golang-github-jackc-pgx (4.18.1-2) unstable; urgency=medium

  * Team upload.
  * Create a new git branch to fix CVEs during soft freeze.
  * Add two patches from upstream
    - CVE-2024-27289
      pgx is a PostgreSQL driver and toolkit for Go. Prior to version
      4.18.2, SQL injection can occur when all of the following
      conditions are met: the non-default simple protocol is used; a
      placeholder for a numeric value must be immediately preceded by a
      minus; there must be a second placeholder for a string value
      after the first placeholder; both must be on the same line; and
      both parameter values must be user-controlled. The problem is
      resolved in v4.18.2. As a workaround, do not use the simple
      protocol or do not place a minus directly before a placeholder.
      Closes: #1065686
    - CVE-2024-27304
      pgx is a PostgreSQL driver and toolkit for Go. SQL injection can
      occur if an attacker can cause a single query or bind message to
      exceed 4 GB in size. An integer overflow in the calculated
      message size can cause the one large message to be sent as
      multiple messages under the attacker's control. The problem is
      resolved in v4.18.2 and v5.5.4. As a workaround, reject user
      input large enough to cause a single query or bind message to
      exceed 4 GB in size.
      Closes: #1065687

 -- Dr. Tobias Quathamer <toddy@debian.org>  Wed, 23 Apr 2025 11:04:24 +0200

golang-github-jackc-pgx (4.18.1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 4.18.1
  * Reorder fields in debian/control and debian/copyright
  * Change Section from devel to golang
  * Use dh-sequence-golang instead of dh-golang and --with=golang
  * Update versioned dependencies as per go.mod
  * Remove unused "DH_GOLANG_INSTALL_EXTRA := $(wildcard *.example)"
    as upstream no longer comes with *.example files
  * Set debian-branch to debian/sid for DEP-14 conformance

 -- Anthony Fok <foka@debian.org>  Mon, 26 Feb 2024 19:29:39 -0700

golang-github-jackc-pgx (4.15.0-4) unstable; urgency=medium

  * Source only upload for migration to testing

 -- Pirate Praveen <praveen@debian.org>  Mon, 18 Apr 2022 13:14:43 +0530

golang-github-jackc-pgx (4.15.0-3) unstable; urgency=medium

  * Binary included upload to break circular dependency with
    golang-github-jackc-pgtype-dev

 -- Pirate Praveen <praveen@debian.org>  Sun, 17 Apr 2022 18:29:54 +0530

golang-github-jackc-pgx (4.15.0-2) unstable; urgency=medium

  * Reupload to unstable
  * Add Breaks: golang-github-jackc-pgtype-dev (<< 1.10.0-3~)

 -- Pirate Praveen <praveen@debian.org>  Sat, 16 Apr 2022 14:01:42 +0530

golang-github-jackc-pgx (4.15.0-1) experimental; urgency=medium

  [ Debian Janitor ]
  * Bump debhelper from old 12 to 13.
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.
  * Update standards version to 4.5.1, no changes needed.

  [ Pirate Praveen ]
  * New upstream version 4.15.0
  * Bump Standards-Version to 4.6.0 (no changes needed)
  * Update XS-Go-Import-Path and binary package name to include v4
  * Update dependencies
  * Add myself to uploaders

 -- Pirate Praveen <praveen@debian.org>  Fri, 11 Mar 2022 16:21:34 +0530

golang-github-jackc-pgx (3.6.2-2) unstable; urgency=medium

  * Team upload.
  * Rename golang-x-text-dev to golang-golang-x-text-dev

 -- Stephen Gelman <ssgelm@debian.org>  Sun, 02 Aug 2020 19:11:38 -0500

golang-github-jackc-pgx (3.6.2-1) unstable; urgency=medium

  * New upstream release.
  * Standards-Version: 4.5.0.
  * Disabled broken "autopkgtest-pkg-go" test suite.

 -- Dmitry Smirnov <onlyjob@debian.org>  Tue, 04 Feb 2020 15:42:56 +1100

golang-github-jackc-pgx (3.6.1-1) unstable; urgency=medium

  * New upstream release.
  * Standards-Version: 4.4.1.

 -- Dmitry Smirnov <onlyjob@debian.org>  Wed, 15 Jan 2020 20:52:59 +1100

golang-github-jackc-pgx (3.6.0-1) unstable; urgency=medium

  * Initial release (Closes: #945927).

 -- Dmitry Smirnov <onlyjob@debian.org>  Sun, 10 Nov 2019 21:50:20 +1100
