Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.26rc3 2026-02-04T15:46:44Z 2026-02-04T15:46:44Z Gopher Robot gobot@golang.org 2026-02-04T15:42:30Z urn:sha1:70d5aa7ba25f23b02d87512c5a6b6a9c699334ee Change-Id: Icdbfe2e74b099da6f3498549873c18e1ef295c64 Reviewed-on: https://go-review.googlesource.com/c/go/+/741942 Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Gopher Robot <gobot@golang.org> 2026-02-03T19:26:48Z Filippo Valsorda filippo@golang.org 2026-01-29T10:32:25Z urn:sha1:9f30ca9189831b8061a6ee46c0a2a331b4864559 Updates #77113 Updates #77217 Updates CVE-2025-68121 Change-Id: Ia47904a9ed001275aad0243a6a0ce57e6a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/740240 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> (cherry picked from commit 1c9abbdc8e9032cd613bd147c78b166ebacc8a2e) Reviewed-on: https://go-review.googlesource.com/c/go/+/741181 Auto-Submit: Michael Pratt <mpratt@google.com> 2026-02-03T19:17:52Z Filippo Valsorda filippo@golang.org 2026-01-30T17:07:23Z urn:sha1:3c5aea997ad49405d69946dde157b49139efa6eb TestHandshakeChangeRootCAsResumption and TestHandshakeGetConfigForClientDifferentClientCAs changed because previously rootA and rootB shared Subject and SPKI, which made the new full-chain revalidation check succeed, as the same leaf would verify against both roots. Updates #77376 Fixes #77426 Cq-Include-Trybots: luci.golang.try:go1.26-darwin-arm64-longtest Change-Id: I60bed694bdc621c9e83f1bd8a8224c016a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/741361 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org> (cherry picked from commit b691a2edc7f5863f61a07c4a4f087eef1a15a704) Reviewed-on: https://go-review.googlesource.com/c/go/+/741680 Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Michael Pratt <mpratt@google.com> 2026-02-03T15:55:04Z qmuntal quimmuntal@gmail.com 2026-02-02T11:06:22Z urn:sha1:eedccc63c087a16e297e91ab1004e0d7b88fe924 Updates #77404 Fixes #77405 Change-Id: I0402becb94855baf942d6ba3815cc2a3c1526d6e Reviewed-on: https://go-review.googlesource.com/c/go/+/740921 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Michael Pratt <mpratt@google.com> (cherry picked from commit 31c9bcb1037a332fd547808693cd1899090b5854) Reviewed-on: https://go-review.googlesource.com/c/go/+/741360 Auto-Submit: Michael Pratt <mpratt@google.com> 2026-01-30T17:55:08Z thepudds thepudds1460@gmail.com 2026-01-23T20:59:40Z urn:sha1:a56d064bd3e8ed3320175708c725e459ba31d5cd The motivating example I created for #73137 still seems to heap allocate in go1.26rc2 when used in a b.Loop body. │ go1.25 │ go1.26rc2 │ │ allocs/op │ allocs/op vs base │ NewX/b.Loop-basic-4 1.000 ± 0% 1.000 ± 0% ~ (p=1.000 n=10) ¹ I suspect it is because the temps are by default declared outside the loop body, which escape analysis will determine is an escaping value and result in a heap allocation. (I've seen this problem before, including in my older CL 546023 that attempts to help PGO with a similar issue.) This is an attempt to address that by placing ODCLs within the b.Loop body for the temps that are created so that they can be marked keepalive. There are two cases handled in the CL: function return values and function arguments. The first case is what affects my example from #73137, and is also illustrated via the NewX test case in the new test/escape_bloop.go file. Without this CL, the NewX call in the BenchmarkBloop test is inlined, which is an improvement over Go 1.25, but the slice still escapes because the temporary used for the return value is declared outside the loop body. With this CL, the slice does not escape. The second case is illustrated via the new BenchmarkBLoopFunctionArg test, which shows a function argument that escapes without this CL but does not escape with this CL. We can also make the two new b.Loop tests in testing/benchmark_test.go individually pass or fail as expected based on individually reverting the two changes in this CL. While we are here, we add a note to typecheck.TempAt to help make people aware of this behavior. Updates #73137 Fixes #77339 Reviewed-on: https://go-review.googlesource.com/c/go/+/738822 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com> Change-Id: I80e89ca95ba297b0d95f02782e6f4ae901a4361a Reviewed-on: https://go-review.googlesource.com/c/go/+/740600 Reviewed-by: Austin Clements <austin@google.com> Auto-Submit: Junyang Shao <shaojunyang@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> 2026-01-29T16:15:43Z David Chase drchase@google.com 2026-01-28T20:13:38Z urn:sha1:76e4bd2a57df870ac65973ff0404e7f3cb329c2f Change-Id: I34678f4ef17fe1b8b7657a2c3d39685b4a5951f2 Reviewed-on: https://go-review.googlesource.com/c/go/+/739981 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> (cherry picked from commit 985b0b3fe26661c10a3201470e80685765656363) Reviewed-on: https://go-review.googlesource.com/c/go/+/739941 Reviewed-by: David Chase <drchase@google.com> 2026-01-28T22:00:47Z Roland Shoemaker roland@golang.org 2026-01-26T19:18:45Z urn:sha1:72ae31033e5de7221b1b4bace85aff9a7978d8b8 When resuming TLS sessions, on the server and client verify that the chains stored in the session state (verifiedChains) are still acceptable with regards to the Config by checking for the inclusion of the root in either ClientCAs (server) or RootCAs (client). This prevents resuming a session with a certificate chain that would be rejected during a full handshake due to an untrusted root. Updates #77113 Updates #77357 Updates CVE-2025-68121 Change-Id: I11fe00909ef1961c24ecf80bf5b97f7b1121d359 Reviewed-on: https://go-review.googlesource.com/c/go/+/737700 Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Coia Prant <coiaprant@gmail.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-on: https://go-review.googlesource.com/c/go/+/740004 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Nicholas Husin <husin@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Nicholas Husin <nsh@golang.org> 2026-01-28T22:00:44Z Roland Shoemaker roland@golang.org 2026-01-26T18:55:32Z urn:sha1:feaa88bbce2637dbbd9c43437a7816fadf1f4ab9 When resuming a session, check that the verifiedChains contain at least one chain that is still valid at the time of resumption. If not, trigger a new handshake. Updates #77113 Updates #77357 Updates CVE-2025-68121 Change-Id: I14f585c43da17802513cbdd5b10c552d7a38b34e Reviewed-on: https://go-review.googlesource.com/c/go/+/739321 Reviewed-by: Coia Prant <coiaprant@gmail.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/740003 Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Nicholas Husin <nsh@golang.org> 2026-01-28T22:00:41Z Roland Shoemaker roland@golang.org 2026-01-26T18:49:30Z urn:sha1:a1d9a25ddc3f3446a015f74c998635ff134409ca This reverts CL 736709 (commit bba24719a4cad5cc8d771fc9cfff5a38019d554a). Updates #77113 Updates #77357 Updates CVE-2025-68121 Change-Id: I0261cb75e9adf9d0ac9890dc91ae8476b8988ba0 Reviewed-on: https://go-review.googlesource.com/c/go/+/739320 Reviewed-by: Coia Prant <coiaprant@gmail.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/740002 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Nicholas Husin <husin@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Nicholas Husin <nsh@golang.org> 2026-01-28T19:57:53Z Junyang Shao shaojunyang@google.com 2026-01-22T17:44:32Z urn:sha1:0ba9ea551d8e4e6be2baa37de87340f7598c753b The code previously filters out VAES-only instructions, this CL added them back. This CL added the VAES feature check following the Intel xed data: XED_ISA_SET_VAES: vaes.7.0.ecx.9 # avx.1.0.ecx.28 This CL also found out that the old AVX512VAES feature check is not checking the correct bits, it also fixes it: XED_ISA_SET_AVX512_VAES_128: vaes.7.0.ecx.9 aes.1.0.ecx.25 avx512f.7.0.ebx.16 avx512vl.7.0.ebx.31 XED_ISA_SET_AVX512_VAES_256: vaes.7.0.ecx.9 aes.1.0.ecx.25 avx512f.7.0.ebx.16 avx512vl.7.0.ebx.31 XED_ISA_SET_AVX512_VAES_512: vaes.7.0.ecx.9 aes.1.0.ecx.25 avx512f.7.0.ebx.16 It restricts to the most strict common set - includes avx512vl for even 512-bits although it doesn't requires it. Change-Id: I4e2f72b312fd2411589fbc12f9ee5c63c09c2e9a Reviewed-on: https://go-review.googlesource.com/c/go/+/738500 Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> (cherry picked from commit 83b232b0af1bd498d3df099eb68e3b1e40df2527) Reviewed-on: https://go-review.googlesource.com/c/go/+/739922 Reviewed-by: Junyang Shao <shaojunyang@google.com>