go, branch go1.14.9

[release-branch.go1.14] go1.14.9

2020-09-09T16:38:16Z

Change-Id: I556ecd19f81692ddbd3faf1d918e36466833f12e Reviewed-on: https://go-review.googlesource.com/c/go/+/253737 Run-TryBot: Dmitri Shuralyov Reviewed-by: Alexander Rakoczy TryBot-Result: Gobot Gobot

[release-branch.go1.14] cmd/compile, runtime: mark R12 clobbered for write barrier call on PPC64

2020-09-03T14:49:10Z

When external linking, for large binaries, the external linker may insert a trampoline for the write barrier call, which looks 0000000005a98cc8 <__long_branch_runtime.gcWriteBarrier>: 5a98cc8: 86 01 82 3d addis r12,r2,390 5a98ccc: d8 bd 8c e9 ld r12,-16936(r12) 5a98cd0: a6 03 89 7d mtctr r12 5a98cd4: 20 04 80 4e bctr It clobbers R12 (and CTR, which is never live across a call). As at compile time we don't know whether the binary is big and what link mode will be used, I think we need to mark R12 as clobbered for write barrier call. For extra safety (future-proof) we mark caller-saved register that cannot be used for function arguments, which includes R11, as potentially clobbered as well. Updates #40851. Fixes #40938. Change-Id: Iedd901c5072f1127cc59b0a48cfeb4aaec81b519 Reviewed-on: https://go-review.googlesource.com/c/go/+/248917 Run-TryBot: Cherry Zhang TryBot-Result: Gobot Gobot Reviewed-by: Austin Clements (cherry picked from commit b58d29741650c7bf10b17f455666e2727e1cdd2e) Reviewed-on: https://go-review.googlesource.com/c/go/+/249697

[release-branch.go1.14] cmd/internal/obj: stop removing NOPs from instruction stream

2020-09-03T02:31:58Z

This has already been done for s390x, ppc64. This CL is for all the other architectures. Fixes #40797 Change-Id: Idd1816e057df63022d47e99fa06617811d8c8489 Reviewed-on: https://go-review.googlesource.com/c/go/+/248684 Run-TryBot: Cherry Zhang TryBot-Result: Gobot Gobot Reviewed-by: Cherry Zhang (cherry picked from commit 46ca7b5ee2a8582736f1ddac27d8660e1104c345) Reviewed-on: https://go-review.googlesource.com/c/go/+/249443 Run-TryBot: Dmitri Shuralyov

[release-branch.go1.14] cmd/internal/obj/ppc64: don't remove NOP in assembler

2020-09-03T02:17:16Z

Previously, the assembler removed NOPs from the Prog list in obj9.go. NOPs shouldn't be removed if they were added as an inline mark, as described in the issue below. Fixes #40766 Once the NOPs were left in the Prog list, some instructions were flagged as invalid because they had an operand which was not represented in optab. In order to preserve the previous assembler behavior, entries were added to optab for those operand cases. They were not flagged as errors before because the NOP instructions were removed before the code to check the valid opcode/operand combinations. Change-Id: Iae5145f94459027cf458e914d7c5d6089807ccf8 Reviewed-on: https://go-review.googlesource.com/c/go/+/247842 Run-TryBot: Lynn Boger TryBot-Result: Gobot Gobot Reviewed-by: Paul Murphy Reviewed-by: Michael Munday Reviewed-by: Keith Randall (cherry picked from commit 7d7bd5abc7f7ac901830b79496f63ce86895e262) Reviewed-on: https://go-review.googlesource.com/c/go/+/248382 Run-TryBot: Dmitri Shuralyov

[release-branch.go1.14] net/http/fgci: skip flaky test

2020-09-02T17:41:16Z

A test introduced in the security release is flaky due to a pre-existing issue that does not qualify for backport itself. Updates #41167 Fixes #41192 Change-Id: Ie6014e0796c1baee7b077881b5a799f9947fc9c2 Reviewed-on: https://go-review.googlesource.com/c/go/+/252718 Run-TryBot: Filippo Valsorda Reviewed-by: Dmitri Shuralyov

[release-branch.go1.14] doc/go1.14: document json.Umarshal map key support of TextUnmarshaler

2020-09-02T13:39:59Z

Document that json.Unmarshal supports map keys whose underlying types implement encoding.TextUnmarshaler. Updates #38801. Fixes #38904. Change-Id: Icb9414e9067517531ba0da910bd4a2bb3daace65 Reviewed-on: https://go-review.googlesource.com/c/go/+/237857 Reviewed-by: Daniel Martí Run-TryBot: Daniel Martí TryBot-Result: Gobot Gobot (cherry picked from commit 47b450997778163dfed6f58cae379d928fc37687) Reviewed-on: https://go-review.googlesource.com/c/go/+/252617 Run-TryBot: Dmitri Shuralyov Reviewed-by: Carlos Amedee

[release-branch.go1.14] testing: treat PAUSE lines as changing the active test name

2020-09-01T19:40:54Z

We could instead fix cmd/test2json to treat PAUSE lines as *not* changing the active test name, but that seems like it would be more confusing to humans, and also wouldn't fix tools that parse output using existing builds of cmd/test2json. Fixes #40848 Updates #40657 Change-Id: I937611778f5b1e7dd1d6e9f44424d7e725a589ed Reviewed-on: https://go-review.googlesource.com/c/go/+/248727 Run-TryBot: Bryan C. Mills Reviewed-by: Jean de Klerk (cherry picked from commit cdc77d34d7770ed02d84b9193380f9646017dce6) Reviewed-on: https://go-review.googlesource.com/c/go/+/249098 TryBot-Result: Gobot Gobot

[release-branch.go1.14] all: merge release-branch.go1.14-security into release-branch.go1.14

2020-09-01T17:05:19Z

Change-Id: I52c14764e354cb9b11be6019cf8fb44930786ab8

[release-branch.go1.14-security] go1.14.8

2020-09-01T14:08:43Z

Change-Id: Ie582b6c53c6b120c56fbdd22b0c6946dd87f093b Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/835358 Reviewed-by: Filippo Valsorda

[release-branch.go1.14-security] net/http/cgi,net/http/fcgi: add Content-Type detection

2020-09-01T12:31:38Z

This CL ensures that responses served via CGI and FastCGI have a Content-Type header based on the content of the response if not explicitly set by handlers. If the implementers of the handler did not explicitly specify a Content-Type both CGI implementations would default to "text/html", potentially causing cross-site scripting. Thanks to RedTeam Pentesting GmbH for reporting this. Fixes CVE-2020-24553 Change-Id: I82cfc396309b5ab2e8d6e9a87eda8ea7e3799473 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/823217 Reviewed-by: Russ Cox (cherry picked from commit 23d675d07fdc56aafd67c0a0b63d5b7e14708ff0) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/835312 Reviewed-by: Dmitri Shuralyov