Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.24rc3 2025-02-05T20:35:01Z 2025-02-05T20:35:01Z Gopher Robot gobot@golang.org 2025-02-05T20:02:05Z urn:sha1:18068cb96aa9836f36f243d63f570e5b7b3a9b9b Change-Id: Ib3e93a2ea07a0ef1ce0989143d03c765ede8cc99 Reviewed-on: https://go-review.googlesource.com/c/go/+/646936 Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> TryBot-Bypass: Cherry Mui <cherryyz@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> 2025-02-05T19:57:13Z Roland Shoemaker bracewell@google.com 2025-01-29T16:03:59Z urn:sha1:c43ac38b3b9fe861186af2e60b6f6b16486d8640 This reverts commit e3cd55e9d293d519e622e788e902f372dc30338a. This change introduced a security issue as @ flags are first resolved as files by the darwin linker, before their meaning as flags, allowing the flag filtering logic to be entirely bypassed. Thanks to Juho Forsén for reporting this issue. Fixes #71476 Fixes CVE-2025-22867 Change-Id: I3a4b4a6fc534de105d930b8ed5b9900bc94b0c4e Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1900 Reviewed-by: Russ Cox <rsc@google.com> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit cc0d725a4168f234ef38859b2d951a50a8fd94b5) Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1940 Reviewed-by: Neal Patel <nealpatel@google.com> Commit-Queue: Roland Shoemaker <bracewell@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/646995 Reviewed-by: Carlos Amedee <carlos@golang.org> TryBot-Bypass: Cherry Mui <cherryyz@google.com> 2025-01-31T17:45:08Z Carlos Amedee carlos@golang.org 2025-01-31T17:45:08Z urn:sha1:4241f582fc325e65b1badc6423a83a3973bcdc08 Conflicts: - src/cmd/go/testdata/script/goauth_netrc.txt Merge List: + 2025-01-31 37f27fbecd cmd/go: enable fips test and fix caching bug + 2025-01-31 77d20838e9 cmd: update golang.org/x/tools to CL 645697, and revendor + 2025-01-30 ce7ea0a6a5 cmd/go: refine GOAUTH user parsing to be more strict + 2025-01-29 e81f715515 lib/fips140: freeze v1.0.0 FIPS 140 module zip file + 2025-01-29 4f48ad5c6b cmd/link/internal/loader: fix linknames from FIPS 140 frozen tree + 2025-01-29 1f58ad5d6d Revert "os: employ sendfile(2) for file-to-file copying on Linux when needed" + 2025-01-28 90ec9996cb crypto/pbkdf2: add keyLength limit + 2025-01-28 62cd7cb6cd crypto/hkdf: check error in TestFIPSServiceIndicator + 2025-01-28 7764c502e2 crypto/internal/sysrand: skip TestNoGetrandom without cgo + 2025-01-28 50455385b0 internal/coverage: fix bug in text-format coverage output with multiple packages + 2025-01-28 28d389ef30 internal/godebug: check error from os.ReadFile in test + 2025-01-28 8071f2a169 runtime: mapiter linkname compatibility layer + 2025-01-28 78e6f2a1c8 runtime: rename mapiterinit and mapiternext + 2025-01-28 4ebd5bf855 internal/goexperiment: update location of baseline experiment in comment + 2025-01-27 f8937cb625 archive/zip, archive/tar: writer appends slash to directory names + 2025-01-27 11e08d9d96 strconv: adjust comment so that gofmt doesn't mung it + 2025-01-27 b9872221cd crypto/internal/fips140/rsa: avoid CAST unsetting the service indicator + 2025-01-27 3f791c8dfb crypto/internal/fips140/aes: set FIPS 140 service indicator for CTR and CBC + 2025-01-27 e0aeee82f3 crypto/ecdsa: avoid needless ScalarBaseMult in s390x + 2025-01-27 f70aa3824b cmd/go: do not call base.fatal for an unset HOME for GOAUTH=netrc + 2025-01-27 475e08349d Revert "runtime: Check LSE support on ARM64 at runtime init" + 2025-01-27 e2e700f8b1 crypto/internal/boring: keep ECDH public key alive during cgo calls + 2025-01-22 608acff847 go/types: avoid importer.Default + 2025-01-22 9d21ef3bd4 runtime: fix the equality check in AddCleanup + 2025-01-22 5a46b17b5f os: force a goroutine to be scheduled on WASM + 2025-01-22 6fc23a3cff crypto/internal/fips140/nistec: make p256NegCond constant time on ppc64le + 2025-01-22 70b603f4d2 go/importer: document limitations of this API + 2025-01-21 f6d17c5400 net/http: update bundled golang.org/x/net/http2 [generated] + 2025-01-21 3aa7c5ef01 testing: fix reference to B.N in docstring + 2025-01-20 3f4164f508 runtime: delete out of date comment + 2025-01-17 40b3c0e58a internal/coverage: refactor EmitTextual in preparation for bugfix + 2025-01-17 87023bb27f go/types, types2: ensure deterministic output when reporting an init cycle + 2025-01-17 80bf7d83ed go/types, types2: remove superfluous assertion (fix build) + 2025-01-16 1a93e4a2cf lib/time: update to 2025a/2025a + 2025-01-16 0b632d26b9 cmd/internal/obj/wasm, runtime: detect wasmexport call before runtime initialization + 2025-01-16 6a4effa08b crypto/x509: avoid panic when parsing partial PKCS#1 private keys + 2025-01-16 139d6eedae cmd/go: restore netrc preferences for GOAUTH and fix domain lookup + 2025-01-16 2b2314e9f6 crypto/x509: properly check for IPv6 hosts in URIs + 2025-01-16 6783377295 net/http: persist header stripping across repeated redirects + 2025-01-14 368a9ec998 encoding/json: cleanup tests + 2025-01-14 bd80d8956f cmd/go/internal/modfetch: do not trust server to send all tags in shallow fetch + 2025-01-14 4fa61d6f9c cmd/api: report error in test instead of crashing + 2025-01-14 c5e205e928 internal/runtime/maps: re-enable some tests + 2025-01-14 befc43655b testing/fstest: fix function name and comment + 2025-01-14 c83f2ca4b3 cmd/dist: ignore packages with no Go files in BenchmarkAll + 2025-01-13 6da16013ba cmd/go: check go version when parsing go.mod fails + 2025-01-13 de9fdc7b71 syscall/js: adjust comments to that gofmt does not change them + 2025-01-13 17ed215958 go/types, types2: don't panic when instantiating generic alias with wrong number of type arguments + 2025-01-13 c53307c3fd spec: fix grammar issue + 2025-01-13 47a56b2b6d encoding/json: add cases to TestUnmarshal for fatal syntactic errors + 2025-01-13 7bb192a1c5 encoding/json: always check resulting Go value for unmarshaling + 2025-01-12 44a6f817ea cmd/compile: fix write barrier coalescing + 2025-01-10 19e923182e crypto/internal/fips140test: add hmac DRBG ACVP tests + 2025-01-10 7255b94920 crypto/internal/fips140test: add ML-KEM ACVP tests + 2025-01-09 932ec2be8d crypto/rsa: fix GenerateKey flakes for toy-sized keys + 2025-01-09 d0c9142ce3 runtime/pprof: hide map runtime frames from heap profiles + 2025-01-09 c7c4420ae4 cmd/go: clarify GODEBUG in go help environment + 2025-01-09 c6ab13fc43 cmd/go/internal/mmap: reslice to file size on Windows + 2025-01-09 f5a89dff67 crypto: fix fips140=only detection of SHA-3 + 2025-01-08 4225c6cb37 encoding/json: improve fidelity of TestUnmarshal for Numbers + 2025-01-08 c87a6f932e crypto/mlkem: merge mlkem768.go and mlkem1024.go to improve godoc + 2025-01-08 f57a3a7c04 crypto/mlkem: add example and improve docs + 2025-01-08 c9afcbade7 go/types, types2: require iterator yield to return bool (work-around) + 2025-01-08 54693a81fd crypto/md5,crypto/sha1: apply fips140=only to Write and Sum, not New + 2025-01-08 0cdf8c7a8c crypto/ecdsa: apply fips140=only to deterministic ECDSA hash + 2025-01-08 4640e92af7 crypto/rsa: apply fips140=only to opts.Hash in SignPSS Change-Id: I443d8d9433e7f504905b60652d3fcd975e5f674b 2025-01-31T16:50:43Z Russ Cox rsc@golang.org 2024-11-17T22:17:50Z urn:sha1:37f27fbecd422da9fefb8ae1cc601bc5b4fec44b Enable the cmd/go fips test now that v1.0.0.zip has been checked in. Will still need to enable the alias half when the alias is checked in. Also fix a problem that was causing spurious failures, by fixing repeated unpackings and also disabling modindex reads of the virtual fips140 snapshot directories. Fixes #71491. Change-Id: I7fa21e9bde07ff4eb6c3483e99d49316ee0ea7f0 Reviewed-on: https://go-review.googlesource.com/c/go/+/645835 Reviewed-by: Michael Matloob <matloob@golang.org> Reviewed-by: Sam Thanawalla <samthanawalla@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-01-31T16:42:32Z Rob Findley rfindley@google.com 2025-01-31T15:06:15Z urn:sha1:77d20838e9cc3ad4f9c167db245752569d7ffc48 go get golang.org/x/tools@9874647 # CL 645697 go mod tidy go mod vendor Fixes #71485 Change-Id: I72d8f82abd0c6e05f2698d8a372bf9485002d1b3 Reviewed-on: https://go-review.googlesource.com/c/go/+/645336 Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Robert Findley <rfindley@google.com> TryBot-Bypass: Robert Findley <rfindley@google.com> 2025-01-30T21:39:38Z Sam Thanawalla samthanawalla@google.com 2025-01-28T16:13:52Z urn:sha1:ce7ea0a6a529ce91327900e29afc3abd620030b4 This CL enhances the parsing of GOAUTH user based authentication for improved security. Updates: #26232 Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest,gotip-windows-amd64-longtest Change-Id: Ica57952924020b7bd2670610af8de8ce52dbe92f Reviewed-on: https://go-review.googlesource.com/c/go/+/644995 Auto-Submit: Sam Thanawalla <samthanawalla@google.com> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-01-29T15:10:35Z Filippo Valsorda filippo@golang.org 2025-01-29T02:49:06Z urn:sha1:e81f7155154c0f5d40363e84a8f24a5b559b5eed make v1.0.0.zip make v1.0.0.test make updatesum Changed the v%.zip Makefile target to use the default of origin/master, as per its comment and intention, instead of the local master. Change-Id: I6a6a4656c097d11b8cdc96766394c984f9c47f82 Reviewed-on: https://go-review.googlesource.com/c/go/+/644645 Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-01-29T14:30:36Z Filippo Valsorda filippo@golang.org 2025-01-29T02:18:01Z urn:sha1:4f48ad5c6b2775ab295ea0062b93527cbf4ea9d0 blockedLinknames was updated in CL 635676 after the lib/fips140 zip mechanism was last tested. linknames from crypto/internal/fips140/v1.0.0 need to be allowed if they'd be allowed from crypto/internal/fips140. Change-Id: I6a6a4656022118d4739ae14831f2ad721951c192 Reviewed-on: https://go-review.googlesource.com/c/go/+/645195 Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> 2025-01-29T14:29:28Z Michael Pratt mpratt@google.com 2025-01-27T22:05:22Z urn:sha1:1f58ad5d6d2eebc1939a65a511ca84c9b997cd6a This reverts CL 603295. Reason for revert: can cause child exit_group to hang. This is not a clean revert. CL 603098 did a major refactoring of the tests. That refactor is kept, just the sendfile-specific tests are dropped from the linux tests. Fixes #71375. Change-Id: Ic4d6535759667c69a44bd9281bbb33d5b559f591 Reviewed-on: https://go-review.googlesource.com/c/go/+/644895 Auto-Submit: Michael Pratt <mpratt@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Andy Pan <panjf2000@gmail.com> 2025-01-29T02:20:16Z Roland Shoemaker roland@golang.org 2025-01-24T22:08:03Z urn:sha1:90ec9996cb6e7ea98ffeab1b6e28037d79e81026 As specified by RFC 8018. Also prevent unexpected overflows on 32 bit systems. Change-Id: I50c4a177b7d1ebb15f9b3b96e515d93f19d3f68e Reviewed-on: https://go-review.googlesource.com/c/go/+/644122 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Robert Griesemer <gri@google.com>