gostls13.git log

commit c580180744e60d6c84fc0b59d634fcff01290780 [browse]
Author: Michael Anthony Knyszek
Date: 2021-10-07 14:45:12 -04:00

[release-branch.go1.16] go1.16.9

Change-Id: I7328dd94a85b97ec8c3ecf4f56eca9c56a6d806e
Reviewed-on: https://go-review.googlesource.com/c/go/+/354593
Trust: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>

commit 4548fcc8dfd933c237f29bba6f90040a85922564 [browse]
Author: Michael Knyszek
Date: 2021-09-02 16:51:59 -04:00

[release-branch.go1.16] misc/wasm, cmd/link: do not let command line args overwrite global data

On Wasm, wasm_exec.js puts command line arguments at the beginning
of the linear memory (following the "zero page"). Currently there
is no limit for this, and a very long command line can overwrite
the program's data section. Prevent this by limiting the command
line to 4096 bytes, and in the linker ensuring the data section
starts at a high enough address (8192).

(Arguably our address assignment on Wasm is a bit confusing. This
is the minimum fix I can come up with.)

Thanks to Ben Lubar for reporting this issue.

Change by Cherry Mui <cherryyz@google.com>.

For #48797
Fixes #48799
Fixes CVE-2021-38297

Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1205933
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/354591
Trust: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>

commit 7d573240307331c2dc9edfbb11ebbaa6bc677e99 [browse]
Author: Ian Lance Taylor
Date: 2021-09-17 12:27:23 -07:00

[release-branch.go1.16] text/template: initialize template before locking it

For #39807
For #48436
Fixes #48443

Change-Id: I75f82fd8738dd2f11f0c69b1230e1be1abc36024
Reviewed-on: https://go-review.googlesource.com/c/go/+/350730
Trust: Ian Lance Taylor <iant@golang.org>
Trust: Daniel Martí <mvdan@mvdan.cc>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
(cherry picked from commit ba1c52d7d77724de4407572bd02421c36df3d78a)
Reviewed-on: https://go-review.googlesource.com/c/go/+/351116

commit 552410fec2c662b8cc003c27b239d8b5bb11fcd7 [browse]
Author: Ian Lance Taylor
Date: 2021-08-20 16:55:04 -07:00

[release-branch.go1.16] runtime: in adjustTimers back up as far as necessary

When the adjustTimers function removed a timer it assumed it was
sufficient to continue the heap traversal at that position.
However, in some cases a timer will be moved to an earlier
position in the heap. If that timer is timerModifiedEarlier,
that can leave timerModifiedEarliest not correctly representing
the earlier such timer.

Fix the problem by restarting the heap traversal at the earliest
changed position.

For #47762
Fixes #47858

Change-Id: I152bbe62793ee40a680baf49967bcb89b1f94764
Reviewed-on: https://go-review.googlesource.com/c/go/+/343882
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
(cherry picked from commit 2da3375e9b4980e368a8641f54cc53c4af4d1a12)
Reviewed-on: https://go-review.googlesource.com/c/go/+/350000

commit 170a72e58bd128b421f4b3974fe2a37fd035efdf [browse]
Author: Than McIntosh
Date: 2021-09-09 10:05:55 -04:00

[release-branch.go1.16] go1.16.8

Change-Id: I1926e1506e56fd0484bec71f7b43cee62e41b5b5
Reviewed-on: https://go-review.googlesource.com/c/go/+/348812
Run-TryBot: Than McIntosh <thanm@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Trust: Than McIntosh <thanm@google.com>

clone the repository to get more history