gostls13.git log

commit c69d405a5cd758c8a4ee6d150a749f780f9ca972 [browse]
Author: Sergey Matveev
Date: 2022-04-13 08:55:58 +03:00

Autogenerated TLS-related strings

    go install golang.org/x/tools/cmd/stringer@latest
    cd src/crypto/tls ; go generate

commit 4482e0e964175e616d2c5af5d288294e31398f47 [browse]
Author: Sergey Matveev
Date: 2020-06-19 13:26:58 +03:00

GOST X.509 and TLS 1.3 support via GoGOST

commit 0b0d2fe66d2348fa694a925595807859bf08a391 [browse]
Author: Dmitri Shuralyov
Date: 2022-04-12 10:54:22 -04:00

[release-branch.go1.18] go1.18.1

Change-Id: If2b91acf7fb4a55cded985d6f2a2ab058c1b7bd3
Reviewed-on: https://go-review.googlesource.com/c/go/+/399818
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

commit 84264fcecaf7a3cdfb7ef9e423814e72c2885c1d [browse]
Author: Julie Qiu
Date: 2022-03-01 10:19:38 -06:00

[release-branch.go1.18] encoding/pem: fix stack overflow in Decode

Previously, Decode called decodeError, a recursive function that was
prone to stack overflows when given a large PEM file containing errors.

Credit to Juho Nurminen of Mattermost who reported the error.

Fixes CVE-2022-24675
Updates #51853
Fixes #52037

Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02)
Reviewed-on: https://go-review.googlesource.com/c/go/+/399817
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

commit 9535031e32757d2f3b83f3f1ce116017bd06fdbe [browse]
Author: Robert Findley
Date: 2022-03-30 09:56:13 -04:00

[release-branch.go1.18] go/types: don't report errors for untyped int shifts on Go < 1.13

CL 337529 introduced upfront type-checking of constant shift operands,
to avoid converting their type to uint (per the spec). However, it
had an oversight in that the checks intended for non-constant operands
still ran after the explicit checking of constant operands. As a
result, there are at least two bugs:
 - When GoVersion is < 1.13, we report spurious errors for untyped
   constant shift operands.
 - When the operand is an untyped float constant, we still convert to
   uint (this was a known bug reported in #47410).

Looking at this now, it seems clear that we can avoid both of these bugs
by simply not running the additional checks in the case of a constant
operand. However, this should be considered with some care, as shifts
are notoriously tricky.

While cherry-picking, the new test file is updated to use the go1_12
package name, following our convention for specifying language version
in the release branch.

Fixes #52032

Change-Id: Ia489cc5470b92a8187d3de0423d05b309daf47bb
Reviewed-on: https://go-review.googlesource.com/c/go/+/396775
Reviewed-by: Robert Griesemer <gri@golang.org>
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
(cherry picked from commit 8a816d5efcc842ae92f0193aa9c1d433bd66ef31)
Reviewed-on: https://go-review.googlesource.com/c/go/+/397680

clone the repository to get more history