go, branch go1.16.1

[release-branch.go1.16-security] go1.16.1

2021-03-10T14:25:03Z

Change-Id: I4999d72caf9462554a2a6f1d761244cafec34718 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1014541 Reviewed-by: Katie Hockman

[release-branch.go1.16-security] archive/zip: fix panic in Reader.Open

2021-03-09T17:55:16Z

When operating on a Zip file that contains a file prefixed with "../", Open(...) would cause a panic in toValidName when attempting to strip the prefixed path components. Fixes CVE-2021-27919 Change-Id: Ic755d8126cb0897e2cbbdacf572439c38dde7b35 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1004761 Reviewed-by: Filippo Valsorda Reviewed-by: Russ Cox Reviewed-by: Katie Hockman (cherry picked from commit ce22003b26eaf8e4a690757f699aae7062d41472) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1013753 Reviewed-by: Roland Shoemaker

[release-branch.go1.16-security] encoding/xml: prevent infinite loop while decoding

2021-03-09T17:55:05Z

This change properly handles a TokenReader which returns an EOF in the middle of an open XML element. Thanks to Sam Whited for reporting this. Fixes CVE-2021-27918 Change-Id: Id02a3f3def4a1b415fa2d9a8e3b373eb6cb0f433 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1004594 Reviewed-by: Russ Cox Reviewed-by: Roland Shoemaker Reviewed-by: Filippo Valsorda (cherry picked from commit e7ce1f6746223ec7b4caa3b1ece25d9be3864710) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1014235

[release-branch.go1.16] go1.16

2021-02-16T18:08:40Z

Change-Id: I4c1350e0cb74ebfde5832973979e02997476d16c Reviewed-on: https://go-review.googlesource.com/c/go/+/292609 TryBot-Result: Go Bot Trust: Alexander Rakoczy Run-TryBot: Alexander Rakoczy Reviewed-by: Dmitri Shuralyov Reviewed-by: Carlos Amedee

[release-branch.go1.16] all: merge master into release-branch.go1.16

2021-02-16T17:10:50Z

1004a7cb31 runtime/metrics: update documentation to current interface 6530f2617f doc/go1.16: remove draft notice 353e111455 doc/go1.16: fix mismatched id attribute f0d23c9dbb internal/poll: netpollcheckerr before sendfile 0cb3415154 doc: remove all docs not tied to distribution 626ef08127 doc: remove install.html and install-source.html 30641e36aa internal/poll: if copy_file_range returns 0, assume it failed 33d72fd412 doc/faq: update generics entry to reflect accepted proposal 852ce7c212 cmd/go: provide a more helpful suggestion for "go vet -?" 66c27093d0 cmd/link: fix typo in link_test.go ff0e93ea31 doc/go1.16: note that package path elements beginning with '.' are disallowed 249da7ec02 CONTRIBUTORS: update for the Go 1.16 release 864d4f1c6b cmd/go: multiple small 'go help' fixes 26ceae85a8 spec: More precise wording in section on function calls. 930c2c9a68 cmd/go: reject embedded files that can't be packed into modules e5b08e6d5c io/fs: allow backslash in ValidPath, reject in os.DirFS.Open ed8079096f cmd/compile: mark concrete call of reflect.(*rtype).Method as REFLECTMETHOD e9c9683597 cmd/go: suppress errors from 'go get -d' for packages that only conditionally exist e0ac989cf3 archive/tar: detect out of bounds accesses in PAX records resulting from padded lengths c9d6f45fec runtime/metrics: fix a couple of documentation typpos cea4e21b52 io/fs: backslash is always a glob meta character dc725bfb3c doc/go1.16: mention new vet check for asn1.Unmarshal 1901853098 runtime/metrics: fix panic in readingAllMetric example ed3e4afa12 syscall/plan9: remove spooky fd action at a distance 724d0720b3 doc/go1.16: add missed heading tag in vet section b54cd94d47 embed, io/fs: clarify that leading and trailing slashes are disallowed 4516afebed testing/fstest: avoid symlink-induced failures in tester 8869086d8f runtime: fix typo in histogram.go e491c6eea9 math/big: fix comment in divRecursiveStep fca94ab3ab spec: improve the example in Type assertions section 98f8454a73 cmd/link: don't decode type symbol in shared library in deadcode 1426a571b7 cmd/link: fix off-by-1 error in findShlibSection 32e789f4fb test: fix incorrectly laid out instructions in issue11656.go 0b6cfea634 doc/go1.16: document that on OpenBSD syscalls are now made through libc 26e29aa15a cmd/link: disable TestPIESize if CGO isn't enabled 6ac91e460c doc/go1.16: minor markup fixes 44361140c0 embed: update docs for proposal tweaks 68058edc39 runtime: document pointer write atomicity for memclrNoHeapPointers c8bd8010ff syscall: generate readlen/writelen for openbsd libc 41bb49b878 cmd/go: revert TestScript/build_trimpath to use ioutil.ReadFile 725a642c2d runtime: correct syscall10/syscall10X on openbsd/amd64 4b068cafb5 doc/go1.16: document go/build/constraint package 376518d77f runtime,syscall: convert syscall on openbsd/arm64 to libc Change-Id: Icfe3d849f459eda48d7d786d0cd7b082c9c2c325

runtime/metrics: update documentation to current interface

2021-02-16T16:26:30Z

The package documentation referenced sample metadata that was removed in CL 282632. Update this documentation to be less specific about what metadata is available. Additionally, the documentation on the Sample type referred to Descriptions instead of All as the source of metrics names. Fixes #44280. Change-Id: I24fc63a744bf498cb4cd5bda56c1599f6dd75929 Reviewed-on: https://go-review.googlesource.com/c/go/+/292309 Reviewed-by: Michael Knyszek Trust: Michael Knyszek Trust: Dmitri Shuralyov Run-TryBot: Michael Knyszek TryBot-Result: Go Bot

doc/go1.16: remove draft notice

2021-02-16T16:26:11Z

Fixes #40700. Change-Id: I99ed479d1bb3cdf469c0209720c728276182a7a9 Reviewed-on: https://go-review.googlesource.com/c/go/+/291809 Reviewed-by: Alexander Rakoczy Reviewed-by: Carlos Amedee Trust: Alexander Rakoczy Run-TryBot: Alexander Rakoczy TryBot-Result: Go Bot

doc/go1.16: fix mismatched id attribute

2021-02-16T15:56:38Z

For #40700. Change-Id: I186a21899404bfb79c08bfa8623caf9da74b6b0d GitHub-Last-Rev: 25d240db3c0e2a923720bb9667ef0599ec06819e GitHub-Pull-Request: golang/go#44145 Reviewed-on: https://go-review.googlesource.com/c/go/+/290329 Trust: Ian Lance Taylor Reviewed-by: Dmitri Shuralyov

internal/poll: netpollcheckerr before sendfile

2021-02-16T11:01:41Z

In net/http package, the ServeContent/ServeFile doesn't check the I/O timeout error from chunkWriter or *net.TCPConn, which means that both HTTP status and headers might be missing when WriteTimeout happens. If the poll.SendFile() doesn't check the *poll.FD state before sending data, the client will only receive the response body with status and report "malformed http response/status code". This patch is to enable netpollcheckerr before sendfile, which should align with normal *poll.FD.Write() and Splice(). Fixes #43822 Change-Id: I32517e3f261bab883a58b577b813ef189214b954 Reviewed-on: https://go-review.googlesource.com/c/go/+/285914 Reviewed-by: Emmanuel Odeke Trust: Emmanuel Odeke Trust: Bryan C. Mills Run-TryBot: Emmanuel Odeke

doc: remove all docs not tied to distribution

2021-02-16T02:07:02Z

They have moved to x/website in CL 291693. The docs that are left are the ones that are edited at the same time as development in this repository and are tied to the specific version of Go being developed. Those are: - the language spec - the memory model - the assembler manual - the current release's release notes Change-Id: I437c4d33ada1b1716b1919c3c939c2cacf407e83 Reviewed-on: https://go-review.googlesource.com/c/go/+/291711 Trust: Russ Cox Trust: Dmitri Shuralyov Reviewed-by: Dmitri Shuralyov