Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.22.12 2025-02-04T16:39:49Z 2025-02-04T16:39:49Z Gopher Robot gobot@golang.org 2025-02-04T16:12:15Z urn:sha1:5817e650946aaa0ac28956de96b3f9aa1de4b299 Change-Id: Ib985698fba4e6dab8dc645b115e21a9717bd122c Reviewed-on: https://go-review.googlesource.com/c/go/+/646479 Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> TryBot-Bypass: Cherry Mui <cherryyz@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org> 2025-01-31T17:38:05Z Roland Shoemaker roland@golang.org 2025-01-22T00:03:14Z urn:sha1:0cc45e7ca668b103c1055ae84402ad3f3425dd56 Remove the branching instruction from p256NegCond which made it variable time. The technique used matches that used in p256MovCond. Fixes #71383 Fixes #71422 Fixes CVE-2025-22866 Change-Id: Ibc2a46814d856cbbdaf6cc0c5a415ed5d42ca793 Reviewed-on: https://go-review.googlesource.com/c/go/+/643735 Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Paul Murphy <murp@ibm.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> (cherry picked from commit 6fc23a3cff5e38ff72923fee50f51254dcdc6e93) Reviewed-on: https://go-review.googlesource.com/c/go/+/645535 Reviewed-by: Carlos Amedee <carlos@golang.org> TryBot-Bypass: Carlos Amedee <carlos@golang.org> 2025-01-17T16:30:44Z Russ Cox rsc@golang.org 2025-01-14T04:00:14Z urn:sha1:c3c6a50095ab207e845776ddec7c28d2a1810ffe Newer git versions (at least git 2.47.1) do not send all the matching tags for a shallow fetch of a specific hash anymore. The go command assumes that git servers do this. Since that assumption is broken, use the local copy of the remote refs list to augment the tags sent by the server. This makes the cmd/go/internal/modfetch tests pass again with newer git. For #71261 Fixes #71262 Change-Id: I9fd4f3fd7beeb68a522938599f8f3acd887d0b26 Reviewed-on: https://go-review.googlesource.com/c/go/+/642437 Reviewed-by: Michael Matloob <matloob@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Russ Cox <rsc@golang.org> (cherry picked from commit bd80d8956f3062d2b2bff2d7da6b879dfa909f12) Reviewed-on: https://go-review.googlesource.com/c/go/+/642695 Reviewed-by: Russ Cox <rsc@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> 2025-01-17T15:41:15Z Keith Randall khr@golang.org 2025-01-11T01:33:26Z urn:sha1:e0a01acd041f24485667283170c10c3ee9a49d02 We can't coalesce a non-WB store with a subsequent Move, as the result of the store might be the source of the move. There's a simple codegen test. Not sure how we might do a real test, as all the repro's I've come up with are very expensive and unreliable. Fixes #71229 Change-Id: If18bf181a266b9b90964e2591cd2e61a7168371c Reviewed-on: https://go-review.googlesource.com/c/go/+/642197 Reviewed-by: Keith Randall <khr@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/642499 2025-01-16T20:07:58Z Gopher Robot gobot@golang.org 2025-01-16T19:41:48Z urn:sha1:f07288435495dccb05217b6012ecb2b7a5b521ab Change-Id: I7ab7e0219977de1fc313a684c48b78fd0219de81 Reviewed-on: https://go-review.googlesource.com/c/go/+/643156 Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-01-16T19:07:07Z Damien Neil dneil@google.com 2024-11-22T20:34:11Z urn:sha1:b72d56f98d6620ebe07626dca4bb67ea8e185379 When an HTTP redirect changes the host of a request, we drop sensitive headers such as Authorization from the redirected request. Fix a bug where a chain of redirects could result in sensitive headers being sent to the wrong host: 1. request to a.tld with Authorization header 2. a.tld redirects to b.tld 3. request to b.tld with no Authorization header 4. b.tld redirects to b.tld 3. request to b.tld with Authorization header restored Thanks to Kyle Seely for reporting this issue. Fixes #70530 For #71210 Fixes CVE-2024-45336 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1641 Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Commit-Queue: Roland Shoemaker <bracewell@google.com> Change-Id: Id7b1e3c90345566b8ee1a51f65dbb179da6eb427 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1765 Reviewed-on: https://go-review.googlesource.com/c/go/+/643106 Reviewed-by: Michael Pratt <mpratt@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Michael Knyszek <mknyszek@google.com> 2025-01-16T19:07:05Z Roland Shoemaker bracewell@google.com 2024-12-09T19:31:22Z urn:sha1:19d21034157ba69d0f54318a9867d9b08730efcb When checking URI constraints, use netip.ParseAddr, which understands zones, unlike net.ParseIP which chokes on them. This prevents zone IDs from mistakenly satisfying URI constraints. Thanks to Juho Forsén of Mattermost for reporting this issue. For #71156 Fixes #71207 Fixes CVE-2024-45341 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1700 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> Change-Id: I1d97723e0f29fcf1404fb868ba0495282da70f6e Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1780 Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/643105 TryBot-Bypass: Michael Knyszek <mknyszek@google.com> Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Michael Knyszek <mknyszek@google.com> 2025-01-08T17:58:22Z Michael Anthony Knyszek mknyszek@google.com 2024-12-23T17:21:07Z urn:sha1:ae9996f96510b105f478a426cd83cfac7b83c4e3 Currently injectglist emits all the trace events before actually calling casgstatus on each goroutine. This is a problem, since tracing can observe an inconsistent state (gstatus does not match tracer's 'emitted an event' state). This change fixes the problem by having injectglist do what every other scheduler function does, and that's wrap each call to casgstatus in traceAcquire/traceRelease. For #70883. Fixes #71146. Change-Id: I857e96cec01688013597e8efc0c4c3d0b72d3a70 Reviewed-on: https://go-review.googlesource.com/c/go/+/638558 Reviewed-by: Michael Pratt <mpratt@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> (cherry picked from commit f025d19e7b3f0c66242760c213cc2b54cb100f69) Reviewed-on: https://go-review.googlesource.com/c/go/+/641356 Auto-Submit: Michael Pratt <mpratt@google.com> 2025-01-08T17:33:51Z Filippo Valsorda filippo@golang.org 2025-01-02T00:34:40Z urn:sha1:223260bc63bfc1a3120face5bbc49285f6c32357 Updates #71077 Fixes #71103 Change-Id: I6a6a465685f3bd50a5bb35a160f87b59b74fa6af Reviewed-on: https://go-review.googlesource.com/c/go/+/639655 Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Joel Sing <joel@sing.id.au> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/640237 2024-12-03T18:00:04Z Gopher Robot gobot@golang.org 2024-12-03T17:22:36Z urn:sha1:8f3f22eef807250155301822a8960afec160cc02 Change-Id: I5e9be77389bcb215c114013c169841cfbcaa9550 Reviewed-on: https://go-review.googlesource.com/c/go/+/633235 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Veronica Silina <veronicasilina@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com>