golang-1.25 (1.25.7-2) unstable; urgency=medium . * Team upload. * Skip TestTSAN test on s390x. The test consistently fails, and is probably a real bug. It's currently being investigated, but until that is resolved, we disable the test to be able to build the golang package, so it can migrate to testing and fix lots of other bugs and CVEs. See https://github.com/golang/go/issues/77289 * Remove golang-1.25-go:native from Build-Depends. This is hopefully a temporary measure to allow the buildds to use golang-1.24 for building this package. The build on loong64 is not possible due to a missing golang-1.25-go:loong64 package. After this package has been built on loong64, golang-1.25 could be re-added to Build-Depends. golang-1.25 (1.25.7-1) unstable; urgency=medium . * Team upload. * New upstream version 1.25.7 - Refresh patches - New patch: Replace localhostCert and localhostKey. New they are valid until 2084, so that this package will not FTBFS during the forky release. (Closes: #1127117) - CVE-2025-61732: https://go.dev/issue/76697 cmd/go: potential code smuggling using doc comments golang-1.25 (1.25.6-1) unstable; urgency=medium . [ Anshul Singh ] * Update to 1.25.5 upstream release https://go.dev/doc/devel/release#go1.25.5 - crypto/x509: excessive resource consumption in printing error string for host certificate validation - crypto/x509: excluded subdomain constraint does not restrict wildcard SANs . [ Tianon Gravi ] * Update to 1.25.6 upstream release . 1.25.6: (Closes: #1125916) - https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc/m/pQP7Bk0aCQAJ . - CVE-2025-61728: https://go.dev/issue/77102 archive/zip: denial of service when parsing arbitrary ZIP archives . - CVE-2025-61726: https://go.dev/issue/77101 net/http: memory exhaustion in Request.ParseForm . - CVE-2025-68121: https://go.dev/issue/77113 crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain . - CVE-2025-61731: https://go.dev/issue/77100 cmd/go: bypass of flag sanitization can lead to arbitrary code execution . - CVE-2025-68119: https://go.dev/issue/77099 cmd/go: unexpected code execution when invoking toolchain . - CVE-2025-61730: https://go.dev/issue/76443 crypto/tls: handshake messages may be processed at the incorrect encryption level . - os: allow direntries to have zero inodes on Linux (Closes: #1115301) . 1.25.5: (Closes: #1121847) - https://groups.google.com/g/golang-announce/c/8FJoBkPddm4/m/kYpVlPw1CQAJ . - CVE-2025-61729: https://go.dev/issue/76445 crypto/x509: excessive resource consumption in printing error string for host certificate validation . - CVE-2025-61727: https://go.dev/issue/76442 crypto/x509: excluded subdomain constraint does not restrict wildcard SANs . 1.25.4: - https://groups.google.com/g/golang-announce/c/tVVHm9gnwl8/m/-oTvYIjCAQAJ . * Fix build with DEB_BUILD_OPTIONS=terse (Closes: #1125464) (solution borrowed from xz-utils debian/rules) python-pbr (7.0.3-2) unstable; urgency=medium . * Clean-up .pybuild folder (Closes: #1045383). vtk9 (9.5.2+dfsg3-6) unstable; urgency=medium . * Team upload. * debian patch matplotlib_nullptr_s390x.patch handles case of null ScalarPointer in image in vtkMatplotlibMathTextUtilities::RenderOneCell A null pointer was generated on s390x causing pyvista test_add_text_latex to segfault. Closes: #1126861 * add alpha to list of ADIOS2-supporting arches in Build-Depends: libadios2-mpi-c++-dev vtk9 (9.5.2+dfsg3-5) unstable; urgency=medium . * Team upload. * debian patch findEXPAT_version_fix_MR12826.patch applies upstream MR#12826 to fix expat version handling. Closes: #1050506 * 9.5.2+dfsg3-3 disabled viskores on 32-bit arches, since ParaView::RemotingViews optionally uses VTK::vtkviskores but (ThirdParty) viskores exhausts virtual memory on 32-bit arches * disable viskores on alpha, which is 64-bit but also exceeds available memory REMOVED: and 1.2.2-4.3 REMOVED: gcc-doc-defaults 5:28 REMOVED: gcc-13-doc 13.3.0-1 REMOVED: python-rtslib-fb 2.1.76-3 REMOVED: gcc-11-doc 11.3.0-1 REMOVED: cinder 2:27.0.0-4 REMOVED: targetcli-fb 1:3.0.1-0.1 REMOVED: gcc-14-doc 14.2.0-1