go, branch go1.19.10

[release-branch.go1.19] go1.19.10

2023-06-06T17:46:04Z

Change-Id: I2005c04787ac85f4ec62eb9a9c21d8ebc9018199 Reviewed-on: https://go-review.googlesource.com/c/go/+/501237 Run-TryBot: Gopher Robot Auto-Submit: Gopher Robot Reviewed-by: David Chase Reviewed-by: Michael Knyszek TryBot-Bypass: David Chase

[release-branch.go1.19] cmd/go: disallow package directories containing newlines

2023-06-06T17:11:13Z

Directory or file paths containing newlines may cause tools (such as cmd/cgo) that emit "//line" or "#line" -directives to write part of the path into non-comment lines in generated source code. If those lines contain valid Go code, it may be injected into the resulting binary. (Note that Go import paths and file paths within module zip files already could not contain newlines.) Thanks to Juho Nurminen of Mattermost for reporting this issue. Updates #60167. Fixes #60515. Fixes CVE-2023-29402. Change-Id: If55d0400c02beb7a5da5eceac60f1abeac99f064 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1882606 Reviewed-by: Roland Shoemaker Run-TryBot: Roland Shoemaker Reviewed-by: Russ Cox Reviewed-by: Damien Neil (cherry picked from commit 41f9046495564fc728d6f98384ab7276450ac7e2) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1902229 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1904343 Reviewed-by: Michael Knyszek Reviewed-by: Bryan Mills Reviewed-on: https://go-review.googlesource.com/c/go/+/501218 Run-TryBot: David Chase Auto-Submit: Michael Knyszek TryBot-Result: Gopher Robot

[release-branch.go1.19] cmd/go: enforce flags with non-optional arguments

2023-06-06T17:11:12Z

Enforce that linker flags which expect arguments get them, otherwise it may be possible to smuggle unexpected flags through as the linker can consume what looks like a flag as an argument to a preceding flag (i.e. "-Wl,-O -Wl,-R,-bad-flag" is interpreted as "-O=-R -bad-flag"). Also be somewhat more restrictive in the general format of some flags. Thanks to Juho Nurminen of Mattermost for reporting this issue. Updates #60305 Fixes #60511 Fixes CVE-2023-29404 Change-Id: Icdffef2c0f644da50261cace6f43742783931cff Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1876275 Reviewed-by: Ian Lance Taylor Reviewed-by: Damien Neil (cherry picked from commit 896779503cf754cbdac24b61d4cc953b50fe2dde) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1902225 Run-TryBot: Roland Shoemaker Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1904342 Reviewed-by: Michael Knyszek Reviewed-on: https://go-review.googlesource.com/c/go/+/501217 Auto-Submit: Michael Knyszek Run-TryBot: David Chase TryBot-Bypass: Michael Knyszek

[release-branch.go1.19] cmd/go,cmd/cgo: in _cgo_flags use one line per flag

2023-06-06T17:11:10Z

The flags that we recorded in _cgo_flags did not use any quoting, so a flag containing embedded spaces was mishandled. Change the _cgo_flags format to put each flag on a separate line. That is a simple format that does not require any quoting. As far as I can tell only cmd/go uses _cgo_flags, and it is only used for gccgo. If this patch doesn't cause any trouble, then in the next release we can change to only using _cgo_flags for gccgo. Thanks to Juho Nurminen of Mattermost for reporting this issue. Updates #60306 Fixes #60513 Fixes CVE-2023-29405 Change-Id: Id738a737ecae47babb34c4b4fc4d65336cf0c0f3 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1875094 Reviewed-by: Damien Neil Reviewed-by: Roland Shoemaker (cherry picked from commit bcdfcadd5612212089d958bc352a6f6c90742dcc) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1902227 Run-TryBot: Roland Shoemaker Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1904341 Reviewed-by: Michael Knyszek Reviewed-on: https://go-review.googlesource.com/c/go/+/501216 Auto-Submit: Michael Knyszek Run-TryBot: David Chase TryBot-Bypass: David Chase

[release-branch.go1.19] runtime: implement SUID/SGID protections

2023-06-06T16:57:53Z

On Unix platforms, the runtime previously did nothing special when a program was run with either the SUID or SGID bits set. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. Taking cues from glibc, this change implements a set of protections when a binary is run with SUID or SGID bits set (or is SUID/SGID-like). On Linux, whether to enable these protections is determined by whether the AT_SECURE flag is passed in the auxiliary vector. On platforms which have the issetugid syscall (the BSDs, darwin, and Solaris/Illumos), that is used. On the remaining platforms (currently only AIX) we check !(getuid() == geteuid() && getgid == getegid()). Currently when we determine a binary is "tainted" (using the glibc terminology), we implement two specific protections: 1. we check if the file descriptors 0, 1, and 2 are open, and if they are not, we open them, pointing at /dev/null (or fail). 2. we force GOTRACKBACK=none, and generally prevent dumping of trackbacks and registers when a program panics/aborts. In the future we may add additional protections. This change requires implementing issetugid on the platforms which support it, and implementing getuid, geteuid, getgid, and getegid on AIX. Thanks to Vincent Dehors from Synacktiv for reporting this issue. Updates #60272 Fixes #60517 Fixes CVE-2023-29403 Change-Id: I057fa7153d29cf26515e7f49fed86e4f8bedd0f0 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1878434 Reviewed-by: Damien Neil Reviewed-by: Ian Lance Taylor Run-TryBot: Roland Shoemaker Reviewed-by: Russ Cox (cherry picked from commit 87065663ea6d89cd54f65a515d8f2ed0ef285c19) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1902231 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1904340 Reviewed-by: Michael Knyszek Reviewed-on: https://go-review.googlesource.com/c/go/+/501228 Auto-Submit: Michael Knyszek TryBot-Result: Gopher Robot Run-TryBot: David Chase

[release-branch.go1.19] cmd/go/internal: update documentation of go test and go generate

2023-05-30T18:12:41Z

For #57050. Fixes #60457. Change-Id: I46cac667ff78ac171c878f4366f8f01f58f1d27d GitHub-Last-Rev: 697c255ece18cd4772b76d62991474a7da2536d8 GitHub-Pull-Request: golang/go#57814 Reviewed-on: https://go-review.googlesource.com/c/go/+/461683 TryBot-Result: Gopher Robot Reviewed-by: Dmitri Shuralyov Run-TryBot: Dmitri Shuralyov Auto-Submit: Dmitri Shuralyov Reviewed-by: Bryan Mills (cherry picked from commit 93d9035c9e8b129578d3a177fd90eb308e44a597) Reviewed-on: https://go-review.googlesource.com/c/go/+/499295 Run-TryBot: Dmitri Shuralyov Auto-Submit: Dmitri Shuralyov

[release-branch.go1.19] cmd/go: save checksums for go.mod files needed for go version lines

2023-05-30T16:25:21Z

When we load a package from a module, we need the go version line from that module's go.mod file to know what language semantics to use for the package. We need to save a checksum for the go.mod file even if the module's requirements are pruned out of the module graph. Previously, we were missing checksums for test dependencies of packages in 'all' and packages passed to 'go get -t'. This change preserves the existing bug for 'go mod tidy', but fixes it for 'go get -t' and flags the missing checksum with a clearer error in other cases. Fixes #60000. Updates #56222. Change-Id: Icd6acce348907621ae0b02dbeac04fb180353dcf (cherry picked from CL 489075 and CL 492741) Reviewed-on: https://go-review.googlesource.com/c/go/+/492983 Reviewed-by: Michael Matloob TryBot-Result: Gopher Robot Run-TryBot: Bryan Mills TryBot-Bypass: Bryan Mills

[release-branch.go1.19] runtime: change fcntl to return two values

2023-05-22T21:48:42Z

Separate the result and the errno value, rather than assuming that the result can never be negative. Change-Id: Ib01a70a3d46285aa77e95371cdde74e1504e7c12 Reviewed-on: https://go-review.googlesource.com/c/go/+/496416 Run-TryBot: Ian Lance Taylor Run-TryBot: Ian Lance Taylor TryBot-Result: Gopher Robot Reviewed-by: Ian Lance Taylor Reviewed-by: Bryan Mills Auto-Submit: Ian Lance Taylor Reviewed-on: https://go-review.googlesource.com/c/go/+/497136 Run-TryBot: Roland Shoemaker Auto-Submit: Heschi Kreinick

[release-branch.go1.19] runtime: consistently define fcntl

2023-05-22T21:48:40Z

Clean up and consolidate on a single consistent definition of fcntl, which takes three int32 arguments and returns either a positive result or a negative errno value. Change-Id: Id9505492712db4b0aab469c6bd15e4fce3c9ff6e Reviewed-on: https://go-review.googlesource.com/c/go/+/495075 Run-TryBot: Ian Lance Taylor Reviewed-by: Ian Lance Taylor TryBot-Result: Gopher Robot Auto-Submit: Ian Lance Taylor Run-TryBot: Ian Lance Taylor Reviewed-by: Tobias Klauser Reviewed-by: Michael Pratt Reviewed-on: https://go-review.googlesource.com/c/go/+/497135 Auto-Submit: Heschi Kreinick Run-TryBot: Roland Shoemaker

[release-branch.go1.19] cmd/compile: fix bswap/load rewrite rules

2023-05-11T14:15:56Z

When combining a byteswap and a load, the resulting combined op must go in the load's block, not the byteswap's block, as the load has a memory argument that might only be valid in its original block. Fixes #59974 Change-Id: Icd84863ef3a9ca1fc22f2bb794a003f2808c746f Reviewed-on: https://go-review.googlesource.com/c/go/+/492616 Run-TryBot: Keith Randall TryBot-Result: Gopher Robot Reviewed-by: Cherry Mui Reviewed-by: Wayne Zuo Reviewed-by: Keith Randall Reviewed-on: https://go-review.googlesource.com/c/go/+/492697 TryBot-Bypass: Cherry Mui Run-TryBot: Cherry Mui