gostls13.git log

commit d571a77846dfee8efd076223a882915cd6cb52f4 [browse]
Author: Alexander Rakoczy
Date: 2020-08-06 10:07:05 -04:00

[release-branch.go1.14-security] go1.14.7

Change-Id: Ifad33b3ca723231ef1c80ff01db90fd35e322f3d
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/814548
Reviewed-by: Katie Hockman <katiehockman@google.com>

commit 51bb041f7cf17c5e8e10a7307521625437687b04 [browse]
Author: Katie Hockman
Date: 2020-08-04 11:45:32 -04:00

[release-branch.go1.14-security] encoding/binary: read at most MaxVarintLen64 bytes in ReadUvarint

This CL ensures that ReadUvarint consumes only a limited
amount of input (instead of an unbounded amount).

On some inputs, ReadUvarint could read an arbitrary number
of bytes before deciding to return an overflow error.
After this CL, ReadUvarint returns that same overflow
error sooner, after reading at most MaxVarintLen64 bytes.

Fix authored by Robert Griesemer and Filippo Valsorda.

Thanks to Diederik Loerakker, Jonny Rhea, Raúl Kripalani,
and Preston Van Loon for reporting this.

Fixes CVE-2020-16845

Change-Id: Ie0cb15972f14c38b7cf7af84c45c4ce54909bb8f
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/812099
Reviewed-by: Filippo Valsorda <valsorda@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/812326

commit edfd6f28486017dcb136cd3f3ec252706d4b326e [browse]
Author: Andrew Bonventre
Date: 2020-07-16 17:41:54 -04:00

[release-branch.go1.14] go1.14.6

Change-Id: If9f503098056bd86b2bf51e3297b1bcecd8453bb
Reviewed-on: https://go-review.googlesource.com/c/go/+/243138
Run-TryBot: Andrew Bonventre <andybons@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>

commit 3445c3512b1db3915f0eaebaa4b4ee9b98d6966f [browse]
Author: Jean de Klerk
Date: 2020-06-01 12:19:05 -06:00

[release-branch.go1.14] testing: capture testname on --- PASS and --- FAIL lines

This fixes an issue raised at https://github.com/golang/go/issues/38458#issuecomment-635617670
in which --- PASS and --- FAIL lines would not trigger --- CONT lines
of other tests.

Updates #38458.
For #39308.

Change-Id: I0d8cc54d682a370d0a6ea6816a11b2e462a92efe
Reviewed-on: https://go-review.googlesource.com/c/go/+/235997
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/242058
Reviewed-by: Jean de Klerk <deklerk@google.com>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>

commit 4298b46e23c0b37d9ab32eaf109b15d55d66667e [browse]
Author: Tobias Klauser
Date: 2020-05-24 00:09:20 +02:00

[release-branch.go1.14] cmd/go: fix parallel chatty tests on solaris-amd64 builder

The parallel chatty tests added in CL 229085 fail on the
solaris-amd64-oraclerel builder, because a +NN:NN offset time zone is
used. Allow for the `+` character in the corresponding regex to fix
these tests. Also move the '-' to the end of the character class, so it
is not interpreted as the range 9-T.

Updates #38458.
For #39308.

Change-Id: Iec9ae82ba45d2490176f274f0dc6812666eae718
Reviewed-on: https://go-review.googlesource.com/c/go/+/234978
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/go/+/242059
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>

clone the repository to get more history