gostls13.git log

commit 0d8a92bdfd3d6d1b24f47e05f9be46645aec94f0 [browse]
Author: Gopher Robot
Date: 2022-12-06 19:01:34 Z

[release-branch.go1.18] go1.18.9

Change-Id: Ida61e740fc342357f54e523c0044cf6d83e0baec
Reviewed-on: https://go-review.googlesource.com/c/go/+/455597
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Jenny Rakoczy <jenny@golang.org>
Run-TryBot: Gopher Robot <gobot@golang.org>
Auto-Submit: Gopher Robot <gobot@golang.org>

commit 76cad4edc29d28432a7a0aa27e87385d3d7db7a1 [browse]
Author: Damien Neil
Date: 2022-11-30 16:37:07 -05:00

[release-branch.go1.18] net/http: update bundled golang.org/x/net/http2

Disable cmd/internal/moddeps test, since this update includes PRIVATE
track fixes.

For #56350
For #57008
Fixes CVE-2022-41717

Change-Id: I31ebd2b9ae190ef6f7646187103ea1c8a713ff2e
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1663833
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/455361
Run-TryBot: Jenny Rakoczy <jenny@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

commit 7013a4f5f816af62033ad63dd06b77c30d7a62a7 [browse]
Author: Damien Neil
Date: 2022-11-10 12:16:27 -08:00

[release-branch.go1.18] os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

Do not permit access to Windows reserved device names (NUL, COM1, etc.)
via os.DirFS and http.Dir filesystems.

Avoid escapes from os.DirFS(`\`) on Windows. DirFS would join the
the root to the relative path with a path separator, making
os.DirFS(`\`).Open(`/foo/bar`) open the path `\\foo\bar`, which is
a UNC name. Not only does this not open the intended file, but permits
reference to any file on the system rather than only files on the
current drive.

Make os.DirFS("") invalid, with all file access failing. Previously,
a root of "" was interpreted as "/", which is surprising and probably
unintentional.

Fixes CVE-2022-41720.
Fixes #56694.

Change-Id: I275b5fa391e6ad7404309ea98ccc97405942e0f0
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1663832
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/455360
Reviewed-by: Michael Pratt <mpratt@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Jenny Rakoczy <jenny@golang.org>

commit e727f41930ae9a8bedfbc85eb8ca7268486571ec [browse]
Author: Dmitri Goutnik
Date: 2022-05-20 08:07:03 -05:00

[release-branch.go1.18] cmd/cgo: recognize clang 14 DWARF type names

Fixes #57028
Updates #53013

Change-Id: I169d4eb2420a6da52cc9abe17da98c3092a91be6
Reviewed-on: https://go-review.googlesource.com/c/go/+/407514
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
(cherry picked from commit 2cfbef438049fd4c3f73d1562773ad1f93900897)
Reviewed-on: https://go-review.googlesource.com/c/go/+/454415
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>

commit 3115ed23bdaa3dcc465feba4100da40c2d22f964 [browse]
Author: Cherry Mui
Date: 2022-11-09 10:55:54 -05:00

[release-branch.go1.18] runtime: make GC see object as allocated after it is initialized

When the GC is scanning some memory (possibly conservatively),
finding a pointer, while concurrently another goroutine is
allocating an object at the same address as the found pointer, the
GC may see the pointer before the object and/or the heap bits are
initialized. This may cause the GC to see bad pointers and
possibly crash.

To prevent this, we make it that the scanner can only see the
object as allocated after the object and the heap bits are
initialized. Currently the allocator uses freeindex to find the
next available slot, and that code is coupled with updating the
free index to a new slot past it. The scanner also uses the
freeindex to determine if an object is allocated. This is somewhat
racy. This CL makes the scanner use a different field, which is
only updated after the object initialization (and a memory
barrier).

Updates #54596.
Fixes #56751.

Change-Id: I2a57a226369926e7192c253dd0d21d3faf22297c
Reviewed-on: https://go-review.googlesource.com/c/go/+/449017
Reviewed-by: Austin Clements <austin@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
(cherry picked from commit febe7b8e2a4dd7cce6ab8d02cf79a5430819cbe5)
Reviewed-on: https://go-review.googlesource.com/c/go/+/453255

clone the repository to get more history