go, branch go1.15.9

[release-branch.go1.15-security] go1.15.9

2021-03-10T14:24:59Z

Change-Id: I99864b29d3bcbd07f3d8116d5997407152f1d462 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1014540 Reviewed-by: Katie Hockman

[release-branch.go1.15-security] encoding/xml: prevent infinite loop while decoding

2021-03-09T17:43:02Z

This change properly handles a TokenReader which returns an EOF in the middle of an open XML element. Thanks to Sam Whited for reporting this. Fixes CVE-2021-27918 Change-Id: Id02a3f3def4a1b415fa2d9a8e3b373eb6cb0f433 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1004594 Reviewed-by: Russ Cox Reviewed-by: Roland Shoemaker Reviewed-by: Filippo Valsorda (cherry picked from commit e7ce1f6746223ec7b4caa3b1ece25d9be3864710) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1014236

[release-branch.go1.15] go1.15.8

2021-02-04T20:42:57Z

Change-Id: Ic8824cabbc8ae62360e0cda4b7c5604db7d405f3 Reviewed-on: https://go-review.googlesource.com/c/go/+/289694 Run-TryBot: Carlos Amedee TryBot-Result: Go Bot Reviewed-by: Alexander Rakoczy Trust: Alexander Rakoczy Trust: Carlos Amedee

[release-branch.go1.15] runtime/cgo: fix Android build with NDK 22

2021-02-04T14:27:44Z

Fixes #43406 Change-Id: I7d2b70098a4ba4dcb325fb0be076043789b86135 Reviewed-on: https://go-review.googlesource.com/c/go/+/280312 Run-TryBot: Elias Naur TryBot-Result: Go Bot Reviewed-by: Ian Lance Taylor Trust: Elias Naur (cherry picked from commit 1d78139128d6d839d7da0aeb10b3e51b6c7c0749) Reviewed-on: https://go-review.googlesource.com/c/go/+/289149

[release-branch.go1.15] runtime: don't adjust timer pp field in timerWaiting status

2021-02-03T00:02:46Z

Before this CL, the following sequence was possible: * GC scavenger starts and sets up scavenge.timer * GC calls readyForScavenger, but sysmon is sleeping * program calls runtime.GOMAXPROCS to shrink number of processors * procresize destroys a P, the one that scavenge.timer is on * (*pp).destroy calls moveTimers, which gets to the scavenger timer * scavenger timer is timerWaiting, and moveTimers clears t.pp * sysmon wakes up and calls wakeScavenger * wakeScavengers calls stopTimer on scavenger.timer, still timerWaiting * stopTimer calls deltimer which loads t.pp, which is still nil * stopTimer tries to increment deletedTimers on nil t.pp, and crashes The point of vulnerability is the time that t.pp is set to nil by moveTimers and the time that t.pp is set to non-nil by moveTimers, which is a few instructions at most. So it's not likely and in particular is quite unlikely on x86. But with a more relaxed memory model the area of vulnerability can be somewhat larger. This appears to tbe the cause of two builder failures in a few months on linux-mips. This CL fixes the problem by making moveTimers change the status from timerWaiting to timerMoving while t.pp is clear. That will cause deltimer to wait until the status is back to timerWaiting, at which point t.pp has been set again. For #43712 Fixes #43833 Change-Id: I66838319ecfbf15be66c1fac88d9bd40e2295852 Reviewed-on: https://go-review.googlesource.com/c/go/+/284775 Trust: Ian Lance Taylor Reviewed-by: Michael Knyszek Reviewed-by: Michael Pratt (cherry picked from commit d2d155d1ae8c704a37f42fd3ebb1f3846f78e4d4) Reviewed-on: https://go-review.googlesource.com/c/go/+/287092 Run-TryBot: Carlos Amedee

[release-branch.go1.15] cmd/internal/goobj2: fix buglet in object file reader

2021-02-02T22:36:08Z

The code in the Go object file reader was casting a pointer to mmaped memory into a large array prior to performing a read of the relocations section: return (*[1<<20]Reloc)(unsafe.Pointer(&r.b[off]))[:n:n] For very large object files, this artificial array isn't large enough (that is, there are more than 1048576 relocs to read), so update the code to use a larger artifical array size. Fixes #43214. Updates #41621. Change-Id: Ic047c8aef4f8a3839f2e7e3594bce652ebd6bd5b Reviewed-on: https://go-review.googlesource.com/c/go/+/278492 Run-TryBot: Than McIntosh TryBot-Result: Go Bot Reviewed-by: Cherry Zhang Reviewed-by: Jeremy Faller Trust: Than McIntosh (cherry picked from commit f4e7a6b905ce60448e506a3f6578d01b60602cdd) Reviewed-on: https://go-review.googlesource.com/c/go/+/278673

[release-branch.go1.15] cmd/link/internal/ld/pe: fix segfault adding resource section

2021-02-02T22:16:35Z

The resource symbol may have been copied to the mmap'd output buffer. If so, certain conditions can cause that mmap'd output buffer to be munmap'd before we get a chance to use it. To avoid any issues we copy the data to the heap when the resource symbol exists. Fixes #42384 Change-Id: I32ef5420802d7313a3d965b8badfbcfb9f0fba4a GitHub-Last-Rev: 7b0f43011d06083ee3e871e48a87847636f738f9 GitHub-Pull-Request: golang/go#42427 Reviewed-on: https://go-review.googlesource.com/c/go/+/268018 Run-TryBot: Carlos Amedee TryBot-Result: Go Bot Reviewed-by: Russ Cox Reviewed-by: Cherry Zhang Reviewed-by: Than McIntosh Trust: Carlos Amedee

[release-branch.go1.15] cmd/go: don't lookup the path for CC when invoking cgo

2021-02-02T17:58:14Z

Previously, if CC was a path without separators (like gcc or clang), we'd look it up in PATH in cmd/go using internal/execabs.LookPath, then pass the resolved path to cgo in CC. This caused a regression: if the directory in PATH containing CC has a space, cgo splits it and interprets it as multiple arguments. With this change, cmd/go no longer resolves CC before invoking cgo. cgo does the path lookup on each invocation. This reverts the security fix CL 284780, but that was redundant with the addition of internal/execabs (CL 955304), which still protects us. NOTE: This CL includes a related test fix from CL 286292. Fixes #43860 Change-Id: I65d91a1e303856df8653881eb6e2e75a3bf95c49 Reviewed-on: https://go-review.googlesource.com/c/go/+/285873 Trust: Jay Conrod Run-TryBot: Jay Conrod TryBot-Result: Go Bot Reviewed-by: Bryan C. Mills (cherry picked from commit a2cef9b544708ecae983ed8836ee2425a28aab68) Reviewed-on: https://go-review.googlesource.com/c/go/+/285954 Run-TryBot: Dmitri Shuralyov

[release-branch.go1.15] net/http: update bundled x/net/http2

2021-02-01T20:12:58Z

Updates bundled http2 to x/net git rev 16c2bbf55 for: http2: send a nil error if we cancel a delayed body write https://golang.org/cl/288013 http2: wait until the request body has been written https://golang.org/cl/288012 Created by: go mod edit -replace=golang.org/x/net=golang.org/x/net@release-branch.go1.15-bundle GOFLAGS='-mod=mod' go generate -run=bundle std go mod edit -dropreplace=golang.org/x/net go get -d golang.org/x/net@release-branch.go1.15 go mod tidy go mod vendor Fixes golang/go#42539 Change-Id: I299c6d4a67ebc036e45c978e4d03cba73717b363 Reviewed-on: https://go-review.googlesource.com/c/go/+/288112 Trust: Damien Neil Run-TryBot: Damien Neil Reviewed-by: Dmitri Shuralyov

[release-branch.go1.15] cmd/go: fix get_update_unknown_protocol test

2021-01-22T22:22:48Z

This test needs to run in GOPATH mode. It broke when a go.mod file was added to github.com/golang/example. This change sets GO111MODULE=off, which matches master since CL 255051. Fixes #43861 Change-Id: I9ea109a99509fac3185756a0f0d852a84c677bf5 Reviewed-on: https://go-review.googlesource.com/c/go/+/285956 Trust: Jay Conrod Run-TryBot: Jay Conrod TryBot-Result: Go Bot Reviewed-by: Bryan C. Mills