gostls13.git log

commit 2ac3bdf378ae408ad8c993084c1c6f7d05b7dff8 [browse]
Author: Michael Anthony Knyszek
Date: 2021-10-07 13:28:05 -04:00

[release-branch.go1.17] go1.17.2

Change-Id: Iffde23eabdc5c9474cd7f7b795cc187d78ca0f55
Reviewed-on: https://go-review.googlesource.com/c/go/+/354594
Trust: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>

commit 4925e0766f8a92ab82913b3564228645613290f5 [browse]
Author: Michael Knyszek
Date: 2021-09-02 16:51:59 -04:00

[release-branch.go1.17] misc/wasm, cmd/link: do not let command line args overwrite global data

On Wasm, wasm_exec.js puts command line arguments at the beginning
of the linear memory (following the "zero page"). Currently there
is no limit for this, and a very long command line can overwrite
the program's data section. Prevent this by limiting the command
line to 4096 bytes, and in the linker ensuring the data section
starts at a high enough address (8192).

(Arguably our address assignment on Wasm is a bit confusing. This
is the minimum fix I can come up with.)

Thanks to Ben Lubar for reporting this issue.

Change by Cherry Mui <cherryyz@google.com>.

For #48797
Fixes #48800
Fixes CVE-2021-38297

Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1205933
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/354592
Trust: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>

commit b18ba59aaf078eb3af589ff9b3df6d62e61f4810 [browse]
Author: Cuong Manh Le
Date: 2021-08-28 16:40:34 +07:00

[release-branch.go1.17] cmd/compile: fold handling OCONV logic to separate function

So next CL can re-use the logic to perform checkptr instrumentation.

For #48561

Change-Id: I3241e9c3c84da04db71fd1d4fd83cb76b2e18521
Reviewed-on: https://go-review.googlesource.com/c/go/+/345435
Trust: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
(cherry picked from commit 8fad81cd6294776c63a3e9a5820f196949974861)
Reviewed-on: https://go-review.googlesource.com/c/go/+/354352
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>

commit 04242ac88fc16aca0353ed37a5eacef86a2eba98 [browse]
Author: Jay Conrod
Date: 2021-09-09 09:38:55 -07:00

[release-branch.go1.17] cmd/go: write go.mod requirements more consistently for go 1.17+

If go.mod declares 1.17 or higher, when the go command rewrites go.mod
(for example, after 'go mod tidy'), it will be more consistent about
moving requirements in two blocks, one containing only direct
requirements, and one containing only indirect requirements.

The go command will not move requirements into or out of a block with
comments. It may still update versions and "// indirect" comments, and
it may delete unneeded requirements though.

Fixes #47756

Change-Id: Ia6fb3e302be53097893abf01aa7cea60ac7b069a
Reviewed-on: https://go-review.googlesource.com/c/go/+/343432
Trust: Jay Conrod <jayconrod@google.com>
Run-TryBot: Jay Conrod <jayconrod@google.com>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
(cherry picked from commit 3c764babe7b5e01a4e04b1a2c7975cdb5c5651a0)
Reviewed-on: https://go-review.googlesource.com/c/go/+/351465
TryBot-Result: Go Bot <gobot@golang.org>

commit c5c1d069da73a5e74bd2139ef1c7c14659915acd [browse]
Author: Ian Lance Taylor
Date: 2021-09-17 12:27:23 -07:00

[release-branch.go1.17] text/template: initialize template before locking it

For #39807
For #48436
Fixes #48444

Change-Id: I75f82fd8738dd2f11f0c69b1230e1be1abc36024
Reviewed-on: https://go-review.googlesource.com/c/go/+/350730
Trust: Ian Lance Taylor <iant@golang.org>
Trust: Daniel Martí <mvdan@mvdan.cc>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
(cherry picked from commit ba1c52d7d77724de4407572bd02421c36df3d78a)
Reviewed-on: https://go-review.googlesource.com/c/go/+/351115

clone the repository to get more history