Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.25.7 2026-02-04T15:46:51Z 2026-02-04T15:46:51Z Gopher Robot gobot@golang.org 2026-02-04T15:42:52Z urn:sha1:eaf3bc799a221cc375f188e8699c9330c1caf40a Change-Id: I27d8fca15f8efc9ae0bfa9ffb23d1f258bd89f2a Reviewed-on: https://go-review.googlesource.com/c/go/+/741962 TryBot-Bypass: Gopher Robot <gobot@golang.org> Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2026-02-03T19:55:54Z Filippo Valsorda filippo@golang.org 2026-01-29T10:32:25Z urn:sha1:c7d189e65c229a840c1e3e310cf4cd4ca0cb4e84 Updates #77113 Updates #77217 Updates CVE-2025-68121 Change-Id: Ia47904a9ed001275aad0243a6a0ce57e6a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/740240 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> (cherry picked from commit 1c9abbdc8e9032cd613bd147c78b166ebacc8a2e) Reviewed-on: https://go-review.googlesource.com/c/go/+/741200 Auto-Submit: Michael Pratt <mpratt@google.com> 2026-02-03T19:17:48Z Filippo Valsorda filippo@golang.org 2026-01-30T17:07:23Z urn:sha1:451201453075da6314c24aa96b35ce1cc8260366 TestHandshakeChangeRootCAsResumption and TestHandshakeGetConfigForClientDifferentClientCAs changed because previously rootA and rootB shared Subject and SPKI, which made the new full-chain revalidation check succeed, as the same leaf would verify against both roots. Updates #77376 Fixes #77425 Cq-Include-Trybots: luci.golang.try:go1.25-darwin-arm64-longtest Change-Id: I60bed694bdc621c9e83f1bd8a8224c016a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/741361 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org> (cherry picked from commit b691a2edc7f5863f61a07c4a4f087eef1a15a704) Reviewed-on: https://go-review.googlesource.com/c/go/+/741246 Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Michael Pratt <mpratt@google.com> 2026-01-28T22:03:29Z Roland Shoemaker roland@golang.org 2026-01-26T19:18:45Z urn:sha1:d5987bff8ab92b4d96667ca960faeb92b97d5e75 When resuming TLS sessions, on the server and client verify that the chains stored in the session state (verifiedChains) are still acceptable with regards to the Config by checking for the inclusion of the root in either ClientCAs (server) or RootCAs (client). This prevents resuming a session with a certificate chain that would be rejected during a full handshake due to an untrusted root. Updates #77113 Updates #77356 Updates CVE-2025-68121 Change-Id: I11fe00909ef1961c24ecf80bf5b97f7b1121d359 Reviewed-on: https://go-review.googlesource.com/c/go/+/737700 Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Coia Prant <coiaprant@gmail.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-on: https://go-review.googlesource.com/c/go/+/740065 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Nicholas Husin <nsh@golang.org> 2026-01-28T22:03:25Z Roland Shoemaker roland@golang.org 2026-01-26T18:55:32Z urn:sha1:c2d04c09949c689cba848cdb71abe6ad039b22c5 When resuming a session, check that the verifiedChains contain at least one chain that is still valid at the time of resumption. If not, trigger a new handshake. Updates #77113 Updates #77356 Updates CVE-2025-68121 Change-Id: I14f585c43da17802513cbdd5b10c552d7a38b34e Reviewed-on: https://go-review.googlesource.com/c/go/+/739321 Reviewed-by: Coia Prant <coiaprant@gmail.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/740064 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Nicholas Husin <nsh@golang.org> 2026-01-28T22:03:22Z Roland Shoemaker roland@golang.org 2026-01-26T18:49:30Z urn:sha1:6b1110a40f41e1f8bb092e2e5a50b17c58777079 This reverts CL 736709 (commit bba24719a4cad5cc8d771fc9cfff5a38019d554a). Updates #77113 Updates #77356 Updates CVE-2025-68121 Change-Id: I0261cb75e9adf9d0ac9890dc91ae8476b8988ba0 Reviewed-on: https://go-review.googlesource.com/c/go/+/739320 Reviewed-by: Coia Prant <coiaprant@gmail.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/740063 Reviewed-by: Nicholas Husin <nsh@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Nicholas Husin <husin@google.com> 2026-01-28T21:39:00Z Roland Shoemaker roland@golang.org 2026-01-27T00:08:00Z urn:sha1:0765a9d624119e15c2f527e69098151ba664e5a5 Only strip labels when both the domain and constraint have more than one label. Fixes #76935 Fixes #77323 Change-Id: Ifdaae2cbe0c57984bb7334a8f08fa33a800e7c27 Reviewed-on: https://go-review.googlesource.com/c/go/+/739400 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2026-01-28T20:31:52Z Neal Patel nealpatel@google.com 2026-01-06T21:09:19Z urn:sha1:b19100991ac6d096e67cead47392049c178fd5ab Thank you to RyotaK (https://ryotak.net) of GMO Flatt Security Inc. for reporting this issue. Updates #76697 Fixes #77129 Fixes CVE-2025-61732 Change-Id: I9ecbef556f6e545fb152407041cd086c069f22d1 Reviewed-on: https://go-review.googlesource.com/c/go/+/740040 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> 2026-01-27T16:57:50Z Keith Randall khr@golang.org 2025-08-13T21:01:30Z urn:sha1:738bc3a33c115e3ca48793117047390b3fe37392 It is ok to clobber registers that have a copy of a fixedreg value, as that value is always available in its original location later if we need it. (See 14 lines below the change.) This CL will fix the regalloc infinite loop that CL 678620 introduced. That CL requests that the stack pointer value be materialized in a non-stack-pointer register, which is atypical. That condition triggered the infinite loop that this CL fixes. The infinite loop is the compiler trying to reuse that non-stack-pointer register for something else, but then refusing to give it up because it thought that non-stack-pointer register held the last copy of the original SP value. Fixes #75844 Change-Id: Id604d0937fb9d3753ee273bf1917753d3ef2d5d7 Reviewed-on: https://go-review.googlesource.com/c/go/+/696035 Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Keith Randall <khr@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> (cherry picked from commit 9bbea0f21a4539ea365d4804131b17d3b963c4f7) Reviewed-on: https://go-review.googlesource.com/c/go/+/710875 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> 2026-01-15T18:28:34Z Gopher Robot gobot@golang.org 2026-01-15T18:23:44Z urn:sha1:69801b25b9624c3a678ef87d30771861e7bba51f Change-Id: Ib93e4136188fce36867537b30977a03885b8b14f Reviewed-on: https://go-review.googlesource.com/c/go/+/736761 Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Junyang Shao <shaojunyang@google.com> TryBot-Bypass: Gopher Robot <gobot@golang.org>