1) unstable; urgency=medium
+
+ [ Tianon Gravi ]
+ * Remove outdated README files (README.source and README.Debian)
+
+ [ Michael Hudson-Doyle ]
+ * New upstream release.
+ * Suppress inaccurate source-is-missing lintian warnings.
+ * Update Standards-Version to 3.9.8 (no changes required).
+
+ -- Tianon Gravi <tianon@debian.org> Mon, 11 Jul 2016 18:31:57 -0700
+
+golang-1.7 (1.7~rc2-1) unstable; urgency=medium
+
+ * Update to 1.7rc2 upstream release.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 19 Jul 2016 14:40:14 +1200
+
+golang-1.7 (1.7~rc1-1) unstable; urgency=medium
+
+ [ Paul Tagliamonte ]
+ * Use a secure transport for the Vcs-Git and Vcs-Browser URL
+
+ [ Tianon Gravi ]
+ * Update to 1.7rc1 upstream release (new packages, not used by default; see
+ also src:golang-defaults)
+ * Update Vcs-Git to reference a particular branch
+
+ -- Tianon Gravi <tianon@debian.org> Mon, 11 Jul 2016 16:10:12 -0700
+
+golang-1.6 (1.6.2-2) unstable; urgency=medium
+
+ * Update "golang-any" in "Build-Depends" to fallback to "golang-go | gccgo"
+ (will help with backporting)
+
+ -- Tianon Gravi <tianon@debian.org> Thu, 23 Jun 2016 20:01:00 -0700
+
+golang-1.6 (1.6.2-1) unstable; urgency=medium
+
+ * Update to 1.6.2 upstream release (Closes: #825696)
+ * Build-Depend on golang-any instead of golang-go (Closes: #824421)
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Fri, 03 Jun 2016 07:50:44 -0700
+
+golang-1.6 (1.6.1-1) unstable; urgency=medium
+
+ * Build golang version-specific packages (Closes: #818415)
+ * Things that (conceptually at least) move to new golang version independent
+ golang-defaults source package:
+ - Man pages.
+ - Suggesting golang-golang-x-tools.
+ - Breaks/Replace-ing of old golang-go-$GOOS-$GOARCH packages.
+ * Stop using alternatives to manage /usr/bin/go.
+ * sed trickery in debian/rules to support easy changes to new golang versions.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Wed, 01 Jun 2016 10:04:53 -0700
+
+golang (2:1.6.1-2) unstable; urgency=medium
+
+ * Don't strip testdata files, causes build failures on some platforms.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Wed, 13 Apr 2016 15:47:46 -0700
+
+golang (2:1.6.1-1) unstable; urgency=medium
+
+ [ Michael Hudson-Doyle ]
+ * Breaks/Replaces: older golang-golang-x-tools, not Conflicts, to ensure
+ smooth upgrades.
+ * Strip the binaries as it has worked for the last five years or so and
+ upstream sees no reason to disable it.
+
+ [ Tianon Gravi ]
+ * Update to 1.6.1 upstream release (Closes: #820369)
+ - Fix CVE-2016-3959: infinite loop in several big integer routines
+
+ -- Tianon Gravi <tianon@debian.org> Tue, 12 Apr 2016 23:06:43 -0700
+
+golang (2:1.6-1) unstable; urgency=medium
+
+ * Update to 1.6 upstream release (thanks Hilko!)
+ - change "ar" arguments to quiet spurious warnings while using gccgo
+ (Closes: #807138)
+ - skip multicast listen test (Closes: #814849)
+ - skip userns tests when chrooted (Closes: #807303)
+ - use correct ELF header for armhf binaries (Closes: #734357)
+ - Update debian/rules clean for new location of generated file.
+
+ [ Michael Hudson-Doyle ]
+ * Respect "nocheck" in DEB_BUILD_OPTIONS while building to skip tests
+ (Closes: #807290)
+ * Trim Build-Depends (Closes: #807299)
+ * Fix several minor debian/copyright issues (Closes: #807304)
+ * Remove inconsistently included race-built packages (Closes: #807294)
+
+ [ Tianon Gravi ]
+ * Add "-k" to "run.bash" invocation so that we do a full test run every time
+
+ -- Tianon Gravi <tianon@debian.org> Mon, 29 Feb 2016 16:10:32 -0800
+
+golang (2:1.5.3-1) unstable; urgency=high
+
+ * Update to 1.5.3 upstream release
+ - Fix CVE-2015-8618: Carry propagation in Int.Exp Montgomery code in
+ math/big library (Closes: #809168)
+ * Add "Breaks" to properly complement our "Replaces" (Closes: #810595)
+
+ -- Tianon Gravi <tianon@debian.org> Thu, 14 Jan 2016 07:41:44 -0800
+
+golang (2:1.5.2-1) unstable; urgency=medium
+
+ * Update to 1.5.2 upstream release (Closes: #807136)
+
+ -- Tianon Gravi <tianon@debian.org> Tue, 05 Jan 2016 19:59:22 -0800
+
+golang (2:1.5.1-4) unstable; urgency=medium
+
+ * Add Conflicts to force newer golang-go.tools too (Closes: #803559)
+
+ -- Tianon Gravi <tianon@debian.org> Tue, 03 Nov 2015 21:57:54 -0800
+
+golang (2:1.5.1-3) unstable; urgency=medium
+
+ * Remove architecture qualification on golang-go Build-Depend now that
+ golang-go is available for more architectures.
+
+ -- Tianon Gravi <tianon@debian.org> Thu, 29 Oct 2015 07:40:38 -0700
+
+golang (2:1.5.1-2) unstable; urgency=medium
+
+ * Add Conflicts to force newer golang-golang-x-tools (Closes: #802945).
+
+ -- Tianon Gravi <tianon@debian.org> Tue, 27 Oct 2015 13:28:56 -0700
+
+golang (2:1.5.1-1) unstable; urgency=medium
+
+ * Upload to unstable.
+ * Update to 1.5.1 upstream release (see notes from experimental uploads for
+ what's changed).
+ * Skip tests on architectures where the tests fail.
+
+ -- Tianon Gravi <tianon@debian.org> Sat, 24 Oct 2015 10:22:02 -0700
+
+golang (2:1.4.3-3) unstable; urgency=medium
+
+ * Fix FTBFS for non-amd64 architectures due to handling of "-race".
+
+ -- Tianon Gravi <tianon@debian.org> Mon, 05 Oct 2015 02:04:07 -0700
+
+golang (2:1.5.1-1~exp2) experimental; urgency=medium
+
+ * Upload to experimental.
+ * Add arch-qualifiers to "golang-go" build-depends to unblock the buildds
+ (Closes: #800479); thanks Tim!
+
+ -- Tianon Gravi <tianon@debian.org> Wed, 30 Sep 2015 11:19:26 -0700
+
+golang (2:1.4.3-2) unstable; urgency=medium
+
+ * Update Recommends/Suggests, especially to add gcc, etc.
+ * Refactor "debian/rules" to utilize debhelper more effectively, especially
+ for arch vs indep building (mostly backported from the 1.5+ changes), which
+ fixes the "arch:all" FTBFS.
+
+ -- Tianon Gravi <tianon@debian.org> Sun, 27 Sep 2015 22:06:07 -0700
+
+golang (2:1.5.1-1~exp1) experimental; urgency=low
+
+ * Upload to experimental.
+ * Update to 1.5.1 upstream release (Closes: #796150).
+ - Compiler and runtime written entirely in Go.
+ - Concurrent garbage collector.
+ - GOMAXPROCS=runtime.NumCPU() by default.
+ - "internal" packages for all, not just core.
+ - Experimental "vendoring" support.
+ - Cross-compilation no longer requires a complete rebuild of the stdlib in
+ GOROOT, and thus the golang-go-GOHOST-GOARCH packages are removed.
+ * Sync debian/copyright with the Ubuntu delta. (thanks doko!)
+ * Remove patches that no longer apply.
+ * Add more supported arches to "debian/rules" code for detecting
+ appropriate GOARCH/GOHOSTARCH values; thanks mwhudson and tpot!
+ (Closes: #799907)
+ * Refactor "debian/rules" to utilize debhelper more effectively, especially
+ for arch vs indep building.
+ * Move "dpkg-architecture" to "GOOS"/"GOARCH" code into a simple shell script
+ for easier maintenance.
+
+ -- Tianon Gravi <tianon@debian.org> Fri, 25 Sep 2015 14:36:53 -0700
+
+golang (2:1.4.3-1) unstable; urgency=medium
+
+ * New upstream version (https://golang.org/doc/devel/release.html#go1.4.minor)
+ - includes previous CVE and non-CVE security fixes, especially
+ TEMP-0000000-1C4729
+
+ -- Tianon Gravi <tianon@debian.org> Fri, 25 Sep 2015 00:02:31 -0700
+
+golang (2:1.4.2-4) unstable; urgency=high
+
+ * Apply backported CVE fixes (Closes: #795106).
+ - CVE-2015-5739: Invalid headers are parsed as valid headers
+ - CVE-2015-5740: RFC 7230 3.3.3 4 violation
+ - CVE-2015-5741: other discoveries of security-relevant RFC 7230 violations
+
+ -- Tianon Gravi <tianon@debian.org> Mon, 14 Sep 2015 12:27:57 -0700
+
+golang (2:1.4.2-3) unstable; urgency=medium
+
+ * Add missing "prerm" for our new alternatives (thanks piuparts).
+
+ -- Tianon Gravi <admwiggin@gmail.com> Tue, 05 May 2015 17:38:37 -0600
+
+golang (2:1.4.2-2) unstable; urgency=medium
+
+ * Move "go" and "gofmt" into "/usr/lib/go" and use alternatives to provide
+ appropriate symlinks (Closes: #779503, #782301).
+ * Relax "golang-go.tools" relationship to Suggests (from Recommends).
+ * Add "go get" VCS options to Suggests for golang-go (bzr, git, mercurial,
+ subversion).
+
+ -- Tianon Gravi <admwiggin@gmail.com> Tue, 05 May 2015 00:37:53 -0600
+
+golang (2:1.4.2-1) unstable; urgency=medium
+
+ * New upstream version
+ (https://golang.org/doc/devel/release.html#go1.4.minor)
+
+ -- Tianon Gravi <admwiggin@gmail.com> Sat, 02 May 2015 10:06:34 -0600
+
+golang (2:1.4.1-1~exp1) experimental; urgency=low
+
+ * New upstream version (https://golang.org/doc/go1.4)
+ - all editor support files have been removed from misc/ upstream upstream,
+ so golang-mode, kate-syntax-go, and vim-syntax-go can no longer be
+ provided; see https://github.com/golang/go/wiki/IDEsAndTextEditorPlugins
+ for an upstream-maintained list of potential replacements
+
+ -- Tianon Gravi <admwiggin@gmail.com> Fri, 16 Jan 2015 00:52:10 -0500
+
+golang (2:1.3.3-1) unstable; urgency=medium
+
+ * New upstream version (https://code.google.com/p/go/source/list?name=go1.3.3)
+ - time: removed from tests now obsolete assumption about Australian tz
+ abbreviations
+ - net: temporarily skip TestAcceptIgnoreSomeErrors
+ - runtime: hide cgocallback_gofunc calling cgocallbackg from linker
+ - runtime: fix GOTRACEBACK reading on Windows, Plan 9
+ - nacltest.bash: unset GOROOT
+ - cmd/5l, cmd/6l, cmd/8l: fix nacl binary corruption bug
+ * Add Paul and myself as uploaders. Many, many thanks to Michael for his work
+ so far on this package (and hopefully more to come).
+
+ -- Tianon Gravi <admwiggin@gmail.com> Fri, 12 Dec 2014 16:11:02 -0500
+
+golang (2:1.3.2-1) unstable; urgency=medium
+
+ * New upstream version
+
+ -- Michael Stapelberg <stapelberg@debian.org> Fri, 26 Sep 2014 23:21:45 +0200
+
+golang (2:1.3.1-1) unstable; urgency=medium
+
+ * New upstream version
+
+ -- Michael Stapelberg <stapelberg@debian.org> Wed, 13 Aug 2014 09:15:58 +0200
+
+golang (2:1.3-4) unstable; urgency=medium
+
+ [ Tianon Gravi ]
+ * update debian/watch for upstream's latest move (Closes: #756415)
+ * backport archive/tar patch to fix PAX headers (Closes: #756416)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Sat, 02 Aug 2014 21:02:24 +0200
+
+golang (2:1.3-3) unstable; urgency=medium
+
+ * don’t depend on emacs23, depend on emacs instead (Closes: #754013)
+ * install include/ in golang-src, VERSION in golang-go (Closes: #693186)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Mon, 07 Jul 2014 08:30:50 +0200
+
+golang (2:1.3-2) unstable; urgency=medium
+
+ * Add /usr/lib/go/test symlink
+ * Build with GO386=387 to favor the 387 floating point unit over sse2
+ instructions (Closes: #753160)
+ * Add debian/patches/0001-backport-delete-whole-line.patch to fix a
+ deprecation warning about flet in the emacs part of golang-mode
+ (Closes: #753607)
+ * Migrate to emacsen >2 (Closes: #753607)
+ * Backport two patches to improve archive/tar performance (for docker):
+ debian/patches/0002-archive-tar-reuse-temporary-buffer-in-writeHeader.patch
+ debian/patches/0003-archive-tar-reuse-temporary-buffer-in-readHeader.patch
+
+ -- Michael Stapelberg <stapelberg@debian.org> Thu, 03 Jul 2014 23:33:46 +0200
+
+golang (2:1.3-1) unstable; urgency=medium
+
+ * New upstream version.
+ * Drop patches merged upstream:
+ - debian/patches/add-tar-xattr-support.patch
+ - debian/patches/add-tar-xattr-support.patch
+ * Fix debian/watch (Thanks Tianon) (Closes: #748290)
+ * Remove dangling symlink /usr/lib/go/lib/godoc (Closes: #747968)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Thu, 19 Jun 2014 09:23:36 +0200
+
+golang (2:1.2.1-2) unstable; urgency=low
+
+ * Re-apply debian/patches/add-tar-xattr-support.patch which got lost when
+ uploading 1.2.1-1; sorry about that.
+
+ -- Michael Stapelberg <stapelberg@debian.org> Sat, 08 Mar 2014 20:01:12 +0100
+
+golang (2:1.2.1-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Michael Stapelberg <stapelberg@debian.org> Mon, 03 Mar 2014 17:40:57 +0100
+
+golang (2:1.2-3) unstable; urgency=low
+
+ * add debian/patches/add-tar-xattr-support.patch to have xattr support in
+ tar (cherry-picked from upstream) (Thanks proppy) (Closes: #739586)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Mon, 24 Feb 2014 19:34:16 +0100
+
+golang (2:1.2-2) unstable; urgency=low
+
+ * add patches/add-src-pkg-debug-elf-testdata-hello.patch to provide source
+ for the testdata/ ELF binaries (Closes: #716853)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 31 Dec 2013 18:28:29 +0100
+
+golang (2:1.2-1) unstable; urgency=low
+
+ * New upstream release.
+ * drop patches/archive-tar-fix-links-and-pax.patch, it is merged upstream
+ * godoc(1) is now in the Debian package golang-go.tools, it was moved into a
+ separate repository by upstream.
+ * move patches/godoc-symlinks.diff to golang-go.tools
+
+ -- Michael Stapelberg <stapelberg@debian.org> Mon, 02 Dec 2013 23:57:24 +0100
+
+golang (2:1.1.2-3) unstable; urgency=low
+
+ * cherry-pick upstream commit: archive-tar-fix-links-and-pax.patch
+ (Closes: #730566)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 26 Nov 2013 18:59:27 +0100
+
+golang (2:1.1.2-2) unstable; urgency=low
+
+ * Build golang-go-linux-* for each architecture (Thanks James Page)
+ (Closes: #719611)
+ * Update lintian-overrides to override statically-linked-binary and
+ unstripped-binary-or-object for all of golang-go
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 20 Aug 2013 08:13:40 +0200
+
+golang (2:1.1.2-1) unstable; urgency=low
+
+ * New upstream release.
+ * Relicense debian/ under the Go license to match upstream. All copyright
+ holders agreed to this. (Closes: #716907)
+ * golang-mode: don’t install for a number of emacs versions which are not
+ supported upstream (Thanks Kevin Ryde) (Closes: #702511, #717521)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 13 Aug 2013 13:47:58 +0200
+
+golang (2:1.1.1-4) unstable; urgency=low
+
+ * Disable stripping, it breaks go binaries on some architectures. This drops
+ the golang-dbg package which would be empty now. (Thanks Robie Basak)
+ (Closes: #717172)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Wed, 17 Jul 2013 19:15:18 +0200
+
+golang (2:1.1.1-3) unstable; urgency=low
+
+ * Ship */runtime/cgo.a in golang-go to ensure it is present. It can only be
+ used on the native architecture anyway (cannot be used when
+ cross-compiling), so having it in golang-go-$GOOS-$GOARCH is not
+ necessary. Even worse, since these packages are arch: all, they will be
+ built precisely once, and only the runtime/cgo.a for the buildd’s native
+ arch will be present. (Closes: #715025)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Thu, 11 Jul 2013 20:25:52 +0200
+
+golang (2:1.1.1-2) unstable; urgency=low
+
+ [ James Page ]
+ * Ensure smooth upgrade path from << 2:1.1-2 (Closes: #714838)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Wed, 03 Jul 2013 18:05:58 +0200
+
+golang (2:1.1.1-1) unstable; urgency=low
+
+ * Imported Upstream version 1.1.1
+
+ -- Ingo Oeser <nightlyone@googlemail.com> Fri, 14 Jun 2013 23:25:44 +0200
+
+golang (2:1.1-2) unstable; urgency=low
+
+ [ Ondřej Surý ]
+ * Promote Michael to Maintainer
+
+ [ Michael Stapelberg ]
+ * Build golang-go-$GOOS-$GOARCH packages for cross-compiling (Closes: #710090)
+ * Build race detector on linux/amd64 (only supported arch) (Closes: #710691)
+ * Switch compression to xz (50% smaller binaries)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Fri, 07 Jun 2013 23:18:09 +0200
+
+golang (2:1.1-1) unstable; urgency=low
+
+ * New upstream release: Go 1.1!
+ * Remove the long obsolete goinstall debconf question and config file.
+ goinstall does not exist anymore since a long time.
+ This also obsoletes the need for any translations
+ (Closes: #685923, #692478)
+ * Emacs go-mode auto-mode-alist entry was fixed upstream (Closes: #670371)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 14 May 2013 19:36:04 +0200
+
+golang (2:1.1~hg20130405-1) experimental; urgency=low
+
+ * Provide a new hg tip snapshot. This includes what was recently released as
+ Go 1.1 beta.
+
+ -- Michael Stapelberg <stapelberg@debian.org> Fri, 05 Apr 2013 18:24:36 +0200
+
+golang (2:1.1~hg20130323-1) experimental; urgency=low
+
+ * Provide a new hg tip snapshot.
+ * Add debian/watch (Closes: #699698)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Sat, 23 Mar 2013 11:31:26 +0100
+
+golang (2:1.1~hg20130304-2) experimental; urgency=low
+
+ * Fix FTBFS of binary-arch only builds (as performed by buildds)
+ caused by 'rm' not finding jquery.js in golang-doc
+ (Thanks Peter Green)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 05 Mar 2013 00:49:27 +0100
+
+golang (2:1.1~hg20130304-1) experimental; urgency=low
+
+ * Provide a hg tip snapshot (2013-03-04) in Debian experimental.
+ Current hg tip is a good approximation to Go 1.1 and should get
+ some testing within Debian in order to package Go 1.1 well when
+ it is released. Thanks to Andrew Gerrand.
+
+ -- Michael Stapelberg <stapelberg@debian.org> Mon, 04 Mar 2013 21:28:58 +0100
+
+golang (2:1.0.2-2) unstable; urgency=low
+
+ * Add myself to uploaders, as discussed in #683421.
+ * cherry-pick r820ffde8c396 (net/http: non-keepalive connections close
+ successfully) (Closes: #683421)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Thu, 02 Aug 2012 14:25:58 +0200
+
+golang (2:1.0.2-1.1) unstable; urgency=low
+
+ * Non-maintainer upload. (as discussed with Ondřej in #679692)
+ * Fix godoc-symlinks.diff (godoc didn’t find docs) (Closes: #679692)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Fri, 20 Jul 2012 17:59:38 +0200
+
+golang (2:1.0.2-1) unstable; urgency=low
+
+ [ Ondřej Surý ]
+ * Imported Upstream version 1.0.2
+ * Update Vcs fields to reflect new git repository location
+ * Kill get-orig-source, since 1.0.0, the tarballs can be downloaded from
+ webpage
+
+ [ Michael Stapelberg ]
+ * golang-mode: use debian-pkg-add-load-path-item (Closes: #664802)
+ * add manpages (Closes: #632964)
+ * Use updated pt.po from Pedro Ribeiro (Closes: #674958)
+
+ -- Ondřej Surý <ondrej@sury.org> Thu, 28 Jun 2012 12:14:15 +0200
+
+golang (2:1.0.1-1) unstable; urgency=low
+
+ * Imported Upstream version 1.0.1
+ * Apply godoc patch to display package list correctly (Closes: #669354)
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 02 May 2012 15:44:59 +0200
+
+golang (2:1-6) unstable; urgency=low
+
+ * Merge upstream patch to fix homedir issue
+ (http://code.google.com/p/go/source/detail?r=709120aecee0)
+ * Disable GNU/KFreeBSD build (Closes: #668794)
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 18 Apr 2012 09:53:30 +0200
+
+golang (2:1-5) unstable; urgency=low
+
+ * Rewrite test conditions to make them more readable
+ (and fix the debian/rules to really not check on armel+kfreebsd)
+ * Patch upstream test to not fail on missing home directory
+
+ -- Ondřej Surý <ondrej@debian.org> Sun, 15 Apr 2012 12:35:53 +0200
+
+golang (2:1-4) unstable; urgency=low
+
+ * Disable tests on Debian GNU/KFreeBSD, they just hang now (Closes: #668794)
+ * Disable tests on armel, but the invalid instruction needs fixing in
+ upstream
+ * Create fake home directory to pass the os/user test
+
+ -- Ondřej Surý <ondrej@debian.org> Sun, 15 Apr 2012 10:49:09 +0200
+
+golang (2:1-3) unstable; urgency=high
+
+ * Use VERSION provided by upstream for packaging purposes
+ * Run tests as a part of a build process
+ * Install full src tree (except pkg/debug) because go command depend
+ on sources available
+ * Install sources without testdata and *_test.go
+ * Remove circular dependency golang-go->golang-doc->golang-go
+ * Make sure that timestamp on installed binaries and libraries is same
+ because go build/install recompiles everything if the go binary has
+ more recent timestamp than libraries (Closes: #668235)
+ + Need to update timestamps at postinst time because already created
+ directories can have time in the past
+ * Fix couple of lintian errors and warnings
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 11 Apr 2012 23:21:47 +0200
+
+golang (2:1-2) unstable; urgency=low
+
+ * Remove preserving of old -tools settings, there are too many options
+ now anyway (Closes: #666007)
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 06 Apr 2012 16:52:13 +0200
+
+golang (2:1-1) unstable; urgency=low
+
+ * New major upstream release Go 1 (Closes: #666942)
+ * Bumb epoch to 2, since 1 < 60 < 2011 (I wonder if next version will be 0 :)
+ * Debconf templates and debian/control reviewed by the debian-l10n-
+ english team as part of the Smith review project. (Closes: #663181)
+ * [Debconf translation updates]
+ + Pick existing translations from golang-weekly and do appropriate
+ sed magic to fit golang templates. (Closes: #666884, #666880, #666881)
+ + Dutch; (Jeroen Schot). (Closes: #664598)
+ + Czech (Michal Simunek). (Closes: #665385)
+ + Spanish; (Camaleón). (Closes: #666177)
+ + Danish (Joe Hansen). (Closes: #666526)
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 06 Apr 2012 16:04:17 +0200
+
+golang (1:60.3-2) unstable; urgency=low
+
+ * debconf-gettextize package templates
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 20 Feb 2012 22:01:10 +0100
+
+golang (1:60.3-1) unstable; urgency=low
+
+ * Imported Upstream version 60.3
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 28 Nov 2011 08:46:18 +0100
+
+golang (1:60.2-1) unstable; urgency=low
+
+ * Imported Upstream version 60.2
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 06 Oct 2011 08:57:00 +0200
+
+golang (1:60.1-1) unstable; urgency=low
+
+ * Imported Upstream version 60.1
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 19 Sep 2011 10:18:12 +0200
+
+golang (1:60-1) unstable; urgency=low
+
+ * Imported Upstream version 60
+ * Save upstream VERSION to the archive
+ * Use GOVERSION as generated by src/version.bash on hg archive time
+ * Add support for goinstall dashboard debconf question in the Debian
+ packaging
+ * Read goinstall dashboard option from debian configuration file
+ * Remove 005-goinstall_dont_call_home_by_default.patch; replaced by
+ configuration option
+ * Fix directory name for upstream archive checkout
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 13 Sep 2011 13:13:59 +0200
+
+golang (1:59-1) unstable; urgency=low
+
+ * Imported Upstream version 59
+ * Refresh patches to a new release
+ * Fix FTBFS on ARM (Closes: #634270)
+ * Update version.bash to work with Debian packaging and not hg
+ repository
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 03 Aug 2011 17:04:59 +0200
+
+golang (1:58.1-2) unstable; urgency=low
+
+ * Install golang-doc package by default (Recommends from golang-tools,
+ Depends from golang)
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 18 Jul 2011 09:13:43 +0200
+
+golang (1:58.1-1) unstable; urgency=low
+
+ * Imported Upstream version 58.1
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 13 Jul 2011 08:39:04 +0200
+
+golang (1:58-1) unstable; urgency=low
+
+ * Imported Upstream version 58
+ + Add NEWS file with upstream API changes
+ * Remove patch to not update standard package, fixed in upstream
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 30 Jun 2011 15:36:35 +0200
+
+golang (1:57.2-1) unstable; urgency=low
+
+ * Imported Upstream version 57.2
+ * More spelling fixes (Closes: #630660)
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 16 Jun 2011 11:10:58 +0200
+
+golang (1:57.1-4) unstable; urgency=low
+
+ * Description update to have proper articles and capitalization
+ (Closes: #630189)
+ * Add extended description about Go being experimental and that the
+ languager can change between releases
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 14 Jun 2011 21:38:11 +0200
+
+golang (1:57.1-3) unstable; urgency=low
+
+ * Fix "the Google's Go implementation" in extended description
+ (Closes: #627814)
+ * Update Vcs-* links
+ * Install vim ftplugin files into correct directory (Closes: #629844)
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 09 Jun 2011 10:10:41 +0200
+
+golang (1:57.1-2) unstable; urgency=low
+
+ * Bump standards version to 3.9.2
+ * Capitalize Kate (Closes: #627036)
+ * Import slightly modified patch to be more clear about $GOPATH
+ installs for non-root users
+ * Remove don't install deps patch from goinstall; deprecated by
+ $GOPATH installs
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 23 May 2011 11:07:11 +0200
+
+golang (1:57.1-1) unstable; urgency=low
+
+ * Add support for dot-minor releases
+ * Imported Upstream version 57.1
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 16 May 2011 11:45:53 +0200
+
+golang (1:57-3) unstable; urgency=low
+
+ [ Florian Weimer ]
+ * golang-tools: install gofix binary
+
+ [ Ondřej Surý ]
+ * Add lintian-overrides for gofix binary
+
+ -- Ondřej Surý <ondrej@debian.org> Sat, 07 May 2011 20:41:58 +0200
+
+golang (1:57-2) unstable; urgency=low
+
+ * Remove weekly code from debian/rules
+ * Add golang meta-package
+ * Don't create tool chain symlinks twice
+ * Make debian/rules more generic for simpler sync between weekly
+ and release branches
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 04 May 2011 16:48:24 +0200
+
+golang (1:57-1) unstable; urgency=low
+
+ * Imported Upstream version r57
+ * Bumped epoch version to 1, to convert from date based versions
+ to release number based version
+ * Allow release to migrate to testing (Closes: #624408)
+ * Add kate and vim syntax highlighting (Closes: #624544)
+ * Add -dbg package with debugging symbols
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 04 May 2011 01:20:07 +0200
+
+golang (2011.04.27-2) unstable; urgency=low
+
+ * Fix yet another build failure on kfreebsd (use linux userspace)
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 29 Apr 2011 16:22:47 +0200
+
+golang (2011.04.27-1) unstable; urgency=low
+
+ * Imported Upstream version 2011.04.27
+ * Update debian/rules to allow pulling weekly upstream releases
+ * Don't remove RUNPATH from binaries; fixed upstream (golang#1527)
+ * Set GOHOSTOS and GOHOSTARCH to match dpkg-architecture variables
+ * Add support for kfreebsd-i386, kfreebsd-amd64, armel and armhf
+ architectures
+ + 006-fix_kfreebsd_build.patch:
+ - Add GNU/KFreeBSD support by replacing all uname calls by $(GOOS)
+ + 007-use_native_dynamic_linker_on_kfreebsd.patch:
+ - Use native kfreebsd dynamic linker (/lib/ld-*.so.1)
+ * Add information about available architectures (Closes: #623877)
+ * Don't strip gotest
+ * Add Depends: golang-go to golang-tools
+ * Add better support for armhf
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 28 Apr 2011 16:14:39 +0200
+
+golang (2011.04.13-1) unstable; urgency=low
+
+ [ Florian Weimer ]
+ * Delete bin directory in clean target
+ * Enable parallel build
+ * golang-src: install source files directly
+ * Use proper symlink targets for architecture-independent toolchain
+ names
+ * Emacs mode: indent keys in struct literals properly
+
+ [ Ondřej Surý ]
+ * Imported Upstream weekly version 2011.04.13
+ * Update patches to new weekly release
+ * Add lintian-override for gotest binary
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 26 Apr 2011 09:59:28 +0200
+
+golang (2011.03.07.1-1) unstable; urgency=low
+
+ * Imported Upstream version 2011.03.07.1
+ * Install to /usr/lib/go
+ * Remove xkcd strip to get rid of CC-NC-BY
+ * Update golang-src.install to new upstream
+ * Remove 002-use_GOROOT_FINAL_in_generated_binaries.patch; merged
+ upstream
+ * Make all .go files no-executable
+ * Update lintian-overrides to include both types of syntax
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 20 Apr 2011 17:36:48 +0200
+
+golang (2011.02.15-2) unstable; urgency=low
+
+ [ Ondřej Surý ]
+ * Add ${misc:Depends} to golang-mode to shutup lintian
+ * Rehaul build system and add golang-src package with .go source files
+ * goinstall: do not automatically install prerequisities
+ * goinstall: don't report to dashboard by default
+ * Add a README.Debian about local modifications to goinstall
+ * Add warning about local modifications also directly to goinstall command
+
+ [ Florian Weimer ]
+ * Fix syntax error in 004-
+ dont_reinstall_dependencies_in_goinstall.patch
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 18 Feb 2011 16:02:09 +0100
+
+golang (2011.02.15-1) unstable; urgency=low
+
+ [ Obey Arthur Liu ]
+ * Added pkg-google git repo to control file
+
+ [ Florian Weimer ]
+ * Build golang-mode package
+
+ [ Ondřej Surý ]
+ * Imported Upstream version 2011.02.15
+ * Don't compress godoc documentation
+ * Correctly use $GOROOT_FINAL in the build chain
+ * Remove RPATH/RUNPATH from go binaries
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 18 Feb 2011 11:39:10 +0100
+
+golang (2011.02.01.1-1) unstable; urgency=low
+
+ [ Ivan Wong ]
+ * Initial release (Closes: #574371)
+
+ [ Jonathan Nieder ]
+ * Fill out copyright file
+ * Rewrite debian/rules using dh driver
+ * debian: fix get-orig-source rule
+ * debian: do not install extra files on repeated build
+ * debian: fix reversed ‘if’
+ * debian: do not leave around stale debian/env.sh+ file
+ * debian: Build-Depends on awk instead of gawk
+ * debian: add run-time dependency on perl
+ * debian: add build-time dependency on perl
+ * debian: fix setting of GOARM on arm
+ * debian: do not compress files in web page
+ * debian: install favicon
+
+ [ Ondřej Surý ]
+ * Make myself a maintainer
+ * Add patch to allow IPv4 on IPv6 sockets (Courtesy of Florian Weimer)
+ * Use GOROOT_FINAL and change GOBIN to /usr/bin
+ * Get rid of env.sh and wrappers
+ * Add support for building in i386 pbuilder on amd64 architecture
+ * Rename source package to golang to match upstream repository name
+ * Add golang-doc package
+ * Split package into compiler, docs and tools
+ * Don't install quietgcc and hgpatch
+ * Don't generate fake gomake
+ * Update golang-doc package
+ * Export GOHOSTARCH and GOHOSTOS
+ * Disable build time checks
+ * Fail on missed installed files
+ * Revert s{tmp{golang-go{ change in DESTDIR
+ * Relicence debian/ files from versionless GPL to GPL-3
+ * Move golang-doc to doc section
+ * Add more lintian overrides for Go binaries
+ * Install all 6,8,5 variants of commands
+ * Install golang-* symlinks for 6,8,5* commands
+ * Don't strip govet as well
+ * Remove ${shlibs:Depends} where it doesn't belong
+ * Move more html files to golang-doc package
+ * Remove codereview directory - some python code to deal with mercurial
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 14 Feb 2011 17:42:39 +0100
--- /dev/null
+#
+# WARNING: "debian/control" is generated via "debian/rules gencontrol" (sourced from "debian/control.in")
+#
+
+Source: golang-1.7
+Section: devel
+Priority: optional
+Maintainer: Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org>
+Uploaders: Michael Stapelberg <stapelberg@debian.org>,
+ Paul Tagliamonte <paultag@debian.org>,
+ Tianon Gravi <tianon@debian.org>,
+ Michael Hudson-Doyle <michael.hudson@ubuntu.com>
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-golang/golang.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-golang/golang.git -b golang-1.7
+Build-Depends: debhelper (>= 7.4.10),
+ golang-any (>= 2:1.4~) | golang-go (>= 2:1.4~) | gccgo (>= 4:5~),
+ netbase
+Standards-Version: 3.9.8
+Homepage: https://golang.org
+
+Package: golang-1.7-go
+Architecture: amd64 arm64 armel armhf i386 ppc64 ppc64el s390x
+Depends: golang-1.7-src (>= ${source:Version}),
+ ${misc:Depends},
+ ${perl:Depends},
+ ${shlibs:Depends}
+Recommends: g++, gcc, libc6-dev, pkg-config
+Suggests: bzr, ca-certificates, git, mercurial, subversion
+Description: Go programming language compiler, linker, compiled stdlib
+ The Go programming language is an open source project to make programmers more
+ productive. Go is expressive, concise, clean, and efficient. Its concurrency
+ mechanisms make it easy to write programs that get the most out of multicore
+ and networked machines, while its novel type system enables flexible and
+ modular program construction. Go compiles quickly to machine code yet has the
+ convenience of garbage collection and the power of run-time reflection. It's a
+ fast, statically typed, compiled language that feels like a dynamically typed,
+ interpreted language.
+ .
+ This package provides an assembler, compiler, linker, and compiled libraries
+ for the Go programming language.
+ .
+ Go supports cross-compilation, but as of Go 1.5, it is no longer necessary to
+ pre-compile the standard library inside GOROOT for cross-compilation to work.
+
+Package: golang-1.7-src
+Architecture: amd64 arm64 armel armhf i386 ppc64 ppc64el s390x
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: Go programming language - source files
+ The Go programming language is an open source project to make programmers more
+ productive. Go is expressive, concise, clean, and efficient. Its concurrency
+ mechanisms make it easy to write programs that get the most out of multicore
+ and networked machines, while its novel type system enables flexible and
+ modular program construction. Go compiles quickly to machine code yet has the
+ convenience of garbage collection and the power of run-time reflection. It's a
+ fast, statically typed, compiled language that feels like a dynamically typed,
+ interpreted language.
+ .
+ This package provides the Go programming language source files needed for
+ cross-compilation.
+
+Package: golang-1.7-doc
+Depends: golang-1.7-go, ${misc:Depends}
+Architecture: all
+Section: doc
+Description: Go programming language - documentation
+ The Go programming language is an open source project to make
+ programmers more productive. Go is expressive, concise, clean, and
+ efficient. Its concurrency mechanisms make it easy to write programs
+ that get the most out of multicore and networked machines, while its
+ novel type system enables flexible and modular program construction.
+ Go compiles quickly to machine code yet has the convenience of
+ garbage collection and the power of run-time reflection. It's a fast,
+ statically typed, compiled language that feels like a dynamically
+ typed, interpreted language.
+ .
+ This package provides the documentation for the Go programming
+ language. You can view the formatted documentation by running "godoc
+ --http=:6060", and then visiting http://localhost:6060/doc/install.html.
+
+Package: golang-1.7
+Depends: golang-1.7-doc (>= ${source:Version}),
+ golang-1.7-go (>= ${source:Version}),
+ golang-1.7-src (>= ${source:Version}),
+ ${misc:Depends}
+Architecture: all
+Description: Go programming language compiler - metapackage
+ The Go programming language is an open source project to make
+ programmers more productive. Go is expressive, concise, clean, and
+ efficient. Its concurrency mechanisms make it easy to write programs
+ that get the most out of multicore and networked machines, while its
+ novel type system enables flexible and modular program construction.
+ Go compiles quickly to machine code yet has the convenience of
+ garbage collection and the power of run-time reflection. It's a
+ fast, statically typed, compiled language that feels like a
+ dynamically typed, interpreted language.
+ .
+ This package is a metapackage that, when installed, guarantees
+ that (most of) a full Go development environment is installed.
--- /dev/null
+Source: golang-X.Y
+Section: devel
+Priority: optional
+Maintainer: Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org>
+Uploaders: Michael Stapelberg <stapelberg@debian.org>,
+ Paul Tagliamonte <paultag@debian.org>,
+ Tianon Gravi <tianon@debian.org>,
+ Michael Hudson-Doyle <michael.hudson@ubuntu.com>
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-golang/golang.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-golang/golang.git -b golang-X.Y
+Build-Depends: debhelper (>= 7.4.10),
+ golang-any (>= 2:1.4~) | golang-go (>= 2:1.4~) | gccgo (>= 4:5~),
+ netbase
+Standards-Version: 3.9.8
+Homepage: https://golang.org
+
+Package: golang-X.Y-go
+Architecture: amd64 arm64 armel armhf i386 ppc64 ppc64el s390x
+Depends: golang-X.Y-src (>= ${source:Version}),
+ ${misc:Depends},
+ ${perl:Depends},
+ ${shlibs:Depends}
+Recommends: g++, gcc, libc6-dev, pkg-config
+Suggests: bzr, ca-certificates, git, mercurial, subversion
+Description: Go programming language compiler, linker, compiled stdlib
+ The Go programming language is an open source project to make programmers more
+ productive. Go is expressive, concise, clean, and efficient. Its concurrency
+ mechanisms make it easy to write programs that get the most out of multicore
+ and networked machines, while its novel type system enables flexible and
+ modular program construction. Go compiles quickly to machine code yet has the
+ convenience of garbage collection and the power of run-time reflection. It's a
+ fast, statically typed, compiled language that feels like a dynamically typed,
+ interpreted language.
+ .
+ This package provides an assembler, compiler, linker, and compiled libraries
+ for the Go programming language.
+ .
+ Go supports cross-compilation, but as of Go 1.5, it is no longer necessary to
+ pre-compile the standard library inside GOROOT for cross-compilation to work.
+
+Package: golang-X.Y-src
+Architecture: amd64 arm64 armel armhf i386 ppc64 ppc64el s390x
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: Go programming language - source files
+ The Go programming language is an open source project to make programmers more
+ productive. Go is expressive, concise, clean, and efficient. Its concurrency
+ mechanisms make it easy to write programs that get the most out of multicore
+ and networked machines, while its novel type system enables flexible and
+ modular program construction. Go compiles quickly to machine code yet has the
+ convenience of garbage collection and the power of run-time reflection. It's a
+ fast, statically typed, compiled language that feels like a dynamically typed,
+ interpreted language.
+ .
+ This package provides the Go programming language source files needed for
+ cross-compilation.
+
+Package: golang-X.Y-doc
+Depends: golang-X.Y-go, ${misc:Depends}
+Architecture: all
+Section: doc
+Description: Go programming language - documentation
+ The Go programming language is an open source project to make
+ programmers more productive. Go is expressive, concise, clean, and
+ efficient. Its concurrency mechanisms make it easy to write programs
+ that get the most out of multicore and networked machines, while its
+ novel type system enables flexible and modular program construction.
+ Go compiles quickly to machine code yet has the convenience of
+ garbage collection and the power of run-time reflection. It's a fast,
+ statically typed, compiled language that feels like a dynamically
+ typed, interpreted language.
+ .
+ This package provides the documentation for the Go programming
+ language. You can view the formatted documentation by running "godoc
+ --http=:6060", and then visiting http://localhost:6060/doc/install.html.
+
+Package: golang-X.Y
+Depends: golang-X.Y-doc (>= ${source:Version}),
+ golang-X.Y-go (>= ${source:Version}),
+ golang-X.Y-src (>= ${source:Version}),
+ ${misc:Depends}
+Architecture: all
+Description: Go programming language compiler - metapackage
+ The Go programming language is an open source project to make
+ programmers more productive. Go is expressive, concise, clean, and
+ efficient. Its concurrency mechanisms make it easy to write programs
+ that get the most out of multicore and networked machines, while its
+ novel type system enables flexible and modular program construction.
+ Go compiles quickly to machine code yet has the convenience of
+ garbage collection and the power of run-time reflection. It's a
+ fast, statically typed, compiled language that feels like a
+ dynamically typed, interpreted language.
+ .
+ This package is a metapackage that, when installed, guarantees
+ that (most of) a full Go development environment is installed.
--- /dev/null
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: golang
+Source: https://github.com/golang/go
+
+Files: *
+Copyright: © 2009, 2010, The Go Authors. All rights reserved.
+License: Go
+
+Files: include/*
+ src/lib9/*
+ src/libbio/*
+ src/runtime/386/*
+ src/libmach/*
+ src/runtime/arm/vlop.s
+ src/runtime/arm/vlrt.c
+ src/runtime/arm/memset.s
+ src/runtime/arm/memmove.s
+ src/runtime/amd64/memmove.s
+ src/runtime/amd64/memmove.s
+ src/math/fltasm_amd64.s
+ src/cmd/6c/txt.c
+ src/cmd/gopack/ar.c
+ src/cmd/ld/lib.[ch]
+ src/cmd/6a/a.[yh]
+ src/cmd/6a/lex.c
+ src/cmd/5g/gobj.c
+ src/cmd/5g/list.c
+ src/cmd/5g/gsubr.c
+ src/cmd/5g/opt.h
+ src/cmd/8c/*
+ src/cmd/goyacc/goyacc.go
+ src/cmd/5l/*
+ src/cmd/6g/reg.c
+ src/cmd/6g/gobj.c
+ src/cmd/6g/peep.c
+ src/cmd/6g/list.c
+ src/cmd/6g/gsubr.c
+ src/cmd/6g/opt.c
+ src/cmd/8l/*
+ src/cmd/nm/nm.c
+ src/cmd/gc/bits.c
+ src/cmd/cc/*
+ src/cmd/5a/*
+ src/cmd/8g/reg.c
+ src/cmd/8g/gobj.c
+ src/cmd/8g/peep.c
+ src/cmd/8g/list.c
+ src/cmd/8g/gsubr.c
+ src/cmd/8g/opt.h
+ src/cmd/5c/*
+ src/cmd/6l/*
+ src/cmd/8a/*
+Origin: Plan 9 from User Space include/, src/lib9/, src/libmach/
+ Inferno utils/include/, utils/libmach/, utils/6c/, utils/iar/,
+ utils/6l/, utils/6a/, utils/5c/, utils/8c/, utils/iyacc/,
+ utils/5l/, utils/6c/, utils/8l/, utils/nm/, utils/cc/,
+ utils/5a/, utils/8a/, lib9/, libkern/, libbio/
+Copyright: © 1994-1999 Lucent Technologies Inc. All rights reserved.
+ Portions © 1997-1999 Vita Nuova Limited
+ Portions © 2000-2007 Vita Nuova Holdings Limited (www.vitanuova.com)
+ Portions © 2001-2007 Russ Cox. All rights reserved.
+ Portions © 2004,2006 Bruce Ellis
+ Portions © 1995-2007 C H Forsyth (forsyth@terzarima.net)
+ Revisions © 2000-2007 Lucent Technologies Inc. and others
+ Portions © 2009 The Go Authors. All rights reserved.
+License: X11
+
+Files: src/lib9/goos.c
+ src/lib9/win32.c
+ src/lib9/Makefile
+ src/runtime/386/asm.s
+ src/runtime/386/closure.c
+ src/runtime/arm/asm.s
+ src/runtime/arm/closure.c
+ src/runtime/arm/cas5.s
+ src/libmach/fakeobj.c
+ src/libmach/macho.h
+ src/cmd/6c/doc.go
+ src/cmd/6c/Makefile
+ src/cmd/8c/doc.go
+ src/cmd/8c/Makefile
+ src/cmd/5l/doc.go
+ src/cmd/5l/softfloat.c
+ src/cmd/5l/Makefile
+ src/cmd/8l/doc.go
+ src/cmd/8l/Makefile
+ src/cmd/cc/doc.go
+ src/cmd/cc/Makefile
+ src/cmd/5a/doc.go
+ src/cmd/5a/Makefile
+ src/cmd/5c/doc.go
+ src/cmd/5c/Makefile
+ src/cmd/6l/doc.go
+ src/cmd/6l/Makefile
+ src/cmd/8a/doc.go
+ src/cmd/8a/Makefile
+Copyright: © 2009, 2010, The Go Authors. All rights reserved.
+License: Go
+
+Files: include/fmt.h
+ src/lib9/utf/*
+ src/lib9/fmt/*
+ src/runtime/rune.c
+Copyright: © 1998-2002 by Lucent Technologies.
+ Portions © 2004 Google Inc.
+ Portions © 2009 The Go Authors. All rights reserved.
+License: MIT-Inspired
+ The authors of this software are Rob Pike and Ken Thompson,
+ with contributions from Mike Burrows and Sean Dorward.
+ Copyright (c) 1998-2006 by Lucent Technologies.
+ Portions Copyright (c) 2004 Google Inc.
+ Portions Copyright (c) 2009 The Go Authors. All rights reserved.
+ Permission to use, copy, modify, and distribute this software for any
+ purpose without fee is hereby granted, provided that this entire notice
+ is included in all copies of any software which is or includes a copy
+ or modification of this software and in all copies of the supporting
+ documentation for such software.
+ THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
+ WARRANTY. IN PARTICULAR, NEITHER THE AUTHORS NOR LUCENT TECHNOLOGIES MAKE ANY
+ REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
+ OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
+
+Files: src/lib9/utf/mkrunetype.c
+Copyright: © 2009, The Go Authors. All rights reserved.
+License: Go
+
+Files: src/cmd/cov/tree.[ch]
+Copyright: © 2003-2007 Russ Cox, Tom Bergan, Austin Clements,
+ Massachusetts Institute of Technology
+ Portions © 2009 The Go Authors. All rights reserved.
+License: X11
+
+Files: src/cmd/prof/gopprof
+Origin: based on src/pprof from google-perftools
+Copyright: © 1998-2007, Google Inc.
+License: Perftools
+Notes:
+ This is a copy of http://google-perftools.googlecode.com/svn/trunk/src/pprof
+ with local modifications to handle generation of SVG images and
+ the Go-style pprof paths. These modifications will probably filter
+ back into the official source before long.
+ It's convenient to have a copy here because we need just the one
+ Perl script, not all the C++ libraries that surround it.
+
+Files: src/runtime/tiny/bootblock
+Origin: Xv6 rev3
+Copyright: © 2006-2009 Frans Kaashoek, Robert Morris, Russ Cox,
+ Massachusetts Institute of Technology
+License: X11
+
+Files: src/debug/dwarf/testdata/typedef.macho
+ src/debug/dwarf/testdata/typedef.elf
+Source: src/debug/dwarf/testdata/typedef.c
+Copyright: © 2009, The Go Authors. All rights reserved.
+License: Go
+
+Files: src/debug/macho/testdata/gcc-amd64-darwin-exec-debug
+ src/debug/macho/testdata/gcc-386-darwin-exec
+ src/debug/macho/testdata/gcc-amd64-darwin-exec
+ src/debug/elf/testdata/go-relocation-test-gcc424-x86-64.o
+ src/debug/elf/testdata/gcc-amd64-linux-exec
+ src/debug/elf/testdata/go-relocation-test-gcc441-x86.o
+ src/debug/elf/testdata/gcc-386-freebsd-exec
+ src/debug/elf/testdata/go-relocation-test-gcc441-x86-64.o
+Source: src/debug/elf/testdata/hello.c
+Copyright: © 2009, 2010, The Go Authors. All rights reserved.
+License: Go
+
+Files: src/debug/elf/elf.go
+ src/cmd/ld/elf.h
+Origin: FreeBSD src/sys/sys/elf{32,64,_common}.h, src/sys/*/include/elf.h
+Copyright: © 1996-1998 John D. Polstra. All rights reserved.
+ © 2001 David E. O'Brien
+ Portions © 2009 The Go Authors. All rights reserved.
+License: FreeBSD
+
+Files: src/math/log1p.go
+Origin: Translated and simplified from FreeBSD /usr/src/lib/msun/src/s_log1p.c
+Copyright: © 2010 The Go Authors. All rights reserved.
+ Based on code © 1993 by Sun Microsystems, Inc. All rights reserved.
+License: Go
+Comment:
+ The original C code, the long comment, and the constants
+ below are from FreeBSD's /usr/src/lib/msun/src/s_log1p.c
+ and came with this notice. The go code is a simplified
+ version of the original C.
+ .
+ ====================================================
+ Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved.
+ .
+ Developed at SunPro, a Sun Microsystems, Inc. business.
+ Permission to use, copy, modify, and distribute this
+ software is freely granted, provided that this notice
+ is preserved.
+
+Files: src/image/jpeg/idct.go
+Origin: Translated from idct.c in the MPEG-2 (ISO/IEC 13818-4)
+ technical report video software verifier (mpeg2decode)
+ version 960109
+Copyright: © 1996, MPEG Software Simulation Group. All Rights Reserved.
+License: MPEG
+
+Files: src/exp/spacewar/pdp1.go
+ src/exp/spacewar/spacewar.go
+Origin: Translated from the Java emulator pdp1.java in Spacewar!
+Copyright: © 1996 Barry Silverman, Brian Silverman, Vadim Gerasimov.
+ Portions © 2009 The Go Authors.
+License: Spacewar!
+
+Files: src/exp/spacewar/code.go
+Origin: The original Spacewar!
+Copyright: See license
+License: PD
+ This file contains the assembly language and machine code for
+ Spacewar!, the original PDP-1 video game. It is downloaded from
+ http://spacewar.oversigma.com/sources/sources.zip which has
+ the following notice at http://spacewar.oversigma.com/:
+ .
+ Spacewar! was conceived in 1961 by Martin Graetz, Stephen Russell,
+ and Wayne Wiitanen. It was first realized on the PDP-1 in 1962 by
+ Stephen Russell, Peter Samson, Dan Edwards, and Martin Graetz,
+ together with Alan Kotok, Steve Piner, and Robert A Saunders.
+ Spacewar! is in the public domain, but this credit paragraph must
+ accompany all distributed versions of the program.
+ .
+ This is the original version! Martin Graetz provided us with a
+ printed version of the source. We typed in in again - it was about
+ 40 pages long - and re-assembled it with a PDP-1 assembler written
+ in PERL. The resulting binary runs on a PDP-1 emulator written as
+ a Java applet. The code is extremely faithful to the original. There
+ are only two changes. 1)The spaceships have been made bigger and
+ 2) The overall timing has been special cased to deal with varying
+ machine speeds.
+ .
+ The "a", "s", "d", "f" keys control one of the spaceships. The "k",
+ "l", ";", "'" keys control the other. The controls are spin one
+ way, spin the other, thrust, and fire.
+ .
+ Barry Silverman
+ Brian Silverman
+ Vadim Gerasimov
+
+Files: src/exp/4s/xs.go
+ src/exp/4s/data.go
+Origin: Derived from Plan 9's /sys/src/games/xs.c
+Copyright: © 2003, Lucent Technologies Inc. and others. All Rights Reserved.
+ Portions © 2009 The Go Authors. All Rights Reserved.
+License: Plan9
+
+Files: src/cmd/goyacc/units.txt
+Origin: Plan9's /lib/units
+Copyright: © 2003, Lucent Technologies Inc. and others. All Rights Reserved.
+License: Plan9
+
+Files: src/cmd/goyacc/units.y
+Origin: Derived from Plan9's /sys/src/cmd/units.y
+Copyright: © 2003, Lucent Technologies Inc. and others. All Rights Reserved.
+ Portions © 2009 The Go Authors. All Rights Reserved.
+License: Plan9
+
+Files: src/html/testdata/webkit/*
+Origin: WebKit LayoutTests/html5lib/resources/
+Copyright: © 2009, Apple Inc. All rights reserved.
+License: WebKit
+
+Files: src/image/png/testdata/pngsuite/*
+Origin: libpng 1.2.40, contrib/pngsuite/*
+Copyright: © Willem van Schaik, 1999
+License: noderivs
+ Permission to use, copy, and distribute these images for any purpose and
+ without fee is hereby granted.
+
+Files: lib/codereview/*
+Copyright: © 2007-2009 Google Inc.
+License: Apache-2.0
+
+Files: lib/godoc/godoc.html
+Copyright: © 2009, 2010, The Go Authors. All rights reserved.
+License: CC-BY-3.0
+Comment:
+ Except as noted, this content is licensed under Creative Commons
+ Attribution 3.0
+
+Files: misc/cgo/gmp/pi.go
+Copyright: Brent Fulgham
+Authors: contributed by The Go Authors.
+ based on pidigits.c (by Paolo Bonzini & Sean Bartlett,
+ modified by Michael Mellor)
+License: Shootout
+
+Files: test/garbage/tree.go
+ test/bench/*
+Copyright: Brent Fulgham
+License: Shootout
+
+Files: favicon.ico
+ doc/gopher/*
+Copyright: Renée French
+License: CC-BY-3.0
+Comment:
+ The mascot and logo were designed by
+ Renée French <http://reneefrench.blogspot.com>, who also designed
+ Glenda <http://plan9.bell-labs.com/plan9/glenda.html>,
+ the Plan 9 bunny.
+ The gopher is derived from one she used for an WFMU <http://wfmu.org/>
+ T-shirt design some years ago.
+ The logo and mascot are covered by the
+ Creative Commons Attribution 3.0 <http://creativecommons.org/licenses/by/3.0>
+ license.
+
+Files: doc/*
+Copyright: © 2009, 2010, The Go Authors. All rights reserved.
+License: CC-BY-3.0
+Comment:
+ Except as noted, this content is licensed under Creative Commons
+ Attribution 3.0
+
+Files: doc/htmlgen.go
+ doc/makehtml
+ doc/popups.js
+ doc/style.css
+ doc/Makefile
+ doc/codelab/wiki/Makefile
+ doc/prog.sh
+ doc/progs/*
+ doc/codewalk/codewalk.css
+ doc/codewalk/codewalk.js
+ doc/codewalk/urlpoll.go
+ doc/talks/io2010/*.go
+Copyright: © 2009, 2010, The Go Authors. All rights reserved.
+License: Go
+
+Files: doc/talks/slidy.*
+Origin: http://www.w3.org/Talks/Tools/Slidy/
+Copyright: © 2005 W3C (MIT, ERCIM, Keio), All Rights Reserved.
+License: W3C
+Comment:
+ W3C liability, trademark, document use and software licensing
+ rules apply, see:
+ .
+ http://www.w3.org/Consortium/Legal/copyright-documents
+ http://www.w3.org/Consortium/Legal/copyright-software
+
+Files: debian/*
+Copyright: 2010 Ivan Wong <ivanwyc@gmail.com>
+ 2010 Ondřej Surý <ondrej@debian.org>
+ 2012 Michael Stapelberg <stapelberg@debian.org>
+ 2014 Canonical Ltd
+ 2014 Tianon Gravi <tianon@debian.org>
+License: Go
+
+License: Go
+ Copyright © 2009 The Go Authors. All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following disclaimer
+ in the documentation and/or other materials provided with the
+ distribution.
+ * Neither the name of Google Inc. nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ .
+ Subject to the terms and conditions of this License, Google hereby
+ grants to You a perpetual, worldwide, non-exclusive, no-charge,
+ royalty-free, irrevocable (except as stated in this section) patent
+ license to make, have made, use, offer to sell, sell, import, and
+ otherwise transfer this implementation of Go, where such license
+ applies only to those patent claims licensable by Google that are
+ necessarily infringed by use of this implementation of Go. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that this
+ implementation of Go or a Contribution incorporated within this
+ implementation of Go constitutes direct or contributory patent
+ infringement, then any patent licenses granted to You under this
+ License for this implementation of Go shall terminate as of the date
+ such litigation is filed.
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the Apache License, Version 2.0 can be found at
+ /usr/share/common-licenses/Apache-2.0.
+
+License: X11
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+License: FreeBSD
+ Copyright (c) 1996-1998 John D. Polstra. All rights reserved.
+ Copyright (c) 2001 David E. O'Brien
+ Portions Copyright 2009 The Go Authors. All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+License: MPEG
+ These software programs are available to the user without any license fee or
+ royalty on an "as is" basis. The MPEG Software Simulation Group disclaims
+ any and all warranties, whether express, implied, or statuary, including any
+ implied warranties or merchantability or of fitness for a particular
+ purpose. In no event shall the copyright-holder be liable for any
+ incidental, punitive, or consequential damages of any kind whatsoever
+ arising from the use of these programs.
+ .
+ This disclaimer of warranty extends to the user of these programs and user's
+ customers, employees, agents, transferees, successors, and assigns.
+ .
+ The MPEG Software Simulation Group does not represent or warrant that the
+ programs furnished hereunder are free of infringement of any third-party
+ patents.
+ .
+ Commercial implementations of MPEG-1 and MPEG-2 video, including shareware,
+ are subject to royalty fees to patent holders. Many of these patents are
+ general enough such that they are unavoidable regardless of implementation
+ design.
+
+License: Perftools
+ Copyright (c) 1998-2007, Google Inc.
+ All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following disclaimer
+ in the documentation and/or other materials provided with the
+ distribution.
+ * Neither the name of Google Inc. nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: Shootout
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+ .
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ * Neither the name of "The Computer Language Benchmarks Game" nor the
+ name of "The Computer Language Shootout Benchmarks" nor the names of
+ its contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+License: WebKit
+ Copyright (C) 2009 Apple Inc. All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+ .
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS "AS IS" AND ANY
+ EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: Spacewar!
+ Copyright (c) 1996 Barry Silverman, Brian Silverman, Vadim Gerasimov.
+ Portions Copyright (c) 2009 The Go Authors.
+ .
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+ .
+ This package and spacewar.go implement a simple PDP-1 emulator
+ complete enough to run the original PDP-1 video game Spacewar!
+ See nacl/README for details on running them.
+ .
+ They are a translation of the Java emulator pdp1.java in
+ http://spacewar.oversigma.com/sources/sources.zip.
+ .
+ See also the PDP-1 handbook at http://www.dbit.com/~greeng3/pdp1/pdp1.html
+ .
+ http://spacewar.oversigma.com/readme.html begins:
+ .
+ Spacewar! was conceived in 1961 by Martin Graetz, Stephen Russell,
+ and Wayne Wiitanen. It was first realized on the PDP-1 in 1962 by
+ Stephen Russell, Peter Samson, Dan Edwards, and Martin Graetz,
+ together with Alan Kotok, Steve Piner, and Robert A Saunders.
+ Spacewar! is in the public domain, but this credit paragraph must
+ accompany all distributed versions of the program.
+
+License: Plan9
+ Lucent Public License Version 1.02
+ .
+ THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS PUBLIC LICENSE
+ ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES
+ RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
+ .
+ 1. DEFINITIONS
+ .
+ "Contribution" means:
+ .
+ a. in the case of Lucent Technologies Inc. ("LUCENT"), the Original Program,
+ and
+ b. in the case of each Contributor,
+ i. changes to the Program, and
+ ii. additions to the Program;
+ where such changes and/or additions to the Program were added to the
+ Program by such Contributor itself or anyone acting on such Contributor's
+ behalf, and the Contributor explicitly consents, in accordance with
+ Section 3C, to characterization of the changes and/or additions as
+ Contributions.
+ .
+ "Contributor" means LUCENT and any other entity that has Contributed a
+ Contribution to the Program.
+ .
+ "Distributor" means a Recipient that distributes the Program, modifications to
+ the Program, or any part thereof.
+ .
+ "Licensed Patents" mean patent claims licensable by a Contributor which are
+ necessarily infringed by the use or sale of its Contribution alone or when
+ combined with the Program.
+ .
+ "Original Program" means the original version of the software accompanying
+ this Agreement as released by LUCENT, including source code, object code and
+ documentation, if any.
+ .
+ "Program" means the Original Program and Contributions or any part thereof
+ .
+ "Recipient" means anyone who receives the Program under this Agreement,
+ including all Contributors.
+ .
+ 2. GRANT OF RIGHTS
+ .
+ a. Subject to the terms of this Agreement, each Contributor hereby grants
+ Recipient a non-exclusive, worldwide, royalty-free copyright license to
+ reproduce, prepare derivative works of, publicly display, publicly
+ perform, distribute and sublicense the Contribution of such Contributor,
+ if any, and such derivative works, in source code and object code form.
+ .
+ b. Subject to the terms of this Agreement, each Contributor hereby grants
+ Recipient a non-exclusive, worldwide, royalty-free patent license under
+ Licensed Patents to make, use, sell, offer to sell, import and otherwise
+ transfer the Contribution of such Contributor, if any, in source code and
+ object code form. The patent license granted by a Contributor shall also
+ apply to the combination of the Contribution of that Contributor and the
+ Program if, at the time the Contribution is added by the Contributor,
+ such addition of the Contribution causes such combination to be covered
+ by the Licensed Patents. The patent license granted by a Contributor
+ shall not apply to (i) any other combinations which include the
+ Contribution, nor to (ii) Contributions of other Contributors. No
+ hardware per se is licensed hereunder.
+ .
+ c. Recipient understands that although each Contributor grants the licenses
+ to its Contributions set forth herein, no assurances are provided by any
+ Contributor that the Program does not infringe the patent or other
+ intellectual property rights of any other entity. Each Contributor
+ disclaims any liability to Recipient for claims brought by any other
+ entity based on infringement of intellectual property rights or
+ otherwise. As a condition to exercising the rights and licenses granted
+ hereunder, each Recipient hereby assumes sole responsibility to secure
+ any other intellectual property rights needed, if any. For example, if a
+ third party patent license is required to allow Recipient to distribute
+ the Program, it is Recipient's responsibility to acquire that license
+ before distributing the Program.
+ .
+ d. Each Contributor represents that to its knowledge it has sufficient
+ copyright rights in its Contribution, if any, to grant the copyright
+ license set forth in this Agreement.
+ .
+ 3. REQUIREMENTS
+ .
+ A. Distributor may choose to distribute the Program in any form under this
+ Agreement or under its own license agreement, provided that:
+ .
+ a. it complies with the terms and conditions of this Agreement;
+ .
+ b. if the Program is distributed in source code or other tangible form, a
+ copy of this Agreement or Distributor's own license agreement is included
+ with each copy of the Program; and
+ .
+ c. if distributed under Distributor's own license agreement, such license
+ agreement:
+ i. effectively disclaims on behalf of all Contributors all warranties
+ and conditions, express and implied, including warranties or
+ conditions of title and non-infringement, and implied warranties or
+ conditions of merchantability and fitness for a particular purpose;
+ ii. effectively excludes on behalf of all Contributors all liability for
+ damages, including direct, indirect, special, incidental and
+ consequential damages, such as lost profits; and
+ iii. states that any provisions which differ from this Agreement are
+ offered by that Contributor alone and not by any other party.
+ .
+ B. Each Distributor must include the following in a conspicuous location in
+ the Program:
+ .
+ Copyright (C) 2003, Lucent Technologies Inc. and others. All Rights Reserved.
+ .
+ C. In addition, each Contributor must identify itself as the originator of its
+ Contribution in a manner that reasonably allows subsequent Recipients to
+ identify the originator of the Contribution. Also, each Contributor must agree
+ that the additions and/or changes are intended to be a Contribution. Once a
+ Contribution is contributed, it may not thereafter be revoked.
+ .
+ 4. COMMERCIAL DISTRIBUTION
+ .
+ Commercial distributors of software may accept certain responsibilities with
+ respect to end users, business partners and the like. While this license is
+ intended to facilitate the commercial use of the Program, the Distributor who
+ includes the Program in a commercial product offering should do so in a manner
+ which does not create potential liability for Contributors. Therefore, if a
+ Distributor includes the Program in a commercial product offering, such
+ Distributor ("Commercial Distributor") hereby agrees to defend and indemnify
+ every Contributor ("Indemnified Contributor") against any losses, damages and
+ costs (collectively "Losses") arising from claims, lawsuits and other legal
+ actions brought by a third party against the Indemnified Contributor to the
+ extent caused by the acts or omissions of such Commercial Distributor in
+ connection with its distribution of the Program in a commercial product
+ offering. The obligations in this section do not apply to any claims or Losses
+ relating to any actual or alleged intellectual property infringement. In order
+ to qualify, an Indemnified Contributor must: a) promptly notify the Commercial
+ Distributor in writing of such claim, and b) allow the Commercial Distributor
+ to control, and cooperate with the Commercial Distributor in, the defense and
+ any related settlement negotiations. The Indemnified Contributor may
+ participate in any such claim at its own expense.
+ .
+ For example, a Distributor might include the Program in a commercial product
+ offering, Product X. That Distributor is then a Commercial Distributor. If
+ that Commercial Distributor then makes performance claims, or offers
+ warranties related to Product X, those performance claims and warranties are
+ such Commercial Distributor's responsibility alone. Under this section, the
+ Commercial Distributor would have to defend claims against the Contributors
+ related to those performance claims and warranties, and if a court requires
+ any Contributor to pay any damages as a result, the Commercial Distributor
+ must pay those damages.
+ .
+ 5. NO WARRANTY
+ .
+ EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
+ IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE,
+ NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each
+ Recipient is solely responsible for determining the appropriateness of using
+ and distributing the Program and assumes all risks associated with its
+ exercise of rights under this Agreement, including but not limited to the
+ risks and costs of program errors, compliance with applicable laws, damage to
+ or loss of data, programs or equipment, and unavailability or interruption of
+ operations.
+ .
+ 6. DISCLAIMER OF LIABILITY
+ .
+ EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY
+ CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION
+ LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE
+ EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY
+ OF SUCH DAMAGES.
+ .
+ 7. EXPORT CONTROL
+ .
+ Recipient agrees that Recipient alone is responsible for compliance with the
+ United States export administration regulations (and the export control laws
+ and regulation of any other countries).
+ .
+ 8. GENERAL
+ .
+ If any provision of this Agreement is invalid or unenforceable under
+ applicable law, it shall not affect the validity or enforceability of the
+ remainder of the terms of this Agreement, and without further action by the
+ parties hereto, such provision shall be reformed to the minimum extent
+ necessary to make such provision valid and enforceable.
+ .
+ If Recipient institutes patent litigation against a Contributor with respect
+ to a patent applicable to software (including a cross-claim or counterclaim in
+ a lawsuit), then any patent licenses granted by that Contributor to such
+ Recipient under this Agreement shall terminate as of the date such litigation
+ is filed. In addition, if Recipient institutes patent litigation against any
+ entity (including a cross-claim or counterclaim in a lawsuit) alleging that
+ the Program itself (excluding combinations of the Program with other software
+ or hardware) infringes such Recipient's patent(s), then such Recipient's
+ rights granted under Section 2(b) shall terminate as of the date such
+ litigation is filed.
+ .
+ All Recipient's rights under this Agreement shall terminate if it fails to
+ comply with any of the material terms or conditions of this Agreement and does
+ not cure such failure in a reasonable period of time after becoming aware of
+ such noncompliance. If all Recipient's rights under this Agreement terminate,
+ Recipient agrees to cease use and distribution of the Program as soon as
+ reasonably practicable. However, Recipient's obligations under this Agreement
+ and any licenses granted by Recipient relating to the Program shall continue
+ and survive.
+ .
+ LUCENT may publish new versions (including revisions) of this Agreement from
+ time to time. Each new version of the Agreement will be given a distinguishing
+ version number. The Program (including Contributions) may always be
+ distributed subject to the version of the Agreement under which it was
+ received. In addition, after a new version of the Agreement is published,
+ Contributor may elect to distribute the Program (including its Contributions)
+ under the new version. No one other than LUCENT has the right to modify this
+ Agreement. Except as expressly stated in Sections 2(a) and 2(b) above,
+ Recipient receives no rights or licenses to the intellectual property of any
+ Contributor under this Agreement, whether expressly, by implication, estoppel
+ or otherwise. All rights in the Program not expressly granted under this
+ Agreement are reserved.
+ .
+ This Agreement is governed by the laws of the State of New York and the
+ intellectual property laws of the United States of America. No party to this
+ Agreement will bring a legal action under this Agreement more than one year
+ after the cause of action arose. Each party waives its rights to a jury trial
+ in any resulting litigation.
+
+License: W3C
+ This work (and included software, documentation such as READMEs, or
+ other related items) is being provided by the copyright holders under
+ the following license.
+ .
+ By obtaining, using and/or copying this work, you (the licensee)
+ agree that you have read, understood, and will comply with the
+ following terms and conditions.
+ .
+ Permission to copy, modify, and distribute this software and its
+ documentation, with or without modification, for any purpose and
+ without fee or royalty is hereby granted, provided that you include
+ the following on ALL copies of the software and documentation or
+ portions thereof, including modifications:
+ .
+ * The full text of this NOTICE in a location viewable to users of
+ the redistributed or derivative work.
+ .
+ * Any pre-existing intellectual property disclaimers, notices, or
+ terms and conditions. If none exist, the W3C Software Short
+ Notice should be included (hypertext is preferred, text is
+ permitted) within the body of any redistributed or derivative
+ code.
+ .
+ * Notice of any changes or modifications to the files, including
+ the date changes were made. (We recommend you provide URIs to the
+ location from which the code is derived.)
+ .
+ THIS SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS," AND COPYRIGHT
+ HOLDERS MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY OR FITNESS
+ FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE OR
+ DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS,
+ TRADEMARKS OR OTHER RIGHTS.
+ .
+ COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL
+ OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE SOFTWARE OR
+ DOCUMENTATION.
+ .
+ The name and trademarks of copyright holders may NOT be used in
+ advertising or publicity pertaining to the software without specific,
+ written prior permission. Title to copyright in this software and any
+ associated documentation will at all times remain with copyright
+ holders.
+ .
+ This version: http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231
+ .
+ This formulation of W3C's notice and license became active on December
+ 31 2002. This version removes the copyright ownership notice such that
+ this license can be used with materials other than those owned by the
+ W3C, reflects that ERCIM is now a host of the W3C, includes references
+ to this specific dated version of the license, and removes the
+ ambiguous grant of "use". Otherwise, this version is the same as the
+ previous version and is written so as to preserve the Free Software
+ Foundation's assessment of GPL compatibility and OSI's certification
+ under the Open Source Definition.
+
+License: CC-BY-3.0
+ THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS
+ CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS
+ PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE
+ WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS
+ PROHIBITED.
+ .
+ BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND
+ AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS
+ LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU
+ THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH
+ TERMS AND CONDITIONS.
+ .
+ 1. Definitions
+ .
+ a. "Adaptation" means a work based upon the Work, or upon the Work
+ and other pre-existing works, such as a translation, adaptation,
+ derivative work, arrangement of music or other alterations of a
+ literary or artistic work, or phonogram or performance and
+ includes cinematographic adaptations or any other form in which
+ the Work may be recast, transformed, or adapted including in any
+ form recognizably derived from the original, except that a work
+ that constitutes a Collection will not be considered an
+ Adaptation for the purpose of this License. For the avoidance of
+ doubt, where the Work is a musical work, performance or
+ phonogram, the synchronization of the Work in timed-relation
+ with a moving image ("synching") will be considered an
+ Adaptation for the purpose of this License.
+ .
+ b. "Collection" means a collection of literary or artistic works,
+ such as encyclopedias and anthologies, or performances,
+ phonograms or broadcasts, or other works or subject matter other
+ than works listed in Section 1(f) below, which, by reason of the
+ selection and arrangement of their contents, constitute
+ intellectual creations, in which the Work is included in its
+ entirety in unmodified form along with one or more other
+ contributions, each constituting separate and independent works
+ in themselves, which together are assembled into a collective
+ whole. A work that constitutes a Collection will not be
+ considered an Adaptation (as defined above) for the purposes of
+ this License.
+ .
+ c. "Distribute" means to make available to the public the original
+ and copies of the Work or Adaptation, as appropriate, through
+ sale or other transfer of ownership.
+ .
+ d. "Licensor" means the individual, individuals, entity or entities
+ that offer(s) the Work under the terms of this License.
+ .
+ e. "Original Author" means, in the case of a literary or artistic
+ work, the individual, individuals, entity or entities who
+ created the Work or if no individual or entity can be
+ identified, the publisher; and in addition (i) in the case of a
+ performance the actors, singers, musicians, dancers, and other
+ persons who act, sing, deliver, declaim, play in, interpret or
+ otherwise perform literary or artistic works or expressions of
+ folklore; (ii) in the case of a phonogram the producer being the
+ person or legal entity who first fixes the sounds of a
+ performance or other sounds; and, (iii) in the case of
+ broadcasts, the organization that transmits the broadcast.
+ .
+ f. "Work" means the literary and/or artistic work offered under the
+ terms of this License including without limitation any
+ production in the literary, scientific and artistic domain,
+ whatever may be the mode or form of its expression including
+ digital form, such as a book, pamphlet and other writing; a
+ lecture, address, sermon or other work of the same nature; a
+ dramatic or dramatico-musical work; a choreographic work or
+ entertainment in dumb show; a musical composition with or
+ without words; a cinematographic work to which are assimilated
+ works expressed by a process analogous to cinematography; a work
+ of drawing, painting, architecture, sculpture, engraving or
+ lithography; a photographic work to which are assimilated works
+ expressed by a process analogous to photography; a work of
+ applied art; an illustration, map, plan, sketch or
+ three-dimensional work relative to geography, topography,
+ architecture or science; a performance; a broadcast; a
+ phonogram; a compilation of data to the extent it is protected
+ as a copyrightable work; or a work performed by a variety or
+ circus performer to the extent it is not otherwise considered a
+ literary or artistic work.
+ .
+ g. "You" means an individual or entity exercising rights under this
+ License who has not previously violated the terms of this
+ License with respect to the Work, or who has received express
+ permission from the Licensor to exercise rights under this
+ License despite a previous violation.
+ .
+ h. "Publicly Perform" means to perform public recitations of the
+ Work and to communicate to the public those public recitations,
+ by any means or process, including by wire or wireless means or
+ public digital performances; to make available to the public
+ Works in such a way that members of the public may access these
+ Works from a place and at a place individually chosen by them;
+ to perform the Work to the public by any means or process and
+ the communication to the public of the performances of the Work,
+ including by public digital performance; to broadcast and
+ rebroadcast the Work by any means including signs, sounds or
+ images.
+ .
+ i. "Reproduce" means to make copies of the Work by any means
+ including without limitation by sound or visual recordings and
+ the right of fixation and reproducing fixations of the Work,
+ including storage of a protected performance or phonogram in
+ digital form or other electronic medium.
+ .
+ 2. Fair Dealing Rights. Nothing in this License is intended to
+ reduce, limit, or restrict any uses free from copyright or rights
+ arising from limitations or exceptions that are provided for in
+ connection with the copyright protection under copyright law or other
+ applicable laws.
+ .
+ 3. License Grant. Subject to the terms and conditions of this License,
+ Licensor hereby grants You a worldwide, royalty-free, non-exclusive,
+ perpetual (for the duration of the applicable copyright) license to
+ exercise the rights in the Work as stated below:
+ .
+ a. to Reproduce the Work, to incorporate the Work into one or more
+ Collections, and to Reproduce the Work as incorporated in the
+ Collections;
+ .
+ b. to create and Reproduce Adaptations provided that any such
+ Adaptation, including any translation in any medium, takes
+ reasonable steps to clearly label, demarcate or otherwise
+ identify that changes were made to the original Work. For
+ example, a translation could be marked "The original work was
+ translated from English to Spanish," or a modification could
+ indicate "The original work has been modified.";
+ .
+ c. to Distribute and Publicly Perform the Work including as
+ incorporated in Collections; and,
+ .
+ d. to Distribute and Publicly Perform Adaptations.
+ .
+ e. For the avoidance of doubt:
+ .
+ i. Non-waivable Compulsory License Schemes. In those
+ jurisdictions in which the right to collect royalties
+ through any statutory or compulsory licensing scheme cannot
+ be waived, the Licensor reserves the exclusive right to
+ collect such royalties for any exercise by You of the
+ rights granted under this License;
+ .
+ ii. Waivable Compulsory License Schemes. In those jurisdictions
+ in which the right to collect royalties through any
+ statutory or compulsory licensing scheme can be waived, the
+ Licensor waives the exclusive right to collect such
+ royalties for any exercise by You of the rights granted
+ under this License; and,
+ .
+ iii. Voluntary License Schemes. The Licensor waives the right to
+ collect royalties, whether individually or, in the event
+ that the Licensor is a member of a collecting society that
+ administers voluntary licensing schemes, via that society,
+ from any exercise by You of the rights granted under this
+ License.
+ .
+ The above rights may be exercised in all media and formats whether
+ now known or hereafter devised. The above rights include the right to
+ make such modifications as are technically necessary to exercise the
+ rights in other media and formats. Subject to Section 8(f), all
+ rights not expressly granted by Licensor are hereby reserved.
+ .
+ 4. Restrictions. The license granted in Section 3 above is expressly
+ made subject to and limited by the following restrictions:
+ .
+ a. You may Distribute or Publicly Perform the Work only under the
+ terms of this License. You must include a copy of, or the
+ Uniform Resource Identifier (URI) for, this License with every
+ copy of the Work You Distribute or Publicly Perform. You may not
+ offer or impose any terms on the Work that restrict the terms of
+ this License or the ability of the recipient of the Work to
+ exercise the rights granted to that recipient under the terms of
+ the License. You may not sublicense the Work. You must keep
+ intact all notices that refer to this License and to the
+ disclaimer of warranties with every copy of the Work You
+ Distribute or Publicly Perform. When You Distribute or Publicly
+ Perform the Work, You may not impose any effective technological
+ measures on the Work that restrict the ability of a recipient of
+ the Work from You to exercise the rights granted to that
+ recipient under the terms of the License. This Section 4(a)
+ applies to the Work as incorporated in a Collection, but this
+ does not require the Collection apart from the Work itself to be
+ made subject to the terms of this License. If You create a
+ Collection, upon notice from any Licensor You must, to the
+ extent practicable, remove from the Collection any credit as
+ required by Section 4(b), as requested. If You create an
+ Adaptation, upon notice from any Licensor You must, to the
+ extent practicable, remove from the Adaptation any credit as
+ required by Section 4(b), as requested.
+ .
+ b. If You Distribute, or Publicly Perform the Work or any
+ Adaptations or Collections, You must, unless a request has been
+ made pursuant to Section 4(a), keep intact all copyright notices
+ for the Work and provide, reasonable to the medium or means You
+ are utilizing: (i) the name of the Original Author (or
+ pseudonym, if applicable) if supplied, and/or if the Original
+ Author and/or Licensor designate another party or parties (e.g.,
+ a sponsor institute, publishing entity, journal) for attribution
+ ("Attribution Parties") in Licensor's copyright notice, terms of
+ service or by other reasonable means, the name of such party or
+ parties; (ii) the title of the Work if supplied; (iii) to the
+ extent reasonably practicable, the URI, if any, that Licensor
+ specifies to be associated with the Work, unless such URI does
+ not refer to the copyright notice or licensing information for
+ the Work; and (iv) , consistent with Section 3(b), in the case
+ of an Adaptation, a credit identifying the use of the Work in
+ the Adaptation (e.g., "French translation of the Work by
+ Original Author," or "Screenplay based on original Work by
+ Original Author"). The credit required by this Section 4 (b) may
+ be implemented in any reasonable manner; provided, however, that
+ in the case of a Adaptation or Collection, at a minimum such
+ credit will appear, if a credit for all contributing authors of
+ the Adaptation or Collection appears, then as part of these
+ credits and in a manner at least as prominent as the credits for
+ the other contributing authors. For the avoidance of doubt, You
+ may only use the credit required by this Section for the purpose
+ of attribution in the manner set out above and, by exercising
+ Your rights under this License, You may not implicitly or
+ explicitly assert or imply any connection with, sponsorship or
+ endorsement by the Original Author, Licensor and/or Attribution
+ Parties, as appropriate, of You or Your use of the Work, without
+ the separate, express prior written permission of the Original
+ Author, Licensor and/or Attribution Parties.
+ .
+ c. Except as otherwise agreed in writing by the Licensor or as may
+ be otherwise permitted by applicable law, if You Reproduce,
+ Distribute or Publicly Perform the Work either by itself or as
+ part of any Adaptations or Collections, You must not distort,
+ mutilate, modify or take other derogatory action in relation to
+ the Work which would be prejudicial to the Original Author's
+ honor or reputation. Licensor agrees that in those jurisdictions
+ (e.g. Japan), in which any exercise of the right granted in
+ Section 3(b) of this License (the right to make Adaptations)
+ would be deemed to be a distortion, mutilation, modification or
+ other derogatory action prejudicial to the Original Author's
+ honor and reputation, the Licensor will waive or not assert, as
+ appropriate, this Section, to the fullest extent permitted by
+ the applicable national law, to enable You to reasonably
+ exercise Your right under Section 3(b) of this License (right to
+ make Adaptations) but not otherwise.
+ .
+ 5. Representations, Warranties and Disclaimer
+ .
+ UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING,
+ LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR
+ WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED,
+ STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF
+ TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE,
+ NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY,
+ OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE.
+ SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES,
+ SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
+ .
+ 6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY
+ APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY
+ LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR
+ EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK,
+ EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ .
+ 7. Termination
+ .
+ a. This License and the rights granted hereunder will terminate
+ automatically upon any breach by You of the terms of this
+ License. Individuals or entities who have received Adaptations
+ or Collections from You under this License, however, will not
+ have their licenses terminated provided such individuals or
+ entities remain in full compliance with those licenses.
+ Sections 1, 2, 5, 6, 7, and 8 will survive any termination of
+ this License.
+ .
+ b. Subject to the above terms and conditions, the license granted
+ here is perpetual (for the duration of the applicable copyright
+ in the Work). Notwithstanding the above, Licensor reserves the
+ right to release the Work under different license terms or to
+ stop distributing the Work at any time; provided, however that
+ any such election will not serve to withdraw this License (or
+ any other license that has been, or is required to be, granted
+ under the terms of this License), and this License will continue
+ in full force and effect unless terminated as stated above.
+ .
+ 8. Miscellaneous
+ .
+ a. Each time You Distribute or Publicly Perform the Work or a
+ Collection, the Licensor offers to the recipient a license to
+ the Work on the same terms and conditions as the license granted
+ to You under this License.
+ .
+ b. Each time You Distribute or Publicly Perform an Adaptation,
+ Licensor offers to the recipient a license to the original Work
+ on the same terms and conditions as the license granted to You
+ under this License.
+ .
+ c. If any provision of this License is invalid or unenforceable
+ under applicable law, it shall not affect the validity or
+ enforceability of the remainder of the terms of this License,
+ and without further action by the parties to this agreement,
+ such provision shall be reformed to the minimum extent necessary
+ to make such provision valid and enforceable.
+ .
+ d. No term or provision of this License shall be deemed waived and
+ no breach consented to unless such waiver or consent shall be in
+ writing and signed by the party to be charged with such waiver
+ or consent.
+ .
+ e. This License constitutes the entire agreement between the
+ parties with respect to the Work licensed here. There are no
+ understandings, agreements or representations with respect to
+ the Work not specified here. Licensor shall not be bound by any
+ additional provisions that may appear in any communication from
+ You. This License may not be modified without the mutual written
+ agreement of the Licensor and You.
+ .
+ f. The rights granted under, and the subject matter referenced, in
+ this License were drafted utilizing the terminology of the Berne
+ Convention for the Protection of Literary and Artistic Works (as
+ amended on September 28, 1979), the Rome Convention of 1961, the
+ WIPO Copyright Treaty of 1996, the WIPO Performances and
+ Phonograms Treaty of 1996 and the Universal Copyright Convention
+ (as revised on July 24, 1971). These rights and subject matter
+ take effect in the relevant jurisdiction in which the License
+ terms are sought to be enforced according to the corresponding
+ provisions of the implementation of those treaty provisions in
+ the applicable national law. If the standard suite of rights
+ granted under applicable copyright law includes additional
+ rights not granted under this License, such additional rights
+ are deemed to be included in the License; this License is not
+ intended to restrict the license of any rights under applicable law.
--- /dev/null
+AUTHORS
+CONTRIBUTORS
+README.md
--- /dev/null
+#
+# WARNING: "debian/gbp.conf" is generated via "debian/rules gencontrol" (sourced from "debian/gbp.conf.in")
+#
+
+[DEFAULT]
+debian-branch = golang-1.7
+debian-tag = debian/%(version)s
+upstream-branch = upstream-1.7
+upstream-tag = upstream/%(version)s
+pristine-tar = True
+
+[git-dch]
+meta = 1
--- /dev/null
+[DEFAULT]
+debian-branch = golang-X.Y
+debian-tag = debian/%(version)s
+upstream-branch = upstream-X.Y
+upstream-tag = upstream/%(version)s
+pristine-tar = True
+
+[git-dch]
+meta = 1
--- /dev/null
+usr/share/doc/golang-X.Y-doc/html
--- /dev/null
+doc/* /usr/share/doc/golang-X.Y-doc/html/
+favicon.ico /usr/share/doc/golang-X.Y-doc
--- /dev/null
+usr/share/doc/golang-X.Y-doc/favicon.ico /usr/lib/go-X.Y/favicon.ico
+usr/share/doc/golang-X.Y-doc/html /usr/lib/go-X.Y/doc
--- /dev/null
+# While golang-X.Y-doc ships HTML files, they are not intended to be viewed
+# directly in a browser or other HTML-capable tool. Instead, they have to be
+# served by using e.g. “godoc -http=:6060”, see also
+# http://bugs.debian.org/702642
+golang-X.Y-doc: possible-documentation-but-no-doc-base-registration
--- /dev/null
+usr/lib/go-X.Y
+usr/share/go-X.Y/src/
--- /dev/null
+VERSION /usr/lib/go-X.Y/
+bin/go /usr/lib/go-X.Y/bin/
+bin/gofmt /usr/lib/go-X.Y/bin/
+pkg/*_* /usr/lib/go-X.Y/pkg/
+pkg/include /usr/share/go-X.Y/pkg/
+pkg/obj /usr/lib/go-X.Y/pkg/
+pkg/tool /usr/lib/go-X.Y/pkg/
--- /dev/null
+usr/share/go-X.Y/pkg/include /usr/lib/go-X.Y/pkg/include
+usr/share/go-X.Y/src /usr/lib/go-X.Y/src
+usr/share/go-X.Y/test /usr/lib/go-X.Y/test
--- /dev/null
+# Go always links statically.
+golang-X.Y-go: statically-linked-binary
--- /dev/null
+#!/bin/sh
+set -e
+
+case "$1" in
+ configure)
+ # Very ugly hack to set timestamps same as /usr/lib/go-X.Y/bin/go
+ find /usr/lib/go-X.Y/pkg -exec touch -r /usr/lib/go-X.Y/bin/go {} \;
+ ;;
+ *)
+ ;;
+esac
+
+#DEBHELPER#
--- /dev/null
+src /usr/share/go-X.Y/
+test /usr/share/go-X.Y/
--- /dev/null
+# golang-X.Y-src ships ELF object files as testdata for the debug/dwarf and
+# debug/elf packages.
+golang-X.Y-src: arch-dependent-file-in-usr-share
+golang-X.Y-src: unstripped-binary-or-object
--- /dev/null
+#!/bin/sh
+set -e
+
+__goos__deb_arch_os() {
+ case "$1" in
+ kfreebsd) echo freebsd ;;
+ linux) echo "$1" ;;
+ *) echo >&2 "error: unrecongized DEB_*_ARCH_OS: $1"; exit 1 ;;
+ esac
+}
+
+__goarch__deb_arch_cpu() {
+ case "$1" in
+ amd64|arm|arm64|ppc64|s390x) echo "$1" ;;
+ i386) echo 386 ;;
+ ppc64el) echo ppc64le ;;
+ mips64el) echo mips64le ;;
+ *) echo >&2 "error: unrecongized DEB_*_ARCH_CPU: $1"; exit 1 ;;
+ esac
+}
+
+# build machine
+# The machine the package is built on.
+#
+# host machine
+# The machine the package is built for.
+
+export GOHOSTOS="$(__goos__deb_arch_os "$(dpkg-architecture -qDEB_BUILD_ARCH_OS 2>/dev/null)")"
+export GOOS="$(__goos__deb_arch_os "$(dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)")"
+
+export GOHOSTARCH="$(__goarch__deb_arch_cpu "$(dpkg-architecture -qDEB_BUILD_ARCH_CPU 2>/dev/null)")"
+export GOARCH="$(__goarch__deb_arch_cpu "$(dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null)")"
+
+if [ -z "$GOHOSTOS" -o -z "$GOOS" -o -z "$GOHOSTARCH" -o -z "$GOARCH" ]; then
+ exit 1
+fi
+
+# Always use the 387 floating point unit instead of sse2. This is important to
+# ensure that the binaries we build (both when compiling golang on the buildds
+# and when users cross-compile for 386) can actually run on older CPUs (where
+# old means e.g. an AMD Athlon XP 2400+). See http://bugs.debian.org/753160 and
+# https://code.google.com/p/go/issues/detail?id=8152
+export GO386=387
+
+unset GOARM
+if [ "$GOARCH" = 'arm' ]; then
+ # start with GOARM=5 for maximum compatibility (see note about GO386 above)
+ GOARM=5
+ case "$(dpkg-architecture -qDEB_HOST_ARCH 2>/dev/null)" in
+ armhf) GOARM=6 ;;
+ esac
+fi
+export GOARM
+
+eval "$@"
--- /dev/null
+Origin: https://github.com/golang/go/commit/9a97c3bfe41d1ed768ea3bd3d8f0f52b8a51bb62
+Origin: https://github.com/golang/go/commit/a4544a0f8af001d1fb6df0e70750f570ec49ccf9
+Origin: https://github.com/golang/go/commit/533ee44cd45c064608ee2b833af9e86ef1cb294e
+Reviewed-by: Sylvain Beucler <beuc@debian.org>
+Last-Update: 2021-03-02
+
+From 9a97c3bfe41d1ed768ea3bd3d8f0f52b8a51bb62 Mon Sep 17 00:00:00 2001
+From: Russ Cox <rsc@golang.org>
+Date: Thu, 13 Oct 2016 13:45:31 -0400
+Subject: [PATCH] cmd/go: accept plain file for .vcs (instead of directory)
+
+Sometimes .git is a plain file; maybe others will follow.
+This CL matches CL 21430, made in x/tools/go/vcs.
+
+The change in the Swift test case makes the test case
+pass by changing the test to match current behavior,
+which I assume is better than the reverse.
+(The test only runs locally and without -short, so the
+builders are not seeing this particular failure.)
+
+For #10322.
+
+Change-Id: Iccd08819a01c5609a2880b9d8a99af936e20faff
+Reviewed-on: https://go-review.googlesource.com/30948
+Run-TryBot: Russ Cox <rsc@golang.org>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+Reviewed-by: Ian Lance Taylor <iant@golang.org>
+---
+
+From a4544a0f8af001d1fb6df0e70750f570ec49ccf9 Mon Sep 17 00:00:00 2001
+From: Russ Cox <rsc@golang.org>
+Date: Fri, 22 Sep 2017 12:17:21 -0400
+Subject: [PATCH] [release-branch.go1.8] cmd/go: reject update of VCS inside
+ VCS
+
+Cherry-pick of CL 68110.
+
+Change-Id: Iae84c6404ab5eeb6950faa2364f97a017c67c506
+Reviewed-on: https://go-review.googlesource.com/68190
+Run-TryBot: Russ Cox <rsc@golang.org>
+Reviewed-by: Chris Broadfoot <cbro@golang.org>
+---
+ src/cmd/go/get.go | 5 ++++
+ src/cmd/go/go_test.go | 19 ++++++++++++++
+ src/cmd/go/vcs.go | 58 ++++++++++++++++++++++++++++++++++++++++++-
+ 3 files changed, 81 insertions(+), 1 deletion(-)
+
+From 533ee44cd45c064608ee2b833af9e86ef1cb294e Mon Sep 17 00:00:00 2001
+From: Ian Lance Taylor <iant@golang.org>
+Date: Tue, 10 Oct 2017 14:10:28 -0700
+Subject: [PATCH] [release-branch.go1.8] cmd/go: correct directory used in
+ checkNestedVCS test
+
+This error was not used when using git because nested git is permitted.
+Add test using Mercurial, so that at least we have a test, even though
+the test is not run by default.
+
+Fixes #22157
+Fixes #22201
+
+Change-Id: If521f3c09b0754e00e56fa3cd0364764a57a43ad
+Reviewed-on: https://go-review.googlesource.com/69670
+Run-TryBot: Ian Lance Taylor <iant@golang.org>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+Reviewed-by: Russ Cox <rsc@golang.org>
+Reviewed-on: https://go-review.googlesource.com/70839
+Run-TryBot: Russ Cox <rsc@golang.org>
+Reviewed-by: Ian Lance Taylor <iant@golang.org>
+---
+
+Index: golang-1.7-1.7.4/src/cmd/go/vcs.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/cmd/go/vcs.go
++++ golang-1.7-1.7.4/src/cmd/go/vcs.go
+@@ -479,11 +479,28 @@ func vcsFromDir(dir, srcRoot string) (vc
+ return nil, "", fmt.Errorf("directory %q is outside source root %q", dir, srcRoot)
+ }
+
++ var vcsRet *vcsCmd
++ var rootRet string
++
+ origDir := dir
+ for len(dir) > len(srcRoot) {
+ for _, vcs := range vcsList {
+- if fi, err := os.Stat(filepath.Join(dir, "."+vcs.cmd)); err == nil && fi.IsDir() {
+- return vcs, filepath.ToSlash(dir[len(srcRoot)+1:]), nil
++ if _, err := os.Stat(filepath.Join(dir, "."+vcs.cmd)); err == nil {
++ root := filepath.ToSlash(dir[len(srcRoot)+1:])
++ // Record first VCS we find, but keep looking,
++ // to detect mistakes like one kind of VCS inside another.
++ if vcsRet == nil {
++ vcsRet = vcs
++ rootRet = root
++ continue
++ }
++ // Allow .git inside .git, which can arise due to submodules.
++ if vcsRet == vcs && vcs.cmd == "git" {
++ continue
++ }
++ // Otherwise, we have one VCS inside a different VCS.
++ return nil, "", fmt.Errorf("directory %q uses %s, but parent %q uses %s",
++ filepath.Join(srcRoot, rootRet), vcsRet.cmd, filepath.Join(srcRoot, root), vcs.cmd)
+ }
+ }
+
+@@ -496,9 +513,48 @@ func vcsFromDir(dir, srcRoot string) (vc
+ dir = ndir
+ }
+
++ if vcsRet != nil {
++ return vcsRet, rootRet, nil
++ }
++
+ return nil, "", fmt.Errorf("directory %q is not using a known version control system", origDir)
+ }
+
++// checkNestedVCS checks for an incorrectly-nested VCS-inside-VCS
++// situation for dir, checking parents up until srcRoot.
++func checkNestedVCS(vcs *vcsCmd, dir, srcRoot string) error {
++ if len(dir) <= len(srcRoot) || dir[len(srcRoot)] != filepath.Separator {
++ return fmt.Errorf("directory %q is outside source root %q", dir, srcRoot)
++ }
++
++ otherDir := dir
++ for len(otherDir) > len(srcRoot) {
++ for _, otherVCS := range vcsList {
++ if _, err := os.Stat(filepath.Join(otherDir, "."+otherVCS.cmd)); err == nil {
++ // Allow expected vcs in original dir.
++ if otherDir == dir && otherVCS == vcs {
++ continue
++ }
++ // Allow .git inside .git, which can arise due to submodules.
++ if otherVCS == vcs && vcs.cmd == "git" {
++ continue
++ }
++ // Otherwise, we have one VCS inside a different VCS.
++ return fmt.Errorf("directory %q uses %s, but parent %q uses %s", dir, vcs.cmd, otherDir, otherVCS.cmd)
++ }
++ }
++ // Move to parent.
++ newDir := filepath.Dir(otherDir)
++ if len(newDir) >= len(otherDir) {
++ // Shouldn't happen, but just in case, stop.
++ break
++ }
++ otherDir = newDir
++ }
++
++ return nil
++}
++
+ // repoRoot represents a version control system, a repo, and a root of
+ // where to put it on disk.
+ type repoRoot struct {
+Index: golang-1.7-1.7.4/src/cmd/go/vcs_test.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/cmd/go/vcs_test.go
++++ golang-1.7-1.7.4/src/cmd/go/vcs_test.go
+@@ -102,7 +102,7 @@ func TestRepoRootForImportPath(t *testin
+ "git.openstack.org/openstack/swift.git",
+ &repoRoot{
+ vcs: vcsGit,
+- repo: "https://git.openstack.org/openstack/swift",
++ repo: "https://git.openstack.org/openstack/swift.git",
+ },
+ },
+ {
+@@ -174,11 +174,23 @@ func TestFromDir(t *testing.T) {
+ }
+ defer os.RemoveAll(tempDir)
+
+- for _, vcs := range vcsList {
++ for j, vcs := range vcsList {
+ dir := filepath.Join(tempDir, "example.com", vcs.name, "."+vcs.cmd)
+- err := os.MkdirAll(dir, 0755)
+- if err != nil {
+- t.Fatal(err)
++ if j&1 == 0 {
++ err := os.MkdirAll(dir, 0755)
++ if err != nil {
++ t.Fatal(err)
++ }
++ } else {
++ err := os.MkdirAll(filepath.Dir(dir), 0755)
++ if err != nil {
++ t.Fatal(err)
++ }
++ f, err := os.Create(dir)
++ if err != nil {
++ t.Fatal(err)
++ }
++ f.Close()
+ }
+
+ want := repoRoot{
+Index: golang-1.7-1.7.4/src/cmd/go/get.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/cmd/go/get.go
++++ golang-1.7-1.7.4/src/cmd/go/get.go
+@@ -401,6 +401,11 @@ func downloadPackage(p *Package) error {
+ p.build.PkgRoot = filepath.Join(list[0], "pkg")
+ }
+ root := filepath.Join(p.build.SrcRoot, filepath.FromSlash(rootPath))
++
++ if err := checkNestedVCS(vcs, root, p.build.SrcRoot); err != nil {
++ return err
++ }
++
+ // If we've considered this repository already, don't do it again.
+ if downloadRootCache[root] {
+ return nil
+Index: golang-1.7-1.7.4/src/cmd/go/go_test.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/cmd/go/go_test.go
++++ golang-1.7-1.7.4/src/cmd/go/go_test.go
+@@ -1099,7 +1099,7 @@ func testMove(t *testing.T, vcs, url, ba
+ tg.runFail("get", "-d", "-u", url)
+ tg.grepStderr("is a custom import path for", "go get -d -u "+url+" failed for wrong reason")
+ tg.runFail("get", "-d", "-f", "-u", url)
+- tg.grepStderr("validating server certificate|not found", "go get -d -f -u "+url+" failed for wrong reason")
++ tg.grepStderr("validating server certificate|[nN]ot [fF]ound", "go get -d -f -u "+url+" failed for wrong reason")
+ }
+
+ func TestInternalPackageErrorsAreHandled(t *testing.T) {
+@@ -1120,10 +1120,9 @@ func TestMoveGit(t *testing.T) {
+ testMove(t, "git", "rsc.io/pdf", "pdf", "rsc.io/pdf/.git/config")
+ }
+
+-// TODO(rsc): Set up a test case on bitbucket for hg.
+-// func TestMoveHG(t *testing.T) {
+-// testMove(t, "hg", "rsc.io/x86/x86asm", "x86", "rsc.io/x86/.hg/hgrc")
+-// }
++func TestMoveHG(t *testing.T) {
++ testMove(t, "hg", "vcs-test.golang.org/go/custom-hg-hello", "custom-hg-hello", "vcs-test.golang.org/go/custom-hg-hello/.hg/hgrc")
++}
+
+ // TODO(rsc): Set up a test case on SourceForge (?) for svn.
+ // func testMoveSVN(t *testing.T) {
+@@ -1235,6 +1234,25 @@ func TestGetGitDefaultBranch(t *testing.
+ tg.grepStdout(`\* another-branch`, "not on correct default branch")
+ }
+
++func TestAccidentalGitCheckout(t *testing.T) {
++ testenv.MustHaveExternalNetwork(t)
++ if _, err := exec.LookPath("git"); err != nil {
++ t.Skip("skipping because git binary not found")
++ }
++
++ tg := testgo(t)
++ defer tg.cleanup()
++ tg.parallel()
++ tg.tempDir("src")
++ tg.setenv("GOPATH", tg.path("."))
++
++ tg.runFail("get", "-u", "vcs-test.golang.org/go/test1-svn-git")
++ tg.grepStderr("src[\\\\/]vcs-test.* uses git, but parent .*src[\\\\/]vcs-test.* uses svn", "get did not fail for right reason")
++
++ tg.runFail("get", "-u", "vcs-test.golang.org/go/test2-svn-git/test2main")
++ tg.grepStderr("src[\\\\/]vcs-test.* uses git, but parent .*src[\\\\/]vcs-test.* uses svn", "get did not fail for right reason")
++}
++
+ func TestErrorMessageForSyntaxErrorInTestGoFileSaysFAIL(t *testing.T) {
+ tg := testgo(t)
+ defer tg.cleanup()
--- /dev/null
+Origin: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972
+Origin: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be
+Origin: https://github.com/golang/go/commit/25bee965c685e3f35c10076648685e22e59fd656
+Reviewed-by: Sylvain Beucler <beuc@debian.org>
+Last-Update: 2021-03-04
+
+From 90d609ba6156299642d08afc06d85ab770a03972 Mon Sep 17 00:00:00 2001
+From: "Bryan C. Mills" <bcmills@google.com>
+Date: Mon, 3 Dec 2018 15:12:08 -0500
+Subject: [PATCH] [release-branch.go1.10-security] cmd/go: reject 'get' of
+ paths containing leading dots or unsupported characters
+
+On some platforms, directories beginning with dot are treated as
+hidden files, and filenames containing unusual characters can be
+confusing for users to manipulate (and delete).
+
+Change-Id: I443bdeb98e4de24b8a93a75fb923f4d41052e8f7
+Reviewed-on: https://team-review.git.corp.google.com/c/368703
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+---
+
+From 7ef6ee2c5727f0d11206b4d1866c18e6ab4785be Mon Sep 17 00:00:00 2001
+From: "Bryan C. Mills" <bcmills@google.com>
+Date: Tue, 4 Dec 2018 14:37:39 -0500
+Subject: [PATCH] [release-branch.go1.10-security] cmd/go/internal/get: reject
+ Windows shortnames as path components
+
+Change-Id: Ia32d8ec1fc0c4e242f50d8871c0ef3ce315f3c65
+Reviewed-on: https://team-review.git.corp.google.com/c/370573
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+---
+
+From 25bee965c685e3f35c10076648685e22e59fd656 Mon Sep 17 00:00:00 2001
+From: "Bryan C. Mills" <bcmills@google.com>
+Date: Thu, 13 Dec 2018 21:42:33 -0500
+Subject: [PATCH] [release-branch.go1.10] cmd/go/internal/get: move
+ wildcard-trimming to before CheckImportPath
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Previously, RepoRootForImportPath trimmed certain "..." wildcards from
+package patterns (even though its name suggests that the argument must
+be an actual import path). It trimmed at the first path element that
+was literally "..." (although wildcards in general may appear within a
+larger path element), and relied on a subsequent check in
+RepoRootForImportPath to catch confusing resolutions.
+
+However, that causes 'go get' with wildcard patterns in fresh paths to
+fail as of CL 154101: a wildcard pattern is not a valid import path,
+and fails the path check. (The existing Test{Vendor,Go}Get* packages
+in go_test.go and vendor_test.go catch the failure, but they are all
+skipped when the "-short" flag is set — including in all.bash — and we
+had forgotten to run them separately.)
+
+We now trim the path before any element that contains a wildcard, and
+perform the path check (and repo resolution) on only that prefix. It
+is possible that the expanded path after fetching the repo will be
+invalid, but a repository can contain directories that are not valid
+import paths in general anyway.
+
+Fixes #29247
+
+Change-Id: I70fb2f7fc6603b7d339fd6c02e8cdeacfc93fc4b
+Reviewed-on: https://go-review.googlesource.com/c/154108
+Reviewed-by: Russ Cox <rsc@golang.org>
+Reviewed-on: https://go-review.googlesource.com/c/154111
+Run-TryBot: Bryan C. Mills <bcmills@google.com>
+Reviewed-by: Filippo Valsorda <filippo@golang.org>
+---
+
+Index: golang-1.7-1.7.4/src/cmd/go/get.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/cmd/go/get.go
++++ golang-1.7-1.7.4/src/cmd/go/get.go
+@@ -183,7 +183,7 @@ var downloadCache = map[string]bool{}
+ var downloadRootCache = map[string]bool{}
+
+ // download runs the download half of the get command
+-// for the package named by the argument.
++// for the package or pattern named by the argument.
+ func download(arg string, parent *Package, stk *importStack, mode int) {
+ load := func(path string, mode int) *Package {
+ if parent == nil {
+@@ -343,6 +343,23 @@ func downloadPackage(p *Package) error {
+ security = insecure
+ }
+
++ // p can be either a real package, or a pseudo-package whose “import path” is
++ // actually a wildcard pattern.
++ // Trim the path at the element containing the first wildcard,
++ // and hope that it applies to the wildcarded parts too.
++ // This makes 'go get rsc.io/pdf/...' work in a fresh GOPATH.
++ importPrefix := p.ImportPath
++ if i := strings.Index(importPrefix, "..."); i >= 0 {
++ slash := strings.LastIndexByte(importPrefix[:i], '/')
++ if slash < 0 {
++ return fmt.Errorf("cannot expand ... in %q", p.ImportPath)
++ }
++ importPrefix = importPrefix[:slash]
++ }
++ if err := CheckImportPath(importPrefix); err != nil {
++ return fmt.Errorf("%s: invalid import path: %v", p.ImportPath, err)
++ }
++
+ if p.build.SrcRoot != "" {
+ // Directory exists. Look for checkout along path to src.
+ vcs, rootPath, err = vcsFromDir(p.Dir, p.build.SrcRoot)
+@@ -360,7 +377,7 @@ func downloadPackage(p *Package) error {
+ }
+ repo = remote
+ if !*getF {
+- if rr, err := repoRootForImportPath(p.ImportPath, security); err == nil {
++ if rr, err := repoRootForImportPath(importPrefix, security); err == nil {
+ repo := rr.repo
+ if rr.vcs.resolveRepo != nil {
+ resolved, err := rr.vcs.resolveRepo(rr.vcs, dir, repo)
+@@ -377,7 +394,7 @@ func downloadPackage(p *Package) error {
+ } else {
+ // Analyze the import path to determine the version control system,
+ // repository, and the import path for the root of the repository.
+- rr, err := repoRootForImportPath(p.ImportPath, security)
++ rr, err := repoRootForImportPath(importPrefix, security)
+ if err != nil {
+ return err
+ }
+Index: golang-1.7-1.7.4/src/cmd/go/path.go
+===================================================================
+--- /dev/null
++++ golang-1.7-1.7.4/src/cmd/go/path.go
+@@ -0,0 +1,191 @@
++// Copyright 2018 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++package main
++
++import (
++ "fmt"
++ "strings"
++ "unicode"
++ "unicode/utf8"
++)
++
++// The following functions are copied verbatim from cmd/go/internal/module/module.go,
++// with one change to additionally reject Windows short-names.
++//
++// TODO(bcmills): After the call site for this function is backported,
++// consolidate this back down to a single copy.
++
++// CheckImportPath checks that an import path is valid.
++func CheckImportPath(path string) error {
++ if err := checkPath(path, false); err != nil {
++ return fmt.Errorf("malformed import path %q: %v", path, err)
++ }
++ return nil
++}
++
++// checkPath checks that a general path is valid.
++// It returns an error describing why but not mentioning path.
++// Because these checks apply to both module paths and import paths,
++// the caller is expected to add the "malformed ___ path %q: " prefix.
++// fileName indicates whether the final element of the path is a file name
++// (as opposed to a directory name).
++func checkPath(path string, fileName bool) error {
++ if !utf8.ValidString(path) {
++ return fmt.Errorf("invalid UTF-8")
++ }
++ if path == "" {
++ return fmt.Errorf("empty string")
++ }
++ if strings.Contains(path, "..") {
++ return fmt.Errorf("double dot")
++ }
++ if strings.Contains(path, "//") {
++ return fmt.Errorf("double slash")
++ }
++ if path[len(path)-1] == '/' {
++ return fmt.Errorf("trailing slash")
++ }
++ elemStart := 0
++ for i, r := range path {
++ if r == '/' {
++ if err := checkElem(path[elemStart:i], fileName); err != nil {
++ return err
++ }
++ elemStart = i + 1
++ }
++ }
++ if err := checkElem(path[elemStart:], fileName); err != nil {
++ return err
++ }
++ return nil
++}
++
++// checkElem checks whether an individual path element is valid.
++// fileName indicates whether the element is a file name (not a directory name).
++func checkElem(elem string, fileName bool) error {
++ if elem == "" {
++ return fmt.Errorf("empty path element")
++ }
++ if strings.Count(elem, ".") == len(elem) {
++ return fmt.Errorf("invalid path element %q", elem)
++ }
++ if elem[0] == '.' && !fileName {
++ return fmt.Errorf("leading dot in path element")
++ }
++ if elem[len(elem)-1] == '.' {
++ return fmt.Errorf("trailing dot in path element")
++ }
++
++ charOK := pathOK
++ if fileName {
++ charOK = fileNameOK
++ }
++ for _, r := range elem {
++ if !charOK(r) {
++ return fmt.Errorf("invalid char %q", r)
++ }
++ }
++
++ // Windows disallows a bunch of path elements, sadly.
++ // See https://docs.microsoft.com/en-us/windows/desktop/fileio/naming-a-file
++ short := elem
++ if i := strings.Index(short, "."); i >= 0 {
++ short = short[:i]
++ }
++ for _, bad := range badWindowsNames {
++ if strings.EqualFold(bad, short) {
++ return fmt.Errorf("disallowed path element %q", elem)
++ }
++ }
++
++ // Reject path components that look like Windows short-names.
++ // Those usually end in a tilde followed by one or more ASCII digits.
++ if tilde := strings.LastIndexByte(short, '~'); tilde >= 0 && tilde < len(short)-1 {
++ suffix := short[tilde+1:]
++ suffixIsDigits := true
++ for _, r := range suffix {
++ if r < '0' || r > '9' {
++ suffixIsDigits = false
++ break
++ }
++ }
++ if suffixIsDigits {
++ return fmt.Errorf("trailing tilde and digits in path element")
++ }
++ }
++
++ return nil
++}
++
++// pathOK reports whether r can appear in an import path element.
++// Paths can be ASCII letters, ASCII digits, and limited ASCII punctuation: + - . _ and ~.
++// This matches what "go get" has historically recognized in import paths.
++// TODO(rsc): We would like to allow Unicode letters, but that requires additional
++// care in the safe encoding (see note below).
++func pathOK(r rune) bool {
++ if r < utf8.RuneSelf {
++ return r == '+' || r == '-' || r == '.' || r == '_' || r == '~' ||
++ '0' <= r && r <= '9' ||
++ 'A' <= r && r <= 'Z' ||
++ 'a' <= r && r <= 'z'
++ }
++ return false
++}
++
++// fileNameOK reports whether r can appear in a file name.
++// For now we allow all Unicode letters but otherwise limit to pathOK plus a few more punctuation characters.
++// If we expand the set of allowed characters here, we have to
++// work harder at detecting potential case-folding and normalization collisions.
++// See note about "safe encoding" below.
++func fileNameOK(r rune) bool {
++ if r < utf8.RuneSelf {
++ // Entire set of ASCII punctuation, from which we remove characters:
++ // ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
++ // We disallow some shell special characters: " ' * < > ? ` |
++ // (Note that some of those are disallowed by the Windows file system as well.)
++ // We also disallow path separators / : and \ (fileNameOK is only called on path element characters).
++ // We allow spaces (U+0020) in file names.
++ const allowed = "!#$%&()+,-.=@[]^_{}~ "
++ if '0' <= r && r <= '9' || 'A' <= r && r <= 'Z' || 'a' <= r && r <= 'z' {
++ return true
++ }
++ for i := 0; i < len(allowed); i++ {
++ if rune(allowed[i]) == r {
++ return true
++ }
++ }
++ return false
++ }
++ // It may be OK to add more ASCII punctuation here, but only carefully.
++ // For example Windows disallows < > \, and macOS disallows :, so we must not allow those.
++ return unicode.IsLetter(r)
++}
++
++// badWindowsNames are the reserved file path elements on Windows.
++// See https://docs.microsoft.com/en-us/windows/desktop/fileio/naming-a-file
++var badWindowsNames = []string{
++ "CON",
++ "PRN",
++ "AUX",
++ "NUL",
++ "COM1",
++ "COM2",
++ "COM3",
++ "COM4",
++ "COM5",
++ "COM6",
++ "COM7",
++ "COM8",
++ "COM9",
++ "LPT1",
++ "LPT2",
++ "LPT3",
++ "LPT4",
++ "LPT5",
++ "LPT6",
++ "LPT7",
++ "LPT8",
++ "LPT9",
++}
+Index: golang-1.7-1.7.4/src/cmd/go/vcs.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/cmd/go/vcs.go
++++ golang-1.7-1.7.4/src/cmd/go/vcs.go
+@@ -585,14 +585,7 @@ const (
+ func repoRootForImportPath(importPath string, security securityMode) (*repoRoot, error) {
+ rr, err := repoRootFromVCSPaths(importPath, "", security, vcsPaths)
+ if err == errUnknownSite {
+- // If there are wildcards, look up the thing before the wildcard,
+- // hoping it applies to the wildcarded parts too.
+- // This makes 'go get rsc.io/pdf/...' work in a fresh GOPATH.
+- lookup := strings.TrimSuffix(importPath, "/...")
+- if i := strings.Index(lookup, "/.../"); i >= 0 {
+- lookup = lookup[:i]
+- }
+- rr, err = repoRootForImportDynamic(lookup, security)
++ rr, err = repoRootForImportDynamic(importPath, security)
+ if err != nil {
+ err = fmt.Errorf("unrecognized import path %q (%v)", importPath, err)
+ }
+@@ -605,6 +598,7 @@ func repoRootForImportPath(importPath st
+ }
+ }
+
++ // Should have been taken care of above, but make sure.
+ if err == nil && strings.Contains(importPath, "...") && strings.Contains(rr.root, "...") {
+ // Do not allow wildcards in the repo root.
+ rr = nil
--- /dev/null
+Origin: https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8
+Reviewed-by: Sylvain Beucler <beuc@debian.org>
+Last-Update: 2021-03-12
+
+From 6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8 Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Thu, 12 Sep 2019 12:37:36 -0400
+Subject: [PATCH] [release-branch.go1.12-security] net/textproto: don't
+ normalize headers with spaces before the colon
+
+RFC 7230 is clear about headers with a space before the colon, like
+
+X-Answer : 42
+
+being invalid, but we've been accepting and normalizing them for compatibility
+purposes since CL 5690059 in 2012.
+
+On the client side, this is harmless and indeed most browsers behave the same
+to this day. On the server side, this becomes a security issue when the
+behavior doesn't match that of a reverse proxy sitting in front of the server.
+
+For example, if a WAF accepts them without normalizing them, it might be
+possible to bypass its filters, because the Go server would interpret the
+header differently. Worse, if the reverse proxy coalesces requests onto a
+single HTTP/1.1 connection to a Go server, the understanding of the request
+boundaries can get out of sync between them, allowing an attacker to tack an
+arbitrary method and path onto a request by other clients, including
+authentication headers unknown to the attacker.
+
+This was recently presented at multiple security conferences:
+https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn
+
+net/http servers already reject header keys with invalid characters.
+Simply stop normalizing extra spaces in net/textproto, let it return them
+unchanged like it does for other invalid headers, and let net/http enforce
+RFC 7230, which is HTTP specific. This loses us normalization on the client
+side, but there's no right answer on the client side anyway, and hiding the
+issue sounds worse than letting the application decide.
+
+Fixes CVE-2019-16276
+
+Change-Id: I6d272de827e0870da85d93df770d6a0e161bbcf1
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/549719
+Reviewed-by: Brad Fitzpatrick <bradfitz@google.com>
+(cherry picked from commit 1280b868e82bf173ea3e988be3092d160ee66082)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/558776
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+---
+ src/net/http/serve_test.go | 4 ++++
+ src/net/http/transport_test.go | 27 +++++++++++++++++++++++++++
+ src/net/textproto/reader.go | 10 ++--------
+ src/net/textproto/reader_test.go | 13 ++++++-------
+ 4 files changed, 39 insertions(+), 15 deletions(-)
+
+Index: golang-1.7-1.7.4/src/net/http/serve_test.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/http/serve_test.go
++++ golang-1.7-1.7.4/src/net/http/serve_test.go
+@@ -4101,6 +4101,11 @@ func TestServerValidatesHeaders(t *testi
+ {"foo\xffbar: foo\r\n", 400}, // binary in header
+ {"foo\x00bar: foo\r\n", 400}, // binary in header
+
++ // Spaces between the header key and colon are not allowed.
++ // See RFC 7230, Section 3.2.4.
++ {"Foo : bar\r\n", 400},
++ {"Foo\t: bar\r\n", 400},
++
+ {"foo: foo foo\r\n", 200}, // LWS space is okay
+ {"foo: foo\tfoo\r\n", 200}, // LWS tab is okay
+ {"foo: foo\x00foo\r\n", 400}, // CTL 0x00 in value is bad
+Index: golang-1.7-1.7.4/src/net/http/transport_test.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/http/transport_test.go
++++ golang-1.7-1.7.4/src/net/http/transport_test.go
+@@ -3687,3 +3687,30 @@ var rgz = []byte{
+ 0x00, 0x00, 0x3d, 0xb1, 0x20, 0x85, 0xfa, 0x00,
+ 0x00, 0x00,
+ }
++
++func TestInvalidHeaderResponse(t *testing.T) {
++ setParallel(t)
++ defer afterTest(t)
++ cst := newClientServerTest(t, h1Mode, HandlerFunc(func(w ResponseWriter, r *Request) {
++ conn, buf, _ := w.(Hijacker).Hijack()
++ buf.Write([]byte("HTTP/1.1 200 OK\r\n" +
++ "Date: Wed, 30 Aug 2017 19:09:27 GMT\r\n" +
++ "Content-Type: text/html; charset=utf-8\r\n" +
++ "Content-Length: 0\r\n" +
++ "Foo : bar\r\n\r\n"))
++ buf.Flush()
++ conn.Close()
++ }))
++ defer cst.close()
++ res, err := cst.c.Get(cst.ts.URL)
++ if err != nil {
++ t.Fatal(err)
++ }
++ defer res.Body.Close()
++ if v := res.Header.Get("Foo"); v != "" {
++ t.Errorf(`unexpected "Foo" header: %q`, v)
++ }
++ if v := res.Header.Get("Foo "); v != "bar" {
++ t.Errorf(`bad "Foo " header value: %q, want %q`, v, "bar")
++ }
++}
+Index: golang-1.7-1.7.4/src/net/textproto/reader.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/textproto/reader.go
++++ golang-1.7-1.7.4/src/net/textproto/reader.go
+@@ -482,18 +482,12 @@ func (r *Reader) ReadMIMEHeader() (MIMEH
+ return m, err
+ }
+
+- // Key ends at first colon; should not have spaces but
+- // they appear in the wild, violating specs, so we
+- // remove them if present.
++ // Key ends at first colon.
+ i := bytes.IndexByte(kv, ':')
+ if i < 0 {
+ return m, ProtocolError("malformed MIME header line: " + string(kv))
+ }
+- endKey := i
+- for endKey > 0 && kv[endKey-1] == ' ' {
+- endKey--
+- }
+- key := canonicalMIMEHeaderKey(kv[:endKey])
++ key := canonicalMIMEHeaderKey(kv[:i])
+
+ // As per RFC 7230 field-name is a token, tokens consist of one or more chars.
+ // We could return a ProtocolError here, but better to be liberal in what we
+Index: golang-1.7-1.7.4/src/net/textproto/reader_test.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/textproto/reader_test.go
++++ golang-1.7-1.7.4/src/net/textproto/reader_test.go
+@@ -188,11 +188,10 @@ func TestLargeReadMIMEHeader(t *testing.
+ }
+ }
+
+-// Test that we read slightly-bogus MIME headers seen in the wild,
+-// with spaces before colons, and spaces in keys.
++// TestReadMIMEHeaderNonCompliant checks that we don't normalize headers
++// with spaces before colons, and accept spaces in keys.
+ func TestReadMIMEHeaderNonCompliant(t *testing.T) {
+- // Invalid HTTP response header as sent by an Axis security
+- // camera: (this is handled by IE, Firefox, Chrome, curl, etc.)
++ // These invalid headers will be rejected by net/http according to RFC 7230.
+ r := reader("Foo: bar\r\n" +
+ "Content-Language: en\r\n" +
+ "SID : 0\r\n" +
+@@ -202,9 +201,9 @@ func TestReadMIMEHeaderNonCompliant(t *t
+ want := MIMEHeader{
+ "Foo": {"bar"},
+ "Content-Language": {"en"},
+- "Sid": {"0"},
+- "Audio Mode": {"None"},
+- "Privilege": {"127"},
++ "SID ": {"0"},
++ "Audio Mode ": {"None"},
++ "Privilege ": {"127"},
+ }
+ if !reflect.DeepEqual(m, want) || err != nil {
+ t.Fatalf("ReadMIMEHeader =\n%v, %v; want:\n%v", m, err, want)
--- /dev/null
+Origin: https://github.com/golang/go/commit/2017d88dbc096381d4f348d2fb08bfb3c2b7ed73
+Reviewed-by: Sylvain Beucler <beuc@debian.org>
+Last-Update: 2021-03-12
+
+From 2017d88dbc096381d4f348d2fb08bfb3c2b7ed73 Mon Sep 17 00:00:00 2001
+From: Katie Hockman <katie@golang.org>
+Date: Mon, 14 Oct 2019 16:42:21 -0400
+Subject: [PATCH] [release-branch.go1.12-security] crypto/dsa: prevent bad
+ public keys from causing panic
+
+dsa.Verify might currently use a nil s inverse in a
+multiplication if the public key contains a non-prime Q,
+causing a panic. Change this to check that the mod
+inverse exists before using it.
+
+Fixes CVE-2019-17596
+
+Change-Id: I94d5f3cc38f1b5d52d38dcb1d253c71b7fd1cae7
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/572809
+Reviewed-by: Filippo Valsorda <valsorda@google.com>
+(cherry picked from commit 9119dfb0511326d4485b248b83d4fde19c95d0f7)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/575232
+---
+ src/crypto/dsa/dsa.go | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: golang-1.7-1.7.4/src/crypto/dsa/dsa.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/crypto/dsa/dsa.go
++++ golang-1.7-1.7.4/src/crypto/dsa/dsa.go
+@@ -259,6 +259,9 @@ func Verify(pub *PublicKey, hash []byte,
+ }
+
+ w := new(big.Int).ModInverse(s, pub.Q)
++ if w == nil {
++ return false
++ }
+
+ n := pub.Q.BitLen()
+ if n&7 != 0 {
--- /dev/null
+Origin: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca
+Origin: https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708
+Reviewed-by: Sylvain Beucler <beuc@debian.org>
+Last-Update: 2021-03-12
+
+From 829c5df58694b3345cb5ea41206783c8ccf5c3ca Mon Sep 17 00:00:00 2001
+From: Brad Fitzpatrick <bradfitz@golang.org>
+Date: Wed, 23 Jan 2019 19:09:07 +0000
+Subject: [PATCH] net/url, net/http: reject control characters in URLs
+
+This is a more conservative version of the reverted CL 99135 (which
+was reverted in CL 137716)
+
+The net/url part rejects URLs with ASCII CTLs from being parsed and
+the net/http part rejects writing them if a bogus url.URL is
+constructed otherwise.
+
+Updates #27302
+Updates #22907
+
+Change-Id: I09a2212eb74c63db575223277aec363c55421ed8
+Reviewed-on: https://go-review.googlesource.com/c/159157
+Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+Reviewed-by: Filippo Valsorda <filippo@golang.org>
+---
+ src/net/http/fs_test.go | 15 +++++++++++----
+ src/net/http/http.go | 6 ++++++
+ src/net/http/request.go | 7 ++++++-
+ src/net/http/requestwrite_test.go | 11 +++++++++++
+ src/net/url/url.go | 10 ++++++++++
+ src/net/url/url_test.go | 17 ++++++++++++++++-
+ 6 files changed, 60 insertions(+), 6 deletions(-)
+
+From f1d662f34788f4a5f087581d0951cdf4e0f6e708 Mon Sep 17 00:00:00 2001
+From: Brad Fitzpatrick <bradfitz@golang.org>
+Date: Tue, 29 Jan 2019 17:22:36 +0000
+Subject: [PATCH] net/url, net/http: relax CTL-in-URL validation to only ASCII
+ CTLs
+
+CL 159157 was doing UTF-8 decoding of URLs. URLs aren't really UTF-8,
+even if sometimes they are in some contexts.
+
+Instead, only reject ASCII CTLs.
+
+Updates #27302
+Updates #22907
+
+Change-Id: Ibd64efa5d3a93263d175aadf1c9f87deb4670c62
+Reviewed-on: https://go-review.googlesource.com/c/160178
+Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+Reviewed-by: Ian Lance Taylor <iant@golang.org>
+---
+ src/net/http/http.go | 13 +++++++++----
+ src/net/http/request.go | 2 +-
+ src/net/url/url.go | 15 ++++++++++-----
+ src/net/url/url_test.go | 6 ++++++
+ 4 files changed, 26 insertions(+), 10 deletions(-)
+
+Index: golang-1.7-1.7.4/src/net/http/fs_test.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/http/fs_test.go
++++ golang-1.7-1.7.4/src/net/http/fs_test.go
+@@ -580,16 +580,23 @@ func TestFileServerZeroByte(t *testing.T
+ ts := httptest.NewServer(FileServer(Dir(".")))
+ defer ts.Close()
+
+- res, err := Get(ts.URL + "/..\x00")
++ c, err := net.Dial("tcp", ts.Listener.Addr().String())
+ if err != nil {
+ t.Fatal(err)
+ }
+- b, err := ioutil.ReadAll(res.Body)
++ defer c.Close()
++ _, err = fmt.Fprintf(c, "GET /..\x00 HTTP/1.0\r\n\r\n")
+ if err != nil {
+- t.Fatal("reading Body:", err)
++ t.Fatal(err)
++ }
++ var got bytes.Buffer
++ bufr := bufio.NewReader(io.TeeReader(c, &got))
++ res, err := ReadResponse(bufr, nil)
++ if err != nil {
++ t.Fatal("ReadResponse: ", err)
+ }
+ if res.StatusCode == 200 {
+- t.Errorf("got status 200; want an error. Body is:\n%s", string(b))
++ t.Errorf("got status 200; want an error. Body is:\n%s", got.Bytes())
+ }
+ }
+
+Index: golang-1.7-1.7.4/src/net/http/http.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/http/http.go
++++ golang-1.7-1.7.4/src/net/http/http.go
+@@ -41,3 +41,14 @@ func removeEmptyPort(host string) string
+ func isNotToken(r rune) bool {
+ return !httplex.IsTokenRune(r)
+ }
++
++// stringContainsCTLByte reports whether s contains any ASCII control character.
++func stringContainsCTLByte(s string) bool {
++ for i := 0; i < len(s); i++ {
++ b := s[i]
++ if b < ' ' || b == 0x7f {
++ return true
++ }
++ }
++ return false
++}
+Index: golang-1.7-1.7.4/src/net/http/request.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/http/request.go
++++ golang-1.7-1.7.4/src/net/http/request.go
+@@ -477,7 +477,12 @@ func (req *Request) write(w io.Writer, u
+ // CONNECT requests normally give just the host and port, not a full URL.
+ ruri = host
+ }
+- // TODO(bradfitz): escape at least newlines in ruri?
++ if stringContainsCTLByte(ruri) {
++ return errors.New("net/http: can't write control character in Request.URL")
++ }
++ // TODO: validate r.Method too? At least it's less likely to
++ // come from an attacker (more likely to be a constant in
++ // code).
+
+ // Wrap the writer in a bufio Writer if it's not already buffered.
+ // Don't always call NewWriter, as that forces a bytes.Buffer
+Index: golang-1.7-1.7.4/src/net/http/requestwrite_test.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/http/requestwrite_test.go
++++ golang-1.7-1.7.4/src/net/http/requestwrite_test.go
+@@ -486,6 +486,17 @@ var reqWriteTests = []reqWriteTest{
+ "User-Agent: Go-http-client/1.1\r\n" +
+ "\r\n",
+ },
++
++ {
++ Req: Request{
++ Method: "GET",
++ URL: &url.URL{
++ Host: "www.example.com",
++ RawQuery: "new\nline", // or any CTL
++ },
++ },
++ WantError: errors.New("net/http: can't write control character in Request.URL"),
++ },
+ }
+
+ func TestRequestWrite(t *testing.T) {
+Index: golang-1.7-1.7.4/src/net/url/url.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/url/url.go
++++ golang-1.7-1.7.4/src/net/url/url.go
+@@ -447,6 +447,10 @@ func ParseRequestURI(rawurl string) (*UR
+ func parse(rawurl string, viaRequest bool) (url *URL, err error) {
+ var rest string
+
++ if stringContainsCTLByte(rawurl) {
++ return nil, errors.New("net/url: invalid control character in URL")
++ }
++
+ if rawurl == "" && viaRequest {
+ err = errors.New("empty url")
+ goto Error
+@@ -929,3 +933,14 @@ func (u *URL) RequestURI() string {
+ }
+ return result
+ }
++
++// stringContainsCTLByte reports whether s contains any ASCII control character.
++func stringContainsCTLByte(s string) bool {
++ for i := 0; i < len(s); i++ {
++ b := s[i]
++ if b < ' ' || b == 0x7f {
++ return true
++ }
++ }
++ return false
++}
+Index: golang-1.7-1.7.4/src/net/url/url_test.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/url/url_test.go
++++ golang-1.7-1.7.4/src/net/url/url_test.go
+@@ -1388,6 +1388,12 @@ func TestShouldEscape(t *testing.T) {
+ t.Errorf("shouldEscape(%q, %v) returned %v; expected %v", tt.in, tt.mode, !tt.escape, tt.escape)
+ }
+ }
++
++ // But don't reject non-ASCII CTLs, at least for now:
++ if _, err := Parse("http://foo.com/ctl\x80"); err != nil {
++ t.Errorf("error parsing URL with non-ASCII control byte: %v", err)
++ }
++
+ }
+
+ type timeoutError struct {
+@@ -1470,3 +1476,18 @@ func TestURLErrorImplementsNetError(t *t
+ }
+ }
+ }
++
++func TestRejectControlCharacters(t *testing.T) {
++ tests := []string{
++ "http://foo.com/?foo\nbar",
++ "http\r://foo.com/",
++ "http://foo\x7f.com/",
++ }
++ for _, s := range tests {
++ _, err := Parse(s)
++ const wantSub = "net/url: invalid control character in URL"
++ if got := fmt.Sprint(err); !strings.Contains(got, wantSub) {
++ t.Errorf("Parse(%q) error = %q; want substring %q", s, got, wantSub)
++ }
++ }
++}
--- /dev/null
+Index: golang-1.7-1.7.4/src/net/http/server.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/net/http/server.go 2020-11-18 17:29:38.876836177 +0100
++++ golang-1.7-1.7.4/src/net/http/server.go 2020-11-18 17:29:38.868835775 +0100
+@@ -372,6 +372,16 @@
+ wants10KeepAlive bool // HTTP/1.0 w/ Connection "keep-alive"
+ wantsClose bool // HTTP request has Connection "close"
+
++ // canWriteContinue is a boolean value accessed as an atomic int32
++ // that says whether or not a 100 Continue header can be written
++ // to the connection.
++ // writeContinueMu must be held while writing the header.
++ // These two fields together synchronize the body reader
++ // (the expectContinueReader, which wants to write 100 Continue)
++ // against the main writer.
++ canWriteContinue atomicBool
++ writeContinueMu sync.Mutex
++
+ w *bufio.Writer // buffers output in chunks to chunkWriter
+ cw chunkWriter
+
+@@ -422,6 +432,7 @@
+
+ func (b *atomicBool) isSet() bool { return atomic.LoadInt32((*int32)(b)) != 0 }
+ func (b *atomicBool) setTrue() { atomic.StoreInt32((*int32)(b), 1) }
++func (b *atomicBool) setFalse() { atomic.StoreInt32((*int32)(b), 0) }
+
+ // declareTrailer is called for each Trailer header when the
+ // response header is written. It notes that a header will need to be
+@@ -684,21 +695,27 @@
+ resp *response
+ readCloser io.ReadCloser
+ closed bool
+- sawEOF bool
++ sawEOF atomicBool
+ }
+
+ func (ecr *expectContinueReader) Read(p []byte) (n int, err error) {
+ if ecr.closed {
+ return 0, ErrBodyReadAfterClose
+ }
+- if !ecr.resp.wroteContinue && !ecr.resp.conn.hijacked() {
+- ecr.resp.wroteContinue = true
+- ecr.resp.conn.bufw.WriteString("HTTP/1.1 100 Continue\r\n\r\n")
+- ecr.resp.conn.bufw.Flush()
++ w := ecr.resp
++ if !w.wroteContinue && w.canWriteContinue.isSet() && !w.conn.hijacked() {
++ w.wroteContinue = true
++ w.writeContinueMu.Lock()
++ if w.canWriteContinue.isSet() {
++ w.conn.bufw.WriteString("HTTP/1.1 100 Continue\r\n\r\n")
++ w.conn.bufw.Flush()
++ w.canWriteContinue.setFalse()
++ }
++ w.writeContinueMu.Unlock()
+ }
+ n, err = ecr.readCloser.Read(p)
+ if err == io.EOF {
+- ecr.sawEOF = true
++ ecr.sawEOF.setTrue()
+ }
+ return
+ }
+@@ -1055,7 +1072,7 @@
+ // because we don't know if the next bytes on the wire will be
+ // the body-following-the-timer or the subsequent request.
+ // See Issue 11549.
+- if ecr, ok := w.req.Body.(*expectContinueReader); ok && !ecr.sawEOF {
++ if ecr, ok := w.req.Body.(*expectContinueReader); ok && !ecr.sawEOF.isSet() {
+ w.closeAfterReply = true
+ }
+
+@@ -1321,6 +1338,17 @@
+ w.conn.server.logf("http: response.Write on hijacked connection")
+ return 0, ErrHijacked
+ }
++
++ if w.canWriteContinue.isSet() {
++ // Body reader wants to write 100 Continue but hasn't yet.
++ // Tell it not to. The store must be done while holding the lock
++ // because the lock makes sure that there is not an active write
++ // this very moment.
++ w.writeContinueMu.Lock()
++ w.canWriteContinue.setFalse()
++ w.writeContinueMu.Unlock()
++ }
++
+ if !w.wroteHeader {
+ w.WriteHeader(StatusOK)
+ }
+@@ -1565,6 +1593,7 @@
+ if req.ProtoAtLeast(1, 1) && req.ContentLength != 0 {
+ // Wrap the Body reader with one that replies on the connection
+ req.Body = &expectContinueReader{readCloser: req.Body, resp: w}
++ w.canWriteContinue.setTrue()
+ }
+ } else if req.Header.get("Expect") != "" {
+ w.sendExpectationFailed()
--- /dev/null
+diff --git a/src/encoding/binary/varint.go b/src/encoding/binary/varint.go
+index bcb8ac9a45..38af61075c 100644
+--- a/src/encoding/binary/varint.go
++++ b/src/encoding/binary/varint.go
+@@ -106,13 +106,13 @@ var overflow = errors.New("binary: varint overflows a 64-bit integer")
+ func ReadUvarint(r io.ByteReader) (uint64, error) {
+ var x uint64
+ var s uint
+- for i := 0; ; i++ {
++ for i := 0; i < MaxVarintLen64; i++ {
+ b, err := r.ReadByte()
+ if err != nil {
+ return x, err
+ }
+ if b < 0x80 {
+- if i > 9 || i == 9 && b > 1 {
++ if i == 9 && b > 1 {
+ return x, overflow
+ }
+ return x | uint64(b)<<s, nil
+@@ -120,6 +120,7 @@ func ReadUvarint(r io.ByteReader) (uint64, error) {
+ x |= uint64(b&0x7f) << s
+ s += 7
+ }
++ return x, overflow
+ }
+
+ // ReadVarint reads an encoded signed integer from r and returns it as an int64.
+diff --git a/src/encoding/binary/varint_test.go b/src/encoding/binary/varint_test.go
+index ca411ecbd6..6ef4c99505 100644
+--- a/src/encoding/binary/varint_test.go
++++ b/src/encoding/binary/varint_test.go
+@@ -121,21 +121,27 @@ func TestBufferTooSmall(t *testing.T) {
+ }
+ }
+
+-func testOverflow(t *testing.T, buf []byte, n0 int, err0 error) {
++func testOverflow(t *testing.T, buf []byte, x0 uint64, n0 int, err0 error) {
+ x, n := Uvarint(buf)
+ if x != 0 || n != n0 {
+ t.Errorf("Uvarint(%v): got x = %d, n = %d; want 0, %d", buf, x, n, n0)
+ }
+
+- x, err := ReadUvarint(bytes.NewReader(buf))
+- if x != 0 || err != err0 {
+- t.Errorf("ReadUvarint(%v): got x = %d, err = %s; want 0, %s", buf, x, err, err0)
++ r := bytes.NewReader(buf)
++ len := r.Len()
++ x, err := ReadUvarint(r)
++ if x != x0 || err != err0 {
++ t.Errorf("ReadUvarint(%v): got x = %d, err = %s; want %d, %s", buf, x, err, x0, err0)
++ }
++ if read := len - r.Len(); read > MaxVarintLen64 {
++ t.Errorf("ReadUvarint(%v): read more than MaxVarintLen64 bytes, got %d", buf, read)
+ }
+ }
+
+ func TestOverflow(t *testing.T) {
+- testOverflow(t, []byte{0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x2}, -10, overflow)
+- testOverflow(t, []byte{0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x1, 0, 0}, -13, overflow)
++ testOverflow(t, []byte{0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x2}, 0, -10, overflow)
++ testOverflow(t, []byte{0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x1, 0, 0}, 0, -13, overflow)
++ testOverflow(t, []byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 1<<64-1, 0, overflow) // 11 bytes, should overflow
+ }
+
+ func TestNonCanonicalZero(t *testing.T) {
--- /dev/null
+Origin: https://github.com/golang/go/commit/5c8fd727c41e31273923c32b33d4f25855f4e123
+Reviewed-by: Sylvain Beucler <beuc@debian.org>
+Last-Update: 2021-03-12
+
+From 5c8fd727c41e31273923c32b33d4f25855f4e123 Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Fri, 8 Jan 2021 03:56:58 +0100
+Subject: [PATCH] [release-branch.go1.15-security] crypto/elliptic: fix P-224
+ field reduction
+
+This patch fixes two independent bugs in p224Contract, the function that
+performs the final complete reduction in the P-224 field. Incorrect
+outputs due to these bugs were observable from a high-level
+P224().ScalarMult() call.
+
+The first bug was in the calculation of out3GT. That mask was supposed
+to be all ones if the third limb of the value is greater than the third
+limb of P (out[3] > 0xffff000). Instead, it was also set if they are
+equal. That meant that if the third limb was equal, the value was always
+considered greater than or equal to P, even when the three bottom limbs
+were all zero. There is exactly one affected value, P - 1, which would
+trigger the subtraction by P even if it's lower than P already.
+
+The second bug was more easily hit, and is the one that caused the known
+high-level incorrect output: after the conditional subtraction by P, a
+potential underflow of the lowest limb was not handled. Any values that
+trigger the subtraction by P (values between P and 2^224-1, and P - 1
+due to the bug above) but have a zero lowest limb would produce invalid
+outputs. Those conditions apply to the intermediate representation
+before the subtraction, so they are hard to trace to precise inputs.
+
+This patch also adds a test suite for the P-224 field arithmetic,
+including a custom fuzzer that automatically explores potential edge
+cases by combining limb values that have various meanings in the code.
+contractMatchesBigInt in TestP224Contract finds the second bug in less
+than a second without being tailored to it, and could eventually find
+the first one too by combining 0, (1 << 28) - 1, and the difference of
+(1 << 28) and (1 << 12).
+
+The incorrect P224().ScalarMult() output was found by the
+elliptic-curve-differential-fuzzer project running on OSS-Fuzz and
+reported by Philippe Antoine (Catena cyber).
+
+Fixes CVE-2021-3114
+
+Change-Id: I50176602d544de3da854270d66a293bcaca57ad7
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/947792
+Reviewed-by: Katie Hockman <katiehockman@google.com>
+(cherry picked from commit 5fa534e9c7eaeaf875e53b98eac9342b0855b283)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955175
+---
+ src/crypto/elliptic/p224.go | 41 +++--
+ src/crypto/elliptic/p224_test.go | 277 ++++++++++++++++++++++++++++++-
+ 2 files changed, 298 insertions(+), 20 deletions(-)
+
+Index: golang-1.7-1.7.4/src/crypto/elliptic/p224.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/crypto/elliptic/p224.go
++++ golang-1.7-1.7.4/src/crypto/elliptic/p224.go
+@@ -384,10 +384,11 @@ func p224Invert(out, in *p224FieldElemen
+ // p224Contract converts a FieldElement to its unique, minimal form.
+ //
+ // On entry, in[i] < 2**29
+-// On exit, in[i] < 2**28
++// On exit, out[i] < 2**28 and out < p
+ func p224Contract(out, in *p224FieldElement) {
+ copy(out[:], in[:])
+
++ // First, carry the bits above 28 to the higher limb.
+ for i := 0; i < 7; i++ {
+ out[i+1] += out[i] >> 28
+ out[i] &= bottom28Bits
+@@ -395,10 +396,13 @@ func p224Contract(out, in *p224FieldElem
+ top := out[7] >> 28
+ out[7] &= bottom28Bits
+
++ // Use the reduction identity to carry the overflow.
++ //
++ // a + top * 2²²⁴ = a + top * 2⁹⁶ - top
+ out[0] -= top
+ out[3] += top << 12
+
+- // We may just have made out[i] negative. So we carry down. If we made
++ // We may just have made out[0] negative. So we carry down. If we made
+ // out[0] negative then we know that out[3] is sufficiently positive
+ // because we just added to it.
+ for i := 0; i < 3; i++ {
+@@ -423,13 +427,12 @@ func p224Contract(out, in *p224FieldElem
+ // There are two cases to consider for out[3]:
+ // 1) The first time that we eliminated top, we didn't push out[3] over
+ // 2**28. In this case, the partial carry chain didn't change any values
+- // and top is zero.
++ // and top is now zero.
+ // 2) We did push out[3] over 2**28 the first time that we eliminated top.
+- // The first value of top was in [0..16), therefore, prior to eliminating
+- // the first top, 0xfff1000 <= out[3] <= 0xfffffff. Therefore, after
+- // overflowing and being reduced by the second carry chain, out[3] <=
+- // 0xf000. Thus it cannot have overflowed when we eliminated top for the
+- // second time.
++ // The first value of top was in [0..2], therefore, after overflowing
++ // and being reduced by the second carry chain, out[3] <= 2<<12 - 1.
++ // In both cases, out[3] cannot have overflowed when we eliminated top for
++ // the second time.
+
+ // Again, we may just have made out[0] negative, so do the same carry down.
+ // As before, if we made out[0] negative then we know that out[3] is
+@@ -468,12 +471,11 @@ func p224Contract(out, in *p224FieldElem
+ bottom3NonZero |= bottom3NonZero >> 1
+ bottom3NonZero = uint32(int32(bottom3NonZero<<31) >> 31)
+
+- // Everything depends on the value of out[3].
+- // If it's > 0xffff000 and top4AllOnes != 0 then the whole value is >= p
+- // If it's = 0xffff000 and top4AllOnes != 0 and bottom3NonZero != 0,
+- // then the whole value is >= p
++ // Assuming top4AllOnes != 0, everything depends on the value of out[3].
++ // If it's > 0xffff000 then the whole value is > p
++ // If it's = 0xffff000 and bottom3NonZero != 0, then the whole value is >= p
+ // If it's < 0xffff000, then the whole value is < p
+- n := out[3] - 0xffff000
++ n := 0xffff000 - out[3]
+ out3Equal := n
+ out3Equal |= out3Equal >> 16
+ out3Equal |= out3Equal >> 8
+@@ -482,8 +484,8 @@ func p224Contract(out, in *p224FieldElem
+ out3Equal |= out3Equal >> 1
+ out3Equal = ^uint32(int32(out3Equal<<31) >> 31)
+
+- // If out[3] > 0xffff000 then n's MSB will be zero.
+- out3GT := ^uint32(int32(n) >> 31)
++ // If out[3] > 0xffff000 then n's MSB will be one.
++ out3GT := uint32(int32(n) >> 31)
+
+ mask := top4AllOnes & ((out3Equal & bottom3NonZero) | out3GT)
+ out[0] -= 1 & mask
+@@ -492,6 +494,15 @@ func p224Contract(out, in *p224FieldElem
+ out[5] -= 0xfffffff & mask
+ out[6] -= 0xfffffff & mask
+ out[7] -= 0xfffffff & mask
++
++ // Do one final carry down, in case we made out[0] negative. One of
++ // out[0..3] needs to be positive and able to absorb the -1 or the value
++ // would have been < p, and the subtraction wouldn't have happened.
++ for i := 0; i < 3; i++ {
++ mask := uint32(int32(out[i]) >> 31)
++ out[i] += (1 << 28) & mask
++ out[i+1] -= 1 & mask
++ }
+ }
+
+ // Group element functions.
+Index: golang-1.7-1.7.4/src/crypto/elliptic/p224_test.go
+===================================================================
+--- golang-1.7-1.7.4.orig/src/crypto/elliptic/p224_test.go
++++ golang-1.7-1.7.4/src/crypto/elliptic/p224_test.go
+@@ -6,7 +6,10 @@ package elliptic
+
+ import (
+ "math/big"
++ "math/rand"
++ "reflect"
+ "testing"
++ "testing/quick"
+ )
+
+ var toFromBigTests = []string{
+@@ -21,16 +24,16 @@ func p224AlternativeToBig(in *p224FieldE
+ ret := new(big.Int)
+ tmp := new(big.Int)
+
+- for i := uint(0); i < 8; i++ {
++ for i := len(in) - 1; i >= 0; i-- {
++ ret.Lsh(ret, 28)
+ tmp.SetInt64(int64(in[i]))
+- tmp.Lsh(tmp, 28*i)
+ ret.Add(ret, tmp)
+ }
+- ret.Mod(ret, p224.P)
++ ret.Mod(ret, P224().Params().P)
+ return ret
+ }
+
+-func TestToFromBig(t *testing.T) {
++func TestP224ToFromBig(t *testing.T) {
+ for i, test := range toFromBigTests {
+ n, _ := new(big.Int).SetString(test, 16)
+ var x p224FieldElement
+@@ -41,7 +44,304 @@ func TestToFromBig(t *testing.T) {
+ }
+ q := p224AlternativeToBig(&x)
+ if n.Cmp(q) != 0 {
+- t.Errorf("#%d: %x != %x (alternative)", i, n, m)
++ t.Errorf("#%d: %x != %x (alternative)", i, n, q)
+ }
+ }
+ }
++
++// quickCheckConfig32 will make each quickcheck test run (32 * -quickchecks)
++// times. The default value of -quickchecks is 100.
++var quickCheckConfig32 = &quick.Config{MaxCountScale: 32}
++
++// weirdLimbs can be combined to generate a range of edge-case field elements.
++var weirdLimbs = [...]uint32{
++ 0, 1, (1 << 29) - 1,
++ (1 << 12), (1 << 12) - 1,
++ (1 << 28), (1 << 28) - 1,
++}
++
++func generateLimb(rand *rand.Rand) uint32 {
++ const bottom29Bits = 0x1fffffff
++ n := rand.Intn(len(weirdLimbs) + 3)
++ switch n {
++ case len(weirdLimbs):
++ // Random value.
++ return uint32(rand.Int31n(1 << 29))
++ case len(weirdLimbs) + 1:
++ // Sum of two values.
++ k := generateLimb(rand) + generateLimb(rand)
++ return k & bottom29Bits
++ case len(weirdLimbs) + 2:
++ // Difference of two values.
++ k := generateLimb(rand) - generateLimb(rand)
++ return k & bottom29Bits
++ default:
++ return weirdLimbs[n]
++ }
++}
++
++func (p224FieldElement) Generate(rand *rand.Rand, size int) reflect.Value {
++ return reflect.ValueOf(p224FieldElement{
++ weirdLimbs[rand.Intn(len(weirdLimbs))],
++ weirdLimbs[rand.Intn(len(weirdLimbs))],
++ weirdLimbs[rand.Intn(len(weirdLimbs))],
++ weirdLimbs[rand.Intn(len(weirdLimbs))],
++ weirdLimbs[rand.Intn(len(weirdLimbs))],
++ weirdLimbs[rand.Intn(len(weirdLimbs))],
++ weirdLimbs[rand.Intn(len(weirdLimbs))],
++ weirdLimbs[rand.Intn(len(weirdLimbs))],
++ })
++}
++
++func isInBounds(x *p224FieldElement) bool {
++ return Len32(x[0]) <= 29 &&
++ Len32(x[1]) <= 29 &&
++ Len32(x[2]) <= 29 &&
++ Len32(x[3]) <= 29 &&
++ Len32(x[4]) <= 29 &&
++ Len32(x[5]) <= 29 &&
++ Len32(x[6]) <= 29 &&
++ Len32(x[7]) <= 29
++}
++
++func TestP224Mul(t *testing.T) {
++ mulMatchesBigInt := func(a, b, out p224FieldElement) bool {
++ var tmp p224LargeFieldElement
++ p224Mul(&out, &a, &b, &tmp)
++
++ exp := new(big.Int).Mul(p224AlternativeToBig(&a), p224AlternativeToBig(&b))
++ exp.Mod(exp, P224().Params().P)
++ got := p224AlternativeToBig(&out)
++ if exp.Cmp(got) != 0 || !isInBounds(&out) {
++ t.Logf("a = %x", a)
++ t.Logf("b = %x", b)
++ t.Logf("p224Mul(a, b) = %x = %v", out, got)
++ t.Logf("a * b = %v", exp)
++ return false
++ }
++
++ return true
++ }
++
++ a := p224FieldElement{0xfffffff, 0xfffffff, 0xf00ffff, 0x20f, 0x0, 0x0, 0x0, 0x0}
++ b := p224FieldElement{1, 0, 0, 0, 0, 0, 0, 0}
++ if !mulMatchesBigInt(a, b, p224FieldElement{}) {
++ t.Fail()
++ }
++
++ if err := quick.Check(mulMatchesBigInt, quickCheckConfig32); err != nil {
++ t.Error(err)
++ }
++}
++
++func TestP224Square(t *testing.T) {
++ squareMatchesBigInt := func(a, out p224FieldElement) bool {
++ var tmp p224LargeFieldElement
++ p224Square(&out, &a, &tmp)
++
++ exp := p224AlternativeToBig(&a)
++ exp.Mul(exp, exp)
++ exp.Mod(exp, P224().Params().P)
++ got := p224AlternativeToBig(&out)
++ if exp.Cmp(got) != 0 || !isInBounds(&out) {
++ t.Logf("a = %x", a)
++ t.Logf("p224Square(a, b) = %x = %v", out, got)
++ t.Logf("a * a = %v", exp)
++ return false
++ }
++
++ return true
++ }
++
++ if err := quick.Check(squareMatchesBigInt, quickCheckConfig32); err != nil {
++ t.Error(err)
++ }
++}
++
++func TestP224Add(t *testing.T) {
++ addMatchesBigInt := func(a, b, out p224FieldElement) bool {
++ p224Add(&out, &a, &b)
++
++ exp := new(big.Int).Add(p224AlternativeToBig(&a), p224AlternativeToBig(&b))
++ exp.Mod(exp, P224().Params().P)
++ got := p224AlternativeToBig(&out)
++ if exp.Cmp(got) != 0 {
++ t.Logf("a = %x", a)
++ t.Logf("b = %x", b)
++ t.Logf("p224Add(a, b) = %x = %v", out, got)
++ t.Logf("a + b = %v", exp)
++ return false
++ }
++
++ return true
++ }
++
++ if err := quick.Check(addMatchesBigInt, quickCheckConfig32); err != nil {
++ t.Error(err)
++ }
++}
++
++func TestP224Reduce(t *testing.T) {
++ reduceMatchesBigInt := func(a p224FieldElement) bool {
++ out := a
++ // TODO: generate higher values for functions like p224Reduce that are
++ // expected to work with higher input bounds.
++ p224Reduce(&out)
++
++ exp := p224AlternativeToBig(&a)
++ got := p224AlternativeToBig(&out)
++ if exp.Cmp(got) != 0 || !isInBounds(&out) {
++ t.Logf("a = %x = %v", a, exp)
++ t.Logf("p224Reduce(a) = %x = %v", out, got)
++ return false
++ }
++
++ return true
++ }
++
++ if err := quick.Check(reduceMatchesBigInt, quickCheckConfig32); err != nil {
++ t.Error(err)
++ }
++}
++
++func TestP224Contract(t *testing.T) {
++ contractMatchesBigInt := func(a, out p224FieldElement) bool {
++ p224Contract(&out, &a)
++
++ exp := p224AlternativeToBig(&a)
++ got := p224AlternativeToBig(&out)
++ if exp.Cmp(got) != 0 {
++ t.Logf("a = %x = %v", a, exp)
++ t.Logf("p224Contract(a) = %x = %v", out, got)
++ return false
++ }
++
++ // Check that out < P.
++ for i := range p224P {
++ k := 8 - i - 1
++ if out[k] > p224P[k] {
++ t.Logf("p224Contract(a) = %x", out)
++ return false
++ }
++ if out[k] < p224P[k] {
++ return true
++ }
++ }
++ t.Logf("p224Contract(a) = %x", out)
++ return false
++ }
++
++ if !contractMatchesBigInt(p224P, p224FieldElement{}) {
++ t.Error("p224Contract(p) is broken")
++ }
++ pMinus1 := p224FieldElement{0, 0, 0, 0xffff000, 0xfffffff, 0xfffffff, 0xfffffff, 0xfffffff}
++ if !contractMatchesBigInt(pMinus1, p224FieldElement{}) {
++ t.Error("p224Contract(p - 1) is broken")
++ }
++ // Check that we can handle input above p, but lowest limb zero.
++ a := p224FieldElement{0, 1, 0, 0xffff000, 0xfffffff, 0xfffffff, 0xfffffff, 0xfffffff}
++ if !contractMatchesBigInt(a, p224FieldElement{}) {
++ t.Error("p224Contract(p + 2²⁸) is broken")
++ }
++ // Check that we can handle input above p, but lowest three limbs zero.
++ b := p224FieldElement{0, 0, 0, 0xffff001, 0xfffffff, 0xfffffff, 0xfffffff, 0xfffffff}
++ if !contractMatchesBigInt(b, p224FieldElement{}) {
++ t.Error("p224Contract(p + 2⁸⁴) is broken")
++ }
++
++ if err := quick.Check(contractMatchesBigInt, quickCheckConfig32); err != nil {
++ t.Error(err)
++ }
++}
++
++func TestP224IsZero(t *testing.T) {
++ if got := p224IsZero(&p224FieldElement{}); got != 1 {
++ t.Errorf("p224IsZero(0) = %d, expected 1", got)
++ }
++ if got := p224IsZero((*p224FieldElement)(&p224P)); got != 1 {
++ t.Errorf("p224IsZero(p) = %d, expected 1", got)
++ }
++ if got := p224IsZero(&p224FieldElement{1}); got != 0 {
++ t.Errorf("p224IsZero(1) = %d, expected 0", got)
++ }
++
++ isZeroMatchesBigInt := func(a p224FieldElement) bool {
++ isZero := p224IsZero(&a)
++
++ big := p224AlternativeToBig(&a)
++ if big.Sign() == 0 && isZero != 1 {
++ return false
++ }
++ if big.Sign() != 0 && isZero != 0 {
++ return false
++ }
++ return true
++ }
++
++ if err := quick.Check(isZeroMatchesBigInt, quickCheckConfig32); err != nil {
++ t.Error(err)
++ }
++}
++
++func TestP224Invert(t *testing.T) {
++ var out p224FieldElement
++
++ p224Invert(&out, &p224FieldElement{})
++ if got := p224IsZero(&out); got != 1 {
++ t.Errorf("p224Invert(0) = %x, expected 0", out)
++ }
++
++ p224Invert(&out, (*p224FieldElement)(&p224P))
++ if got := p224IsZero(&out); got != 1 {
++ t.Errorf("p224Invert(p) = %x, expected 0", out)
++ }
++
++ p224Invert(&out, &p224FieldElement{1})
++ p224Contract(&out, &out)
++ if out != (p224FieldElement{1}) {
++ t.Errorf("p224Invert(1) = %x, expected 1", out)
++ }
++
++ var tmp p224LargeFieldElement
++ a := p224FieldElement{1, 2, 3, 4, 5, 6, 7, 8}
++ p224Invert(&out, &a)
++ p224Mul(&out, &out, &a, &tmp)
++ p224Contract(&out, &out)
++ if out != (p224FieldElement{1}) {
++ t.Errorf("p224Invert(a) * a = %x, expected 1", out)
++ }
++}
++
++
++// Backport for CVE-2021-3114
++var len8tab = [256]uint8{
++ 0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
++ 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
++ 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
++ 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06,
++ 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
++ 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
++ 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
++ 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07,
++ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08,
++ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08,
++ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08,
++ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08,
++ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08,
++ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08,
++ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08,
++ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08,
++}
++
++// Len32 returns the minimum number of bits required to represent x; the result is 0 for x == 0.
++func Len32(x uint32) (n int) {
++ if x >= 1<<16 {
++ x >>= 16
++ n = 16
++ }
++ if x >= 1<<8 {
++ x >>= 8
++ n += 8
++ }
++ return n + int(len8tab[x])
++}
--- /dev/null
+From c5434f2973a87acff76bac359236e690d632ce95 Mon Sep 17 00:00:00 2001
+From: Alberto Donizetti <alb.donizetti@gmail.com>
+Date: Thu, 29 Sep 2016 13:59:10 +0200
+Subject: [PATCH] time: update test for tzdata-2016g
+Origin: https://golang.org/cl/29995
+Bug: https://golang.org/issue/17276
+Applied-Upstream: 1.8
+
+Fixes #17276
+
+Change-Id: I0188cf9bc5fdb48c71ad929cc54206d03e0b96e4
+Reviewed-on: https://go-review.googlesource.com/29995
+Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
+Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+---
+ src/time/time_test.go | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/src/time/time_test.go
++++ b/src/time/time_test.go
+@@ -939,8 +939,11 @@
+ // but Go and most other systems use "east is positive".
+ // So GMT+1 corresponds to -3600 in the Go zone, not +3600.
+ name, offset := Now().In(loc).Zone()
+- if name != "GMT+1" || offset != -1*60*60 {
+- t.Errorf("Now().In(loc).Zone() = %q, %d, want %q, %d", name, offset, "GMT+1", -1*60*60)
++ // The zone abbreviation is "-01" since tzdata-2016g, and "GMT+1"
++ // on earlier versions; we accept both. (Issue #17276).
++ if !(name == "GMT+1" || name == "-01") || offset != -1*60*60 {
++ t.Errorf("Now().In(loc).Zone() = %q, %d, want %q or %q, %d",
++ name, offset, "GMT+1", "-01", -1*60*60)
+ }
+ }
+
--- /dev/null
+From 91563ced5897faf729a34be7081568efcfedda31 Mon Sep 17 00:00:00 2001
+From: Alberto Donizetti <alb.donizetti@gmail.com>
+Date: Thu, 09 Mar 2017 13:20:54 +0100
+Subject: [PATCH] time: make the ParseInLocation test more robust
+
+The tzdata 2017a update (2017-02-28) changed the abbreviation of the
+Asia/Baghdad time zone (used in TestParseInLocation) from 'AST' to the
+numeric '+03'.
+
+Update the test so that it skips the checks if we're using a recent
+tzdata release.
+
+Fixes #19457
+
+Change-Id: I45d705a5520743a611bdd194dc8f8d618679980c
+Reviewed-on: https://go-review.googlesource.com/37964
+Reviewed-by: Ian Lance Taylor <iant@golang.org>
+Run-TryBot: Ian Lance Taylor <iant@golang.org>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+---
+
+--- a/src/time/format_test.go
++++ b/src/time/format_test.go
+@@ -244,27 +244,45 @@
+ }
+ }
+
++// TestParseInLocation checks that the Parse and ParseInLocation
++// functions do not get confused by the fact that AST (Arabia Standard
++// Time) and AST (Atlantic Standard Time) are different time zones,
++// even though they have the same abbreviation.
++//
++// ICANN has been slowly phasing out invented abbreviation in favor of
++// numeric time zones (for example, the Asia/Baghdad time zone
++// abbreviation got changed from AST to +03 in the 2017a tzdata
++// release); but we still want to make sure that the time package does
++// not get confused on systems with slightly older tzdata packages.
+ func TestParseInLocation(t *testing.T) {
+- // Check that Parse (and ParseInLocation) understand that
+- // Feb 01 AST (Arabia Standard Time) and Feb 01 AST (Atlantic Standard Time)
+- // are in different time zones even though both are called AST
+
+ baghdad, err := LoadLocation("Asia/Baghdad")
+ if err != nil {
+ t.Fatal(err)
+ }
+
+- t1, err := ParseInLocation("Jan 02 2006 MST", "Feb 01 2013 AST", baghdad)
++ var t1, t2 Time
++
++ t1, err = ParseInLocation("Jan 02 2006 MST", "Feb 01 2013 AST", baghdad)
+ if err != nil {
+ t.Fatal(err)
+ }
+- t2 := Date(2013, February, 1, 00, 00, 00, 0, baghdad)
+- if t1 != t2 {
+- t.Fatalf("ParseInLocation(Feb 01 2013 AST, Baghdad) = %v, want %v", t1, t2)
+- }
++
+ _, offset := t1.Zone()
+- if offset != 3*60*60 {
+- t.Fatalf("ParseInLocation(Feb 01 2013 AST, Baghdad).Zone = _, %d, want _, %d", offset, 3*60*60)
++
++ // A zero offset means that ParseInLocation did not recognize the
++ // 'AST' abbreviation as matching the current location (Baghdad,
++ // where we'd expect a +03 hrs offset); likely because we're using
++ // a recent tzdata release (2017a or newer).
++ // If it happens, skip the Baghdad test.
++ if offset != 0 {
++ t2 = Date(2013, February, 1, 00, 00, 00, 0, baghdad)
++ if t1 != t2 {
++ t.Fatalf("ParseInLocation(Feb 01 2013 AST, Baghdad) = %v, want %v", t1, t2)
++ }
++ if offset != 3*60*60 {
++ t.Fatalf("ParseInLocation(Feb 01 2013 AST, Baghdad).Zone = _, %d, want _, %d", offset, 3*60*60)
++ }
+ }
+
+ blancSablon, err := LoadLocation("America/Blanc-Sablon")
+@@ -272,6 +290,9 @@
+ t.Fatal(err)
+ }
+
++ // In this case 'AST' means 'Atlantic Standard Time', and we
++ // expect the abbreviation to correctly match the american
++ // location.
+ t1, err = ParseInLocation("Jan 02 2006 MST", "Feb 01 2013 AST", blancSablon)
+ if err != nil {
+ t.Fatal(err)
--- /dev/null
+From c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc Mon Sep 17 00:00:00 2001
+From: Ian Lance Taylor <iant@golang.org>
+Date: Thu, 15 Feb 2018 15:57:13 -0800
+Subject: [PATCH] cmd/go: restrict meta imports to valid schemes
+
+Before this change, when using -insecure, we permitted any meta import
+repo root as long as it contained "://". When not using -insecure, we
+restrict meta import repo roots to be valid URLs. People may depend on
+that somehow, so permit meta import repo roots to be invalid URLs, but
+require them to have valid schemes per RFC 3986.
+
+Fixes #23867
+
+Change-Id: Iac666dfc75ac321bf8639dda5b0dba7c8840922d
+Reviewed-on: https://go-review.googlesource.com/94603
+Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
+---
+ src/cmd/go/vcs.go | 34 +++++++++++++++++++++--
+ src/cmd/go/vcs_test.go | 43 +++++++++++++++++++++++++++++
+ 2 files changed, 75 insertions(+), 2 deletions(-)
+
+--- a/src/cmd/go/vcs.go
++++ b/src/cmd/go/vcs.go
+@@ -691,8 +691,8 @@
+ }
+ }
+
+- if !strings.Contains(mmi.RepoRoot, "://") {
+- return nil, fmt.Errorf("%s: invalid repo root %q; no scheme", urlStr, mmi.RepoRoot)
++ if err := validateRepoRootScheme(mmi.RepoRoot); err != nil {
++ return nil, fmt.Errorf("%s: invalid repo root %q: %v", urlStr, mmi.RepoRoot, err)
+ }
+ rr := &repoRoot{
+ vcs: vcsByCmd(mmi.VCS),
+@@ -705,6 +705,36 @@
+ return rr, nil
+ }
+
++// validateRepoRootScheme returns an error if repoRoot does not seem
++// to have a valid URL scheme. At this point we permit things that
++// aren't valid URLs, although later, if not using -insecure, we will
++// restrict repoRoots to be valid URLs. This is only because we've
++// historically permitted them, and people may depend on that.
++func validateRepoRootScheme(repoRoot string) error {
++ end := strings.Index(repoRoot, "://")
++ if end <= 0 {
++ return errors.New("no scheme")
++ }
++
++ // RFC 3986 section 3.1.
++ for i := 0; i < end; i++ {
++ c := repoRoot[i]
++ switch {
++ case 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z':
++ // OK.
++ case '0' <= c && c <= '9' || c == '+' || c == '-' || c == '.':
++ // OK except at start.
++ if i == 0 {
++ return errors.New("invalid scheme")
++ }
++ default:
++ return errors.New("invalid scheme")
++ }
++ }
++
++ return nil
++}
++
+ var fetchGroup singleflight.Group
+ var (
+ fetchCacheMu sync.Mutex
+--- a/src/cmd/go/vcs_test.go
++++ b/src/cmd/go/vcs_test.go
+@@ -321,3 +321,46 @@
+ }
+ }
+ }
++
++func TestValidateRepoRootScheme(t *testing.T) {
++ tests := []struct {
++ root string
++ err string
++ }{
++ {
++ root: "",
++ err: "no scheme",
++ },
++ {
++ root: "http://",
++ err: "",
++ },
++ {
++ root: "a://",
++ err: "",
++ },
++ {
++ root: "a#://",
++ err: "invalid scheme",
++ },
++ {
++ root: "-config://",
++ err: "invalid scheme",
++ },
++ }
++
++ for _, test := range tests {
++ err := validateRepoRootScheme(test.root)
++ if err == nil {
++ if test.err != "" {
++ t.Errorf("validateRepoRootScheme(%q) = nil, want %q", test.root, test.err)
++ }
++ } else if test.err == "" {
++ if err != nil {
++ t.Errorf("validateRepoRootScheme(%q) = %q, want nil", test.root, test.err)
++ }
++ } else if err.Error() != test.err {
++ t.Errorf("validateRepoRootScheme(%q) = %q, want %q", test.root, err, test.err)
++ }
++ }
++}
--- /dev/null
+--- a/src/crypto/elliptic/elliptic.go
++++ b/src/crypto/elliptic/elliptic.go
+@@ -210,8 +210,9 @@
+
+ x3 := new(big.Int).Mul(alpha, alpha)
+ beta8 := new(big.Int).Lsh(beta, 3)
++ beta8.Mod(beta8, curve.P)
+ x3.Sub(x3, beta8)
+- for x3.Sign() == -1 {
++ if x3.Sign() == -1 {
+ x3.Add(x3, curve.P)
+ }
+ x3.Mod(x3, curve.P)
--- /dev/null
+cl-29995--tzdata-2016g.patch
+cl-37964--tzdata-2017a.patch
+cve-2019-6486.patch
+cve-2018-7187.patch
+
+CVE-2020-16845.patch
+CVE-2020-15586.patch
+
+CVE-2017-15041.patch
+CVE-2018-16873,16874.patch
+CVE-2019-9741.patch
+CVE-2019-16276.patch
+CVE-2019-17596.patch
+CVE-2021-3114.patch
--- /dev/null
+#!/usr/bin/make -f
+# This file is in the public domain.
+# You may freely use, modify, distribute, and relicense it.
+
+export GOVER := $(shell perl -w -mDpkg::Version -e 'Dpkg::Version->new(`dpkg-parsechangelog -SVersion`)->version() =~ /^([0-9]+\.[0-9]+)/ && print("$$1\n")')
+
+export GOROOT := $(CURDIR)
+export GOROOT_FINAL := /usr/lib/go-$(GOVER)
+
+DEB_HOST_ARCH := $(shell dpkg-architecture -qDEB_HOST_ARCH 2>/dev/null)
+RUN_TESTS := true
+# armel: ???
+# ppc64: ???
+ifneq (,$(filter armel ppc64,$(DEB_HOST_ARCH)))
+ RUN_TESTS := false
+endif
+ifneq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS)))
+ RUN_TESTS := false
+endif
+
+%:
+ +dh --parallel $(opt_no_act) $@
+
+gencontrol:
+ for file in control gbp.conf source/lintian-overrides watch; do \
+ { \
+ echo '#'; \
+ echo '# WARNING: "debian/'$$file'" is generated via "debian/rules gencontrol" (sourced from "debian/'$$file'.in")'; \
+ echo '#'; \
+ echo; \
+ sed -e 's/X.Y/$(GOVER)/g' debian/$$file.in; \
+ } > debian/$$file; \
+ done
+
+override_dh_auto_clean: gencontrol
+ # remove autogenerated files
+ rm -f \
+ src/cmd/cgo/zdefaultcc.go \
+ src/cmd/go/zdefaultcc.go \
+ src/cmd/internal/obj/zbootstrap.go \
+ src/runtime/internal/sys/zversion.go
+ # remove built objects
+ rm -rf bin pkg
+ @set -e; cd debian; for x in golang-X.Y-*; do \
+ rm -f -v golang-$(GOVER)-$${x##golang-X.Y-}; \
+ done
+
+override_dh_prep:
+ dh_prep
+ @set -e; cd debian; for x in golang-X.Y-*; do \
+ sed -e 's/X.Y/$(GOVER)/g' $$x > golang-$(GOVER)-$${x##golang-X.Y-}; \
+ done
+
+
+override_dh_auto_test-arch:
+ifeq (true, $(RUN_TESTS))
+ set -ex; \
+ cd src; \
+ export PATH="$(GOROOT)/bin:$$PATH"; \
+ eval "$$(go tool dist env)"; \
+ bash run.bash -k -no-rebuild;
+ # -k keep going even when error occurred
+ # -no-rebuild don't rebuild std and cmd packages
+
+ # On linux/amd64 run.bash installs some race enabled standard library
+ # packages. Delete them again to avoid accidentally including them in
+ # the package.
+ set -ex; \
+ export PATH="$(GOROOT)/bin:$$PATH"; \
+ eval "$$(go tool dist env)"; \
+ rm -rf "$(GOROOT)/pkg/$${GOOS}_$${GOARCH}_race/"
+else
+ # skip the tests on platforms where they fail
+endif
+
+override_dh_compress-indep:
+ dh_compress -Xusr/share/doc/golang-doc/html -Xusr/share/doc/golang-doc/godoc
+
+override_dh_install-indep:
+ dh_install --fail-missing
+
+override_dh_install-arch:
+ dh_install --fail-missing
+ # Remove Plan9 rc(1) scripts
+ find debian/golang-$(GOVER)-src/usr/share/go-$(GOVER)/src -type f -name '*.rc' -delete
+ # Remove empty /usr/share/go-$(GOVER)/src from golang-$(GOVER)-go, it is provided by golang-$(GOVER)-src
+ find debian/golang-$(GOVER)-go/usr/share/go-$(GOVER)/src -type d -delete
+ # Touch built and installed files and directories to have same timestamp
+ touch debian/golang-$(GOVER)-go/usr/lib/go-$(GOVER)/pkg
+ find debian/golang-$(GOVER)-go/usr/lib/go-$(GOVER)/pkg -exec touch -r $(CURDIR)/debian/golang-$(GOVER)-go/usr/lib/go-$(GOVER)/pkg {} \;
+
+override_dh_strip:
+ dh_strip -Xtestdata
+
+override_dh_shlibdeps:
+ dh_shlibdeps -Xtestdata -Xtest
+
+override_dh_auto_build-arch:
+ [ -f VERSION ] || echo "debian snapshot +$$(dpkg-parsechangelog -SVersion)" > VERSION
+ export GOROOT_BOOTSTRAP=$$(env -i go env GOROOT) \
+ && cd src \
+ && $(CURDIR)/debian/helpers/goenv.sh \
+ bash ./make.bash --no-banner
+
+opt_no_act :=
+ifneq (,$(findstring n,$(MAKEFLAGS)))
+ opt_no_act := --no-act
+endif
--- /dev/null
+3.0 (quilt)
--- /dev/null
+#
+# WARNING: "debian/source/lintian-overrides" is generated via "debian/rules gencontrol" (sourced from "debian/source/lintian-overrides.in")
+#
+
+golang-1.7 source: source-contains-prebuilt-binary src/debug/dwarf/testdata/typedef.elf
+golang-1.7 source: source-contains-prebuilt-binary src/debug/elf/testdata/gcc-amd64-linux-exec
+golang-1.7 source: source-contains-prebuilt-binary src/debug/elf/testdata/go-relocation-test-gcc441-x86.obj
+golang-1.7 source: source-contains-prebuilt-binary src/debug/elf/testdata/gcc-386-freebsd-exec
+golang-1.7 source: source-contains-prebuilt-binary src/debug/elf/testdata/gcc-amd64-openbsd-debug-with-rela.obj
+golang-1.7 source: source-contains-prebuilt-windows-binary src/debug/pe/testdata/gcc-386-mingw-exec
+golang-1.7 source: source-contains-prebuilt-binary src/debug/elf/testdata/go-relocation-test-gcc424-x86-64.obj
+golang-1.7 source: source-contains-prebuilt-binary src/debug/elf/testdata/go-relocation-test-gcc441-x86-64.obj
+golang-1.7 source: source-contains-prebuilt-windows-binary src/debug/pe/testdata/gcc-386-mingw-obj
+golang-1.7 source: source-contains-prebuilt-binary src/runtime/race/race_linux_amd64.syso
+
+# All these files are compiled from src/debug/elf/testdata/hello.c
+# with various toolchain and options to be used as test data for the
+# elf parser.
+golang-1.7 source: source-is-missing src/debug/elf/testdata/compressed-32.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/compressed-64.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/gcc-386-freebsd-exec
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-clang-arm.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-clang-x86.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc424-x86-64.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc441-x86-64.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc441-x86.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc482-aarch64.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc482-ppc64le.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc492-arm.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc492-mips64.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc493-mips64le.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc5-ppc.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc531-s390x.obj
+golang-1.7 source: source-is-missing src/debug/elf/testdata/zdebug-test-gcc484-x86-64.obj
+
+# These files are compiled from src/debug/dwarf/testdata/line2.c with clang and gcc.
+golang-1.7 source: source-is-missing src/debug/dwarf/testdata/line-clang.elf
+golang-1.7 source: source-is-missing src/debug/dwarf/testdata/line-gcc.elf
+
+# Compiled from src/debug/dwarf/testdata/typedef.c with dwarf version 4.
+golang-1.7 source: source-is-missing src/debug/dwarf/testdata/typedef.elf4
+
+# This is not a typo.
+golang-1.7 source: unknown-file-in-debian-source lintian-overrides.in
--- /dev/null
+golang-X.Y source: source-contains-prebuilt-binary src/debug/dwarf/testdata/typedef.elf
+golang-X.Y source: source-contains-prebuilt-binary src/debug/elf/testdata/gcc-amd64-linux-exec
+golang-X.Y source: source-contains-prebuilt-binary src/debug/elf/testdata/go-relocation-test-gcc441-x86.obj
+golang-X.Y source: source-contains-prebuilt-binary src/debug/elf/testdata/gcc-386-freebsd-exec
+golang-X.Y source: source-contains-prebuilt-binary src/debug/elf/testdata/gcc-amd64-openbsd-debug-with-rela.obj
+golang-X.Y source: source-contains-prebuilt-windows-binary src/debug/pe/testdata/gcc-386-mingw-exec
+golang-X.Y source: source-contains-prebuilt-binary src/debug/elf/testdata/go-relocation-test-gcc424-x86-64.obj
+golang-X.Y source: source-contains-prebuilt-binary src/debug/elf/testdata/go-relocation-test-gcc441-x86-64.obj
+golang-X.Y source: source-contains-prebuilt-windows-binary src/debug/pe/testdata/gcc-386-mingw-obj
+golang-X.Y source: source-contains-prebuilt-binary src/runtime/race/race_linux_amd64.syso
+
+# All these files are compiled from src/debug/elf/testdata/hello.c
+# with various toolchain and options to be used as test data for the
+# elf parser.
+golang-X.Y source: source-is-missing src/debug/elf/testdata/compressed-32.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/compressed-64.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/gcc-386-freebsd-exec
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-clang-arm.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-clang-x86.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc424-x86-64.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc441-x86-64.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc441-x86.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc482-aarch64.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc482-ppc64le.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc492-arm.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc492-mips64.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc493-mips64le.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc5-ppc.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/go-relocation-test-gcc531-s390x.obj
+golang-X.Y source: source-is-missing src/debug/elf/testdata/zdebug-test-gcc484-x86-64.obj
+
+# These files are compiled from src/debug/dwarf/testdata/line2.c with clang and gcc.
+golang-X.Y source: source-is-missing src/debug/dwarf/testdata/line-clang.elf
+golang-X.Y source: source-is-missing src/debug/dwarf/testdata/line-gcc.elf
+
+# Compiled from src/debug/dwarf/testdata/typedef.c with dwarf version 4.
+golang-X.Y source: source-is-missing src/debug/dwarf/testdata/typedef.elf4
+
+# This is not a typo.
+golang-X.Y source: unknown-file-in-debian-source lintian-overrides.in
--- /dev/null
+#
+# WARNING: "debian/watch" is generated via "debian/rules gencontrol" (sourced from "debian/watch.in")
+#
+
+version=3
+opts=\
+uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/,\
+ http://golang.org/dl/ .*/go(1.7\S*)\.src\.tar\.gz
--- /dev/null
+version=3
+opts=\
+uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/,\
+ http://golang.org/dl/ .*/go(X.Y\S*)\.src\.tar\.gz
projects / golang-1.7.git / commitdiff