Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.23.10 2025-06-05T18:34:47Z 2025-06-05T18:34:47Z Gopher Robot gobot@golang.org 2025-06-05T18:16:25Z urn:sha1:d375ae50633cdf1cd8536f2a199c382f9053b638 Change-Id: Id4ed8879352dfe662a0ab96981a8d59e2fd80767 Reviewed-on: https://go-review.googlesource.com/c/go/+/679219 Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> TryBot-Bypass: Carlos Amedee <carlos@golang.org> 2025-06-05T18:10:16Z Neal Patel nealpatel@google.com 2025-05-21T18:11:44Z urn:sha1:b897e97c36cb62629a458bc681723ca733404e32 Similarly to Authentication entries, Proxy-Authentication entries should be stripped to ensure sensitive information is not leaked on redirects outside of the original domain. https://fetch.spec.whatwg.org/#authentication-entries Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this issue. Updates golang/go#73816 Fixes golang/go#73905 Fixes CVE-2025-4673 Change-Id: I1615f31977a2fd014fbc12aae43f82692315a6d0 Reviewed-on: https://go-review.googlesource.com/c/go/+/679255 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> 2025-05-29T17:56:13Z Damien Neil dneil@google.com 2025-05-13T22:35:19Z urn:sha1:c2c89d95516d2a6b51aa1766ed5f76e542ab282c (This cherry-pick includes both CL 672396 and CL 676655.) Match standard Unix behavior: Symlinks are not followed when O_CREATE|O_EXCL is passed to open. Thanks to Junyoung Park and Dong-uk Kim of KAIST Hacking Lab for discovering this issue. For #73702 Fixes #73719 Fixes CVE-2025-0913 Change-Id: Ieb46a6780c5e9a6090b09cd34290f04a8e3b0ca5 Reviewed-on: https://go-review.googlesource.com/c/go/+/672396 Auto-Submit: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Alan Donovan <adonovan@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/677195 TryBot-Bypass: Michael Knyszek <mknyszek@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> 2025-05-29T15:12:27Z Cherry Mui cherryyz@google.com 2025-05-21T18:32:21Z urn:sha1:8eeb1340b230321dc3b797e4b9836cc5ef8f316d In CL 660696, we made the linker to choose the symbol of the larger size in case there are multiple contentless declarations of the same symbol. We also made it emit an error in the case that there are a contentless declaration of a larger size and a definition with content of a smaller size. In this case, we should choose the definition with content, but the code accesses it through the declaration of the larger size could fall into the next symbol, potentially causing data corruption. So we disallowed it. There is one spcial case, though, that some code uses a linknamed variable declaration to reference a function in assembly, in order to take its address. The variable is often declared as uintptr. The function symbol is the definition, which could sometimes be shorter. This would trigger the error case above, causing existing code failing to build. This CL allows it as a special case. It is still not safe to access the variable's content. But it is actually okay to just take its address, which the existing code often do. Updates #73617. Fixes #73831. Change-Id: I467381bc5f6baa16caee6752a0a824c7185422f6 Reviewed-on: https://go-review.googlesource.com/c/go/+/676636 Reviewed-by: David Chase <drchase@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> (cherry picked from commit 70109eb32625487d9c774d602a4fa2422e218f1b) Reviewed-on: https://go-review.googlesource.com/c/go/+/676958 TryBot-Bypass: Cherry Mui <cherryyz@google.com> 2025-05-28T16:32:46Z Sean Liao sean@liao.dev 2024-07-12T19:56:19Z urn:sha1:4ca7c01706ad6da07aed882528e595a39edd085b For #66465 Fixes #73677 Change-Id: I60c017ddba29fa5b452b665d8521cd6c8e20438c Reviewed-on: https://go-review.googlesource.com/c/go/+/597979 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Jorropo <jorropo.pgm@gmail.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: qiu laidongfeng2 <2645477756@qq.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> (cherry picked from commit c4136a433c28eb12abad777f8e74087ecf6e21f4) Reviewed-on: https://go-review.googlesource.com/c/go/+/671936 Reviewed-by: Sean Liao <sean@liao.dev> TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> TryBot-Bypass: Michael Knyszek <mknyszek@google.com> 2025-05-06T18:34:22Z Gopher Robot gobot@golang.org 2025-05-06T17:35:17Z urn:sha1:f77084d15d53e6aa09d2e7f867e69cc9766da2c5 Change-Id: I5ffeb84b19112888aee4ebffd88c0753b41ac833 Reviewed-on: https://go-review.googlesource.com/c/go/+/670457 Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> 2025-04-28T17:29:49Z Keith Randall khr@golang.org 2025-04-14T16:52:31Z urn:sha1:8ff45d1aa09d77d708a0ec4921817c6e6ee7ca85 The last 3 arguments need to be passed on the stack, not registers. Fixes #73380 Change-Id: Ib1155ad1a805957fad3d9594c93981a558755591 Reviewed-on: https://go-review.googlesource.com/c/go/+/665435 Reviewed-by: Michael Pratt <mpratt@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@google.com> (cherry picked from commit 9d7de0483861b3f882f79797939566fe8f6f9e24) Reviewed-on: https://go-review.googlesource.com/c/go/+/666015 2025-04-10T15:35:38Z Cherry Mui cherryyz@google.com 2025-03-25T20:55:54Z urn:sha1:96537d504423f332bfa2e8335a936a041c46206c When two packages declare a variable with the same name (with linkname at least on one side), the linker will choose one as the actual definition of the symbol if one has content (i.e. a DATA symbol) and the other does not (i.e. a BSS symbol). When both have content, it is redefinition error. When neither has content, currently the choice is sort of arbitrary (depending on symbol loading order, etc. which are subject to change). One use case for that is that one wants to reference a symbol defined in another package, and the reference side just wants to see some of the fields, so it may be declared with a smaller type. In this case, we want to choose the one with the larger size as the true definition. Otherwise the code accessing the larger sized one may read/write out of bounds, corrupting the next variable. This CL makes the linker do so. Also include followup fix CL 661915. Fixes #73091. Updates #72032. Change-Id: I160aa9e0234702066cb8f141c186eaa89d0fcfed Reviewed-on: https://go-review.googlesource.com/c/go/+/660696 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Than McIntosh <thanm@golang.org> (cherry picked from commit 8f6c083d7bf68a766073c50ceb8ea405a3fe7bed) Reviewed-on: https://go-review.googlesource.com/c/go/+/662355 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> 2025-04-01T16:11:48Z Gopher Robot gobot@golang.org 2025-04-01T15:39:05Z urn:sha1:7a2cfb70b01f069c2125adcf7126d7f3376cb8b7 Change-Id: Ied6ade315672e373b9b861f09ee0feba4fb8030b Reviewed-on: https://go-review.googlesource.com/c/go/+/662057 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org> 2025-03-26T16:35:14Z Andy Pan i@andypan.me 2025-03-05T08:14:42Z urn:sha1:c72a2bad6833ba62dd8c875b9c8960bf833b3b59 Fixes #72114 For #71591 Relevant CL 560155 Change-Id: Iebc497d56b36d50c13a6dd88e7bca4578a03cf63 Reviewed-on: https://go-review.googlesource.com/c/go/+/654916 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Michael Pratt <mpratt@google.com> Reviewed-by: Michael Pratt <mpratt@google.com> (cherry picked from commit 92a63bdfee9f8347df70293e5733661ae31ae285) Reviewed-on: https://go-review.googlesource.com/c/go/+/660935 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>