When reading the counter data files from a given pod, close the
underlying *os.File immediately after each one is read, as opposed to
using a deferred close in the loop (which will close them all at the
end of the function). Doing things this way avoids running into "too
many open files" when processing large clumps of counter data files.
Fixes#68491.
Updates #68468.
Change-Id: Ic1fe1d36c44d3f5d7318578cd18d0e65465d71d9
Reviewed-on: https://go-review.googlesource.com/c/go/+/598735
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 355711821eea51c6456a31ab61d0dc2e9db034f7)
Reviewed-on: https://go-review.googlesource.com/c/go/+/599055
The mem address should be regarded as uint32.
Fixes#68474
Change-Id: Icee38d11f2d93eeca7d50b2e133159e321daeb90
GitHub-Last-Rev: c2568b104369bcf5c4d42c6281d235a52bb9675f
GitHub-Pull-Request: golang/go#68400
Reviewed-on: https://go-review.googlesource.com/c/go/+/597955
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 90c6558b6acef5a9b9fb8f3c35cff58423c8b00e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/598995
When -covermode is set to atomic, instrumented packages need to import
sync/atomic. If this is not already imported by a package being
instrumented, the build needs to ensure that sync/atomic is compiled
whenever 'go list' is run in a way that triggers package builds.
The build config was already being made to ensure the import, but only
after the action graph had been created, so there was no guarantee that
sync/atomic would be built when needed.
For #65264
For #68212Fixes#68221
Change-Id: Ib3f1e102ce2ef554ea08330d9db69a8c98790ac5
Reviewed-on: https://go-review.googlesource.com/c/go/+/560236
Run-TryBot: Bryan Mills <bcmills@google.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
(cherry picked from commit ac08c05d4daa11957fcada6db33f2150936bac27)
Reviewed-on: https://go-review.googlesource.com/c/go/+/595495
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
When sending a request with an "Expect: 100-continue" header,
we must send the request body before sending any further requests
on the connection.
When receiving a non-1xx response to an "Expect: 100-continue" request,
send the request body if the connection isn't being closed after
processing the response. In other words, if either the request
or response contains a "Connection: close" header, then skip sending
the request body (because the connection will not be used for
further requests), but otherwise send it.
Correct a comment on the server-side Expect: 100-continue handling
that implied sending the request body is optional. It isn't.
For #67555Fixes#68199
Change-Id: Ia2f12091bee697771087f32ac347509ec5922d54
Reviewed-on: https://go-review.googlesource.com/c/go/+/591255
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
(cherry picked from commit cf501e05e138e6911f759a5db786e90b295499b9)
Reviewed-on: https://go-review.googlesource.com/c/go/+/595096
Reviewed-by: Joedian Reid <joedian@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
callbackUpdateSystemStack contains a fast path to exit early without
update if SP is already within the g0.stack bounds.
This is not safe, as a subsequent call may have new stack bounds that
only partially overlap the old stack bounds. In this case it is possible
to see an SP that is in the old stack bounds, but very close to the
bottom of the bounds due to the partial overlap. In that case we're very
likely to "run out" of space on the system stack.
We only need to do this on extra Ms, as normal Ms have precise bounds
defined when we allocated the stack.
TSAN annotations are added to x_cgo_getstackbounds because bounds is a
pointer into the Go stack. The stack can be reused when an old thread
exits and a new thread starts, but TSAN can't see the synchronization
there. This isn't a new case, but we are now calling more often.
For #62440.
Fixes#67297.
Cq-Include-Trybots: luci.golang.try:go1.21-linux-amd64-longtest
Change-Id: I5389050494987b7668d0b317fb92f85e61d798ac
Reviewed-on: https://go-review.googlesource.com/c/go/+/584597
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 1ffc296717ba27d5ca5dd9a81439a49367363c89)
Reviewed-on: https://go-review.googlesource.com/c/go/+/585337
CL 589295 only made one of the two tests short, because the other one
seemed to be passing consistently in short mode. On the builders, it
seems to still fail maybe 30% of the time by taking too long. Disable
these tests in short mode.
This CL was merged with CL 589295 before cherry-picking.
For #67698.
Fixes#67714.
Change-Id: I9fd047f834f7493b608dd1fee5b9b6dfabbea03d
Cq-Include-Trybots: luci.golang.try:go1.21-linux-amd64-clang15,go1.21-linux-386-clang15
Reviewed-on: https://go-review.googlesource.com/c/go/+/589495
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Commit-Queue: Michael Knyszek <mknyszek@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/591378
For whatever reason, on the builders, when using /usr/bin/ld (the
default linker) with -flto we end up with problems. Specifically, the
linker seems to require LLVMgold.so and can't find it. I'm not really
sure why, but what definitely seems to work is forcing use of lld, which
ships with our clang installation on the builders.
Just enforce this on the builders for now; I've actually had very few
problems running this locally (and I think I'm also mixing and matching
linkers and toolchains too...), so it may be related to the version of
clang we're testing with.
For #67698.
For #67714.
Change-Id: I3bfbcd609e7d0fd70e52ac7e2a0817db95664f20
Cq-Include-Trybots: luci.golang.try:go1.21-linux-amd64-clang15,go1.21-linux-386-clang15
Reviewed-on: https://go-review.googlesource.com/c/go/+/589296
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/go/+/591377
Currently the runtime.end symbol is put into the noptrbss section,
which is usually the last section, except that when fuzzing is
enabled, the last section is actually .go.fuzzcntrs. The
runtime.end symbol has the value pointing to the end of the data
segment, so if it is not in the last section, the value will not
actually be in the range of the section. This causes an assertion
failure in the new Apple linker. This CL fixes this by putting it
in the last section.
Updates #65169.
Fixes#67944.
Change-Id: I5c991c46a0483a96e5f6e0255a3b444953676026
Reviewed-on: https://go-review.googlesource.com/c/go/+/592095
Reviewed-by: Than McIntosh <thanm@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit b589478af7f4b09cc9c4d5f76fbbf5cad2b2b7bb)
Reviewed-on: https://go-review.googlesource.com/c/go/+/592477
Previously, go would not report retractions of dependencies that have a
newer version of Go. With this change, we will still display retractions despite a version difference when go list -u -m is used.
For: #66403Fixes: #68051
Change-Id: I6406680235e294269836ae4cbe3d5680ca10eea0
Reviewed-on: https://go-review.googlesource.com/c/go/+/588775
Auto-Submit: Sam Thanawalla <samthanawalla@google.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit e44fa1c1a9139ad457d8fa84a68afa3f40e7732a)
Reviewed-on: https://go-review.googlesource.com/c/go/+/593375
It reportedly breaks the DNS server on some modems.
For #6464
For #21160
For #44135
For #51127
For #51153
For #67925Fixes#67933
Change-Id: I54a11906159f00246d08a54cc8be7327e9ebfd2c
Reviewed-on: https://go-review.googlesource.com/c/go/+/591995
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
(cherry picked from commit ee4a42bd583b8594e97f1833c4b4c6e6428d9227)
Reviewed-on: https://go-review.googlesource.com/c/go/+/592235
Commit-Queue: Ian Lance Taylor <iant@google.com>
In CL 536715 we're changing the gofrontend export data to report
"any" as a builtin type. This permits us to distinguish the builtin
type from some other package-level type "any". That requires an update
to this code.
Fixes#67849
Change-Id: I91d75a056a155fa9892c4b25ab396cb4d39cc8e4
Reviewed-on: https://go-review.googlesource.com/c/go/+/537195
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
(cherry picked from commit b8ac61e6e64c92f23d8cf868a92a70d13e20a124)
Reviewed-on: https://go-review.googlesource.com/c/go/+/592216
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
In all of the Is* methods, check if the address is a v6 mapped v4
address, and unmap it if so.
Thanks to Enze Wang of Alioth (@zer0yu) and Jianjun Chen of Zhongguancun
Lab (@chenjj) for reporting this issue.
Fixes#67680Fixes#67681
Fixes CVE-2024-24790
Change-Id: I6bd03ca1a5d93a0b59027d861c84060967b265b0
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1460
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit f7f270c1621fdc7ee48e0487b2fac0356947d19b)
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1500
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/590315
Auto-Submit: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
Since all the platforms now support O_DIRECTORY flag for open, it can be
used to (together with O_NOFOLLOW) to ensure we open a directory, thus
eliminating the need to call stat before open. This fixes the symlink race,
when a directory is replaced by a symlink in between stat and open calls.
While at it, rename openFdAt to openDirAt, because this function is (and was)
meant for directories only.
NOTE Solaris supports O_DIRECTORY since before Solaris 11 (which is the
only version Go supports since supported version now), and Illumos
always had it. The only missing piece was O_DIRECTORY flag value, which
is taken from golang.org/x/sys/unix.
Fixes#67695.
Change-Id: Ic1111d688eebc8804a87d39d3261c2a6eb33f176
Reviewed-on: https://go-review.googlesource.com/c/go/+/589057
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
When scanning for an end of central directory record,
treat an EOCDR signature with a record containing a truncated
comment as an error. Previously, we would skip over the invalid
record and look for another one. Other implementations do not
do this (they either consider this a hard error, or just ignore
the truncated comment). This parser misalignment allowed
presenting entirely different archive contents to Go programs
and other zip decoders.
For #66869Fixes#67553
Change-Id: I94e5cb028534bb5704588b8af27f1e22ea49c7c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/585397
Reviewed-by: Joseph Tsai <joetsai@digital-static.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 33d725e5758bf1fea62e6c77fc70b57a828a49f5)
Reviewed-on: https://go-review.googlesource.com/c/go/+/588795
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Currently freeSpan is called before large object stats are updated when
sweeping large objects. This means heapStats.inHeap might get subtracted
before the large object is added to the largeFree field. The end result
is that the /memory/classes/heap/unused:bytes metric, which subtracts
live objects (alloc-free) from inHeap may overflow.
Fix this by always updating the large object stats before calling
freeSpan.
For #67019.
Fixes#67187.
Change-Id: Ib02bd8dcd1cf8cd1bc0110b6141e74f678c10445
Reviewed-on: https://go-review.googlesource.com/c/go/+/583380
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Felix Geisendörfer <felix.geisendoerfer@datadoghq.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
(cherry picked from commit 36d32f68f41561fb64677297e3733f5d5b866c2a)
Reviewed-on: https://go-review.googlesource.com/c/go/+/584337
Also confirm that setting the location actually worked before
proceeding with the rest of the test.
This fixes a test failure with git versions older than 2.32.0.
For #53955.
For #64603.
Fixes#64586
Change-Id: I1a954975a3d8300e8b4dca045d3a15438a0407ec
Reviewed-on: https://go-review.googlesource.com/c/go/+/548215
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
Run-TryBot: Bryan Mills <bcmills@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/585816
Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
gitRepo.statLocal reports tag and version information.
If we are statting a hash that corresponds to a tag, we need to add that tag
before calling statLocal so that it can be included in that information.
For #53955.
For #56881.
For #64586
Change-Id: I69a71428e6ed9096d4cb8ed1bb79531415ff06c1
Reviewed-on: https://go-review.googlesource.com/c/go/+/547155
Auto-Submit: Bryan Mills <bcmills@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
(cherry picked from commit 7b5a3733fce46aa44449c5ba28876f5a1e630650)
Reviewed-on: https://go-review.googlesource.com/c/go/+/585815
Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
The gotoolchain_issue66175 script test would fail if a binary named
go1.21 or go1.22 was present in the system PATH. Clear the path at the
beginning of the test to make it independent of the system path.
For #67277Fixes#67310
Change-Id: I6d9133aee5b20ab116e07b659e8ecf3eb8add4ed
Reviewed-on: https://go-review.googlesource.com/c/go/+/584258
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
(cherry picked from commit a0a6026bb176d25401d7d188f95c1fe769d71db8)
Reviewed-on: https://go-review.googlesource.com/c/go/+/584935
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
... if the architecture can't do unaligned loads.
We already handle this in a few places, but this particular place
was added in CL 399542 and missed this additional restriction.
Fixes#67164
(Reroll of CL 583303)
Change-Id: Id067cc2e39d7d199672f2017f7f53991fb23f8d4
Reviewed-on: https://go-review.googlesource.com/c/go/+/583799
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
This CL modifies the download behavior when downloading a toolchain for 1.21+. Previously, Go would attempt to download 1.X when upgrading the toolchain which would cause the download to fail for 1.21+ since 1.X is an invalid toolchain. We will attempt to download 1.X.0 since that's likely what the user intended.
Additionally, we will also now provide a better error message when the
user provides a language version instead of a toolchain version for
1.21+.
For #66175
For #62278Fixes#67235
Change-Id: I28f894290a19d8e3cd220e9d70aeca8f4447e5a1
Reviewed-on: https://go-review.googlesource.com/c/go/+/580217
Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 27ed85d4d1702e868730ab6ea2ad6326988c615c)
Reviewed-on: https://go-review.googlesource.com/c/go/+/583797
The darwin linker allows setting the LTO library with the -lto_library
flag. This wasn't caught by our "safe linker flags" check because it
was covered by the -lx flag used for linking libraries. This change
adds a specific check for excluded flags which otherwise satisfy our
existing checks.
Loading a mallicious LTO library would allow an attacker to cause the
linker to execute abritrary code when "go build" was called.
Thanks to Juho Forsén of Mattermost for reporting this issue.
Fixes#67119Fixes#67121
Fixes CVE-2024-24787
Change-Id: I77ac8585efbdbdfd5f39c39ed623b9408a0f9eaf
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1380
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit 9a79141fbbca1105e5c786f15e38741ca7843290)
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1401
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/583795
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This reverts CL 583303.
Reason for revert: release branch is currently frozen.
Change-Id: Icbdb73b5b40690a875497dd0dc57ca84c728ef6f
Reviewed-on: https://go-review.googlesource.com/c/go/+/582961
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
... if the architecture can't do unaligned loads.
We already handle this in a few places, but this particular place
was added in CL 399542 and missed this additional restriction.
Fixes#67164
Change-Id: I45988f11ff3ed45df1c4da3f0931ab1fdb22dbfe
Reviewed-on: https://go-review.googlesource.com/c/go/+/583175
Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Auto-Submit: Keith Randall <khr@google.com>
Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Derek Parker <parkerderek86@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
(cherry picked from commit 3c72dd513c30df60c0624360e98a77c4ae7ca7c8)
Reviewed-on: https://go-review.googlesource.com/c/go/+/583303
Done with:
go get golang.org/x/net@internal-branch.go1.21-vendor
go mod tidy
go mod vendor
go generate net/http # zero diff since CL 576075 already did this
For CVE-2023-45288.
For #65051.
For #65387.
Change-Id: I336670bdb3df2496c1e8d322c20794042fbc0d02
Reviewed-on: https://go-review.googlesource.com/c/go/+/576275
TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Disable cmd/internal/moddeps test, since this update includes PRIVATE
track fixes.
Fixes CVE-2023-45288
For #65051Fixes#65387
Change-Id: I17da6da2fe0dd70062b49f94377875acb34829a1
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2197267
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/576075
TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
Commit-Queue: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Pulls in one HTTP/2 fix:
0b0455d2c9 http2: reject DATA frames after 1xx and before final headers
For golang/go#65927Fixesgolang/go#66254
Change-Id: I257b2634f63e8c6039c44dea24c345043c23c8d2
Reviewed-on: https://go-review.googlesource.com/c/go/+/574916
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
[This is a re-apply of CL 571075]
Imported interfaces don't have position information for embedded types.
When computing the type set of such interfaces, doing a version check
may fail because it will rely on the Go version of the current package.
We must not do a version check for features of types from imported
packages - those types have already been typechecked and are "correct".
The version check code does look at packages to avoid such incorrect
version checks, but we don't have the package information available
in an interface type (divorced from its object).
Instead, for now rely on the fact that imported interfaces don't have
position information for embedded types: if the position is unknown,
don't do a version check.
We may want to assert that positions are known in all other cases,
but since this is an older release, don't add such additional changes
to avoid introducing other bugs.
Fixes#66326.
Updates #66064.
Change-Id: I158cf51aa382f85d612ab958ba4b591de1c5fdb2
Reviewed-on: https://go-review.googlesource.com/c/go/+/574736
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
The runtime.elf_* symbols are assembly functions which are used
to support the gcc/llvm -Os option when used with cgo.
When compiling Go for shared code, we attempt to strip out the
TOC regenation code added by the go assembler for these symbols.
This causes the symbol to no longer appear as an assembly
function which causes problems later on when handling other
implicit symbols.
Avoid adding a TOC regeneration prologue to these functions
to avoid this issue.
Fixes#66411
Change-Id: Icbf8e4438d177082a57bb228e39b232e7a0d7ada
Reviewed-on: https://go-review.googlesource.com/c/go/+/571835
Reviewed-by: Than McIntosh <thanm@google.com>
Run-TryBot: Paul Murphy <murp@ibm.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Lynn Boger <laboger@linux.vnet.ibm.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/go/+/572876
This reverts CL 571075.
Reason for revert: We might want to do a security-only minor release. Back off the release branch to a clean state from the previous minor release. Sorry for the inconvenience.
Change-Id: Ifc8c7e00e6faea3aa547b883eed44180ddb447de
Reviewed-on: https://go-review.googlesource.com/c/go/+/571355
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Robert Findley <rfindley@google.com>
Imported interfaces don't have position information for embedded types.
When computing the type set of such interfaces, doing a version check
may fail because it will rely on the Go version of the current package.
We must not do a version check for features of types from imported
packages - those types have already been typechecked and are "correct".
The version check code does look at packages to avoid such incorrect
version checks, but we don't have the package information available
in an interface type (divorced from its object).
Instead, for now rely on the fact that imported interfaces don't have
position information for embedded types: if the position is unknown,
don't do a version check.
We may want to assert that positions are known in all other cases,
but since this is an older release, don't add such additional changes
to avoid introducing other bugs.
Fixes#66064.
Change-Id: I773d57e5410c3d4a911ab3e018b3233c2972b3c9
Reviewed-on: https://go-review.googlesource.com/c/go/+/571075
Reviewed-by: Robert Findley <rfindley@google.com>
Auto-Submit: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Robert Griesemer <gri@google.com>
mime/multipart.Reader.ReadForm allows specifying the maximum amount
of memory that will be consumed by the form. While this limit is
correctly applied to the parsed form data structure, it was not
being applied to individual header lines in a form.
For example, when presented with a form containing a header line
that never ends, ReadForm will continue to read the line until it
runs out of memory.
Limit the amount of data consumed when reading a header.
Fixes CVE-2023-45290
Fixes#65389
For #65383
Change-Id: I7f9264d25752009e95f6b2c80e3d76aaf321d658
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2134435
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2173776
Reviewed-by: Carlos Amedee <amedee@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/569240
Auto-Submit: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
When deciding whether to forward cookies or sensitive headers
across a redirect, do not attempt to interpret an IPv6 address
as a domain name.
Avoids a case where a maliciously-crafted redirect to an
IPv6 address with a scoped addressing zone could be
misinterpreted as a within-domain redirect. For example,
we could interpret "::1%.www.example.com" as a subdomain
of "www.example.com".
Thanks to Juho Nurminen of Mattermost for reporting this issue.
Fixes CVE-2023-45289
Fixes#65385
For #65065
Change-Id: I8f463f59f0e700c8a18733d2b264a8bcb3a19599
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2131938
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2173775
Reviewed-by: Carlos Amedee <amedee@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/569239
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
alreadyInChain assumes all keys fit a interface which contains the
Equal method (which they do), but this ignores that certificates may
have a nil key when PublicKeyAlgorithm is UnknownPublicKeyAlgorithm. In
this case alreadyInChain panics.
Check that the key is non-nil as part of considerCandidate (we are never
going to build a chain containing UnknownPublicKeyAlgorithm anyway).
For #65390Fixes#65392
Fixes CVE-2024-24783
Change-Id: Ibdccc0a487e3368b6812be35daad2512220243f3
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2137282
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2173774
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Carlos Amedee <amedee@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/569238
Auto-Submit: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Escape "</script" and "<!--" in errors returned from MarshalJSON errors
when attempting to marshal types in script blocks. This prevents any
user controlled content from prematurely terminating the script block.
Updates #65697Fixes#65968
Change-Id: Icf0e26c54ea7d9c1deed0bff11b6506c99ddef1b
Reviewed-on: https://go-review.googlesource.com/c/go/+/564196
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
(cherry picked from commit ccbc725f2d678255df1bd326fa511a492aa3a0aa)
Reviewed-on: https://go-review.googlesource.com/c/go/+/567515
Reviewed-by: Carlos Amedee <carlos@golang.org>
Also fix its call site in internal/poll to pass the length of the
actual buffer instead of an unrelated variable, and update the
definition of FILE_BASIC_INFO to match the documented field types
and add padding that is empirically needed on the 386 architecture.
Passing a pointer to a Go-allocated buffer as type uintptr violates
the unsafe.Pointer conversion rules, which allow such a conversion
only in the call expression itself for a call to syscall.Syscall or
equivalent. That can allow the buffer to be corrupted arbitrarily if
the Go runtime happens to garbage-collect it while the call to
SetFileInformationByHandle is in progress.
The Microsoft documentation for SetFileInformationByHandle specifies
its third argument type as LPVOID, which corresponds to Go's
unsafe.Pointer, not uintptr.
Fixes#65882.
Updates #58933.
Change-Id: If577b57adea9922f5fcca55e46030c703d8f035c
Cq-Include-Trybots: luci.golang.try:go1.21-windows-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/549256
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
(cherry picked from commit a7097243e462802f3055da9f843013e450a75092)
Reviewed-on: https://go-review.googlesource.com/c/go/+/566155
Reviewed-by: Bryan Mills <bcmills@google.com>
Fixes a couple of misalignments with RFC 5322 which introduce
significant diffs between (mostly) conformant parsers.
This change reverts the changes made in CL50911, which allowed certain
special RFC 5322 characters to appear unquoted in the "phrase" syntax.
It is unclear why this change was made in the first place, and created
a divergence from comformant parsers. In particular this resulted in
treating comments in display names incorrectly.
Additionally properly handle trailing malformed comments in the group
syntax.
For #65083Fixes#65848
Change-Id: I00dddc044c6ae3381154e43236632604c390f672
Reviewed-on: https://go-review.googlesource.com/c/go/+/555596
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/566195
Reviewed-by: Carlos Amedee <carlos@golang.org>
This change fixes a bug where we incorrectly filtered out the main
modules from the beginning of the build list before verifying them. We
made the assumption that the first MainModules.Len() entries of the
build list were the main modules, but now it can contain the go and
toolchain version entries, so removing the first MainModules.Len()
entries could leave main module names in the build list if any of
their names sorted after the string 'go'.
For #62663Fixes#65851
Change-Id: I35ab6857a556f58d306303322afe24c48fc8b38f
Reviewed-on: https://go-review.googlesource.com/c/go/+/565378
Reviewed-by: Bryan Mills <bcmills@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 3f60da7944352d7f2d4a04830c0612457643016c)
Reviewed-on: https://go-review.googlesource.com/c/go/+/565755
Run-TryBot: Michael Matloob <matloob@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Also add a check that we didn't leave any core files behind.
For #65476.
Fixes#65478.
Change-Id: I30444ef43ad1a8cc1cacd3b75280f2128e104939
Reviewed-on: https://go-review.googlesource.com/c/go/+/525175
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Keith Randall <khr@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@golang.org>
(cherry picked from commit cffdfe8d2cabbe874bceaeed1eba92cc567be6db)
Reviewed-on: https://go-review.googlesource.com/c/go/+/560896
Pending a resolution to #65606, this CL marks clang's ASAN runtime as
unable to symbolize stack traces to unblock the LUCI clang builder.
For #65606.
For #65469.
Fixes#65640.
Change-Id: I649773085aff30e5703e7f7ac2c72a0430a015c2
Cq-Include-Trybots: luci.golang.try:go1.21-linux-amd64-clang15
Reviewed-on: https://go-review.googlesource.com/c/go/+/562675
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit d94ab597af9b3f8e8ba371023314d80f6b3be5a5)
Reviewed-on: https://go-review.googlesource.com/c/go/+/562999
This change updates the testenv tests to correctly match on future LUCI
builder names for mobile builders. This isn't a problem today because
those haven't been set up yet, but the builder names are structured and
it's clear where the modifiers will appear. Might as well set them up
now.
For #65473.
Fixes#65475.
Change-Id: I244b88a62a90312c0f3ff2360527d58531070362
Reviewed-on: https://go-review.googlesource.com/c/go/+/558597
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 5c7c24ce827b10982245951f6c2b1bbf0abc5aae)
Reviewed-on: https://go-review.googlesource.com/c/go/+/560895
testenv's TestHasGoBuild test is supposed to allow noopt builders to not
have go build, but the pattern match is failing on the LUCI builders
where a test shard might have an additional "-test_only" suffix in the
builder name. Furthermore, in the LUCI world, "run mods" (the builder
type suffixes) are supposed to be well-defined and composable, so it
doesn't make sense to restrict "-noopt" to the builder suffix anyway.
This change modifies the test to allow "-noopt" to appear anywhere in
the builder name when checking if it's running on a noopt builder.
For #65470.
Fixes#65472.
Change-Id: I393818e3e8e452c7b0927cbc65726d552aa8ff8e
Reviewed-on: https://go-review.googlesource.com/c/go/+/558596
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
(cherry picked from commit 93f0c0b25e7ea8ae7c2d5df32c6083cfabf2ffc2)
Reviewed-on: https://go-review.googlesource.com/c/go/+/560518
