Your message dated Sat, 24 Jan 2026 08:30:37 +0000
with message-id <[email protected]>
and subject line Bug#1115301: fixed in golang-1.24 1.24.12-1
has caused the Debian Bug report #1115301,
regarding golang-1.24 - fs.ReadDir silently truncates directories
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1115301: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115301
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: golang-1.24
Version: 1.24.4-3
Severity: grave
X-Debbugs-Cc: [email protected]
fs.ReadDir silently fails to read directories fully. As no error shows
up anywhere, this is silent data corruption, hence grave.
Go test code:
| package main
|
| import (
| "fmt"
| "io/fs"
| "os"
| )
|
| func main() {
| fsys := os.DirFS(os.Args[1])
| entries, _ := fs.ReadDir(fsys, ".")
| count := 0
| for _, entry := range entries {
| info, _ := entry.Info()
| fmt.Println(info.Name(), info.IsDir())
| count += 1
| }
| fmt.Println("found without '.' and '..':", count)
| }
C test code:
| #include <sys/types.h>
| #include <dirent.h>
| #include <stdio.h>
|
| int main(int argc, char *argv[]) {
| DIR* dirp = opendir(argv[1]);
| struct dirent *dp;
| int count = 0;
|
| while (dirp) {
| if ((dp = readdir(dirp)) != NULL) {
| printf("%llu %llu %u %s\n", (long long unsigned)dp->d_ino, (long long
unsigned)dp->d_off, dp->d_type, dp->d_name);
| count++;
| }
| else
| break;
| }
| printf("found %d entries\n", count);
|
| return 0;
| }
If I use them on the same directory, which is implemented via FUSE, the
Go test ends with:
| found without '.' and '..': 46
The C test however shows many more:
| found 65 entries
strace on the Go test shows:
| getdents64(3, 0xc0000be000 /* 48 entries */, 8192) = 1520
| getdents64(3, 0xc0000be000 /* 17 entries */, 8192) = 544
| getdents64(3, 0xc0000be000 /* 0 entries */, 8192) = 0
Aka it find all entries from the first getdents64 call (46 plus "." and
".."), but then fails there somewhere without signaling the caller.
No warning about silent corruption is given in
https://pkg.go.dev/io/fs#ReadDir.
I would assume the underlying cause is the filesystem returning
DT_UNKNOWN as type for "." and "..", which it is allowed to do in all
cases.
-- System Information:
Debian Release: forky/sid
APT prefers testing
APT policy: (700, 'testing'), (500, 'unstable-debug'), (500,
'stable-updates'), (500, 'oldstable-updates'), (500, 'unstable'), (500,
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.16.5+deb14-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages golang-1.24 depends on:
ii golang-1.24-doc 1.24.4-3
ii golang-1.24-go 1.24.4-3
ii golang-1.24-src 1.24.4-3
golang-1.24 recommends no packages.
golang-1.24 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: golang-1.24
Source-Version: 1.24.12-1
Done: Tianon Gravi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
golang-1.24, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tianon Gravi <[email protected]> (supplier of updated golang-1.24 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 23 Jan 2026 23:52:11 -0800
Source: golang-1.24
Architecture: source
Version: 1.24.12-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Compiler Team <[email protected]>
Changed-By: Tianon Gravi <[email protected]>
Closes: 1115301 1121848 1125464 1125917
Changes:
golang-1.24 (1.24.12-1) unstable; urgency=medium
.
* Update to 1.24.12 upstream release
.
1.24.12: (Closes: #1125917)
- https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc/m/pQP7Bk0aCQAJ
.
- CVE-2025-61728: https://go.dev/issue/77102
archive/zip: denial of service when parsing arbitrary ZIP archives
.
- CVE-2025-61726: https://go.dev/issue/77101
net/http: memory exhaustion in Request.ParseForm
.
- CVE-2025-68121: https://go.dev/issue/77113
crypto/tls: Config.Clone copies automatically generated session ticket
keys, session resumption does not account for the expiration of full
certificate chain
.
- CVE-2025-61731: https://go.dev/issue/77100
cmd/go: bypass of flag sanitization can lead to arbitrary code
execution
.
- CVE-2025-68119: https://go.dev/issue/77099
cmd/go: unexpected code execution when invoking toolchain
.
- CVE-2025-61730: https://go.dev/issue/76443
crypto/tls: handshake messages may be processed at the incorrect
encryption level
.
- os: allow direntries to have zero inodes on Linux (Closes: #1115301)
.
1.24.11: (Closes: #1121848)
- https://groups.google.com/g/golang-announce/c/8FJoBkPddm4/m/kYpVlPw1CQAJ
.
- CVE-2025-61729: https://go.dev/issue/76445
crypto/x509: excessive resource consumption in printing error string for
host certificate validation
.
- CVE-2025-61727: https://go.dev/issue/76442
crypto/x509: excluded subdomain constraint does not restrict wildcard
SANs
.
1.24.10:
- https://groups.google.com/g/golang-announce/c/tVVHm9gnwl8/m/-oTvYIjCAQAJ
.
* Fix build with DEB_BUILD_OPTIONS=terse (Closes: #1125464)
(solution borrowed from xz-utils debian/rules)
Checksums-Sha1:
eb59dc3c05926366a0585e8245ba4126760350f1 2933 golang-1.24_1.24.12-1.dsc
edd2b0e3e183c973e3bd73320bf18dd6157ee3d2 30803950
golang-1.24_1.24.12.orig.tar.gz
21df7477fab6b7198ebd97569015218f9560be77 833
golang-1.24_1.24.12.orig.tar.gz.asc
33ffd4515b90ecc816c8a9bf1fb13e33b24d72c1 45248
golang-1.24_1.24.12-1.debian.tar.xz
09d8813ad2212ddf63aed84568793c5a65eafe8b 5636
golang-1.24_1.24.12-1_source.buildinfo
Checksums-Sha256:
9cc9da3f706a7a42f3042b9ca5064fc5d5b4d737589437c6e0d7d6c719ce3a96 2933
golang-1.24_1.24.12-1.dsc
fba2dd661b7be7b34d6bd17ed92f41c44a5e05953ad81ab34b4ec780e5e7dc41 30803950
golang-1.24_1.24.12.orig.tar.gz
78e33805e528961e18ec70843782c27c64218db27f5a088002a215911b48e252 833
golang-1.24_1.24.12.orig.tar.gz.asc
9385cbe07cf945dfa69262e8c075a14a1cafb8d4eacf6c18e382d5c01f3377e3 45248
golang-1.24_1.24.12-1.debian.tar.xz
69c15d7f6f4ed1c2b3921d495c56e5e7b70892b42441359207b2fc8c5367c431 5636
golang-1.24_1.24.12-1_source.buildinfo
Files:
27be3f7a6f9e302de65cf80558d98837 2933 golang optional golang-1.24_1.24.12-1.dsc
7d0efe8899a502be06604b28cf0f756c 30803950 golang optional
golang-1.24_1.24.12.orig.tar.gz
d65416292884be6af90c7ccb079400ed 833 golang optional
golang-1.24_1.24.12.orig.tar.gz.asc
2873294088929df7e7c16c658fdf31b1 45248 golang optional
golang-1.24_1.24.12-1.debian.tar.xz
4c578f15023ac7b21bdcdda4b602f907 5636 golang optional
golang-1.24_1.24.12-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEtC9oGQB/APiONk/UA2qcJb81fdQFAml0eo4SHHRpYW5vbkBk
ZWJpYW4ub3JnAAoJEANqnCW/NX3Uh/AP/3E2igk/aG40/Of0RlYL57HAf4CRuDIC
UFYTu5o24htctyny6eOmjCUQTrCQMlXALj8sYX+Rg/eCr9gZ5t9W+xkRntMfABCH
ubIulWkx39l3ORSZwf38/r8OkgXd8UCeC4QbQDB/AzGUF658co79IRiKgezPYzra
Oqh5+vVKg1b4s21Dx6uefETq/kyxvCHg5NL04KYX/4wNrj0kdQvAltcnJAPq6i5g
Xgnlm9sV/rrTeknQBXidsMwTgnAvfCwCbfuRE5tbs/2tz/PRRLlqqDrnTKnoRYlB
a+WK2ex+PLz3pLeL/7/I/7cwTYShQ6Xtp+cwPQGri1cjkVjK9mtIvDSnnrxIpfTw
dz4Nn0dS2kK0ZwNXkkAE6Fc2n0lkF/DK8mG5bb+cPPEBXDGq17JpVfjl3/eW/aPT
tXGUTljRe54pA1GuraRKz5+jPWsOwTCoaSw4R3fVx5XRkUr9xegg743ixCX2ECwj
yYNHKbH4XbexPV0lCXh3qOVWD0rIt3CTyHdjJr0Pi8+MTroElRjIQuqs0DRVNFHs
ZqKYhW8jh9cH+i9lfRGTLmX3sTArlM0B6F1r/UtS0bShyeaaoXKDm+LmiDyLUaDz
TWV10h7eHBgxA7kliq44d/B2qwIW55ODpeGGp4DI85U2uYjFAjmSunR7/zQXAVnA
zT9oJM1w5Afz
=f7Rd
-----END PGP SIGNATURE-----
pgpEUsuW0KSsw.pgp
Description: PGP signature
--- End Message ---
