go, branch go1.4.3

[release-branch.go1.4] go1.4.3

2015-09-23T04:20:05Z

Change-Id: I9f0c6cf2dfc83f95905e75977a3e679a4152aa41 Reviewed-on: https://go-review.googlesource.com/14855 Run-TryBot: Chris Broadfoot Reviewed-by: Chris Broadfoot

[release-branch.go1.4] doc: document go1.4.3

2015-09-23T04:11:19Z

Change-Id: Ib1bfe4038e2b125a31acd9ff7772e462b0a6358f Reviewed-on: https://go-review.googlesource.com/14852 Reviewed-by: Andrew Gerrand Reviewed-on: https://go-review.googlesource.com/14853

[release-branch.go1.4] net/http: backport some potential request smuggling vectors from Go 1.5

2015-09-22T06:40:33Z

This CL contains the verbatim tests from these two changes, but with alternate minimal fixes against the 1.4 tree: https://go-review.googlesource.com/#/c/12865/ https://go-review.googlesource.com/#/c/13148/ Change-Id: If98c2198e24e30e14a3b7b5e954b504d1f18db89 Reviewed-on: https://go-review.googlesource.com/14802 Reviewed-by: Rob Pike Run-TryBot: Brad Fitzpatrick Reviewed-by: Andrew Gerrand Reviewed-by: Chris Broadfoot Run-TryBot: Chris Broadfoot

[release-branch.go1.4] net/http: harden Server against request smuggling

2015-09-22T06:39:51Z

See RFC 7230. Thanks to Régis Leroy for the report. Change-Id: Ic1779bc2180900430d4d7a4938cac04ed73c304c Reviewed-on: https://go-review.googlesource.com/11810 Reviewed-by: Russ Cox Run-TryBot: Brad Fitzpatrick Reviewed-on: https://go-review.googlesource.com/14250 Reviewed-by: Andrew Gerrand

[release-branch.go1.4] net/textproto: don't treat spaces as hyphens in header keys

2015-09-22T06:39:39Z

This was originally done in https://codereview.appspot.com/5690059 (Feb 2012) to deal with bad response headers coming back from webcams, but it presents a potential security problem with HTTP request smuggling for request headers containing "Content Length" instead of "Content-Length". Part of overall HTTP hardening for request smuggling. See RFC 7230. Thanks to Régis Leroy for the report. Change-Id: I92b17fb637c9171c5774ea1437979ae2c17ca88a Reviewed-on: https://go-review.googlesource.com/11772 Reviewed-by: Russ Cox Run-TryBot: Brad Fitzpatrick TryBot-Result: Gobot Gobot Reviewed-on: https://go-review.googlesource.com/14249 Reviewed-by: Andrew Gerrand

[release-branch.go1.4] runtime: don't return a slice with nil ptr but non-zero len from growslice

2015-09-22T06:36:57Z

Fixes #10135. Change-Id: Ic4c5ab15bcb7b9c3fcc685a788d3b59c60c26e1e Signed-off-by: Shenghou Ma Reviewed-on: https://go-review.googlesource.com/7400 Reviewed-by: Ian Lance Taylor Reviewed-on: https://go-review.googlesource.com/14248 Reviewed-by: Andrew Gerrand

cmd/dist: remove -Werror from CFLAGS

2015-09-03T06:23:23Z

Fixes #12345. Change-Id: I43d91e3f33171c333803036b29c3238c6aff3c60 Reviewed-on: https://go-review.googlesource.com/13962 Reviewed-by: Andrew Gerrand

[release-branch.go1.4] go1.4.2

2015-02-18T04:24:51Z

Change-Id: I0f198e4a94c50a11228c15d6aaac0cea890b5b58 Reviewed-on: https://go-review.googlesource.com/5111 Reviewed-by: Rob Pike

[release-branch.go1.4] doc: document Go 1.4.2

2015-02-18T03:43:35Z

Change-Id: Ia87047cbc720fb03d2f67aec48abe18bce8dbf78 Reviewed-on: https://go-review.googlesource.com/5112 Reviewed-by: Russ Cox Reviewed-on: https://go-review.googlesource.com/5113 Reviewed-by: Andrew Gerrand

[release-branch.go1.4] runtime: don't fail if we find a pointer to an invalid span on 32 bit

2015-02-17T23:37:56Z

The 32-bit heap may have holes in it. Pointers to (non-heap) objects in those holes shouldn't cause the GC to throw. This change is somewhat of a band-aid fix for 1.4.2. We should do a more thorough fix for tip (keep track of the holes in the heap with special MSpans, say). Update #9872 Change-Id: Ife9ba27b77ae6ac5a6792d249c68893b3df62134 Reviewed-on: https://go-review.googlesource.com/4920 Run-TryBot: Keith Randall Reviewed-by: Russ Cox