go, branch go1.19.12

[release-branch.go1.19] go1.19.12

2023-08-01T20:11:51Z

Change-Id: Id84d0d837b59d52e0c93560f0c31dc7226cad912 Reviewed-on: https://go-review.googlesource.com/c/go/+/514937 Reviewed-by: Matthew Dempsky Reviewed-by: Heschi Kreinick TryBot-Result: Gopher Robot Auto-Submit: Gopher Robot Run-TryBot: Gopher Robot

[release-branch.go1.19] crypto/tls: restrict RSA keys in certificates to <= 8192 bits

2023-08-01T19:03:41Z

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Thanks to Mateusz Poliwczak for reporting this issue. Updates #61460 Fixes #61579 Fixes CVE-2023-29409 Change-Id: Ie35038515a649199a36a12fc2c5df3af855dca6c Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1912161 Reviewed-by: Damien Neil Reviewed-by: Tatiana Bradley Run-TryBot: Roland Shoemaker (cherry picked from commit d865c715d92887361e4bd5596e19e513f27781b7) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1965487 Reviewed-on: https://go-review.googlesource.com/c/go/+/514915 Run-TryBot: David Chase Reviewed-by: Matthew Dempsky TryBot-Bypass: David Chase

[release-branch.go1.19] cmd/asm, cmd/internal/obj: generate proper atomic ops for riscv64

2023-07-26T17:14:06Z

Go's memory model closely follows the approach C++ concurrency memory model (https://go.dev/ref/mem) and Go atomic "has the same semantics as C++'s sequentially consistent atomics". Meanwhile according to RISCV manual A.6 "Mappings from C/C++ primitives to RISC-V primitives". C/C++ atomic operations (memory_order_acq_rel) should be map to "amo.{w|d}.aqrl" LR/SC (memory_order_acq_rel) should map to "lr.{w|d}.aq; ; sc.{w|d}.rl" goos: linux goarch: riscv64 pkg: runtime/internal/atomic │ atomic.old.bench │ atomic.new.bench │ │ sec/op │ sec/op vs base │ AtomicLoad64-4 4.216n ± 1% 4.202n ± 0% ~ (p=0.127 n=10) AtomicStore64-4 5.040n ± 0% 6.718n ± 0% +33.30% (p=0.000 n=10) AtomicLoad-4 4.217n ± 0% 4.213n ± 0% ~ (p=0.145 n=10) AtomicStore-4 5.040n ± 0% 6.718n ± 0% +33.30% (p=0.000 n=10) And8-4 9.237n ± 0% 9.240n ± 0% ~ (p=0.582 n=10) And-4 5.878n ± 0% 6.719n ± 0% +14.31% (p=0.000 n=10) And8Parallel-4 28.44n ± 0% 28.46n ± 0% +0.07% (p=0.000 n=10) AndParallel-4 28.40n ± 0% 28.43n ± 0% +0.11% (p=0.000 n=10) Or8-4 8.399n ± 0% 8.398n ± 0% ~ (p=0.357 n=10) Or-4 5.879n ± 0% 6.718n ± 0% +14.27% (p=0.000 n=10) Or8Parallel-4 28.43n ± 0% 28.45n ± 0% +0.09% (p=0.000 n=10) OrParallel-4 28.40n ± 0% 28.43n ± 0% +0.11% (p=0.000 n=10) Xadd-4 30.05n ± 0% 30.10n ± 0% +0.18% (p=0.000 n=10) Xadd64-4 30.05n ± 0% 30.09n ± 0% +0.12% (p=0.000 n=10) Cas-4 60.48n ± 0% 61.13n ± 0% +1.08% (p=0.000 n=10) Cas64-4 62.28n ± 0% 62.34n ± 0% ~ (p=0.810 n=10) Xchg-4 30.05n ± 0% 30.09n ± 0% +0.15% (p=0.000 n=10) Xchg64-4 30.05n ± 0% 30.09n ± 0% +0.13% (p=0.000 n=10) geomean 15.42n 16.17n +4.89% Fixes #61470 Change-Id: I97b5325db50467eeec36fb079bded7b09a32330f Reviewed-on: https://go-review.googlesource.com/c/go/+/508715 Reviewed-by: Austin Clements Reviewed-by: Joel Sing Run-TryBot: M Zhuo Reviewed-by: Cherry Mui Reviewed-by: Bryan Mills TryBot-Result: Gopher Robot (cherry picked from commit 890b96f7abd8ba5b2243959d9b49c212a0fc4d78) Reviewed-on: https://go-review.googlesource.com/c/go/+/511495 Reviewed-by: M Zhuo Run-TryBot: Matthew Dempsky TryBot-Bypass: Matthew Dempsky Auto-Submit: Matthew Dempsky Reviewed-by: Matthew Dempsky

[release-branch.go1.19] net: tolerate permission errors in interface tests

2023-07-19T20:51:43Z

On our linux-arm64 builders, we're getting permission errors despite running as root. Detect those errors and skip the test. For #61414. Fixes #61448. Change-Id: I5d7c45789337bee3860b19335bbb9eb884c48986 Reviewed-on: https://go-review.googlesource.com/c/go/+/510737 Auto-Submit: Heschi Kreinick Run-TryBot: Heschi Kreinick Reviewed-by: Ian Lance Taylor TryBot-Result: Gopher Robot (cherry picked from commit 8e1ec1cb9385414a7d6b664d8ace6bc9468cc500) Reviewed-on: https://go-review.googlesource.com/c/go/+/511097 Reviewed-by: Dmitri Shuralyov TryBot-Bypass: Heschi Kreinick Reviewed-by: Dmitri Shuralyov

[release-branch.go1.19] cmd/compile: on PPC64, fix sign/zero extension when masking

2023-07-19T19:11:01Z

This backport required manual cleanup as go1.20 combined the ANDCCconst and ANDconst opcodes into one. Similarly, CL 456736 introduced a suble bug by using (Select1 (ANDCCconst ...)). This usually worked because the same rule quietly changes the type of the newly created ANDCCconst to a tuple. This change exposed the bug, so fix it too. (ANDconst [y] (MOV.*reg x)) should only be merged when zero extending. Otherwise, sign bits are lost on negative values. (ANDconst [0xFF] (MOVBreg x)) should be simplified to a zero extension of x. Likewise for the MOVHreg variant. Fixes #61319 Change-Id: I04e4fd7dc6a826e870681f37506620d48393698b Reviewed-on: https://go-review.googlesource.com/c/go/+/508775 TryBot-Result: Gopher Robot Run-TryBot: Paul Murphy Reviewed-by: Bryan Mills Reviewed-by: Cherry Mui Reviewed-on: https://go-review.googlesource.com/c/go/+/509018 Auto-Submit: Heschi Kreinick TryBot-Bypass: Heschi Kreinick

[release-branch.go1.19] go1.19.11

2023-07-11T16:38:32Z

Change-Id: Ic6685cba7c4cf96dfc0c837df90002f557e9e86a Reviewed-on: https://go-review.googlesource.com/c/go/+/508837 TryBot-Result: Gopher Robot Run-TryBot: Gopher Robot Reviewed-by: Cherry Mui Reviewed-by: Heschi Kreinick Auto-Submit: Gopher Robot

[release-branch.go1.19] net/http: validate Host header before sending

2023-07-06T19:41:20Z

Verify that the Host header we send is valid. Avoids surprising behavior such as a Host of "go.dev\r\nX-Evil:oops" adding an X-Evil header to HTTP/1 requests. Add a test, skip the test for HTTP/2. HTTP/2 is not vulnerable to header injection in the way HTTP/1 is, but x/net/http2 doesn't validate the header and will go into a retry loop when the server rejects it. CL 506995 adds the necessary validation to x/net/http2. Updates #60374 Fixes #61075 For CVE-2023-29406 Change-Id: I05cb6866a9bead043101954dfded199258c6dd04 Reviewed-on: https://go-review.googlesource.com/c/go/+/506996 Reviewed-by: Tatiana Bradley TryBot-Result: Gopher Robot Run-TryBot: Damien Neil (cherry picked from commit 499458f7ca04087958987a33c2703c3ef03e27e2) Reviewed-on: https://go-review.googlesource.com/c/go/+/507358 Run-TryBot: Tatiana Bradley Reviewed-by: Roland Shoemaker

[release-branch.go1.19] runtime: set raceignore to zero when starting a new goroutine

2023-06-29T15:53:25Z

When reusing a g struct the runtime did not reset g.raceignore. Initialize raceignore to zero when initially setting racectx. A goroutine can end with a non-zero raceignore if it exits after calling runtime.RaceDisable without a matching runtime.RaceEnable. If that goroutine's g is later reused the race detector is in a weird state: the underlying g.racectx is active, yet g.raceignore is non-zero, and raceacquire/racerelease which check g.raceignore become no-ops. This causes the race detector to report races when there are none. For #60934 Fixes #60948 Change-Id: Ib8e412f11badbaf69a480f03740da70891f4093f Reviewed-on: https://go-review.googlesource.com/c/go/+/505055 Reviewed-by: Dmitri Shuralyov Reviewed-by: Michael Knyszek TryBot-Result: Gopher Robot Run-TryBot: Michael Knyszek (cherry picked from commit 48dbb6227acf3ebc8ac21924567aa2b6d5064915) Reviewed-on: https://go-review.googlesource.com/c/go/+/505675 Reviewed-by: Keith Randall Reviewed-by: Keith Randall TryBot-Bypass: Carlos Amedee

[release-branch.go1.19] runtime: allow for 5 more threads in TestWindowsStackMemory*

2023-06-28T20:54:33Z

Original version of TestWindowsStackMemory did not consider sysmon and other threads running during the test. Allow for 5 extra threads in this test - this should cover any new threads in the future. For #58570 Fixes #61054 Change-Id: I215790f9b94ff40a32ddd7aa54af715d1dc391c6 Reviewed-on: https://go-review.googlesource.com/c/go/+/473415 Reviewed-by: Michael Pratt Run-TryBot: Alex Brainman TryBot-Result: Gopher Robot Reviewed-by: Cherry Mui (cherry picked from commit f6cbc1da05da141a78ee33954b52d17642c95130) Reviewed-on: https://go-review.googlesource.com/c/go/+/506975 Run-TryBot: Michael Knyszek Auto-Submit: Michael Knyszek (cherry picked from commit 08a58dd8b6337c9bac93face4c386a918a3dd97b) Reviewed-on: https://go-review.googlesource.com/c/go/+/506976 Reviewed-by: Dmitri Shuralyov

[release-branch.go1.19] cmd/go: skip TestScript/gccgo_link_ldflags on aix/ppc64

2023-06-24T02:35:33Z

The gccgo on the builder is not updated to support runtime/cgo For #60306. For #60513. Change-Id: If0fb1ccdf589cc9741f6a065bacfa4f06e64ec15 Reviewed-on: https://go-review.googlesource.com/c/go/+/501435 Reviewed-by: Ian Lance Taylor TryBot-Result: Gopher Robot Run-TryBot: Cuong Manh Le Reviewed-by: Benny Siegert Auto-Submit: Cuong Manh Le (cherry picked from commit 688d75b14fd7646d66c18825f22f0a67e9fafd9e) Reviewed-on: https://go-review.googlesource.com/c/go/+/505596 Auto-Submit: Dmitri Shuralyov Reviewed-by: Than McIntosh Reviewed-by: Dmitri Shuralyov Run-TryBot: Dmitri Shuralyov