gostls13.git log

commit efa061d9f5d52846dfc3dda40eaf8eccfeeae8d2 [browse]
Author: Andrew Bonventre
Date: 2019-05-06 16:27:32 -04:00

[release-branch.go1.11] go1.11.10

Change-Id: Id0cb0233c689fd97aa37870126d19b472bd1b85d
Reviewed-on: https://go-review.googlesource.com/c/go/+/175445
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

commit f0ae47422275f06667fc1ae24ff8c2a84a5371fb [browse]
Author: Andrew Bonventre
Date: 2019-05-06 15:59:07 -04:00

[release-branch.go1.11] doc: document Go 1.11.10

Change-Id: Icca4495f727e3921b717a4bbb441cd832d321d46
Reviewed-on: https://go-review.googlesource.com/c/go/+/175439
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit e1f9e701be094741b234320cc49b8776cce27c3f)
Reviewed-on: https://go-review.googlesource.com/c/go/+/175442
Reviewed-by: Andrew Bonventre <andybons@golang.org>

commit 1bebc53bc3c200890dd5f03cbd67fbe1023156d1 [browse]
Author: Jason A. Donenfeld
Date: 2019-03-06 19:26:29 +01:00

[release-branch.go1.11] runtime: safely load DLLs

While many other call sites have been moved to using the proper
higher-level system loading, these areas were left out. This prevents
DLL directory injection attacks. This includes both the runtime load
calls (using LoadLibrary prior) and the implicitly linked ones via
cgo_import_dynamic, which we move to our LoadLibraryEx. The goal is to
only loosely load kernel32.dll and strictly load all others.

Meanwhile we make sure that we never fallback to insecure loading on
older or unpatched systems.

This is CVE-2019-9634.

Fixes #30989
Updates #14959
Updates #28978
Updates #30642

Change-Id: I401a13ed8db248ab1bb5039bf2d31915cac72b93
Reviewed-on: https://go-review.googlesource.com/c/go/+/165798
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
(cherry picked from commit 9b6e9f0c8c66355c0f0575d808b32f52c8c6d21c)
Reviewed-on: https://go-review.googlesource.com/c/go/+/175378
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Andrew Bonventre <andybons@golang.org>

commit 5ee175e682980b02a33c673a6b54301032b762ab [browse]
Author: Ian Lance Taylor
Date: 2019-04-19 09:50:01 -07:00

[release-branch.go1.11] cmd/link: require cgo support for TestSectionsWithSameName

The test doesn't really require cgo, but it does require that we know
the right flags to use to run the C compiler, and that is not
necessarily correct if we don't support cgo.

Fixes #31565

Change-Id: I04dc8db26697caa470e91ad712376aa621cf765d
Reviewed-on: https://go-review.googlesource.com/c/go/+/172981
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
(cherry picked from commit 4c236b9b097882f3aef8116e1ac9f65463bf6f01)
Reviewed-on: https://go-review.googlesource.com/c/go/+/173118

commit 01c8062308e2c8cf0fe7b1577318f2227771ebf5 [browse]
Author: Ian Lance Taylor
Date: 2019-04-17 22:41:51 -07:00

[release-branch.go1.11] cmd/link: don't fail if multiple ELF sections have the same name

New versions of clang can generate multiple sections named ".text"
when using vague C++ linkage. This is valid ELF, but would cause the
Go linker to report an error when using internal linking:
    symbol PACKAGEPATH(.text) listed multiple times
Avoid the problem by renaming section symbol names if there is a name
collision.

Change-Id: I41127e95003d5b4554aaf849177b3fe000382c02
Reviewed-on: https://go-review.googlesource.com/c/go/+/172697
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
(cherry picked from commit 3235f7c0720338a160debe6e9c632b8af968b4dd)
Reviewed-on: https://go-review.googlesource.com/c/go/+/172702

clone the repository to get more history