go, branch go1.19.13

[release-branch.go1.19] go1.19.13

2023-09-06T15:37:56Z

Change-Id: I2536f540cb7271f1edfcfb3a126e62ebf0c24261 Reviewed-on: https://go-review.googlesource.com/c/go/+/526138 Reviewed-by: Dmitri Shuralyov Reviewed-by: Cherry Mui Run-TryBot: Cherry Mui TryBot-Result: Gopher Robot

[release-branch.go1.19] crypto/tls: add GODEBUG to control max RSA key size

2023-08-16T17:14:51Z

Add a new GODEBUG setting, tlsmaxrsasize, which allows controlling the maximum RSA key size we will accept during TLS handshakes. Fixes #61968 Change-Id: I52f060be132014d219f4cd438f59990011a35c96 Reviewed-on: https://go-review.googlesource.com/c/go/+/517495 Auto-Submit: Roland Shoemaker Reviewed-by: Russ Cox Run-TryBot: Roland Shoemaker TryBot-Result: Gopher Robot Reviewed-on: https://go-review.googlesource.com/c/go/+/518536 Auto-Submit: Dmitri Shuralyov

[release-branch.go1.19] net/http: permit requests with invalid Host headers

2023-08-14T21:56:59Z

Historically, the Transport has silently truncated invalid Host headers at the first '/' or ' ' character. CL 506996 changed this behavior to reject invalid Host headers entirely. Unfortunately, Docker appears to rely on the previous behavior. When sending a HTTP/1 request with an invalid Host, send an empty Host header. This is safer than truncation: If you care about the Host, then you should get the one you set; if you don't care, then an empty Host should be fine. Continue to fully validate Host headers sent to a proxy, since proxies generally can't productively forward requests without a Host. For #60374 Fixes #61431 Fixes #61825 Change-Id: If170c7dd860aa20eb58fe32990fc93af832742b6 Reviewed-on: https://go-review.googlesource.com/c/go/+/511155 TryBot-Result: Gopher Robot Reviewed-by: Roland Shoemaker Run-TryBot: Damien Neil (cherry picked from commit b9153f6ef338baee5fe02a867c8fbc83a8b29dd1) Reviewed-on: https://go-review.googlesource.com/c/go/+/518855 Auto-Submit: Dmitri Shuralyov Run-TryBot: Roland Shoemaker Reviewed-by: Russ Cox

[release-branch.go1.19] cmd/go: refuse to build Go 1.22 code

2023-08-11T18:34:00Z

With #60078 accepted, we expect Go 1.22 will have different for loop semantics than Go 1.19 did. Go 1.19 is already unsupported, but add a check anyway, just to help catch some mistakes and usage of old Go toolchains beyond their end-of-support. Note that Go 1.19 can keep being used indefinitely with pre-Go 1.22 code. This change only makes it refuse to build code that says it needs Go 1.22 semantics, because Go 1.19 does not provide those. Cherry-pick of the change from the Go 1.20 branch. For #60078. Change-Id: I75118d6fbd0cc08a6bc309aca54c389a255ba7dc Reviewed-on: https://go-review.googlesource.com/c/go/+/518675 Reviewed-by: Bryan Mills Run-TryBot: Russ Cox TryBot-Result: Gopher Robot Reviewed-on: https://go-review.googlesource.com/c/go/+/518815 Auto-Submit: Russ Cox TryBot-Bypass: Russ Cox

[release-branch.go1.19] go1.19.12

2023-08-01T20:11:51Z

Change-Id: Id84d0d837b59d52e0c93560f0c31dc7226cad912 Reviewed-on: https://go-review.googlesource.com/c/go/+/514937 Reviewed-by: Matthew Dempsky Reviewed-by: Heschi Kreinick TryBot-Result: Gopher Robot Auto-Submit: Gopher Robot Run-TryBot: Gopher Robot

[release-branch.go1.19] crypto/tls: restrict RSA keys in certificates to <= 8192 bits

2023-08-01T19:03:41Z

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Thanks to Mateusz Poliwczak for reporting this issue. Updates #61460 Fixes #61579 Fixes CVE-2023-29409 Change-Id: Ie35038515a649199a36a12fc2c5df3af855dca6c Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1912161 Reviewed-by: Damien Neil Reviewed-by: Tatiana Bradley Run-TryBot: Roland Shoemaker (cherry picked from commit d865c715d92887361e4bd5596e19e513f27781b7) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1965487 Reviewed-on: https://go-review.googlesource.com/c/go/+/514915 Run-TryBot: David Chase Reviewed-by: Matthew Dempsky TryBot-Bypass: David Chase

[release-branch.go1.19] cmd/asm, cmd/internal/obj: generate proper atomic ops for riscv64

2023-07-26T17:14:06Z

Go's memory model closely follows the approach C++ concurrency memory model (https://go.dev/ref/mem) and Go atomic "has the same semantics as C++'s sequentially consistent atomics". Meanwhile according to RISCV manual A.6 "Mappings from C/C++ primitives to RISC-V primitives". C/C++ atomic operations (memory_order_acq_rel) should be map to "amo.{w|d}.aqrl" LR/SC (memory_order_acq_rel) should map to "lr.{w|d}.aq; ; sc.{w|d}.rl" goos: linux goarch: riscv64 pkg: runtime/internal/atomic │ atomic.old.bench │ atomic.new.bench │ │ sec/op │ sec/op vs base │ AtomicLoad64-4 4.216n ± 1% 4.202n ± 0% ~ (p=0.127 n=10) AtomicStore64-4 5.040n ± 0% 6.718n ± 0% +33.30% (p=0.000 n=10) AtomicLoad-4 4.217n ± 0% 4.213n ± 0% ~ (p=0.145 n=10) AtomicStore-4 5.040n ± 0% 6.718n ± 0% +33.30% (p=0.000 n=10) And8-4 9.237n ± 0% 9.240n ± 0% ~ (p=0.582 n=10) And-4 5.878n ± 0% 6.719n ± 0% +14.31% (p=0.000 n=10) And8Parallel-4 28.44n ± 0% 28.46n ± 0% +0.07% (p=0.000 n=10) AndParallel-4 28.40n ± 0% 28.43n ± 0% +0.11% (p=0.000 n=10) Or8-4 8.399n ± 0% 8.398n ± 0% ~ (p=0.357 n=10) Or-4 5.879n ± 0% 6.718n ± 0% +14.27% (p=0.000 n=10) Or8Parallel-4 28.43n ± 0% 28.45n ± 0% +0.09% (p=0.000 n=10) OrParallel-4 28.40n ± 0% 28.43n ± 0% +0.11% (p=0.000 n=10) Xadd-4 30.05n ± 0% 30.10n ± 0% +0.18% (p=0.000 n=10) Xadd64-4 30.05n ± 0% 30.09n ± 0% +0.12% (p=0.000 n=10) Cas-4 60.48n ± 0% 61.13n ± 0% +1.08% (p=0.000 n=10) Cas64-4 62.28n ± 0% 62.34n ± 0% ~ (p=0.810 n=10) Xchg-4 30.05n ± 0% 30.09n ± 0% +0.15% (p=0.000 n=10) Xchg64-4 30.05n ± 0% 30.09n ± 0% +0.13% (p=0.000 n=10) geomean 15.42n 16.17n +4.89% Fixes #61470 Change-Id: I97b5325db50467eeec36fb079bded7b09a32330f Reviewed-on: https://go-review.googlesource.com/c/go/+/508715 Reviewed-by: Austin Clements Reviewed-by: Joel Sing Run-TryBot: M Zhuo Reviewed-by: Cherry Mui Reviewed-by: Bryan Mills TryBot-Result: Gopher Robot (cherry picked from commit 890b96f7abd8ba5b2243959d9b49c212a0fc4d78) Reviewed-on: https://go-review.googlesource.com/c/go/+/511495 Reviewed-by: M Zhuo Run-TryBot: Matthew Dempsky TryBot-Bypass: Matthew Dempsky Auto-Submit: Matthew Dempsky Reviewed-by: Matthew Dempsky

[release-branch.go1.19] net: tolerate permission errors in interface tests

2023-07-19T20:51:43Z

On our linux-arm64 builders, we're getting permission errors despite running as root. Detect those errors and skip the test. For #61414. Fixes #61448. Change-Id: I5d7c45789337bee3860b19335bbb9eb884c48986 Reviewed-on: https://go-review.googlesource.com/c/go/+/510737 Auto-Submit: Heschi Kreinick Run-TryBot: Heschi Kreinick Reviewed-by: Ian Lance Taylor TryBot-Result: Gopher Robot (cherry picked from commit 8e1ec1cb9385414a7d6b664d8ace6bc9468cc500) Reviewed-on: https://go-review.googlesource.com/c/go/+/511097 Reviewed-by: Dmitri Shuralyov TryBot-Bypass: Heschi Kreinick Reviewed-by: Dmitri Shuralyov

[release-branch.go1.19] cmd/compile: on PPC64, fix sign/zero extension when masking

2023-07-19T19:11:01Z

This backport required manual cleanup as go1.20 combined the ANDCCconst and ANDconst opcodes into one. Similarly, CL 456736 introduced a suble bug by using (Select1 (ANDCCconst ...)). This usually worked because the same rule quietly changes the type of the newly created ANDCCconst to a tuple. This change exposed the bug, so fix it too. (ANDconst [y] (MOV.*reg x)) should only be merged when zero extending. Otherwise, sign bits are lost on negative values. (ANDconst [0xFF] (MOVBreg x)) should be simplified to a zero extension of x. Likewise for the MOVHreg variant. Fixes #61319 Change-Id: I04e4fd7dc6a826e870681f37506620d48393698b Reviewed-on: https://go-review.googlesource.com/c/go/+/508775 TryBot-Result: Gopher Robot Run-TryBot: Paul Murphy Reviewed-by: Bryan Mills Reviewed-by: Cherry Mui Reviewed-on: https://go-review.googlesource.com/c/go/+/509018 Auto-Submit: Heschi Kreinick TryBot-Bypass: Heschi Kreinick

[release-branch.go1.19] go1.19.11

2023-07-11T16:38:32Z

Change-Id: Ic6685cba7c4cf96dfc0c837df90002f557e9e86a Reviewed-on: https://go-review.googlesource.com/c/go/+/508837 TryBot-Result: Gopher Robot Run-TryBot: Gopher Robot Reviewed-by: Cherry Mui Reviewed-by: Heschi Kreinick Auto-Submit: Gopher Robot