Filippo Valsorda [Tue, 22 Jan 2019 21:02:41 +0000 (16:02 -0500)]
[release-branch.go1.10-security] crypto/elliptic: reduce subtraction term to prevent long busy loop
If beta8 is unusually large, the addition loop might take a very long
time to bring x3-beta8 back positive.
This would lead to a DoS vulnerability in the implementation of the
P-521 and P-384 elliptic curves that may let an attacker craft inputs
to ScalarMult that consume excessive amounts of CPU.
Reason for revert: this fix has been backported to 1.11, and that makes
it ineligible for backport to 1.10, since upgrading to 1.11 is a valid
workaround according to https://github.com/golang/go/wiki/MinorReleases.
Also, this triggers a bug on Wasm that would require a backport of
CL 149965, too.
Bryan C. Mills [Fri, 14 Dec 2018 02:42:33 +0000 (21:42 -0500)]
[release-branch.go1.10] cmd/go/internal/get: move wildcard-trimming to before CheckImportPath
Previously, RepoRootForImportPath trimmed certain "..." wildcards from
package patterns (even though its name suggests that the argument must
be an actual import path). It trimmed at the first path element that
was literally "..." (although wildcards in general may appear within a
larger path element), and relied on a subsequent check in
RepoRootForImportPath to catch confusing resolutions.
However, that causes 'go get' with wildcard patterns in fresh paths to
fail as of CL 154101: a wildcard pattern is not a valid import path,
and fails the path check. (The existing Test{Vendor,Go}Get* packages
in go_test.go and vendor_test.go catch the failure, but they are all
skipped when the "-short" flag is set — including in all.bash — and we
had forgotten to run them separately.)
We now trim the path before any element that contains a wildcard, and
perform the path check (and repo resolution) on only that prefix. It
is possible that the expanded path after fetching the repo will be
invalid, but a repository can contain directories that are not valid
import paths in general anyway.
Bryan C. Mills [Mon, 3 Dec 2018 20:12:08 +0000 (15:12 -0500)]
[release-branch.go1.10-security] cmd/go: reject 'get' of paths containing leading dots or unsupported characters
On some platforms, directories beginning with dot are treated as
hidden files, and filenames containing unusual characters can be
confusing for users to manipulate (and delete).
Change-Id: I443bdeb98e4de24b8a93a75fb923f4d41052e8f7
Reviewed-on: https://team-review.git.corp.google.com/c/368703 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Filippo Valsorda [Wed, 5 Dec 2018 03:23:22 +0000 (22:23 -0500)]
[release-branch.go1.10-security] crypto/x509: limit number of signature checks for each verification
That number grows quadratically with the number of intermediate
certificates in certain pathological cases (for example if they all have
the same Subject) leading to a CPU DoS. Set a fixed budget that should
fit all real world chains, given we only look at intermediates provided
by the peer.
The algorithm can be improved, but that's left for follow-up CLs:
* the cache logic should be reviewed for correctness, as it seems to
override the entire chain with the cached one
* the equality check should compare Subject and public key, not the
whole certificate
* certificates with the right SKID but the wrong Subject should not
be considered, and in particular should not take priority over
certificates with the right Subject
Change-Id: Ib257c12cd5563df7723f9c81231d82b882854213
Reviewed-on: https://team-review.git.corp.google.com/c/370475 Reviewed-by: Andrew Bonventre <andybons@google.com>
(cherry picked from commit 09d57361bc99cbbfb9755ee30ddcb42ff5a9d7d6)
Reviewed-on: https://team-review.git.corp.google.com/c/372923 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Alex Brainman [Sun, 26 Aug 2018 06:45:10 +0000 (16:45 +1000)]
[release-branch.go1.10] internal/poll: advance file position in windows sendfile
Some versions of Windows (Windows 10 1803) do not set file
position after TransmitFile completes. So just use Seek
to set file position before returning from sendfile.
Updates #25722
Fixes #27419
Change-Id: I7a49be10304b5db19dda707b13ac93d338aeb190
Reviewed-on: https://go-review.googlesource.com/131976 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Yasuhiro MATSUMOTO <mattn.jp@gmail.com>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
(cherry picked from commit 8359b5e134052db0e5f1bc2257d496b0a81aa4fb)
Reviewed-on: https://go-review.googlesource.com/c/146779
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Daniel Theophanes [Sun, 25 Mar 2018 23:58:27 +0000 (16:58 -0700)]
[release-branch.go1.10] database/sql: check for nil connRequest.conn before use
The connRequest may return a nil conn value. However in a rare
case that is difficult to test for it was being passed to
DB.putConn without a nil check. This was an error as this
made no sense if the driverConn is nil. This also caused
a panic in putConn.
A test for this would be nice, but didn't find a sane
way to test for this condition.
Alex Brainman [Mon, 11 Jun 2018 02:09:18 +0000 (12:09 +1000)]
[release-branch.go1.10] internal/poll: specify current file position when calling TransmitFile
Current SendFile implementation assumes that TransmitFile starts from
the current file position. But that appears not true for Windows 10
Version 1803.
suggests, "You can use the lpOverlapped parameter to specify a 64-bit
offset within the file at which to start the file data transfer by
setting the Offset and OffsetHigh member of the OVERLAPPED structure."
Do as it advises.
Fixes #25722
Change-Id: I241d3bf76d0d5590d4df27c6f922d637068232fb
Reviewed-on: https://go-review.googlesource.com/117816
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit af4d60428f6dc5eab10b6de23235f61cceee8bc3)
Reviewed-on: https://go-review.googlesource.com/c/146780
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Alberto Donizetti [Wed, 22 Aug 2018 12:01:22 +0000 (14:01 +0200)]
[release-branch.go1.10] cmd/compile: prevent overflow in walkinrange
In the compiler frontend, walkinrange indiscriminately calls Int64()
on const CTINT nodes, even though Int64's return value is undefined
for anything over 2⁶³ (in practise, it'll return a negative number).
This causes the introduction of bad constants during rewrites of
unsigned expressions, which make the compiler reject valid Go
programs.
This change introduces a preliminary check that Int64() is safe to
call on the consts on hand. If it isn't, walkinrange exits without
doing any rewrite.
Lynn Boger [Fri, 8 Jun 2018 15:07:18 +0000 (11:07 -0400)]
[release-branch.go1.10] runtime: restore r2 when restoring state from gobuf in gogo on ppc64x
When using plugins with goroutines calling cgo, we hit a case where
an intermittent SIGSEGV occurs when referencing an address that is based
on r2 (TOC address). When the failure can be generated in gdb, the
contents of r2 is wrong even though the value in the current stack's
slot for r2 is correct. So that means it somehow switched to start
running the code in this function without passing through the beginning
of the function which had the correct value of r2 and stored it there.
It was noted that in runtime.gogo when the state is restored from
gobuf, r2 is not restored from its slot on the stack. Adding the
instruction to restore r2 prevents the SIGSEGV.
Fixes #25800
Change-Id: I6028b6f1f8775d5c23f4ebb57ae273330a28eb8f
Reviewed-on: https://go-review.googlesource.com/117515
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com> Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
(cherry picked from commit 30a63ecee351c029ea99dce388a5953a150b4e02)
Reviewed-on: https://go-review.googlesource.com/c/117915 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
[release-branch.go1.10] cmd/link: put runtime.framepointer_enabled in DATA instead of RODATA
On darwin, only writable symbol is exported
(cmd/link/internal/ld/macho.go:/machoShouldExport).
For plugin to work correctly, global variables, including
runtime.framepointer_enabled which is set by the linker, need
to be exported when dynamic linking. Put it in DATA so it is
exported. Also in Go it is defined as a var, which is not
read-only.
Keith Randall [Thu, 10 May 2018 17:15:52 +0000 (10:15 -0700)]
[release-branch.go1.10] cmd/compile: fix zero extend after float->int conversion
Don't do direct loads from argument slots if the sizes don't match.
This prevents us from loading from a float32 using a uint64 load
during expressions like uint64(math.float32Bits(f)) where f is a float32 arg.
Keith Randall [Mon, 22 Jan 2018 17:43:27 +0000 (09:43 -0800)]
[release-branch.go1.10] cmd/compile: reset branch prediction when deleting a branch
When we go from a branch block to a plain block, reset the
branch prediction bit. Downstream passes asssume that if the
branch prediction is set, then the block has 2 successors.
Fixes #23504
Fixes #26851
Change-Id: I2898ec002228b2e34fe80ce420c6939201c0a5aa
Reviewed-on: https://go-review.googlesource.com/88955 Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com>
(cherry picked from commit 4313d7767d830e863e8f8b53a2b48ca8d0bf0a79)
Reviewed-on: https://go-review.googlesource.com/128855
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Keith Randall <khr@golang.org>
Ian Lance Taylor [Wed, 25 Jul 2018 22:24:27 +0000 (15:24 -0700)]
[release-branch.go1.10] cmd/cgo: don't resolve typedefs in -godefs mode
In -godefs mode any typedefs that appear in struct fields and the like
will presumably be defined in the input file. If we resolve to the
base type, those cross-references will not work. So for -godefs mode,
keep the Go 1.10 behavior and don't resolve the typedefs in a loop.
Fixes #26644
Change-Id: I48cf72d9eb5016353c43074e6aff6495af326f35
Reviewed-on: https://go-review.googlesource.com/125995 Reviewed-by: Keith Randall <khr@golang.org>
(cherry picked from commit ead59f4bf368f13bbabea3f8a59f9f29ccdd3900)
Reviewed-on: https://go-review.googlesource.com/128395
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Keith Randall [Wed, 1 Aug 2018 04:31:19 +0000 (21:31 -0700)]
[release-branch.go1.10] cmd/cgo: stop expanding typedefs once we reach __builtin types
Expanding __builtin types (__builtin_va_list, particularly) leads
to problems because they are expanded by the compiler itself - the
expansions are not generated by anything in a .h file. The types
a __builtin type expand to are thus very confusing to cgo.
See CL 126275.
Fixes #25036.
Change-Id: I66eb6a4f27f652f1b934ba702f580f6daa62a566
Reviewed-on: https://go-review.googlesource.com/127156
Run-TryBot: Keith Randall <khr@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-on: https://go-review.googlesource.com/128096
Keith Randall [Thu, 26 Jul 2018 23:33:27 +0000 (16:33 -0700)]
[release-branch.go1.10] cmd/cgo: make sure we FinishType everything
Ensure that we call FinishType on all the types added to the ptrs map.
We only add a key to ptrKeys once. Once we FinishType for that key,
we'll never look at that key again. But we can add a new type under that
key later, and we'll never finish it.
Make sure we add the key to the ptrKeys list every time we make the list
of types for that key non-empty.
This makes sure we FinishType each pointer type exactly once.
Update #25036
Change-Id: Iad86150d516fcfac167591daf5a26c38bec7d143
Reviewed-on: https://go-review.googlesource.com/126275 Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-on: https://go-review.googlesource.com/128095
Keith Randall [Mon, 16 Jul 2018 17:45:25 +0000 (10:45 -0700)]
[release-branch.go1.10] misc/cgo: fix darwin test, again
TARGET_OS_OSX is the right macro, but it also was only introduced
in 1.12. For 1.11 and earlier a reasonable substitution is
TARGET_OS_IPHONE == 0.
Update #25036
Change-Id: I5f43c463d14fada9ed1d83cc684c7ea05d94c5f3
Reviewed-on: https://go-review.googlesource.com/124075
Run-TryBot: Keith Randall <khr@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/124218
Keith Randall [Sun, 15 Jul 2018 00:18:45 +0000 (17:18 -0700)]
[release-branch.go1.10] misc/cgo: fix test on iOS
The test in CL 123715 doesn't work on iOS, it needs to use a different
version scheme to determine whether SecKeyAlgorithm and friends exist.
Restrict the old version test to OSX only.
The same problem occurs on iOS: the functions tested don't exist before
iOS 10. But we don't have builders below iOS 10, so it isn't a big issue.
If we ever get older builders, or someone wants to run all.bash on an
old iOS, they'll need to figure out the right incantation.
Update #25036
Change-Id: Ia3ace86b00486dc172ed00c0c6d668a95565bff7
Reviewed-on: https://go-review.googlesource.com/123959
Run-TryBot: Keith Randall <khr@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-on: https://go-review.googlesource.com/124217 Reviewed-by: Ian Lance Taylor <iant@golang.org>
Keith Randall [Thu, 12 Jul 2018 23:51:27 +0000 (16:51 -0700)]
[release-branch.go1.10] misc/cgo/test: fix issue 24161 test for 1.11 and earlier
The test uses functions from C that were introduced in OSX 1.12.
Include stubs for those functions when compiling for 1.11 and earlier.
This test really a compile-time test, it doesn't matter much what the
executed code actually does.
Use a nasty #define hack to work around the fact that cgo doesn't
support static global variables.
Update #25036
Change-Id: Icf6f7bc9b6b36cacc81d5d0e033a2ebaff7e0298
Reviewed-on: https://go-review.googlesource.com/123715
Run-TryBot: Keith Randall <khr@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/124216
Keith Randall [Tue, 10 Jul 2018 20:47:15 +0000 (13:47 -0700)]
[release-branch.go1.10] cmd/cgo: fix cgo bad typedefs
Two fixes:
1) Typedefs of the bad typedefs should also not be rewritten to the
underlying type. They shouldn't just be uintptr, though, they should
retain the C naming structure. For example, in C:
we know that we need to investigate the type SecKeyAlgorithm.
Might as well just find every typedef and check the badness of all of them.
This requires looping until a fixed point of known types is reached.
Usually it takes just 2 iterations, sometimes 3.
Update #25036
Change-Id: I32ca7e48eb4d4133c6242e91d1879636f5224ea9
Reviewed-on: https://go-review.googlesource.com/123177
Run-TryBot: Keith Randall <khr@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-on: https://go-review.googlesource.com/124215
Keith Randall [Sat, 7 Jul 2018 04:38:31 +0000 (21:38 -0700)]
[release-branch.go1.10] cmd/cgo: check function argument/return types for bad C pointer types
We need to determine whether arguments to and return values from C
functions are "bad" typedef'd pointer types which need to be uintptr
on the Go side.
The type of those arguments are not specified explicitly. As a result,
we never look through the C declarations for the GetTypeID functions
associated with that type, and never realize that they are bad.
However, in another function in the same package there might be an
explicit reference. Then we end up with the declaration being uintptr
in one file and *struct{...} in another file. Badness ensues.
Fix this by doing a 2-pass algorithm. In the first pass, we run as
normal, but record all the argument and result types we see. In the
second pass, we include those argument types also when reading the C
types.
Update #25036
Change-Id: I8d727e73a2fbc88cb9d9899f8719ae405f59f753
Reviewed-on: https://go-review.googlesource.com/122575
Run-TryBot: Keith Randall <khr@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
(cherry picked from commit 20803e0f52809fa6088285c1c87246642df2b62d)
Reviewed-on: https://go-review.googlesource.com/122818
Ian Lance Taylor [Wed, 18 Jul 2018 00:36:15 +0000 (17:36 -0700)]
[release-branch.go1.10] cmd/cgo: don't report inconsistency error for incomplete typedef
In CLs 122575 and 123177 the cgo tool started explicitly looking up
typedefs. When there are two Go files using import "C", and the first
one has an incomplete typedef and the second one has a complete
version of the same typedef, then we will now record a version of the
first typedef which will not match the recorded version of the second
typedef, producing an "inconsistent definitions" error. Fix this by
silently merging incomplete typedefs with complete ones.
Fixes #26430
Change-Id: I9e629228783b866dd29b5c3a31acd48f6e410a2d
Reviewed-on: https://go-review.googlesource.com/124575
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Keith Randall <khr@golang.org>
(cherry picked from commit a371bc2dfdf1fe4166c83be1177fbecb03d8da53)
Reviewed-on: https://go-review.googlesource.com/128155
bill_ofarrell [Thu, 28 Jun 2018 22:39:37 +0000 (18:39 -0400)]
[release-branch.go1.10] bytes, strings: fix comparison of long byte slices on s390x
The existing implementation of bytes.Compare on s390x doesn't work properly for slices longer
than 256 elements. This change fixes that. Added tests for long strings and slices of bytes.
Fixes #26117
Change-Id: If6d8b68ee6dbcf99a24f867a1d3438b1f208954f
Reviewed-on: https://go-review.googlesource.com/121495 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/124016
Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Ian Lance Taylor [Tue, 26 Jun 2018 23:21:56 +0000 (16:21 -0700)]
[release-branch.go1.10] mime/multipart: restore 1.9 handling of missing/empty form-data file name
Revert the code change of CL 70931, but keep the test, appropriately
modified for the code changes. Also add a new test. This restores the
1.9 handling of form-data entries with missing or empty file names.
Changing the handling of this simply confused existing programs for no
useful benefit. Go back to the old behavior.
Updates #19183
Fixes #24041
Change-Id: Ie7a0309a061218ceda3bbc2a7da85e6fb3dd016d
Reviewed-on: https://go-review.googlesource.com/121075
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Misty De Meo [Fri, 15 Jun 2018 18:15:50 +0000 (18:15 +0000)]
[release-branch.go1.10] ld/macho: add all missing load commands
The ld/macho code currently understands a subset of the mach-o load
commands. I've encountered one of these in the wild in a Go-produced
binary, which tripped up the Go linker because its switch statement
expects its list of load commands to be exhaustive; the rest I've
added for the sake of completion.
The ruby-macho library is a good non-Darwin header resource for these:
https://github.com/homebrew/ruby-macho
Russ Cox [Fri, 1 Jun 2018 19:47:29 +0000 (15:47 -0400)]
[release-branch.go1.10] cmd/go: fix 'go get' compatibility for direct download of vgo-aware module
CL 109340 added “minimal module-awareness for legacy operation.”
One part of that is reinterpreting imports inside code trees with go.mod files
as using semantic import versioning, and converting them back to
legacy import paths by stripping the major version element
(for example, interpreting import "x.com/foo/v2/bar" as import "x.com/foo/bar").
This rewrite was not being applied during "go get", with the effect that once
you had the target code downloaded already, everything was fine,
but it didn't download and build successfully the first time.
[release-branch.go1.10] cmd/go: add minimal module-awareness for legacy operation
We want authors to be able to publish code that works with both
the current standard go command and the planned new go command
support for modules. If authors have tagged their code v2 or later,
semantic import versioning means the import paths must include a
v2 path element after the path prefix naming the module.
One option for making this convention compatible with original go get
is to move code into a v2 subdirectory of the root.
That makes sense for some authors, but many authors would prefer
not to move all the code into a v2 subdirectory for a transition and
then move it back up once we everyone has a module-aware go command.
Instead, this CL teaches the old (non-module-aware) go command
a tiny amount about modules and their import paths, to expand
the options for authors who want to publish compatible packages.
If an author has a v2 of a package, say my/thing/v2/sub/pkg,
in the my/thing repo's sub/pkg subdirectory (no v2 in the file system path),
then old go get continues to import that package as my/thing/sub/pkg.
But when go get is processing code in any module (code in a tree with
a go.mod file) and encounters a path like my/thing/v2/sub/pkg,
it will check to see if my/thing/go.mod says "module my/thing/v2".
If so, the go command will read the import my/thing/v2/sub/pkg
as if it said my/thing/sub/pkg, which is the correct "old" import path
for the package in question.
This CL will be back-ported to Go 1.10 and Go 1.9 as well.
Once users have updated to the latest Go point releases containing
this new logic, authors will be able to update to using modules
within their own repos, including using semantic import paths
with vN path elements, and old go get will still be able to consume
those repositories.
This CL also makes "go get" ignore meta go-import lines using
the new "mod" VCS type. This allows a package to specify both
a "mod" type and a "git" type, to present more efficient module
access to module-aware go but still present a Git repo to the old
"go get".
Martin Möhrmann [Fri, 4 May 2018 04:54:18 +0000 (06:54 +0200)]
[release-branch.go1.10] strings: fix encoding of \u0080 in map
Fix encoding of PAD (U+0080) which has the same value as utf8.RuneSelf
being incorrectly encoded as \x80 in strings.Map due to using <= instead
of a < comparison operator to check one byte encodings for utf8.
Fixes golang/go#25479
Change-Id: Ib6c7d1f425a7ba81e431b6d64009e713d94ea3bc
Reviewed-on: https://go-review.googlesource.com/111286
Run-TryBot: Martin Möhrmann <moehrmann@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit 8c62fc0ca3c96ecbd3a6e81546aa8c53e32ff500)
Reviewed-on: https://go-review.googlesource.com/114635
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Filippo Valsorda [Fri, 25 May 2018 19:07:15 +0000 (15:07 -0400)]
[release-branch.go1.10] doc: sync with master
A number of changes were applied to documentation in master, including
a wide rewrite of the contribution guide. Backport them all to get them
deployed on golang.org.
Adam Langley [Wed, 16 May 2018 21:35:23 +0000 (14:35 -0700)]
[release-branch.go1.10] crypto/x509: check EKUs like 1.9.
This change brings back the EKU checking from 1.9. In 1.10, we checked
EKU nesting independent of the requested EKUs so that, after verifying a
certifciate, one could inspect the EKUs in the leaf and trust them.
That, however, was too optimistic. I had misunderstood that the PKI was
/currently/ clean enough to require that, rather than it being
desirable. Go generally does not push the envelope on these sorts of
things and lets the browsers clear the path first.
Ian Lance Taylor [Fri, 20 Apr 2018 21:43:17 +0000 (14:43 -0700)]
[release-branch.go1.10] misc/cgo/testcshared: use file descriptor 30 for TestUnexportedSymbols
Backport of CL 108537 to 1.10 release branch.
We were using file descriptor 100, which requires the Linux kernel to
grow the fdtable size. That step may sometimes require a long time,
causing the test to fail. Switch to file descriptor 30, which should
not require growing the fdtable.
Updates #23784
Fixes #25277
Change-Id: I9d25986f3b59bdeb04aa52407b24aa94712aedff
Reviewed-on: https://go-review.googlesource.com/111995
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Alex Brainman [Sat, 5 May 2018 05:28:56 +0000 (15:28 +1000)]
[release-branch.go1.10] crypto/tls: copy and use adjusted syscall.CertChainPolicyPara
As discussed in issue #21376, it is unsafe to have
syscall.CertChainPolicyPara.ExtraPolicyPara uintptr -
it has to be a pointer type. So copy syscall.CertChainPolicyPara
into crypto/tls package, make ExtraPolicyPara unsafe.Pointer,
and use new struct instead of syscall.CertChainPolicyPara.
James Cowgill [Wed, 28 Feb 2018 16:10:14 +0000 (16:10 +0000)]
[release-branch.go1.10] cmd/internal/obj/mips: load/store even float registers first
There is a bug in Octeon III processors where storing an odd floating
point register after it has recently been written to by a double
floating point operation will store the old value from before the double
operation (there are some extra details - the operation and store
must be a certain number of cycles apart). However, this bug does not
occur if the even register is stored first. Currently the bug only
happens on big endian because go always loads the even register first on
little endian.
Workaround the bug by always loading / storing the even floating point
register first. Since this is just an instruction reordering, it should
have no performance penalty. This follows other compilers like GCC which
will always store the even register first (although you do have to set
the ISA level to MIPS I to prevent it from using SDC1).
Fixes golang/go#24995
Change-Id: I5e73daa4d724ca1df7bf5228aab19f53f26a4976
Reviewed-on: https://go-review.googlesource.com/97735 Reviewed-by: Keith Randall <khr@golang.org>
(cherry picked from commit 423111081b87c6c4e61c4d94c94bfdf1853fa01f)
Reviewed-on: https://go-review.googlesource.com/110078
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Daniel Martí [Sat, 3 Mar 2018 19:53:53 +0000 (19:53 +0000)]
[release-branch.go1.10] cmd/internal/test2json: support subtests containing colons
The "updates" lines, such as RUN, do not contain a colon. However,
test2json looked for one anyway, meaning that it would be thrown off if
it encountered a line like:
=== RUN TestWithColons/[::1]
In that case, it must not use the first colon it encounters to separate
the action from the test name.
Fixes golang/go#25027
Change-Id: I82eff23e24b83dae183c0cf9f85fc5f409f51c25
Reviewed-on: https://go-review.googlesource.com/98445
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
(cherry picked from commit 0c5cfec84424bb453ccd270f4b5c439f21ccf617)
Reviewed-on: https://go-review.googlesource.com/110075
Run-TryBot: Andrew Bonventre <andybons@golang.org>
[release-branch.go1.10] cmd/go: fix go list .Stale computation
If X depends on Y and X was installed but Y is only present in the cache
(as happens when you "go install X") then we should report X as up-to-date,
not as stale.
This applies whether X is a package or a main binary.
Fixes golang/go#25026
Fixes golang/go#25032
Change-Id: I26a0b375b1f7f7ac909cc0db68e92f4e04529208
Reviewed-on: https://go-review.googlesource.com/107957
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Bryan C. Mills <bcmills@google.com>
(cherry picked from commit 9e0e6981fc536c9e51ce24c425141a3d09b39e3a)
Reviewed-on: https://go-review.googlesource.com/110076 Reviewed-by: Ian Lance Taylor <iant@golang.org>
Michael Hudson-Doyle [Wed, 4 Apr 2018 22:07:41 +0000 (10:07 +1200)]
[release-branch.go1.10] cmd/link: do not pass -no-pie to host linker when -linkshared is passed
As the comment above the code I'm changing says, when building with
-buildmode=exe, the default compiler flags produce code incompatible with PIE.
But when -linkshared is passed, the default compiler flags are not used so this
does not apply. And now I've found a system (linux/arm64 with glibc 2.27) where
this combination of flags causes a problem, albeit for reasons I don't really
understand, so stop passing -no-pie when -linkshared is passed.
Fixes golang/go#24873
Change-Id: I412ec7941dc0cb89e6d1b171fc29288aadcb9f20
Reviewed-on: https://go-review.googlesource.com/104815
Run-TryBot: Michael Hudson-Doyle <michael.hudson@canonical.com>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
(cherry picked from commit 2d26a65f8f1a6fcb0948803589061d99b94fa993)
Reviewed-on: https://go-review.googlesource.com/110035
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Keith Randall [Wed, 14 Mar 2018 22:21:37 +0000 (15:21 -0700)]
[release-branch.go1.10] runtime: identify special functions by flag instead of address
When there are plugins, there may not be a unique copy of runtime
functions like goexit, mcall, etc. So identifying them by entry
address is problematic. Instead, keep track of each special function
using a field in the symbol table. That way, multiple copies of
the same runtime function will be treated identically.
Fixes #24351
Fixes #23133
Change-Id: Iea3232df8a6af68509769d9ca618f530cc0f84fd
Reviewed-on: https://go-review.googlesource.com/100739
Run-TryBot: Keith Randall <khr@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-on: https://go-review.googlesource.com/102793
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Keith Randall <khr@golang.org>
A very small number of old browsers consider content as HTML
even when it is explicitly stated in the Content-Type header
that it is not. If content served is based on user-supplied
input, then an XSS is possible. Introduce three mitigations:
+ Don't reflect user input in error strings
+ Set a Content-Disposition header when requesting a resource
that should never be displayed in a browser window
+ Set X-Content-Type-Options: nosniff on all responses
Change-Id: I81c9d6736e0439ebd1db99cd7fb701cc56d24805
Reviewed-on: https://go-review.googlesource.com/102318
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/103218 Reviewed-by: Ian Lance Taylor <iant@golang.org>
Ian Lance Taylor [Wed, 28 Mar 2018 00:06:53 +0000 (17:06 -0700)]
[release-branch.go1.10] cmd/go: add more C compiler/linker options to whitelist
Fixes #23937
Change-Id: Ie63d91355d1a724d0012d99d457d939deeeb8d3e
Reviewed-on: https://go-review.googlesource.com/102818
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Bonventre <andybons@golang.org>
Reviewed-on: https://go-review.googlesource.com/103015
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Ian Lance Taylor [Sat, 17 Feb 2018 03:08:59 +0000 (19:08 -0800)]
[release-branch.go1.10] cmd/go: if -race, don't run coverage on runtime packages
Don't compile the runtime packages with coverage when using the race
detector. The user can, perhaps accidentally, request coverage for the
runtime by using -coverpkg=all. If using the race detector, the
runtime package coverage will call into the race detector before it
has been initialized. This will cause the program to crash
mysteriously on startup.
Fixes #23882
Change-Id: I9a63867a9138797d8b8afb0856ae21079accdb27
Reviewed-on: https://go-review.googlesource.com/94898
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Bonventre <andybons@golang.org>
Reviewed-on: https://go-review.googlesource.com/103095
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Adam Langley [Wed, 28 Feb 2018 19:35:54 +0000 (11:35 -0800)]
[release-branch.go1.10] crypto/x509: matching any requested EKU should be sufficient.
The documentation was unclear here and I misremembered the behaviour and
changed it in 1.10: it used to be that matching any EKU was enough but
1.10 requires that all EKUs match.
Restore 1.9 behaviour and clarify the documentation to make it official.
Hiroshi Ioka [Mon, 11 Dec 2017 23:59:01 +0000 (08:59 +0900)]
[release-branch.go1.10] go/internal/srcimporter: simplify and fix package file lookup
The old code was a blend of (copied) code that existed before go/build,
and incorrect adjustments made when go/build was introduced. This change
leaves package path determination entirely to go/build and in the process
fixes issues with relative import paths.
Fixes #23092
Fixes #24392
Change-Id: I9e900538b365398751bace56964495c5440ac4ae
Reviewed-on: https://go-review.googlesource.com/83415
Run-TryBot: Robert Griesemer <gri@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Robert Griesemer <gri@golang.org>
Reviewed-on: https://go-review.googlesource.com/102789
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Tobias Klauser [Thu, 15 Mar 2018 09:45:51 +0000 (10:45 +0100)]
[release-branch.go1.10] syscall: use Android O friendly fstatat syscall to implement Stat on linux/amd64
The Android O seccomp policy disallows the stat syscall on amd64, see
https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT
Use the fstatat syscall with AT_FDCWD and zero flags instead to achieve
the same behavior.
Fixes #24403
Change-Id: I36fc9ec9bc938cd8e9de30f66c0eb9d2e24debf6
Reviewed-on: https://go-review.googlesource.com/100878
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Elias Naur <elias.naur@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/102976
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Tobias Klauser [Thu, 15 Mar 2018 09:21:57 +0000 (10:21 +0100)]
[release-branch.go1.10] runtime: use Android O friendly faccessat syscall on linux/amd64
The Android O seccomp policy disallows the access syscall on amd64, see
https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT
Use the faccessat syscall with AT_FDCWD instead to achieve the same
behavior.
Updates #24403
Change-Id: I9db847c1c0f33987a3479b3f96e721fb9588cde2
Reviewed-on: https://go-review.googlesource.com/100877
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-on: https://go-review.googlesource.com/102995
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Jason A. Donenfeld [Thu, 8 Feb 2018 15:59:17 +0000 (16:59 +0100)]
[release-branch.go1.10] runtime: use Android O friendly syscalls on 64-bit machines
Android O disallows open on 64-bit, so let's use openat with AT_FDCWD to
achieve the same behavior.
Android O disallows epoll_wait on 64-bit, so let's use epoll_pwait with
the last argument as NULL to achieve the same behavior.
See here:
https://android.googlesource.com/platform/bionic/+/master/libc/seccomp/arm64_app_policy.cpp
https://android.googlesource.com/platform/bionic/+/master/libc/seccomp/mips64_app_policy.cpp
https://android.googlesource.com/platform/bionic/+/master/libc/seccomp/x86_64_app_policy.cpp
Fixes #23750
Change-Id: If8d5a663357471e5d2c1f516151344a9d05b188a
Reviewed-on: https://go-review.googlesource.com/92895 Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Austin Clements <austin@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/102792
Run-TryBot: Andrew Bonventre <andybons@golang.org>
The original code inserts "else{", deletes "else", and then positions
a new block just after the "}" that must come before the "else".
That works on gofmt'ed code, but fails if the code looks like "}else".
When there is no space between the "{" and the "else", the new block
is inserted into a location that we are deleting, leading to the
"overlapping edits" mentioned above.
This CL fixes this case by not deleting the "else" but just using the
one that is already there. That requires adjust the block offset to
come after the "{" that we insert.
Fixes #23927
Change-Id: I40ef592490878765bbce6550ddb439e43ac525b2
Reviewed-on: https://go-review.googlesource.com/98935
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Robert Griesemer <gri@golang.org>
Reviewed-on: https://go-review.googlesource.com/102786
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Consider the following:
type child struct{ Field string }
type parent struct{ child }
p := new(parent)
v := reflect.ValueOf(p).Elem().Field(0)
v.Field(0).SetString("hello") // v.Field = "hello"
v = v.Addr().Elem() // v = *(&v)
v.Field(0).SetString("goodbye") // v.Field = "goodbye"
It would appear that v.Addr().Elem() should have the same value, and
that it would be safe to set "goodbye".
However, after CL 66331, any interspersed calls between Field calls
causes the RO flag to be set.
Thus, setting to "goodbye" actually causes a panic.
That CL affects decodeState.indirect which assumes that back-to-back
Value.Addr().Elem() is side-effect free. We fix that logic to keep
track of the Addr() and Elem() calls and set v back to the original
after a full round-trip has occured.
Fixes #24152
Updates #24153
Change-Id: Ie50f8fe963f00cef8515d89d1d5cbc43b76d9f9c
Reviewed-on: https://go-review.googlesource.com/97796 Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/102784
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Adam Langley [Thu, 22 Feb 2018 20:05:29 +0000 (12:05 -0800)]
[release-branch.go1.10] crypto/x509: parse invalid DNS names and email addresses.
Go 1.10 requires that SANs in certificates are valid. However, a
non-trivial number of (generally non-WebPKI) certificates have invalid
strings in dnsName fields and some have even put those dnsName SANs in
CA certificates.
This change defers validity checking until name constraints are checked.
Joe Tsai [Fri, 23 Feb 2018 23:08:11 +0000 (15:08 -0800)]
[release-branch.go1.10] archive/zip: fix handling of Info-ZIP Unix extended timestamps
The Info-ZIP Unix1 extra field is specified as such:
>>>
Value Size Description
----- ---- -----------
0x5855 Short tag for this extra block type ("UX")
TSize Short total data size for this block
AcTime Long time of last access (GMT/UTC)
ModTime Long time of last modification (GMT/UTC)
<<<
The previous handling was incorrect in that it read the AcTime field
instead of the ModTime field.
The test-osx.zip test unfortunately locked in the wrong behavior.
Manually parsing that ZIP file shows that the encoded MS-DOS
date and time are 0x4b5f and 0xa97d, which corresponds with a
date of 2017-10-31 21:11:58, which matches the correct mod time
(off by 1 second due to MS-DOS timestamp resolution).
Fixes #23901
Change-Id: I567824c66e8316b9acd103dbecde366874a4b7ef
Reviewed-on: https://go-review.googlesource.com/96895
Run-TryBot: Joe Tsai <joetsai@google.com> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-on: https://go-review.googlesource.com/102782
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Ian Lance Taylor [Fri, 23 Feb 2018 18:34:01 +0000 (10:34 -0800)]
[release-branch.go1.10] runtime: don't check for String/Error methods in printany
They have either already been called by preprintpanics, or they can
not be called safely because of the various conditions checked at the
start of gopanic.
Fixes #24059
Change-Id: I4a6233d12c9f7aaaee72f343257ea108bae79241
Reviewed-on: https://go-review.googlesource.com/96755 Reviewed-by: Austin Clements <austin@google.com>
Reviewed-on: https://go-review.googlesource.com/102781
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Adam Langley [Thu, 22 Feb 2018 20:30:44 +0000 (12:30 -0800)]
[release-branch.go1.10] crypto/x509: tighten EKU checking for requested EKUs.
There are, sadly, many exceptions to EKU checking to reflect mistakes
that CAs have made in practice. However, the requirements for checking
requested EKUs against the leaf should be tighter than for checking leaf
EKUs against a CA.
Ian Lance Taylor [Thu, 15 Feb 2018 23:57:13 +0000 (15:57 -0800)]
[release-branch.go1.10] cmd/go: restrict meta imports to valid schemes
Before this change, when using -insecure, we permitted any meta import
repo root as long as it contained "://". When not using -insecure, we
restrict meta import repo roots to be valid URLs. People may depend on
that somehow, so permit meta import repo roots to be invalid URLs, but
require them to have valid schemes per RFC 3986.
Fixes #23867
Change-Id: Iac666dfc75ac321bf8639dda5b0dba7c8840922d
Reviewed-on: https://go-review.googlesource.com/94603 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-on: https://go-review.googlesource.com/102778
Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>