go, branch go1.11.6

[release-branch.go1.11] go1.11.6

2019-03-14T19:57:30Z

Change-Id: I944d7cb825b8791486446d78feae9eed0a5479c4 Reviewed-on: https://go-review.googlesource.com/c/go/+/167705 Run-TryBot: Andrew Bonventre TryBot-Result: Gobot Gobot Reviewed-by: Andrew Bonventre

[release-branch.go1.11] runtime: skip TestLockOSThreadAvoidsStatePropagation if one can't unshare

2019-03-14T19:33:12Z

This change splits a testprog out of TestLockOSThreadExit and makes it its own test. Then, this change makes the testprog exit prematurely with a special message if unshare fails with EPERM because not all of the builders allow the user to call the unshare syscall. Also, do some minor cleanup on the TestLockOSThread* tests. Fixes #29366. Change-Id: Id8a9f6c4b16e26af92ed2916b90b0249ba226dbe Reviewed-on: https://go-review.googlesource.com/c/155437 Run-TryBot: Michael Knyszek TryBot-Result: Gobot Gobot Reviewed-by: Brad Fitzpatrick (cherry picked from commit 429bae715876c69853bb63db1733f580e293c916) Reviewed-on: https://go-review.googlesource.com/c/go/+/167707 Run-TryBot: Andrew Bonventre Reviewed-by: Michael Knyszek

[release-branch.go1.11] doc: document Go 1.11.6

2019-03-14T18:11:32Z

Change-Id: I99832fa4f2c3ec28e2dad46cf7607f3766948031 Reviewed-on: https://go-review.googlesource.com/c/go/+/167698 Reviewed-by: Brad Fitzpatrick (cherry picked from commit d3bb45d9046bb7d12c4fc9cdaf122f36d001fd31) Reviewed-on: https://go-review.googlesource.com/c/go/+/167700

[release-branch.go1.11] crypto/x509: explicitly cast printf format argument

2019-02-27T20:59:09Z

After CL 128056 the build fails on darwin/386 with src/crypto/x509/root_cgo_darwin.go:218:55: warning: values of type 'SInt32' should not be used as format arguments; add an explicit cast to 'int' instead [-Wformat] go build crypto/x509: C compiler warning promoted to error on Go builders Fix the warning by explicitly casting the argument to an int as suggested by the warning. Fixes #30444 Change-Id: Icb6bd622a543e9bc5f669fd3d7abd418b4a8e579 Reviewed-on: https://go-review.googlesource.com/c/152958 Run-TryBot: Tobias Klauser TryBot-Result: Gobot Gobot Reviewed-by: Ian Lance Taylor (cherry picked from commit ec0077c54d6261ba5cbab2c5dc2e80345068233f) Reviewed-on: https://go-review.googlesource.com/c/164240 Run-TryBot: Filippo Valsorda Reviewed-by: Brad Fitzpatrick

[release-branch.go1.11] crypto/x509: consider parents by Subject if AKID has no match

2019-02-26T01:57:55Z

If a certificate somehow has an AKID, it should still chain successfully to a parent without a SKID, even if the latter is invalid according to RFC 5280, because only the Subject is authoritative. This reverts to the behavior before #29233 was fixed in 770130659. Roots with the right subject will still be shadowed by roots with the right SKID and the wrong subject, but that's been the case for a long time, and is left for a more complete fix in Go 1.13. Updates #30079 Fixes #30081 Change-Id: If8ab0179aca86cb74caa926d1ef93fb5e416b4bb Reviewed-on: https://go-review.googlesource.com/c/161097 Reviewed-by: Adam Langley (cherry picked from commit 95e5b07cf5fdf3352f04f5557df38f22c55ce8e8) Reviewed-on: https://go-review.googlesource.com/c/163739 Run-TryBot: Filippo Valsorda TryBot-Result: Gobot Gobot Reviewed-by: Brad Fitzpatrick

[release-branch.go1.11] cmd/compile: fix deriving from x+d >= w on overflow in prove pass

2019-02-25T21:58:21Z

In the case of x+d >= w, where d and w are constants, we are deriving x is within the bound of min=w-d and max=maxInt-d. When there is an overflow (min >= max), we know only one of x >= min or x <= max is true, and we derive this by excluding the other. When excluding x >= min, we did not consider the equal case, so we could incorrectly derive x <= max when x == min. Updates #29502. Fixes #29503. Change-Id: Ia9f7d814264b1a3ddf78f52e2ce23377450e6e8a Reviewed-on: https://go-review.googlesource.com/c/156019 Reviewed-by: David Chase (cherry picked from commit 2e217fa726a624093eea5b099d1531c79e27a423) Reviewed-on: https://go-review.googlesource.com/c/163724 Run-TryBot: Cherry Zhang Reviewed-by: Brad Fitzpatrick TryBot-Result: Gobot Gobot

[release-branch.go1.11] crypto/x509: fix root CA extraction on macOS (no-cgo path)

2019-02-22T16:50:29Z

Certificates without any trust settings might still be in the keychain (for example if they used to have some, or if they are intermediates for offline verification), but they are not to be trusted. The only ones we can trust unconditionally are the ones in the system roots store. Moreover, the verify-cert invocation was not specifying the ssl policy, defaulting instead to the basic one. We have no way of communicating different usages in a CertPool, so stick to the WebPKI use-case as the primary one for crypto/x509. Updates #24652 Fixes #26039 Change-Id: Ife8b3d2f4026daa1223aa81fac44aeeb4f96528a Reviewed-on: https://go-review.googlesource.com/c/128116 Reviewed-by: Adam Langley Reviewed-by: Adam Langley (cherry picked from commit aa2415807781ba84bf917c62cb983dc1a44f2ad1) Reviewed-on: https://go-review.googlesource.com/c/162861 Run-TryBot: Filippo Valsorda TryBot-Result: Gobot Gobot Reviewed-by: Andrew Bonventre

[release-branch.go1.11] crypto/x509: fix root CA extraction on macOS (cgo path)

2019-02-22T16:50:16Z

The cgo path was not taking policies into account, using the last security setting in the array whatever it was. Also, it was not aware of the defaults for empty security settings, and for security settings without a result type. Finally, certificates restricted to a hostname were considered roots. The API docs for this code are partial and not very clear, so this is a best effort, really. Updates #24652 Updates #26039 Change-Id: I8fa2fe4706f44f3d963b32e0615d149e997b537d Reviewed-on: https://go-review.googlesource.com/c/128056 Run-TryBot: Filippo Valsorda TryBot-Result: Gobot Gobot Reviewed-by: Adam Langley Reviewed-by: Adam Langley (cherry picked from commit f6be1cf109a2be59b96d1fa913adfa1fbc628579) Reviewed-on: https://go-review.googlesource.com/c/162860 Reviewed-by: Andrew Bonventre

[release-branch.go1.11] cmd/cgo: ignore unrecognized GCC warning group pragmas

2019-02-01T21:24:29Z

CL 159859 causes build failure with old clang versions (3.4.1) on FreeBSD 10.3/10.4. Update #29962 Reviewed-on: https://go-review.googlesource.com/c/160777 Run-TryBot: Ian Lance Taylor TryBot-Result: Gobot Gobot Reviewed-by: Ian Lance Taylor (cherry picked from commit 6f4dc1ccf9735013fdb7cd044bda29d19bebb906) Change-Id: Ie78d552ea6494fe3c4059847b26c2a6e206f9515 Reviewed-on: https://go-review.googlesource.com/c/160780 Run-TryBot: Brad Fitzpatrick TryBot-Result: Gobot Gobot Reviewed-by: Brad Fitzpatrick

[release-branch.go1.11] cmd/cgo: disable GCC 9 warnings triggered by cgo code

2019-02-01T20:35:09Z

GCC 9 has started emitting warnings when taking the address of a field in a packed struct may cause a misaligned pointer. We use packed structs in cgo to ensure that our field layout matches the C compiler's layout. Our pointers are always aligned, so disable the warning Updates #29962 Fixes #29967 Change-Id: I7e290a7cf694a2c2958529e340ebed9fcd62089c Reviewed-on: https://go-review.googlesource.com/c/159859 Run-TryBot: Ian Lance Taylor TryBot-Result: Gobot Gobot Reviewed-by: Bryan C. Mills (cherry picked from commit f2a416b90ac68596ea05b97cefa8c72e7416e98f) Reviewed-on: https://go-review.googlesource.com/c/160449 Run-TryBot: Brad Fitzpatrick Reviewed-by: Brad Fitzpatrick