Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.14.14 2021-01-19T19:47:38Z 2021-01-19T19:47:38Z Dmitri Shuralyov dmitshur@golang.org 2021-01-19T18:37:47Z urn:sha1:ccb4f250bd7e382e50824c36ec5a3e1a57dcf11a Change-Id: Id4260bbb5aa55b7e93c0c4686f174ea7916c14db Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/957919 Reviewed-by: Roland Shoemaker <bracewell@google.com> 2021-01-19T18:35:10Z Roland Shoemaker roland@golang.org 2021-01-19T17:59:24Z urn:sha1:05822ab49228c3351af1973a7d6345e5cd01083a If the program path is resolved, replace the first argument of the exec.Cmd, which is the bare program name with the resolved path. Change-Id: I92cf5e6f4bb7c8fef9b59f5eab963f4e75b90d07 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/957908 Reviewed-by: Katie Hockman <katiehockman@google.com> Reviewed-by: Russ Cox <rsc@google.com> Reviewed-by: Jay Conrod <jayconrod@google.com> (cherry picked from commit a863cb56b33a24aad88f23f1d48629dc4b4b9539) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/958253 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2021-01-16T01:44:08Z Roland Shoemaker roland@golang.org 2021-01-15T20:14:06Z urn:sha1:94200a92cf4d6dfdab5291f9e29785cad566faa0 Introduces a wrapper around os/exec, internal/execabs, for use in all commands. This wrapper prevents exec.LookPath and exec.Command from running executables in the current directory. All imports of os/exec in non-test files in cmd/ are replaced with imports of internal/execabs. This issue was reported by RyotaK. Fixes CVE-2021-3115 Change-Id: I0423451a6e27ec1e1d6f3fe929ab1ef69145c08f Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955304 Reviewed-by: Russ Cox <rsc@google.com> Reviewed-by: Katie Hockman <katiehockman@google.com> (cherry picked from commit 44f09a6990ccf4db601cbf8208c89ac4e888f884) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955309 2021-01-16T01:43:57Z Russ Cox rsc@golang.org 2021-01-11T14:43:08Z urn:sha1:bd04382057fcfadd78ccc80684ab4c942d1adf9a Change-Id: Ied986053a64447c5eac6369f6c9b69ed3d3f94d9 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/949415 Reviewed-by: Ian Lance Taylor <iant@google.com> (cherry picked from commit e97d4ed8dcc1fed64fe44b56dfdfb0f929aabb65) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955298 Reviewed-by: Katie Hockman <katiehockman@google.com> 2021-01-16T00:41:12Z Russ Cox rsc@golang.org 2021-01-11T15:01:24Z urn:sha1:4bf9990a6bc8d7c44650f7f061639a2507104366 Change-Id: I0e6bebf0e2e6efdef4be880e0c6c7451b938924b Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/949417 Reviewed-by: Katie Hockman <katiehockman@google.com> Reviewed-by: Jay Conrod <jayconrod@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> (cherry picked from commit 4c2e5f85dda6ad5cc1d5be863ae62f2050f12be9) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955296 2021-01-16T00:41:07Z Russ Cox rsc@golang.org 2021-01-11T14:41:54Z urn:sha1:e749a96e717718e3ac881a75f805776370302a86 This makes sure the go command and cgo agree about exactly which compiler is being used. This issue was reported by RyotaK. Fixes CVE-2021-3115. Change-Id: If171c5c8b2523efb5ea2d957e5ad1380a038149c Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/949416 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Jay Conrod <jayconrod@google.com> (cherry picked from commit 4cf399ca38587a6e4a3e85b494cd9a9b4cc53378) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955294 Reviewed-by: Katie Hockman <katiehockman@google.com> 2021-01-16T00:41:02Z Filippo Valsorda filippo@golang.org 2021-01-08T02:56:58Z urn:sha1:7490c2547ec57448be2c74bb91d441083edc583d This patch fixes two independent bugs in p224Contract, the function that performs the final complete reduction in the P-224 field. Incorrect outputs due to these bugs were observable from a high-level P224().ScalarMult() call. The first bug was in the calculation of out3GT. That mask was supposed to be all ones if the third limb of the value is greater than the third limb of P (out[3] > 0xffff000). Instead, it was also set if they are equal. That meant that if the third limb was equal, the value was always considered greater than or equal to P, even when the three bottom limbs were all zero. There is exactly one affected value, P - 1, which would trigger the subtraction by P even if it's lower than P already. The second bug was more easily hit, and is the one that caused the known high-level incorrect output: after the conditional subtraction by P, a potential underflow of the lowest limb was not handled. Any values that trigger the subtraction by P (values between P and 2^224-1, and P - 1 due to the bug above) but have a zero lowest limb would produce invalid outputs. Those conditions apply to the intermediate representation before the subtraction, so they are hard to trace to precise inputs. This patch also adds a test suite for the P-224 field arithmetic, including a custom fuzzer that automatically explores potential edge cases by combining limb values that have various meanings in the code. contractMatchesBigInt in TestP224Contract finds the second bug in less than a second without being tailored to it, and could eventually find the first one too by combining 0, (1 << 28) - 1, and the difference of (1 << 28) and (1 << 12). The incorrect P224().ScalarMult() output was found by the elliptic-curve-differential-fuzzer project running on OSS-Fuzz and reported by Philippe Antoine (Catena cyber). Fixes CVE-2021-3114 Change-Id: I50176602d544de3da854270d66a293bcaca57ad7 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/947792 Reviewed-by: Katie Hockman <katiehockman@google.com> (cherry picked from commit 5fa534e9c7eaeaf875e53b98eac9342b0855b283) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/955313 2020-12-03T17:27:26Z Carlos Amedee carlos@golang.org 2020-12-03T16:09:42Z urn:sha1:6eed7d361d276b69a1cfdeeb7690237a6385b073 Change-Id: Ifdfd9cd7edb8c3afd785cf75e818e3d301cd8dae Reviewed-on: https://go-review.googlesource.com/c/go/+/275133 Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Trust: Carlos Amedee <carlos@golang.org> 2020-12-03T13:58:36Z Keith Randall khr@golang.org 2020-11-20T22:02:37Z urn:sha1:679482fc602445b9b2d37739e7b048e2d4913646 MOVLconst must have a properly sign-extended auxint constant. The bit operations in these rules don't enforce that invariant. Fixes #42755 Change-Id: I729afcad18752d9b7739e49709020e3be7b3653e Reviewed-on: https://go-review.googlesource.com/c/go/+/272030 Trust: Keith Randall <khr@golang.org> Run-TryBot: Keith Randall <khr@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: David Chase <drchase@google.com> 2020-11-20T20:38:22Z Ian Lance Taylor iant@golang.org 2020-10-27T23:09:40Z urn:sha1:9e27a089d644950cba52108f6634badc5880c6e0 Otherwise, if a signal occurs just after we allocated the M, we can deadlock if the signal handler needs to allocate an M itself. For #42207 Fixes #42635 Change-Id: I76f44547f419e8b1c14cbf49bf602c6e645d8c14 Reviewed-on: https://go-review.googlesource.com/c/go/+/265759 Trust: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Bryan C. Mills <bcmills@google.com> (cherry picked from commit 368c40116434532dc0b53b72fa04788ca6742898) Reviewed-on: https://go-review.googlesource.com/c/go/+/271848