gostls13.git log

commit 0b0d2fe66d2348fa694a925595807859bf08a391 [browse]
Author: Dmitri Shuralyov
Date: 2022-04-12 10:54:22 -04:00

[release-branch.go1.18] go1.18.1

Change-Id: If2b91acf7fb4a55cded985d6f2a2ab058c1b7bd3
Reviewed-on: https://go-review.googlesource.com/c/go/+/399818
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

commit 84264fcecaf7a3cdfb7ef9e423814e72c2885c1d [browse]
Author: Julie Qiu
Date: 2022-03-01 10:19:38 -06:00

[release-branch.go1.18] encoding/pem: fix stack overflow in Decode

Previously, Decode called decodeError, a recursive function that was
prone to stack overflows when given a large PEM file containing errors.

Credit to Juho Nurminen of Mattermost who reported the error.

Fixes CVE-2022-24675
Updates #51853
Fixes #52037

Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02)
Reviewed-on: https://go-review.googlesource.com/c/go/+/399817
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

commit 9535031e32757d2f3b83f3f1ce116017bd06fdbe [browse]
Author: Robert Findley
Date: 2022-03-30 09:56:13 -04:00

[release-branch.go1.18] go/types: don't report errors for untyped int shifts on Go < 1.13

CL 337529 introduced upfront type-checking of constant shift operands,
to avoid converting their type to uint (per the spec). However, it
had an oversight in that the checks intended for non-constant operands
still ran after the explicit checking of constant operands. As a
result, there are at least two bugs:
 - When GoVersion is < 1.13, we report spurious errors for untyped
   constant shift operands.
 - When the operand is an untyped float constant, we still convert to
   uint (this was a known bug reported in #47410).

Looking at this now, it seems clear that we can avoid both of these bugs
by simply not running the additional checks in the case of a constant
operand. However, this should be considered with some care, as shifts
are notoriously tricky.

While cherry-picking, the new test file is updated to use the go1_12
package name, following our convention for specifying language version
in the release branch.

Fixes #52032

Change-Id: Ia489cc5470b92a8187d3de0423d05b309daf47bb
Reviewed-on: https://go-review.googlesource.com/c/go/+/396775
Reviewed-by: Robert Griesemer <gri@golang.org>
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
(cherry picked from commit 8a816d5efcc842ae92f0193aa9c1d433bd66ef31)
Reviewed-on: https://go-review.googlesource.com/c/go/+/397680

commit 2097b2d51b095296d20712f0b8b0b42a6f693f2e [browse]
Author: Robert Griesemer
Date: 2022-04-01 17:02:28 -07:00

[release-branch.go1.18] go/types, types2: fix overlap test for union termlist

Per the spec, "the type sets of all non-interface terms must be
pairwise disjoint (the pairwise intersection of the type sets must
be empty)" in a union.

For the overlap test, the existing implementation casually mixed
syntactic union terms (which may have interface type) with type set
terms (which are normalized/expanded and must not have interface
type). As a consequence, in some cases the overlap test failed.

This change skips terms with interface types in the overlap test.

For this cherry-pick, also rename the files ending in issue51607.go
to issue51607.go2 because the 1.18 branch requires tests containing
generic features to end in .go2.

Fixes #52119.

Change-Id: I8ae9953db31f0a0428389c6a45a6696aa2450219
Reviewed-on: https://go-review.googlesource.com/c/go/+/397695
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Robert Griesemer <gri@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/398154

commit c9b9a010eb06e32e424dc8ffffcc37c8717ad03a [browse]
Author: Filippo Valsorda
Date: 2022-03-31 12:31:58 -04:00

[release-branch.go1.18] crypto/elliptic: tolerate zero-padded scalars in generic P-256

Updates #52075
Fixes #52077
Fixes CVE-2022-28327

Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
Reviewed-on: https://go-review.googlesource.com/c/go/+/397137
Trust: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>

clone the repository to get more history