Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.12.16 2020-01-27T22:27:19Z 2020-01-27T22:27:19Z Dmitri Shuralyov dmitshur@golang.org 2020-01-27T21:36:40Z urn:sha1:deac3221fc4cd365fb40d269dd56551e9d354356 Change-Id: Iea658e285670a897a45eca3756004f050763c64d Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/649301 Reviewed-by: Katie Hockman <katiehockman@google.com> 2020-01-27T21:15:08Z Katie Hockman katie@golang.org 2020-01-27T19:11:04Z urn:sha1:e60fc07b54375c9dcc5d6e28c9376926c450fd57 Change-Id: Ib8ac9bf5020d9ab126a8069378978d7dce3509dc Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/648870 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2020-01-27T20:31:21Z Katie Hockman katie@golang.org 2020-01-24T20:29:12Z urn:sha1:44bb3b4b5341f5bb373acb0b8130795f888c9ace cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs When int is 32 bits wide (on 32-bit architectures like 386 and arm), an overflow could occur, causing a panic, due to malformed ASN.1 being passed to any of the ASN1 methods of String. Tested on linux/386 and darwin/amd64. This fixes CVE-2020-7919 and was found thanks to the Project Wycheproof test vectors. Change-Id: I8c9696a8bfad1b40ec877cd740dba3467d66ab54 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/645211 Reviewed-by: Katie Hockman <katiehockman@google.com> Reviewed-by: Adam Langley <agl@google.com> x/crypto/cryptobyte is used in crypto/x509 for parsing certificates. Malformed certificates might cause a panic during parsing on 32-bit architectures (like arm and 386). Change-Id: I3c619af508bacff84023be4d5a7c4992c2f20a56 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/647483 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2020-01-24T19:25:49Z Filippo Valsorda filippo@golang.org 2020-01-21T19:45:15Z urn:sha1:a8b372fb365f4b69f0b06aa9c3e642e6aa022840 An attacker can trick the Windows system verifier to use a poisoned set of elliptic curve parameters for a trusted root, allowing it to generate spoofed signatures. When this happens, the returned chain will present the unmodified original root, so the actual signatures won't verify (as they are invalid for the correct parameters). Simply double check them as a safety measure and mitigation. Windows users should still install the system security patch ASAP. This is the same mitigation adopted by Chromium: https://chromium-review.googlesource.com/c/chromium/src/+/1994434 Change-Id: I2c734f6fb2cb51d906c7fd77034318ffeeb3e146 Reviewed-on: https://go-review.googlesource.com/c/go/+/215905 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ryan Sleevi <sleevi@google.com> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/647124 Reviewed-by: Filippo Valsorda <valsorda@google.com> 2020-01-09T19:00:28Z Carlos Amedee carlos@golang.org 2020-01-09T16:24:31Z urn:sha1:694e20f4e08af7e7669c9652424d0df9b0b83f00 Change-Id: I6e47da51c3687ae9590554d003d803270f50911e Reviewed-on: https://go-review.googlesource.com/c/go/+/214082 Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org> 2020-01-09T16:23:25Z Carlos Amedee carlos@golang.org 2020-01-09T15:50:48Z urn:sha1:bc42c346297a984b38aea02480fe71322facc09f Change-Id: I3b2c26d4818ca28a71a7fd6927a0c39c9253f06f Reviewed-on: https://go-review.googlesource.com/c/go/+/214079 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Alexander Rakoczy <alex@golang.org> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Alexander Rakoczy <alex@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> 2020-01-08T22:22:22Z Cherry Zhang cherryyz@google.com 2019-12-27T17:02:00Z urn:sha1:ae78084ae4db4f7728e1615c95dfd91c175c906d If a pointer write is not atomic, if the GC is running concurrently, it may observe a partially updated pointer, which may point to unallocated or already dead memory. Most pointer writes, like the store instructions generated by the compiler, are already atomic. But we still need to be careful in places like memmove. In memmove, we don't know which bits are pointers (or too expensive to query), so we ensure that all aligned pointer-sized units are written atomically. Fixes #36367. Updates #36101. Change-Id: I1b3ca24c6b1ac8a8aaf9ee470115e9a89ec1b00b Reviewed-on: https://go-review.googlesource.com/c/go/+/212626 Reviewed-by: Austin Clements <austin@google.com> (cherry picked from commit ffbc02761abb47106ce88e09290a31513b5f6c8a) Reviewed-on: https://go-review.googlesource.com/c/go/+/213684 Run-TryBot: Cherry Zhang <cherryyz@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> 2020-01-07T22:39:30Z Bryan C. Mills bcmills@google.com 2020-01-07T17:03:28Z urn:sha1:c5af2aa0037b39db801154451a3f70982751d988 Previously, we accidentally wrote the Proxy-Authorization header for the initial CONNECT request to the shared ProxyConnectHeader map when it was non-nil. Updates #36431 Fixes #36433 Change-Id: I5cb414f391dddf8c23d85427eb6973f14c949025 Reviewed-on: https://go-review.googlesource.com/c/go/+/213638 Run-TryBot: Bryan C. Mills <bcmills@google.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> (cherry picked from commit 249c85d3aab2ad2d0bcbf36efe606fdd66f25c72) Reviewed-on: https://go-review.googlesource.com/c/go/+/213677 2020-01-03T23:40:29Z Jason A. Donenfeld Jason@zx2c4.com 2019-11-21T15:16:56Z urn:sha1:e42221dc7a003b988b1cae7f07650aeaa705247a Systems where PowerRegisterSuspendResumeNotification returns ERROR_ FILE_NOT_FOUND are also systems where nanotime() is on "program time" rather than "real time". The chain for this is: powrprof.dll!PowerRegisterSuspendResumeNotification -> umpdc.dll!PdcPortOpen -> ntdll.dll!ZwAlpcConnectPort("\\PdcPort") -> syscall -> ntoskrnl.exe!AlpcpConnectPort Opening \\.\PdcPort fails with STATUS_OBJECT_NAME_NOT_FOUND when pdc.sys hasn't been initialized. Pdc.sys also provides the various hooks for sleep resumption events, which means if it's not loaded, then our "real time" timer is actually on "program time". Finally STATUS_OBJECT_NAME_ NOT_FOUND is passed through RtlNtStatusToDosError, which returns ERROR_ FILE_NOT_FOUND. Therefore, in the case where the function returns ERROR_ FILE_NOT_FOUND, we don't mind, since the timer we're using will correspond fine with the lack of sleep resumption notifications. This applies, for example, to Docker users. Updates #35447 Updates #35482 Fixes #36377 Change-Id: I9e1ce5bbc54b9da55ff7a3918b5da28112647eee Reviewed-on: https://go-review.googlesource.com/c/go/+/208317 Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Austin Clements <austin@google.com> Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-on: https://go-review.googlesource.com/c/go/+/213198 2020-01-03T23:37:47Z Jason A. Donenfeld Jason@zx2c4.com 2019-08-27T12:46:16Z urn:sha1:93f059947e31e8dda98c98880aee0e7b924d9a61 Starting in Windows 8, the wait functions don't take into account suspend time, even though the monotonic counters do. This results in timer buckets stalling on resume. Therefore, this commit makes it so that on resume, we return from the wait functions and recalculate the amount of time left to wait. This is a cherry pick of CL 191957 and its cleanup, CL 198417. Updates #31528 Fixes #36376 Change-Id: I0db02cc72188cb620954e87a0180e0a3c83f4a56 Reviewed-on: https://go-review.googlesource.com/c/go/+/193607 Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Austin Clements <austin@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/213197